The @cl.password_auth_callback receives the username and password from the login form. Returning an cl.User object will authenticate the user while returning None will fail the authentication.

You can verify the credentials against any service that you’d like (your own DB, a private google sheet etc.).

The usual security best practices applies here, hash password before storing them.

Example

from typing import Optional
import chainlit as cl

@cl.password_auth_callback
def auth_callback(username: str, password: str) -> Optional[cl.User]:
  # Fetch the user matching username from your database
  # and compare the hashed password with the value stored in the database
  if (username, password) == ("admin", "admin"):
    return cl.User(identifier="admin", metadata={"role": "admin", "provider": "credentials"})
  else:
    return None