github-starred/open-webui
2
0
Fork 0
mirror of https://github.com/open-webui/open-webui.git synced 2026-05-06 19:08:59 -05:00
Code Issues 1.3k Packages Projects Releases 126 Wiki Activity

[GH-ISSUE #12185] issue: OIDC expects UserInfo claims to always be returned in the id token. #16497

New Issue
Closed
opened 2026-04-19 22:24:24 -05:00 by GiteaMirror · 1 comment
GiteaMirror commented 2026-04-19 22:24:24 -05:00
Owner
Copy Link

Originally created by @Crowley723 on GitHub (Mar 30, 2025).
Original GitHub issue: https://github.com/open-webui/open-webui/issues/12185

Check Existing Issues

  • I have searched the existing issues and discussions.
  • I am using the latest version of Open WebUI.

Installation Method

Docker

Open WebUI Version

v0.4.6

Ollama Version (if applicable)

v0.6.3

Operating System

Ubuntu 24.04.2LTS

Browser (if applicable)

Firefox (snap) 136.0.3

Confirmation

  • I have read and followed all instructions in README.md.
  • I am using the latest version of both Open WebUI and Ollama.
  • I have included the browser console logs.
  • I have included the Docker container logs.
  • I have listed steps to reproduce the bug in detail.

Expected Behavior

When attempting authentication with an external OIDC provider, the user should be properly logged in and not presented with an error.

Actual Behavior

When attempting authentication with an external OIDC provider (authelia in this case), the user is presented with an error.

Steps to Reproduce

  1. Configure authelia to act as an OIDC provider.
  2. Configure OpenWebUI as an OIDC client for authelia.
  3. Attempt login with OpenWebUI.
  4. See Internal Server Error from open-webui

Logs & Screenshots

Ollama Logs: 

