> ## Documentation Index
> Fetch the complete documentation index at: https://docs.chainlit.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Overview

Chainlit applications are public by default.
To enable authentication and make your app private, you need to:

1. Define a `CHAINLIT_AUTH_SECRET` environment variable. This is a secret string that is used to sign the authentication tokens. You can change it at any time, but it will log out all users. You can easily generate one using `chainlit create-secret`.
2. Add one or more authentication callbacks to your app:

<CardGroup cols={2}>
  <Card title="Password Auth" icon="shield" color="#ea5a0c" href="/authentication/password">
    Authenticate users with login/password.
  </Card>

  <Card title="OAuth" icon="google" color="#0285c7" href="/authentication/oauth">
    Authenticate users with your own OAuth app (like Google).
  </Card>

  <Card title="Header" icon="code" color="#16a34a" href="/authentication/header">
    Authenticate users based on a custom header.
  </Card>
</CardGroup>

Each callback take a different input and optionally return a `cl.User` object. If the callback returns `None`, the authentication is considered as failed.

<Warning>
  Make sure each user has a unique identifier to prevent them from sharing their
  data.
</Warning>

## Get the current authenticated user

You can access the current authenticated user through the [User Session](/concepts/user-session).

```py theme={null}
@cl.on_chat_start
async def on_chat_start():
    app_user = cl.user_session.get("user")
    await cl.Message(f"Hello {app_user.identifier}").send()
```