📧 fix: Missing Email fallback in openIdJwtLogin (#9311)

* 📧 fix: Missing Email fallback in `openIdJwtLogin`

* chore: Add auth module export to index

packages/api/src/auth/index.ts

@@ -0,0 +1 @@
+export * from './openid';

packages/api/src/auth/openid.ts

@@ -0,0 +1,49 @@
+import { logger } from '@librechat/data-schemas';
+import type { IUser, UserMethods } from '@librechat/data-schemas';
+
+/**
+ * Finds or migrates a user for OpenID authentication
+ * @returns user object (with migration fields if needed), error message, and whether migration is needed
+ */
+export async function findOpenIDUser({
+  openidId,
+  email,
+  findUser,
+  strategyName = 'openid',
+}: {
+  openidId: string;
+  findUser: UserMethods['findUser'];
+  email?: string;
+  strategyName?: string;
+}): Promise<{ user: IUser | null; error: string | null; migration: boolean }> {
+  let user = await findUser({ openidId });
+  logger.info(`[${strategyName}] user ${user ? 'found' : 'not found'} with openidId: ${openidId}`);
+
+  // If user not found by openidId, try to find by email
+  if (!user && email) {
+    user = await findUser({ email });
+    logger.warn(
+      `[${strategyName}] user ${user ? 'found' : 'not found'} with email: ${email} for openidId: ${openidId}`,
+    );
+
+    // If user found by email, check if they're allowed to use OpenID provider
+    if (user && user.provider && user.provider !== 'openid') {
+      logger.warn(
+        `[${strategyName}] Attempted OpenID login by user ${user.email}, was registered with "${user.provider}" provider`,
+      );
+      return { user: null, error: 'AUTH_FAILED', migration: false };
+    }
+
+    // If user found by email but doesn't have openidId, prepare for migration
+    if (user && !user.openidId) {
+      logger.info(
+        `[${strategyName}] Preparing user ${user.email} for migration to OpenID with sub: ${openidId}`,
+      );
+      user.provider = 'openid';
+      user.openidId = openidId;
+      return { user, error: null, migration: true };
+    }
+  }
+
+  return { user, error: null, migration: false };
+}

packages/api/src/index.ts

@@ -1,4 +1,6 @@
 export * from './app';
+/* Auth */
+export * from './auth';
 /* MCP */
 export * from './mcp/MCPManager';
 export * from './mcp/connection';