Open main menu
首页
专栏
课程
分类
归档
Chat
Sci-Hub
谷歌学术
Libgen
GitHub镜像
登录/注册
搜索
关闭
Previous
Previous
Next
Next
OpenAI最新官方ChatGPT聊天插件接口《插件身份验证》全网最详细中英文实用指南和教程,助你零基础快速轻松掌握全新技术(三)(附源码)
sockstack
/
377
/
2023-11-06 23:54:34
<p><span style="color: red; font-size: 18px">ChatGPT 可用网址,仅供交流学习使用,如对您有所帮助,请收藏并推荐给需要的朋友。</span><br><a href="https://ckai.xyz/?sockstack§ion=detail" target="__blank">https://ckai.xyz</a><br><br></p> <article class="baidu_pl"><div id="article_content" class="article_content clearfix"> <link rel="stylesheet" href="https://csdnimg.cn/release/blogv2/dist/mdeditor/css/editerView/kdoc_html_views-1a98987dfd.css"> <link rel="stylesheet" href="https://csdnimg.cn/release/blogv2/dist/mdeditor/css/editerView/ck_htmledit_views-25cebea3f9.css"> <div id="content_views" class="markdown_views prism-atom-one-dark"> <svg xmlns="http://www.w3.org/2000/svg" style="display: none;"><path stroke-linecap="round" d="M5,0 0,2.5 5,5z" id="raphael-marker-block" style="-webkit-tap-highlight-color: rgba(0, 0, 0, 0);"></path></svg><p></p> <div class="toc"> <h3>Plugin authentication 插件身份验证</h3> <ul> <li>前言</li> <li>Plugin authentication 插件身份验证</li> <li>No authentication 无认证</li> <li>Service level 服务级别</li> <li>User level 用户级别</li> <li>OAuth</li> <li>其它资料下载</li> </ul> </div> <p></p> <p><img referrerpolicy="no-referrer" src="https://img-blog.csdnimg.cn/5fb4a1eeaf20497680fb098073be9b1a.png#pic_center" alt="在这里插入图片描述"></p> <h1> <a id="_5"></a>前言</h1> <p>“如果你不能信任插件,那么你就不能信任整个应用程序。”正因为如此,ChatGPT始终把插件认证放在极为重要的位置上,确保每一个插件都是可靠的、安全的。在ChatGPT中,插件认证机制可以保证用户数据和访问控制的安全。一个好的插件认证机制不仅需要能够验证插件的身份,还需要保护用户的隐私信息,并且确保插件只能访问其被授权的资源。</p> <h1> <a id="Plugin_authentication__10"></a>Plugin authentication 插件身份验证</h1> <p>Plugins offer numerous authentication schemas to accommodate various use cases. To specify the authentication schema for your plugin, use the manifest file. Our plugin domain policy outlines our strategy for addressing domain security issues. For examples of available authentication options, refer to the examples section, which showcases all the different choices.<br> 插件提供了许多身份验证模式以适应各种用例。要指定插件的身份验证模式,请使用清单文件。我们的插件域策略概述了我们解决域安全问题的策略。有关可用身份验证选项的示例,请参阅示例部分,其中展示了所有不同的选项。</p> <p>Note that the <code>ai-plugin.json</code> file requires an <code>auth</code> schema to be set. Even if you elect to use no authentication, it is still required to specify <code>"auth": { "type": "none" }</code>.<br> 请注意, <code>ai-plugin.json</code> 文件需要设置 <code>auth</code> 模式。即使您选择不使用身份验证,仍然需要指定 <code>"auth": { "type": "none" }</code> 。</p> <h1> <a id="No_authentication__17"></a>No authentication 无认证</h1> <p>We support no-auth flow for applications that do not require authentication, where a user is able to send requests directly to your API without any restrictions. This is particularly useful if you have an open API that you want to make available to everyone, as it allows traffic from sources other than just OpenAI plugin requests.<br> 对于不需要身份验证的应用程序,我们支持无身份验证流,其中用户能够直接向您的API发送请求,而不受任何限制。如果你有一个开放的API,你想让每个人都可以使用,这是特别有用的,因为它允许来自其他来源的流量,而不仅仅是OpenAI插件请求。</p> <pre><code class="prism language-json"><span class="token string-property property">"auth"</span><span class="token operator">:</span> <span class="token punctuation">{<!-- --></span><span class="token string-property property">"type"</span><span class="token operator">:</span> <span class="token string">"none"</span> <span class="token punctuation">}</span><span class="token punctuation">,</span> </code></pre> <h1> <a id="Service_level__27"></a>Service level 服务级别</h1> <p>If you want to specifically enable OpenAI plugins to work with your API, you can provide a client secret during the plugin installation flow. This means that all traffic from OpenAI plugins will be authenticated but not on a user level. This flow benefits from a simple end user experience but less control from an API perspective.<br> 如果你想专门启用OpenAI插件来与你的API一起工作,你可以在插件安装流程中提供一个客户端密码。这意味着来自OpenAI插件的所有流量都将进行身份验证,但不会在用户级别进行身份验证。此流程受益于简单的最终用户体验,但从API角度来看控制较少。