@lobehub/chat 1.105.5 → 1.106.0

package/CHANGELOG.md

@@ -2,6 +2,56 @@
 
 # Changelog
 
+## [Version 1.106.0](https://github.com/lobehub/lobe-chat/compare/v1.105.6...v1.106.0)
+
+<sup>Released on **2025-07-29**</sup>
+
+#### ✨ Features
+
+- **misc**: Add support for Okta Authentication.
+
+<br/>
+
+<details>
+<summary><kbd>Improvements and Fixes</kbd></summary>
+
+#### What's improved
+
+- **misc**: Add support for Okta Authentication, closes [#8547](https://github.com/lobehub/lobe-chat/issues/8547) ([67abdfe](https://github.com/lobehub/lobe-chat/commit/67abdfe))
+
+</details>
+
+<div align="right">
+
+[![](https://img.shields.io/badge/-BACK_TO_TOP-151515?style=flat-square)](#readme-top)
+
+</div>
+
+### [Version 1.105.6](https://github.com/lobehub/lobe-chat/compare/v1.105.5...v1.105.6)
+
+<sup>Released on **2025-07-29**</sup>
+
+#### 💄 Styles
+
+- **misc**: Open new topic by tap Just Chat again.
+
+<br/>
+
+<details>
+<summary><kbd>Improvements and Fixes</kbd></summary>
+
+#### Styles
+
+- **misc**: Open new topic by tap Just Chat again, closes [#8426](https://github.com/lobehub/lobe-chat/issues/8426) ([018ca75](https://github.com/lobehub/lobe-chat/commit/018ca75))
+
+</details>
+
+<div align="right">
+
+[![](https://img.shields.io/badge/-BACK_TO_TOP-151515?style=flat-square)](#readme-top)
+
+</div>
+
 ### [Version 1.105.5](https://github.com/lobehub/lobe-chat/compare/v1.105.4...v1.105.5)
 
 <sup>Released on **2025-07-29**</sup>

package/changelog/v1.json

@@ -1,4 +1,22 @@
 [
+  {
+    "children": {
+      "features": [
+        "Add support for Okta Authentication."
+      ]
+    },
+    "date": "2025-07-29",
+    "version": "1.106.0"
+  },
+  {
+    "children": {
+      "improvements": [
+        "Open new topic by tap Just Chat again."
+      ]
+    },
+    "date": "2025-07-29",
+    "version": "1.105.6"
+  },
   {
     "children": {
       "fixes": [

package/docs/self-hosting/advanced/auth/next-auth/okta.mdx

@@ -0,0 +1,65 @@
+---
+title: Configure Okta Identity Verification Service for LobeChat
+description: >-
+  Learn how to configure Okta Identity Verification Service for LobeChat for your organization, including creating applications, adding users, and configuring environment variables.
+
+tags:
+  - Okta
+  - Identity Verification
+  - Single Sign-On
+  - Environment Variables
+  - User Management
+  - SSO Integrations
+  - Social Login
+---
+
+# Configure Okta Identity Verification Service
+
+<Steps>
+  ### Create Okta Application
+
+  Register and log in to [Okta][okta-client-page], open the "Applications" subtab in the left navigation bar, and click "Applications" to switch to the application management interface. click "Create App Integration" in the upper left corner to create an application.
+
+  Select "OIDC - OpenID Connect" in Sign-In Method and then select "Web Application" in Application Type.
+
+  Fill in the following settings:
+
+  | Setting Name           | Description                                                                                                  | Sample Information                            |
+  | ---------------------- | ------------------------------------------------------------------------------------------------------------ | --------------------------------------------- |
+  | App Integration Name   | The Application Name your users will see                                                                     | LobeChat Instance                             |
+  | Sign-in redirect URIs  | Okta sends the authentication response and ID token for the user's sign-in request to these URIs             | (http(s)://your-domain/api/auth/callback/okta |
+  | Sign-out redirect URIs | After your application contacts Okta to close the user session, Okta redirects the user to one of these URIs | (http(s)://your-domain                        |
+
+  <Callout type={'important'}>
+    You can fill in or modify all the fields after deployment, but make sure the filled URL is
+    consistent with the deployed URL.
+  </Callout>
+
+  ### Add Users
+
+  Click on the "Assignments" in the top navigation bar to enter the user management interface, where you can create or assign users in your organization to log in to LobeChat.
+
+  ### Configure Environment Variables
+
+  When deploying LobeChat, you need to configure the following environment variables:
+
+  | Environment Variable      | Type     | Description                                                                                                                                                                                         |
+  | ------------------------- | -------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+  | `NEXT_AUTH_SECRET`        | Required | Key used to encrypt Auth.js session tokens. You can generate a key using the following command: `openssl rand -base64 32`                                                                           |
+  | `NEXT_AUTH_SSO_PROVIDERS` | Required | Select the single sign-on provider for LoboChat. Use `okta` for Okta.                                                                                                                               |
+  | `AUTH_OKTA_ID`            | Required | Client ID of the Okta application                                                                                                                                                                   |
+  | `AUTH_OKTA_SECRET`        | Required | Client Secret of the Okta application                                                                                                                                                               |
+  | `AUTH_OKTA_ISSUER`        | Required | Domain of the Okta application, `https://example.oktapreview.com`                                                                                                                                   |
+  | `NEXTAUTH_URL`            | Optional | The URL is used to specify the callback address for the execution of OAuth authentication in Auth.js. It needs to be set only when the default address is incorrect. `https://example.com/api/auth` |
+
+  <Callout type={'tip'}>
+    You can refer to the related variable details at [📘Environment Variables](/docs/self-hosting/environment-variable/auth#okta).
+  </Callout>
+</Steps>
+
+<Callout>
+  After successful deployment, users will be able to authenticate and use LobeChat using the users
+  configured in Okta.
+</Callout>
+
+[okta-client-page]: https://login.okta.com

