centersl/librechat.ai
1
0
Fork 0
mirror of https://github.com/LibreChat-AI/librechat.ai.git synced 2026-03-27 10:48:32 +07:00
Code Issues Packages Projects Releases Wiki Activity

v0.8.0-rc2 (#393)

Browse Source 
* v0.8.0-rc2

* 📚 docs: Update Redis configuration details in dotenv.mdx

- Added a new section highlighting Redis performance benefits and horizontal scaling capabilities.
- Updated configuration options for Redis, including new parameters for authentication and connection management.
- Clarified usage notes regarding `USE_REDIS`, `REDIS_URI`, and mutual exclusivity of `REDIS_KEY_PREFIX_VAR` and `REDIS_KEY_PREFIX`.

* 📚 docs: Update memory functionality notes in memory.mdx

- Removed the note indicating that memory only works with agents, clarifying the configuration requirements for memory functionality in LibreChat.

* 📚 docs: Update custom endpoint and default parameters documentation

- Clarified the usage of the `addParams` field in custom endpoints, emphasizing its importance for API-specific options like `max_tokens`.
- Removed default values for `temperature`, `top_p`, `presence_penalty`, and `frequency_penalty` from the default parameters section to streamline the documentation.

* 📚 docs: Enhance memory agent execution notes in memory.mdx

- Added a new callout explaining the execution behavior of the memory agent when memory is enabled.
- Clarified the timing and order of memory updates to ensure a seamless user experience during chat interactions.

* 📚 docs: Add Cloudflare Workers AI configuration documentation

- Introduced a new section detailing the setup and configuration for Cloudflare Workers AI.
- Included required environment variables and example YAML configuration for integration with LibreChat.
- Highlighted compatibility notes and known issues with specific models.

* 📚 docs: Update reasoning effort and add verbosity parameter in model specs

- Changed accepted values for reasoning effort from "None", "Low", "Medium", "High" to "minimal", "low", "medium", "high".
- Updated default value for reasoning effort to reflect API default when not set.
- Introduced a new parameter, verbosity, with accepted values "low", "medium", "high" and provided default value information.
- Updated relevant sections in the URL query documentation to include the new verbosity parameter.

* 📚 docs: Add Auth0 configuration for OpenID Connect

- Introduced a new documentation file for configuring Auth0 as an OpenID Connect provider for LibreChat.
- Updated existing documentation to include Auth0 in the OpenID Connect section and token reuse guidelines.
- Added necessary environment variable details and configuration steps specific to Auth0, including the importance of the `OPENID_AUDIENCE` variable for token validation.

* chore: add bash syntaxing to code blocks

* chore: add alias for cloudflare

* chore: clarification in cloudflare ai docs
This commit is contained in:
Danny Avila
2025-08-13 16:21:13 -04:00
committed by GitHub
parent 6b023df4fc
commit a28ab06f77
14 changed files with 436 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files