</p> <ul> <li>To start, a developer pastes in their access token (global key)<br> 首先,开发人员粘贴他们的访问令牌(全局密钥)</li> <li>Then, they have to add the verification token to their manifest file<br> 然后,他们必须将验证令牌添加到他们的清单文件中</li> <li>We store an encrypted version of the token<br> 我们存储令牌的加密版本</li> <li>Users don’t need to do anything when they install the plugin<br> 用户在安装插件时不需要做任何事情</li> <li>Last, we pass it in the Authorization header when making requests to the plugin (“Authorization”: “[Bearer/Basic][user’s token]”)<br> 最后,我们在向插件发出请求时将其传递到Authorization头中(“Authorization”:“[Bearer/Basic][user’s token]”)</li> </ul> <pre><code class="prism language-json"><span class="token string-property property">"auth"</span><span class="token operator">:</span> <span class="token punctuation">{<!-- --></span><span class="token string-property property">"type"</span><span class="token operator">:</span> <span class="token string">"service_http"</span><span class="token punctuation">,</span><span class="token string-property property">"authorization_type"</span><span class="token operator">:</span> <span class="token string">"bearer"</span><span class="token punctuation">,</span><span class="token string-property property">"verification_tokens"</span><span class="token operator">:</span> <span class="token punctuation">{<!-- --></span><span class="token string-property property">"openai"</span><span class="token operator">:</span> <span class="token string">"cb7cdfb8a57e45bc8ad7dea5bc2f8324"</span><span class="token punctuation">}</span> <span class="token punctuation">}</span><span class="token punctuation">,</span> </code></pre> <h1> <a id="User_level__52"></a>User level 用户级别</h1> <p>Just like how a user might already be using your API, we allow user level authentication through enabling end users to copy and paste their secret API key into the ChatGPT UI during plugin install. While we encrypt the secret key when we store it in our database, we do not recommend this approach given the poor user experience.<br> 就像用户可能已经在使用您的API一样,我们允许最终用户在插件安装期间将其API密钥复制并粘贴到ChatGPT UI中,从而实现用户级身份验证。虽然我们在将密钥存储在数据库中时会对其进行加密,但考虑到用户体验较差,我们不建议使用这种方法。</p> <ul> <li>To start, a user pastes in their access token when installing the plugin<br> 首先,用户在安装插件时粘贴他们的访问令牌</li> <li>We store an encrypted version of the token<br> 我们存储令牌的加密版本</li> <li>We then pass it in the Authorization header when making requests to the plugin (“Authorization”: “[Bearer/Basic][user’s token]”)<br> 然后,我们在向插件发出请求时将其传递到Authorization头中(“Authorization”:“[Bearer/Basic][user’s token]”)</li> </ul> <pre><code class="prism language-json"><span class="token string-property property">"auth"</span><span class="token operator">:</span> <span class="token punctuation">{<!-- --></span><span class="token string-property property">"type"</span><span class="token operator">:</span> <span class="token string">"user_http"</span><span class="token punctuation">,</span><span class="token string-property property">"authorization_type"</span><span class="token operator">:</span> <span class="token string">"bearer"</span><span class="token punctuation">,</span> <span class="token punctuation">}</span><span class="token punctuation">,</span> </code></pre> <h1> <a id="OAuth_70"></a>OAuth</h1> <p>The plugin protocol is compatible with OAuth. A simple example of the OAuth flow we are expecting in the manifest looks like the following:<br> 插件协议与OAuth兼容。我们在清单中期望的OAuth流的一个简单示例如下所示:</p> <ul> <li>To start, a developer pastes in their OAuth client id and client secret<br> 首先,开发人员粘贴他们的OAuth客户端ID和客户端密码 <ul><li>Then they have to add the verification token to their manifest file<br> 然后他们必须将验证令牌添加到他们的清单文件中</li></ul> </li> <li>We store an encrypted version of the client secret<br> 我们存储客户端机密的加密版本</li> <li>Users log in through the plugin’s website when they install the plugin<br> 用户在安装插件时通过插件的网站登录 <ul><li>That gives us an OAuth access token (and optionally a refresh token) for the user, which we store encrypted<br> 这为我们提供了一个用户的OAuth访问令牌(以及可选的刷新令牌),我们将其加密存储</li></ul> </li> <li>Last, we pass that user’s token in the Authorization header when making requests to the plugin (“Authorization”: “[Bearer/Basic][user’s token]”)<br> 最后,当向插件发出请求时,我们在Authorization头中传递该用户的令牌(“Authorization”:“[Bearer/Basic][user’s token]”)</li> </ul> <pre><code class="prism language-json"><span class="token string-property property">"auth"</span><span class="token operator">:</span> <span class="token punctuation">{<!