github-starred/open-webui
2
0
Fork 0
mirror of https://github.com/open-webui/open-webui.git synced 2026-05-06 10:58:17 -05:00
Code Issues 1.3k Packages Projects Releases 126 Wiki Activity

[PR #18948] feat: Complete OAuth/OIDC Admin UI Configuration #25028

New Issue
Open
opened 2026-04-20 05:43:11 -05:00 by GiteaMirror · 0 comments
GiteaMirror commented 2026-04-20 05:43:11 -05:00
Owner
Copy Link

📋 Pull Request Information

Original PR: https://github.com/open-webui/open-webui/pull/18948
Author: @jmleksan
Created: 11/5/2025
Status: 🔄 Open

Base: devHead: oauth-updated

📝 Commits (10+)

  • a413865 add ui elements and auths.py handlers for full set of oauth settings
  • 64d5b76 fix config route response logic
  • 421dd69 API & Frontend in sync
  • e3778e1 all working, prep for client id and secret / provider values
  • 65cf437 add additional oauth/oidc settings to admin general ui
  • df623ff PersistentConfig entries exist for all settings, AdminConfig model updated to include the new settings, update_admin_config endpoint updated to handle saving the new settings, OAuth provider registration uses these settings when configuring the OIDC provider
  • 690a3ab fix config init
  • 5c4e46a Properly initializing the OAuth config variables in config.py with correct paths
  • 2eea797 Added the missing imports for these OAuth config variables
  • 4024db6 working great hell yeah + improve input styling

📊 Changes

5 files changed (+555 additions, -73 deletions)

View changed files

📝 backend/open_webui/config.py (+100 -68)
📝 backend/open_webui/main.py (+34 -0)
📝 backend/open_webui/routers/auths.py (+99 -4)
📝 backend/open_webui/utils/oauth.py (+28 -0)
📝 src/lib/components/admin/Settings/General.svelte (+294 -1)

📄 Description

Pull Request Checklist

Before submitting, make sure you've checked the following:

  • Target branch: Verify that the pull request targets the dev branch.
  • Description: Provide a concise description of the changes made in this pull request.
  • Changelog: Ensure a changelog entry following the format of Keep a Changelog is added at the bottom of the PR description.
  • Documentation: If necessary, update relevant documentation Open WebUI Docs like environment variables, the tutorials, or other documentation sources.
  • Dependencies: No new dependencies added.
  • Testing: Performed manual tests to verify OAuth configuration changes work correctly and don't break existing functionality.
  • Agentic AI Code: Confirm this Pull Request is not written by any AI Agent or has at least gone through additional human review and manual testing.
  • Code review: Self-review performed, addressing coding standards.
  • Title Prefix: feat: Complete OAuth/OIDC Admin UI Configuration with PKCE Support

Changelog Entry

  • 🔐 OAuth authentication settings can now be configured through the admin UI.

Description

This PR completes and brings up to date the comprehensive OAuth/OIDC admin UI configuration work originally started in #12945 by @taylorwilsdon.

What PR #12945 Set Out to Accomplish:
The original goal was to enable full OAuth/OIDC identity provider configuration through the administrative interface, allowing admins to manage OAuth parameters—including client credentials, provider details, claim mappings, and role/group logic—directly from the admin UI instead of managing environment variables.

This PR:

  • Completes the implementation with all OAuth settings fully configurable via admin UI
  • Brings the work up to date with current dev branch (rebased and resolved conflicts)
  • Adds PKCE support for modern OAuth providers (OneLogin, public clients)
  • Ensures configuration persistence with all settings properly saved and reloaded
  • Enables dynamic updates so OAuth changes take effect immediately without restart
  • Maintains backward compatibility with existing OAuth configurations

Added

  • Admin UI configuration for OAuth/OIDC settings
  • Dynamic OAuth provider reloading on configuration changes
  • Comprehensive backward compatibility for existing OAuth setups

Changed

  • OAuth configuration can now be fully managed through admin UI instead of just environment variables
  • OAuth providers reload immediately when settings change (no restart required)
  • Consistent configuration structure with backward-compatible fallbacks

Fixed

  • OAuth configuration persistence issues (settings now properly save and reload)
  • Missing configuration registration that caused startup errors
  • OAuth provider not updating after configuration changes
  • Configuration path inconsistencies across OAuth settings

Additional Information

Testing Performed

Testing across multiple scenarios:

  • Traditional OAuth with client secret (DUO)
  • PKCE-based OAuth without client secret (OneLogin)
  • Configuration persistence across restarts
  • Dynamic configuration updates without service interruption

Would also appreciate testing from people with other providers or scenarios.

