CHAINLIT_URL
environment variable. For instance, if you host your
application at https://mydomain.com
, CHAINLIT_URL
should be set to
https://mydomain.com
.CHAINLIT_URL/auth/oauth/github/callback
. If your Chainlit app is hosted at localhost:8000, you should use http://localhost:8000/auth/oauth/github/callback
.
You need to set the following environment variables:
OAUTH_GITHUB_CLIENT_ID
: Client IDOAUTH_GITHUB_CLIENT_SECRET
: Client secretopenid
, profile
and email
scopes.
The callback URL should be: CHAINLIT_URL/auth/oauth/gitlab/callback
. If your Chainlit app is hosted at localhost:8000, you should use http://localhost:8000/auth/oauth/gitlab/callback
.
You need to set the following environment variables:
OAUTH_GITLAB_CLIENT_ID
: Client IDOAUTH_GITLAB_CLIENT_SECRET
: Client secretOAUTH_GITLAB_DOMAIN
: domain name (without the protocol)CHAINLIT_URL/auth/oauth/google/callback
. If your Chainlit app is hosted at localhost:8000, you should use http://localhost:8000/auth/oauth/google/callback
.
You need to set the following environment variables:
OAUTH_GOOGLE_CLIENT_ID
: Client IDOAUTH_GOOGLE_CLIENT_SECRET
: Client secretCHAINLIT_URL/auth/oauth/azure-ad/callback
. If your Chainlit app is hosted at localhost:8000, you should use http://localhost:8000/auth/oauth/azure-ad/callback
.
You need to set the following environment variables:
OAUTH_AZURE_AD_CLIENT_ID
: Client IDOAUTH_AZURE_AD_CLIENT_SECRET
: Client secretOAUTH_AZURE_AD_TENANT_ID
: Azure tenant IDOAUTH_AZURE_AD_ENABLE_SINGLE_TENANT=true
. If not, do not set this
environment variable at all.CHAINLIT_URL/auth/oauth/okta/callback
. If your Chainlit app is hosted at localhost:8000, you should use http://localhost:8000/auth/oauth/okta/callback
.
You need to set the following environment variables:
OAUTH_OKTA_CLIENT_ID
: Client IDOAUTH_OKTA_CLIENT_SECRET
: Client secretOAUTH_OKTA_DOMAIN
: Domain name for your okta setup - e.g. https://company.okta.comOAUTH_OKTA_AUTHORIZATION_SERVER_ID
environment variable to false
.OAUTH_OKTA_AUTHORIZATION_SERVER_ID
environment variable to default
if you have a developer account,CHAINLIT_URL/auth/oauth/descope/callback
. If your Chainlit app is hosted at localhost:8000, you should use http://localhost:8000/auth/oauth/descope/callback
.
You need to set the following environment variables:
OAUTH_DESCOPE_CLIENT_ID
: Descope Project ID, which can be found under Project Settings in the console.OAUTH_DESCOPE_CLIENT_SECRET
: Descope Access Key, which can be created under Access Keys in the console.CHAINLIT_URL/auth/oauth/auth0/callback
. If your Chainlit app is hosted at localhost:8000, you should use http://localhost:8000/auth/oauth/auth0/callback
.
You need to set the following environment variables:
OAUTH_AUTH0_CLIENT_ID
: Client IDOAUTH_AUTH0_CLIENT_SECRET
: Client secretOAUTH_AUTH0_DOMAIN
: Domain name for your auth0 setupOAUTH_AUTH0_ORIGINAL_DOMAIN
: Original domain name for your auth0 setup, if you are using a custom domainCHAINLIT_URL/auth/oauth/aws-cognito/callback
. If your Chainlit app is hosted at localhost:8000, you should use http://localhost:8000/auth/oauth/aws-cognito/callback
.
You need to set the following environment variables:
OAUTH_COGNITO_CLIENT_ID
: Client IDOAUTH_COGNITO_CLIENT_SECRET
: Client secretOAUTH_COGNITO_DOMAIN
: Cognito Domainid
of your Keycloak provider, which by default is keycloak
. This is useful if you want to display a more appropriate name on your login page. Use the OAUTH_KEYCLOAK_NAME
environment variable to set the name. Don’t choose an id
that conflicts with any of the other Oauth providers.
The callback URL for your client should be: CHAINLIT_URL/auth/oauth/${OAUTH_KEYCLOAK_NAME}/callback
. If your Chainlit app is hosted at localhost:8000, you should use http://localhost:8000/auth/oauth/${OAUTH_KEYCLOAK_NAME}/callback
.
You need to set the following environment variables:
OAUTH_KEYCLOAK_CLIENT_ID
: Client IDOAUTH_KEYCLOAK_CLIENT_SECRET
: Client secretOAUTH_KEYCLOAK_REALM
: The realm which contains your client.OAUTH_KEYCLOAK_BASE_URL
: Your Keycloak URL.OAUTH_KEYCLOAK_NAME
: Optional, see above.providers
variable in runtimeCustomOAuthProvider(OAuthProvider)
class with methods and fields:
get_token(self, code, url)
get_user_info(self, token)
authorize_params
env
env
, for example:
YOUR_PROVIDER_CLIENT_ID
YOUR_PROVIDER_CLIENT_SECRET
prompt
parameter. This is particularly useful for controlling the login behavior when users log out.
You can configure this behavior using two environment variables:
OAUTH_PROMPT
: Sets the default prompt behavior for all OAuth providersOAUTH_<PROVIDER>_PROMPT
: Sets the prompt behavior for a specific provider (e.g., OAUTH_GITHUB_PROMPT
)none
: No interaction required (default if not set)login
: Forces re-authenticationconsent
: Asks for approval of the requested scopesselect_account
: Allows users to select a different accountprompt=consent
prompt=login