From a21cb89df3b26108c6d90f42e74c0ac28f6ab7fe Mon Sep 17 00:00:00 2001 From: modenter Date: Sat, 21 Sep 2024 08:46:10 +0200 Subject: [PATCH 1/4] ui: force the oauth providers screen (do not automatically enter the single one when only one is defined --- frontend/src/components/molecules/auth/AuthLogin.tsx | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/frontend/src/components/molecules/auth/AuthLogin.tsx b/frontend/src/components/molecules/auth/AuthLogin.tsx index 6e0f83e873..4da356ec45 100644 --- a/frontend/src/components/molecules/auth/AuthLogin.tsx +++ b/frontend/src/components/molecules/auth/AuthLogin.tsx @@ -79,11 +79,11 @@ const AuthLogin = ({ setErrorState(error); }, [error]); - useEffect(() => { - if (!onPasswordSignIn && onOAuthSignIn && providers.length === 1) { - onOAuthSignIn(providers[0], callbackUrl); - } - }, [onPasswordSignIn, onOAuthSignIn, providers]); + // useEffect(() => { + // if (!onPasswordSignIn && onOAuthSignIn && providers.length === 1) { + // onOAuthSignIn(providers[0], callbackUrl); + // } + // }, [onPasswordSignIn, onOAuthSignIn, providers]); const formik = useFormik({ initialValues: { From 45e4cd9118b3bc4f0fa14b0005c2ff828cd4a3b2 Mon Sep 17 00:00:00 2001 From: modenter Date: Sat, 21 Sep 2024 08:48:40 +0200 Subject: [PATCH 2/4] fix: removed comments --- frontend/src/components/molecules/auth/AuthLogin.tsx | 6 ------ 1 file changed, 6 deletions(-) diff --git a/frontend/src/components/molecules/auth/AuthLogin.tsx b/frontend/src/components/molecules/auth/AuthLogin.tsx index 4da356ec45..1c0b8eb125 100644 --- a/frontend/src/components/molecules/auth/AuthLogin.tsx +++ b/frontend/src/components/molecules/auth/AuthLogin.tsx @@ -79,12 +79,6 @@ const AuthLogin = ({ setErrorState(error); }, [error]); - // useEffect(() => { - // if (!onPasswordSignIn && onOAuthSignIn && providers.length === 1) { - // onOAuthSignIn(providers[0], callbackUrl); - // } - // }, [onPasswordSignIn, onOAuthSignIn, providers]); - const formik = useFormik({ initialValues: { email: '', From 397a2330123bb4321362bafd817419dc78bef68d Mon Sep 17 00:00:00 2001 From: modenter Date: Fri, 27 Sep 2024 17:01:05 +0200 Subject: [PATCH 3/4] feat: restored initial behaviour, added prompt=consent to display oauth consent page --- backend/chainlit/oauth_providers.py | 15 ++++++++++++--- .../src/components/molecules/auth/AuthLogin.tsx | 7 +++++++ 2 files changed, 19 insertions(+), 3 deletions(-) diff --git a/backend/chainlit/oauth_providers.py b/backend/chainlit/oauth_providers.py index fe019859b1..14b2e6728f 100644 --- a/backend/chainlit/oauth_providers.py +++ b/backend/chainlit/oauth_providers.py @@ -37,6 +37,7 @@ def __init__(self): self.client_secret = os.environ.get("OAUTH_GITHUB_CLIENT_SECRET") self.authorize_params = { "scope": "user:email", + "prompt": "consent", } async def get_token(self, code: str, url: str): @@ -95,6 +96,7 @@ def __init__(self): "scope": "https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/userinfo.email", "response_type": "code", "access_type": "offline", + "prompt": "consent", } async def get_token(self, code: str, url: str): @@ -162,6 +164,7 @@ def __init__(self): "response_type": "code", "scope": "https://graph.microsoft.com/User.Read", "response_mode": "query", + "prompt": "consent", } async def get_token(self, code: str, url: str): @@ -207,7 +210,7 @@ async def get_user_info(self, token: str): azure_user["image"] = ( f"data:{photo_response.headers['Content-Type']};base64,{base64_image.decode('utf-8')}" ) - except Exception as e: + except Exception: # Ignore errors getting the photo pass @@ -246,6 +249,7 @@ def __init__(self): "scope": "https://graph.microsoft.com/User.Read https://graph.microsoft.com/openid", "response_mode": "form_post", "nonce": nonce, + "prompt": "consent", } async def get_token(self, code: str, url: str): @@ -291,7 +295,7 @@ async def get_user_info(self, token: str): azure_user["image"] = ( f"data:{photo_response.headers['Content-Type']};base64,{base64_image.decode('utf-8')}" ) - except Exception as e: + except Exception: # Ignore errors getting the photo pass @@ -325,6 +329,7 @@ def __init__(self): "response_type": "code", "scope": "openid profile email", "response_mode": "query", + "prompt": "consent", } def get_authorization_server_path(self): @@ -396,6 +401,7 @@ def __init__(self): "response_type": "code", "scope": "openid profile email", "audience": f"{self.original_domain}/userinfo", + "prompt": "consent", } async def get_token(self, code: str, url: str): @@ -442,7 +448,7 @@ class DescopeOAuthProvider(OAuthProvider): id = "descope" env = ["OAUTH_DESCOPE_CLIENT_ID", "OAUTH_DESCOPE_CLIENT_SECRET"] # Ensure that the domain does not have a trailing slash - domain = f"https://api.descope.com/oauth2/v1" + domain = "https://api.descope.com/oauth2/v1" authorize_url = f"{domain}/authorize" @@ -453,6 +459,7 @@ def __init__(self): "response_type": "code", "scope": "openid profile email", "audience": f"{self.domain}/userinfo", + "prompt": "consent", } async def get_token(self, code: str, url: str): @@ -511,6 +518,7 @@ def __init__(self): "response_type": "code", "client_id": self.client_id, "scope": "openid profile email", + "prompt": "consent", } async def get_token(self, code: str, url: str): @@ -579,6 +587,7 @@ def __init__(self): self.authorize_params = { "scope": "openid profile email", "response_type": "code", + "prompt": "consent", } async def get_token(self, code: str, url: str): diff --git a/frontend/src/components/molecules/auth/AuthLogin.tsx b/frontend/src/components/molecules/auth/AuthLogin.tsx index 1c0b8eb125..11f08fd94a 100644 --- a/frontend/src/components/molecules/auth/AuthLogin.tsx +++ b/frontend/src/components/molecules/auth/AuthLogin.tsx @@ -75,10 +75,17 @@ const AuthLogin = ({ setErrorState(undefined); formik.resetForm(); }, [showSignIn]); + useEffect(() => { setErrorState(error); }, [error]); + useEffect(() => { + if (!onPasswordSignIn && onOAuthSignIn && providers.length === 1) { + onOAuthSignIn(providers[0], callbackUrl); + } + }, [onPasswordSignIn, onOAuthSignIn, providers]); + const formik = useFormik({ initialValues: { email: '', From 147d56637aaf57225e0bf8fe037010f073766fdd Mon Sep 17 00:00:00 2001 From: modenter Date: Mon, 30 Sep 2024 19:59:44 +0200 Subject: [PATCH 4/4] fix: changed all prompt=consent to prompt=login except GH. Works for Descope, should work for Google and Okta (at least) --- backend/chainlit/oauth_providers.py | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/backend/chainlit/oauth_providers.py b/backend/chainlit/oauth_providers.py index 14b2e6728f..c383b7592c 100644 --- a/backend/chainlit/oauth_providers.py +++ b/backend/chainlit/oauth_providers.py @@ -96,7 +96,7 @@ def __init__(self): "scope": "https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/userinfo.email", "response_type": "code", "access_type": "offline", - "prompt": "consent", + "prompt": "login", } async def get_token(self, code: str, url: str): @@ -164,7 +164,7 @@ def __init__(self): "response_type": "code", "scope": "https://graph.microsoft.com/User.Read", "response_mode": "query", - "prompt": "consent", + "prompt": "login", } async def get_token(self, code: str, url: str): @@ -249,7 +249,7 @@ def __init__(self): "scope": "https://graph.microsoft.com/User.Read https://graph.microsoft.com/openid", "response_mode": "form_post", "nonce": nonce, - "prompt": "consent", + "prompt": "login", } async def get_token(self, code: str, url: str): @@ -329,7 +329,7 @@ def __init__(self): "response_type": "code", "scope": "openid profile email", "response_mode": "query", - "prompt": "consent", + "prompt": "login", } def get_authorization_server_path(self): @@ -401,7 +401,7 @@ def __init__(self): "response_type": "code", "scope": "openid profile email", "audience": f"{self.original_domain}/userinfo", - "prompt": "consent", + "prompt": "login", } async def get_token(self, code: str, url: str): @@ -459,7 +459,7 @@ def __init__(self): "response_type": "code", "scope": "openid profile email", "audience": f"{self.domain}/userinfo", - "prompt": "consent", + "prompt": "login", } async def get_token(self, code: str, url: str): @@ -518,7 +518,7 @@ def __init__(self): "response_type": "code", "client_id": self.client_id, "scope": "openid profile email", - "prompt": "consent", + "prompt": "login", } async def get_token(self, code: str, url: str): @@ -587,7 +587,7 @@ def __init__(self): self.authorize_params = { "scope": "openid profile email", "response_type": "code", - "prompt": "consent", + "prompt": "login", } async def get_token(self, code: str, url: str):