Andreas/LibreChat
1
0
Fork 0
mirror of https://github.com/danny-avila/LibreChat.git synced 2026-02-23 10:54:11 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

🔒 refactor: graphTokenController to use federated access token for OBO assertion (#11893)

Browse source 
- Removed the extraction of access token from the Authorization header.
- Implemented logic to use the federated access token from the user object.
- Added error handling for missing federated access token.
- Updated related documentation in GraphTokenService to reflect changes in access token usage.
- Introduced unit tests for various scenarios in AuthController.spec.js to ensure proper functionality.
This commit is contained in:
Danny Avila 2026-02-21 18:03:39 -05:00 committed by GitHub
parent 4404319e22
commit cca9d63224
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 152 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

17
api/server/controllers/AuthController.js
View file

@ -196,15 +196,6 @@ const graphTokenController = async (req, res) => {
});
}
// Extract access token from Authorization header
const authHeader = req.headers.authorization;
if (!authHeader || !authHeader.startsWith('Bearer ')) {
return res.status(401).json({
message: 'Valid authorization token required',
});
}
// Get scopes from query parameters
const scopes = req.query.scopes;
if (!scopes) {
return res.status(400).json({
@ -212,7 +203,13 @@ const graphTokenController = async (req, res) => {
});
}
const accessToken = authHeader.substring(7); // Remove 'Bearer ' prefix
const accessToken = req.user.federatedTokens?.access_token;
if (!accessToken) {
return res.status(401).json({
message: 'No federated access token available for token exchange',
});
}
const tokenResponse = await getGraphApiToken(req.user, accessToken, scopes);
res.json(tokenResponse);