2025-03-29 16:51:20.268 | INFO     | httpx._client:_send_single_request:1740 - HTTP Request: POST https://auth.example.com/api/oidc/token "HTTP/1.1 200 OK" - {}
2025-03-29 16:51:20.561 | INFO     | httpx._client:_send_single_request:1740 - HTTP Request: GET https://auth.example.com/api/oidc/userinfo "HTTP/1.1 200 OK" - {}
2025-03-29 16:51:20.562 | INFO     | uvicorn.protocols.http.httptools_impl:send:476 - 98.97.24.228:0 - "GET /oauth/oidc/callback?code=authelia_ac_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx&iss=https%3A%2F%2Fauth.example.com&scope=openid+email+profile+groups&state=xxxxxxxxxxxxxxxxxxxxxxxxxxx HTTP/1.1" 500 - {}
Exception in ASGI application
Traceback (most recent call last):
  File "/usr/local/lib/python3.11/site-packages/uvicorn/protocols/http/httptools_impl.py", line 409, in run_asgi
    result = await app(  # type: ignore[func-returns-value]
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/uvicorn/middleware/proxy_headers.py", line 60, in __call__
    return await self.app(scope, receive, send)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/fastapi/applications.py", line 1054, in __call__
    await super().__call__(scope, receive, send)
  File "/usr/local/lib/python3.11/site-packages/starlette/applications.py", line 112, in __call__
    await self.middleware_stack(scope, receive, send)
  File "/usr/local/lib/python3.11/site-packages/starlette/middleware/errors.py", line 187, in __call__
    raise exc
  File "/usr/local/lib/python3.11/site-packages/starlette/middleware/errors.py", line 165, in __call__
    await self.app(scope, receive, _send)
  File "/usr/local/lib/python3.11/site-packages/starlette/middleware/sessions.py", line 85, in __call__
    await self.app(scope, receive, send_wrapper)
  File "/app/backend/open_webui/utils/audit.py", line 154, in __call__
    return await self.app(scope, receive, send)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/starlette/middleware/cors.py", line 85, in __call__
    await self.app(scope, receive, send)
  File "/usr/local/lib/python3.11/site-packages/starlette/middleware/base.py", line 177, in __call__
    with recv_stream, send_stream, collapse_excgroups():
  File "/usr/local/lib/python3.11/contextlib.py", line 158, in __exit__
    self.gen.throw(typ, value, traceback)
  File "/usr/local/lib/python3.11/site-packages/starlette/_utils.py", line 82, in collapse_excgroups
    raise exc
  File "/usr/local/lib/python3.11/site-packages/starlette/middleware/base.py", line 179, in __call__
    response = await self.dispatch_func(request, call_next)
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/app/backend/open_webui/main.py", line 854, in inspect_websocket
    return await call_next(request)
           ^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/starlette/middleware/base.py", line 154, in call_next
    raise app_exc
  File "/usr/local/lib/python3.11/site-packages/starlette/middleware/base.py", line 141, in coro
    await self.app(scope, receive_or_disconnect, send_no_error)
  File "/usr/local/lib/python3.11/site-packages/starlette/middleware/base.py", line 177, in __call__
    with recv_stream, send_stream, collapse_excgroups():
  File "/usr/local/lib/python3.11/contextlib.py", line 158, in __exit__
    self.gen.throw(typ, value, traceback)
  File "/usr/local/lib/python3.11/site-packages/starlette/_utils.py", line 82, in collapse_excgroups
    raise exc
  File "/usr/local/lib/python3.11/site-packages/starlette/middleware/base.py", line 179, in __call__
    response = await self.dispatch_func(request, call_next)
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/app/backend/open_webui/main.py", line 833, in check_url
    response = await call_next(request)
               ^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/starlette/middleware/base.py", line 154, in call_next
    raise app_exc
  File "/usr/local/lib/python3.11/site-packages/starlette/middleware/base.py", line 141, in coro
    await self.app(scope, receive_or_disconnect, send_no_error)
  File "/usr/local/lib/python3.11/site-packages/starlette/middleware/base.py", line 177, in __call__
    with recv_stream, send_stream, collapse_excgroups():
  File "/usr/local/lib/python3.11/contextlib.py", line 158, in __exit__
    self.gen.throw(typ, value, traceback)
  File "/usr/local/lib/python3.11/site-packages/starlette/_utils.py", line 82, in collapse_excgroups
    raise exc
  File "/usr/local/lib/python3.11/site-packages/starlette/middleware/base.py", line 179, in __call__
    response = await self.dispatch_func(request, call_next)
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/app/backend/open_webui/main.py", line 823, in commit_session_after_request
    response = await call_next(request)
               ^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/starlette/middleware/base.py", line 154, in call_next
    raise app_exc
  File "/usr/local/lib/python3.11/site-packages/starlette/middleware/base.py", line 141, in coro
