[FIX] Self-Hosted Google Authentication - `name 'id_token' is not defined

khoj-ai / khoj

Your AI second brain. Self-hostable. Get answers from the web or your docs. Build custom agents, schedule automations, do deep research. Turn any online or local LLM into your personal, autonomous AI (e.g gpt, claude, gemini, llama, qwen, mistral).

https://khoj.dev

GNU Affero General Public License v3.0

14.1k stars 703 forks source link

[FIX] Self-Hosted Google Authentication - `name 'id_token' is not defined #771

Closed TheAnachronism closed 5 months ago

TheAnachronism commented 5 months ago

Describe the bug

I'm trying to set up the self-hosted version of this application, as well as integrate Google Authentication. I got the general login working and the redirect back to the app, but then I get the following errors in the logs:

NameError: name 'id_token' is
not defined

This seems to be related to https://github.com/khoj-ai/khoj/blob/39faae68c0508e9568091829ae0456d8f72d6fba/src/khoj/routers/auth.py#L35 and a resulting missing value for id_token here: https://github.com/khoj-ai/khoj/blob/39faae68c0508e9568091829ae0456d8f72d6fba/src/khoj/routers/auth.py#L112

To Reproduce

Setup self-hosted instance and configure Google Auth with GOOGLE_CLIENT_ID and GOOGLE_CLIENT_SECRET
Try to log in
Error happens in logs and return in web-browser

Screenshots

If applicable, add screenshots to help explain your problem.

Platform

Server:
- [x] Self-Hosted Docker
Client:
- [ ] Obsidian
- [ ] Emacs
- [ ] Desktop app
- [x] Web browser
- [ ] WhatsApp
OS:
- [x] Windows
- [ ] macOS
- [ ] Linux
- [ ] Android
- [ ] iOS

If self-hosted

Server Version [1.12.1]:

Additional context

Add any other context about the problem here.

Varming73 commented 5 months ago

Did you find a guide anywhere for setting this up?

TheAnachronism commented 5 months ago

Well, I used the docker-compose.yaml from the docs and looked into the code to find which two environment variables were used to provide the client_id and client_secret from Google. After that, it was trial and error with the settings in the OAuth client from Google. In the end, I got the correct things, but like this issue details, there seems to be going something wrong when trying to use some auth-related methods to verify a token supposedly given by Google.

sabaimran commented 5 months ago

Hey folks, thanks for testing this out!

To start with, you'll need:

You must use the python package or build from source, because you'll need to install additional packages for the google auth libraries (prod). The syntax to install the right packages is
```
pip install khoj-assistant[prod]
```
Create authorization credentials for your application.
Go to your Google cloud console and create a configuration like below for the relevant OAuth 2.0 Client IDs project:
As @TheAnachronism pointed out, you'll have to configure these environment variables: GOOGLE_CLIENT_SECRET, and GOOGLE_CLIENT_ID. These will be retrieved from your console.

That's it! That should be all you have to do. Now, when you reload Khoj without --anonymous-mode, you should be able to use your Google account to sign in. Let me know if you run into any issues. I'll add this to our documentation.

Varming73 commented 5 months ago

When adding an IP as the URI I get this error on the Google site: Invalid Origin: must end with a public top-level domain (such as .com or .org).

I then tried setting it up with a domain instead. Now I get a 403 when trying to login with my Google account.

I should note that I run Khoj as a docker container.

TheAnachronism commented 5 months ago

Is it really impossible to use the container image? @sabaimran Even if there's a difference for the dependencies, it would be nice if there was still an image version that had all the required dependencies.