60
components/changelog/content/v0.8.0-rc2.mdx Normal file
View File

@@ -0,0 +1,60 @@
## What's Changed
### ✨ Features
* ✨ feat: GPT-5 Token Limits, Rates, Icon, Reasoning Support by [@danny-avila](https://github.com/danny-avila) in [`aa37f2f`](https://github.com/danny-avila/LibreChat/commit/aa37f2fb1eafad98b3071bf40b67c7b19ef0b5f2)
* 🧠 feat: Add `minimal` Reasoning Effort option by [@danny-avila](https://github.com/danny-avila) in [`2f6a96d`](https://github.com/danny-avila/LibreChat/commit/2f6a96dbdc8e8e1b6ecaeee8a717f34c9f0c3eab)
* ✨ feat: Add OpenAI Verbosity Parameter by [@danny-avila](https://github.com/danny-avila) in [#8929](https://github.com/danny-avila/LibreChat/pull/8929)
* ✨ feat: GPT-OSS models Token Limits & Rates by [@danny-avila](https://github.com/danny-avila) in [`a5f4c9b`](https://github.com/danny-avila/LibreChat/commit/a5f4c9be9c5d11b93a7b61c76b9e1f4a3d8a4e6f)
* 🛂 feat: Payload limits and Validation for User-created Memories by [@danny-avila](https://github.com/danny-avila) in [#8974](https://github.com/danny-avila/LibreChat/pull/8974)
* 🧑‍💼 feat: Add Agent Model Validation by [@danny-avila](https://github.com/danny-avila) in [#8995](https://github.com/danny-avila/LibreChat/pull/8995)
### 🐛 Fixes
* 🔒 fix: Provider Validation for Social, OpenID, SAML, and LDAP Logins by [@danny-avila](https://github.com/danny-avila) in [#8999](https://github.com/danny-avila/LibreChat/pull/8999)
* 📸 fix: Avatar Handling for Social Login by [@danny-avila](https://github.com/danny-avila) in [#8993](https://github.com/danny-avila/LibreChat/pull/8993)
* 🛡️ fix: OTP Verification For 2FA Disable Operation by [@danny-avila](https://github.com/danny-avila) in [#8975](https://github.com/danny-avila/LibreChat/pull/8975)
* 🪙 fix: Max Output Tokens Refactor for Responses API by [@dustinhealy](https://github.com/dustinhealy) in [#8972](https://github.com/danny-avila/LibreChat/pull/8972)
* 🔮 fix: Artifacts `readOnly` to Re-render when Expected by [@danny-avila](https://github.com/danny-avila) in [#8954](https://github.com/danny-avila/LibreChat/pull/8954)
* 🧪 fix: Editor Styling, Incomplete Artifact Editing, Optimize Artifact Context by [@danny-avila](https://github.com/danny-avila) in [#8953](https://github.com/danny-avila/LibreChat/pull/8953)
* 🛣️ fix: Remove Title Tokens Limit for GPT-5 Models by [@danny-avila](https://github.com/danny-avila) in [#8948](https://github.com/danny-avila/LibreChat/pull/8948)
* 🟢 fix: Incorrect `customUserVars` Set States by [@dustinhealy](https://github.com/dustinhealy) in [#8905](https://github.com/danny-avila/LibreChat/pull/8905)
* 📂 fix: File Cleanup for Uploaded "Agent" Files by [@danny-avila](https://github.com/danny-avila) in [#8900](https://github.com/danny-avila/LibreChat/pull/8900)
* 🔧 fix: MCP Queries and Connections by [@dustinhealy](https://github.com/dustinhealy) in [#8870](https://github.com/danny-avila/LibreChat/pull/8870)
### 🔧 Refactoring
* 🔧 refactor: Move Plugin-related Helpers to TS API and Add Tests by [@danny-avila](https://github.com/danny-avila) in [#8961](https://github.com/danny-avila/LibreChat/pull/8961)
* 🧠 refactor: Memory Timeout after Completion and Guarantee Stream Final Event by [@danny-avila](https://github.com/danny-avila) in [#8955](https://github.com/danny-avila/LibreChat/pull/8955)
* 🔧 refactor: `customUserVar` Error Normalization by [@dustinhealy](https://github.com/dustinhealy) in [#8950](https://github.com/danny-avila/LibreChat/pull/8950)
* 🎚️ refactor: Update Min. Values for OpenAI Parameters by [@usnavy13](https://github.com/usnavy13) in [#8922](https://github.com/danny-avila/LibreChat/pull/8922)
* 🔄 refactor: Select OpenRouter LLM Class Dynamically by `baseURL` by [@danny-avila](https://github.com/danny-avila) in [#8898](https://github.com/danny-avila/LibreChat/pull/8898)
* 🥞 refactor: Duplicate Agent Versions as Informational Instead of Errors by [@sbruel](https://github.com/sbruel) in [#8881](https://github.com/danny-avila/LibreChat/pull/8881)
### 🌍 Internationalization
* 🌍 i18n: Update translation.json with latest translations by [@github-actions[bot]](https://github.com/apps/github-actions) in [#8996](https://github.com/danny-avila/LibreChat/pull/8996), [#8957](https://github.com/danny-avila/LibreChat/pull/8957), [#8934](https://github.com/danny-avila/LibreChat/pull/8934), [#8924](https://github.com/danny-avila/LibreChat/pull/8924), [#8907](https://github.com/danny-avila/LibreChat/pull/8907)
### 🎨 UI/UX
* 🎨 style: Add missing markdown font size variable to CSS by [@danny-avila](https://github.com/danny-avila) in [#9011](https://github.com/danny-avila/LibreChat/pull/9011)
* 💬 style: Enhance Tooltip with HTML support and Improve Styling by [@berry-13](https://github.com/berry-13) in [#8915](https://github.com/danny-avila/LibreChat/pull/8915)
### 🛠️ Other Changes
* 🪖 ci: Helm OCI Publishing by [@clayrosenthal](https://github.com/clayrosenthal) in [#7256](https://github.com/danny-avila/LibreChat/pull/7256)
* 📦 chore: Bump `@librechat/agents` to v2.4.75 by [@danny-avila](https://github.com/danny-avila) in [#8956](https://github.com/danny-avila/LibreChat/pull/8956)
* 📦 chore: Bump `@librechat/agents` to v2.4.73 by [@danny-avila](https://github.com/danny-avila) in [#8949](https://github.com/danny-avila/LibreChat/pull/8949)
* 📦 chore: Bump `@librechat/agents` to v2.4.72 by [@danny-avila](https://github.com/danny-avila) in [`bf8e74b`](https://github.com/danny-avila/LibreChat/commit/bf8e74b9f6a9845dae14ca7e3b4b85b7a0f8e3c5)
* 📦 chore: Bump `@librechat/agents` to v2.4.71 by [@danny-avila](https://github.com/danny-avila) in [`58a97c5`](https://github.com/danny-avila/LibreChat/commit/58a97c54ee01e3c8afb3f41aacf7e5dd62e23419)
* 📦 chore: Bump `@librechat/agents` to v2.4.70 by [@danny-avila](https://github.com/danny-avila) in [#8923](https://github.com/danny-avila/LibreChat/pull/8923)
* 🪖 chore: Fix Typo in `helm/librechat/values.yaml` by [@alkshmir](https://github.com/alkshmir) in [#8960](https://github.com/danny-avila/LibreChat/pull/8960)
* 📑 docs: Fix Typos in JSDoc and Doc Files by [@0xjeffreybulanadi](https://github.com/0xjeffreybulanadi) in [#8998](https://github.com/danny-avila/LibreChat/pull/8998)
## New Contributors
* [@usnavy13](https://github.com/usnavy13) made their first contribution in [#8922](https://github.com/danny-avila/LibreChat/pull/8922)
* [@alkshmir](https://github.com/alkshmir) made their first contribution in [#8960](https://github.com/danny-avila/LibreChat/pull/8960)
* [@clayrosenthal](https://github.com/clayrosenthal) made their first contribution in [#7256](https://github.com/danny-avila/LibreChat/pull/7256)
* [@0xjeffreybulanadi](https://github.com/0xjeffreybulanadi) made their first contribution in [#8998](https://github.com/danny-avila/LibreChat/pull/8998)
**Full Changelog**: https://github.com/danny-avila/LibreChat/compare/v0.8.0-rc1...v0.8.0-rc2