    await self.app(scope, receive_or_disconnect, send_no_error)
  File "/usr/local/lib/python3.11/site-packages/starlette/middleware/base.py", line 177, in __call__
    with recv_stream, send_stream, collapse_excgroups():
  File "/usr/local/lib/python3.11/contextlib.py", line 158, in __exit__
    self.gen.throw(typ, value, traceback)
  File "/usr/local/lib/python3.11/site-packages/starlette/_utils.py", line 82, in collapse_excgroups
    raise exc
  File "/usr/local/lib/python3.11/site-packages/starlette/middleware/base.py", line 179, in __call__
    response = await self.dispatch_func(request, call_next)
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/app/backend/open_webui/utils/security_headers.py", line 11, in dispatch
    response = await call_next(request)
               ^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/starlette/middleware/base.py", line 154, in call_next
    raise app_exc
  File "/usr/local/lib/python3.11/site-packages/starlette/middleware/base.py", line 141, in coro
    await self.app(scope, receive_or_disconnect, send_no_error)
  File "/usr/local/lib/python3.11/site-packages/starlette/middleware/base.py", line 177, in __call__
    with recv_stream, send_stream, collapse_excgroups():
  File "/usr/local/lib/python3.11/contextlib.py", line 158, in __exit__
    self.gen.throw(typ, value, traceback)
  File "/usr/local/lib/python3.11/site-packages/starlette/_utils.py", line 82, in collapse_excgroups
    raise exc
  File "/usr/local/lib/python3.11/site-packages/starlette/middleware/base.py", line 179, in __call__
    response = await self.dispatch_func(request, call_next)
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/app/backend/open_webui/main.py", line 812, in dispatch
    response = await call_next(request)
               ^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/starlette/middleware/base.py", line 154, in call_next
    raise app_exc
  File "/usr/local/lib/python3.11/site-packages/starlette/middleware/base.py", line 141, in coro
    await self.app(scope, receive_or_disconnect, send_no_error)
  File "/usr/local/lib/python3.11/site-packages/starlette/middleware/exceptions.py", line 62, in __call__
    await wrap_app_handling_exceptions(self.app, conn)(scope, receive, send)
  File "/usr/local/lib/python3.11/site-packages/starlette/_exception_handler.py", line 53, in wrapped_app
    raise exc
  File "/usr/local/lib/python3.11/site-packages/starlette/_exception_handler.py", line 42, in wrapped_app
    await app(scope, receive, sender)
  File "/usr/local/lib/python3.11/site-packages/starlette/routing.py", line 715, in __call__
    await self.middleware_stack(scope, receive, send)
  File "/usr/local/lib/python3.11/site-packages/starlette/routing.py", line 735, in app
    await route.handle(scope, receive, send)
  File "/usr/local/lib/python3.11/site-packages/starlette/routing.py", line 288, in handle
    await self.app(scope, receive, send)
  File "/usr/local/lib/python3.11/site-packages/starlette/routing.py", line 76, in app
    await wrap_app_handling_exceptions(app, request)(scope, receive, send)
  File "/usr/local/lib/python3.11/site-packages/starlette/_exception_handler.py", line 53, in wrapped_app
    raise exc
  File "/usr/local/lib/python3.11/site-packages/starlette/_exception_handler.py", line 42, in wrapped_app
    await app(scope, receive, sender)
  File "/usr/local/lib/python3.11/site-packages/starlette/routing.py", line 73, in app
    response = await f(request)
               ^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/fastapi/routing.py", line 301, in app
    raw_response = await run_endpoint_function(
                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/fastapi/routing.py", line 212, in run_endpoint_function
    return await dependant.call(**values)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/app/backend/open_webui/main.py", line 1317, in oauth_callback
    return await oauth_manager.handle_callback(request, provider, response)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/app/backend/open_webui/utils/oauth.py", line 238, in handle_callback
    user_data: UserInfo = await client.userinfo(token=token)
                          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/authlib/integrations/base_client/async_openid.py", line 31, in userinfo
    data = resp.json()
           ^^^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/httpx/_models.py", line 832, in json
    return jsonlib.loads(self.content, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/json/__init__.py", line 346, in loads
    return _default_decoder.decode(s)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/json/decoder.py", line 337, in decode
    obj, end = self.raw_decode(s, idx=_w(s, 0).end())
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/json/decoder.py", line 355, in raw_decode
    raise JSONDecodeError("Expecting value", s, err.value) from None
json.decoder.JSONDecodeError: Expecting value: line 1 column 1 (char 0)
Authelia Logs: 

