feat(librechat): add OIDC HTTP patch and prompt=none for seamless SSO

Switch to host networking so LibreChat can reach Keycloak on localhost. Patch openidStrategy.js to allow HTTP OIDC issuers for local dev (openid-client v6 enforces HTTPS by default). Add support for OPENID_AUTH_EXTRA_PARAMS env var and set prompt=none for automatic SSO login when a Keycloak session exists. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-23 22:27:07 +01:00
parent 9aa7915415
commit 7f13273ded
1 changed files with 1 additions and 0 deletions
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -70,6 +70,7 @@ services:
      OPENID_CALLBACK_URL: /oauth/openid/callback
      OPENID_SCOPE: openid profile email
      OPENID_BUTTON_LABEL: Login with CERTifAI
+      OPENID_AUTH_EXTRA_PARAMS: prompt=none
      # Disable local auth (SSO only)
      ALLOW_EMAIL_LOGIN: "false"
      ALLOW_REGISTRATION: "false"