Andreas/LibreChat
1
0
Fork 0
mirror of https://github.com/danny-avila/LibreChat.git synced 2025-09-22 08:12:00 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

🐛 fix: use OpenID token signature algo as discovered from the server (#5348)

Browse source 
* 🐛 fix: use OpenID token signature algo as discovered from the server.

* 📜 refactor: Keeping other props that uses alg.

* 🔧 fix: handle missing property

* 📘 refactor: add comment block
This commit is contained in:
Ragavendaran Puliyadi 2025-01-21 03:44:07 +05:30 committed by GitHub
parent d048a10b2e
commit a2305c3a7c
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 11 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

11
api/strategies/openidStrategy.js
View file

@ -114,10 +114,21 @@ async function setupOpenId() {
logger.info(`[openidStrategy] proxy agent added: ${process.env.PROXY}`);
}
const issuer = await Issuer.discover(process.env.OPENID_ISSUER);
/* Supported Algorithms, openid-client v5 doesn't set it automatically as discovered from server.
- id_token_signed_response_alg // defaults to 'RS256'
- request_object_signing_alg // defaults to 'RS256'
- userinfo_signed_response_alg // not in v5
- introspection_signed_response_alg // not in v5
- authorization_signed_response_alg // not in v5
*/
const supported_alg = {
id_token_signed_response_alg: issuer.id_token_signing_alg_values_supported?.[0] || 'RS256',
};
const client = new issuer.Client({
client_id: process.env.OPENID_CLIENT_ID,
client_secret: process.env.OPENID_CLIENT_SECRET,
redirect_uris: [process.env.DOMAIN_SERVER + process.env.OPENID_CALLBACK_URL],
...supported_alg,
});
const requiredRole = process.env.OPENID_REQUIRED_ROLE;
const requiredRoleParameterPath = process.env.OPENID_REQUIRED_ROLE_PARAMETER_PATH;