github-starred/open-webui
2
0
Fork 0
mirror of https://github.com/open-webui/open-webui.git synced 2026-05-06 19:08:59 -05:00
Code Issues 1.3k Packages Projects Releases 126 Wiki Activity

[GH-ISSUE #8425] Use OAuth Profile Picture (e.g., Microsoft Entra ID) as User Avatar in OpenWebUI #30649

New Issue
Closed
opened 2026-04-25 04:54:05 -05:00 by GiteaMirror · 32 comments
GiteaMirror commented 2026-04-25 04:54:05 -05:00
Owner
Copy Link

Originally created by @jeannotdamoiseaux on GitHub (Jan 9, 2025).
Original GitHub issue: https://github.com/open-webui/open-webui/issues/8425

Feature Request

Is your feature request related to a problem? Please describe.
When users log in via OAuth providers (e.g., Microsoft Entra ID), OpenWebUI does not currently fetch and display their profile picture from the OAuth service. This limits personalization and requires users to manually upload a profile picture or stick with the default avatar.

Describe the solution you'd like
OpenWebUI should fetch and use the profile picture from the user's OAuth account after login. For example:

Request the profile picture during the OAuth flow (e.g., using Microsoft Graph's GET /me/photo/$value for Microsoft Entra ID) after obtaining appropriate permissions like User.Read.
Save the profile picture in the user’s OpenWebUI profile and display it in relevant places (navigation bar, comments, etc.).

Describe alternatives you've considered

  • Manual profile picture uploads (less seamless).
  • Fixed default avatars (non-personalized).
  • Gravatar integration (requires external accounts and additional configuration by users).

Additional context
I’m new to the repo but willing to help implement this feature. A pointer on where OAuth and user profile logic resides in the codebase would be greatly appreciated. Thank you!

Originally created by @jeannotdamoiseaux on GitHub (Jan 9, 2025). Original GitHub issue: https://github.com/open-webui/open-webui/issues/8425 # Feature Request **Is your feature request related to a problem? Please describe.** When users log in via OAuth providers (e.g., Microsoft Entra ID), OpenWebUI does not currently fetch and display their profile picture from the OAuth service. This limits personalization and requires users to manually upload a profile picture or stick with the default avatar. **Describe the solution you'd like** OpenWebUI should fetch and use the profile picture from the user's OAuth account after login. For example: Request the profile picture during the OAuth flow (e.g., using Microsoft Graph's GET /me/photo/$value for Microsoft Entra ID) after obtaining appropriate permissions like User.Read. Save the profile picture in the user’s OpenWebUI profile and display it in relevant places (navigation bar, comments, etc.). **Describe alternatives you've considered** - Manual profile picture uploads (less seamless). - Fixed default avatars (non-personalized). - Gravatar integration (requires external accounts and additional configuration by users). **Additional context** I’m new to the repo but willing to help implement this feature. A pointer on where OAuth and user profile logic resides in the codebase would be greatly appreciated. Thank you!
GiteaMirror commented 2026-04-25 04:54:06 -05:00
Author
Owner
Copy Link

@rgaricano commented on GitHub (Jan 9, 2025):

1dfb479d36/backend/open_webui/utils/oauth.py (L257)

<!-- gh-comment-id:2580331354 --> @rgaricano commented on GitHub (Jan 9, 2025): https://github.com/open-webui/open-webui/blob/1dfb479d367e5f5902f051c823f9aef836e04791/backend/open_webui/utils/oauth.py#L257
GiteaMirror commented 2026-04-25 04:54:07 -05:00
Author
Owner
Copy Link

@jeannotdamoiseaux commented on GitHub (Jan 9, 2025):

1dfb479d36/backend/open_webui/utils/oauth.py (L257)

That’s strange—I’m not sure why it’s not working on my end. Could there be any specific configuration or setup difference that might be causing this issue?

