feat: Add OPENID_AUTHORIZATION_PARAMS support for custom OAuth parameters #10029
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…ters Add support for custom OAuth authorization parameters via the OPENID_AUTHORIZATION_PARAMS environment variable. This enables use cases like AWS Cognito's idp_identifier parameter for direct provider redirection. Changes: - Add authorizationRequestParams override in CustomOpenIDStrategy - Parse JSON config from OPENID_AUTHORIZATION_PARAMS env var - Handle invalid JSON gracefully with error logging - Add documentation to .env.example - Add comprehensive test suite with 12 test cases Tests verify: - Single and multiple parameter support - Invalid JSON handling - Non-object value handling - Null, numeric, and boolean value conversion - Empty object and special character support 🤖 Generated with Claude Code Co-Authored-By: Claude <[email protected]>
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
Removed the unused createMockParams helper function from the OPENID_AUTHORIZATION_PARAMS test suite to resolve ESLint error about unused variables. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
This PR adds support for custom OAuth authorization parameters via the
OPENID_AUTHORIZATION_PARAMSenvironment variable, enabling use cases like AWS Cognito'sidp_identifierparameter for direct identity provider redirection.Problem Statement
When using LibreChat with AWS Cognito as an OIDC provider, there was no way to add the
idp_identifierparameter that Cognito supports to redirect users directly to a specific identity provider, bypassing the Cognito Hosted UI.Solution
Added a new environment variable
OPENID_AUTHORIZATION_PARAMSthat accepts a JSON object of custom parameters to be added to the OAuth authorization request.Changes Made:
authorizationRequestParams()inCustomOpenIDStrategyto parse and apply custom parametersFeatures:
Usage Example
For AWS Cognito with a specific identity provider:
OPENID_AUTHORIZATION_PARAMS='{"idp_identifier":"MyIdentityProvider"}'For multiple parameters:
OPENID_AUTHORIZATION_PARAMS='{"idp_identifier":"Provider","prompt":"login","max_age":"3600"}'Testing
Added 12 comprehensive test cases covering:
All new tests pass. Pre-existing test failures are unrelated to this PR.
Related Issues
Resolves the need for custom OAuth parameters in OpenID authentication flow, particularly for AWS Cognito idp_identifier support.
🤖 Generated with Claude Code
Co-Authored-By: Claude [email protected]