search

Chainlit / chainlit

Build Conversational AI in minutes ⚡️
https://docs.chainlit.io
Apache License 2.0
7.06k stars 926 forks source link

'Invalid authentication token' when rendering images sent in a chainlit application with authentication enabled. #1485

Open thiagotps opened 1 day ago

thiagotps commented 1 day ago

Describe the bug When there is no authentication, images sent in the chat are rendered normally. But with authentication set up, images sent over the chat are not rendered by the browser, receiving a 401 error with message 

{"detail":"Invalid authentication token"}

when accessed.

To Reproduce Just try to send an image to the chat of the chainlit app executed through the following command

chainlit run test_image.py -w

with the following code

#!/usr/bin/env python3
import chainlit as cl

@cl.password_auth_callback
def auth_callback(username: str, password: str):
    # Fetch the user matching username from your database
    # and compare the hashed password with the value stored in the database
    if (username, password) == ("admin", "admin"):
        return cl.User(
            identifier="admin", metadata={"role": "admin", "provider": "credentials"}
        )
    else:
        return None

@cl.on_chat_start
async def on_chat_start():
    if app_user := cl.user_session.get("user"):
        await cl.Message(f"Hello {app_user.identifier}").send()

@cl.on_message
async def on_message(message: cl.Message):
    await cl.Message(f"Message Received:{message.content}").send()

Expected behavior I expect to see the image being rendered normally.

Screenshots image And when trying to directly open the image with the http://localhost:8000/project/file/e9901e54-7210-468b-8ebb-218426bbf5f9?session_id=a9d63b80-0432-4e98-8fb6-5bde5a83d11b link: image

Desktop (please complete the following information):

Additional context chainlit version is 1.3.0

dosubot[bot] commented 1 day ago

I found a similar issue related to "Invalid authentication token" errors when rendering images in a Chainlit application with authentication enabled. This error often occurs if the JWT secret is missing or incorrect. To resolve this, ensure that the CHAINLIT_AUTH_SECRET environment variable is set correctly. You can generate a JWT secret using the command chainlit create-secret and set it in your environment [1].

Additionally, make sure that the token used in requests is valid and correctly included in the Authorization header when accessing resources that require authentication [1].

To continue talking to Dosu, mention @dosu.

gloveboxes commented 1 day ago

This is a bug introduced with Chainlit 1.3. It's still there in Chainlit 1.3.1.

In reqirements.txt set chainlit==1.2.0 and you'll be good to go till resolved.

I love this framework, but I burnt so much time on this, lesson learned, be very specific with version in the requirements rather than allowing a range of versions for this fast moving project :(

Cheers Dave