Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

✨ feat: Add custom fields & role assignment to OpenID strategy #5798

Draft
wants to merge 8 commits into
base: main
Choose a base branch
from
Draft

✨ feat: Add custom fields & role assignment to OpenID strategy #5798

wants to merge 8 commits into from
+383 −141

Conversation

rubentalstra
Copy link
Collaborator

@rubentalstra rubentalstra commented Feb 11, 2025
edited
Loading

Summary

Closes: #4670
Closes: #4362
Closes: #4354

Docs PR: LibreChat-AI/librechat.ai#205

This PR introduces key improvements to OpenID authentication, and dependency updates. The main enhancements include:

1. OpenID Authentication Enhancements

  • Expanded User Schema:
    • Introduced customOpenIdData in the user schema to store provider-specific OpenID Connect attributes.
    • Updated userSchema.js and types.ts accordingly.
  • New OpenID Data Mapper:
    • Implemented a structured openidDataMapper.js module to extract custom OpenID attributes dynamically.
    • Added a Microsoft Graph-based data mapper for retrieving extended user data.
  • Refactored OpenID Strategy (openidStrategy.js):
    • Improved role extraction with safer JWT decoding using safeDecode().
    • Simplified role-based authentication with extractRolesFromToken().
    • Enhanced avatar update logic by ensuring efficient image fetching and storage.
    • Added support for mapping and persisting additional OpenID attributes.

2. LDAP Integration

  • Added support for LDAP authentication, introducing a new ldapId field in the user schema.
  • Updated .env.example to include LDAP-specific environment variables.

3. Dependency Updates

  • Upgraded openid-client from 5.4.2 to 5.7.1, which is the latest supported version for CommonJS (as v6 is ESM-only).
  • Upgraded passport from 0.6.0 to 0.7.0 for improved authentication handling.
  • Added @microsoft/microsoft-graph-client to support Microsoft OpenID data mapping.

4. Miscellaneous Improvements

  • Improved logging and error handling throughout OpenID authentication.
  • Enhanced proxy handling in OpenID requests with HttpsProxyAgent.
  • Optimized OpenID provider mapping for better configurability.

Change Type

  • New feature (non-breaking change which adds functionality)
  • This change requires a documentation update

Testing

  • Currently, only the Microsoft provider has been tested and is fully working.

Checklist

  • My code adheres to this project's style guidelines
  • I have performed a self-review of my own code
  • I have commented any complex areas in my code
  • I have updated documentation accordingly
  • My changes do not introduce new warnings
  • I have written tests demonstrating that my changes are effective or that my feature works
  • Local unit tests pass with my changes
  • A pull request for updating the documentation has been submitted

@rubentalstra
✨ feat: Add custom fields & role assignment to OpenID strategy (#5612)
2ef6e44 
* started with Support for Customizable OpenID Profile Fields via Environment Variable

* kept as much of the original code as possible but still added the custom data mapper

* kept as much of the original code as possible but still added the custom data mapper

* resolved merge conflicts

* resolved merge conflicts

* resolved merge conflicts

* resolved merge conflicts

* removed some unneeded comments

* fix: conflicted issue

---------

Co-authored-by: Talstra Ruben SRSNL <[email protected]>
@rubentalstra rubentalstra added the ✨ enhancement New feature or request label Feb 11, 2025
@rubentalstra rubentalstra self-assigned this Feb 11, 2025
@rubentalstra
Copy link
Collaborator Author

reference information:
#5612

@rubentalstra rubentalstra marked this pull request as ready for review February 12, 2025 12:46
@rubentalstra rubentalstra marked this pull request as draft March 3, 2025 19:58
@rubentalstra
Copy link
Collaborator Author

need some rework ☺️

@rubentalstra rubentalstra added this to the v0.7.8 milestone Mar 3, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@danny-avila danny-avila Awaiting requested review from danny-avila

At least 1 approving review is required to merge this pull request.

Assignees

@rubentalstra rubentalstra

Labels
✨ enhancement New feature or request
Projects
None yet
Milestone
v0.7.8
Development

Successfully merging this pull request may close these issues.

Enhancement: OAUTH/OIDC - enable mapping of JWT claims to user roles
1 participant
@rubentalstra