github-starred/open-webui
2
0
Fork 0
mirror of https://github.com/open-webui/open-webui.git synced 2026-05-05 18:38:17 -05:00
Code Issues 1.1k Packages Projects Releases 126 Wiki Activity

[GH-ISSUE #20291] issue: MCP Atlassian OAuth token refresh fails with "Constructor parameter should be str" in v0.6.43 #19144

New Issue
Closed
opened 2026-04-20 01:28:28 -05:00 by GiteaMirror · 2 comments
GiteaMirror commented 2026-04-20 01:28:28 -05:00
Owner
Copy Link

Originally created by @rolandscho on GitHub (Dec 31, 2025).
Original GitHub issue: https://github.com/open-webui/open-webui/issues/20291

Check Existing Issues

  • I have searched for any existing and/or related issues.
  • I have searched for any existing and/or related discussions.
  • I have also searched in the CLOSED issues AND CLOSED discussions and found no related items (your issue might already be addressed on the development branch!).
  • I am using the latest version of Open WebUI.

Installation Method

Docker

Open WebUI Version

v0.6.43

Ollama Version (if applicable)

0.13.1

Operating System

Ubuntu 22.04 (Docker Swarm cluster)

Browser (if applicable)

Chrome 143.0.7499.170

Confirmation

  • I have read and followed all instructions in README.md.
  • I am using the latest version of both Open WebUI and Ollama.
  • I have included the browser console logs.
  • I have included the Docker container logs.
  • I have provided every relevant configuration, setting, and environment variable used in my setup.
  • I have clearly listed every relevant configuration, custom setting, environment variable, and command-line option that influences my setup (such as Docker Compose overrides, .env values, browser settings, authentication configurations, etc).
  • I have documented step-by-step reproduction instructions that are precise, sequential, and leave nothing to interpretation. My steps:
  • Start with the initial platform/version/OS and dependencies used,
  • Specify exact install/launch/configure commands,
  • List URLs visited, user input (incl. example values/emails/passwords if needed),
  • Describe all options and toggles enabled or changed,
  • Include any files or environmental changes,
  • Identify the expected and actual result at each stage,
  • Ensure any reasonably skilled user can follow and hit the same issue.

Expected Behavior

When the Atlassian MCP OAuth access token expires, Open WebUI should automatically refresh it using the stored refresh_token, maintaining a valid session without user intervention.

Actual Behavior

After approximately 1 day of inactivity (or when the OAuth token expires), the token refresh fails with the error Constructor parameter should be str. The OAuth session is then deleted, requiring the user to manually re-authenticate via Settings → External Tools → Atlassian.
This issue is similar to #17829 which was fixed in v0.6.33, but that fix appears to only address OIDC providers (Google, Microsoft, OIDC), not MCP OAuth clients like Atlassian.

Steps to Reproduce

  1. Configure Atlassian MCP server with OAuth 2.1 in Admin Settings → External Tools
  2. Successfully authenticate with Atlassian
  3. Use MCP tools (e.g., Jira search) - works fine initially
  4. Wait ~1 day (or until the OAuth token expires)
  5. Try to use any Atlassian MCP tool again
  6. Token refresh fails, session is deleted
  7. User must manually re-authenticate

Logs & Screenshots

Error logs when token refresh fails:

2025-12-31 10:04:08.891 | ERROR    | open_webui.utils.oauth:_perform_token_refresh:764 - Exception during token refresh for client_id mcp:atlassian_mcp: Constructor parameter should be str
2025-12-31 10:04:08.891 | ERROR    | open_webui.utils.oauth:_refresh_token:669 - Failed to refresh token for session fc39e271-4687-494e-8887-847d2181004b
2025-12-31 10:04:08.891 | WARNING  | open_webui.utils.oauth:get_oauth_token:636 - Token refresh failed for user 00131bde-b544-4735-9db7-52ae9ddfb260, client_id mcp:atlassian_mcp, deleting session fc39e271-4687-494e-8887-847d2181004b

Subsequent requests show no OAuth session:

2025-12-31 10:04:09.204 | WARNING  | open_webui.utils.oauth:get_oauth_token:621 - No OAuth session found for user 00131bde-b544-4735-9db7-52ae9ddfb260, client_id mcp:atlassian_mcp
2025-12-31 10:04:14.247 | WARNING  | open_webui.utils.oauth:get_oauth_token:621 - No OAuth session found for user 00131bde-b544-4735-9db7-52ae9ddfb260, client_id mcp:atlassian_mcp