Migration Notes

For existing deployments:

  • All existing OAuth configurations continue to work unchanged
  • Environment variables remain supported (but can now be managed via UI)
  • No breaking changes to authentication flow

For new deployments:

  • OAuth can be configured entirely through admin UI
  • No environment variable configuration required
  • Changes take effect immediately

Related Issues & PRs

  • Original work: #12945 by @taylorwilsdon

Screenshots or Videos

image

Contributor License Agreement

By submitting this pull request, I confirm that I have read and fully agree to the Contributor License Agreement (CLA), and I am providing my contributions under its terms.

Acknowledgments

This work builds directly on the foundation laid by @taylorwilsdon in #12945. Credit for the original vision and architecture goes to them.

🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/open-webui/open-webui/pull/18948 **Author:** [@jmleksan](https://github.com/jmleksan) **Created:** 11/5/2025 **Status:** 🔄 Open **Base:** `dev` ← **Head:** `oauth-updated` --- ### 📝 Commits (10+) - [`a413865`](https://github.com/open-webui/open-webui/commit/a413865d6b1fbd58de9d1d67d351e3f3f9b1bf9c) add ui elements and auths.py handlers for full set of oauth settings - [`64d5b76`](https://github.com/open-webui/open-webui/commit/64d5b76283726e7bc1c1f0181e959c5757beeed1) fix config route response logic - [`421dd69`](https://github.com/open-webui/open-webui/commit/421dd699c639c32672ea72c3c0a3da2ba89426a3) API & Frontend in sync - [`e3778e1`](https://github.com/open-webui/open-webui/commit/e3778e1f1003775290f6569ee6aea3154be725de) all working, prep for client id and secret / provider values - [`65cf437`](https://github.com/open-webui/open-webui/commit/65cf437013080023e73f9b46058eb574ab6a8dbf) add additional oauth/oidc settings to admin general ui - [`df623ff`](https://github.com/open-webui/open-webui/commit/df623ff664c3abf1f479e9d311202075cc14e1e5) PersistentConfig entries exist for all settings, AdminConfig model updated to include the new settings, update_admin_config endpoint updated to handle saving the new settings, OAuth provider registration uses these settings when configuring the OIDC provider - [`690a3ab`](https://github.com/open-webui/open-webui/commit/690a3aba7b2fd47b4a5c98c6e8e13c35c182801c) fix config init - [`5c4e46a`](https://github.com/open-webui/open-webui/commit/5c4e46ab71dfadc305e7e2f8c73b3ccebc9f40a1) Properly initializing the OAuth config variables in config.py with correct paths - [`2eea797`](https://github.com/open-webui/open-webui/commit/2eea7970753f59c8da039122ab9b7440144e2ada) Added the missing imports for these OAuth config variables - [`4024db6`](https://github.com/open-webui/open-webui/commit/4024db6b5cb4a6a2a69ddc6202fe29e97f6a30ed) working great hell yeah + improve input styling ### 📊 Changes **5 files changed** (+555 additions, -73 deletions) <details> <summary>View changed files</summary> 📝 `backend/open_webui/config.py` (+100 -68) 📝 `backend/open_webui/main.py` (+34 -0) 📝 `backend/open_webui/routers/auths.py` (+99 -4) 📝 `backend/open_webui/utils/oauth.py` (+28 -0) 📝 `src/lib/components/admin/Settings/General.svelte` (+294 -1) </details> ### 📄 Description # Pull Request Checklist **Before submitting, make sure you've checked the following:** - [x] **Target branch:** Verify that the pull request targets the `dev` branch. - [x] **Description:** Provide a concise description of the changes made in this pull request. - [x] **Changelog:** Ensure a changelog entry following the format of [Keep a Changelog](https://keepachangelog.com/) is added at the bottom of the PR description. - [x] **Documentation:** If necessary, update relevant documentation [Open WebUI Docs](https://github.com/open-webui/docs) like environment variables, the tutorials, or other documentation sources. - [x] **Dependencies:** No new dependencies added. - [x] **Testing:** Performed manual tests to verify OAuth configuration changes work correctly and don't break existing functionality. - [x] **Agentic AI Code:** Confirm this Pull Request is **not written by any AI Agent** or has at least gone through additional