I’m using Azure Identity/MSAL to secure my API. When I go through the plugin installation process, I successfully log in and I’m redirected back to Open AI, but then I get a message inside of the chat, “Couldn’t log in with plugin”.
In Azure AD, I can see the sign-in was successful, but I can’t see any token request failures (though I may be looking in the wrong spot… I’m looking under Enterprise Applications->Sign-in Logs).
Does anyone have any ideas about what I might be doing wrong? Is it possible to get the request logs from Open AI?
The auth section of my ai-plugin.json file looks like:
"auth": {
"type": "oauth",
"client_url": "https://login.microsoftonline.com/common/oauth2/v2.0/authorize",
"scope": "api://<some random guid>/Time.Read",
"authorization_url": "https://login.microsoftonline.com/common/oauth2/v2.0/token",
"authorization_content_type": "application/json",
"verification_tokens": {
"openai": "<my verification token>"
}
}
And the callback URL is similar to:
https://chat.openai.com/aip/plugin-<my plugin id>/oauth/callback?code=0.ASkAFlM0bXqHZEmfaxqymWBVvzTHiYnH0DFLqZ7XcqqR1....
Update 5/15 @ 21:30 PST:
I found the logs I was looking for in the browser dev tools. After successfully getting redirected back to the callback URL, it makes a request to
https://oxxxxx.ingest.sentry.io/api/<########>/envelope/?sentry_key=<some key>&sentry_version=7&sentry_client=sentry.javascript.nextjs/7.50.0
This returns a 429 response.
Then there is another call to the callback URL with a 500 response. And the error detail is “Error forwarding auth: Missing access_token”. I can’t see the request to the token endpoint, but I see the auth code being returned from the auth endpoint.
I’ve also tried to change the plugin name in the ai-plugin.json file, and reuploaded it a few times, but I always get the same plugin ID/callback URL.
I have no idea where I’m going wrong, and any help would be greatly appreciated.