github-starred/open-webui
2
0
Fork 0
mirror of https://github.com/open-webui/open-webui.git synced 2026-05-06 10:58:17 -05:00
Code Issues 1.3k Packages Projects Releases 126 Wiki Activity

[PR #6339] [MERGED] fix: get userinfo from endpoint, not only from token #21863

New Issue
Closed
opened 2026-04-20 03:46:01 -05:00 by GiteaMirror · 0 comments
GiteaMirror commented 2026-04-20 03:46:01 -05:00
Owner
Copy Link

📋 Pull Request Information

Original PR: https://github.com/open-webui/open-webui/pull/6339
Author: @Cyb4Black
Created: 10/22/2024
Status: Merged
Merged: 10/22/2024
Merged by: @tjbck

Base: devHead: fix-not-rely-on-id-token-for-user-info

📝 Commits (1)

  • 1b5ac83 fix: get userinfo from endpoint, not only from token

📊 Changes

1 file changed (+5 additions, -0 deletions)

View changed files

📝 backend/open_webui/utils/oauth.py (+5 -0)

📄 Description

as was suggested by @alvarolopez in #6262

Pull Request Checklist

Before submitting, make sure you've checked the following:

  • Target branch: Please verify that the pull request targets the dev branch.
  • Description: Provide a concise description of the changes made in this pull request.
  • Changelog: Ensure a changelog entry following the format of Keep a Changelog is added at the bottom of the PR description.
  • Documentation: Have you updated relevant documentation Open WebUI Docs, or other documentation sources?
  • Dependencies: Are there any new dependencies? Have you updated the dependency versions in the documentation?
  • Testing: Have you written and run sufficient tests for validating the changes?
    • again there are no oauth test classes, did some quick tests
    • will do real world testing with keycloak tomorrow
  • Code review: Have you performed a self-review of your code, addressing any coding standard issues and ensuring adherence to the project's coding standards?
  • Prefix: To cleary categorize this pull request, prefix the pull request title, using one of the following:
    • fix: Bug fix or error correction

Changelog Entry

Description

  • OpenID Connect userinfo claims may not be present in ID token as the specification does not enforce it, therefore Open WebUI cannot be used with providers not including them.

Fixed

  • Use OpenID Conect userinfo from endpoints to get userinfo claims, not only relying on ID token containing them.
    • only do extra call if actually needed

🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/open-webui/open-webui/pull/6339 **Author:** [@Cyb4Black](https://github.com/Cyb4Black) **Created:** 10/22/2024 **Status:** ✅ Merged **Merged:** 10/22/2024 **Merged by:** [@tjbck](https://github.com/tjbck) **Base:** `dev` ← **Head:** `fix-not-rely-on-id-token-for-user-info` --- ### 📝 Commits (1) - [`1b5ac83`](https://github.com/open-webui/open-webui/commit/1b5ac834ef70223c79993ad430bd4a761d4f75a1) fix: get userinfo from endpoint, not only from token ### 📊 Changes **1 file changed** (+5 additions, -0 deletions) <details> <summary>View changed files</summary> 📝 `backend/open_webui/utils/oauth.py` (+5 -0) </details> ### 📄 Description as was suggested by @alvarolopez in #6262 # Pull Request Checklist **Before submitting, make sure you've checked the following:** - [x] **Target branch:** Please verify that the pull request targets the `dev` branch. - [x] **Description:** Provide a concise description of the changes made in this pull request. - [x] **Changelog:** Ensure a changelog entry following the format of [Keep a Changelog](https://keepachangelog.com/) is added at the bottom of the PR description. - [x] **Documentation:** Have you updated relevant documentation [Open WebUI Docs](https://github.com/open-webui/docs), or other documentation sources? - [x] **Dependencies:** Are there any new dependencies? Have you updated the dependency versions in the documentation? - [ ] ~~**Testing:** Have you written and run sufficient tests for validating the changes?~~ - again there are no oauth test classes, did some quick tests - will do real world testing with keycloak tomorrow - [x] **Code review:** Have you performed a self-review of your code, addressing any coding standard issues and ensuring adherence to the project's coding standards? - [x] **Prefix:** To cleary categorize this pull request, prefix the pull request title, using one of the following: - **fix**: Bug fix or error correction # Changelog Entry ### Description - OpenID Connect userinfo claims may not be present in ID token as the specification does not enforce it, therefore Open WebUI cannot be used with providers not including them. ### Fixed - Use OpenID Conect userinfo from endpoints to get userinfo claims, not only relying on ID token containing them. - only do extra call if actually needed --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
GiteaMirror added the pull-request label 2026-04-20 03:46:01 -05:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
bug
confirmed
confirmed issue
core
documentation
enhancement
good first issue
help wanted
non-core
pull-request
Mirrored from GitHub Pull Request
 python
question
testing wanted
No Label pull-request
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/open-webui#21863
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?