search

Chainlit / chainlit

Build Conversational AI in minutes ⚡️
https://docs.chainlit.io
Apache License 2.0
7.03k stars 924 forks source link

Getting a Error 400: redirect_uri_mismatch when trying to use OAuth2 with chainlit app deploy on azure using a container #680

Open KooEmmanuel opened 9 months ago

KooEmmanuel commented 9 months ago

When attempting to authenticate via OAuth2, I encounter the "Error 400: redirect_uri_mismatch." It seems to be related to the redirect URIs not aligning correctly during the authentication process. I suspect this may be linked to the deployment on Azure Web Apps using a container.

In the Google OAuth2 Redirect URLs, I added https://name.azurewebsites.net https://name.azurewebsites.net/oauth/google/callback

I also included these in my environment before building the docker image. OAUTH_GOOGLE_CLIENT_ID = "my_id" OAUTH_GOOGLE_CLIENT_SECRET = "secret" CHAINLIT_AUTH_SECRET=

The local docker container works fine but when I access the https://name.azurewebsites.net, that's when I get the error message "You can’t sign in because this app sent an invalid request. Error 400: redirect_uri_mismatch"

This is what I have in my docker file FROM python:3.11

# Set the working directory in the container
WORKDIR /Generative_AI

# Install chainlit
RUN pip install chainlit

RUN pip install langchain_community

# Copy app.py to the working directory
COPY app.py app.py

# Copy the entire project to the working directory
COPY . .

# Explicitly copy the .env file
COPY .env /Generative_AI/.env

# Install any needed packages specified in requirements.txt
RUN pip install -r requirements.txt

# Copy service-key.json to the working directory
COPY service-key.json /Generative_AI/service-account-key.json

# Set the environment variable
ENV GOOGLE_APPLICATION_CREDENTIALS /Generative_AI/service-account-key.json

# Make port 80 available to the world outside this container
EXPOSE 80

# Run app.py when the container launches
# do not change the arguments
ENTRYPOINT ["chainlit", "run", "main.py", "--host=0.0.0.0", "--port=80", "--headless"]

How can I fix this?

dahifi commented 8 months ago

I'm having a similar issue on CloudRun. Validate by changing the Google Auth callback to http and see if the app works. The issue has something to do with the CHAINLIT_URL needing to be set.

johnlbusby commented 7 months ago

The Redirect URI configured in Google should be "https://name.azurewebsites.net/auth/oauth/google/callback". Chainlit constructs it from your CHAINLIT_URL environment variable and "/auth/oauth/{provider_id}/callback".

DJOCKER-FACE commented 6 months ago

Same problem here, deploying with nginx on server, when URI changed to http there's no problem i think the problem is that chainlit is served as http and therefore the redirect URI is http, if possible to serve as HTTPS i believe it would fix this problem, is there a way?

dahifi commented 6 months ago

Set your CHAINLIT_URL to https, all the communication between nginx and cl is unsecured, but keeps the client-facing URLS under https, otherwise you'll get a mixed content warning from the browser.

saaipraneeth commented 1 month ago

@dahifi , having the same problem. when you say set your CHAINLIT_URL to https, you mean set the env. variable to the redirect uri ? or just put CHAINLIT_URL = "https" in the .env file ?