Permit is an access control platform that provides fine-grained, real-time permission management using various models such as RBAC, ABAC, and ReBAC. It enables organizations to enforce dynamic policies across their applications, ensuring that only authorized users can access specific resources.
OverviewThis package provides two Langchain tools for JWT validation and permission checking using Permit:
LangchainJWTValidationTool: Validates JWT tokens against a JWKS endpoint
LangchainPermissionsCheckTool: Checks user permissions using Permit
Set up the following environment variables:
PERMIT_API_KEY=your_permit_api_key
JWKS_URL=your_jwks_endpoint_url
PERMIT_PDP_URL=your_permit_pdp_url # Usually http://localhost:7766 for local development or your real deployment
Make sure your PDP (Policy Decision Point) is running at PERMIT_PDP_URL. See Permit docs for details on policy setup and how to launch the PDP container.
CredentialsPERMIT_API_KEY=
JWKS_URL=your_jwks_endpoint_url # or your deployed url
PERMIT_PDP_URL=your_pdp_url # or your deployed url
TEST_JWT_TOKEN= # for quick test purposes
It's also helpful (but not needed) to set up LangSmith for best-in-class observability:
Instantiation JWT Validation ToolThe JWT Validation tool verifies JWT tokens against a JWKS (JSON Web Key Set) endpoint.
from langchain_permit.tools import LangchainJWTValidationTool
jwt_validator = LangchainJWTValidationTool(
jwks_url=
)
You can initialize the tool with either:
jwt_validator = LangchainJWTValidationTool(
jwks_json={
"keys": [
{
"kid": "key-id",
"kty": "RSA",
...
}
]
}
)
The Permissions Check tool integrates with Permit.io to verify user permissions against resources.
from permit import Permit
from langchain_permit.tools import LangchainPermissionsCheckTool
permit_client = Permit(
token="your_permit_api_key",
pdp=
)
permissions_checker = LangchainPermissionsCheckTool(
permit=permit_client
)
This documentation demonstrates the key features and usage patterns of both tools.
Invocation Invoke directly with args JWT Validation Tool
async def validate_token():
claims = await jwt_validator._arun(
"..."
)
print("Validated Claims:", claims)
async def check_user_permission():
result = await permissions_checker._arun(
user={
"key": "user-123",
"firstName": "John"
},
action="read",
resource={
"type": "Document",
"tenant": "default"
}
)
print("Permission granted:", result)
The permissions checker accepts different input formats:
result = await permissions_checker._arun(
user="user-123",
action="read",
resource="Document"
)
result = await permissions_checker._arun(
user={
"key": "user-123",
"firstName": "John",
"lastName": "Doe",
"email": "john@example.com",
"attributes": {"department": "IT"}
},
action="read",
resource={
"type": "Document",
"key": "doc-123",
"tenant": "techcorp",
"attributes": {"confidentiality": "high"}
}
)
(TODO)
ChainingWe can use our tool in a chain by first binding it to a tool-calling model and then calling it:
pip install -qU "langchain[google-genai]"
import getpass
import os
if not os.environ.get("GOOGLE_API_KEY"):
os.environ["GOOGLE_API_KEY"] = getpass.getpass("Enter API key for Google Gemini: ")
from langchain.chat_models import init_chat_model
llm = init_chat_model("gemini-2.5-flash", model_provider="google_genai")
For fully runnable demos, check out the /langchain_permit/examples/demo_scripts folder in this repository. You’ll find:
demo_jwt_validation.py – A quick script showing how to validate JWTs using LangchainJWTValidationTool.
demo_permissions_check.py – A script that performs Permit.io permission checks using LangchainPermissionsCheckTool.
Just run python demo_jwt_validation.py or python demo_permissions_check.py (after setting your environment variables) to see these tools in action.
For detailed documentation of all Permit features and configurations head to the API reference: https://docs.permit.io/
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4