[PR #23701] [CLOSED] fix: Correct the OAuth2.1 static flow #27322

New Issue

GiteaMirror · 2026-04-20T07:00:08-05:00

GiteaMirror commented

2026-04-20 07:00:08 -05:00

📋 Pull Request Information

Original PR: https://github.com/open-webui/open-webui/pull/23701
Author: @DonMul
Created: 4/14/2026
Status: ❌ Closed

Base: dev ← Head: fixStaticOauthMCP

📝 Commits (10+)

fe6783c Merge pull request #19030 from open-webui/dev
fc05e0a Merge pull request #19405 from open-webui/dev
e3faec6 Merge pull request #19416 from open-webui/dev
9899293 Merge pull request #19448 from open-webui/dev
140605e Merge pull request #19462 from open-webui/dev
6f1486f Merge pull request #19466 from open-webui/dev
d95f533 Merge pull request #19729 from open-webui/dev
a727153 0.6.43 (#20093)
6adde20 Merge pull request #20394 from open-webui/dev
f9b0534 Merge pull request #20522 from open-webui/dev

📊 Changes

4 files changed (+85 additions, -46 deletions)

View changed files

📝 backend/open_webui/routers/configs.py (+14 -5)
📝 backend/open_webui/utils/oauth.py (+57 -30)
📝 src/lib/apis/configs/index.ts (+1 -0)
📝 src/lib/components/AddToolServerModal.svelte (+13 -11)

📄 Description

Changelog Entry

Description

The OAuth2.1 Static workflow was not working as intended. Somewhere in the conversion of the Static OAuth2.1 authentication for MCP servers Pull Request there was some lost in translation issues i believe (because the original Pull Request has some different functionality than what has been merged. This Pull Request is intended to correct the issues.

Fixed

Fix the authentication flow for OAuth2.1 Static authentication for MCP servers

Additional Information

The intended flow for Static OAuth2.1 credentials is as following:

The user gets the static client_id and client_secret from the provider of the MCP server
The user will enter these in the current modal box to manage the MCP server (see below)
The user can (optionally) verify the connection, but Must (not optional) register the client. This client will ALWAYS make use of the entered client_id and client_secret
Whenever the user selects/enables the tool server in his/her chat, the user will be redirected to the authentication page of the MCP provider
The MCP provider will do a callback to the oauth client callback URL. For the example in the screenshots above, that would be http://localhost:3000/oauth/clients/mcp:udemy/callback. It is possible that this callback URL needs to be configured on the side of the MCP provider as well.
The MCP server will then be enabled for the user and can be queried accordingly

Please let me know if there are any unclarities about this feature, i am more than willing to help!

By submitting this pull request, I confirm that I have read and fully agree to the Contributor License Agreement (CLA), and I am providing my contributions under its terms.

Note

Deleting the CLA section will lead to immediate closure of your PR and it will not be merged in.