human review **and** manual testing. - [x] **Code review:** Self-review performed, addressing coding standards. - [x] **Title Prefix:** `feat: Complete OAuth/OIDC Admin UI Configuration with PKCE Support` --- # Changelog Entry - 🔐 OAuth authentication settings can now be configured through the admin UI. ## Description This PR completes and brings up to date the comprehensive OAuth/OIDC admin UI configuration work originally started in [#12945](https://github.com/open-webui/open-webui/pull/12945) by @taylorwilsdon. **What PR #12945 Set Out to Accomplish:** The original goal was to enable full OAuth/OIDC identity provider configuration through the administrative interface, allowing admins to manage OAuth parameters—including client credentials, provider details, claim mappings, and role/group logic—directly from the admin UI instead of managing environment variables. **This PR:** - **Completes the implementation** with all OAuth settings fully configurable via admin UI - **Brings the work up to date** with current `dev` branch (rebased and resolved conflicts) - **Adds PKCE support** for modern OAuth providers (OneLogin, public clients) - **Ensures configuration persistence** with all settings properly saved and reloaded - **Enables dynamic updates** so OAuth changes take effect immediately without restart - **Maintains backward compatibility** with existing OAuth configurations ## Added - Admin UI configuration for OAuth/OIDC settings - Dynamic OAuth provider reloading on configuration changes - Comprehensive backward compatibility for existing OAuth setups ## Changed - OAuth configuration can now be fully managed through admin UI instead of just environment variables - OAuth providers reload immediately when settings change (no restart required) - Consistent configuration structure with backward-compatible fallbacks ## Fixed - OAuth configuration persistence issues (settings now properly save and reload) - Missing configuration registration that caused startup errors - OAuth provider not updating after configuration changes - Configuration path inconsistencies across OAuth settings - --- ## Additional Information ### Testing Performed Testing across multiple scenarios: - Traditional OAuth with client secret (DUO) - PKCE-based OAuth without client secret (OneLogin) - Configuration persistence across restarts - Dynamic configuration updates without service interruption Would also appreciate testing from people with other providers or scenarios. ### Migration Notes **For existing deployments:** - All existing OAuth configurations continue to work unchanged - Environment variables remain supported (but can now be managed via UI) - No breaking changes to authentication flow **For new deployments:** - OAuth can be configured entirely through admin UI - No environment variable configuration required - Changes take effect immediately ### Related Issues & PRs - **Original work:** [#12945](https://github.com/open-webui/open-webui/pull/12945) by @taylorwilsdon ### Screenshots or Videos <img width="1251" height="1163" alt="image" src="https://github.com/user-attachments/assets/fb1463a5-fde5-48bd-ae78-5ad9b0d7fb3a" /> --- ### Contributor License Agreement By submitting this pull request, I confirm that I have read and fully agree to the [Contributor License Agreement (CLA)](https://github.com/open-webui/open-webui/blob/main/CONTRIBUTOR_LICENSE_AGREEMENT), and I am providing my contributions under its terms. --- ### Acknowledgments This work builds directly on the foundation laid by @taylorwilsdon in [#12945](https://github.com/open-webui/open-webui/pull/12945). Credit for the original vision and architecture goes to them. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
GiteaMirror added the pull-request label 2026-04-20 05:43:11 -05:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
bug
confirmed
confirmed issue
core
documentation
enhancement
good first issue
help wanted
non-core
pull-request
Mirrored from GitHub Pull Request
 python
question
testing wanted
No Label pull-request
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/open-webui#25028
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?