Note: The day before, the MCP connection was working fine:

2025-12-30 12:01:14.405 | INFO     | httpx._client:_send_single_request:1740 - HTTP Request: POST https://mcp.atlassian.com/v1/mcp "HTTP/1.1 200 OK"
2025-12-30 12:01:14.472 | INFO     | open_webui.utils.oauth:_refresh_token:960 - Successfully refreshed token for session c8d0c8b4-baa7-45ef-ac67-bbc8474c74b2

MCP Configuration Screenshot:
Image

Initial authentication works fine. The issue only occurs when the token needs to be refreshed after expiration.

Image

Additional Information

Related Issues:

#17829 - Fixed Constructor parameter should be str for OIDC providers in v0.6.33, but MCP clients still affected
#19820 - Discussion about MCP OAuth tokens not being proactively refreshed
#19811 - PR that attempted to fix proactive token refresh (closed by maintainer)

Root Cause Hypothesis:
The fix in v0.6.33 (commit for #17829) properly registered and stored OAuth clients for Google, Microsoft, and OIDC providers. However, MCP OAuth clients (like mcp:atlassian_mcp) appear to follow a different code path in _perform_token_refresh() where the OAuth client registration/lookup fails, causing the Constructor parameter should be str exception.
The error suggests that somewhere in the token refresh flow, a parameter that should be a string is receiving a different type (possibly None or an object).

Workaround:
Users must manually re-authenticate via Settings → External Tools → Atlassian before using MCP tools after the token expires.

