livebook/docs/authentication.md

# Authentication

Livebook has three levels of authentication:

  * Instance authentication: this authenticates the user on all routes of your Livebook instance, including deployed notebooks and the admin section. This is done via Zero Trust Authentication and typically used when deploying Livebook to production. See the "Deployment" section on the sidebar for more information.

  * Admin authentication: this authenticates access to Livebook admin interface, where users can create, write, and manage notebooks. Both password and token authentication are provided.

  * Deployed notebook authentication: additionally, when deploying notebooks as applications, each application may be password protected with a unique password. Only users authenticated as admin or with the password will be able to access them.

## Admin authentication

Livebook's default admin authentication method is token authentication. A token is automatically generated at startup and printed to the logs.

You may optionally enable password-based authentication by setting the environment variable `LIVEBOOK_PASSWORD` on startup or deployment. It must be at least 12 characters.

To disable authentication altogether, you may set the environment variable `LIVEBOOK_TOKEN_ENABLED` to `false`.
Touch ups 2023-09-21 17:21:50 +08:00			`# Authentication`

ZTA revamp * Rename SessionIdentity to PassThrough and make it part of ZTA * Compute the ID at the Plug level, rather than ZTA level and avoid storing it twice * Stop the user "avatar" from flashing on initial render * Do not duplicate identity data inside user data, rather keep them distinct 2024-04-13 16:29:22 +08:00			`Livebook has three levels of authentication:`
Touch ups 2023-09-21 17:21:50 +08:00
ZTA revamp * Rename SessionIdentity to PassThrough and make it part of ZTA * Compute the ID at the Plug level, rather than ZTA level and avoid storing it twice * Stop the user "avatar" from flashing on initial render * Do not duplicate identity data inside user data, rather keep them distinct 2024-04-13 16:29:22 +08:00			`* Instance authentication: this authenticates the user on all routes of your Livebook instance, including deployed notebooks and the admin section. This is done via Zero Trust Authentication and typically used when deploying Livebook to production. See the "Deployment" section on the sidebar for more information.`
Touch ups 2023-09-21 17:21:50 +08:00
ZTA revamp * Rename SessionIdentity to PassThrough and make it part of ZTA * Compute the ID at the Plug level, rather than ZTA level and avoid storing it twice * Stop the user "avatar" from flashing on initial render * Do not duplicate identity data inside user data, rather keep them distinct 2024-04-13 16:29:22 +08:00			`* Admin authentication: this authenticates access to Livebook admin interface, where users can create, write, and manage notebooks. Both password and token authentication are provided.`
Touch ups 2023-09-21 17:21:50 +08:00
ZTA revamp * Rename SessionIdentity to PassThrough and make it part of ZTA * Compute the ID at the Plug level, rather than ZTA level and avoid storing it twice * Stop the user "avatar" from flashing on initial render * Do not duplicate identity data inside user data, rather keep them distinct 2024-04-13 16:29:22 +08:00			`* Deployed notebook authentication: additionally, when deploying notebooks as applications, each application may be password protected with a unique password. Only users authenticated as admin or with the password will be able to access them.`
Touch ups 2023-09-21 17:21:50 +08:00
ZTA revamp * Rename SessionIdentity to PassThrough and make it part of ZTA * Compute the ID at the Plug level, rather than ZTA level and avoid storing it twice * Stop the user "avatar" from flashing on initial render * Do not duplicate identity data inside user data, rather keep them distinct 2024-04-13 16:29:22 +08:00			`## Admin authentication`
Touch ups 2023-09-21 17:21:50 +08:00
ZTA revamp * Rename SessionIdentity to PassThrough and make it part of ZTA * Compute the ID at the Plug level, rather than ZTA level and avoid storing it twice * Stop the user "avatar" from flashing on initial render * Do not duplicate identity data inside user data, rather keep them distinct 2024-04-13 16:29:22 +08:00			`Livebook's default admin authentication method is token authentication. A token is automatically generated at startup and printed to the logs.`
Touch ups 2023-09-21 17:21:50 +08:00
ZTA revamp * Rename SessionIdentity to PassThrough and make it part of ZTA * Compute the ID at the Plug level, rather than ZTA level and avoid storing it twice * Stop the user "avatar" from flashing on initial render * Do not duplicate identity data inside user data, rather keep them distinct 2024-04-13 16:29:22 +08:00			You may optionally enable password-based authentication by setting the environment variable `LIVEBOOK_PASSWORD` on startup or deployment. It must be at least 12 characters.
Touch ups 2023-09-21 17:21:50 +08:00
ZTA revamp * Rename SessionIdentity to PassThrough and make it part of ZTA * Compute the ID at the Plug level, rather than ZTA level and avoid storing it twice * Stop the user "avatar" from flashing on initial render * Do not duplicate identity data inside user data, rather keep them distinct 2024-04-13 16:29:22 +08:00			To disable authentication altogether, you may set the environment variable `LIVEBOOK_TOKEN_ENABLED` to `false`.