package/docs/self-hosting/advanced/auth/next-auth/okta.zh-CN.mdx

@@ -0,0 +1,63 @@
+---
+title: 在 LobeChat 中配置 Okta 身份验证服务 - 详细步骤和环境变量设置
+description: >-
+  学习如何在 LobeChat 中为您的组织配置 Okta 身份验证服务，包括创建应用程序、添加用户和配置环境变量等。
+
+tags:
+  - Okta
+  - 身份验证
+  - 单点登录
+  - 环境变量
+  - 用户管理
+  - SSO 集成
+  - 社交登录
+---
+
+# 配置 Okta 身份验证服务
+
+<Steps>
+  ### 创建 Okta 应用程序
+
+  注册并登录 [Okta][okta-client-page]，打开左侧导航栏中的「Applications」子选项卡，点击「Applications」切换到应用程序管理界面。点击左上角的「Create App Integration」创建应用程序。
+
+  在登录方法中选择「OIDC - OpenID Connect」，然后在应用程序类型中选择「Web Application」。
+
+  填写以下设置：
+
+  | 设置名称                   | 描述                                          | 示例信息                                          |
+  | ---------------------- | ------------------------------------------- | --------------------------------------------- |
+  | App Integration Name   | 您的用户将看到的应用程序名称                              | LobeChat Instance                             |
+  | Sign-in redirect URIs  | Okta 将用户登录请求的身份验证响应和 ID 令牌发送到这些 URI         | (http(s)://your-domain/api/auth/callback/okta |
+  | Sign-out redirect URIs | 您的应用程序联系 Okta 关闭用户会话后，Okta 将用户重定向到这些 URI 之一 | (http(s)://your-domain                        |
+
+  <Callout type={'important'}>
+    您可以在部署后填写或修改所有字段，但请确保填写的 URL 与部署的 URL 一致。
+  </Callout>
+
+  ### 添加用户
+
+  点击顶部导航栏中的「Assignments」进入用户管理界面，您可以在此创建或分配组织中的用户来登录 LobeChat。
+
+  ### 配置环境变量
+
+  在部署 LobeChat 时，您需要配置以下环境变量：
+
+  | 环境变量                      | 类型 | 描述                                                                                   |
+  | ------------------------- | -- | ------------------------------------------------------------------------------------ |
+  | `NEXT_AUTH_SECRET`        | 必选 | 用于加密 Auth.js 会话令牌的密钥。您可以使用以下命令生成密钥：`openssl rand -base64 32`                         |
+  | `NEXT_AUTH_SSO_PROVIDERS` | 必选 | 选择 LoboChat 的单点登录提供商。使用 Okta 请填写 `okta`。                                             |
+  | `AUTH_OKTA_ID`            | 必选 | Okta 应用程序的客户端 ID                                                                     |
+  | `AUTH_OKTA_SECRET`        | 必选 | Okta 应用程序的客户端密钥                                                                      |
+  | `AUTH_OKTA_ISSUER`        | 必选 | Okta 应用程序的域名，`https://example.oktapreview.com`                                       |
+  | `NEXTAUTH_URL`            | 可选 | 该 URL 用于指定 Auth.js 在执行 OAuth 认证时的回调地址。仅当默认地址不正确时才需要设置。`https://example.com/api/auth` |
+
+  <Callout type={'tip'}>
+    您可以在 [📘环境变量](/zh/docs/self-hosting/environment-variables/auth#okta) 查阅相关变量详情。
+  </Callout>
+</Steps>
+
+<Callout>
+  部署成功后，用户将能够使用在 Okta 中配置的用户进行身份验证并使用 LobeChat。
+</Callout>
+
+[okta-client-page]: https://login.okta.com

package/docs/self-hosting/advanced/auth.mdx

@@ -55,6 +55,8 @@ Currently supported identity verification services include:
   <Card href={'/docs/self-hosting/advanced/auth/next-auth/keycloak'} title={'Keycloak'} />
 
