Docs
⚙️ Configuration
Authentication
Intro

Basic Configuration:

General

For a quick overview, refer to the user guide provided here: Authentication

Here’s an overview of the general configuration.

KeyTypeDescriptionExample
ALLOW_EMAIL_LOGINbooleanEnable or disable ONLY email login.ALLOW_EMAIL_LOGIN=true
ALLOW_REGISTRATIONbooleanEnable or disable Email registration of new users.ALLOW_REGISTRATION=true
ALLOW_SOCIAL_LOGINbooleanAllow users to connect to LibreChat with various social networks.ALLOW_SOCIAL_LOGIN=false
ALLOW_SOCIAL_REGISTRATIONbooleanEnable or disable registration of new users using various social networks.ALLOW_SOCIAL_REGISTRATION=false

Note: OpenID does not support the ability to disable only registration.

Quick Tips:

register-light

register

Session Expiry and Refresh Token

KeyTypeDescriptionExample
SESSION_EXPIRYinteger (milliseconds)Session expiry time.SESSION_EXPIRY=1000 * 60 * 15
REFRESH_TOKEN_EXPIRYinteger (milliseconds)Refresh token expiry time.REFRESH_TOKEN_EXPIRY=(1000 * 60 * 60 * 24) * 7

JWT Secret and Refresh Secret

  • You should use new secure values. The examples given are 32-byte keys (64 characters in hex).
    • Use this tool to generate some quickly: JWT Keys
KeyTypeDescriptionExample
JWT_SECRETstring (hex)JWT secret key.JWT_SECRET=16f8c0ef4a5d391b26034086c628469d3f9f497f08163ab9b40137092f2909ef
JWT_REFRESH_SECRETstring (hex)JWT refresh secret key.JWT_REFRESH_SECRET=eaa5191f2914e30b9387fd84e254e4ba6fc51b4654968a9b0803b456a54b8418

Automated Moderation System (optional)

The Automated Moderation System is enabled by default. It uses a scoring mechanism to track user violations. As users commit actions like excessive logins, registrations, or messaging, they accumulate violation scores. Upon reaching a set threshold, the user and their IP are temporarily banned. This system ensures platform security by monitoring and penalizing rapid or suspicious activities.

To set up the mod system, review the setup guide.

Please Note: If you want this to work in development mode, you will need to create a file called .env.development in the root directory and set DOMAIN_CLIENT to http://localhost:3090 or whatever port is provided by vite when runnning npm run frontend-dev

User Management Scripts

Create User Script

The create-user script allows you to add users directly to the database, even when registration is disabled. Here’s how to use it:

  1. For the default docker-compose.yml (if you use docker compose up to start the app):

    docker-compose exec api npm run create-user
    
  2. For the deploy-compose.yml (if you followed the Ubuntu Docker Guide):

    docker exec -it LibreChat-API /bin/sh -c "cd .. && npm run create-user"
    
  3. For local development (from project root):

    npm run create-user
    

Follow the prompts to enter the new user’s email and password.

Delete User Script

To delete a user, you can use the delete-user script:

  1. For the default docker-compose.yml (if you use docker compose up to start the app):

    docker-compose exec api npm run delete-user [email protected]
    
  2. For the deploy-compose.yml (if you followed the Ubuntu Docker Guide):

    docker exec -it LibreChat-API /bin/sh -c "cd .. && npm run delete-user [email protected]"
    
  3. For local development (from project root):

    npm run delete-user [email protected]
    

Replace [email protected] with the email of the user you want to delete.