I’m trying to get OAuth working with a ChatGPT plugin. Right now ChatGPT is sending us a weird JWT that doesn’t have the token we need. Does anyone have any examples of using Auth0 for their OAuth server?
2 Likes
I am working on this right now aswell. I will let you know how it goes and see if I can help out in a day or so. I have a quesiton for the worflow your doing.
At what point does the user go to the consent page in your workflow? Is it right when you install the application, or after a call is made to chat with the API?
1 Like
We ended up figuring it out!
In case anyone else needs this, we had to pass an audience as a query parameter. Since this needed to happen via the /authorize endpoint (OAUTH_CLIENT_URL), we had to append this directly. That did mean that we had to proxy to Auth0.
At what point does the user go to the consent page in your workflow? Is it right when you install the application, or after a call is made to chat with the API?
It’s immediately after they install the application.
1 Like
What do you think about this from a user perspective? Im not sure what your plugin is but for mine I rather allow the user the chance to try the application before making an account or signing in. And only being asked to sign in after they have used the app and want to save Data or access their information.
Also are you including a use tutorial in your auth workflow. This is another point I was considering since after I download a plugin I dont get told by the plugin how to use it without asking the chat first.
1 Like
This seems like an area where we have to rely on the user putting in the prompt they want. I’d love an onboarding workflow but also see this interface as one where we shouldn’t try to hog the limelight.
I see what you mean. I have just been testing out my plugin with friends and family and I notice that many of them are not “GPT savvy” and lots of feedback i have gotten is.
“It should ask my questions on how to use me when I first use it.”
I also have tried all the plugins available in the store and I noticed the same thing that I have to ask how to use the plugin and sometimes it doesnt tell me if I asked about the plugin in the wrong way.
What are you putting in the description for model section of your plugin JSON?
It looks like the OAuth parameter object is missing a audience option. If omitted, you are likely only getting an access_token valid for the /userinfo endpoint (on Auth0 itself, not your API). If that was available, you shouldn’t need to proxy Auth0.
Hello, I wrote this to ask if I’m on the right track for Oauth. After the settings, client id and client secret appear here. Will the end user enter these during the plugin installation? And where do I need to store these for checking purposes?
Hey Mustafa,
I found this really helpful for understanding oauth. Give it a read there are detailed examples.
For terminolody Open AI is the application and you are building the service authorizing open AI
Here is the documentaion on how oauth works.
Hope that helps.
And to answer your question. you need to generate a clientID and client secret yourself and give it to openai. You then need to use it to validate their request to you in the future to build a secure application.
Check out the docs for furthur details and hopefully it will all be clear 
Good luck!
Hey guys!
Just for you to know, at www.pluginlab.ai, we will release our Auth Portal next week.
Here’s a quick demo of the onboarding flow.
With no line of code, we give you a full-featured portal to sign-in/sign-up your users.
Then you will be able to manage them through your dashboard on www.pluginlab.ai
Later you will also be able to track their usage and setup quotas, permissions, and payment for them.
Feel free to share any useful feedback
