Andreas/LibreChat
1
0
Fork 0
mirror of https://github.com/danny-avila/LibreChat.git synced 2026-04-07 00:15:23 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

fix: guard findToken with deleteTokens check in blocking OAuth path

Browse source 
Match the returnOnOAuth path's defense-in-depth: only enable client
registration reuse when deleteTokens is also available, ensuring
cleanup is possible if the reused client turns out to be stale.
This commit is contained in:
Danny Avila 2026-04-03 21:14:45 -04:00
parent 2b09879faf
commit b5231547bb
1 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
packages/api/src/mcp/MCPConnectionFactory.ts
View file

@ -664,7 +664,7 @@ export class MCPConnectionFactory {
this.serverConfig.oauth_headers ?? {},
this.serverConfig.oauth,
this.allowedDomains,
this.tokenMethods?.findToken,
this.tokenMethods?.deleteTokens ? this.tokenMethods.findToken : undefined,
);
reusedStoredClient = flowMetadata.reusedStoredClient === true;