Enhancement: Feedback for login attempt by unauthorized user #3558
Replies: 1 comment 3 replies
-
|
From a security perspective, providing detailed error messages about authentication or authorization failures can be risky. Generic messages are best, but at the moment, the present issue may be that there is no message and that should definitely be remedied. |
Beta Was this translation helpful? Give feedback.
-
|
Hi @danny-avila |
Beta Was this translation helpful? Give feedback.
-
|
+1 for this feature, especially for openID authentication --> here I saw users trying over and over again by clicking login button, and than the user got locked (keycloak) (also for other company applications). Maybe one could make the message shown configurable via librechat.yaml or .env file? This would give the flexibility to customize what is shown to the user on failed login attempt, and the operators are responsible on what is exposed to the user (would allow to give hints or contact information on how to get access to the application, etc...) |
Beta Was this translation helpful? Give feedback.
-
|
seems there was already something ongoing in 1ccac58 |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
What features would you like to see added?
Would like to see a feature that informs a user they are not authorized to login to the application.
More details
For my use case, users are authenticated only via Azure Entra ID through OpenID. We have restricted access by groups to limit who in our organisation can access LibreChat. When testing the login, it correctly authenticates only users in the group. However, when a non-group user tries to login, they are bounced back to the login screen. There is no feedback to them as to why this has happened. Would like to see some sort of feedback on the UI saying "You are not authorized to use this application" or something similar.
Which components are impacted by your request?
UI, Endpoints
Pictures
No response
Code of Conduct
Beta Was this translation helpful? Give feedback.
All reactions