ContextQMD
Back to Authelia

LibreChat

docs/content/integration/openid-connect/clients/librechat/index.md

4.39.193.7 KB
Original Source

Tested Versions

{{% oidc-common %}}

Assumptions

This example makes the following assumptions:

  • Application Root URL: https://librechat.{{< sitevar name="domain" nojs="example.com" >}}/
  • Application Session Secret: insecure_session_secret
  • Authelia Root URL: https://{{< sitevar name="subdomain-authelia" nojs="auth" >}}.{{< sitevar name="domain" nojs="example.com" >}}/
  • Client ID: librechat
  • Client Secret: insecure_secret

Note: The application session secret should be randomly generated in a similar fashion to the client secret, but should not be the same value as the session secret. Users should refer to LibreChat support for more information.

Some of the values presented in this guide can automatically be replaced with documentation variables.

{{< sitevar-preferences >}}

Configuration

Authelia

The following YAML configuration is an example Authelia [client configuration] for use with LibreChat which will operate with the application example:

yaml
identity_providers:
  oidc:
    ## The other portions of the mandatory OpenID Connect 1.0 configuration go here.
    ## See: https://www.authelia.com/c/oidc
    clients:
      - client_id: 'librechat'
        client_name: 'LibreChat'
        client_secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng'  # The digest of 'insecure_secret'.
        public: false
        authorization_policy: 'two_factor'
        require_pkce: false
        pkce_challenge_method: ''
        redirect_uris:
          - 'https://librechat.{{< sitevar name="domain" nojs="example.com" >}}/oauth/openid/callback'
        scopes:
          - 'openid'
          - 'profile'
          - 'email'
        response_types:
          - 'code'
        grant_types:
          - 'authorization_code'
          - 'refresh_token'
        access_token_signed_response_alg: 'none'
        userinfo_signed_response_alg: 'none'
        token_endpoint_auth_method: 'client_secret_basic'

Application

To configure LibreChat there is one method, using Environment Variables.

Environment Variables

To configure LibreChat to utilize Authelia as an [OpenID Connect 1.0] Provider, use the following environment variables:

Standard
shell
ALLOW_SOCIAL_LOGIN=true
OPENID_BUTTON_LABEL=Log in with Authelia
OPENID_ISSUER=https://{{< sitevar name="subdomain-authelia" nojs="auth" >}}.{{< sitevar name="domain" nojs="example.com" >}}/.well-known/openid-configuration
OPENID_CLIENT_ID=librechat
OPENID_CLIENT_SECRET=insecure_secret
OPENID_SESSION_SECRET=insecure_session_secret
OPENID_CALLBACK_URL=/oauth/openid/callback
OPENID_SCOPE=openid profile email
OPENID_IMAGE_URL=https://www.authelia.com/images/branding/logo-cropped.png
Docker Compose
yaml
services:
  librechat:
    environment:
      ALLOW_SOCIAL_LOGIN: 'true'
      OPENID_BUTTON_LABEL: 'Log in with Authelia'
      OPENID_ISSUER: 'https://{{< sitevar name="subdomain-authelia" nojs="auth" >}}.{{< sitevar name="domain" nojs="example.com" >}}/.well-known/openid-configuration'
      OPENID_CLIENT_ID: 'librechat'
      OPENID_CLIENT_SECRET: 'insecure_secret'
      OPENID_SESSION_SECRET: 'insecure_session_secret'
      OPENID_CALLBACK_URL: '/oauth/openid/callback'
      OPENID_SCOPE: 'openid profile email'
      OPENID_IMAGE_URL: 'https://www.authelia.com/images/branding/logo-cropped.png'