[GH-ISSUE #17585] issue: oauth access token refresh - 'coroutine' object has no attribute 'get' error #105331

Closed
opened 2026-05-18 03:17:34 -05:00 by GiteaMirror · 2 comments
Owner

Originally created by @gvo on GitHub (Sep 18, 2025).
Original GitHub issue: https://github.com/open-webui/open-webui/issues/17585

Check Existing Issues

  • I have searched for any existing and/or related issues.
  • I have searched for any existing and/or related discussions.
  • I am using the latest version of Open WebUI.

Installation Method

Git Clone

Open WebUI Version

0.6.30

Ollama Version (if applicable)

No response

Operating System

Windows

Browser (if applicable)

Chrome

Confirmation

  • I have read and followed all instructions in README.md.
  • I am using the latest version of both Open WebUI and Ollama.
  • I have included the browser console logs.
  • I have included the Docker container logs.
  • I have provided every relevant configuration, setting, and environment variable used in my setup.
  • I have clearly listed every relevant configuration, custom setting, environment variable, and command-line option that influences my setup (such as Docker Compose overrides, .env values, browser settings, authentication configurations, etc).
  • I have documented step-by-step reproduction instructions that are precise, sequential, and leave nothing to interpretation. My steps:
  • Start with the initial platform/version/OS and dependencies used,
  • Specify exact install/launch/configure commands,
  • List URLs visited, user input (incl. example values/emails/passwords if needed),
  • Describe all options and toggles enabled or changed,
  • Include any files or environmental changes,
  • Identify the expected and actual result at each stage,
  • Ensure any reasonably skilled user can follow and hit the same issue.

Expected Behavior

OAuth access token should refresh properly.

Actual Behavior

When the token is near expiry and should be refreshed, you get a chat bubble stating 'coroutine' object has no attribute 'get'.

Steps to Reproduce

  1. Have oauth enabled (Microsoft in my case)
  2. Wait for your oauth token to reach expiry
  3. Type in a conversation
  4. Receive coroutine error

Logs & Screenshots

N/A

Additional Information

Required Changes:

  1. oauth.py:160 - Change def get_oauth_token( to async def get_oauth_token(
  2. oauth.py:189 - Change refreshed_token = self._refresh_token(session) to refreshed_token = await self._refresh_token(session)
  3. Update all callers - Add await to all get_oauth_token() calls
Originally created by @gvo on GitHub (Sep 18, 2025). Original GitHub issue: https://github.com/open-webui/open-webui/issues/17585 ### Check Existing Issues - [x] I have searched for any existing and/or related issues. - [x] I have searched for any existing and/or related discussions. - [x] I am using the latest version of Open WebUI. ### Installation Method Git Clone ### Open WebUI Version 0.6.30 ### Ollama Version (if applicable) _No response_ ### Operating System Windows ### Browser (if applicable) Chrome ### Confirmation - [x] I have read and followed all instructions in `README.md`. - [x] I am using the latest version of **both** Open WebUI and Ollama. - [x] I have included the browser console logs. - [x] I have included the Docker container logs. - [x] I have **provided every relevant configuration, setting, and environment variable used in my setup.** - [x] I have clearly **listed every relevant configuration, custom setting, environment variable, and command-line option that influences my setup** (such as Docker Compose overrides, .env values, browser settings, authentication configurations, etc). - [x] I have documented **step-by-step reproduction instructions that are precise, sequential, and leave nothing to interpretation**. My steps: - Start with the initial platform/version/OS and dependencies used, - Specify exact install/launch/configure commands, - List URLs visited, user input (incl. example values/emails/passwords if needed), - Describe all options and toggles enabled or changed, - Include any files or environmental changes, - Identify the expected and actual result at each stage, - Ensure any reasonably skilled user can follow and hit the same issue. ### Expected Behavior OAuth access token should refresh properly. ### Actual Behavior When the token is near expiry and should be refreshed, you get a chat bubble stating 'coroutine' object has no attribute 'get'. ### Steps to Reproduce 1. Have oauth enabled (Microsoft in my case) 2. Wait for your oauth token to reach expiry 3. Type in a conversation 4. Receive coroutine error ### Logs & Screenshots N/A ### Additional Information **Required Changes:** 1. **oauth.py:160** - Change `def get_oauth_token(` to `async def get_oauth_token(` 2. **oauth.py:189** - Change `refreshed_token = self._refresh_token(session)` to `refreshed_token = await self._refresh_token(session)` 3. **Update all callers** - Add `await` to all `get_oauth_token()` calls
GiteaMirror added the bug label 2026-05-18 03:17:34 -05:00
Author
Owner

@tjbck commented on GitHub (Sep 19, 2025):

Addressed with e4c4ba097925569d36b8c54d8f62f11a52ed098a!

