mirror of
https://github.com/open-webui/open-webui.git
synced 2026-07-15 21:19:39 -05:00
[GH-ISSUE #21134] feat: MCP Streamable HTTP: user identity headers not forwarded to MCP servers #19392
Reference in New Issue
Block a user
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @rpostulart on GitHub (Feb 3, 2026).
Original GitHub issue: https://github.com/open-webui/open-webui/issues/21134
Check Existing Issues
Verify Feature Scope
Problem Description
Description
When ENABLE_FORWARD_USER_INFO_HEADERS=true is set, OpenWebUI correctly forwards X-OpenWebUI-User-Email, X-OpenWebUI-User-Id, X-OpenWebUI-User-Name, and
X-OpenWebUI-User-Role headers to OpenAI-compatible API backends (e.g., LiteLLM). However, these headers are not forwarded to MCP Streamable HTTP tool
server connections.
Additionally, template variables like {{USER_EMAIL}} configured in MCP connection custom headers are sent as literal strings rather than being resolved
to the actual user's email.
Steps to Reproduce
Desired Solution you'd like
Expected Behavior
Either:
connections, OR
Actual Behavior
Headers received by the MCP server:
x-openwebui-user-id: {{USER_EMAIL}} ← literal string, not resolved
Missing headers (compared to LiteLLM requests):
x-openwebui-user-email: (not present)
x-openwebui-user-name: (not present)
x-openwebui-user-role: (not present)
Use Case
We use AWS Bedrock AgentCore Gateway as an MCP server to provide Jira, Confluence, and Microsoft 365 tools. The gateway uses per-user OAuth tokens
(3-legged OAuth) scoped by user identity. Without user identity headers on MCP requests, we cannot implement per-user token isolation — all users share
a single OAuth token.
Being able to identify the user making MCP requests would enable:
Environment
Alternatives Considered
No response
Additional Context
No response