OpenID Session Expiry Causes UX Degradation

[changkun]

What happened?

We deployed LibreChat integrated with an OpenID Identity Provider (Keycloak) and observed a recurring issue affecting user experience.

Users frequently encounter the following error after being inactive for an extended period:

This disrupts the chat flow and significantly downgrades the overall UX.

Version Information

v0.8.0-rc2

Steps to Reproduce

1. Our IDP (Keycloak) is configured with:

• SSO Session Max: 8 hours
• Session Idle Timeout: 1 hour

2. User logs in to LibreChat and successfully obtains Access and Refresh tokens.
3. Sending a message via the chat box works as expected.
4. Leave the browser tab idle for over 1 hour.
5. Attempt to send another message → User receives the error:

"Error connecting to server, try refreshing the page."

At step 5, the client attempts to refresh tokens via /api/auth/refresh, but the request fails with an "Invalid OpenID refresh token" error. The backend logs show:

2025-09-15 19:30:26 error: [refreshController] 
OpenID token refresh error - server responded with an error in the response body

Proposed Fixes

1. In AuthController.js (L82)

• Instead of only returning an error, redirect the user to /login.

2. Implement periodic background refresh:

• Similar to existing health checks, call /api/auth/refresh at intervals to renew tokens even during inactivity.

What browsers are you seeing the problem on?

No response

Relevant log output

2025-09-15 19:30:26 error: [refreshController] 
OpenID token refresh error - server responded with an error in the response body

Screenshots

No response

Code of Conduct

• I agree to follow this project's Code of Conduct

[danny-avila]

Check the browser logs when you see this error, as well as the network tab: "Error connecting to server, try refreshing the page"

That will help determine the root issue, as it's not exclusive to session expiration, as that will more than likely trigger a redirect to /login page.

v0.8.0-rc2

Also, try on the latest version.

I've tested with short expiry times, and I'm getting redirected as expected.

[changkun]

As shared

At step 5, the client attempts to refresh tokens via /api/auth/refresh, but the request fails with an "Invalid OpenID refresh token" error. The backend logs show:

2025-09-15 19:30:26 error: [refreshController] 
OpenID token refresh error - server responded with an error in the response body

try on the latest version.

Updating to latest commit didn't help so we sticked to the same version.

I'm getting redirected as expected.

Unfo per our testing it remains broken as detail described above. Patching the proposed fixes solved the this problem for us.

[danny-avila]

Feel free to submit a PR