Skip to content

feat: Add dynamic authentication token forwarding support for vLLM #3388

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

feat: Add dynamic authentication token forwarding support for vLLM #3388

wants to merge 1 commit into from

Conversation

akram
Copy link
Contributor

@akram akram commented Sep 9, 2025
edited
Loading

What does this PR do?

Add dynamic authentication token forwarding support for vLLM provider

This enables per-request authentication tokens for vLLM providers, supporting use cases like RAG operations where different requests may need different authentication tokens. The implementation follows the same pattern as other providers like Together AI, Fireworks, and Passthrough.

  • Add LiteLLMOpenAIMixin that manages the vllm_api_token properly

Usage:

  • Static: VLLM_API_TOKEN env var or config.api_token
  • Dynamic: X-LlamaStack-Provider-Data header with vllm_api_token
    All existing functionality is preserved while adding new dynamic capabilities.

Test Plan

curl -X POST "http://localhost:8000/v1/chat/completions" -H "Authorization: Bearer my-dynamic-token" \
  -H "X-LlamaStack-Provider-Data: {\"vllm_api_token\": \"Bearer my-dynamic-token\", \"vllm_url\": \"http://dynamic-server:8000\"}" \
  -H "Content-Type: application/json" \
  -d '{"model": "llama-3.1-8b", "messages": [{"role": "user", "content": "Hello!"}]}'

@meta-cla meta-cla bot added the CLA Signed This label is managed by the Meta Open Source bot. label Sep 9, 2025
@akram akram marked this pull request as ready for review September 9, 2025 16:10
@akram
Copy link
Contributor Author

akram commented Sep 9, 2025

/assign @grs
/assign @leseb

ashwinb
ashwinb reviewed Sep 9, 2025
View reviewed changes
ashwinb
ashwinb approved these changes Sep 9, 2025
View reviewed changes
Copy link
Contributor

@ashwinb ashwinb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm modulo a minor comment

@akram akram force-pushed the vllm-support-for-dynamic-token branch 5 times, most recently from 540bc4d to e08b54c Compare September 10, 2025 13:32
@akram
Copy link
Contributor Author

akram commented Sep 10, 2025

After more extensive tests, the initial implementation was insufficient to make the Response API and the Agent API where not properly using the provider data.

So, I had to add this second commit to implement it correctly. It was requiring the inference_api to be wrapped in a wrapper so headers can be extracted properly.

/assign @grs

/assign @ashwinb

@ashwinb can PTAL a second time?

@akram akram force-pushed the vllm-support-for-dynamic-token branch 4 times, most recently from ad79c22 to 87edba0 Compare September 10, 2025 18:56
@ashwinb
Copy link
Contributor

ashwinb commented Sep 10, 2025

This looks a fair bit complex. I believe there's an easier way or maybe the request state is not being propagated correctly. Will look into this in detail soon. Hold on...

@akram
Copy link
Contributor Author

akram commented Sep 11, 2025

/hold

@akram akram force-pushed the vllm-support-for-dynamic-token branch 2 times, most recently from 2d87dc2 to 820724d Compare September 11, 2025 08:59
@akram akram force-pushed the vllm-support-for-dynamic-token branch 2 times, most recently from c192d5b to e3ddcb5 Compare September 11, 2025 09:05
@akram
Copy link
Contributor Author

akram commented Sep 11, 2025
edited
Loading

@ashwinb you are right . I think I got confused with my own bug. It seems that by just adding the correct providers to agents and responses it forwards PROVIDER_DATA_VAR correctly.

can you PTAL ?

/hold cancel

@akram akram requested a review from ashwinb September 11, 2025 09:13
@akram akram force-pushed the vllm-support-for-dynamic-token branch 6 times, most recently from 05b15a4 to df220d5 Compare September 11, 2025 14:44
mattf
mattf requested changes Sep 11, 2025
View reviewed changes
@akram akram force-pushed the vllm-support-for-dynamic-token branch 2 times, most recently from c0060a2 to 23404dc Compare September 11, 2025 17:09
@akram
Copy link
Contributor Author

akram commented Sep 11, 2025

@mattf can you PTAL?

@akram
feat: Add dynamic authentication token forwarding support for vLLM pr…
5a74aa8 
…ovider

This enables per-request authentication tokens for vLLM providers, supporting use cases like RAG operations where different requests may need different authentication tokens. The implementation follows the same pattern as other providers like Together AI, Fireworks, and Passthrough.

- Add LiteLLMOpenAIMixin that manages the vllm_api_token properly

Usage:

- Static: VLLM_API_TOKEN env var or config.api_token
- Dynamic: X-LlamaStack-Provider-Data header with vllm_api_token
- All existing functionality is preserved while adding new dynamic capabilities.

Signed-off-by: Akram Ben Aissi <[email protected]>
@akram akram force-pushed the vllm-support-for-dynamic-token branch from 23404dc to 5a74aa8 Compare September 11, 2025 19:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mattf mattf mattf requested changes

@yanxi0830 yanxi0830 Awaiting requested review from yanxi0830 yanxi0830 is a code owner

@hardikjshah hardikjshah Awaiting requested review from hardikjshah hardikjshah is a code owner

@raghotham raghotham Awaiting requested review from raghotham raghotham is a code owner

@ehhuang ehhuang Awaiting requested review from ehhuang ehhuang is a code owner

@terrytangyuan terrytangyuan Awaiting requested review from terrytangyuan terrytangyuan is a code owner

@leseb leseb Awaiting requested review from leseb leseb is a code owner

@bbrowning bbrowning Awaiting requested review from bbrowning bbrowning is a code owner

@reluctantfuturist reluctantfuturist Awaiting requested review from reluctantfuturist reluctantfuturist is a code owner

@slekkala1 slekkala1 Awaiting requested review from slekkala1 slekkala1 is a code owner

@ashwinb ashwinb Awaiting requested review from ashwinb ashwinb is a code owner

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
CLA Signed This label is managed by the Meta Open Source bot.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@akram @ashwinb @mattf