Skip to content

feat: Workflow-Level Credential Override for Model Providers #28850

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
fatelei wants to merge 1 commit into
base: main
Choose a base branch
from
Draft

feat: Workflow-Level Credential Override for Model Providers #28850

fatelei wants to merge 1 commit into from

Conversation

@fatelei
Copy link
Contributor

@fatelei fatelei commented Nov 28, 2025
edited
Loading

Important

  1. Make sure you have read our contribution guidelines
  2. Ensure there is an associated issue and you have been assigned to it
  3. Use the correct syntax to link this PR: Fixes #<issue number>.

Summary

fix issue #28815 enable llm node can have a api key config instead of using global api key config

Screenshots

before

image

after

image

test result

using default api key

image

using select api key

image

knowledge node

image

parameter extractor node

image image

Checklist

  • This change requires a documentation update, included: Dify Document
  • I understand that this PR may be closed in case there was no previous discussion or issues. (This doesn't apply to typos!)
  • I've added a test for each change that was introduced, and I tried as much as possible to make a single atomic change.
  • I've updated the documentation accordingly.
  • I ran dev/reformat(backend) and cd web && npx lint-staged(frontend) to appease the lint gods

@gemini-code-assist
Copy link
Contributor

gemini-code-assist bot commented Nov 28, 2025

Warning

You have reached your daily quota limit. Please wait up to 24 hours and I will start processing your requests again!

@dosubot dosubot bot added size:L This PR changes 100-499 lines, ignoring generated files. 🌊 feat:workflow Workflow related stuff. labels Nov 28, 2025
@fatelei fatelei force-pushed the credential_per_llm_node branch from 40078b0 to c00acf5 Compare November 28, 2025 05:59
@jortegac
Copy link

jortegac commented Nov 28, 2025

Thanks for working on this feature! I opened the original issue #28815 and have been exploring implementations as well.

Feedback on the Implementation

What I Like

  • Unit tests: Great test coverage for the credential override logic
  • Flexible data structure: Supporting both credential_id and credential_name is useful
  • Graceful fallback: The error handling that falls back to default credentials is robust
  • Inline token support: Treating unknown IDs as raw tokens is clever for quick testing

UI Improvement Suggestion

The current text input approach requires users to manually type or paste credential IDs:

<input
  type='text'
  placeholder={t(`${i18nPrefix}.credentialIdPlaceholder`)}
  value={inputs.model?.credential_override?.credential_id || ''}
  ...
/>

This has some UX challenges:

  1. Users must know what credentials are available
  2. No validation until runtime (typos won't be caught)
  3. Credential IDs are UUIDs which are hard to remember/type

Suggested improvement: A dropdown selector that fetches available credentials from the provider:

// Fetch available credentials from the model provider
const { data: modelProviders } = useModelProviders()
const availableCredentials = modelProviders
  ?.find(p => p.provider === model?.provider)
  ?.custom_configuration?.available_credentials || []

// Render as dropdown
<select value={credentialId} onChange={handleChange}>
  <option value="">Default (workspace credential)</option>
  {availableCredentials.map(cred => (
    <option key={cred.credential_id} value={cred.credential_id}>
      {cred.credential_name}
    </option>
  ))}
</select>

This approach:

  • Shows users what credentials are actually available
  • Validates selection before runtime
  • Better matches Dify's existing UI patterns (model selector, etc.)
  • Could still support manual input as a fallback for power users

Minor Suggestions

  1. i18n: The hardcoded strings like t('CredentialOverride') and t('override the credential') might need proper translation keys in the workflow translation files

  2. Styling: The input uses inline Tailwind classes that don't match Dify's component library patterns. Consider using existing components like the Selector from nodes/_base/components/selector.tsx

Overall, great work on the backend logic and tests! The dropdown UI would make this feature much more user-friendly.

@fatelei fatelei force-pushed the credential_per_llm_node branch from 8d4367e to 22c1307 Compare December 1, 2025 02:36
@fatelei fatelei requested a review from Nov1c444 as a code owner December 1, 2025 02:36
@fatelei
Copy link
Contributor Author

fatelei commented Dec 1, 2025

Thanks for working on this feature! I opened the original issue #28815 and have been exploring implementations as well.

Feedback on the Implementation

What I Like

  • Unit tests: Great test coverage for the credential override logic
  • Flexible data structure: Supporting both credential_id and credential_name is useful
  • Graceful fallback: The error handling that falls back to default credentials is robust
  • Inline token support: Treating unknown IDs as raw tokens is clever for quick testing

UI Improvement Suggestion

The current text input approach requires users to manually type or paste credential IDs:

<input
  type='text'
  placeholder={t(`${i18nPrefix}.credentialIdPlaceholder`)}
  value={inputs.model?.credential_override?.credential_id || ''}
  ...
/>

This has some UX challenges:

  1. Users must know what credentials are available
  2. No validation until runtime (typos won't be caught)
  3. Credential IDs are UUIDs which are hard to remember/type

Suggested improvement: A dropdown selector that fetches available credentials from the provider:

// Fetch available credentials from the model provider
const { data: modelProviders } = useModelProviders()
const availableCredentials = modelProviders
  ?.find(p => p.provider === model?.provider)
  ?.custom_configuration?.available_credentials || []

// Render as dropdown
<select value={credentialId} onChange={handleChange}>
  <option value="">Default (workspace credential)</option>
  {availableCredentials.map(cred => (
    <option key={cred.credential_id} value={cred.credential_id}>
      {cred.credential_name}
    </option>
  ))}
</select>

This approach:

  • Shows users what credentials are actually available
  • Validates selection before runtime
  • Better matches Dify's existing UI patterns (model selector, etc.)
  • Could still support manual input as a fallback for power users

Minor Suggestions

  1. i18n: The hardcoded strings like t('CredentialOverride') and t('override the credential') might need proper translation keys in the workflow translation files
  2. Styling: The input uses inline Tailwind classes that don't match Dify's component library patterns. Consider using existing components like the Selector from nodes/_base/components/selector.tsx

Overall, great work on the backend logic and tests! The dropdown UI would make this feature much more user-friendly.

done, change to select option

@fatelei fatelei force-pushed the credential_per_llm_node branch from 22c1307 to f37c6dd Compare December 1, 2025 03:19
QuantumGhost
QuantumGhost reviewed Dec 1, 2025
View reviewed changes
Copy link
Collaborator

@QuantumGhost QuantumGhost left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This also affects credential management in EE version. cc @GarfieldDai What's your idea about this feature?

@QuantumGhost QuantumGhost marked this pull request as draft December 8, 2025 09:17
@dosubot dosubot bot mentioned this pull request Dec 9, 2025
Open
5 tasks
@fatelei fatelei force-pushed the credential_per_llm_node branch 4 times, most recently from 529a4f4 to caa905e Compare December 9, 2025 09:43
@fatelei fatelei force-pushed the credential_per_llm_node branch from caa905e to c526aa9 Compare December 9, 2025 09:43
@sweetwxh
Copy link

sweetwxh commented Dec 10, 2025

Can you add an option to either select a pre-configured key or use a text box to enter a custom key? This key could be passed as a parameter, so that the new WebHook trigger can also accept a key, making it easier for callers to use their own models.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@QuantumGhost QuantumGhost QuantumGhost left review comments

@iamjoel iamjoel Awaiting requested review from iamjoel iamjoel is a code owner

@zxhlyh zxhlyh Awaiting requested review from zxhlyh zxhlyh is a code owner

@Nov1c444 Nov1c444 Awaiting requested review from Nov1c444 Nov1c444 is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

🌊 feat:workflow Workflow related stuff. size:L This PR changes 100-499 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@fatelei @jortegac @sweetwxh @QuantumGhost