<!-- gh-comment-id:2580802489 --> @jeannotdamoiseaux commented on GitHub (Jan 9, 2025): > https://github.com/open-webui/open-webui/blob/1dfb479d367e5f5902f051c823f9aef836e04791/backend/open_webui/utils/oauth.py#L257 That’s strange—I’m not sure why it’s not working on my end. Could there be any specific configuration or setup difference that might be causing this issue?
GiteaMirror commented 2026-04-25 04:54:07 -05:00
Author
Owner
Copy Link

@rgaricano commented on GitHub (Jan 9, 2025):

Sorry, I haven't tried oauth, I'm just trying out other aspects right now.

While someone who is more familiar with it answers you, you can take a look at the documentation on environment variables and check that you have configured the ones that refer to oauth... https://docs.openwebui.com/getting-started/advanced-topics/env-configuration/#enable_oauth_signup
;-)

<!-- gh-comment-id:2580954020 --> @rgaricano commented on GitHub (Jan 9, 2025): Sorry, I haven't tried oauth, I'm just trying out other aspects right now. While someone who is more familiar with it answers you, you can take a look at the documentation on environment variables and check that you have configured the ones that refer to oauth... https://docs.openwebui.com/getting-started/advanced-topics/env-configuration/#enable_oauth_signup ;-)
GiteaMirror commented 2026-04-25 04:54:09 -05:00
Author
Owner
Copy Link

@robert-mcdermott commented on GitHub (Jan 14, 2025):

@jeannotdamoiseaux, I'm currently using LDAP against a local Active Directory for authentication, but need to move to SAML/OAuth/SSO against our Entra ID tenant. Based on your feature request, it appears that you have already gotten this working. The Open WebUI docs don't explain how I can accomplish this, can you point me in the right direction? Thanks.

<!-- gh-comment-id:2588506191 --> @robert-mcdermott commented on GitHub (Jan 14, 2025): @jeannotdamoiseaux, I'm currently using LDAP against a local Active Directory for authentication, but need to move to SAML/OAuth/SSO against our Entra ID tenant. Based on your feature request, it appears that you have already gotten this working. The Open WebUI docs don't explain how I can accomplish this, can you point me in the right direction? Thanks.
GiteaMirror commented 2026-04-25 04:54:09 -05:00
Author
Owner
Copy Link

@jeannotdamoiseaux commented on GitHub (Jan 14, 2025):

@jeannotdamoiseaux, I'm currently using LDAP against a local Active Directory for authentication, but need to move to SAML/OAuth/SSO against our Entra ID tenant. Based on your feature request, it appears that you have already gotten this working. The Open WebUI docs don't explain how I can accomplish this, can you point me in the right direction? Thanks.

The docs can be found here.

<!-- gh-comment-id:2589311129 --> @jeannotdamoiseaux commented on GitHub (Jan 14, 2025): > @jeannotdamoiseaux, I'm currently using LDAP against a local Active Directory for authentication, but need to move to SAML/OAuth/SSO against our Entra ID tenant. Based on your feature request, it appears that you have already gotten this working. The Open WebUI docs don't explain how I can accomplish this, can you point me in the right direction? Thanks. The docs can be found [here](https://docs.openwebui.com/features/sso/).
GiteaMirror commented 2026-04-25 04:54:10 -05:00
Author
Owner
Copy Link

@rragundez commented on GitHub (Jan 14, 2025):

@jeannotdamoiseaux is it working for you?
I have OAUTH configured with MS Entra ID and all working but I cannot get the picture claim. When I look at the user data, printing it in oauth.py (1dfb479d36/backend/open_webui/utils/oauth.py (L258)) print(user_data) I do not see a picture field or similar with the picture url.
I am a bit lost ATM with this.

