search

Chainlit / chainlit

Build Conversational AI in minutes ⚡️
https://docs.chainlit.io
Apache License 2.0
7.3k stars 963 forks source link

Azure AD OAuth #819

Open notnlp opened 8 months ago

notnlp commented 8 months ago

Hi, i want to implement Azure AD OAuth, anyone here know what is the correct redirect URI to put in CHAINLIT_URL in the .env file? I have deploy the app with following website name : https://appname.azurewebsites.net. I put the whole URL in the CHAINLIT_URL in .env but it says : AADSTS90102: 'redirect_uri' value must be a valid absolute URI.

Any solution?

ddnovikov commented 8 months ago

@kfnlproc This is not a bug. You should put CHAINLIT_URL/auth/oauth/azure-ad/callback in the redirect urls list in the Azure UI. If you launch on the localhost, you should put http://localhost:8000/auth/oauth/azure-ad/callback there: tempsnip Ideally CHAINLIT_URL should be more like <chainlit url> in the documentation, because this is not an env variable and is not stored in .env file, just a placeholder.

Alexanderamiri commented 8 months ago

I have a problem where i get a mismatch of the uri from microsoft where my redirect uri in azure starts with https::// but the app seems to be sending http://

There seems to be something chainlit is messing up on?

JeanRessouche commented 7 months ago

Same here, i'm searching how to configure Chainlit to send a callback url with https instead of http

JeanRessouche commented 7 months ago

@Alexanderamiri, found the answer in the code, add a CHAINLIT_URL variable in the config with your facing url to resolve it.

image

Alexanderamiri commented 7 months ago

@JeanRessouche Yes I messed around in the source code and also found that there is a reference to the CHAINTLIT_URL as an actual env that is used.

I am running the site on AWS EKS and there is routing from http to https, it seems like the pod itself is reporting http so I had to set CHAINTLIT_URL manually for each enviorment I deploy to.

Perhaps the AUTH docs are a bit lacking in this regard

JeanRessouche commented 7 months ago

Perhaps the AUTH docs are a bit lacking in this regard Yeah maybe, but still one of the best project do i saw :)

edify42 commented 4 months ago

I've found overall this is not working as expected:

Without setting CHAINLIT_URL - the app defaults to http://<domain>/auth/oauth/azure-ad/callback for the redirect URI which is not accepted as a valid URI by Azure as it starts with HTTP.

If the CHAINLIT_URL environment var is set correctly like so:

CHAINLIT_URL=https://<domain>/auth/oauth/azure-ad

The initial OAuth2 callback flow is fine, but when the code is passed to the backend, the URL being called is: https:///auth/oauth/azure-ad/callback (correct), however the backend code to handle the URL is wrong:

def get_user_facing_url(url: URL):
    """
    Return the user facing URL for a given URL.
    Handles deployment with proxies (like cloud run).
    """
    chainlit_url = os.environ.get("CHAINLIT_URL")

    # No config, we keep the URL as is
    if not chainlit_url:
        url = url.replace(query="", fragment="")
        return url.__str__()

    config_url = URL(chainlit_url).replace(
        query="",
        fragment="",
    )
    # Remove trailing slash from config URL
    if config_url.path.endswith("/"):
        config_url = config_url.replace(path=config_url.path[:-1])

    return config_url.__str__() + url.path

The environment variable for CHAINLIT_URL is used in the code above, which results in a doubling of the oauth2 path like so: https://<domain>/auth/oauth/azure-ad/auth/oauth/azure-ad/callback

I've tried to hack my way around it by adding BOTH callback URLs but I suspect the code itself is tied with the original redirect URI so it doesn't work :(

edify42 commented 4 months ago

Pretty sure this person also faced the issue I saw https://github.com/Chainlit/chainlit/issues/809

gaweng commented 4 months ago

The server.py file is wright. In the released version the String + url.path is missing.

return config_url.__str__() + url.path But in the main branch it exists. So I think there is only needed a new release.

In the release 1.1.306 the code is only return config_url.__str__() Same for the release here and in pypi

weipienlee commented 4 months ago

Another developer/researcher with the same problem :)

rafaelsilvav8 commented 5 days ago

To solve the problem I removed the CHAINLIT_URL environment variable and the docker file looked like this:

FROM python:3.11

WORKDIR /app

COPY ./ /app

RUN pip install --no-cache-dir -r requirements.txt

# Solution here
RUN sed -i 's/return url.__str__()/return url.__str__().replace("http","https")/' /usr/local/lib/python3.11/site-packages/chainlit/server.py

EXPOSE 80

CMD ["chainlit","run", "docker-package/app.py","--port=80"]