time="2025-03-29T16:54:01-07:00" level=debug msg="Authorization Request with id 'c7a54d1a-0033-498f-9726-f107f5d7c6ac' on client with id 'secret_client_id' is being processed" method=GET path=/api/oidc/authorization remote_ip=192.168.10.9
time="2025-03-29T16:54:01-07:00" level=debug msg="Authorization Request with id 'c7a54d1a-0033-498f-9726-f107f5d7c6ac' on client with id 'secret_client_id' is not being redirected for reauthentication" authenticated_at="2025-03-21 21:21:29 +0000 UTC" method=GET path=/api/oidc/authorization prompt= remote_ip=192.168.10.9 requested_at="2025-03-29 16:54:01.353363 -0700 PDT"
time="2025-03-29T16:54:01-07:00" level=debug msg="Authorization Request with id 'c7a54d1a-0033-498f-9726-f107f5d7c6ac' on client with id 'secret_client_id' was successfully processed, proceeding to build Authorization Response" method=GET path=/api/oidc/authorization remote_ip=192.168.10.9
time="2025-03-29T16:54:01-07:00" level=debug msg="Access Request with id 'c7a54d1a-0033-498f-9726-f107f5d7c6ac' on client with id 'secret_client_id' is being processed" method=POST path=/api/oidc/token remote_ip="fd9a:8810:1234::2b"
time="2025-03-29T16:54:01-07:00" level=debug msg="Access Request with id 'c7a54d1a-0033-498f-9726-f107f5d7c6ac' on client with id 'secret_client_id' has successfully been processed" method=POST path=/api/oidc/token remote_ip="fd9a:8810:1234::2b"
time="2025-03-29T16:54:01-07:00" level=debug msg="User Info Request with id '23222adb-4891-40e9-a7c9-5533da528131' is being processed" method=GET path=/api/oidc/userinfo remote_ip="fd9a:8810:1234::2b"
time="2025-03-29T16:54:02-07:00" level=debug msg="User Info Request with id '23222adb-4891-40e9-a7c9-5533da528131' on client with id 'secret_client_id' is being returned signed as per the registered client configuration with key id 'example' using the 'RS256' algorithm" method=GET path=/api/oidc/userinfo remote_ip="fd9a:8810:1234::2b"
time="2025-03-29T16:54:02-07:00" level=debug msg="User Info Request with id '23222adb-4891-40e9-a7c9-5533da528131' on client with id 'secret_client_id' was successfully processed" method=GET path=/api/oidc/userinfo remote_ip="fd9a:8810:1234::2b"