<!-- gh-comment-id:2590323151 --> @rragundez commented on GitHub (Jan 14, 2025): @jeannotdamoiseaux is it working for you? I have OAUTH configured with MS Entra ID and all working but I cannot get the `picture` claim. When I look at the user data, printing it in oauth.py (https://github.com/open-webui/open-webui/blob/1dfb479d367e5f5902f051c823f9aef836e04791/backend/open_webui/utils/oauth.py#L258) print(user_data) I do not see a `picture` field or similar with the picture url. I am a bit lost ATM with this.
GiteaMirror commented 2026-04-25 04:54:11 -05:00
Author
Owner
Copy Link

@jeannotdamoiseaux commented on GitHub (Jan 14, 2025):

@jeannotdamoiseaux is it working for you? I have OAUTH configured with MS Entra ID and all working but I cannot get the picture claim. When I look at the user data, printing it in oauth.py (

1dfb479d36/backend/open_webui/utils/oauth.py (L258)

) print(user_data) I do not see a picture field or similar with the picture url.
I am a bit lost ATM with this.

For me OAuth is working using MS Entra ID, but the picture claim is not.

<!-- gh-comment-id:2590354882 --> @jeannotdamoiseaux commented on GitHub (Jan 14, 2025): > @jeannotdamoiseaux is it working for you? I have OAUTH configured with MS Entra ID and all working but I cannot get the `picture` claim. When I look at the user data, printing it in oauth.py ( > > https://github.com/open-webui/open-webui/blob/1dfb479d367e5f5902f051c823f9aef836e04791/backend/open_webui/utils/oauth.py#L258 > > ) print(user_data) I do not see a `picture` field or similar with the picture url. > I am a bit lost ATM with this. For me OAuth is working using MS Entra ID, but the picture claim is not.
GiteaMirror commented 2026-04-25 04:54:11 -05:00
Author
Owner
Copy Link

@rragundez commented on GitHub (Jan 14, 2025):

ah OK, same here

<!-- gh-comment-id:2590378345 --> @rragundez commented on GitHub (Jan 14, 2025): ah OK, same here
GiteaMirror commented 2026-04-25 04:54:13 -05:00
Author
Owner
Copy Link

@robert-mcdermott commented on GitHub (Jan 14, 2025):

@jeannotdamoiseaux, I'm currently using LDAP against a local Active Directory for authentication, but need to move to SAML/OAuth/SSO against our Entra ID tenant. Based on your feature request, it appears that you have already gotten this working. The Open WebUI docs don't explain how I can accomplish this, can you point me in the right direction? Thanks.

The docs can be found here.

@jeannotdamoiseaux, Thanks, I found that, but what method are you using?

<!-- gh-comment-id:2590587155 --> @robert-mcdermott commented on GitHub (Jan 14, 2025): > > @jeannotdamoiseaux, I'm currently using LDAP against a local Active Directory for authentication, but need to move to SAML/OAuth/SSO against our Entra ID tenant. Based on your feature request, it appears that you have already gotten this working. The Open WebUI docs don't explain how I can accomplish this, can you point me in the right direction? Thanks. > > The docs can be found [here](https://docs.openwebui.com/features/sso/). @jeannotdamoiseaux, Thanks, I found that, but what method are you using?
GiteaMirror commented 2026-04-25 04:54:14 -05:00
Author
Owner
Copy Link

@rragundez commented on GitHub (Jan 15, 2025):

@jeannotdamoiseaux take a look, a thumbs up would be nice to raise it to owners of the repo:

https://github.com/open-webui/open-webui/pull/8566/files

<!-- gh-comment-id:2591437833 --> @rragundez commented on GitHub (Jan 15, 2025): @jeannotdamoiseaux take a look, a thumbs up would be nice to raise it to owners of the repo: https://github.com/open-webui/open-webui/pull/8566/files
GiteaMirror commented 2026-04-25 04:54:15 -05:00
Author
Owner
Copy Link

@rragundez commented on GitHub (Jan 15, 2025):

@robert-mcdermott this particular thread is about the microsoft oauth (https://docs.openwebui.com/features/sso/#microsoft)

You basically have to create an application in Entra ID and get the values for:
MICROSOFT_CLIENT_ID - Microsoft OAuth client ID
MICROSOFT_CLIENT_SECRET - Microsoft OAuth client secret
MICROSOFT_CLIENT_TENANT_ID - Microsoft tenant ID - use 9188040d-6c67-4c5b-b112-36a304b66dad for personal accounts

Hope that helps!

