Add authorization for the WebApp

[vaayne]

Self Checks

• I have searched for existing issues search for existing issues, including closed ones.
• I confirm that I am using English to submit this report (我已阅读并同意 Language Policy).
• Pleas do not modify this template :) and fill in all the required fields.

1. Is this request related to a challenge you're experiencing?

I have created a web application, but I want to restrict access to it and keep it private. Currently, the only available option is to allow anyone with the link to use the app.

I am aware of a similar issue reported here: #3074. However, that solution involves single sign-on (SSO) for enterprise users, which is not suitable for my purpose.

2. Describe the feature you'd like to see

Add authorization for the WebApp like using the API with ApiKey.

3. How will this feature improve your workflow or experience?

Keep my data safe.

4. Additional context or comments

I am interested in contributing to this feature.

5. Can you help us with this feature?

• I am interested in contributing to this feature.

[LeoQuote]

Try wrap it with a react app, meanwhile disable the public web access

[vaayne]

I can disable the WebApp and exclusively utilize the API so that I can integrate it into a React app or similar platform.
However, if it is feasible to continue using the existing WebApp, that would be preferable.
I am eager to support this transition and am willing to contribute to the process. I hope you will consider this as a viable option.

[cemremengu]

@vaayne how do you think authorization for apps should work? I am looking for some implementation ideas. Will an option for specifying a secret password for the web app be enough?

[TechWithTy]

Watching as well

[jackn-realityi]

We would like this feature as well. I see a user type in DIFY called 'Normal User' that only grants access to apps. Can the normal user be set up to log in to use the web app? Or could there be a dashboard view with all the published web apps that they could click on to use after logging in as a normal user without needing to publish the web app publicly?

[ytjhai]

I'm also exploring this. So far the best method I've found is to host your own version of the conversation web app and modify the API key to integrate different backends created through Dify. It moves the integration to the frontend only but relies on you to host and support the UI.