LookupError: <ContextVar name='tenant_id' at 0x15b781080> when login via ADMIN_API_KEY

langgenius / dify

Dify is an open-source LLM app development platform. Dify's intuitive interface combines AI workflow, RAG pipeline, agent capabilities, model management, observability features and more, letting you quickly go from prototype to production.

Other

53.24k stars 7.77k forks source link

Self Checks

[X] This is only for bug report, if you would like to ask a question, please head to Discussions.
[X] I have searched for existing issues search for existing issues, including closed ones.
[X] I confirm that I am using English to submit this report (我已阅读并同意 Language Policy).
[X] [FOR CHINESE USERS] 请务必使用英文提交 Issue，否则会被关闭。谢谢！:）
[X] Please do not modify this template :) and fill in all the required fields.

Dify version

0.10.2

Cloud or Self Hosted

Self Hosted (Source)

Steps to reproduce

Setting the following environment:

ADMIN_API_KEY_ENABLE=true
ADMIN_API_KEY=<some key>

create an app in web pages
send the following request:

curl 'http://<host>:<port>/console/api/apps/c6ed881f-b20d-4148-b3c3-893329af6021/workflows/draft' \
 -H 'Authorization: Bearer <ADMIN_API_KEY>' \
 -H 'X-WORKSPACE-ID: <WORKSPACE_ID_OF_APP>'

and the error is reproduced.

✔️ Expected Behavior

The request returns normally just like the user's JWT tokens.

❌ Actual Behavior

No response

@lotabout Hello there! I'm here to assist you with any bugs, questions, or contributions. Let's work together to resolve your issue.

The LookupError for the tenant_id ContextVar occurs when there is an attempt to access its value before it has been set in the current context. In the case of logging in via ADMIN_API_KEY, it seems that the tenant_id is not being set properly before it is accessed.

To resolve this issue, ensure that the tenant_id is correctly set in the context when handling requests authenticated with the ADMIN_API_KEY. This typically involves setting the tenant_id after successfully validating the ADMIN_API_KEY and retrieving the corresponding tenant information using the X-WORKSPACE-ID header. Make sure that the logic for setting the tenant_id is consistent with how it is set when using user JWT tokens, as the expected behavior is for both authentication methods to handle context variables similarly ^[1].

To continue talking to Dosu, mention @dosu.

langgenius / dify