14
pages/changelog/v0.8.0-rc2.mdx Normal file
View File

@@ -0,0 +1,14 @@
---
date: 2025/08/12
title: 🚀 LibreChat v0.8.0-rc2
description: The v0.8.0-rc2 release of LibreChat
---
import { ChangelogHeader } from '@/components/changelog/ChangelogHeader'
import Content from '@/components/changelog/content/v0.8.0-rc2.mdx'
<ChangelogHeader />
---
<Content />

2
pages/docs/configuration/authentication/OAuth2-OIDC/_meta.ts
View File

@@ -11,7 +11,9 @@ export default {
OIDC: {
type: 'separator',
},
auth0: 'Auth0',
aws: 'AWS Cognito',
azure: 'Azure Entra/AD',
keycloak: 'Keycloak',
'token-reuse': 'Token Reuse',
}

212
pages/docs/configuration/authentication/OAuth2-OIDC/auth0.mdx Normal file
View File

@@ -0,0 +1,212 @@
---
title: Auth0
description: Configure Auth0 as an OpenID Connect provider for LibreChat
---
# Auth0 OpenID Connect Configuration
This guide walks you through configuring Auth0 as an OpenID Connect provider for LibreChat.
## Overview
Auth0 can be used as an OpenID Connect provider for LibreChat. When using Auth0 with token reuse enabled (`OPENID_REUSE_TOKENS=true`), you must configure the `OPENID_AUDIENCE` environment variable to prevent authentication issues.
## Prerequisites
- An Auth0 account with an active tenant
- Admin access to create applications and APIs in Auth0
- LibreChat instance ready for configuration
## Configuration Steps
### Step 1: Create an Auth0 Application
1. Go to **Auth0 Dashboard** → **Applications** → **Applications**
2. Click **"Create Application"**
3. Configure the application:
- **Name**: `LibreChat` (or your preferred name)
- **Application Type**: Select **"Single Page Application"**
4. Click **"Create"**
### Step 2: Configure Application Settings
<Callout type="warning" title="HTTPS Required">
Auth0 does not allow `http://localhost` URLs in production applications. For local development/testing, you'll need to use HTTPS. You can use services like:
- **ngrok**: `ngrok http 3080` (provides HTTPS tunnel to localhost)
- **Caddy**: Local HTTPS proxy server
- **localtunnel**: Similar to ngrok
Example with ngrok:
```bash
ngrok http 3080
# This will give you a URL like: https://abc123.ngrok.io
```
</Callout>
1. In your application's **Settings** tab:
2. Set **Allowed Callback URLs**:
```bash
https://your-domain.ngrok.io/oauth/openid/callback
```
(Use your ngrok URL for testing, or your production HTTPS URL)
3. Set **Allowed Logout URLs** (if using end session):
```bash
https://your-domain.ngrok.io
```
4. Set **Allowed Web Origins**:
```bash
https://your-domain.ngrok.io
```
5. Save the changes
### Step 3: Create an Auth0 API (Required for Token Reuse)
<Callout type="warning" title="Important for Token Reuse">
This step is **required** when using `OPENID_REUSE_TOKENS=true`. Without it, Auth0 will return opaque tokens that cannot be validated by LibreChat, causing infinite refresh loops.
</Callout>
1. **Go to Auth0 Dashboard** → **Applications** → **APIs**
2. **Click "Create API"**
3. **Configure the API:**
- **Name**: `LibreChat API` (or your preferred name)
- **Identifier**: `https://api.librechat.ai` (or your preferred identifier)
- **Note**: This is just a unique identifier, not an actual URL. It doesn't need to be accessible.
- Common patterns: `https://api.yourdomain.com`, `https://librechat.yourdomain.com`, etc.
- **Signing Algorithm**: RS256 (recommended)
4. **Click "Create"**
### Step 4: Configure Offline Access
1. **Go to your API's Settings** → **Access Settings**
2. Enable **"Allow Offline Access"**
3. Save the changes
### Step 5: Gather Configuration Values
In your Auth0 Application's **Basic Information** section, you'll find:
- **Domain**: Shows as `dev-example.us.auth0.com` (you'll need to add `https://` prefix)
- **Client ID**: A long alphanumeric string
- **Client Secret**: Hidden by default (click to reveal)
<Callout type="info" title="Important">
The **Domain** shown in Auth0 doesn't include the `https://` prefix. You must add it when configuring the `OPENID_ISSUER`.
Example: If Auth0 shows `dev-abc123.us.auth0.com`, use `https://dev-abc123.us.auth0.com`
</Callout>
### Step 6: Configure LibreChat Environment Variables
Add the following environment variables to your `.env` file:
```bash
# OpenID Connect Configuration
# Domain from Basic Information (add https:// prefix)
OPENID_ISSUER=https://dev-abc123.us.auth0.com
