Skip to content

docs(auth): add OpenID Connect token placeholders and OPENID_EXPOSE_SUB_COOKIE documentation#483

Open
busla wants to merge 1 commit intoLibreChat-AI:mainfrom
aproorg:docs/openid-token-placeholders
Open

docs(auth): add OpenID Connect token placeholders and OPENID_EXPOSE_SUB_COOKIE documentation#483
busla wants to merge 1 commit intoLibreChat-AI:mainfrom
aproorg:docs/openid-token-placeholders

Conversation

@busla
Copy link
Copy Markdown
Contributor

@busla busla commented Jan 7, 2026
edited
Loading

What

Add comprehensive documentation for OpenID Connect authentication features, including the new OPENID_EXPOSE_SUB_COOKIE configuration option and seven available OpenID token placeholders for use in custom endpoint headers.

Note: The LIBRECHAT_OPENID_* template variables were added in danny-avila/LibreChat#9931, which has already been merged. This PR updates the documentation to reflect that feature.

Why

Developers need clear guidance on:

  • How to use OpenID tokens in custom endpoint configurations
  • The cross-origin OAuth callback support capabilities
  • The new OPENID_EXPOSE_SUB_COOKIE option for advanced authentication scenarios

Changes

token-reuse.mdx

  • Added OPENID_EXPOSE_SUB_COOKIE environment variable documentation
  • Documented this option exposes a JWT-signed cookie containing the OpenID sub claim
  • Explains cross-origin OAuth callback flows support (e.g., AWS Bedrock AgentCore 3LO)
  • Added to "Additional Configuration Options" section with full description

custom_endpoint.mdx

  • Added "Available OpenID Token Placeholders" table with seven placeholders:
    • {{LIBRECHAT_OPENID_TOKEN}} - OpenID access token (generic alias)
    • {{LIBRECHAT_OPENID_ACCESS_TOKEN}} - OpenID access token
    • {{LIBRECHAT_OPENID_ID_TOKEN}} - OpenID ID token
    • {{LIBRECHAT_OPENID_USER_ID}} - User ID from OpenID claims
    • {{LIBRECHAT_OPENID_USER_EMAIL}} - User email from OpenID claims
    • {{LIBRECHAT_OPENID_USER_NAME}} - User name from OpenID claims
    • {{LIBRECHAT_OPENID_EXPIRES_AT}} - Token expiration timestamp
  • Added informational callout explaining token availability requirements
  • Added practical usage example showing how to use OpenID tokens in custom headers

Test plan

  • Verify documentation renders correctly in the docs site
  • Confirm all placeholder references are accurate
  • Review that examples are syntactically valid YAML
  • Cross-reference with existing OpenID Connect documentation for consistency

🤖 Generated with Claude Code

@busla @claude
docs(auth): add OpenID Connect token placeholders and OPENID_EXPOSE_S…
8664171 
…UB_COOKIE documentation

- Added OPENID_EXPOSE_SUB_COOKIE environment variable documentation in token-reuse.mdx
- Added table of seven available OpenID token placeholders in custom_endpoint.mdx
- Documented placeholders: access token, ID token, user ID, email, name, and expiration
- Added practical usage example showing OpenID tokens in custom endpoint headers
- Explains cross-origin OAuth callback flow support for advanced authentication scenarios

Generated with Claude Code

Co-Authored-By: Claude <noreply@anthropic.com>
@vercel
Copy link
Copy Markdown

vercel Bot commented Jan 7, 2026

@busla is attempting to deploy a commit to the LibreChat's projects Team on Vercel.

A member of the Team first needs to authorize it.

@busla busla mentioned this pull request Jan 7, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@busla