github-starred/open-webui
2
0
Fork 0
mirror of https://github.com/open-webui/open-webui.git synced 2026-05-07 03:18:23 -05:00
Code Issues 1.3k Packages Projects Releases 126 Wiki Activity

[PR #14786] [CLOSED] feat: Add OAuth support for Tool Server authentication #23593

New Issue
Closed
opened 2026-04-20 04:54:55 -05:00 by GiteaMirror · 0 comments
GiteaMirror commented 2026-04-20 04:54:55 -05:00
Owner
Copy Link

📋 Pull Request Information

Original PR: https://github.com/open-webui/open-webui/pull/14786
Author: @jescalada
Created: 6/8/2025
Status: Closed

Base: devHead: add-tool-server-oauth

📝 Commits (10+)

  • 0f111f2 enh: add TOOL_GOOGLE configs
  • 9ac03f0 enh: add TOOL_ATLASSIAN configs
  • 3758d87 enh: add TOOL_SERVER_OAUTH_PROVIDERS loader
  • f35d5f3 fix: extract tool server config scopes
  • 4fa41be feat: add ToolServerOAuthManager class and init
  • 62e554d feat: add tool server login and callback support for OAuth
  • 0264866 enh: import ToolServerOAuthManager to main.py
  • 263a33f feat: add login endpoint for any OAuth provider
  • 909ca31 feat: add OAuth callback endpoint
  • 226d82f feat: add endpoint and middleware for fetching providers

📊 Changes

10 files changed (+371 additions, -20 deletions)

View changed files

📝 backend/open_webui/config.py (+129 -0)
📝 backend/open_webui/main.py (+56 -2)
📝 backend/open_webui/routers/configs.py (+1 -1)
📝 backend/open_webui/utils/oauth.py (+42 -0)
📝 backend/open_webui/utils/tools.py (+2 -2)
📝 src/lib/apis/configs/index.ts (+1 -1)
📝 src/lib/apis/index.ts (+9 -2)
📝 src/lib/components/AddServerModal.svelte (+115 -11)
📝 src/lib/components/chat/Settings/Tools/Connection.svelte (+14 -0)
📝 src/routes/+layout.svelte (+2 -1)

📄 Description

This PR adds OAuth support for Tool Server authentication.

Note: This PR enables logging in through a provider configured in the backend, and getting an "access token" which can be used to validate subsequent requests. Available providers are Google and Atlassian. Feel free to extend this for the providers that are most relevant!

This PR does not implement the entire OpenWebUI -> OAuth + MCP flow discussed in #14121. I hit a few roadblocks along the way and I believe some extra refactoring work is needed to get it to work. I'll write some suggestions about how we could approach that and some clues I found.

Changelog Entry

Description

  • This PR enables logging in through a provider configured in the backend, and getting an "access token" which can be used to validate subsequent requests. Available providers are Google and Atlassian. This can be easily extended with any provider needed.

Added

  • Added OAuth authentication option for Tool Servers
  • Added Tool Server provider configuration variables and provider loading
  • Added relevant endpoints for handling OAuth login for tool servers
  • Extended AddServerModal to show providers and handle entire OAuth flow, including manual token refresh

Additional Information

Screenshots or Videos

Demo Video

Demo

Note that my cursor isn't showing in the video, sorry about that!

Testing

If you'd like to test this PR, you can create your own Google auth client here: https://console.cloud.google.com/apis/credentials

Otherwise, you can do the same with an Atlassian OAuth 2.0 app: https://developer.atlassian.com/console/myapps

Otherwise, I can post my credentials and then manually add a reviewer's email (otherwise it won't work, since it's a test auth app).

Contributor License Agreement

By submitting this pull request, I confirm that I have read and fully agree to the Contributor License Agreement (CLA), and I am providing my contributions under its terms.

🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/open-webui/open-webui/pull/14786 **Author:** [@jescalada](https://github.com/jescalada) **Created:** 6/8/2025 **Status:** ❌ Closed **Base:** `dev` ← **Head:** `add-tool-server-oauth` --- ### 📝 Commits (10+) - [`0f111f2`](https://github.com/open-webui/open-webui/commit/0f111f22a0ed2520a8b6588604e32b9215909ee8) enh: add TOOL_GOOGLE configs - [`9ac03f0`](https://github.com/open-webui/open-webui/commit/9ac03f09a3d248228210a34d17d0aab75f3a0a1f) enh: add TOOL_ATLASSIAN configs - [`3758d87`](https://github.com/open-webui/open-webui/commit/3758d8739c194b80147816fd98e7dd4d9eca50b2) enh: add TOOL_SERVER_OAUTH_PROVIDERS loader - [`f35d5f3`](https://github.com/open-webui/open-webui/commit/f35d5f3b702ab96f01473ac4923880e2432df373) fix: extract tool server config scopes - [`4fa41be`](https://github.com/open-webui/open-webui/commit/4fa41be3ce8336ca8b4430a725a066c44d5b8eec) feat: add ToolServerOAuthManager class and init - [`62e554d`](https://github.com/open-webui/open-webui/commit/62e554d802bb6d3e57703e609eea9bd9453e92c5) feat: add tool server login and callback support for OAuth - [`0264866`](https://github.com/open-webui/open-webui/commit/0264866ea72f670bcade6b5a6e96829b327cfa87) enh: import ToolServerOAuthManager to main.py - [`263a33f`](https://github.com/open-webui/open-webui/commit/263a33fe74f465fc3f0362435c6eb88899102394) feat: add login endpoint for any OAuth provider - [`909ca31`](https://github.com/open-webui/open-webui/commit/909ca31c5ac50c545a868c7ff7aa942c3b88e5b3) feat: add OAuth callback endpoint - [`226d82f`](https://github.com/open-webui/open-webui/commit/226d82fdd945a9077e93c2fb51cc4bfc70d0106f) feat: add endpoint and middleware for fetching providers ### 📊 Changes **10 files changed** (+371 additions, -20 deletions) <details> <summary>View changed files</summary> 📝 `backend/open_webui/config.py` (+129 -0) 📝 `backend/open_webui/main.py` (+56 -2) 📝 `backend/open_webui/routers/configs.py` (+1 -1) 📝 `backend/open_webui/utils/oauth.py` (+42 -0) 📝 `backend/open_webui/utils/tools.py` (+2 -2) 📝 `src/lib/apis/configs/index.ts` (+1 -1) 📝 `src/lib/apis/index.ts` (+9 -2) 📝 `src/lib/components/AddServerModal.svelte` (+115 -11) 📝 `src/lib/components/chat/Settings/Tools/Connection.svelte` (+14 -0) 📝 `src/routes/+layout.svelte` (+2 -1) </details> ### 📄 Description This PR adds OAuth support for Tool Server authentication. **Note:** This PR enables logging in through a provider configured in the backend, and getting an "access token" which can be used to validate subsequent requests. Available providers are Google and Atlassian. Feel free to extend this for the providers that are most relevant! This PR **does not** implement the entire OpenWebUI -> OAuth + MCP flow discussed in #14121. I hit a few roadblocks along the way and I believe some extra refactoring work is needed to get it to work. I'll write some suggestions about how we could approach that and some clues I found. # Changelog Entry ### Description - This PR enables logging in through a provider configured in the backend, and getting an "access token" which can be used to validate subsequent requests. Available providers are Google and Atlassian. This can be easily extended with any provider needed. ### Added - Added OAuth authentication option for Tool Servers - Added Tool Server provider configuration variables and provider loading - Added relevant endpoints for handling OAuth login for tool servers - Extended `AddServerModal` to show providers and handle entire OAuth flow, including **manual** token refresh --- ### Additional Information - Relevant issues - #14121 - #13457 ### Screenshots or Videos #### Demo Video [Demo](https://github.com/user-attachments/assets/b992d959-a7d4-445e-896a-b872c896fb9f) Note that my cursor isn't showing in the video, sorry about that! ### Testing If you'd like to test this PR, you can create your own Google auth client here: https://console.cloud.google.com/apis/credentials Otherwise, you can do the same with an Atlassian OAuth 2.0 app: https://developer.atlassian.com/console/myapps Otherwise, I can post my credentials and then manually add a reviewer's email (otherwise it won't work, since it's a test auth app). ### Contributor License Agreement By submitting this pull request, I confirm that I have read and fully agree to the [Contributor License Agreement (CLA)](/CONTRIBUTOR_LICENSE_AGREEMENT), and I am providing my contributions under its terms. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
GiteaMirror added the pull-request label 2026-04-20 04:54:55 -05:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
bug
confirmed
confirmed issue
core
documentation
enhancement
good first issue
help wanted
non-core
pull-request
Mirrored from GitHub Pull Request
 python
question
testing wanted
No Label pull-request
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/open-webui#23593
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?