   <Card href={'/docs/self-hosting/advanced/auth/next-auth/google'} title={'Google'} />
+
+  <Card href={'/docs/self-hosting/advanced/auth/next-auth/okta'} title={'Okta'} />
 </Cards>
 
 Click on the links to view the corresponding platform's configuration documentation.
@@ -78,6 +80,7 @@ The order corresponds to the display order of the SSO providers.
 | ZITADEL               | `zitadel`               |
 | Keycloak              | `keycloak`              |
 | Google                | `google`                |
+| Okta                  | `okta`                  |
 
 ## Other SSO Providers
 

package/docs/self-hosting/advanced/auth.zh-CN.mdx

@@ -51,6 +51,8 @@ LobeChat 与 Clerk 做了深度集成，能够为用户提供一个更加安全
   <Card href={'/zh/docs/self-hosting/advanced/auth/next-auth/logto'} title={'Logto'} />
 
   <Card href={'/zh/docs/self-hosting/advanced/auth/next-auth/keycloak'} title={'Keycloak'} />
+
+  <Card href={'/zh/docs/self-hosting/advanced/auth/next-auth/okta'} title={'Okta'} />
 </Cards>
 
 点击即可查看对应平台的配置文档。
@@ -73,6 +75,7 @@ LobeChat 与 Clerk 做了深度集成，能够为用户提供一个更加安全
 | Microsoft Entra ID    | `microsoft-entra-id`    |
 | ZITADEL               | `zitadel`               |
 | Keycloak              | `keycloak`              |
+| Okta                  | `okta`                  |
 
 ## 其他 SSO 提供商
 

package/docs/self-hosting/environment-variables/auth.mdx

@@ -249,6 +249,29 @@ LobeChat provides a complete authentication service capability when deployed. Th
 - Default: `-`
 - Example: `https://your-instance-abc123.zitadel.cloud`
 
+### Okta
+
+#### `AUTH_OKTA_ID`
+
+- Type: Required
+- Description: Client ID of the Okta application. This can be found under your application settings in the Okta console.
+- Default: `-`
+- Example: `ac12c950f3ce48c8a45a`
+
+#### `AUTH_OKTA_SECRET`
+
+- Type: Required
+- Description: Client Secret of the Okta application. This can be found under your application settings in the Okta console.
+- Default: `-`
+- Example: `ex1HqvSOOkC5INqo42grOSqNvHoD4p84em1yy5QU7v88IZlaWGywFjYkrkpkSopt`
+
+#### `AUTH_OKTA_ISSUER`
+
+- Type: Required
+- Description: Issuer of the Okta application. This is the URL of the Okta instance -- If branding is set up, it can be your custom domain.
+- Default: `-`
+- Example: `https://your-instance.okta.com`
+
 ### Generic OIDC
 
 #### `AUTH_GENERIC_OIDC_ID`

package/docs/self-hosting/environment-variables/auth.zh-CN.mdx

@@ -245,6 +245,29 @@ LobeChat 在部署时提供了完善的身份验证服务能力，以下是相
 - 默认值：`-`
 - 示例：`https://your-instance-abc123.zitadel.cloud`
 
+### Okta
+
+#### `AUTH_OKTA_ID`
+
+- 类型：必选
+- 描述：Okta 应用程序的 Client ID。您可以在 Okta 控制台的应用程序设置中找到。
+- 默认值：`-`
+- 示例：`ac12c950f3ce48c8a45a`
+
+#### `AUTH_OKTA_SECRET`
+
+- 类型：必选
+- 描述：Okta 应用程序的 Client Secret。您可以在 Okta 控制台的应用程序设置中找到。
+- 默认值：`-`
+- 示例：`ex1HqvSOOkC5INqo42grOSqNvHoD4p84em1yy5QU7v88IZlaWGywFjYkrkpkSopt`
+
+#### `AUTH_OKTA_ISSUER`
+
+- 类型：必选
+- 描述：Okta 应用程序的 OpenID Connect 颁发者（issuer）。这是 Okta 实例的 URL—— 如果设置了品牌化，也可以是您的自定义域名。
+- 默认值：`-`
+- 示例：`https://your-instance.okta.com`
+
 ### Generic OIDC
 
