OAuth token response validation is too strict #420
Description
I've got a MCP server that is protected using EntraID. I have set up a client id and secret in the OAuth section of the mcp server registration. All seems to work until token response is returned to LibreChat.
I get the following error in the log:
2025-10-03 11:05:35 error: [MCPOAuth] Failed to complete OAuth flow
2025-10-03 11:05:35 error: [MCP OAuth] OAuth callback error [
{
"code": "invalid_type",
"expected": "number",
"received": "string",
"path": [
"expires_in"
],
"message": "Expected number, received string"
}
]
2025-10-03 11:05:36 error: Error in OAuth authentication: Unknown error`
I've done some digging and the token response does indeed set the "expires_in" as a string, since this is Microsoft I will not presume to suggest that they are not following the oauth standard so that leads me to think that LibreChat is a tad too strict on the format of the token response.
Here is an abbreviated example of a token response from Entra ID:
{
"token_type":"Bearer",
"scope":"manage",
"expires_in":"5250",
"ext_expires_in":"5250",
"expires_on":"1759495112",
"not_before":"1759489561",
"resource":"api://some-test-mcp-server",
"access_token":"eyJ0e.....Y2WwQ"
}