mirror of
https://github.com/open-webui/open-webui.git
synced 2026-07-16 06:03:26 -05:00
[GH-ISSUE #7309] Enhanced Authentication Configuration & Login Page Design #118008
Reference in New Issue
Block a user
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @unicorn667 on GitHub (Nov 24, 2024).
Original GitHub issue: https://github.com/open-webui/open-webui/issues/7309
Feature Request: Enhanced Authentication Configuration & Login Page Design
Is your feature request related to a problem? Please describe.
Currently, OpenWebUI allows users to create local accounts with email/password authentication even when OAuth is configured. This creates potential security risks and confusion among employees who should exclusively use OAuth for authentication. Additionally, the login page displays both authentication methods, which might lead employees to attempt using username/password instead of the intended OAuth method.
A related issue is that new accounts can only be set to one of three states during registration:
Currently, email/password registrations are automatically set to "user" status, which could lead to unauthorized access.
Describe the solution you'd like
1. Authentication Configuration
2. Modified Login Page Design
3. Interim Security Enhancement
Describe alternatives you've considered
CSS-based Solution
Separate Docker Images
Universal Pending Status
Additional context
This feature would enhance security by: