Arize-ai/phoenix arize-phoenix-v5.0.0

arize-phoenix: v5.0.0

on GitHub

5.0.0 (2024-09-26)

Phoenix 5.0 ships with authentication. Once enabled, Phoenix's UI and APIs (REST, GraphQL, and gRPC) are accessible only to users who present valid access and refresh tokens issued at sign in (session-based authentication) or API keys created within the app (key-based authentication).

Phoenix 5.0 also introduces basic RBAC (role-based access control). With RBAC you get admins (who can create, edit, and delete users) and members (who can edit only their own profile).

Phoenix 5.0 adds API keys so that you can securely ingest and query for data.

Phoenix 5.0 also adds OAuth2 (Google, AWS Cognito, Auth0) support as well as SMTP for password resets.

⚠ BREAKING CHANGES

• deprecate python 3.8 (#4766)
• Remove legacy instrumentation modules (#4604)

Features

• Add CreateUserApiKey mutation (#4476) (ecd7a39)
• api keys on viewer node (#4486) (366a1ec)
• api-key for client headers (#4460) (7fcacff)
• auth for swagger UI (#4459) (b54d6f7)
• Auth prometheus metrics (#4725) (c4da0c7)
• auth: add admin user management ui (#4631) (b4423ca)
• auth: Add API key guidance (#4566) (31ac385)
• auth: add cancel for reset password page (#4735) (fe5e043)
• auth: add delete user api keys mutation (#4489) (1a4332b)
• auth: add delete user api keys to ui (#4503) (397ec51)
• auth: add delete user ui (#4609) (1536275)
• auth: add deleteUsers mutation (#4537) (745cba7)
• auth: add environment variables for token expiries (#4585) (2c67d63)
• auth: add returnUrl for users that try to access a page while logged out (#4610) (a3552ba)
• auth: add support for oauth2 with openid connect discovery (#4618) (8d96e77)
• auth: add user api keys to profile page (#4534) (26a3d73)
• auth: add user friendly messages to the login page (#4705) (332c509)
• auth: auth rbac components (#4482) (1193427)
• auth: auth refresh tokens (#4499) (d330930)
• auth: cleaned up reset password UI (#4671) (8b6898e)
• auth: edit profile UI (#4559) (61c5f54)
• auth: force password repeat on new user adition (#4591) (5f65763)
• auth: playwright tests (#4570) (bedb66c)
• auth: profile picture (#4724) (a26a9e9)
• auth: refresh route and auth router refactor (#4458) (a7c53fe)
• auth: Reset password (#4545) (befca2f)
• auth: secure /exports when auth is enabled (#4589) (b7af851)
• auth: secure graphql api when auth is enabled (#4508) (39b1e07)
• auth: UI guidance on how to set api keys for tracing and experi… (#4578) (6b14b11)
• auth: user of a given key (#4442) (f8bbf25)
• auth: User profile and viewer context (#4480) (8012d6a)
• environment variable for Secure attribute on cookies (#4520) (655a459)
• fetch db on token cache miss (#4723) (7a41f5a)
• gql: indicate whether user password needs reset (#4514) (a76638b)
• graphql resolvers to patch users (#4504) (13f6b16)
• Implement serverside rate limiter (#4431) (18b587f)
• per-user password salt (#4449) (7f739db)
• playground: add skeleton playground page (#4648) (d23a7c3)
• Remove legacy instrumentation modules (#4604) (e27df56)
• role based access control for gql queries (#4554) (f25e751)
• smtp for password reset (#4630) (44dac66)
• token-based authentication (#4370) (41a8654)
• Wire up API keys via env var for Phoenix clients and experiments (#4617) (246770d)

Bug Fixes

• allow logging out with only the refresh token (#4706) (b31d9f9)
• allow secret when auth is disabled (#4466) (ad1763d)
• auth: add back user api keys table (#4494) (162ada8)
• auth: don't show error on successful logout (#4535) (3dab931)
• auth: fix graphiql_ide param type (#4496) (8462567)
• auth: handle forgot password form submission (#4755) (3ab5959)
• auth: infer origin url (#4737) (bb2df0f)
• auth: make username a required field (#4734) (77cc1fe)
• auth: prevent first admin password salt from being reset on every start (#4477) (bccdbf1)
• auth: set oauth2 state and nonce cookies with lax samesite policy (#4693) (795e769)
• auth: soft-delete users (#4562) (f8f40b6)
• auth: strengthen auth method constraint (#4744) (d399cb4)
• Catch decode error (#4752) (b9d0caf)
• clean up after token auth (#4447) (bcf273d)
• Correct auth login rate limit routes (#4698) (e79a54c)
• db lookup on token cache miss (#4726) (3e0cbc6)
• deprecate python 3.8 (#4766) (2213a79)
• don't redirect if there is no viewer in case auth is disabled (#4547) (b80f532)
• Fix DB unittest reliability (#4548) (29460c5)
• forbid role change on default admin (#4647) (775b4f8)
• improve error message for phoenix secret (#4461) (f7e9731)
• inadvertent cookie deletion when changing user password via PatchUser (#4637) (7077cc2)
• only redirect if auth is enabled (#4768) (ff14180)
• overflow of UI issues (#4759) (4e68274)
• padding on users table (#4753) (c2361a3)
• playwright scaffolding and user action menu rendering (#4697) (8892180)
• playwright: make rate-limiting test run last (#4738) (eabf268)
• playwright: revert back to localhost for playwright (#4758) (7c2a864)
• remove exp from jwt (#4729) (0e6e1e8)
• remove python 3.8 version dep (#4751) (4f5120b)
• sqlite should explicitly autoincrement integer primary keys (#4468) (e7e86f0)
• use referer from headers for base url in password reset url (#4746) (77675c9)
• user deletion should delete all tokens (#4655) (cf3c6be)
• user should be able to initiate password reset again before existing token is used or expires (#4674) (3f33d1a)
• username should be optional for user creation (#4595) (eae81e8)
• users should not be asked to reset password again right after they reset their password (#4672) (f63b4f6)

Documentation

• add agent framework example (#4703) (b870a59)
• auth: instrumentation migration (#4732) (62dd2e7)
• auth: migration guide for auth (#4721) (ba2ab86)
• deprecate phoenix.trace.openai (#4757) (3bd8d37)
• Playwright in READE (#4719) (adb3019)