<!-- gh-comment-id:3310594013 --> @tjbck commented on GitHub (Sep 19, 2025): Addressed with e4c4ba097925569d36b8c54d8f62f11a52ed098a!
Author
Owner

@gvo commented on GitHub (Sep 19, 2025):

@tjbck just following up - I see you've addressed the await issue.

Discovered an upstream issue with _perform_token_refresh after my testing.

oauth.py Line 257: async with session_http.get(client.gserver_metadata_url) as r:

The gserver_metadata_url is a typo. However, assuming it's meant to be server_metadata_url, it's inaccessible:

  2025-09-19T02:27:38.3640641Z 2025-09-19 02:27:38.363 | ERROR    | open_webui.utils.oauth:_perform_token_refresh:334 - Exception during token refresh for provider microsoft: 'StarletteOAuth2App' object has no attribute 'server_metadata_url'
  2025-09-19T02:27:38.3641310Z 2025-09-19 02:27:38.363 | ERROR    | open_webui.utils.oauth:_refresh_token:239 - Failed to refresh token for session 4c32cb1d-b402-4203-aa51-18f5183cfa0e
  2025-09-19T02:27:38.3641359Z 2025-09-19 02:27:38.363 | WARNING  | open_webui.utils.oauth:get_oauth_token:197 - Token refresh failed for user 53c23607-bd0f-4e5d-ac78-19fe7e84c3f9, provider microsoft

Potential fix would be:

            token_endpoint = None
            try:
                metadata = await client.load_server_metadata()
                if metadata:
                    token_endpoint = metadata.get("token_endpoint")
                    if token_endpoint:
                        log.debug(f"Retrieved token endpoint for provider {provider}: {token_endpoint}")
            except Exception as e:
                log.error(f"Failed to load server metadata for provider {provider}: {e}")

Also, for Microsoft providers the refresh_data is missing the "scope" parameter.

            if provider == "microsoft":
                refresh_data["scope"] = str(MICROSOFT_OAUTH_SCOPE)

If scope is missing from the refresh token request the user will get this error:

'error_description': "AADSTS90009: Application 'redacted'(redacted) is requesting a token for itself. [...]"
<!-- gh-comment-id:3310625228 --> @gvo commented on GitHub (Sep 19, 2025): @tjbck just following up - I see you've addressed the await issue. Discovered an upstream issue with **_perform_token_refresh** after my testing. **oauth.py Line 257:** async with session_http.get(client.**gserver_metadata_url**) as r: The gserver_metadata_url is a typo. However, assuming it's meant to be **server_metadata_url**, it's inaccessible: ``` 2025-09-19T02:27:38.3640641Z 2025-09-19 02:27:38.363 | ERROR | open_webui.utils.oauth:_perform_token_refresh:334 - Exception during token refresh for provider microsoft: 'StarletteOAuth2App' object has no attribute 'server_metadata_url' 2025-09-19T02:27:38.3641310Z 2025-09-19 02:27:38.363 | ERROR | open_webui.utils.oauth:_refresh_token:239 - Failed to refresh token for session 4c32cb1d-b402-4203-aa51-18f5183cfa0e 2025-09-19T02:27:38.3641359Z 2025-09-19 02:27:38.363 | WARNING | open_webui.utils.oauth:get_oauth_token:197 - Token refresh failed for user 53c23607-bd0f-4e5d-ac78-19fe7e84c3f9, provider microsoft ``` Potential fix would be: ``` token_endpoint = None try: metadata = await client.load_server_metadata() if metadata: token_endpoint = metadata.get("token_endpoint") if token_endpoint: log.debug(f"Retrieved token endpoint for provider {provider}: {token_endpoint}") except Exception as e: log.error(f"Failed to load server metadata for provider {provider}: {e}") ``` Also, for Microsoft providers the refresh_data is missing the "scope" parameter. ``` if provider == "microsoft": refresh_data["scope"] = str(MICROSOFT_OAUTH_SCOPE) ``` If scope is missing from the refresh token request the user will get this error: ``` 'error_description': "AADSTS90009: Application 'redacted'(redacted) is requesting a token for itself. [...]" ```
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/open-webui#105331