Originally created by @rolandscho on GitHub (Dec 31, 2025). Original GitHub issue: https://github.com/open-webui/open-webui/issues/20291 ### Check Existing Issues - [x] I have searched for any existing and/or related issues. - [x] I have searched for any existing and/or related discussions. - [x] I have also searched in the CLOSED issues AND CLOSED discussions and found no related items (your issue might already be addressed on the development branch!). - [x] I am using the latest version of Open WebUI. ### Installation Method Docker ### Open WebUI Version v0.6.43 ### Ollama Version (if applicable) 0.13.1 ### Operating System Ubuntu 22.04 (Docker Swarm cluster) ### Browser (if applicable) Chrome 143.0.7499.170 ### Confirmation - [x] I have read and followed all instructions in `README.md`. - [x] I am using the latest version of **both** Open WebUI and Ollama. - [x] I have included the browser console logs. - [x] I have included the Docker container logs. - [x] I have **provided every relevant configuration, setting, and environment variable used in my setup.** - [x] I have clearly **listed every relevant configuration, custom setting, environment variable, and command-line option that influences my setup** (such as Docker Compose overrides, .env values, browser settings, authentication configurations, etc). - [x] I have documented **step-by-step reproduction instructions that are precise, sequential, and leave nothing to interpretation**. My steps: - Start with the initial platform/version/OS and dependencies used, - Specify exact install/launch/configure commands, - List URLs visited, user input (incl. example values/emails/passwords if needed), - Describe all options and toggles enabled or changed, - Include any files or environmental changes, - Identify the expected and actual result at each stage, - Ensure any reasonably skilled user can follow and hit the same issue. ### Expected Behavior When the Atlassian MCP OAuth access token expires, Open WebUI should automatically refresh it using the stored refresh_token, maintaining a valid session without user intervention. ### Actual Behavior After approximately 1 day of inactivity (or when the OAuth token expires), the token refresh fails with the error Constructor parameter should be str. The OAuth session is then deleted, requiring the user to manually re-authenticate via Settings → External Tools → Atlassian. This issue is similar to #17829 which was fixed in v0.6.33, but that fix appears to only address OIDC providers (Google, Microsoft, OIDC), not MCP OAuth clients like Atlassian. ### Steps to Reproduce 1. Configure Atlassian MCP server with OAuth 2.1 in Admin Settings → External Tools 2. Successfully authenticate with Atlassian 3. Use MCP tools (e.g., Jira search) - works fine initially 4. Wait ~1 day (or until the OAuth token expires) 5. Try to use any Atlassian MCP tool again 6. Token refresh fails, session is deleted 7. User must manually re-authenticate ### Logs & Screenshots Error logs when token refresh fails: ``` 2025-12-31 10:04:08.891 | ERROR | open_webui.utils.oauth:_perform_token_refresh:764 - Exception during token refresh for client_id mcp:atlassian_mcp: Constructor parameter should be str 2025-12-31 10:04:08.891 | ERROR | open_webui.utils.oauth:_refresh_token:669 - Failed to refresh token for session fc39e271-4687-494e-8887-847d2181004b 2025-12-31 10:04:08.891 | WARNING | open_webui.utils.oauth:get_oauth_token:636 - Token refresh failed for user 00131bde-b544-4735-9db7-52ae9ddfb260, client_id mcp:atlassian_mcp, deleting session fc39e271-4687-494e-8887-847d2181004b ``` Subsequent requests show no OAuth session: ``` 2025-12-31 10:04:09.204 | WARNING | open_webui.utils.oauth:get_oauth_token:621 - No OAuth session found for user 00131bde-b544-4735-9db7-52ae9ddfb260, client_id mcp:atlassian_mcp 2025-12-31 10:04:14.247 | WARNING | open_webui.utils.oauth:get_oauth_token:621 - No OAuth session found for user 00131bde-b544-4735-9db7-52ae9ddfb260, client_id mcp:atlassian_mcp ``` Note: The day before, the MCP connection was working fine: ``` 2025-12-30 12:01:14.405 | INFO | httpx._client:_send_single_request:1740 - HTTP Request: POST https://mcp.atlassian.com/v1/mcp "HTTP/1.1 200 OK" 2025-12-30 12:01:14.472 | INFO | open_webui.utils.oauth:_refresh_token:960 - Successfully refreshed token for session c8d0c8b4-baa7-45ef-ac67-bbc8474c74b2 ``` MCP Configuration Screenshot: <img width="507" height="818" alt="Image" src="https://github.com/user-attachments/assets/327b1a70-c745-4e9d-9588-fe5e1f56cbd1" /> Initial authentication works fine. The issue only occurs when the token needs to be refreshed after expiration. <img width="1052" height="176" alt="Image" src="https://github.com/user-attachments/assets/c834eeb3-3aad-48dc-8ee3-59412bb2e53f" /> ### Additional Information Related Issues: #17829 - Fixed Constructor parameter should be str for OIDC providers in v0.6.33, but MCP clients still affected #19820 - Discussion about MCP OAuth tokens not being proactively refreshed #19811 - PR that attempted to fix proactive token refresh (closed by maintainer) Root Cause Hypothesis: The fix in v0.6.33 (commit for #17829) properly registered and stored OAuth clients for Google, Microsoft, and OIDC providers. However, MCP OAuth clients (like mcp:atlassian_mcp) appear to follow a different code path in _perform_token_refresh() where the OAuth client registration/lookup fails, causing the Constructor parameter should be str exception. The error suggests that somewhere in the token refresh flow, a parameter that should be a string is receiving a different type (possibly None or an object). Workaround: Users must manually re-authenticate via Settings → External Tools → Atlassian before using MCP tools after the token expires.
GiteaMirror added the bug label 2026-04-20 01:28:28 -05:00
GiteaMirror commented 2026-04-20 01:28:31 -05:00
Author
Owner
Copy Link

@owui-terminator[bot] commented on GitHub (Dec 31, 2025):

🔍 Similar Issues Found

I found some existing issues that might be related to this one. Please check if any of these are duplicates or contain helpful solutions:

  1. #19823 Issue: Auth 2.1 Authorization/Token retrival is broken in v0.6.41
    by mllab-nl • Dec 08, 2025 • bug

  2. #19116 issue: MCP OAuth 2.1 client registration fails when policy_uri, client_uri, logo_uri or tos_uri are not set
    by xqqp • Nov 11, 2025 • bug

  3. #18010 issue: MCP OAuth 2.1 flow doesn't match standard (missing code_challenge and resource_url)
    by hsuyuming • Oct 02, 2025 • bug

  4. #19993 issue: Microsoft SSO signup doesn't work after 0.6.41 update
    by avatsaev • Dec 16, 2025 • bug

  5. #19148 issue: Verify OAuth mcp server sends incorrect authorization header
    by Oleg52 • Nov 12, 2025 • bug