<!-- gh-comment-id:2591439723 --> @rragundez commented on GitHub (Jan 15, 2025): @robert-mcdermott this particular thread is about the microsoft oauth (https://docs.openwebui.com/features/sso/#microsoft) You basically have to create an application in Entra ID and get the values for: MICROSOFT_CLIENT_ID - Microsoft OAuth client ID MICROSOFT_CLIENT_SECRET - Microsoft OAuth client secret MICROSOFT_CLIENT_TENANT_ID - Microsoft tenant ID - use 9188040d-6c67-4c5b-b112-36a304b66dad for personal accounts Hope that helps!
GiteaMirror commented 2026-04-25 04:54:16 -05:00
Author
Owner
Copy Link

@jeannotdamoiseaux commented on GitHub (Jan 15, 2025):

@jeannotdamoiseaux take a look, a thumbs up would be nice to raise it to owners of the repo:

https://github.com/open-webui/open-webui/pull/8566/files

Great work!

<!-- gh-comment-id:2591892161 --> @jeannotdamoiseaux commented on GitHub (Jan 15, 2025): > @jeannotdamoiseaux take a look, a thumbs up would be nice to raise it to owners of the repo: > > https://github.com/open-webui/open-webui/pull/8566/files Great work!
GiteaMirror commented 2026-04-25 04:54:17 -05:00
Author
Owner
Copy Link

@jeannotdamoiseaux commented on GitHub (Jan 17, 2025):

@rragundez, it's still not working on my end. I don’t see any errors in the logs, so I’m unsure what might be causing the issue.

<!-- gh-comment-id:2597807210 --> @jeannotdamoiseaux commented on GitHub (Jan 17, 2025): @rragundez, it's still not working on my end. I don’t see any errors in the logs, so I’m unsure what might be causing the issue.
GiteaMirror commented 2026-04-25 04:54:18 -05:00
Author
Owner
Copy Link

@rragundez commented on GitHub (Jan 17, 2025):

Mmm I double checked and with the access token it works. Your application does need the permissions in EntraID, the delegated permission from Microsoft graph user.read and profile picture.

<!-- gh-comment-id:2597818040 --> @rragundez commented on GitHub (Jan 17, 2025): Mmm I double checked and with the access token it works. Your application does need the permissions in EntraID, the delegated permission from Microsoft graph user.read and profile picture.
GiteaMirror commented 2026-04-25 04:54:19 -05:00
Author
Owner
Copy Link

@jeannotdamoiseaux commented on GitHub (Jan 17, 2025):

Is this configuration insufficient to retrieve the profile picture? Here's a screenshot for reference:

Image

<!-- gh-comment-id:2597838277 --> @jeannotdamoiseaux commented on GitHub (Jan 17, 2025): Is this configuration insufficient to retrieve the profile picture? Here's a screenshot for reference: ![Image](https://github.com/user-attachments/assets/d6278f4f-66b8-4146-a5a9-64d6e9ba2fa8)
GiteaMirror commented 2026-04-25 04:54:20 -05:00
Author
Owner
Copy Link

@rragundez commented on GitHub (Jan 17, 2025):

I also added the "ProfilePhoto.Read.All" @jeannotdamoiseaux

<!-- gh-comment-id:2598097090 --> @rragundez commented on GitHub (Jan 17, 2025): I also added the "ProfilePhoto.Read.All" @jeannotdamoiseaux
GiteaMirror commented 2026-04-25 04:54:20 -05:00
Author
Owner
Copy Link

@jeannotdamoiseaux commented on GitHub (Jan 17, 2025):

I'm currently waiting for admin approval and will report the results later.

<!-- gh-comment-id:2598227161 --> @jeannotdamoiseaux commented on GitHub (Jan 17, 2025): I'm currently waiting for admin approval and will report the results later.
GiteaMirror commented 2026-04-25 04:54:21 -05:00
Author
Owner
Copy Link

@mittalpatel130 commented on GitHub (Jan 17, 2025):

Great work! @jeannotdamoiseaux .. I am still struggling with Microsoft Authentication. I set up all the variables it seems correctly and also the app registration. But, I am not sure what am I missing.