# Client ID from Basic Information
OPENID_CLIENT_ID=your_long_alphanumeric_client_id
# Client Secret from Basic Information (click to reveal)
OPENID_CLIENT_SECRET=your_client_secret_from_basic_information
# Callback URL (must match what's configured in Auth0)
OPENID_CALLBACK_URL=/oauth/openid/callback
# Token Configuration
OPENID_REUSE_TOKENS=true
OPENID_SCOPE=openid profile email offline_access
# IMPORTANT: Your Auth0 API identifier (from Step 3)
OPENID_AUDIENCE=https://api.librechat.ai
# Security Settings (recommended)
OPENID_USE_PKCE=true
# Session Configuration (generate a secure random string)
OPENID_SESSION_SECRET=your-secure-session-secret-32-chars-or-more
# Optional: Custom button appearance
OPENID_BUTTON_LABEL=Continue with Auth0
# OPENID_IMAGE_URL=https://path-to-auth0-logo.png
# If using ngrok for testing, also update:
# DOMAIN_CLIENT=https://your-domain.ngrok.io
# DOMAIN_SERVER=https://your-domain.ngrok.io
```
## Understanding OPENID_AUDIENCE
### The Problem
When using Auth0 with `OPENID_REUSE_TOKENS=true`:
- Auth0 returns **opaque access tokens** (JWE format) by default
- LibreChat expects **signed JWT tokens** (JWS format) that can be validated
- Without proper configuration, this mismatch causes authentication failures and infinite refresh loops
### The Solution
The `OPENID_AUDIENCE` environment variable:
- Must be set to your Auth0 API identifier (created in Step 3)
- Forces Auth0 to issue signed JWT access tokens instead of opaque tokens
- Enables LibreChat to validate tokens using Auth0's JWKS endpoint
### How It Works
When `OPENID_AUDIENCE` is configured:
1. LibreChat includes the `audience` parameter in authorization requests
2. Auth0 recognizes the audience as a registered API
3. Auth0 issues JWT access tokens that can be validated
4. LibreChat successfully validates tokens and authentication works properly
## Environment Variable Reference
<OptionTable
options={[
['OPENID_AUDIENCE', 'string', 'The identifier of your Auth0 API. Required when using OPENID_REUSE_TOKENS=true with Auth0 to prevent opaque token issues.', 'OPENID_AUDIENCE=https://api.librechat.ai'],
]}
/>
## Troubleshooting
### Infinite Refresh Loop
**Symptoms**: Page reloads continuously after clicking "Continue with OpenID"
**Solution**:
1. Ensure `OPENID_AUDIENCE` is set to your Auth0 API identifier
2. Verify the API was created in Auth0 and offline access is enabled
3. Check that the audience value matches exactly
### Invalid Token Errors
**Symptoms**: Authentication fails with token validation errors
**Solution**:
1. Enable debug logging: `DEBUG_OPENID_REQUESTS=true`
2. Verify Auth0 is returning JWT tokens (not opaque tokens)
3. Check JWKS endpoint is accessible
### Missing Refresh Token
**Symptoms**: No refresh token in authentication response
**Solution**:
1. Ensure `offline_access` is included in `OPENID_SCOPE`
2. Verify "Allow Offline Access" is enabled in your Auth0 API settings
## Best Practices
1. **Always use HTTPS** - Auth0 requires HTTPS for all callback URLs
2. **Testing locally** - Use ngrok or similar services to create HTTPS tunnels to localhost
3. **Secure your session secret** - Use a strong, random value for `OPENID_SESSION_SECRET`
4. **Enable PKCE** - Set `OPENID_USE_PKCE=true` for enhanced security
5. **Restrict callback URLs** - Only allow your actual domain in Auth0 settings
6. **Monitor logs** - Use `DEBUG_OPENID_REQUESTS=true` during setup
7. **API Identifier** - Remember it's just an identifier, not an actual endpoint that needs to exist
## Additional Resources
- [Auth0 Documentation](https://auth0.com/docs)
- [Auth0 Access Tokens](https://auth0.com/docs/secure/tokens/access-tokens/get-access-tokens)
- [LibreChat OpenID Token Reuse](/docs/configuration/authentication/OAuth2-OIDC/token-reuse)

1
pages/docs/configuration/authentication/OAuth2-OIDC/index.mdx
View File

@@ -24,6 +24,7 @@ This section will cover how to configure OAuth2 and OpenID Connect with LibreCha
- [GitHub](/docs/configuration/authentication/OAuth2-OIDC/github)
- [Google](/docs/configuration/authentication/OAuth2-OIDC/google)
## OpenID Connect
- [Auth0](/docs/configuration/authentication/OAuth2-OIDC/auth0)
- [AWS Cognito](/docs/configuration/authentication/OAuth2-OIDC/aws)
- [Azure Entra/AD](/docs/configuration/authentication/OAuth2-OIDC/azure)
- [Keycloak](/docs/configuration/authentication/OAuth2-OIDC/keycloak)

45
pages/docs/configuration/authentication/OAuth2-OIDC/token-reuse.mdx
View File

@@ -5,17 +5,44 @@ description: How to configure OpenID Connect token reuse with LibreChat
# OpenID Connect Token Reuse
LibreChat supports reusing access and refresh tokens issued by your OpenID Connect provider (like Azure Entra ID) to manage user authentication state. When this feature is active, the refresh token passed to the user as a cookie is issued by your OpenID provider instead of LibreChat, allowing LibreChat servers to refresh it and request access tokens from your provider.
LibreChat supports reusing access and refresh tokens issued by your OpenID Connect provider (like Azure Entra ID or Auth0) to manage user authentication state. When this feature is active, the refresh token passed to the user as a cookie is issued by your OpenID provider instead of LibreChat, allowing LibreChat servers to refresh it and request access tokens from your provider.
## Prerequisites
- A configured OpenID Connect provider (like Azure Entra ID)
- A configured OpenID Connect provider (like Azure Entra ID, Auth0, etc.)
- Basic OpenID Connect setup completed
## Configuration Steps
1. Set `OPENID_REUSE_TOKENS=true` in your environment variables.
## Provider-Specific Configuration
### Auth0 Configuration
<Callout type="warning" title="Important for Auth0">
When using Auth0 with token reuse, you **must** configure the `OPENID_AUDIENCE` environment variable. Without it, Auth0 will return opaque tokens that cannot be validated by LibreChat, causing infinite refresh loops.
</Callout>
For Auth0, you need to:
1. Create an API in Auth0 (required for JWT access tokens):
- Go to **Auth0 Dashboard** → **Applications** → **APIs**
- Click **"Create API"**
- Set an **Identifier** (e.g., `https://api.librechat.com`)
- Enable **"Allow Offline Access"** in the API settings
2. Set the required environment variables:
```bash filename=".env"
# Required for Auth0
OPENID_AUDIENCE=https://api.librechat.com # Your API identifier from Auth0
OPENID_SCOPE=openid profile email offline_access
```
For detailed Auth0 configuration, see: [Auth0 OpenID Connect Configuration](/docs/configuration/authentication/OAuth2-OIDC/auth0)
### Azure Entra ID Configuration
2. Configure your OpenID provider (using Azure Entra ID as an example):
- Go to the Azure Portal and navigate to your app registration
- Click on "Expose API" in the left menu
@@ -69,19 +96,29 @@ LibreChat supports reusing access and refresh tokens issued by your OpenID Conne
# OpenID Token Reuse Configuration
OPENID_REUSE_TOKENS=true
OPENID_SCOPE=api://librechat/.default openid profile email offline_access
# Required for Auth0 (use your API identifier)
# OPENID_AUDIENCE=https://api.librechat.com
# Caching Configuration
OPENID_JWKS_URL_CACHE_ENABLED=true
OPENID_JWKS_URL_CACHE_TIME=600000 # 10 minutes in milliseconds
# Azure-specific Configuration
OPENID_ON_BEHALF_FLOW_FOR_USERINFO_REQUIRED=true
OPENID_ON_BEHALF_FLOW_USERINFO_SCOPE=user.read
# Logout Configuration
OPENID_USE_END_SESSION_ENDPOINT=true
```
## Additional Configuration Options
- `OPENID_AUDIENCE`: The audience parameter for authorization requests. **Required for Auth0** to receive JWT access tokens instead of opaque tokens
- `OPENID_JWKS_URL_CACHE_ENABLED`: Enables caching of signing key verification results to prevent excessive HTTP requests to the JWKS endpoint
- `OPENID_JWKS_URL_CACHE_TIME`: Cache duration in milliseconds (default: 600000 ms / 10 minutes)
- `OPENID_ON_BEHALF_FLOW_FOR_USERINFO_REQUIRED`: Enables on-behalf-of flow for user info
- `OPENID_ON_BEHALF_FLOW_USERINFO_SCOPE`: Scope for user info in on-behalf-of flow
- `OPENID_ON_BEHALF_FLOW_FOR_USERINFO_REQUIRED`: Enables on-behalf-of flow for user info (Azure-specific)
- `OPENID_ON_BEHALF_FLOW_USERINFO_SCOPE`: Scope for user info in on-behalf-of flow (Azure-specific)
- `OPENID_USE_END_SESSION_ENDPOINT`: Enables use of the end session endpoint for logout
## Security Considerations

42
pages/docs/configuration/dotenv.mdx
View File

@@ -1070,6 +1070,7 @@ For more information: **[Google Authentication](/docs/configuration/authenticati
#### [OpenID Connect](/docs/configuration/authentication/OAuth2-OIDC#openid-connect)
For more information:
- [Auth0](/docs/configuration/authentication/OAuth2-OIDC/auth0)
- [AWS Cognito](/docs/configuration/authentication/OAuth2-OIDC/aws)
- [Azure Entra/AD](/docs/configuration/authentication/OAuth2-OIDC/azure)
- [Keycloak](/docs/configuration/authentication/OAuth2-OIDC/keycloak)
@@ -1082,6 +1083,7 @@ For more information:
['OPENID_SESSION_SECRET', 'string', 'The secret for OpenID session storage.','OPENID_SESSION_SECRET='],
['OPENID_SCOPE', 'string', 'The OpenID scope.', 'OPENID_SCOPE="openid profile email"'],
['OPENID_CALLBACK_URL', 'string', 'The callback URL for OpenID authentication.','OPENID_CALLBACK_URL=/oauth/openid/callback'],
['OPENID_AUDIENCE', 'string', 'The audience parameter for authorization requests. Required for Auth0 when using OPENID_REUSE_TOKENS=true to receive JWT access tokens instead of opaque tokens.','OPENID_AUDIENCE=https://api.librechat.com'],
['OPENID_REQUIRED_ROLE', 'string', 'The required role for validation.','OPENID_REQUIRED_ROLE='],
['OPENID_REQUIRED_ROLE_TOKEN_KIND', 'string', 'The token kind for required role validation.','OPENID_REQUIRED_ROLE_TOKEN_KIND='],
['OPENID_REQUIRED_ROLE_PARAMETER_PATH', 'string', 'The parameter path for required role validation.','OPENID_REQUIRED_ROLE_PARAMETER_PATH='],
@@ -1095,12 +1097,13 @@ For more information:
##### OpenID Connect Token Reuse
LibreChat supports reusing access and refresh tokens issued by your OpenID Connect provider (like Azure Entra ID) to manage user authentication state. When this feature is active, the refresh token passed to the user as a cookie is issued by your OpenID provider instead of LibreChat.
LibreChat supports reusing access and refresh tokens issued by your OpenID Connect provider (like Azure Entra ID or Auth0) to manage user authentication state. When this feature is active, the refresh token passed to the user as a cookie is issued by your OpenID provider instead of LibreChat.
<OptionTable
options={[
['OPENID_REUSE_TOKENS', 'boolean', 'Enable reuse of OpenID provider tokens for session management.', 'OPENID_REUSE_TOKENS=false'],
['OPENID_SCOPE', 'string', 'Space-separated list of OpenID scopes. Must include offline_access for token reuse.', 'OPENID_SCOPE=api://librechat/.default openid profile email offline_access'],
['OPENID_AUDIENCE', 'string', 'The audience parameter for authorization requests. Required for Auth0 when OPENID_REUSE_TOKENS=true. See the note in the main OpenID section above.', 'OPENID_AUDIENCE=https://api.librechat.com'],
['OPENID_JWKS_URL_CACHE_ENABLED', 'boolean', 'Enable caching of signing key verification results.', 'OPENID_JWKS_URL_CACHE_ENABLED=true'],
['OPENID_JWKS_URL_CACHE_TIME', 'number', 'Cache duration in milliseconds (default: 600000 ms / 10 minutes).', 'OPENID_JWKS_URL_CACHE_TIME=600000'],
['OPENID_ON_BEHALF_FLOW_FOR_USERINFO_REQUIRED', 'boolean', 'Enable on-behalf-of flow for user info.', 'OPENID_ON_BEHALF_FLOW_FOR_USERINFO_REQUIRED=true'],
@@ -1315,28 +1318,31 @@ LibreChat supports Google Tag Manager for analytics. You will need a Google Tag
#### Redis
Redis provides significant performance improvements and enables horizontal scaling capabilities for LibreChat.
**Note:** Redis support is experimental, and you may encounter some problems when using it.
**Important:** If using Redis, you should flush the cache after changing any LibreChat settings.
If you are using Redis, you will need to set the following variables:
* `REDIS_URI`: The URI for your Redis instance.
* `USE_REDIS`: Set to `true` to enable Redis.
* `USE_REDIS_CLUSTER`: Set to `true` to enable Redis Cluster mode.
* `REDIS_CA`: The path to the PEM-encoded certificate authority file for Redis TLS connections.
* `REDIS_KEY_PREFIX`: A prefix to be added to all keys in the Redis database. Defaults to empty string if not specified.
* `REDIS_KEY_PREFIX_VAR`: The name of an environment variable that contains the Redis key prefix. When set, the value of the specified environment variable will be used as the Redis key prefix instead of `REDIS_KEY_PREFIX`. This is useful for cloud deployments where the prefix needs to be dynamically determined (e.g., using Kubernetes revision numbers via `K_REVISION`).
* `REDIS_MAX_LISTENERS`: The maximum number of event listeners allowed for the Redis client instance. It helps prevent memory leaks by limiting event listeners. If set to 0 (zero), it will be considered limitless. Defaults to 10 if not specified.
For detailed configuration and examples, see: **[Redis Configuration Guide](/docs/configuration/redis)**
<OptionTable
options={[
['REDIS_URI', 'string', 'Redis URI.', '# REDIS_URI="10.11.12.13:6379"'],
['USE_REDIS', 'boolean', 'Use Redis.', '# USE_REDIS="true"'],
['USE_REDIS_CLUSTER', 'boolean', 'User Redis Cluster mode', '# USE_REDIS_CLUSTER="true"'],
['REDIS_CA', 'string', 'Path to certificate', '# REDIS_CA="/path/to/file.crt"'],
['REDIS_KEY_PREFIX', 'string', 'Prefix for Redis keys', '# REDIS_KEY_PREFIX="librechat-staging:"'],
['REDIS_KEY_PREFIX_VAR', 'string', 'Environment variable name to use for dynamic Redis key prefix (recommended for cloud deployments)', '# REDIS_KEY_PREFIX_VAR=K_REVISION'],
['REDIS_MAX_LISTENERS', 'number', 'Maximum number of event listeners allowed for the Redis client instance', '# REDIS_MAX_LISTENERS=20'],
['USE_REDIS', 'boolean', 'Enable Redis for caching and session storage. When true, REDIS_URI must be provided.', 'USE_REDIS=true'],
['REDIS_URI', 'string', 'Redis connection URI. For single instance: redis://host:port. For cluster: comma-separated URIs.', 'REDIS_URI=redis://127.0.0.1:6379'],
['REDIS_USERNAME', 'string', 'Redis username for authentication. Overrides username in URI if both provided.', '# REDIS_USERNAME=your_redis_username'],
['REDIS_PASSWORD', 'string', 'Redis password for authentication. Overrides password in URI if both provided.', '# REDIS_PASSWORD=your_redis_password'],
['REDIS_CA', 'string', 'Path to CA certificate for TLS verification when using rediss:// protocol.', '# REDIS_CA=/path/to/ca-cert.pem'],
['REDIS_KEY_PREFIX', 'string', 'Static prefix for all Redis keys to prevent cross-deployment contamination.', '# REDIS_KEY_PREFIX=librechat-prod-v2'],
['REDIS_KEY_PREFIX_VAR', 'string', 'Environment variable name containing dynamic prefix (e.g., K_REVISION for Cloud Run). Cannot be used with REDIS_KEY_PREFIX.', '# REDIS_KEY_PREFIX_VAR=K_REVISION'],
['REDIS_MAX_LISTENERS', 'number', 'Maximum event listeners per Redis client. Prevents memory leaks. Default: 40.', '# REDIS_MAX_LISTENERS=40'],
['REDIS_PING_INTERVAL', 'number', 'Ping interval in seconds to maintain connections. Default: 0 (disabled). Only set if experiencing timeouts.', '# REDIS_PING_INTERVAL=300'],
['FORCED_IN_MEMORY_CACHE_NAMESPACES', 'string', 'Comma-separated cache keys to force in-memory storage even when Redis is enabled.', '# FORCED_IN_MEMORY_CACHE_NAMESPACES=STATIC_CONFIG,ROLES'],
]}
/>
/>
Notes:
- When `USE_REDIS=true`, you must provide `REDIS_URI` or the application will throw an error.
- For Redis Cluster mode, provide multiple URIs: `redis://node1:7001,redis://node2:7002,redis://node3:7003` (cluster mode is auto-detected).
- Use `rediss://` protocol for TLS connections and set `REDIS_CA` if your CA is not publicly trusted.
- `REDIS_KEY_PREFIX_VAR` and `REDIS_KEY_PREFIX` are mutually exclusive.

1
pages/docs/configuration/librechat_yaml/ai_endpoints/_meta.ts
View File

@@ -1,3 +1,4 @@
export default {
index: 'Intro',
cloudflare: 'Workers AI',
}

39
pages/docs/configuration/librechat_yaml/ai_endpoints/cloudflare.mdx Normal file
View File

@@ -0,0 +1,39 @@
---
title: Cloudflare Workers AI
description: Example configuration for Cloudflare Workers AI
---
# [Cloudflare Workers AI](https://developers.cloudflare.com/ai-gateway/)
> Setup: [AI Gateway Setup](https://developers.cloudflare.com/ai-gateway/get-started/) | [Workers AI Models](https://developers.cloudflare.com/workers-ai/models/)
**Notes:**
- **OpenAI Compatible:** Uses the OpenAI compatible endpoint specification ([documentation](https://developers.cloudflare.com/ai-gateway/providers/workersai/#openai-compatible-endpoints))
- **Known Issue:** `@cf/openai/gpt-oss-*` models may not work due to spec incompatibility
- **Environment Variables Required:**
- `CF_API_TOKEN`: Your Cloudflare API token
- `CF_ACCOUNT_ID`: Your Cloudflare account ID
- `CF_GATEWAY_ID`: Your AI Gateway ID
- Note: these environment variables can be customized/renamed as needed.
```yaml filename="librechat.yaml"
- name: "Cloudflare Workers AI"
apiKey: "${CF_API_TOKEN}"
baseURL: "https://gateway.ai.cloudflare.com/v1/${CF_ACCOUNT_ID}/${CF_GATEWAY_ID}/workers-ai/v1"
models:
default: [
"@cf/google/gemma-3-12b-it",
"@cf/meta/llama-4-scout-17b-16e-instruct",
"@cf/qwen/qwq-32b",
"@cf/qwen/qwen2.5-coder-32b-instruct",
"@cf/deepseek-ai/deepseek-r1-distill-qwen-32b",
"@cf/openai/gpt-oss-120b"
]
fetch: false
titleConvo: true
titleModel: "@cf/google/gemma-3-12b-it"
modelDisplayLabel: "Cloudflare AI"
```
![Cloudflare Workers AI in LibreChat](https://github.com/user-attachments/assets/722f8ba7-0773-4d8c-b01e-ccac22e0a4ea)

2
pages/docs/configuration/librechat_yaml/object_structure/custom_endpoint.mdx
View File

@@ -410,7 +410,7 @@ addParams:
```
**Notes:**
- The `addParams` field allows you to include additional parameters that are not part of the default payload(see the ["Default Parameters"](/docs/configuration/librechat_yaml/object_structure/default_params) section). This is particularly useful for API-specific options.
- For example, if an API requires the `max_tokens` parameter, you can add it here. By default, LibreChat [does not send](/docs/configuration/librechat_yaml/object_structure/default_params) `max_tokens` to use the maximum amount of tokens available, which is the default behavior of the OpenAI API. However, some alternate APIs require this field, or it may default to a very low value, causing your responses to appear cut off. In such cases, you should specify the desired value for `max_tokens` in the `addParams` field.
## dropParams
**Key:**