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/open-webui/open-webui/pull/23701 **Author:** [@DonMul](https://github.com/DonMul) **Created:** 4/14/2026 **Status:** ❌ Closed **Base:** `dev` ← **Head:** `fixStaticOauthMCP` --- ### 📝 Commits (10+) - [`fe6783c`](https://github.com/open-webui/open-webui/commit/fe6783c16699911c7be17392596d579333fb110c) Merge pull request #19030 from open-webui/dev - [`fc05e0a`](https://github.com/open-webui/open-webui/commit/fc05e0a6c5d39da60b603b4d520f800d6e36f748) Merge pull request #19405 from open-webui/dev - [`e3faec6`](https://github.com/open-webui/open-webui/commit/e3faec62c58e3a83d89aa3df539feacefa125e0c) Merge pull request #19416 from open-webui/dev - [`9899293`](https://github.com/open-webui/open-webui/commit/9899293f050ad50ae12024cbebee7e018acd851e) Merge pull request #19448 from open-webui/dev - [`140605e`](https://github.com/open-webui/open-webui/commit/140605e660b8186a7d5c79fb3be6ffb147a2f498) Merge pull request #19462 from open-webui/dev - [`6f1486f`](https://github.com/open-webui/open-webui/commit/6f1486ffd0cb288d0e21f41845361924e0d742b3) Merge pull request #19466 from open-webui/dev - [`d95f533`](https://github.com/open-webui/open-webui/commit/d95f533214e3fe5beb5e41ec1f349940bc4c7043) Merge pull request #19729 from open-webui/dev - [`a727153`](https://github.com/open-webui/open-webui/commit/a7271532f8a38da46785afcaa7e65f9a45e7d753) 0.6.43 (#20093) - [`6adde20`](https://github.com/open-webui/open-webui/commit/6adde203cd292a9e3af9c64a2ae36b603fed096a) Merge pull request #20394 from open-webui/dev - [`f9b0534`](https://github.com/open-webui/open-webui/commit/f9b0534e0c442631d1cb7205169588b9b6204179) Merge pull request #20522 from open-webui/dev ### 📊 Changes **4 files changed** (+85 additions, -46 deletions) <details> <summary>View changed files</summary> 📝 `backend/open_webui/routers/configs.py` (+14 -5) 📝 `backend/open_webui/utils/oauth.py` (+57 -30) 📝 `src/lib/apis/configs/index.ts` (+1 -0) 📝 `src/lib/components/AddToolServerModal.svelte` (+13 -11) </details> ### 📄 Description  # Changelog Entry ### Description The OAuth2.1 Static workflow was not working as intended. Somewhere in the conversion of the Static OAuth2.1 authentication for MCP servers Pull Request there was some lost in translation issues i believe (because the original [Pull Request](https://github.com/open-webui/open-webui/pull/22266/changes) has some different functionality than what has been [merged](https://github.com/open-webui/open-webui/commit/601bb783587a3e965cf88c148e4856b988655b13). This Pull Request is intended to correct the issues. ### Fixed - Fix the authentication flow for OAuth2.1 Static authentication for MCP servers --- ### Additional Information The intended flow for Static OAuth2.1 credentials is as following: 1. The user gets the static `client_id` and `client_secret` from the provider of the MCP server 2. The user will enter these in the current modal box to manage the MCP server (see below) <img width="479" height="562" alt="Screenshot 2026-04-14 at 13 31 04" src="https://github.com/user-attachments/assets/ce91857a-c6fd-4dec-8d8b-e0629de63064" /> 3. The user can (optionally) verify the connection, but Must (not optional) register the client. This client will ALWAYS make use of the entered client_id and client_secret 4. Whenever the user selects/enables the tool server in his/her chat, the user will be redirected to the authentication page of the MCP provider <img width="392" height="254" alt="Screenshot 2026-04-14 at 13 25 54" src="https://github.com/user-attachments/assets/c9a8bfab-051d-4515-9faf-5430edc4df49" /> 5. The MCP provider will do a callback to the oauth client callback URL. For the example in the screenshots above, that would be `http://localhost:3000/oauth/clients/mcp:udemy/callback`. It is possible that this callback URL needs to be configured on the side of the MCP provider as well. 6. The MCP server will then be enabled for the user and can be queried accordingly <img width="1050" height="371" alt="Screenshot 2026-04-14 at 13 35 33" src="https://github.com/user-attachments/assets/d936e94e-fe10-4bae-a20b-a6c90d386bcb" /> Please let me know if there are any unclarities about this feature, i am more than willing to help!  - [X] By submitting this pull request, I confirm that I have read and fully agree to the [Contributor License Agreement (CLA)](https://github.com/open-webui/open-webui/blob/main/CONTRIBUTOR_LICENSE_AGREEMENT), and I am providing my contributions under its terms. > [!NOTE] > Deleting the CLA section will lead to immediate closure of your PR and it will not be merged in. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>

GiteaMirror added the pull-request label 2026-04-20 07:00:08 -05:00

GiteaMirror closed this issue

2026-04-20 07:00:10 -05:00

Sign in to join this conversation.

Branches Tags

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/open-webui#27322