Using Authelia as OpenID client

[cellulosa]

Has anyone managed to use Authelia as OpenID client?

I set the following on my docker-compose under librechat's environment variables:

      - OPENID_CLIENT_ID=librechat
      - OPENID_CLIENT_SECRET=${LIBRECHAT_OPENID_SECRET}
      - OPENID_ISSUER=https://auth.${MY_DOMAIN}/api/oidc/authorization
      - OPENID_SESSION_SECRET=${LIBRECHAT_OPENID_SESSION_SECRET}
      - OPENID_SCOPE=openid profile email
      - OPENID_CALLBACK_URL=/oauth/openid/callback
      - OPENID_BUTTON_LABEL=Login with Authelia

and these on the authelia's configuration.yml

identify_providers:
  oicd:
    clients:
      - 
        id: librechat
        secret: ${LIBRECHAT_OPENID_SECRET}

But when I click on the login button I'm hit with Internal Server Error:

librechat           | Error: Unknown authentication strategy "openid"
librechat           |     at attempt (/app/node_modules/passport/lib/middleware/authenticate.js:193:39)
librechat           |     at authenticate (/app/node_modules/passport/lib/middleware/authenticate.js:370:7)
librechat           |     at Layer.handle [as handle_request] (/app/node_modules/express/lib/router/layer.js:95:5)
librechat           |     at next (/app/node_modules/express/lib/router/route.js:144:13)
librechat           |     at Route.dispatch (/app/node_modules/express/lib/router/route.js:114:3)
librechat           |     at Layer.handle [as handle_request] (/app/node_modules/express/lib/router/layer.js:95:5)
librechat           |     at /app/node_modules/express/lib/router/index.js:284:15
librechat           |     at Function.process_params (/app/node_modules/express/lib/router/index.js:346:12)
librechat           |     at next (/app/node_modules/express/lib/router/index.js:280:10)
librechat           |     at /app/node_modules/express-rate-limit/dist/index.cjs:659:7

[cellulosa]

Alright, after reading more slowly the official documentation and looking at some blog posts (such as this one), I realised I was missing some settings on the docker-file:

      - DOMAIN_CLIENT=https://chat.${MY_DOMAIN}
      - DOMAIN_SERVER=https://chat.${MY_DOMAIN}
      - ALLOW_SOCIAL_LOGIN=true
      - OPENID_CLIENT_ID=${LIBRECHAT_OPENID_CLIENT}
      - OPENID_CLIENT_SECRET=${LIBRECHAT_OPENID_SECRET}
      - OPENID_ISSUER=https://auth.${MY_DOMAIN}
      - OPENID_SESSION_SECRET=${LIBRECHAT_OPENID_SESSION_SECRET}
      - OPENID_SCOPE=openid groups email profile
      - OPENID_CALLBACK_URL=/oauth/openid/callback
      - OPENID_BUTTON_LABEL=Login with Authelia

And on Authelia's config:

identify_providers:
  oicd:
    issuer_private_key: ${AUTHELIA_IDENTITY_PROVIDERS_OIDC_ISSUER_PRIVATE_KEY}
    clients:
      - 
        id: ${LIBRECHAT_OPENID_CLIENT}
        secret: ${LIBRECHAT_OPENID_SECRET}
        redirect_uris:
          - https://chat.${MY_DOMAIN}/oauth/openid/callback

[danny-avila]

Thanks for this! I'd actually never heard of this service, if you'd like to submit it to the docs, it'd be more than welcome