Skip to main content
Software Engineering

Return to Question

deleted 142 characters in body
Source Link
ixx
ixx
  • 391
  • 1
  • 4
  • 11

The specs:

  • Mobile apps
  • LLM wrapper (of e.g. OpenAI API)
  • The chat history will be stored on the client
  • Backend is needed to manage the api key and to track token consumption / payment (how many tokens does the user/device have left?)

Because we need to track the token consumption, we need some sort of identifier:

  • Device UUID (generated in the client): easy, but seems unsafe
  • User account (e.g. authentication with JWT token)
  • Others (?)

I have been working on the JWT authentication and I'm mostly done, so "more work" would not be a contra anymore. I just took a step back and wondered if it's not overkill for this situation. Making the user go through a full authentication flow to store the messages on the device, seems weird, at least for the user experience. But ifIf it increases the security of the tokens/payments tracking, it seems worth it. Any suggestions?

The specs:

  • Mobile apps
  • LLM wrapper (of e.g. OpenAI API)
  • The chat history will be stored on the client
  • Backend is needed to manage the api key and to track token consumption / payment (how many tokens does the user/device have left?)

Because we need to track the token consumption, we need some sort of identifier:

  • Device UUID (generated in the client): easy, but seems unsafe
  • User account (e.g. authentication with JWT token)
  • Others (?)

I have been working on the JWT authentication and I'm mostly done, so "more work" would not be a contra anymore. I just took a step back and wondered if it's not overkill for this situation. Making the user go through a full authentication flow to store the messages on the device, seems weird, at least for the user experience. But if it increases the security of the tokens/payments tracking, it seems worth it. Any suggestions?

The specs:

  • Mobile apps
  • LLM wrapper (of e.g. OpenAI API)
  • The chat history will be stored on the client
  • Backend is needed to manage the api key and to track token consumption / payment (how many tokens does the user/device have left?)

Because we need to track the token consumption, we need some sort of identifier:

  • Device UUID (generated in the client): easy, but seems unsafe
  • User account (e.g. authentication with JWT token)
  • Others (?)

I have been working on the JWT authentication and I'm mostly done, so "more work" would not be a contra anymore. I just took a step back and wondered if it's not overkill for this situation. If it increases the security of the tokens/payments tracking, it seems worth it. Any suggestions?

Source Link
ixx
ixx
  • 391
  • 1
  • 4
  • 11

What type of authentication/identification is needed?

The specs:

  • Mobile apps
  • LLM wrapper (of e.g. OpenAI API)
  • The chat history will be stored on the client
  • Backend is needed to manage the api key and to track token consumption / payment (how many tokens does the user/device have left?)

Because we need to track the token consumption, we need some sort of identifier:

  • Device UUID (generated in the client): easy, but seems unsafe
  • User account (e.g. authentication with JWT token)
  • Others (?)

I have been working on the JWT authentication and I'm mostly done, so "more work" would not be a contra anymore. I just took a step back and wondered if it's not overkill for this situation. Making the user go through a full authentication flow to store the messages on the device, seems weird, at least for the user experience. But if it increases the security of the tokens/payments tracking, it seems worth it. Any suggestions?