From 3e28588b550b485d8e98ab622ddb24028bb81e12 Mon Sep 17 00:00:00 2001
From: Willy Douhard <willy.douhard@gmail.com>
Date: Tue, 14 Nov 2023 10:17:53 +0100
Subject: [PATCH] use original auth0 domain for audience (#541)

---
 backend/chainlit/oauth_providers.py | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/backend/chainlit/oauth_providers.py b/backend/chainlit/oauth_providers.py
index 1c73aac88a..9fea48c7df 100644
--- a/backend/chainlit/oauth_providers.py
+++ b/backend/chainlit/oauth_providers.py
@@ -299,13 +299,18 @@ def __init__(self):
         self.client_secret = os.environ.get("OAUTH_AUTH0_CLIENT_SECRET")
         # Ensure that the domain does not have a trailing slash
         self.domain = f"https://{os.environ.get('OAUTH_AUTH0_DOMAIN', '').rstrip('/')}"
+        self.original_domain = (
+            f"https://{os.environ.get('OAUTH_AUTH0_ORIGINAL_DOMAIN').rstrip('/')}"
+            if os.environ.get("OAUTH_AUTH0_ORIGINAL_DOMAIN")
+            else self.domain
+        )
 
         self.authorize_url = f"{self.domain}/authorize"
 
         self.authorize_params = {
             "response_type": "code",
             "scope": "openid profile email",
-            "audience": f"{self.domain}/userinfo",
+            "audience": f"{self.original_domain}/userinfo",
         }
 
     async def get_token(self, code: str, url: str):
@@ -333,7 +338,7 @@ async def get_token(self, code: str, url: str):
     async def get_user_info(self, token: str):
         async with httpx.AsyncClient() as client:
             response = await client.get(
-                f"{self.domain}/userinfo",
+                f"{self.original_domain}/userinfo",
                 headers={"Authorization": f"Bearer {token}"},
             )
             response.raise_for_status()