mirror of
https://github.com/danny-avila/LibreChat.git
synced 2025-12-17 08:50:15 +01:00
115 lines
4.4 KiB
Markdown
115 lines
4.4 KiB
Markdown
|
---
|
||
|
|
title: AWS Cognito
|
||
|
|
description: Learn how to configure LibreChat to use AWS Cognito for user authentication.
|
||
|
|
weight: -7
|
||
|
|
---
|
||
|
|
|
||
|
|
# AWS Cognito
|
||
|
|
|
||
|
|
## Create a new User Pool in Cognito
|
||
|
|
|
||
|
|
- Visit: **[https://console.aws.amazon.com/cognito/](https://console.aws.amazon.com/cognito/)**
|
||
|
|
- Sign in as Root User
|
||
|
|
- Click on `Create user pool`
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
## Configure sign-in experience
|
||
|
|
|
||
|
|
Your Cognito user pool sign-in options should include `User Name` and `Email`.
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
## Configure Security Requirements
|
||
|
|
|
||
|
|
You can configure the password requirements now if you desire
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
## Configure sign-up experience
|
||
|
|
|
||
|
|
Choose the attributes required at signup. The minimum required is `name`. If you want to require users to use their full name at sign up use: `given_name` and `family_name` as required attributes.
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
## Configure message delivery
|
||
|
|
|
||
|
|
Send email with Cognito can be used for free for up to 50 emails a day
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
## Integrate your app
|
||
|
|
|
||
|
|
Select `Use Cognitio Hosted UI` and chose a domain name
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
Set the app type to `Confidential client`
|
||
|
|
Make sure `Generate a client secret` is set.
|
||
|
|
Set the `Allowed callback URLs` to `https://YOUR_DOMAIN/oauth/openid/callback`
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
Under `Advanced app client settings` make sure `Profile` is included in the `OpenID Connect scopes` (in the bottom)
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
## Review and create
|
||
|
|
You can now make last minute changes, click on `Create user pool` when you're done reviewing the configuration
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
## Get your environment variables
|
||
|
|
|
||
|
|
1. Open your User Pool
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
2. The `User Pool ID` and your AWS region will be used to construct the `OPENID_ISSUER` (see below)
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
3. Go to the `App Integrations` tab
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
4. Open the app client
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
5. Toggle `Show Client Secret`
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
- Use the `Client ID` for `OPENID_CLIENT_ID`
|
||
|
|
|
||
|
|
- Use the `Client secret` for `OPENID_CLIENT_SECRET`
|
||
|
|
|
||
|
|
- Generate a random string for the `OPENID_SESSION_SECRET`
|
||
|
|
|
||
|
|
> The `OPENID_SCOPE` and `OPENID_CALLBACK_URL` are pre-configured with the correct values
|
||
|
|
|
||
|
|
6. Open the `.env` file at the root of your LibreChat folder and add the following variables with the values you copied:
|
||
|
|
|
||
|
|
```bash
|
||
|
|
DOMAIN_CLIENT=https://your-domain.com # use http://localhost:3080 if not using a custom domain
|
||
|
|
DOMAIN_SERVER=https://your-domain.com # use http://localhost:3080 if not using a custom domain
|
||
|
|
|
||
|
|
OPENID_CLIENT_ID=Your client ID
|
||
|
|
OPENID_CLIENT_SECRET=Your client secret
|
||
|
|
OPENID_ISSUER=https://cognito-idp.[AWS REGION].amazonaws.com/[USER POOL ID]/.well-known/openid-configuration
|
||
|
|
OPENID_SESSION_SECRET=Any random string
|
||
|
|
OPENID_SCOPE=openid profile email
|
||
|
|
OPENID_CALLBACK_URL=/oauth/openid/callback
|
||
|
|
```
|
||
|
|
7. Save the .env file
|
||
|
|
|
||
|
|
> Note: If using docker, run `docker compose up -d` to apply the .env configuration changes
|