My GPT using custom action with OAuth client credentials

didtro · November 10, 2023, 5:15pm

Hi, I’m trying to set up a new assistant that uses a custom action to call an external API. The auth must be done through OAuth + client credentials. The problem is that I cannot make client credentials to work. This is what I see:

It gets stuck when trying to do the api call asking for a sign in, but client credentials is user agnostic, it shouldn’t ask for a login. Anyone with a solution for this?
Thanks!

didtro · November 10, 2023, 6:45pm

Tried also code authorization and implicit, that are user context based, but the problem is that when I click the “Sign in with…” button, I’m redirected to the external auth app, and I’m not redirected back to the GPT UI once I’m authenticated (I’ve configured the callback URL of the assistant on my external OAuth config)

dwager · November 10, 2023, 10:33pm

same exact issue here. hopefully this redirect back to the gpt ui is fixed, otherwise the UX is pretty lack-luster.

didtro · November 12, 2023, 8:02pm

Further testing and research. It seems default OAuth type expected by OpenAI is code authorization. This is my action OpenAPI schema (some data is masked):

{
  "openapi": "3.1.0",
  "info": {
    "title": "Platform API",
    "description": "Provides access to operations for managing groups",
    "version": "v1.0.0"
  },
  "servers": [
    {
      "url": "....api......"
    }
  ],
  "paths": {
    "/api/v2/groups/{groupId}": {
      "delete": {
        "description": "Deletes a group identified by the specified group ID",
        "operationId": "DeleteGroup",
        "parameters": [
          {
            "name": "groupId",
            "in": "path",
            "required": true,
            "description": "The unique identifier of the group to delete",
            "schema": {
              "type": "string"
            }
          }
        ],
        "deprecated": false
      }
    }
  },
  "components": {
    "schemas": {},
    "securitySchemes": {
      "OAuth2": {
        "type": "oauth2",
        "flows": {
          "authorizationCode": {
            "authorizationUrl": ".....login....../oauth/authorize",
            "tokenUrl": ".....login....../oauth/token",
            "scopes": {
              "groups": "Allows modification of groups"
            }
          }
        }
      }
    }
  }
}

My Authentication config:

What I see when testing a basic operation that involves a callout to the external API (see next 2 replies)

Any solution? Is there a way to troubleshoot that failure?

didtro · November 12, 2023, 8:03pm

didtro · November 12, 2023, 8:03pm

wong2 · November 16, 2023, 6:48am

Have you set the redirect url to the one provided by OpenAI on the other end?
The url looks like this: https://chat.openai.com/aip/g-xxxxxxxxx/oauth/callback

jesus.inica · November 16, 2023, 10:16am

After you save the GPT with the oauth option enabled, it will show you the callback URL

nick_nack · November 22, 2023, 10:27am

I’m encountering a similar issue trying to interface with an API from Adobe. In my other applications (incl. Postman), I’m successfully using grant_type client_credentials with the need for an auth URL or login.

If I tried to use an auth URL provided by Adobe, I got the following error:

Does that mean I’m not capable to integrate with that API? Is there no way to modify the security schema to enforce client_credentials as grant_type?