search

Chainlit / chainlit

Build Conversational AI in minutes ⚡️
https://docs.chainlit.io
Apache License 2.0
6.86k stars 903 forks source link

Keycloak authentication #1361

Open cedkoffeto opened 1 week ago

dokterbob commented 5 days ago

@cedkoffeto Appreciate your feedback but the phrasing comes across a bit demanding, particularly considering that this is an Open Source project.

Please in the future try and be more mindful and tell us:

  1. Why should chainlit support Keycloak, describing it and providing a link.
  2. What steps might be required.
  3. Whether or not you'd be interested in contributing an implementation, or if you are looking to pay us or someone to have it built.

Thanks!

dokterbob commented 4 days ago

@dosu What would you suggest as answers for my aforementioned questions?

dosubot[bot] commented 4 days ago

Hey @dokterbob! I'm here to help you with any issues or questions you have. I'm a bot designed to assist you with bug fixes, answer questions, and guide you in becoming a contributor. Let me know how I can assist you!

To support Keycloak authentication in Chainlit, here are the answers to the questions:

  1. Why should Chainlit support Keycloak? Keycloak is a widely used open-source identity and access management solution. Supporting Keycloak would allow organizations that already use Keycloak for authentication to seamlessly integrate Chainlit into their existing infrastructure. This would enhance security, simplify user management, and provide a consistent authentication experience across different applications. More information about Keycloak can be found here.

  2. What steps might be required? To support Keycloak authentication in Chainlit, the following steps would be required:

    • Configure Keycloak: Set up a Keycloak server and create a client for Chainlit. Obtain the client ID, client secret, and the Keycloak server URL.
    • Modify Chainlit Configuration: Update the Chainlit configuration to include Keycloak as an OAuth provider. This involves adding Keycloak-specific settings such as the client ID, client secret, and the Keycloak server URL.
    • Implement Keycloak OAuth Provider: Extend the chainlit.oauth_providers module to include a Keycloak provider. This would involve creating a new class for Keycloak that handles the OAuth flow, including token exchange and user information retrieval.
    • Update Authentication Logic: Modify the authenticate_user function to handle tokens issued by Keycloak. This may involve verifying the token with Keycloak and extracting user information.
    • Testing: Thoroughly test the integration to ensure that users can authenticate using Keycloak and that the authentication flow works seamlessly.

    Here is a simplified example of how you might start implementing the Keycloak provider:

    # chainlit/oauth_providers/keycloak.py

import requests
from fastapi import HTTPException

class KeycloakOAuthProvider:
   def __init__(self, client_id, client_secret, server_url):
       self.client_id = client_id
       self.client_secret = client_secret
       self.server_url = server_url

   def get_token(self, code):
       response = requests.post(
           f"{self.server_url}/protocol/openid-connect/token",
           data={
               "client_id": self.client_id,
               "client_secret": self.client_secret,
               "grant_type": "authorization_code",
               "code": code,
           },
       )
       if response.status_code != 200:
           raise HTTPException(status_code=401, detail="Invalid Keycloak token")
       return response.json()

   def get_user_info(self, token):
       response = requests.get(
           f"{self.server_url}/protocol/openid-connect/userinfo",
           headers={"Authorization": f"Bearer {token}"},
       )
       if response.status_code != 200:
           raise HTTPException(status_code=401, detail="Failed to fetch user info")
       return response.json()

  3. Contribution or Payment

    • If @cedkoffeto is interested in contributing an implementation, they could start by forking the repository and working on the steps outlined above.
    • Alternatively, if they are looking to pay for the implementation, they could discuss the terms with the maintainers or hire a developer to build the feature.

This approach ensures that the integration is well-planned and aligns with the project's goals and community standards [1][2].

To continue talking to Dosu, mention @dosu.

stephenrs commented 4 days ago

@cedkoffeto Appreciate your feedback but the phrasing comes across a bit demanding, particularly considering that this is an Open Source project.

@dokterbob Not everyone speaks English as their native language and different cultures communicate in different ways, so sometimes community writing might not appeal to your delicate sensibilities. Also, not everyone has deep experience interacting with github projects, so perhaps you should stop whining and complaining day after day and scolding the people of this community, and show a bit more tolerance. There are higher priorities here than how you feel and how easy the community makes your life, no? There is more than one way to understand mindfulness.

This is particularly important given that the software you have promised "Build production-ready Conversational AI applications in minutes, not weeks" doesn't exist. In other words, you are not in a position to make daily selfish demands of this community. You are liars.

So again, perhaps you should keep your evidently hard-to-control emotions to yourself and just do your job :)

Most importantly, this is not an Open Source Project. It is a well-funded company fraudulently pretending that it is so that they can get free labor. (https://literalai.notion.site/Literal-AI-Chainlit-Careers-cec94330409c405993407f92ca5e99da)

Where are these people anyway? I haven't seen any commits from your engineers and your Developer Advocate hasn't made an appearance: https://literalai.com/team

It's important that we all remain mindful of the truth.