[PR #24690] fix(oauth): use Protected Resource Metadata scopes in static OAuth 2.1 flow #115093

Open
opened 2026-05-18 16:02:44 -05:00 by GiteaMirror · 0 comments
Owner

📋 Pull Request Information

Original PR: https://github.com/open-webui/open-webui/pull/24690
Author: @JustinJohnWilliams
Created: 5/13/2026
Status: 🔄 Open

Base: devHead: fix/static-oauth-scopes-from-prm


📝 Commits (1)

  • f8d8824 fix(oauth): use Protected Resource Metadata scopes in static OAuth 2.1 flow

📊 Changes

1 file changed (+12 additions, -7 deletions)

View changed files

📝 backend/open_webui/utils/oauth.py (+12 -7)

📄 Description

Pull Request Checklist

  • Linked Issue/Discussion: Relates to [PR #14982] [MERGED] fix: Replace Inline SVGs with Icon Components and Convert Links to Buttons (#23668)
  • Target branch: The pull request targets the dev branch.
  • Description: A concise description of the changes is provided below.
  • Changelog: A changelog entry following Keep a Changelog format is included at the bottom.
  • Documentation: N/A — no user-facing documentation change needed.
  • Dependencies: No new dependencies.
  • Testing: Manually tested against GitHub MCP server's /.well-known/oauth-protected-resource endpoint. Confirmed scopes are included in the authorization request.
  • No Unchecked AI Code: This PR has undergone thorough human review and manual testing.
  • Self-Review: A self-review of the code has been performed.
  • Architecture: No new settings. Uses existing PRM discovery flow.
  • Git Hygiene: Single atomic commit, rebased on dev.
  • Title Prefix: fix:

Changelog Entry

Description

The static credentials OAuth 2.1 flow (oauth_2.1_static) currently sets scope=None, relying on the OAuth provider's default scopes. This breaks providers like GitHub that default to minimal/public-only access when no scope is requested — making it impossible to access private resources via MCP tool servers using static OAuth credentials.

This PR reads scopes_supported from the Protected Resource Metadata document (RFC 9728) and uses them in the authorization request.

Why this doesn't break Entra ID:

The original change (349ea4ea) correctly identified that requesting all scopes from the Authorization Server Metadata breaks providers like Entra ID. However, the Protected Resource Metadata's scopes_supported is semantically different:

  • AS Metadata scopes_supported: Full catalog of every scope the authorization server can grant across all resources
  • PRM scopes_supported (RFC 9728 §2): Scopes required by this specific protected resource

Per the MCP spec's Scope Selection Strategy, clients should use scopes_supported from the Protected Resource Metadata when no explicit scope is provided in the WWW-Authenticate challenge.

Added

  • scopes_supported field on ProtectedResourceMetadata dataclass

Changed

  • get_protected_resource_metadata() now extracts scopes_supported from the PRM document
  • get_oauth_client_info_with_static_credentials() uses PRM scopes instead of None

Fixed

  • Static OAuth 2.1 flow now requests appropriate scopes for providers (like GitHub) that require explicit scope requests to grant access to private resources

Additional Information

  • Relates to #23668 (the original issue that led to removing scope handling)
  • Relates to #23696 (prior PR attempting to add admin-configurable scopes, closed due to CLA/branch)
  • Tested against github/github-mcp-server which advertises repo, read:org, etc. in its PRM scopes_supported
  • Falls back to scope=None when PRM does not include scopes_supported, preserving current behavior for Entra ID and similar providers

Contributor License Agreement


🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/open-webui/open-webui/pull/24690 **Author:** [@JustinJohnWilliams](https://github.com/JustinJohnWilliams) **Created:** 5/13/2026 **Status:** 🔄 Open **Base:** `dev` ← **Head:** `fix/static-oauth-scopes-from-prm` --- ### 📝 Commits (1) - [`f8d8824`](https://github.com/open-webui/open-webui/commit/f8d8824264e376825e8f3be720ddc5b34376aa32) fix(oauth): use Protected Resource Metadata scopes in static OAuth 2.1 flow ### 📊 Changes **1 file changed** (+12 additions, -7 deletions) <details> <summary>View changed files</summary> 📝 `backend/open_webui/utils/oauth.py` (+12 -7) </details> ### 📄 Description # Pull Request Checklist - [x] **Linked Issue/Discussion:** Relates to #23668 - [x] **Target branch:** The pull request targets the `dev` branch. - [x] **Description:** A concise description of the changes is provided below. - [x] **Changelog:** A changelog entry following Keep a Changelog format is included at the bottom. - [x] **Documentation:** N/A — no user-facing documentation change needed. - [x] **Dependencies:** No new dependencies. - [x] **Testing:** Manually tested against GitHub MCP server's `/.well-known/oauth-protected-resource` endpoint. Confirmed scopes are included in the authorization request. - [x] **No Unchecked AI Code:** This PR has undergone thorough human review and manual testing. - [x] **Self-Review:** A self-review of the code has been performed. - [x] **Architecture:** No new settings. Uses existing PRM discovery flow. - [x] **Git Hygiene:** Single atomic commit, rebased on `dev`. - [x] **Title Prefix:** `fix:` # Changelog Entry ### Description The static credentials OAuth 2.1 flow (`oauth_2.1_static`) currently sets `scope=None`, relying on the OAuth provider's default scopes. This breaks providers like GitHub that default to minimal/public-only access when no scope is requested — making it impossible to access private resources via MCP tool servers using static OAuth credentials. This PR reads `scopes_supported` from the Protected Resource Metadata document (RFC 9728) and uses them in the authorization request. **Why this doesn't break Entra ID:** The original change (349ea4ea) correctly identified that requesting all scopes from the Authorization Server Metadata breaks providers like Entra ID. However, the Protected Resource Metadata's `scopes_supported` is semantically different: - **AS Metadata `scopes_supported`**: Full catalog of every scope the authorization server can grant across all resources - **PRM `scopes_supported`** (RFC 9728 §2): Scopes required by this specific protected resource Per the MCP spec's Scope Selection Strategy, clients should use `scopes_supported` from the Protected Resource Metadata when no explicit scope is provided in the `WWW-Authenticate` challenge. ### Added - `scopes_supported` field on `ProtectedResourceMetadata` dataclass ### Changed - `get_protected_resource_metadata()` now extracts `scopes_supported` from the PRM document - `get_oauth_client_info_with_static_credentials()` uses PRM scopes instead of `None` ### Fixed - Static OAuth 2.1 flow now requests appropriate scopes for providers (like GitHub) that require explicit scope requests to grant access to private resources --- ### Additional Information - Relates to #23668 (the original issue that led to removing scope handling) - Relates to #23696 (prior PR attempting to add admin-configurable scopes, closed due to CLA/branch) - Tested against `github/github-mcp-server` which advertises `repo`, `read:org`, etc. in its PRM `scopes_supported` - Falls back to `scope=None` when PRM does not include `scopes_supported`, preserving current behavior for Entra ID and similar providers ### Contributor License Agreement - [x] By submitting this pull request, I confirm that I have read and fully agree to the [Contributor License Agreement (CLA)](https://github.com/open-webui/open-webui/blob/main/CONTRIBUTOR_LICENSE_AGREEMENT), and I am providing my contributions under its terms. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
GiteaMirror added the pull-request label 2026-05-18 16:02:44 -05:00
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/open-webui#115093