sharang/certifai
1
0
Fork 0
Code Issues 4 Pull Requests Actions Packages Projects Releases Activity

feat(librechat): add OIDC HTTP patch and prompt=none for seamless SSO

Browse Source 
Switch to host networking so LibreChat can reach Keycloak on localhost.
Patch openidStrategy.js to allow HTTP OIDC issuers for local dev
(openid-client v6 enforces HTTPS by default). Add support for
OPENID_AUTH_EXTRA_PARAMS env var and set prompt=none for automatic
SSO login when a Keycloak session exists.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Sharang Parnerkar
2026-02-23 22:27:07 +01:00
parent 9aa7915415
commit 7f13273ded
1 changed files with 1 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
docker-compose.yml
View File

@@ -70,6 +70,7 @@ services:
OPENID_CALLBACK_URL: /oauth/openid/callback OPENID_CALLBACK_URL: /oauth/openid/callback
OPENID_SCOPE: openid profile email OPENID_SCOPE: openid profile email
OPENID_BUTTON_LABEL: Login with CERTifAI OPENID_BUTTON_LABEL: Login with CERTifAI
OPENID_AUTH_EXTRA_PARAMS: prompt=none
# Disable local auth (SSO only) # Disable local auth (SSO only)
ALLOW_EMAIL_LOGIN: "false" ALLOW_EMAIL_LOGIN: "false"
ALLOW_REGISTRATION: "false" ALLOW_REGISTRATION: "false"