chainlit icon indicating copy to clipboard operation
chainlit copied to clipboard
verified publisher icon Chainlit

Authentication Failure in Copilot Mode: Missing Headers

Open lianghsun opened this issue 2 years ago • 4 comments

I've been considering that anything related to tokens would likely utilize header_auth_callback(headers: Dict). I attempted to create a mock login (which guarantees authentication success regardless of the situation) to capture headers sent by the nginx reverse proxy. This approach works in app mode, but fails to receive headers in copilot mode, as illustrated in the attached screenshot:

mock login 截圖 2024-02-27 上午10 50 02

App mode do return headers 截圖 2024-02-27 上午11 06 08

Using the developer tools, I noticed an error message at index.js:78, indicating an unauthorized access attempt:

GET http://localhost:8889/project/settings?language=zh-TW 401 (Unauthorized)

Copilot mode 截圖 2024-02-27 上午10 49 19

App mode 截圖 2024-02-27 上午10 49 01

This issue does not occur in app mode, only in copilot mode. The current problem is that I intend to use headers for authentication in copilot, but the server side does not receive any headers, thus failing to verify identity. Even with mock login (which should ensure authentication success), my simple HTML page displays an unauthorized access error.

Could you advise on how to resolve this issue? Thank you.

lianghsun avatar Feb 27 '24 03:02 lianghsun

Hi I am facing the same error!! Did you got it working?

karankapur999 avatar Apr 02 '24 18:04 karankapur999

@karankapur999 Not yet

lianghsun avatar Apr 02 '24 23:04 lianghsun

Hi,

I am facing a similar error!!

Did you get it working?

ajosegun avatar Jul 01 '24 13:07 ajosegun

facing the same error, anybody got it working?

HarshJa1n avatar Aug 01 '24 12:08 HarshJa1n

That's so bad! I'm facing the same error. I found that Copilot uses WebSocket, while the web uses HTTP. Perhaps the error occurs because of this

chenm1xuexi avatar Aug 21 '24 04:08 chenm1xuexi

Authentication works differently in copilot mode than when using the full app. Instead of relying on the header_auth_callback, you have to supply an access_token via your frontend Javascript in the call to window.mountChainlitWidget(). header_auth_callback is not called in copilot mode.

You can see access_token in the widget configuration section here: https://docs.chainlit.io/deploy/copilot

You can see how to create the access_token in the Authentication section at the bottom of that page.

This is also discussed here: https://github.com/Chainlit/chainlit/issues/756

stephenrs avatar Aug 22 '24 07:08 stephenrs