-- --></span><span class="token string-property property">"type"</span><span class="token operator">:</span> <span class="token string">"oauth"</span><span class="token punctuation">,</span><span class="token string-property property">"client_url"</span><span class="token operator">:</span> <span class="token string">"https://my_server.com/authorize"</span><span class="token punctuation">,</span><span class="token string-property property">"scope"</span><span class="token operator">:</span> <span class="token string">""</span><span class="token punctuation">,</span><span class="token string-property property">"authorization_url"</span><span class="token operator">:</span> <span class="token string">"https://my_server.com/token"</span><span class="token punctuation">,</span><span class="token string-property property">"authorization_content_type"</span><span class="token operator">:</span> <span class="token string">"application/json"</span><span class="token punctuation">,</span><span class="token string-property property">"verification_tokens"</span><span class="token operator">:</span> <span class="token punctuation">{<!-- --></span><span class="token string-property property">"openai"</span><span class="token operator">:</span> <span class="token string">"abc123456"</span><span class="token punctuation">}</span> <span class="token punctuation">}</span><span class="token punctuation">,</span> </code></pre> <p>To better understand the URL structure for OAuth, here is a short description of the fields:<br> 为了更好地理解OAuth的URL结构,下面是字段的简短说明:</p> <ul> <li>When you set up your plugin with ChatGPT, you will be asked to provide your OAuth <code>client_id</code> and <code>client_secret</code><br> 当您使用ChatGPT设置插件时,系统会要求您提供OAuth <code>client_id</code> 和 <code>client_secret</code> </li> <li>When a user logs into the plugin, ChatGPT will direct the user’s browser to <code>"[client_url]?response_type=code&client_id=[client_id]&scope=[scope]&redirect_uri=https%3A%2F%2Fchat.openai.com%2Faip%2F[plugin_id]%2Foauth%2Fcallback"</code><br> 当用户登录插件时,ChatGPT会将用户的浏览器引导到 <code>"[client_url]?response_type=code&client_id=[client_id]&scope=[scope]&redirect_uri=https%3A%2F%2Fchat.openai.com%2Faip%2F[plugin_id]%2Foauth%2Fcallback"</code> </li> <li>After your plugin redirects back to the given redirect_uri, ChatGPT will complete the OAuth flow by making a POST request to authorization_url with content type <code>authorization_content_type</code> and parameters <code>{ “grant_type”: “authorization_code”, “client_id”: [client_id], “client_secret”: [client_secret], “code”: [the code that was returned with the redirect], “redirect_uri”: [the same redirect uri as before] }</code><br> 在插件重定向回给定的redirect_uri之后,ChatGPT将通过使用内容类型 <code>authorization_content_type</code> 和参数 <code>{ “grant_type”: “authorization_code”, “client_id”: [client_id], “client_secret”: [client_secret], “code”: [the code that was returned with the redirect], “redirect_uri”: [the same redirect uri as before] }</code> 向 <code>authorization_url</code> 发出POST请求来完成OAuth流程</li> </ul> <h1> <a id="_110"></a>其它资料下载</h1> <p>如果大家想继续了解人工智能相关学习路线和知识体系,欢迎大家翻阅我的另外一篇博客《重磅 | 完备的人工智能AI 学习——基础知识学习路线,所有资料免关注免套路直接网盘下载》<br> 这篇博客参考了Github知名开源平台,AI技术平台以及相关领域专家:Datawhale,ApacheCN,AI有道和黄海广博士等约有近100G相关资料,希望能帮助到所有小伙伴们。</p> </div> <link href="https://csdnimg.cn/release/blogv2/dist/mdeditor/css/editerView/markdown_views-98b95bb57c.css" rel="stylesheet"> <link href="https://csdnimg.cn/release/blogv2/dist/mdeditor/css/style-c216769e99.css" rel="stylesheet"> </div> <div id="treeSkill"></div> </article>
OpenAI最新官方ChatGPT聊天插件接口《插件身份验证》全网最详细中英文实用指南和教程,助你零基础快速轻松掌握全新技术(三)(附源码)
作者
sockstack
许可协议
CC BY 4.0
发布于
2023-11-06
修改于
2024-12-20
上一篇:软件:常用 Linux 软件汇总,值得收藏
下一篇:GPT Demo 分享|日不落直播间接入虚拟人AI互动
尚未登录
登录 / 注册
文章分类
博客重构之路
5
Spring Boot简单入门
4
k8s 入门教程
0
MySQL 知识
1
NSQ 消息队列
0
ThinkPHP5 源码分析
5
使用 Docker 从零开始搭建私人代码仓库
3
日常开发汇总
4
标签列表
springboot
hyperf
swoole
webman
php
多线程
数据结构
docker
k8s
thinkphp
mysql
tailwindcss
flowbite
css
前端