Add OAuth configurability (#499)

2025-03-26 17:51:54 +01:00 · 2023-10-02 11:05:08 -07:00 · 2023-10-02 11:05:08 -07:00 · ab65b19c4c
commit ab65b19c4c
parent c666f35cd0
2 changed files with 13 additions and 11 deletions
--- a/backend/danswer/configs/app_configs.py
+++ b/backend/danswer/configs/app_configs.py
@ -58,8 +58,14 @@ VALID_EMAIL_DOMAINS = (
 )

 # OAuth Login Flow
-GOOGLE_OAUTH_CLIENT_ID = os.environ.get("GOOGLE_OAUTH_CLIENT_ID") or ""
-GOOGLE_OAUTH_CLIENT_SECRET = os.environ.get("GOOGLE_OAUTH_CLIENT_SECRET") or ""
+# Used for both Google OAuth2 and OIDC flows
+OAUTH_CLIENT_ID = (
+    os.environ.get("OAUTH_CLIENT_ID", os.environ.get("GOOGLE_OAUTH_CLIENT_ID")) or ""
+)
+OAUTH_CLIENT_SECRET = (
+    os.environ.get("OAUTH_CLIENT_SECRET", os.environ.get("GOOGLE_OAUTH_CLIENT_SECRET"))
+    or ""
+)

 # The following Basic Auth configs are not supported by the frontend UI
 REQUIRE_EMAIL_VERIFICATION = (
--- a/backend/danswer/main.py
+++ b/backend/danswer/main.py
@ -16,10 +16,9 @@ from danswer.chat.personas import load_personas_from_yaml
 from danswer.configs.app_configs import APP_HOST
 from danswer.configs.app_configs import APP_PORT
 from danswer.configs.app_configs import AUTH_TYPE
-from danswer.configs.app_configs import DISABLE_AUTH
 from danswer.configs.app_configs import DISABLE_GENERATIVE_AI
-from danswer.configs.app_configs import GOOGLE_OAUTH_CLIENT_ID
-from danswer.configs.app_configs import GOOGLE_OAUTH_CLIENT_SECRET
+from danswer.configs.app_configs import OAUTH_CLIENT_ID
+from danswer.configs.app_configs import OAUTH_CLIENT_SECRET
 from danswer.configs.app_configs import SECRET
 from danswer.configs.app_configs import WEB_DOMAIN
 from danswer.configs.constants import AuthType
@ -115,7 +114,7 @@ def get_application() -> FastAPI:
        )

    elif AUTH_TYPE == AuthType.GOOGLE_OAUTH:
-        oauth_client = GoogleOAuth2(GOOGLE_OAUTH_CLIENT_ID, GOOGLE_OAUTH_CLIENT_SECRET)
+        oauth_client = GoogleOAuth2(OAUTH_CLIENT_ID, OAUTH_CLIENT_SECRET)
        application.include_router(
            fastapi_users.get_oauth_router(
                oauth_client,
@ -163,11 +162,8 @@ def get_application() -> FastAPI:
        # Will throw exception if an issue is found
        verify_auth()

-        if DISABLE_AUTH:
-            logger.info("User Authentication is turned off.")
-
-        if GOOGLE_OAUTH_CLIENT_ID and GOOGLE_OAUTH_CLIENT_SECRET:
-            logger.info("Found both OAuth Client ID and secret configured.")
+        if OAUTH_CLIENT_ID and OAUTH_CLIENT_SECRET:
+            logger.info("Both OAuth Client ID and Secret are configured.")

        if SKIP_RERANKING:
            logger.info("Reranking step of search flow is disabled")