I get this error message -
{
"detail": "The email or password provided is incorrect. Please check for typos and try logging in again."
}

Variables I set -

  1. MICROSOFT_CLIENT_ID
  2. MICROSOFT_CLIENT_SECRET
  3. MICROSOFT_CLIENT_TENANT_ID
  4. MICROSOFT_OAUTH_SCOPE = openai email profile (Note: added these delegated permissions on the app registration)
  5. MICROSOFT_REDIRECT_URI = http://<>/oauth/microsoft/callback (Note: added this redirect URI on the app registration)
  6. ENABLE_OAUTH_ROLE_MANAGEMENT = ??
  7. WEBUI_AUTH = ??
  8. ENABLE_SIGNUP = ??
  9. ENABLE_LOGIN_FORM = ??
  10. ENABLE_OAUTH_SIGNUP = ??

What should be the values for variables from (6-10)?

If you could please help me?? Thank you in advance!

<!-- gh-comment-id:2599011464 --> @mittalpatel130 commented on GitHub (Jan 17, 2025): Great work! @jeannotdamoiseaux .. I am still struggling with Microsoft Authentication. I set up all the variables it seems correctly and also the app registration. But, I am not sure what am I missing. I get this error message - { "detail": "The email or password provided is incorrect. Please check for typos and try logging in again." } Variables I set - 1. MICROSOFT_CLIENT_ID 2. MICROSOFT_CLIENT_SECRET 3. MICROSOFT_CLIENT_TENANT_ID 4. MICROSOFT_OAUTH_SCOPE = openai email profile _(Note: added these delegated permissions on the app registration)_ 5. MICROSOFT_REDIRECT_URI = http://<<localhost app:port>>/oauth/microsoft/callback _(Note: added this redirect URI on the app registration)_ 6. ENABLE_OAUTH_ROLE_MANAGEMENT = ?? 7. WEBUI_AUTH = ?? 8. ENABLE_SIGNUP = ?? 9. ENABLE_LOGIN_FORM = ?? 10. ENABLE_OAUTH_SIGNUP = ?? What should be the values for variables from (6-10)? If you could please help me?? Thank you in advance!
GiteaMirror commented 2026-04-25 04:54:22 -05:00
Author
Owner
Copy Link

@rragundez commented on GitHub (Jan 17, 2025):

Hi @mittalpatel130 I will try to help but I think you should read teh documentation carefully because the information is there if you read it with enough patience.

The fact that you are getting "The email or password provided is incorrect" should tell you that some conceptual understanding is missing because the whole idea of using Microsoft to log is, is that you do not have to login to the application itself but via the Microsoft Auth flow. And if the MS Auth flow is giving you that message then indeed it means your password is incorrect.

WEBUI_AUTH=True

if you are giving access via MS Auth then it makes no sense to allow people to register or login via the app
ENABLE_SIGNUP=False
ENABLE_LOGIN_FORM=False

ENABLE_OAUTH_SIGNUP=True
MICROSOFT_CLIENT_ID=
MICROSOFT_CLIENT_SECRET=
MICROSOFT_CLIENT_TENANT_ID=
ENABLE_OAUTH_ROLE_MANAGEMENT=True

<!-- gh-comment-id:2599326716 --> @rragundez commented on GitHub (Jan 17, 2025): Hi @mittalpatel130 I will try to help but I think you should read teh documentation carefully because the information is there if you read it with enough patience. The fact that you are getting "The email or password provided is incorrect" should tell you that some conceptual understanding is missing because the whole idea of using Microsoft to log is, is that you do not have to login to the application itself but via the Microsoft Auth flow. And if the MS Auth flow is giving you that message then indeed it means your password is incorrect. WEBUI_AUTH=True if you are giving access via MS Auth then it makes no sense to allow people to register or login via the app ENABLE_SIGNUP=False ENABLE_LOGIN_FORM=False ENABLE_OAUTH_SIGNUP=True MICROSOFT_CLIENT_ID= MICROSOFT_CLIENT_SECRET= MICROSOFT_CLIENT_TENANT_ID= ENABLE_OAUTH_ROLE_MANAGEMENT=True
GiteaMirror commented 2026-04-25 04:54:23 -05:00
Author
Owner
Copy Link

