CFIA AI LabProject file 01 of 13
back to library
01

Public AI infrastructure

Internship · final auth wiring in review · 2026

CFIA AI Lab: Shared Authentication and ML Infrastructure

One platform depended on provider-specific authentication.

Role
Software Intern

Public product context

Public Nachet Mini interface shown as product context
Public product contextPublic ai-cfia/nachet documentation screenshot; contextual use only

Protected requests cross one reviewable boundary

  1. React call sitesProtected requests
  2. Provider-neutral clientToken handling
  3. Selected providerEntra or OIDC path
  4. FastAPI verificationJWT + discovery/JWKS
  5. Protected serviceFail-closed request
  • React call sitesProvider-neutral client
  • Provider-neutral clientselectSelected provider
  • Selected providertokenFastAPI verification
  • FastAPI verificationverifiedProtected service

The work, in five lines

Problem
One platform depended on provider-specific authentication.
Owned
I owned the public auth and ML infrastructure slices.
Changed
Protected requests moved behind a provider-neutral boundary.
Difficult
React, FastAPI, Kubernetes, secrets, and storage had to agree.
Verified
17 merged PRs: Merged PR #827 · Merged PR #846 · Merged PR #430 · Merged PR #445 · Open PR #851

Open the evidence

Public authored pull requests support the provider-neutral auth boundary and bounded ML storage/deployment claims.