mirror of
https://github.com/danny-avila/LibreChat.git
synced 2025-12-18 01:10:14 +01:00
🆔 fix: Prioritize Immutable Sub Claim for OIDC User ID (#9788)
* add use of immutable claims to identify user object * fix semicolons * update email attribute on change * replace ternary expressions * fix semicolon * chore: add typing * chore: reorder fields in `findOpenIDUser` * refactor: optimize user lookup logic in `findOpenIDUser` function to minimize database roundtrips * refactor: integrate findOpenIDUser for improved user retrieval in refreshController * refactor: improve error logging for invalid refresh tokens in refreshController * ci: mock findUser correctly in openidStrategy tests * test: add unit tests for findOpenIDUser function to enhance user retrieval logic --------- Co-authored-by: Joachim Keltsch <joachim.keltsch@daimlertruck.com>
This commit is contained in:
Danny Avila
GitHub
parent
e4f323e71a
commit
bcec5bfceb
6 changed files with 458 additions and 17 deletions
|
|
@ -41,13 +41,18 @@ const openIdJwtLogin = (openIdConfig) => {
|
|||
jwtFromRequest: ExtractJwt.fromAuthHeaderAsBearerToken(),
|
||||
secretOrKeyProvider: jwksRsa.passportJwtSecret(jwksRsaOptions),
|
||||
},
|
||||
/**
|
||||
* @param {import('openid-client').IDToken} payload
|
||||
* @param {import('passport-jwt').VerifyCallback} done
|
||||
*/
|
||||
async (payload, done) => {
|
||||
try {
|
||||
const { user, error, migration } = await findOpenIDUser({
|
||||
openidId: payload?.sub,
|
||||
email: payload?.email,
|
||||
strategyName: 'openIdJwtLogin',
|
||||
findUser,
|
||||
email: payload?.email,
|
||||
openidId: payload?.sub,
|
||||
idOnTheSource: payload?.oid,
|
||||
strategyName: 'openIdJwtLogin',
|
||||
});
|
||||
|
||||
if (error) {
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue