Authentication
Overview
Chainlit applications are public by default. To enable authentication and make your app private, you need to:
- Define a
CHAINLIT_AUTH_SECRET
environment variable. This is a secret string that is used to sign the authentication tokens. You can change it at any time, but it will log out all users. You can easily generate one usingchainlit create-secret
. - Add one or more authentication callbacks to your app:
Password Auth
Authenticate users with login/password.
OAuth
Authenticate users with your own OAuth app (like Google).
Header
Authenticate users based on a custom header.
Each callback take a different input and optionally return a cl.User
object. If the callback returns None
, the authentication is considered as failed.
Make sure each user has a unique identifier to prevent them from sharing their data.
Get the current authenticated user
You can access the current authenticated user through the User Session.
@cl.on_chat_start
async def on_chat_start():
app_user = cl.user_session.get("user")
await cl.Message(f"Hello {app_user.identifier}").send()
Was this page helpful?