github-starred/open-webui
2
0
Fork 0
mirror of https://github.com/open-webui/open-webui.git synced 2026-05-06 02:48:13 -05:00
Code Issues 1.1k Packages Projects Releases 126 Wiki Activity

[GH-ISSUE #17183] feat: Allow Passing OAuth Token to Tool Calls #18199

New Issue
Closed
opened 2026-04-20 00:24:42 -05:00 by GiteaMirror · 7 comments
GiteaMirror commented 2026-04-20 00:24:42 -05:00
Owner
Copy Link

Originally created by @koflerm on GitHub (Sep 3, 2025).
Original GitHub issue: https://github.com/open-webui/open-webui/issues/17183

Originally assigned to: @tjbck on GitHub.

Check Existing Issues

  • I have searched the existing issues and discussions.

Problem Description

We want to pass the identity, to be concrete the oauth token returned via the SSO login, to the tool calls. This is required as we query information from our data sources via the tools and would like to ensure the user only gets information returned which he/she is allowed to see.

Desired Solution you'd like

The desired solution would be to have the oauth token available in the tool code in order to pass this token as part of the requests to external systems, which can then use the token to verify the user identity.

Alternatives Considered

I did not find any alternative solutions how this would work so far. Appreciated if anybody knows a solution how to handle this.

Additional Context

No response

Originally created by @koflerm on GitHub (Sep 3, 2025). Original GitHub issue: https://github.com/open-webui/open-webui/issues/17183 Originally assigned to: @tjbck on GitHub. ### Check Existing Issues - [x] I have searched the existing issues and discussions. ### Problem Description We want to pass the identity, to be concrete the oauth token returned via the SSO login, to the tool calls. This is required as we query information from our data sources via the tools and would like to ensure the user only gets information returned which he/she is allowed to see. ### Desired Solution you'd like The desired solution would be to have the oauth token available in the tool code in order to pass this token as part of the requests to external systems, which can then use the token to verify the user identity. ### Alternatives Considered I did not find any alternative solutions how this would work so far. Appreciated if anybody knows a solution how to handle this. ### Additional Context _No response_
GiteaMirror commented 2026-04-20 00:24:44 -05:00
Author
Owner
Copy Link

@tjbck commented on GitHub (Sep 3, 2025):

Related: https://github.com/open-webui/open-webui/discussions/8957 https://github.com/open-webui/open-webui/issues/17178

<!-- gh-comment-id:3249958792 --> @tjbck commented on GitHub (Sep 3, 2025): Related: https://github.com/open-webui/open-webui/discussions/8957 https://github.com/open-webui/open-webui/issues/17178
GiteaMirror commented 2026-04-20 00:24:44 -05:00
Author
Owner
Copy Link

@jrkropp commented on GitHub (Sep 4, 2025):

This is how I got around the refresh token issue. https://github.com/jrkropp/open-webui-developer-toolkit/tree/development/tools/microsoft_365_tool

<!-- gh-comment-id:3251676353 --> @jrkropp commented on GitHub (Sep 4, 2025): This is how I got around the refresh token issue. https://github.com/jrkropp/open-webui-developer-toolkit/tree/development/tools/microsoft_365_tool
GiteaMirror commented 2026-04-20 00:24:45 -05:00
Author
Owner
Copy Link

@koflerm commented on GitHub (Sep 4, 2025):

Great I did not know you can inject the __request__ parameter in the tool methods. With that I was able now to extract the OAuth token from the cookies using this code:

def print_oauth_token(
        self, __request__: dict = {}
    ) -> str:
        """
        Print OAuth token in pod log
        """

        oauth_token = __request__.cookies["oauth_id_token"]

        print("OAUTH TOKEN: " + oauth_token)
        result = ""

        return result

Thanks @jrkropp for the reference to your code!

I think it would be great to add this information to the documentation, so that __request__ can be injected. I can add a pull request to do this if you guys agree this makes sense.

<!-- gh-comment-id:3252803499 --> @koflerm commented on GitHub (Sep 4, 2025): Great I did not know you can inject the `__request__` parameter in the tool methods. With that I was able now to extract the OAuth token from the cookies using this code: ``` def print_oauth_token( self, __request__: dict = {} ) -> str: """ Print OAuth token in pod log """ oauth_token = __request__.cookies["oauth_id_token"] print("OAUTH TOKEN: " + oauth_token) result = "" return result ``` Thanks @jrkropp for the reference to your code! I think it would be great to add this information to the documentation, so that `__request__` can be injected. I can add a pull request to do this if you guys agree this makes sense.
GiteaMirror commented 2026-04-20 00:24:45 -05:00
Author
Owner
Copy Link

@tjbck commented on GitHub (Sep 4, 2025):

We might deprecate the cookie option due to https://github.com/open-webui/open-webui/issues/17178

<!-- gh-comment-id:3253163641 --> @tjbck commented on GitHub (Sep 4, 2025): We might deprecate the cookie option due to https://github.com/open-webui/open-webui/issues/17178
GiteaMirror commented 2026-04-20 00:24:46 -05:00
Author
Owner
Copy Link

@jrkropp commented on GitHub (Sep 4, 2025):

We might deprecate the cookie option due to #17178
Got it. Good to know.

<!-- gh-comment-id:3253904364 --> @jrkropp commented on GitHub (Sep 4, 2025): > We might deprecate the cookie option due to [#17178](https://github.com/open-webui/open-webui/issues/17178) Got it. Good to know.
GiteaMirror commented 2026-04-20 00:24:46 -05:00
Author
Owner
Copy Link

@koflerm commented on GitHub (Sep 5, 2025):

@tjbck Just checked #17210 and if this feature request is added, that should definitely solve my problem even better then using the cookies. Looking forward to it!

<!-- gh-comment-id:3257364438 --> @koflerm commented on GitHub (Sep 5, 2025): @tjbck Just checked #17210 and if this feature request is added, that should definitely solve my problem even better then using the cookies. Looking forward to it!
GiteaMirror commented 2026-04-20 00:24:46 -05:00
Author
Owner
Copy Link

@tjbck commented on GitHub (Sep 8, 2025):

Addressed in dev (__oauth_token__ reserved param added), testing wanted here!

<!-- gh-comment-id:3267078972 --> @tjbck commented on GitHub (Sep 8, 2025): Addressed in dev (`__oauth_token__` reserved param added), testing wanted here!
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
bug
confirmed
confirmed issue
core
documentation
enhancement
good first issue
help wanted
non-core
pull-request
Mirrored from GitHub Pull Request
 python
question
testing wanted
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/open-webui#18199
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?