Skip to main content

ML Agent Authentication: BFF to ML-Agent to Trino

This page covers how a user's identity flows when the BFF API proxies requests to the ML-Agent service, which in turn queries Trino for catalog and schema metadata and executes ML workflows.

For the data query flow via Superset, see SQL Auth — Superset, Trino & Ranger.


Routes Covered

All routes are defined in src/routes/mlAgentRoute.js and protected by the validateJWT middleware.

MethodRoutePurpose
GET/chatbot/trino/catalogsList available Trino catalogs
GET/chatbot/trino/schemas/:catalogList schemas in a catalog
GET/chatbot/trino/tables/:catalog/:schemaList tables in a schema
POST/chatbot/run-workflow-trinoRun an ML workflow against a Trino table

End-to-End Flow


Step 1: JWT Validation — BFF

The validateJWT middleware validates the user's JWT before the request proceeds. This ensures only authenticated users reach ML-Agent.


Step 2: Raw Token Forwarding — BFF to ML-Agent

Unlike other BFF flows, no token exchange is performed at the BFF layer before forwarding to ML-Agent. The user's original Authorization header is passed directly:

// mlAgentRoute.js
req.headers.authorization // forwarded as-is to ML-Agent

For the /chatbot/run-workflow-trino route, the user's email is also extracted from the validated JWT and sent alongside the request.

SECURITY GAP

The documented platform pattern states that the user's original session token should never be forwarded to downstream services — it should always be exchanged for a service-scoped token first. This flow deviates from that pattern. See Security Gaps.


Step 3: ML-Agent to Trino

How ML-Agent authenticates to Trino is not visible from BFF code alone.

TODO: Determine how ML-Agent authenticates to Trino:

  • Does ML-Agent perform its own token exchange (audience: {workspaceId}-trino-gw) before querying Trino?
  • Does it forward the user JWT received from BFF directly to Trino?
  • Does it use a service account?

This determines whether Ranger sees the real user identity or a shared service account identity on these queries.

TODO: Confirm whether Ranger policies are evaluated at all for catalog/schema listing queries (/chatbot/trino/catalogs, /chatbot/trino/schemas, /chatbot/trino/tables). If ML-Agent uses a service account, Ranger cannot enforce per-user access on these metadata endpoints.


Configuration

Config keyEnv varPurpose
mlAgent.urlML_AGENT_URLML-Agent service endpoint

Go Deeper