Docs
Configuration
Authentication
Intro

Basic Configuration:

General

For a quick overview, refer to the user guide provided here: Authentication

Here’s an overview of the general configuration.

KeyTypeDescriptionExample
ALLOW_EMAIL_LOGINbooleanEnable or disable ONLY email login.ALLOW_EMAIL_LOGIN=true
ALLOW_REGISTRATIONbooleanEnable or disable Email registration of new users.ALLOW_REGISTRATION=true
ALLOW_SOCIAL_LOGINbooleanAllow users to connect to LibreChat with various social networks.ALLOW_SOCIAL_LOGIN=false
ALLOW_SOCIAL_REGISTRATIONbooleanEnable or disable registration of new users using various social networks.ALLOW_SOCIAL_REGISTRATION=false

Note: OpenID does not support the ability to disable only registration.

Quick Tip: Even with registration disabled, add users directly to the database using npm run create-user. If you can’t get npm to work, try sudo docker exec -ti LibreChat sh first to “ssh” into the container. Quick Tip: To delete a user, you can run docker-compose exec api npm run delete-user [email protected]

register-light

register

Session Expiry and Refresh Token

KeyTypeDescriptionExample
SESSION_EXPIRYinteger (milliseconds)Session expiry time.SESSION_EXPIRY=1000 * 60 * 15
REFRESH_TOKEN_EXPIRYinteger (milliseconds)Refresh token expiry time.REFRESH_TOKEN_EXPIRY=(1000 * 60 * 60 * 24) * 7

JWT Secret and Refresh Secret

  • You should use new secure values. The examples given are 32-byte keys (64 characters in hex).
    • Use this tool to generate some quickly: JWT Keys
KeyTypeDescriptionExample
JWT_SECRETstring (hex)JWT secret key.JWT_SECRET=16f8c0ef4a5d391b26034086c628469d3f9f497f08163ab9b40137092f2909ef
JWT_REFRESH_SECRETstring (hex)JWT refresh secret key.JWT_REFRESH_SECRET=eaa5191f2914e30b9387fd84e254e4ba6fc51b4654968a9b0803b456a54b8418

Automated Moderation System (optional)

The Automated Moderation System is enabled by default. It uses a scoring mechanism to track user violations. As users commit actions like excessive logins, registrations, or messaging, they accumulate violation scores. Upon reaching a set threshold, the user and their IP are temporarily banned. This system ensures platform security by monitoring and penalizing rapid or suspicious activities.

To set up the mod system, review the setup guide.

Please Note: If you want this to work in development mode, you will need to create a file called .env.development in the root directory and set DOMAIN_CLIENT to http://localhost:3090 or whatever port is provided by vite when runnning npm run frontend-dev