Show 5 more related issues

  1. #19813 issue: Failed to connect to MCP server, while the connection test works fine
    by spi-dlp • Dec 08, 2025 • bug

  2. #17655 issue: Bug when refreshing tokens with oauth
    by Clement44Ges • Sep 22, 2025 • bug

  3. #19415 issue: v0.6.37 breaks Okta OAuth: "Cannot supply multiple client credentials" error
    by WonwooKang • Nov 24, 2025 • bug

  4. #17829 issue: Exception during token refresh for provider oidc: Constructor parameter should be str
    by davidshen84 • Sep 27, 2025 • bug

  5. #18981 issue: 0.6.35 error using tools through mcpo
    by GlisseManTV • Nov 06, 2025 • bug

💡 Tips:

  • If this is a duplicate, please consider closing this issue and adding any additional details to the existing one
  • If you found a solution in any of these issues, please share it here to help others

This comment was generated automatically by a bot. Please react with a 👍 if this comment was helpful, or a 👎 if it was not.

<!-- gh-comment-id:3701943696 --> @owui-terminator[bot] commented on GitHub (Dec 31, 2025): 🔍 **Similar Issues Found** I found some existing issues that might be related to this one. Please check if any of these are duplicates or contain helpful solutions: 1. [#19823](https://github.com/open-webui/open-webui/issues/19823) **Issue: Auth 2.1 Authorization/Token retrival is broken in v0.6.41** *by mllab-nl • Dec 08, 2025 • `bug`* 2. [#19116](https://github.com/open-webui/open-webui/issues/19116) **issue: MCP OAuth 2.1 client registration fails when policy_uri, client_uri, logo_uri or tos_uri are not set** *by xqqp • Nov 11, 2025 • `bug`* 3. [#18010](https://github.com/open-webui/open-webui/issues/18010) **issue: MCP OAuth 2.1 flow doesn't match standard (missing code_challenge and resource_url)** *by hsuyuming • Oct 02, 2025 • `bug`* 4. [#19993](https://github.com/open-webui/open-webui/issues/19993) **issue: Microsoft SSO signup doesn't work after 0.6.41 update** *by avatsaev • Dec 16, 2025 • `bug`* 5. [#19148](https://github.com/open-webui/open-webui/issues/19148) **issue: Verify OAuth mcp server sends incorrect authorization header** *by Oleg52 • Nov 12, 2025 • `bug`* <details> <summary>Show 5 more related issues</summary> 6. [#19813](https://github.com/open-webui/open-webui/issues/19813) **issue: Failed to connect to MCP server, while the connection test works fine** *by spi-dlp • Dec 08, 2025 • `bug`* 7. [#17655](https://github.com/open-webui/open-webui/issues/17655) **issue: Bug when refreshing tokens with oauth** *by Clement44Ges • Sep 22, 2025 • `bug`* 8. [#19415](https://github.com/open-webui/open-webui/issues/19415) **issue: v0.6.37 breaks Okta OAuth: "Cannot supply multiple client credentials" error** *by WonwooKang • Nov 24, 2025 • `bug`* 9. [#17829](https://github.com/open-webui/open-webui/issues/17829) **issue: Exception during token refresh for provider oidc: Constructor parameter should be str** *by davidshen84 • Sep 27, 2025 • `bug`* 10. [#18981](https://github.com/open-webui/open-webui/issues/18981) **issue: 0.6.35 error using tools through mcpo** *by GlisseManTV • Nov 06, 2025 • `bug`* </details> --- 💡 **Tips:** - If this is a duplicate, please consider closing this issue and adding any additional details to the existing one - If you found a solution in any of these issues, please share it here to help others *This comment was generated automatically by a bot.* Please react with a 👍 if this comment was helpful, or a 👎 if it was not.
GiteaMirror commented 2026-04-20 01:28:32 -05:00
Author
Owner
Copy Link

@tjbck commented on GitHub (Dec 31, 2025):

Should be addressed in dev.

<!-- gh-comment-id:3702946569 --> @tjbck commented on GitHub (Dec 31, 2025): Should be addressed in dev.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
bug
confirmed
confirmed issue
core
documentation
enhancement
good first issue
help wanted
non-core
pull-request
Mirrored from GitHub Pull Request
 python
question
testing wanted
No Label bug
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/open-webui#19144
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?