How to validate OpenAI calling /token for actions

berzanmikaili · November 24, 2023, 11:27am

I’m a bit confused as to what’s supposed to happen in the step during oauth after redirecting to the callback.

So openAI calls /token, and expects me to return the accesstoken and so on. But I also want the state again here, so I can give it back the token that matches the state. Otherwise anyyone can just POST /token and grab an access token. What am I missing?

huwsername · November 28, 2023, 6:21am

OpenAI will call /token with client_id and client_secret, which you’ll need to store and match on your backend. This prevents request forgery, because you (the developer) have privately shared those values with OpenAI. See the OAuth docs for more

Topic		Replies	Views
GPTs is not invoking the token endpoint to get access_token Plugins / Actions builders plugin-development , chatgpt-plugin	2	2376	March 5, 2024
GPT Actions, Bearer token authorization Plugins / Actions builders authentication , actions	9	2927	September 19, 2024
Oauth chatgpt plugin how to know in advance redirect uri and openai token Plugins / Actions builders plugin-development	7	1500	July 5, 2023
How to handle user API keys in custom actions Plugins / Actions builders api	5	3106	January 13, 2024
Issue with Oauth Missing access token Plugins / Actions builders gpt-4 , plugin-development , chatgpt-plugin	1	922	February 18, 2024

How to validate OpenAI calling /token for actions

Related topics