search

Chainlit / chainlit

Build Conversational AI in minutes ⚡️
https://docs.chainlit.io
Apache License 2.0
6.91k stars 910 forks source link

Authentication Failure in Copilot Mode: Missing Headers #771

Open lianghsun opened 7 months ago

lianghsun commented 7 months ago

I've been considering that anything related to tokens would likely utilize header_auth_callback(headers: Dict). I attempted to create a mock login (which guarantees authentication success regardless of the situation) to capture headers sent by the nginx reverse proxy. This approach works in app mode, but fails to receive headers in copilot mode, as illustrated in the attached screenshot:

mock login 截圖 2024-02-27 上午10 50 02

App mode do return headers 截圖 2024-02-27 上午11 06 08

Using the developer tools, I noticed an error message at index.js:78, indicating an unauthorized access attempt:

GET http://localhost:8889/project/settings?language=zh-TW 401 (Unauthorized)

Copilot mode

截圖 2024-02-27 上午10 49 19

App mode

截圖 2024-02-27 上午10 49 01

This issue does not occur in app mode, only in copilot mode. The current problem is that I intend to use headers for authentication in copilot, but the server side does not receive any headers, thus failing to verify identity. Even with mock login (which should ensure authentication success), my simple HTML page displays an unauthorized access error.

Could you advise on how to resolve this issue? Thank you.

karankapur999 commented 6 months ago

Hi I am facing the same error!! Did you got it working?

lianghsun commented 6 months ago

@karankapur999 Not yet

ajosegun commented 3 months ago

Hi,

I am facing a similar error!!

Did you get it working?

HarshJa1n commented 2 months ago

facing the same error, anybody got it working?

chenm1xuexi commented 1 month ago

That's so bad! I'm facing the same error. I found that Copilot uses WebSocket, while the web uses HTTP. Perhaps the error occurs because of this

stephenrs commented 1 month ago

Authentication works differently in copilot mode than when using the full app. Instead of relying on the header_auth_callback, you have to supply an access_token via your frontend Javascript in the call to window.mountChainlitWidget(). header_auth_callback is not called in copilot mode.

You can see access_token in the widget configuration section here: https://docs.chainlit.io/deploy/copilot

You can see how to create the access_token in the Authentication section at the bottom of that page.

This is also discussed here: https://github.com/Chainlit/chainlit/issues/756