Flaky tool requests, authorization somehow sometimes not work

[ifsheldon]

Self Checks

• This is only for bug report, if you would like to ask a quesion, please head to Discussions.
• I have searched for existing issues search for existing issues, including closed ones.
• I confirm that I am using English to submit this report (我已阅读并同意 Language Policy).
• Pleas do not modify this template :) and fill in all the required fields.

Dify version

0.6.5

Cloud or Self Hosted

Self Hosted (Docker)

Steps to reproduce

I have implemented my own plugin with simple bearer authorization. I tested it's usable in the tool panel, but when using it in an agent, there's a chance the tool call fails due to 401 Unauthorized. It's really weird, since sometimes the tool call succeeds.

You can try with a simple plugin with a python backend. Or, I can share my plugin with you since it's just a demo only for testing.

I've check the logs in the api server(see below screenshot). The first 4 calls are produced by an agent I develop. The last two was produced by my testing in the tool panel with the same arguments, no modifications on authorizations.

✔️ Expected Behavior

Smooth tool calls when agents try to call a tool with correct authorization

❌ Actual Behavior

[dosubot]

It looks like the intermittent 401 Unauthorized errors you're encountering could be due to CORS (Cross-Origin Resource Sharing) configuration issues, especially if the agent's requests are considered cross-origin compared to those from the tool panel. Ensure that the CONSOLE_CORS_ALLOW_ORIGINS and WEB_API_CORS_ALLOW_ORIGINS settings in Dify are correctly configured to include the domain from which the agent requests are made. This adjustment could help in resolving the authorization issues you're facing.

Additionally, Dify uses a function named validate_and_get_api_token to handle authorization tokens for agent-developed calls. It's crucial to ensure that the token is correctly formatted and valid. If the token does not meet the required criteria, an Unauthorized error is raised.

If adjusting the CORS settings and verifying the token does not resolve the issue, consider checking the specific error messages in Dify. Errors such as NotSetupError, NotInitValidateError, and InitValidateFailedError could provide more insight into why the 401 Unauthorized errors occur intermittently. These errors indicate issues with Dify's initialization and validation processes, which could lead to authorization failures.

By focusing on these areas, you should be able to identify and resolve the intermittent authorization issues you're experiencing with your plugin when called by an agent.

Details

Sources

• en/getting-started/install-self-hosted/install-faq.md
• api/controllers/console/error.py
• api/core/tools/tool_engine.py
• api/core/agent/base_agent_runner.py
• api/controllers/service_api/wraps.py
• en/features/extension/api_based_extension/README.md

About Dosu
This response is meant to be useful and save you time. It is not meant to be a precise solution, but rather a starting point for your own research.

Help me be more useful! Please leave a 👍 if this is helpful and 👎 if it is irrelevant.

To continue the conversation, mention @dosu.

[ifsheldon]

closing this because I accidentally created a duplicate issue #3999