8
pages/docs/configuration/librechat_yaml/object_structure/default_params.mdx
View File

@@ -7,10 +7,6 @@ Custom endpoints share logic with the OpenAI endpoint, and thus have default par
```yaml filename="Default Parameters"
{
"model": "your-selected-model",
"temperature": 1,
"top_p": 1,
"presence_penalty": 0,
"frequency_penalty": 0,
"user": "LibreChat_User_ID",
"stream": true,
"messages": [
@@ -24,10 +20,6 @@ Custom endpoints share logic with the OpenAI endpoint, and thus have default par
### Breakdown
- `model`: The selected model from list of models.
- `temperature`: Defaults to `1` if not provided via preset,
- `top_p`: Defaults to `1` if not provided via preset,
- `presence_penalty`: Defaults to `0` if not provided via preset,
- `frequency_penalty`: Defaults to `0` if not provided via preset,
- `user`: A unique identifier representing your end-user, which can help OpenAI to [monitor and detect abuse](https://platform.openai.com/docs/api-reference/chat/create#chat-create-user).
- `stream`: If set, partial message deltas will be sent, like in ChatGPT. Otherwise, generation will only be available when completed.
- `messages`: [OpenAI format for messages](https://platform.openai.com/docs/api-reference/chat/create#chat-create-messages); the `name` field is added to messages with `system` and `assistant` roles when a custom name is specified via preset.

37
pages/docs/configuration/librechat_yaml/object_structure/model_specs.mdx
View File

@@ -725,20 +725,20 @@ preset:
#### reasoning_effort
**Accepted Values:**
- None
- Low
- Medium
- High
- minimal
- low
- medium
- high
> **Supported by:** `openAI`, `azureOpenAI`, custom (OpenAI-like)
<OptionTable
options={[
['reasoning_effort', 'String', 'Controls the reasoning effort level for the model.', ''],
['reasoning_effort', 'String', 'Controls the reasoning effort level for the model. Reducing reasoning effort can result in faster responses and fewer tokens used on reasoning.', ''],
]}
/>
**Default:** `"None"`
**Default:** When not set, uses API default (`medium`)
**Example:**
```yaml
@@ -794,6 +794,31 @@ preset:
---
#### verbosity
**Accepted Values:**
- low
- medium
- high
> **Supported by:** `openAI`, `azureOpenAI`, custom (OpenAI-like)
<OptionTable
options={[
['verbosity', 'String', 'Controls the verbosity level of model responses.', ''],
]}
/>
**Default:** When not set, uses API default (`medium`)
**Example:**
```yaml
preset:
verbosity: "low"
```
---
#### web_search
> **Supported by:** `openAI`, `azureOpenAI`, custom (OpenAI-like), `google`, `anthropic`

10
pages/docs/features/memory.mdx
View File

@@ -11,7 +11,6 @@ Memory in LibreChat allows the system to remember information across conversatio
<Callout type="important" title="⚠️ Configuration Required">
- Memory functionality must be explicitly configured in your `librechat.yaml` file to work. It is not enabled by default.
- Currently, memory only works when using agents.
</Callout>
## Key Features
@@ -48,6 +47,15 @@ See the [Memory Configuration Guide](/docs/configuration/librechat_yaml/object_s
## How It Works
<Callout type="note" title="Memory Agent Execution">
Until smart detection of memory-relevant requests (beyond the LLM's own agency) is implemented, the memory agent runs on every request when memory is enabled.
Timing and order:
- The memory agent runs before the main chat response.
- It is limited to the amount of time it takes the main chat request to completely finish, plus up to 3 seconds after the initial chat request finishes.
- This design ensures memory updates are applied promptly and are expected to finish sooner if updates are needed, without delaying the user's chat experience.
</Callout>
### 1. Information Storage
When memory is enabled, the system can store:
- User preferences (communication style, topics of interest)

2
pages/docs/features/url_query.mdx
View File

@@ -162,7 +162,7 @@ Different endpoints support various parameters:
```bash
# Note: these should be valid values according to the provider's API
temperature, presence_penalty, frequency_penalty, stop, top_p, max_tokens,
reasoning_effort, reasoning_summary, useResponsesApi, web_search, disableStreaming
reasoning_effort, reasoning_summary, verbosity, useResponsesApi, web_search, disableStreaming
```
**Google, Anthropic:**