Possibility to use social login with a callback to different URL (especially for native iOS/Android clients)

[mfreiwald]

I would like to create a native iOS app that uses LibreChat as its backend. Right now, only the local login works but no OAuth flow because of missing redirects back to the app.

To make this possible and without big changes in the authorization flow, a redirect parameter when calling the OAuth login would be possible. This redirect enables native app developers to use the already implemented OAuth flow and receive the token & refreshToken after successful login.

E.g. an iOS developers can use ASWebAuthenticationSession to start the authorization and after a callback to a custom scheme, the tokens from the callback URL can be extracted.

I will use the openid endpoint as an example, but it works with all implemented social logins.

To keep the redirect URL between the initial call of oauth/openid and the callback of the authorizer oauth/openid/callback, the initial redirect URL will be stored in the state-parameter of the OAuth flow described by the Auth0 documentation: https://auth0.com/docs/secure/attack-protection/state-parameters

In the example following properties will be used:
libre-chat-ios as the custom scheme for an iOS app that will be used to redirect after the authorization is successful.
libre-chat-ios://auth/callback as the callback URL to return the tokens to the app
oauth/openid as the selected authorizer

The flow would look like this:

1. Open https://chat.example.dev/oauth/openid?redirect=libre-chat-ios://auth/callback
2. openid route checks if there is a redirect parameter and will store it in the state property when calling the openid endpoint
3. authorization happens and the callback URL of LibreChat https://chat.example.dev/oauth/openid/callback gets called
4. callback route reads the state property and decodes the redirect URL of the native app
5. if there is a redirect in the state, use this instead to the LibreChat root and append the tokens
   libre-chat-ios://auth/callback?token=123&refreshToken=abc

I already implemented a solution for this here: Add redirect parameter to OAuth logins

[ndrsfel]

I like the idea of a native iOS app, especially in perspective of changes to PWAs in iOS 17.4

@mfreiwald would #1856 help?

[mfreiwald]

I'm not 100% sure if this helps.
But another solution would be to have user generated API keys which can be used.