[solved] Unknown authentication strategy "openid" | LibreChat | Page 1

buoyant imp Oct 3, 2023, 9:30 AM

#

log when i startup LibreChat
LibreChat | Warning: connect.session() MemoryStore is not
LibreChat | designed for a production environment, as it will leak
LibreChat | memory, and will not scale past a single process.
LibreChat | Server listening on all interfaces at port 3080. Use http://localhost:3080 to access it
LibreChat | Error: getaddrinfo ENOTFOUND srvtest-rz1-1
LibreChat | at GetAddrInfoReqWrap.onlookup [as oncomplete] (node:dns:107:26) {
LibreChat | errno: -3008,
LibreChat | code: 'ENOTFOUND',
LibreChat | syscall: 'getaddrinfo',
LibreChat | hostname: 'srvtest-rz1-1'
LibreChat | }

and when i try to use openid:
LibreChat | Error: Unknown authentication strategy "openid"
LibreChat | at attempt (/app/node_modules/passport/lib/middleware/authenticate.js:193:39)
LibreChat | at authenticate (/app/node_modules/passport/lib/middleware/authenticate.js:370:7)
LibreChat | at Layer.handle [as handle_request] (/app/node_modules/express/lib/router/layer.js:95:5)
LibreChat | at next (/app/node_modules/express/lib/router/route.js:144:13)
LibreChat | at Route.dispatch (/app/node_modules/express/lib/router/route.js:114:3)
LibreChat | at Layer.handle [as handle_request] (/app/node_modules/express/lib/router/layer.js:95:5)
LibreChat | at /app/node_modules/express/lib/router/index.js:284:15
LibreChat | at Function.process_params (/app/node_modules/express/lib/router/index.js:346:12)
LibreChat | at next (/app/node_modules/express/lib/router/index.js:280:10)
LibreChat | at /app/node_modules/express-rate-limit/dist/index.cjs:659:7

my openid config (using keycloak):
OPENID_CLIENT_ID=###MYCLIENTID###
OPENID_CLIENT_SECRET=###MYSECRET###
OPENID_ISSUER=http://###MYHOST###:8080/realms/###MYREALM###
OPENID_SESSION_SECRET=###MYSESSIONSECRET###
OPENID_SCOPE="openid profile email"
OPENID_CALLBACK_URL=/oauth/openid/callback

#

this is what happens when i try to use the openid config with my keycloak server. I am not sure if its a misconfiguration on my keycloak or on librechat. I would appriciate any help. Note that my hostname resolves to a internal ip.

brave lynx Oct 3, 2023, 2:20 PM

#

are you running docker-compose build after setting your env variables?

the openid strategy should not be unknown if the following are set:

    process.env.OPENID_CLIENT_ID &&
    process.env.OPENID_CLIENT_SECRET &&
    process.env.OPENID_ISSUER &&
    process.env.OPENID_SCOPE &&
    process.env.OPENID_SESSION_SECRET

buoyant imp Oct 3, 2023, 2:36 PM

#

Greetings! I appreciate your time and effort. I've been diligently rebuilding the Docker environment following each modification to the .env file. Additionally, I've taken the precaution of altering the button label with each iteration to ensure that all my adjustments have taken effect.

In my previous message, I shared my OpenID configuration from the .env file, using "###XY###" as a placeholder for my actual values. Is there a possibility that there might be a formatting error present? Should certain elements be enclosed in brackets or require a different format altogether?

sidenote: on the frontend it response with a httpcode 500 "Internal Server Error" which result in the backend as: "Error: Unknown authentication strategy "openid""

brave lynx Oct 3, 2023, 3:11 PM

#

buoyant imp Greetings! I appreciate your time and effort. I've been diligently rebuilding th...

this may be something related to keycloak: https://github.com/danny-avila/LibreChat/discussions/674

GitHub

[Bug]: Unknown authentication strategy "openid" · danny-avila Libre...

Contact Details [email protected] What happened? I'm trying to enable openID. After enabling it the app blows up when I try to use the login Steps to Reproduce Fill in the OPENID_* env variable.s W...

#

in the linked discussion, the issue was how amazon cognito handles the authentication strategy.. the error message 'not found' is not helpful

https://github.com/danny-avila/LibreChat/pull/686

GitHub

Oauth fixes for Cognito by Donavan · Pull Request #686 · danny-avil...

This change modifies the Open ID strategy to use the supplied user name from the provider if it exists. This keeps things from exploding when your auth provider only requires a username and email ...

#

it could be that keycloak is not returning the expected username

#

or rather userInfo props. id have to dive into your setup to really debug this

buoyant imp Oct 3, 2023, 3:31 PM

#

Thank you for providing the links. this looks promising:

"Oh also @danny-avila : If the OPENID_ISSUER is bad it will fail discovery and if it fails discovery you get the error I did initially."

After changing my issuer to "localhost," the DNS error disappeared. However, I now encounter a "connection refused" error. It appears that Librechat attempts to resolve the issuer URL, but since it's a local hostname, this is causing the error. I'll delve deeper into this issue tomorrow and update the case accordingly. For now, I sincerely appreciate your assistance. ❤️ at least i found now the cause and can debug deeper to the connection.

brave lynx Oct 3, 2023, 3:37 PM

#

buoyant imp Thank you for providing the links. this looks promising: "Oh also @danny-avila ...

awesome! I'm glad I could help

buoyant imp Oct 4, 2023, 8:18 AM

#

[solved] Unknown authentication strategy "openid"

#

For future reference, there was an issue with the OPENID_ISSUER configuration due to the container's inability to resolve the hostname of the host machine. After implementing some network changes, the container successfully detected the Keycloak server.

Please note that for Keycloak, client scopes should be specified without the brackets.
Issue solved. Thanks 🙂

#[solved] Unknown authentication strategy "openid"