Skip to content

Incompatibility with FastAPI >= 0.137.0 (Missing model attribute) Description #2961

Open
Bug
#2968
Open
Incompatibility with FastAPI >= 0.137.0 (Missing model attribute) Description#2961
Bug
#2968
Labels
authPertaining to authentication.backendPertains to the Python backend.bugSomething isn't workingneeds-triage

Description

@MS33834
MS33834
opened on Jun 18, 2026

Description
The OAuth2PasswordBearerWithCookies class in chainlit/auth/cookie.py subclasses OAuth2PasswordBearer but fails to expose the model attribute, which is required by FastAPI >= 0.137.0 for generating OpenAPI security schemes. Consequently, applications using @cl.password_auth_callback crash when the OpenAPI schema is generated.

Steps to Reproduce

  1. Install Chainlit 2.11.1 in a clean environment (which pulls in FastAPI 0.137.1).
  2. Create a minimal app using @cl.password_auth_callback: 
    import chainlit as cl

@cl.password_auth_callback
def auth_callback(username: str, password: str):
    if (username, password) == ("admin", "admin"):
        return cl.User(identifier="admin")
    return None
  3. Run chainlit run app.py.
  4. Open /docs or trigger schema generation.

Expected Behavior
Password authentication should function correctly with current FastAPI releases without requiring local monkey-patching.

Actual Behavior
The application raises an AttributeError during startup or schema generation:

AttributeError: 'OAuth2PasswordBearerWithCookies' object has no attribute 'model'

Environment

  • Chainlit version: 2.11.1
  • FastAPI version: 0.137.1
  • Python version: 3.12.13

Possible Fix
Assign self.model within OAuth2PasswordBearerWithCookies.__init__:

from fastapi.security.oauth2 import OAuthFlowsModel

class OAuth2PasswordBearerWithCookies(OAuth2PasswordBearer):
    def __init__(self, tokenUrl: str, auto_error: bool = True):
        super().__init__(tokenUrl=tokenUrl, auto_error=auto_error)
        self.model = OAuthFlowsModel(
            password={"tokenUrl": tokenUrl, "scopes": {}}
        )

Metadata

Metadata

Assignees

No one assigned

    Labels

    authPertaining to authentication.backendPertains to the Python backend.bugSomething isn't workingneeds-triage

    Type

    Bug

    Fields

    No fields configured for Bug.

    Projects

    Chainlit Community
    Status
    Todo

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions