In the ai-plugin.json file, there are two crucial fields that need to be determined beforehand: “verification_tokens” and “redirect_uri”.
The “verification_tokens” field includes a subfield for “openai”, which in this case is assigned the value “287906e290dd4119ae9d481eec23bdea”.
The “redirect_uri” field is also significant because our OAuth server (app) verifies if it corresponds with the “redirect_uri” received from the client side.
Before transitioning to a production environment, how can I ascertain the appropriate values for the “openai” token and “redirect_uri”?
The verification token is not something you can know in advance.
When you are developing your plugin, you will go over the OAuth installation flow and OpenAI will give you this verification token. You will have to add it to your manifest file once. That’s it.
Regarding the redirect URI, it’s the URI where your backend will proceed the oAuth flow. So basically if you know your production domain name for your backend, you know this URL.
That being said, you probably should not waste your time implementing this if you are not comfortable with it. You can literally configure an oAuth portal in 5 minutes by using www.pluginlab.ai
If you install this plugin for example, you will see the oAuth portal you can get in five minutes:
We already developed oauth, per my understanding redirect_uri should not be my production domain but redirect uri from openai so our backend can verify it, right?
Sorry, I thought you were talking about the authorization_url or client_url.
Actually, I’m unsure what your question about the redirect_uri is.
This uri will always be constructed with the following pattern: https://chat.openai.com/aip/<PLUGIN_ID>/oauth/callback
If you are willing to verify this pattern for security concerns, then I suggest you authorize https://chat.openai.com/aip/<PLUGIN_ID>/oauth/callback
Once the authorization flow is completed on your end, you will redirect the user to
For example: https://chat.openai.com/aip/<PLUGIN_ID>/oauth/callback?code=your-oauth-code
Then, OpenAI will complete the flow by sending a post request containing client_id, client_secret, code, redirect_uri.
At this stage, you can check that the redirect_uri is the same as the previous one if you want to add an extra security layer.
Since I’m not sure to answer your question, feel free to ask something more precise. I will be happy to help
Okay thank you the only problem I see is that redirect_uri sometimes changes after plugin is redeplyed
What’s the <PLUGIN_ID> here?
You can’t guess it. OpenAI will choose
// Extract the plugin_id from the redirect_uri
const redirect_uri = req.query.redirect_uri;
const plugin_id = redirect_uri.split(‘/’);
// Redirect the user back to the ChatGPT UI