 #### `AUTH_GENERIC_OIDC_ID`

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@lobehub/chat",
-  "version": "1.105.5",
+  "version": "1.106.0",
   "description": "Lobe Chat - an open-source, high-performance chatbot framework that supports speech synthesis, multimodal, and extensible Function Call plugin system. Supports one-click free deployment of your private ChatGPT/LLM web application.",
   "keywords": [
     "framework",

package/src/app/[variants]/(main)/chat/@session/features/SessionListContent/Inbox/index.tsx

@@ -6,6 +6,8 @@ import { DEFAULT_INBOX_AVATAR } from '@/const/meta';
 import { INBOX_SESSION_ID } from '@/const/session';
 import { SESSION_CHAT_URL } from '@/const/url';
 import { useSwitchSession } from '@/hooks/useSwitchSession';
+import { getChatStoreState, useChatStore } from '@/store/chat';
+import { chatSelectors } from '@/store/chat/selectors';
 import { useServerConfigStore } from '@/store/serverConfig';
 import { useSessionStore } from '@/store/session';
 
@@ -17,13 +19,26 @@ const Inbox = memo(() => {
   const activeId = useSessionStore((s) => s.activeId);
   const switchSession = useSwitchSession();
 
+  const openNewTopicOrSaveTopic = useChatStore((s) => s.openNewTopicOrSaveTopic);
+
   return (
     <Link
       aria-label={t('inbox.title')}
       href={SESSION_CHAT_URL(INBOX_SESSION_ID, mobile)}
-      onClick={(e) => {
+      onClick={async (e) => {
         e.preventDefault();
-        switchSession(INBOX_SESSION_ID);
+
+        if (activeId === INBOX_SESSION_ID && !mobile) {
+          // If user tap the inbox again, open a new topic.
+          // Only for desktop.
+          const inboxMessages = chatSelectors.inboxActiveTopicMessages(getChatStoreState());
+
+          if (inboxMessages.length > 0) {
+            await openNewTopicOrSaveTopic();
+          }
+        } else {
+          switchSession(INBOX_SESSION_ID);
+        }
       }}
     >
       <ListItem

package/src/libs/next-auth/sso-providers/index.ts

@@ -4,15 +4,16 @@ import Authentik from './authentik';
 import AzureAD from './azure-ad';
 import Casdoor from './casdoor';
 import CloudflareZeroTrust from './cloudflare-zero-trust';
+import Cognito from './cognito';
 import GenericOIDC from './generic-oidc';
 import Github from './github';
 import Google from './google';
 import Keycloak from './keycloak';
 import Logto from './logto';
 import MicrosoftEntraID from './microsoft-entra-id';
+import Okta from './okta';
 import WeChat from './wechat';
 import Zitadel from './zitadel';
-import Cognito from "./cognito";
 
 export const ssoProviders = [
   Auth0,
@@ -29,5 +30,6 @@ export const ssoProviders = [
   WeChat,
   Keycloak,
   Google,
-  Cognito
+  Cognito,
+  Okta,
 ];

package/src/libs/next-auth/sso-providers/okta.ts

@@ -0,0 +1,26 @@
+import Okta from 'next-auth/providers/okta';
+
+import { CommonProviderConfig } from './sso.config';
+
+const provider = {
+  id: 'okta',
+  provider: Okta({
+    ...CommonProviderConfig,
+    authorization: { params: { scope: 'openid email profile' } },
+    clientId: process.env.AUTH_OKTA_ID,
+    clientSecret: process.env.AUTH_OKTA_SECRET,
+    issuer: process.env.AUTH_OKTA_ISSUER,
+    // Remove End
+    profile(profile) {
+      return {
+        email: profile.email,
+        id: profile.sub,
+        image: profile.picture,
+        name: profile.name ?? profile.preferred_username,
+        providerAccountId: profile.sub,
+      };
+    },
+  }),
+};
+
+export default provider;

package/src/store/chat/slices/message/selectors.ts

@@ -201,6 +201,11 @@ const isSendButtonDisabledByMessage = (s: ChatStoreState) =>
   // 4. when the message is in RAG flow
   isInRAGFlow(s);
 
+const inboxActiveTopicMessages = (state: ChatStoreState) => {
+  const activeTopicId = state.activeTopicId;
+  return state.messagesMap[messageMapKey(INBOX_SESSION_ID, activeTopicId)] || [];
+};
+
 export const chatSelectors = {
   activeBaseChats,
   activeBaseChatsWithoutTool,
@@ -213,6 +218,7 @@ export const chatSelectors = {
   getMessageById,
   getMessageByToolCallId,
   getTraceIdByMessageId,
+  inboxActiveTopicMessages,
   isAIGenerating,
   isCreatingMessage,
   isCurrentChatLoaded,