I’m currently developing a ChatGPT plugin named GanalyticsGPT, which is designed to connect Google Analytics with ChatGPT. The goal is to allow users to ask questions about their Google Analytics data directly through ChatGPT.
To access the Google Analytics data, I need to implement the Google OAuth 2.0 flow for user authentication. However, I’ve encountered a challenge with the way ChatGPT handles the OAuth 2.0 flow.
In a standard Google OAuth 2.0 flow, after the user authorizes the application, they are redirected back to a callback URL with an authorization code. This code is then exchanged for an access token, which is used to authenticate API requests.
However, ChatGPT expects to receive an access token directly, as described in the documentation:
The authorization_url endpoint should return a response that looks like: { "access_token": "example_token", "token_type": "bearer", "refresh_token": "example_token", "expires_in": 59, }
not an authorization code. This means that I can’t follow the standard Google OAuth 2.0 flow, as there’s no opportunity to exchange the authorization code for an access token within ChatGPT.
I’ve considered setting up a separate server-side component to handle the exchange of the authorization code for an access token, but this would require ChatGPT to handle the authorization code, which it currently does not support.
I’m wondering if anyone else has encountered this issue and how they have solved it. Is there a way to implement the Google OAuth 2.0 flow in a ChatGPT plugin that I’m missing? Any advice or suggestions would be greatly appreciated.
The authorization url is for the authorization/access-token exchange and subsequent refreshes. It is the client url listen in the ai-plugin that’s the first access point.
Oauth is a bit convolutedly explained in the docs, but the idea is that openai acts as the client and the plugin provider also has the authorization infrastructure. So it’s not really made for the google oauth. A way to mangage Google oauth authorization might be this:
make your plugin a proxy between openai and google. Have it set up with an /oauth endpoint, and an /openai-facing and a /google-facing endpoint for the redirections and authorizations.
set up the /oauth endpoint as “client_url” in the ai-plugin.json, and the /openai-facing endpoint as authorization_url.
When the user is redirected to the client url for authenitfication, parse the paramters and change the redirect_uri to your /google-facing endpoint, then redirect the user foreward to the google auth url.
When the user authorization process at google is finished, it redirects to your /google-facing endpoint, where you do the same in the other direction - redirect back to the original openai redirect_uri (whouch you could save in the session in the meantime) with the auth code and state.
Then when openai does a post to your /openai-facing endpoint with a request for the access token, you forward the post to the google /token endpoint, gets the authorization token back from them and returns it to openai.
This will repeat when refreshing is necessary.
It might seem a little complex to do it this way, and i’m not sure about the security implications… But I made this work in my own private plugin, and now have chatgpt managing my Google calendar
Thank’s for the detailed response, I did try this approach but I encounter a problem. I get a redirect_uri mismatch error, can you maybe elaborate a bit more on how you made it to work?
Ok somehow I made it to work, but I have new problem now.
Google is requiring the button to be “sign in with google” but ChatGPT, automatically defines the button.
Is anyone knowing if I can change this button? and if so how?
