use original auth0 domain for audience (#541)

Chainlit · Nov 14, 2023 · 3e28588 · 3e28588
1 parent c17ec59
commit 3e28588
Showing 1 changed file with 7 additions and 2 deletions.
diff --git a/backend/chainlit/oauth_providers.py b/backend/chainlit/oauth_providers.py
@@ -299,13 +299,18 @@ def __init__(self):
         self.client_secret = os.environ.get("OAUTH_AUTH0_CLIENT_SECRET")
         # Ensure that the domain does not have a trailing slash
         self.domain = f"https://{os.environ.get('OAUTH_AUTH0_DOMAIN', '').rstrip('/')}"
+        self.original_domain = (
+            f"https://{os.environ.get('OAUTH_AUTH0_ORIGINAL_DOMAIN').rstrip('/')}"
+            if os.environ.get("OAUTH_AUTH0_ORIGINAL_DOMAIN")
+            else self.domain
+        )
 
         self.authorize_url = f"{self.domain}/authorize"
 
         self.authorize_params = {
             "response_type": "code",
             "scope": "openid profile email",
-            "audience": f"{self.domain}/userinfo",
+            "audience": f"{self.original_domain}/userinfo",
         }
 
     async def get_token(self, code: str, url: str):
@@ -333,7 +338,7 @@ async def get_token(self, code: str, url: str):
     async def get_user_info(self, token: str):
         async with httpx.AsyncClient() as client:
             response = await client.get(
-                f"{self.domain}/userinfo",
+                f"{self.original_domain}/userinfo",
                 headers={"Authorization": f"Bearer {token}"},
             )
             response.raise_for_status()