Andreas/LibreChat
1
0
Fork 0
mirror of https://github.com/danny-avila/LibreChat.git synced 2025-12-17 00:40:14 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 6

🐦 fix: Prioritize OIDC Username Claims to Prevent First Name Usernames (#8695)

Browse source 
Now prioritizes preferred_username claim, then the nonstandard
username claim, then email.

Removed given_name as a possible username choice to avoid exposing users’ first names as
usernames.

Updated openidStrategy.spec.js to reflect the new claim order.

Fixed mock OpenID server behavior where preferred_username was always
hardcoded, causing test failures.

Adjusted OpenID setup test to align with new username parameter
behavior.
This commit is contained in:
Josh Mullin 2025-07-30 14:43:42 -04:00 committed by GitHub
parent 1050346915
commit 19a8f5c545
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 16 additions and 17 deletions
Download patch file Download diff file Expand all files Collapse all files

2
api/strategies/openidStrategy.js
View file

@ -353,7 +353,7 @@ async function setupOpenId() {
username = userinfo[process.env.OPENID_USERNAME_CLAIM];
} else {
username = convertToUsername(
userinfo.username || userinfo.given_name || userinfo.email,
userinfo.preferred_username || userinfo.username || userinfo.email,
);
}