Azure AD OAuth

[notnlp]

Hi, i want to implement Azure AD OAuth, anyone here know what is the correct redirect URI to put in CHAINLIT_URL in the .env file? I have deploy the app with following website name : https://appname.azurewebsites.net. I put the whole URL in the CHAINLIT_URL in .env but it says : AADSTS90102: 'redirect_uri' value must be a valid absolute URI.

Any solution?

[ddnovikov]

@kfnlproc This is not a bug. You should put CHAINLIT_URL/auth/oauth/azure-ad/callback in the redirect urls list in the Azure UI. If you launch on the localhost, you should put http://localhost:8000/auth/oauth/azure-ad/callback there: Ideally CHAINLIT_URL should be more like <chainlit url> in the documentation, because this is not an env variable and is not stored in .env file, just a placeholder.

[Alexanderamiri]

I have a problem where i get a mismatch of the uri from microsoft where my redirect uri in azure starts with https::// but the app seems to be sending http://

There seems to be something chainlit is messing up on?

[JeanRessouche]

Same here, i'm searching how to configure Chainlit to send a callback url with https instead of http

[JeanRessouche]

@Alexanderamiri, found the answer in the code, add a CHAINLIT_URL variable in the config with your facing url to resolve it.

[Alexanderamiri]

@JeanRessouche Yes I messed around in the source code and also found that there is a reference to the CHAINTLIT_URL as an actual env that is used.

I am running the site on AWS EKS and there is routing from http to https, it seems like the pod itself is reporting http so I had to set CHAINTLIT_URL manually for each enviorment I deploy to.

Perhaps the AUTH docs are a bit lacking in this regard

[JeanRessouche]

Perhaps the AUTH docs are a bit lacking in this regard Yeah maybe, but still one of the best project do i saw :)

[edify42]

I've found overall this is not working as expected:

Without setting CHAINLIT_URL - the app defaults to http://<domain>/auth/oauth/azure-ad/callback for the redirect URI which is not accepted as a valid URI by Azure as it starts with HTTP.

If the CHAINLIT_URL environment var is set correctly like so:

CHAINLIT_URL=https://<domain>/auth/oauth/azure-ad

The initial OAuth2 callback flow is fine, but when the code is passed to the backend, the URL being called is: https:///auth/oauth/azure-ad/callback (correct), however the backend code to handle the URL is wrong:

def get_user_facing_url(url: URL):
    """
    Return the user facing URL for a given URL.
    Handles deployment with proxies (like cloud run).
    """
    chainlit_url = os.environ.get("CHAINLIT_URL")

    # No config, we keep the URL as is
    if not chainlit_url:
        url = url.replace(query="", fragment="")
        return url.__str__()

    config_url = URL(chainlit_url).replace(
        query="",
        fragment="",
    )
    # Remove trailing slash from config URL
    if config_url.path.endswith("/"):
        config_url = config_url.replace(path=config_url.path[:-1])

    return config_url.__str__() + url.path

The environment variable for CHAINLIT_URL is used in the code above, which results in a doubling of the oauth2 path like so: https://<domain>/auth/oauth/azure-ad/auth/oauth/azure-ad/callback

I've tried to hack my way around it by adding BOTH callback URLs but I suspect the code itself is tied with the original redirect URI so it doesn't work :(

[edify42]

Pretty sure this person also faced the issue I saw https://github.com/Chainlit/chainlit/issues/809

[gaweng]

The server.py file is wright. In the released version the String + url.path is missing.

return config_url.__str__() + url.path But in the main branch it exists. So I think there is only needed a new release.

In the release 1.1.306 the code is only return config_url.__str__() Same for the release here and in pypi

[weipienlee]

Another developer/researcher with the same problem :)