Andreas/LibreChat
1
0
Fork 0
mirror of https://github.com/danny-avila/LibreChat.git synced 2026-02-18 16:38:10 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
LibreChat/api/server/controllers
History
Seung Hyun Myung bddbd47f10
🪪 fix: Pass Scope in OpenID Refresh Token Grant for Azure Custom API (#11770) 
* fix(auth): pass scope parameter in OpenID refresh token grant

   When using Azure Entra ID with a custom API scope (e.g., api://app-id/access_user)
   and OPENID_REUSE_TOKENS=true, the refresh token exchange fails with AADSTS90009
   because the scope parameter is not included in the refresh request.

   Azure AD v2.0 requires the scope parameter when refreshing tokens issued for
   custom API audiences. Without it, Azure interprets the request as the app
   requesting a token for itself and rejects it.

   This fix passes OPENID_SCOPE as the scope parameter to refreshTokenGrant(),
   maintaining backward compatibility (no scope sent if OPENID_SCOPE is not set).

   Fixes: refresh token 400 error with Azure custom API scopes
   Tested: Azure Entra ID + Token Reuse + SharePoint integration

* style(auth): fix ESLint multiline arguments formatting

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-16 14:30:14 -05:00
..
agents 🧩 chore: Extract Agent Client Utilities to /packages/api (#11789) 2026-02-13 23:17:53 -05:00
assistants 🏞️ fix: Gemini Image Filenames and Add Tool Cache Safety (#11306) 2026-01-12 09:01:23 -05:00
auth 🪙 refactor: Distinguish ID Tokens from Access Tokens in OIDC Federated Auth (#11711) 2026-02-13 11:07:39 -05:00
AuthController.js 🪪 fix: Pass Scope in OpenID Refresh Token Grant for Azure Custom API (#11770) 2026-02-16 14:30:14 -05:00
Balance.js 🏗️ refactor: Extract DB layers to data-schemas for shared use (#7650) 2025-05-30 22:18:13 -04:00
EndpointController.js refactor: Integrate Capabilities into Agent File Uploads and Tool Handling (#5048) 2024-12-19 13:04:48 -05:00
FavoritesController.js 📌 feat: Pin Agents and Models in the Sidebar (#10634) 2025-12-11 16:38:20 -05:00
mcp.js 🔒 feat: Add MCP server domain restrictions for remote transports (#11013) 2025-12-18 13:57:49 -05:00
ModelController.js 🧹 chore: Cleanup Logger and Utility Imports (#9935) 2025-10-01 23:30:47 -04:00
PermissionsController.js 🛸 feat: Remote Agent Access with External API Support (#11503) 2026-01-28 17:44:33 -05:00
PluginController.js 🗃️ refactor: Separate Tool Cache Namespace for Blue/Green Deployments (#11738) 2026-02-11 22:20:43 -05:00
PluginController.spec.js 🗃️ refactor: Separate Tool Cache Namespace for Blue/Green Deployments (#11738) 2026-02-11 22:20:43 -05:00
tools.js 🛜 refactor: Streamline App Config Usage (#9234) 2025-08-26 12:10:18 -04:00
TwoFactorController.js 🧵 refactor: Migrate Endpoint Initialization to TypeScript (#10794) 2025-12-11 16:37:16 -05:00
UserController.js 🛡️ fix: Secure MCP/Actions OAuth Flows, Resolve Race Condition & Tool Cache Cleanup (#11756) 2026-02-12 14:22:05 -05:00