Plugin Oauth error: "Error getting system message: {"message": "User is missing credentials"}"

I’m developing a plugin using Oauth.
After some time without using it, my users get an error “User is missing credentials”. It blocks all chats where the plugin is enabled. (They installed it using the Unverified flow)
The only solution I found is to uninstall and re-install the plugin.

I don’t see any http calls that fails in the logs of my plugin’s backend. So I don’t think the problem is on my side.

Do you have any idea how I can fix this ?

Adrien

3 Likes

You’re not passing the login credentials. I’d suggest using oauth

I’m already using Oauth. The plugin is working fine at the beginning, but the credentials stop working after a few minutes/hours.

1 Like

Check which API endpoint is being called. I also log the requests to the console…

Console
Screenshot 2023-04-13 110734

When I get this error ChatGPT is not even calling my plugin. So there is no logs or endpoints being called.

2 Likes

I suddenly started getting the same error after working. Uninstalling, then reinstalling the plugin worked. But not sure for how long now…

1 Like

Are you using 3rd party API for OAuth? Maybe refresh_token isn’t returned so when access_token is expired OpenAI service can’t obtain a new one? Or maybe it is returned but in non-standard format, for example, it is named differently or it returns a response that is structured in unusual way?

1 Like

That was it! Refresh token fixed it for me. Would be great to add to the docs!

2 Likes

Hey! I’m also working on an oauth flow and also wondering how to implement the refresh token flow.

I’m returning a refresh_token with my /token api.

What data will openai send to my server for refresh?

1 Like

Hi,
Thank you for your answer. Yes, I’m using a 3rd party OAuth so I don’t have control on what is generated.

I tested using the same parameters OpenAI sends when I install the plugin. Unfortunately my 3rd party doesn’t return any refresh_token…
Adding a specific parameter in the client_url fixes that, but I cannot configure it ai-plugin.json. I tried adding the request param without sucess.

Do you know a way I could add this kind of parameter in the client_url field ? Or any other way I could solve this issue ?

{“grant_type”:“refresh_token”,“client_id”:“CLIENT_ID”,“client_secret”:“CLIENT_SECRET”,“refresh_token”:“REFRESH_TOKEN”}

Does this get sent to the /token endpoint?

Thanks,
Colin

Yep! The body gets sent to the same /token endpoint

For what its worth, I am trying to get google as oauth provider to work with my plugin, and experience the same behaviour as OP: after plugin install everything works for a few hours. In the plugin code, I am able to query https://www.googleapis.com/oauth2/v3/userinfo with the bearer token passed by ChatGPT (so this is a correct access_token retrieved by ChatGPT on google’s authorization url)
Then at some point in the ChatGPT UI: 'User is missing credentials". This without a hit on the plugin api itself.
Auth part of my ai-plugin.json

    "auth": {
        "type": "oauth",
        "client_url": "https://accounts.google.com/o/oauth2/v2/auth",
        "authorization_url": "https://oauth2.googleapis.com/token",
        "scope": "profile email",
        "authorization_content_type":"application/x-www-form-urlencoded",
        "verification_tokens": {
            "openai": "khaskfhsklfhd"
        }
    },

the client_url and authorization_url match the ones advertized by google on https://accounts.google.com/.well-known/openid-configuration

There is not much else able to configure here. The same Oauth client config on google works fine (even after much time passed) when used with e.g. the nextauth.js demo application (https://github.com/nextauthjs/next-auth-example), so I am guessing the oauth client settings I created at google should be ok.

If anybody has any ideas left to try, would highly appreciate it!

We added a refresh token and it initially worked, but then a few days later I get:

Error getting system message: {“message”:“User is missing credentials”}

It seems that when the token is expired, OpenAI does not automatically call auth0 to obtain a new token.

In this case, I removed the plugin and re-added the plugin, afterward the plugin worked again, so it seems an issue on OpenAI side.

Any thoughts?

1 Like

Adding refresh token never worked for me. Not initially and not after reinstalling my plugin. After a period of not using the plugin I get:

Error getting system message: {“message”:“User is missing credentials”}

I’m using Google oauth. Could it have something to do with the authorization service you’re using?

We’re using auth0.

It would be really great to get an OpenAI moderator response on this. More users are running into this issue.

1 Like

If you’re using Google Oauth2 you can log yourself back in without re-installing your app, either in the browser, or using Postman. Use this URL:

https://accounts.google.com/o/oauth2/v2/auth?client_id=YOUR_CLIENT_ID&redirect_uri=YOUR_REDIRECT_URI&response_type=code&scope=REQUESTED_SCOPES&access_type=offline&prompt=consent

Replace YOUR_CLIENT_ID with your own Client ID, YOUR_REDIRECT_URI with your redirect URI, and scopes with your scopes. If you’re using another auth service I’m sure there’s a way to do the same thing, just replace the URL and put in the appropriate parameters.

Am I wrong to think that OpenAI already has the login endpoint and can simply call that when users need to reauthenticate?

Putting the burden on end users is probably not the solution.

3 Likes

If I understand it correctly, that’s what’s supposed to happen according to the documentation. It appears that either ChatGPT is not asking for a refresh token, or we’re not doing something right so that ChatGPT can get the refresh token.