Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Keycloak authentication #1361

Open
cedkoffeto opened this issue Sep 20, 2024 · 7 comments
Open

Keycloak authentication #1361

cedkoffeto opened this issue Sep 20, 2024 · 7 comments
Labels
auth Pertaining to authentication. enhancement New feature or request

Comments

@cedkoffeto
Copy link

No description provided.

@dokterbob
Copy link
Collaborator

@cedkoffeto Appreciate your feedback but the phrasing comes across a bit demanding, particularly considering that this is an Open Source project.

Please in the future try and be more mindful and tell us:

  1. Why should chainlit support Keycloak, describing it and providing a link.
  2. What steps might be required.
  3. Whether or not you'd be interested in contributing an implementation, or if you are looking to pay us or someone to have it built.

Thanks!

@dokterbob dokterbob changed the title Auth: Chainlit should support integration with keycloak for authentication Keycloak authentication Sep 23, 2024
@dokterbob dokterbob added enhancement New feature or request auth Pertaining to authentication. and removed needs-triage labels Sep 23, 2024
@dokterbob
Copy link
Collaborator

@dosu What would you suggest as answers for my aforementioned questions?

@dosubot DosuBot
Copy link

dosubot bot commented Sep 24, 2024

Hey @dokterbob! I'm here to help you with any issues or questions you have. I'm a bot designed to assist you with bug fixes, answer questions, and guide you in becoming a contributor. Let me know how I can assist you!

To support Keycloak authentication in Chainlit, here are the answers to the questions:

  1. Why should Chainlit support Keycloak?
    Keycloak is a widely used open-source identity and access management solution. Supporting Keycloak would allow organizations that already use Keycloak for authentication to seamlessly integrate Chainlit into their existing infrastructure. This would enhance security, simplify user management, and provide a consistent authentication experience across different applications. More information about Keycloak can be found here.

  2. What steps might be required?
    To support Keycloak authentication in Chainlit, the following steps would be required:

    • Configure Keycloak: Set up a Keycloak server and create a client for Chainlit. Obtain the client ID, client secret, and the Keycloak server URL.
    • Modify Chainlit Configuration: Update the Chainlit configuration to include Keycloak as an OAuth provider. This involves adding Keycloak-specific settings such as the client ID, client secret, and the Keycloak server URL.
    • Implement Keycloak OAuth Provider: Extend the chainlit.oauth_providers module to include a Keycloak provider. This would involve creating a new class for Keycloak that handles the OAuth flow, including token exchange and user information retrieval.
    • Update Authentication Logic: Modify the authenticate_user function to handle tokens issued by Keycloak. This may involve verifying the token with Keycloak and extracting user information.
    • Testing: Thoroughly test the integration to ensure that users can authenticate using Keycloak and that the authentication flow works seamlessly.

    Here is a simplified example of how you might start implementing the Keycloak provider:

    # chainlit/oauth_providers/keycloak.py

import requests
from fastapi import HTTPException

class KeycloakOAuthProvider:
    def __init__(self, client_id, client_secret, server_url):
        self.client_id = client_id
        self.client_secret = client_secret
        self.server_url = server_url

    def get_token(self, code):
        response = requests.post(
            f"{self.server_url}/protocol/openid-connect/token",
            data={
                "client_id": self.client_id,
                "client_secret": self.client_secret,
                "grant_type": "authorization_code",
                "code": code,
            },
        )
        if response.status_code != 200:
            raise HTTPException(status_code=401, detail="Invalid Keycloak token")
        return response.json()

    def get_user_info(self, token):
        response = requests.get(
            f"{self.server_url}/protocol/openid-connect/userinfo",
            headers={"Authorization": f"Bearer {token}"},
        )
        if response.status_code != 200:
            raise HTTPException(status_code=401, detail="Failed to fetch user info")
        return response.json()

  3. Contribution or Payment

    • If @cedkoffeto is interested in contributing an implementation, they could start by forking the repository and working on the steps outlined above.
    • Alternatively, if they are looking to pay for the implementation, they could discuss the terms with the maintainers or hire a developer to build the feature.

This approach ensures that the integration is well-planned and aligns with the project's goals and community standards [1][2].

To continue talking to Dosu, mention @dosu.

@stephenrs
Copy link

stephenrs commented Sep 24, 2024
edited
Loading

@cedkoffeto Appreciate your feedback but the phrasing comes across a bit demanding, particularly considering that this is an Open Source project.

@dokterbob Not everyone speaks English as their native language and different cultures communicate in different ways, so sometimes community writing might not appeal to your delicate sensibilities. Also, not everyone has deep experience interacting with github projects, so perhaps you should stop whining and complaining day after day and scolding the people of this community, and show a bit more tolerance. There are higher priorities here than how you feel and how easy the community makes your life, no? There is more than one way to understand mindfulness.

This is particularly important given that the software you have promised "Build production-ready Conversational AI applications in minutes, not weeks" doesn't exist. In other words, you are not in a position to make daily selfish demands of this community. You are liars.

So again, perhaps you should keep your evidently hard-to-control emotions to yourself and just do your job :)

Most importantly, this is not an Open Source Project. It is a well-funded company fraudulently pretending that it is so that they can get free labor. (https://literalai.notion.site/Literal-AI-Chainlit-Careers-cec94330409c405993407f92ca5e99da)

Where are these people anyway? I haven't seen any commits from your engineers and your Developer Advocate hasn't made an appearance: https://literalai.com/team

It's important that we all remain mindful of the truth.

@gcleaves
Copy link

Keycloak is the leading open source identity / SSO platform. The feature request is self explanatory.

@gcleaves
Copy link

Here is oauth_providers.py with a quick, working Keycloak config. Of course patching oauth_providers.py is not a good idea since it will be overwritten the moment you update Chainlit. I'll submit a pull request once I test this with a modern version of Keycloak.

@gcleaves
Copy link

gcleaves commented Nov 17, 2024
edited
Loading

Hi @dokterbob , here is a pull request: #1525 . I look forward to a review and feedback if any changes are required.

P.S. How can I submit an section for the docs?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
auth Pertaining to authentication. enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@dokterbob @stephenrs @gcleaves @cedkoffeto