You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
My question is, does the authentication in LibreChat work without having the implicit grant flow enabled in the Entra application registration?
So far I have tried to set the OPENID_USE_PKCE environment variable to true. But after signing in, and redirecting, it gives the error "an unknown error have occurred" with no errors in container logs. However, the sign-in logs in Entra was showing the attempt as a success. Is there something I'm missing here?
I have also tried the native Microsoft authentication using Container Apps but that also does not work without implicit grant flow. It gives the "id_token is missing" error.
I have exhausted my efforts in trying to solve this, but now I'm wondering if this is even possible.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
-
I was following the steps in the LibreChat docs for setting up OpenID with Azure Entra (https://www.librechat.ai/docs/configuration/authentication/OAuth2-OIDC/azure) and one of the steps was to "check the boxes for Access tokens and ID tokens under Implicit grant and hybrid flows". However, Microsoft strongly recommends against using implicit grant flow, and instead to use the Microsoft Authentication Libraries (MSAL). see here: https://learn.microsoft.com/en-us/entra/identity-platform/v2-oauth2-implicit-grant-flow
My question is, does the authentication in LibreChat work without having the implicit grant flow enabled in the Entra application registration?
So far I have tried to set the OPENID_USE_PKCE environment variable to true. But after signing in, and redirecting, it gives the error "an unknown error have occurred" with no errors in container logs. However, the sign-in logs in Entra was showing the attempt as a success. Is there something I'm missing here?
I have also tried the native Microsoft authentication using Container Apps but that also does not work without implicit grant flow. It gives the "id_token is missing" error.
I have exhausted my efforts in trying to solve this, but now I'm wondering if this is even possible.
Appreciate your advise. Thanks!
Beta Was this translation helpful? Give feedback.
All reactions