🐛 fix: RAG API failing with OPENID_REUSE_TOKENS Enabled (#8090)

* feat: Implement Short-Lived JWT Token Generation for RAG API * fix: Update import paths * fix: Correct environment variable names for OpenID on behalf flow * fix: Remove unnecessary spaces in OpenID on behalf flow userinfo scope --------- Co-authored-by: Atef Bellaaj <slalom.bellaaj@external.daimlertruck.com>
2025-12-17 17:00:15 +01:00 · 2025-06-26 19:10:21 -04:00 · 2025-06-26 19:10:21 -04:00 · ec8cad3362
commit ec8cad3362
parent 02c7f744ba
7 changed files with 33 additions and 14 deletions
--- a/api/server/services/AuthService.js
+++ b/api/server/services/AuthService.js
@ -1,4 +1,5 @@
 const bcrypt = require('bcryptjs');
+const jwt = require('jsonwebtoken');
 const { webcrypto } = require('node:crypto');
 const { isEnabled } = require('@librechat/api');
 const { logger } = require('@librechat/data-schemas');
@ -499,6 +500,18 @@ const resendVerificationEmail = async (req) => {
    };
  }
 };
+/**
+ * Generate a short-lived JWT token
+ * @param {String} userId - The ID of the user
+ * @param {String} [expireIn='5m'] - The expiration time for the token (default is 5 minutes)
+ * @returns {String} - The generated JWT token
+ */
+const generateShortLivedToken = (userId, expireIn = '5m') => {
+  return jwt.sign({ id: userId }, process.env.JWT_SECRET, {
+    expiresIn: expireIn,
+    algorithm: 'HS256',
+  });
+};

 module.exports = {
  logoutUser,
@ -506,7 +519,8 @@ module.exports = {
  registerUser,
  setAuthTokens,
  resetPassword,
+  setOpenIDAuthTokens,
  requestPasswordReset,
  resendVerificationEmail,
-  setOpenIDAuthTokens,
+  generateShortLivedToken,
 };