chainlit icon indicating copy to clipboard operation
chainlit copied to clipboard
verified publisher icon Chainlit

Chainlit header auth call back is not working

Open nitish-bha opened this issue 3 months ago • 4 comments

Describe the bug** I have an flask application running on port 5050 and chainlit runs on 8080 iam reflecting chainlit through iframe in flask. I implemented authentication for flask app and am sending tokens on headers. But header auth call back is not getting triggered.

I want to authenticate chainlit to save the chat history.

nitish-bha avatar Nov 12 '25 17:11 nitish-bha

Hi @nitish-bha! I'm Dosu and I’m helping the chainlit team.

The header_auth_callback in Chainlit is triggered by a request to a specific endpoint (like /header-auth), but when embedding Chainlit in an iframe, browsers do not allow you to set custom headers on iframe requests due to security restrictions. This means your token in the headers from Flask won't reach Chainlit through the iframe, so the callback won't fire as expected [source].

To work around this, consider authenticating Chainlit using a different method. One common approach is to generate a JWT token in your Flask app and pass it to Chainlit via a URL parameter or by using Chainlit's widget embedding with the accessToken option [source]. For example, if you use the Chainlit widget, you can call:

window.mountChainlitWidget({
    chainlitServer: "http://localhost:8080",
    accessToken: "<your_jwt_token>"
});

Also, make sure your Chainlit server's CORS (allow_origins) setting includes your Flask app's origin (e.g., http://localhost:5050) to allow cross-origin requests [source].

If you want to persist chat history, ensure authentication is working first, then use Chainlit's user session and data layer features to store and retrieve chat history [source].

If you need more targeted help, sharing your Chainlit authentication config or relevant code snippets would help diagnose further.

To reply, just mention @dosu.

How did I do? Good | Irrelevant | Incorrect | Verbose | Hallucination | Report 🐛 | Other  Chat with Dosu Join Discord Share on X

dosubot[bot] avatar Nov 12 '25 17:11 dosubot[bot]

@dosu. It is failing to load in my flask application even if i use widget method. Does this supports 2.4.201 version of chanlit?

nitish-bha avatar Nov 13 '25 03:11 nitish-bha

The widget method using mountChainlitWidget with accessToken is supported in Chainlit 2.4.201, as it was available in earlier versions like 2.3.0 and there are no reported breaking changes for this feature [source].

If the widget is failing to load, common causes include CORS misconfiguration, invalid tokens, incorrect server URLs, or version mismatches between the widget script and your Chainlit server. Check your browser console for errors, verify that your Flask app's origin is included in Chainlit's allow_origins setting, and ensure the token you pass is valid for your Chainlit instance.

If you can share any error messages or relevant config snippets, I can help troubleshoot further.

To reply, just mention @dosu.

How did I do? Good | Irrelevant | Incorrect | Verbose | Hallucination | Report 🐛 | Other  Chat with Dosu Join Discord Share on X

dosubot[bot] avatar Nov 13 '25 03:11 dosubot[bot]

Can you share your code from chainlit and the path you are calling ?

ADWasHere avatar Nov 13 '25 08:11 ADWasHere