mirror of
https://github.com/open-webui/open-webui.git
synced 2026-07-15 21:19:39 -05:00
[PR #9456] [MERGED] fix: check for email claim before skipping userinfo endpoint #126031
Reference in New Issue
Block a user
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
📋 Pull Request Information
Original PR: https://github.com/open-webui/open-webui/pull/9456
Author: @mitomac
Created: 2/6/2025
Status: ✅ Merged
Merged: 2/6/2025
Merged by: @tjbck
Base:
dev← Head:fix-oidc-email-claim-new📝 Commits (1)
34b62e7fix: check for email claim before skipping userinfo endpoint📊 Changes
1 file changed (+1 additions, -1 deletions)
View changed files
📝
backend/open_webui/utils/oauth.py(+1 -1)📄 Description
Fixes #9452
Description
Fixes an issue where OIDC authentication fails when the email claim is only available via the userinfo endpoint but not in the token's userinfo data. This affects OIDC providers (like Duke) that follow the pattern of providing complete user information through the userinfo endpoint rather than in the token response.
Changelog
Fixed
Changed
Implementation Details
The fix modifies the OIDC authentication flow to check not just for the presence of userinfo data in the token, but specifically for the required email claim. If the email claim is missing, it will make a call to the userinfo endpoint to fetch complete user data.
Code Changes
In
/app/backend/open_webui/utils/oauth.py: