Multi-User Support for Xema
- Olena Khetan
- Apr 18, 2024
- 2 min read
Updated: Aug 11, 2024
I mentioned previously that I was able to make the Xema app work successfully with Google’s Gemini LLM model. My goal for the app is to make it available to as many users as possible who need help understanding and managing their eczema on an ongoing basis. So, I needed to evolve the app to work for any person downloading the app. As I started to think about that, I had to tackle the following question:
How should I identify a user?
To answer this, here is some background on how I got the Xema app to work with Google's Gemini LLM model. This required me to do a few things:
Set up an OAuth client and an OAuth consent screen for my project in Google cloud
Authenticate with Google with certain scopes in my Flutter app.
Certain scopes such as https://www.googleapis.com/auth/cloud-platform, https://www.googleapis.com/auth/generative-language.retriever, etc. are needed to access Vertex APIs and therefore require user consent to allow the Xema app to access these cloud resources on their behalf
Once authenticated using my personal Google account, Google provides an access token that can be used to access the LLM model
Google accounts provide an easy and convenient way to uniquely identify a user. I decided to add Google sign-in into my app in order to identify, authenticate, and enable the app for multiple users.
Side note: Google provides more than one way to access the Gemini LLM model, i.e. through Google Cloud Vertex APIs, as well as using Google APIs. While accessing the LLM model via the Vertex APIs requires the user’s access token, Google API uses an API key which is user-independent.
During the user’s Google sign-in, to retrieve an access token with sufficient permissions to access the LLM model via the Vertex APIs, the user had to consent to a few different scopes, making the user authentication experience less than ideal. So, to simplify the user’s sign-in experience, I decided to switch from using the Vertex APIs to Google APIs. Google APIs use user-independent API keys to access the LLM model and do not require users to consent to a long list of scopes while signing in.
Comments