Authentication: The differentiator for ChatGPT plugins
ChatGPT plugins are now available to all Plus members. Although still in beta, these plugins hold great potential for AI-powered apps, as they seamlessly integrate with your business directly within the chat interface.
Introduction
ChatGPT plugins are now available to all Plus members. Although still in beta, these plugins hold great potential for AI-powered apps, as they seamlessly integrate with your business directly within the chat interface. However, the current state of ChatGPT plugins leaves much to be desired and falls short of achieving their full potential.
Let’s book a flight
Imagine you want to book a flight from SFO to NYC. Let's examine the responses from the Trip.com plugin:
As you can see, I was unable to complete the booking process. Instead, the plugin repeatedly asked me to click the link, only to inform me that it couldn't complete the process. If this is the only solution, why didn't I simply open trip.com from the beginning? What sets it apart from the "Browsing" model that connects to the internet?
While the current limitations are understandable, but imagine this:
- You sign in to the Trip.com plugin with an account already filled with your personal and payment information.
- You type "Book DL779" in the ongoing conversation.
- The plugin successfully books the flight for you and provides the cabin layout for seat selection.
In a signed-in context, you may not even need to leave the chat interface! This level of integration can extend to numerous services, such as online shopping, food delivery, and scheduling.
Plugins with user authentication will stand out, because they can offer familiar digital experiences in a personalized manner, akin to having an online J.A.R.V.I.S. Furthermore, the benefits will be magnified based on the following predictions:
- Big corporations, including Microsoft, are actively developing their plugin ecosystems within their AI platforms.
- These plugins have the potential to generate new and high-quality traffic sources, greatly benefiting your business.
Okay, let's build authentication now...
Hold on for a moment. There are two more considerations:
Does your plugin really require authentication at this stage?
In the early stages, depending on your business, developing authentication may not be useful for finding product-market fit, and it can be resource-intensive.
ChatGPT plugins support OAuth for user authentication. However, learning the protocol (which spans about 70 pages) and correctly implementing the flow takes time. I've already witnessed instances of misuse, where a plugin accepts any client_id
from authentication requests, which could pose security risks. Even popular frameworks can improperly handle OAuth.
The challenge of unified identity
Since a plugin serves as one of your traffic sources, you likely have a main business or app that offers more comprehensive features. Alternatively, you might start with a plugin and later expand to a larger business.
Do you have a plan for building a centralized user system so that users can enjoy a unified sign-in experience and maintain a consistent identity across all your apps and plugins? For example, users would be frustrated if they couldn't view a booking made through ChatGPT when they open your mobile app.
Overcome obstacles with chill
Thank you for reading this far. As the builder of the identity product Logto, I'm excited to let you know that we have successfully integrated with ChatGPT plugins, allowing Logto to serve as the ideal authentication solution within minutes. We have prepared a comprehensive tutorial on this integration. Take a look if you're interested!