Chainlit applications are public by default. To enable authentication and make your app private, you need to:

  1. Define a CHAINLIT_AUTH_SECRET environment variable. This is a secret string that is used to sign the authentication tokens. You can change it at any time, but it will log out all users. You can easily generate one using chainlit create-secret.
  2. Add one or more authentication callbacks to your app:

Password Auth

Authenticate users with login/password.

OAuth

Authenticate users with your own OAuth app (like Google).

Header

Authenticate users based on a custom header.

Each callback take a different input and optionally return a cl.User object. If the callback returns None, the authentication is considered as failed.

Make sure each user has a unique identifier to prevent them from sharing their data.

Get the current authenticated user

You can access the current authenticated user through the User Session.

@cl.on_chat_start
async def on_chat_start():
    app_user = cl.user_session.get("user")
    await cl.Message(f"Hello {app_user.identifier}").send()

Was this page helpful?

Custom Data LayerPassword