Additional Information

I believe this issue is the same one fixed by this pr in mealie.
Per the OIDC spec, it is not required for OIDC providers to return anything except for specific claims in the id_token given to the client after authentication. As such, if the client expects info about the user (such as email, username, etc) they may have to fetch said info from the provider's user info endpoint.

In the recent update for authelia (4.39), we stopped including this information by default which requires some clients to use the UserInfo endpoint. We provided a way for admins to continue using the old method but this is a band-aid fix.

Possible Solution

As can be seen in the mealie pr, this should be a fairly straight forward fix, if the returned token doesn't contain the required information about the user, fetch it from the UserInfo endpoint instead.

Originally created by @Crowley723 on GitHub (Mar 30, 2025). Original GitHub issue: https://github.com/open-webui/open-webui/issues/12185 ### Check Existing Issues - [x] I have searched the existing issues and discussions. - [x] I am using the latest version of Open WebUI. ### Installation Method Docker ### Open WebUI Version v0.4.6 ### Ollama Version (if applicable) v0.6.3 ### Operating System Ubuntu 24.04.2LTS ### Browser (if applicable) Firefox (snap) 136.0.3 ### Confirmation - [x] I have read and followed all instructions in `README.md`. - [x] I am using the latest version of **both** Open WebUI and Ollama. - [x] I have included the browser console logs. - [x] I have included the Docker container logs. - [x] I have listed steps to reproduce the bug in detail. ### Expected Behavior When attempting authentication with an external OIDC provider, the user should be properly logged in and not presented with an error. ### Actual Behavior When attempting authentication with an external OIDC provider (authelia in this case), the user is presented with an error. ### Steps to Reproduce 1. Configure authelia to act as an OIDC provider. 2. Configure OpenWebUI as an OIDC client for authelia. 3. Attempt login with OpenWebUI. 4. See `Internal Server Error` from open-webui ### Logs & Screenshots <details> <summary>Ollama Logs:</summary> <br> ```bash 2025-03-29 16:51:20.268 | INFO | httpx._client:_send_single_request:1740 - HTTP Request: POST https://auth.example.com/api/oidc/token "HTTP/1.1 200 OK" - {} 2025-03-29 16:51:20.561 | INFO | httpx._client:_send_single_request:1740 - HTTP Request: GET https://auth.example.com/api/oidc/userinfo "HTTP/1.1 200 OK" - {} 2025-03-29 16:51:20.562 | INFO | uvicorn.protocols.http.httptools_impl:send:476 - 98.97.24.228:0 - "GET /oauth/oidc/callback?code=authelia_ac_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx&iss=https%3A%2F%2Fauth.example.com&scope=openid+email+profile+groups&state=xxxxxxxxxxxxxxxxxxxxxxxxxxx HTTP/1.1" 500 - {} Exception in ASGI application Traceback (most recent call last): File "/usr/local/lib/python3.11/site-packages/uvicorn/protocols/http/httptools_impl.py", line 409, in run_asgi result = await app( # type: ignore[func-returns-value] ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.11/site-packages/uvicorn/middleware/proxy_headers.py", line 60, in __call__ return await self.app(scope, receive, send) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.11/site-packages/fastapi/applications.py", line 1054, in __call__ await super().__call__(scope, receive, send) File "/usr/local/lib/python3.11/site-packages/starlette/applications.py", line 112, in __call__ await self.middleware_stack(scope, receive, send) File "/usr/local/lib/python3.11/site-packages/starlette/middleware/errors.py", line 187, in __call__ raise exc File "/usr/local/lib/python3.11/site-packages/starlette/middleware/errors.py", line 165, in __call__ await self.app(scope, receive, _send) File "/usr/local/lib/python3.11/site-packages/starlette/middleware/sessions.py", line 85, in __call__ await self.app(scope, receive, send_wrapper) File "/app/backend/open_webui/utils/audit.py", line 154, in __call__ return await self.app(scope, receive, send) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.11/site-packages/starlette/middleware/cors.py", line 85, in __call__ await self.app(scope, receive, send) File "/usr/local/lib/python3.11/site-packages/starlette/middleware/base.py", line 177, in __call__ with recv_stream, send_stream, collapse_excgroups(): File "/usr/local/lib/python3.11/contextlib.py", line 158, in __exit__ self.gen.throw(typ, value, traceback) File "/usr/local/lib/python3.11/site-packages/starlette/_utils.py", line 82, in collapse_excgroups raise exc File "/usr/local/lib/python3.11/site-packages/starlette/middleware/base.py", line 179, in __call__ response = await self.dispatch_func(request, call_next) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/app/backend/open_webui/main.py", line 854, in inspect_websocket return await call_next(request) ^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.11/site-packages/starlette/middleware/base.py", line 154, in call_next raise app_exc File "/usr/local/lib/python3.11/site-packages/starlette/middleware/base.py", line 141, in coro await self.app(scope, receive_or_disconnect, send_no_error) File "/usr/local/lib/python3.11/site-packages/starlette/middleware/base.py", line 177, in __call__ with recv_stream, send_stream, collapse_excgroups(): File "/usr/local/lib/python3.11/contextlib.py", line 158, in __exit__ self.gen.throw(typ, value, traceback) File "/usr/local/lib/python3.11/site-packages/starlette/_utils.py", line 82, in collapse_excgroups raise exc File "/usr/local/lib/python3.11/site-packages/starlette/middleware/base.py", line 179, in __call__ response = await self.dispatch_func(request, call_next) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/app/backend/open_webui/main.py", line 833, in check_url response = await call_next(request) ^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.11/site-packages/starlette/middleware/base.py", line 154, in call_next raise app_exc File "/usr/local/lib/python3.11/site-packages/starlette/middleware/base.py", line 141, in coro await self.app(scope, receive_or_disconnect, send_no_error) File "/usr/local/lib/python3.11/site-packages/starlette/middleware/base.py", line 177, in __call__ with recv_stream, send_stream, collapse_excgroups(): File "/usr/local/lib/python3.11/contextlib.py", line 158, in __exit__ self.gen.throw(typ, value, traceback) File "/usr/local/lib/python3.11/site-packages/starlette/_utils.py", line 82, in collapse_excgroups raise exc File "/usr/local/lib/python3.11/site-packages/starlette/middleware/base.py", line 179, in __call__ response = await self.dispatch_func(request, call_next) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/app/backend/open_webui/main.py", line 823, in commit_session_after_request response = await call_next(request) ^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.11/site-packages/starlette/middleware/base.py", line 154, in call_next raise app_exc File "/usr/local/lib/python3.11/site-packages/starlette/middleware/base.py", line 141, in coro await self.app(scope, receive_or_disconnect, send_no_error) File "/usr/local/lib/python3.11/site-packages/starlette/middleware/base.py", line 177, in __call__ with recv_stream, send_stream, collapse_excgroups(): File "/usr/local/lib/python3.11/contextlib.py", line 158, in __exit__ self.gen.throw(typ, value, traceback) File "/usr/local/lib/python3.11/site-packages/starlette/_utils.py", line 82, in collapse_excgroups raise exc File "/usr/local/lib/python3.11/site-packages/starlette/middleware/base.py", line 179, in __call__ response = await self.dispatch_func(request, call_next) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/app/backend/open_webui/utils/security_headers.py", line 11, in dispatch response = await call_next(request) ^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.11/site-packages/starlette/middleware/base.py", line 154, in call_next raise app_exc File "/usr/local/lib/python3.11/site-packages/starlette/middleware/base.py", line 141, in coro await self.app(scope, receive_or_disconnect, send_no_error) File "/usr/local/lib/python3.11/site-packages/starlette/middleware/base.py", line 177, in __call__ with recv_stream, send_stream, collapse_excgroups(): File "/usr/local/lib/python3.11/contextlib.py", line 158, in __exit__ self.gen.throw(typ, value, traceback) File "/usr/local/lib/python3.11/site-packages/starlette/_utils.py", line 82, in collapse_excgroups raise exc File "/usr/local/lib/python3.11/site-packages/starlette/middleware/base.py", line 179, in __call__ response = await self.dispatch_func(request, call_next) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/app/backend/open_webui/main.py", line 812, in dispatch response = await call_next(request) ^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.11/site-packages/starlette/middleware/base.py", line 154, in call_next raise app_exc File "/usr/local/lib/python3.11/site-packages/starlette/middleware/base.py", line 141, in coro await self.app(scope, receive_or_disconnect, send_no_error) File "/usr/local/lib/python3.11/site-packages/starlette/middleware/exceptions.py", line 62, in __call__ await wrap_app_handling_exceptions(self.app, conn)(scope, receive, send) File "/usr/local/lib/python3.11/site-packages/starlette/_exception_handler.py", line 53, in wrapped_app raise exc File "/usr/local/lib/python3.11/site-packages/starlette/_exception_handler.py", line 42, in wrapped_app await app(scope, receive, sender) File "/usr/local/lib/python3.11/site-packages/starlette/routing.py", line 715, in __call__ await self.middleware_stack(scope, receive, send) File "/usr/local/lib/python3.11/site-packages/starlette/routing.py", line 735, in app await route.handle(scope, receive, send) File "/usr/local/lib/python3.11/site-packages/starlette/routing.py", line 288, in handle await self.app(scope, receive, send) File "/usr/local/lib/python3.11/site-packages/starlette/routing.py", line 76, in app await wrap_app_handling_exceptions(app, request)(scope, receive, send) File "/usr/local/lib/python3.11/site-packages/starlette/_exception_handler.py", line 53, in wrapped_app raise exc File "/usr/local/lib/python3.11/site-packages/starlette/_exception_handler.py", line 42, in wrapped_app await app(scope, receive, sender) File "/usr/local/lib/python3.11/site-packages/starlette/routing.py", line 73, in app response = await f(request) ^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.11/site-packages/fastapi/routing.py", line 301, in app raw_response = await run_endpoint_function( ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.11/site-packages/fastapi/routing.py", line 212, in run_endpoint_function return await dependant.call(**values) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/app/backend/open_webui/main.py", line 1317, in oauth_callback return await oauth_manager.handle_callback(request, provider, response) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/app/backend/open_webui/utils/oauth.py", line 238, in handle_callback user_data: UserInfo = await client.userinfo(token=token) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.11/site-packages/authlib/integrations/base_client/async_openid.py", line 31, in userinfo data = resp.json() ^^^^^^^^^^^ File "/usr/local/lib/python3.11/site-packages/httpx/_models.py", line 832, in json return jsonlib.loads(self.content, **kwargs) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.11/json/__init__.py", line 346, in loads return _default_decoder.decode(s) ^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.11/json/decoder.py", line 337, in decode obj, end = self.raw_decode(s, idx=_w(s, 0).end()) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.11/json/decoder.py", line 355, in raw_decode raise JSONDecodeError("Expecting value", s, err.value) from None json.decoder.JSONDecodeError: Expecting value: line 1 column 1 (char 0) ``` </details> <details> <summary>Authelia Logs:</summary> <br> ```bash time="2025-03-29T16:54:01-07:00" level=debug msg="Authorization Request with id 'c7a54d1a-0033-498f-9726-f107f5d7c6ac' on client with id 'secret_client_id' is being processed" method=GET path=/api/oidc/authorization remote_ip=192.168.10.9 time="2025-03-29T16:54:01-07:00" level=debug msg="Authorization Request with id 'c7a54d1a-0033-498f-9726-f107f5d7c6ac' on client with id 'secret_client_id' is not being redirected for reauthentication" authenticated_at="2025-03-21 21:21:29 +0000 UTC" method=GET path=/api/oidc/authorization prompt= remote_ip=192.168.10.9 requested_at="2025-03-29 16:54:01.353363 -0700 PDT" time="2025-03-29T16:54:01-07:00" level=debug msg="Authorization Request with id 'c7a54d1a-0033-498f-9726-f107f5d7c6ac' on client with id 'secret_client_id' was successfully processed, proceeding to build Authorization Response" method=GET path=/api/oidc/authorization remote_ip=192.168.10.9 time="2025-03-29T16:54:01-07:00" level=debug msg="Access Request with id 'c7a54d1a-0033-498f-9726-f107f5d7c6ac' on client with id 'secret_client_id' is being processed" method=POST path=/api/oidc/token remote_ip="fd9a:8810:1234::2b" time="2025-03-29T16:54:01-07:00" level=debug msg="Access Request with id 'c7a54d1a-0033-498f-9726-f107f5d7c6ac' on client with id 'secret_client_id' has successfully been processed" method=POST path=/api/oidc/token remote_ip="fd9a:8810:1234::2b" time="2025-03-29T16:54:01-07:00" level=debug msg="User Info Request with id '23222adb-4891-40e9-a7c9-5533da528131' is being processed" method=GET path=/api/oidc/userinfo remote_ip="fd9a:8810:1234::2b" time="2025-03-29T16:54:02-07:00" level=debug msg="User Info Request with id '23222adb-4891-40e9-a7c9-5533da528131' on client with id 'secret_client_id' is being returned signed as per the registered client configuration with key id 'example' using the 'RS256' algorithm" method=GET path=/api/oidc/userinfo remote_ip="fd9a:8810:1234::2b" time="2025-03-29T16:54:02-07:00" level=debug msg="User Info Request with id '23222adb-4891-40e9-a7c9-5533da528131' on client with id 'secret_client_id' was successfully processed" method=GET path=/api/oidc/userinfo remote_ip="fd9a:8810:1234::2b" ``` </details> ### Additional Information I believe this issue is the same one fixed by [this pr](https://github.com/mealie-recipes/mealie/pull/5228) in mealie. Per the OIDC spec, it is not required for OIDC providers to return anything except for [specific claims](https://openid.net/specs/openid-connect-core-1_0.html#IDToken) in the id_token given to the client after authentication. As such, if the client expects info about the user (such as email, username, etc) they may have to fetch said info from the provider's user info endpoint. In the recent update for authelia (4.39), we stopped including this information by default which requires some clients to use the UserInfo endpoint. We provided a way for admins to continue using the old method but this is a band-aid fix. ## Possible Solution As can be seen in the mealie pr, this should be a fairly straight forward fix, if the returned token doesn't contain the required information about the user, fetch it from the UserInfo endpoint instead.
GiteaMirror added the bug label 2026-04-19 22:24:24 -05:00
GiteaMirror commented 2026-04-19 22:24:25 -05:00
Author
Owner
Copy Link

@tjbck commented on GitHub (Mar 30, 2025):

I am using the latest version of Open WebUI.?

<!-- gh-comment-id:2764303180 --> @tjbck commented on GitHub (Mar 30, 2025): `I am using the latest version of Open WebUI.`?
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
bug
confirmed
confirmed issue
core
documentation
enhancement
good first issue
help wanted
non-core
pull-request
Mirrored from GitHub Pull Request
 python
question
testing wanted
No Label bug
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/open-webui#16497
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?