@rragundez commented on GitHub (Jan 22, 2025):

@jeannotdamoiseaux can you please provide feedback so we can close this issue?
It has been merged into main and I have deployed on my own use case and I can see the picture.

<!-- gh-comment-id:2608486568 --> @rragundez commented on GitHub (Jan 22, 2025): @jeannotdamoiseaux can you please provide feedback so we can close this issue? It has been merged into main and I have deployed on my own use case and I can see the picture.
GiteaMirror commented 2026-04-25 04:54:24 -05:00
Author
Owner
Copy Link

@mittalpatel130 commented on GitHub (Jan 23, 2025):

@rragundez - Thank you very much for your guidance on Microsoft OAuth setup. It is working now.

Regarding the profile photo - It is not loading and displaying no-photo image with the "alt" text from tag.

Image

When I inspect this element, I can see it pulled jpeg profile photo in the API response.

Image

Steps I performed:

  1. OAuth.py update

Image

  1. config.py update

Image

  1. On the AD App registration - Permission added and granted.

Image

Is there anything else we have to do? Any CORS settings?

<!-- gh-comment-id:2610176123 --> @mittalpatel130 commented on GitHub (Jan 23, 2025): @rragundez - Thank you very much for your guidance on Microsoft OAuth setup. It is working now. Regarding the profile photo - It is not loading and displaying no-photo image with the "alt" text from <img> tag. ![Image](https://github.com/user-attachments/assets/e51eb2a7-da3b-444e-9d5a-90047fd610e9) When I inspect this element, I can see it pulled jpeg profile photo in the API response. ![Image](https://github.com/user-attachments/assets/f18ce53b-981c-4f38-a43a-57442b4979c5) **Steps I performed:** 1. OAuth.py update ![Image](https://github.com/user-attachments/assets/5fcf1739-d748-4877-8d42-dd308b5885a3) 2. config.py update ![Image](https://github.com/user-attachments/assets/ad2f24de-7817-403e-829b-1dbc5f38b360) 3. On the AD App registration - Permission added and granted. ![Image](https://github.com/user-attachments/assets/ff6a8f4b-4515-4516-8f21-226f41186b89) Is there anything else we have to do? Any CORS settings?
GiteaMirror commented 2026-04-25 04:54:25 -05:00
Author
Owner
Copy Link

@rragundez commented on GitHub (Jan 23, 2025):

Seems you're missing the headers, but you don't need to change anything it has already been merged and released, just use the last version of open webui

<!-- gh-comment-id:2611034370 --> @rragundez commented on GitHub (Jan 23, 2025): Seems you're missing the headers, but you don't need to change anything it has already been merged and released, just use the last version of open webui
GiteaMirror commented 2026-04-25 04:54:25 -05:00
Author
Owner
Copy Link

@rragundez commented on GitHub (Jan 25, 2025):

@tjbck I have been running in production for the last week with this change, I think we can close the issue

<!-- gh-comment-id:2614139519 --> @rragundez commented on GitHub (Jan 25, 2025): @tjbck I have been running in production for the last week with this change, I think we can close the issue
GiteaMirror commented 2026-04-25 04:54:27 -05:00
Author
Owner
Copy Link

@jeannotdamoiseaux commented on GitHub (Jan 29, 2025):

I can confirm that this functionality is now working as expected. However, I’ve noticed one issue: accounts created prior to the introduction of this functionality still display the 'anonymous' picture. That said, I’ll be closing this issue since the primary functionality is working.

<!-- gh-comment-id:2621292221 --> @jeannotdamoiseaux commented on GitHub (Jan 29, 2025): I can confirm that this functionality is now working as expected. However, I’ve noticed one issue: accounts created prior to the introduction of this functionality still display the 'anonymous' picture. That said, I’ll be closing this issue since the primary functionality is working.
GiteaMirror commented 2026-04-25 04:54:27 -05:00
Author
Owner
Copy Link

@koorlan commented on GitHub (Feb 5, 2025):

To keep you informed, after utilizing this service, it works remarkably well. However, if a user does not have a profile picture, it creates an issue because the graph response is encoded in base64, which can be inappropriate. The graph response is as follows:

{
  "error": {
    "code": "ImageNotFound",
    "message": "Exception of type 'Microsoft.Fast.Profile.Core.Exception.ImageNotFoundException' was thrown.",
    "innerError": {
      "date": "2025-02-05T13:28:46",
      "request-id": "84705674-b2f4-49af-989e-53cba0c793ae",
      "client-request-id": "84705674-b2f4-49af-989e-53cba0c793ae"
    }
  }
}

The resulting image is as follows:

Image

It would be desirable, when the user is not found, to revert to the original avatar:

Image

An even better solution would be to emulate Microsoft Teams and replace the image with an avatar displaying the user's initials.

<!-- gh-comment-id:2637270415 --> @koorlan commented on GitHub (Feb 5, 2025): To keep you informed, after utilizing this service, it works remarkably well. However, if a user does not have a profile picture, it creates an issue because the graph response is encoded in base64, which can be inappropriate. The graph response is as follows: ```json { "error": { "code": "ImageNotFound", "message": "Exception of type 'Microsoft.Fast.Profile.Core.Exception.ImageNotFoundException' was thrown.", "innerError": { "date": "2025-02-05T13:28:46", "request-id": "84705674-b2f4-49af-989e-53cba0c793ae", "client-request-id": "84705674-b2f4-49af-989e-53cba0c793ae" } } } ``` The resulting image is as follows: ![Image](https://github.com/user-attachments/assets/196f59cb-2e39-4d43-b57c-b36d80296b59) It would be desirable, when the user is not found, to revert to the original avatar: ![Image](https://github.com/user-attachments/assets/d935c662-31a2-429e-b9a8-cc9c74d10c8c) An even better solution would be to emulate Microsoft Teams and replace the image with an avatar displaying the user's initials.
GiteaMirror commented 2026-04-25 04:54:28 -05:00
Author
Owner
Copy Link

@jeannotdamoiseaux commented on GitHub (Feb 5, 2025):

To keep you informed, after utilizing this service, it works remarkably well. However, if a user does not have a profile picture, it creates an issue because the graph response is encoded in base64, which can be inappropriate. The graph response is as follows:

{
"error": {
"code": "ImageNotFound",
"message": "Exception of type 'Microsoft.Fast.Profile.Core.Exception.ImageNotFoundException' was thrown.",
"innerError": {
"date": "2025-02-05T13:28:46",
"request-id": "84705674-b2f4-49af-989e-53cba0c793ae",
"client-request-id": "84705674-b2f4-49af-989e-53cba0c793ae"
}
}
}
The resulting image is as follows:

Image

It would be desirable, when the user is not found, to revert to the original avatar:

Image

An even better solution would be to emulate Microsoft Teams and replace the image with an avatar displaying the user's initials.

Also see #9327 for this

<!-- gh-comment-id:2637277695 --> @jeannotdamoiseaux commented on GitHub (Feb 5, 2025): > To keep you informed, after utilizing this service, it works remarkably well. However, if a user does not have a profile picture, it creates an issue because the graph response is encoded in base64, which can be inappropriate. The graph response is as follows: > > { > "error": { > "code": "ImageNotFound", > "message": "Exception of type 'Microsoft.Fast.Profile.Core.Exception.ImageNotFoundException' was thrown.", > "innerError": { > "date": "2025-02-05T13:28:46", > "request-id": "84705674-b2f4-49af-989e-53cba0c793ae", > "client-request-id": "84705674-b2f4-49af-989e-53cba0c793ae" > } > } > } > The resulting image is as follows: > > ![Image](https://github.com/user-attachments/assets/196f59cb-2e39-4d43-b57c-b36d80296b59) > > It would be desirable, when the user is not found, to revert to the original avatar: > > ![Image](https://github.com/user-attachments/assets/d935c662-31a2-429e-b9a8-cc9c74d10c8c) > > An even better solution would be to emulate Microsoft Teams and replace the image with an avatar displaying the user's initials. Also see #9327 for this
GiteaMirror commented 2026-04-25 04:54:29 -05:00
Author
Owner
Copy Link

@koorlan commented on GitHub (Feb 5, 2025):

oh perfect we are aligned :D

<!-- gh-comment-id:2637287796 --> @koorlan commented on GitHub (Feb 5, 2025): oh perfect we are aligned :D
GiteaMirror commented 2026-04-25 04:54:30 -05:00
Author
Owner
Copy Link

@chaiyr commented on GitHub (Feb 10, 2025):

I have the same issue, the MS Oauth work nicely but the picture not show up. I found out that I have to add scope "https://graph.microsoft.com/User.Read" to MICROSOFT_OAUTH_SCOPE env.

<!-- gh-comment-id:2648558085 --> @chaiyr commented on GitHub (Feb 10, 2025): I have the same issue, the MS Oauth work nicely but the picture not show up. I found out that I have to add scope "https://graph.microsoft.com/User.Read" to MICROSOFT_OAUTH_SCOPE env.
GiteaMirror commented 2026-04-25 04:54:31 -05:00
Author
Owner
Copy Link

@mateuszdrab commented on GitHub (Feb 10, 2025):

@chaiyr
I'm also trying to get this to work with Entra ID, does the username properly propagate into Open WebUI for you?
Aside from the broken picture, I'm seeing the username is the email address and the email address is empty in the edit dialog but shows fine on the user list.

<!-- gh-comment-id:2649520518 --> @mateuszdrab commented on GitHub (Feb 10, 2025): @chaiyr I'm also trying to get this to work with Entra ID, does the username properly propagate into Open WebUI for you? Aside from the broken picture, I'm seeing the username is the email address and the email address is empty in the edit dialog but shows fine on the user list.
GiteaMirror commented 2026-04-25 04:54:32 -05:00
Author
Owner
Copy Link

@chaiyr commented on GitHub (Feb 11, 2025):

@mateuszdrab yes, now I get it works both Username and profile image. As of V0.5.10, I edit the Oauth.py

line 284 from
if not isinstance(user, str): === > if not isinstance(name, str):

<!-- gh-comment-id:2649865328 --> @chaiyr commented on GitHub (Feb 11, 2025): @mateuszdrab yes, now I get it works both Username and profile image. As of V0.5.10, I edit the Oauth.py line 284 from if not isinstance(user, str): === > if not isinstance(name, str):
GiteaMirror commented 2026-04-25 04:54:32 -05:00
Author
Owner
Copy Link

@koorlan commented on GitHub (Feb 11, 2025):

for the name's issue its already merged onto dev , ship with the next release

https://github.com/open-webui/open-webui/pull/8493

<!-- gh-comment-id:2650089396 --> @koorlan commented on GitHub (Feb 11, 2025): for the name's issue its already merged onto dev , ship with the next release https://github.com/open-webui/open-webui/pull/8493
GiteaMirror commented 2026-04-25 04:54:33 -05:00
Author
Owner
Copy Link

@mateuszdrab commented on GitHub (Feb 11, 2025):

for the name's issue its already merged onto dev , ship with the next release

https://github.com/open-webui/open-webui/pull/8493

Awesome, understood. Will wait the next release.
Thanks for confirming

<!-- gh-comment-id:2650872418 --> @mateuszdrab commented on GitHub (Feb 11, 2025): > for the name's issue its already merged onto dev , ship with the next release > > https://github.com/open-webui/open-webui/pull/8493 Awesome, understood. Will wait the next release. Thanks for confirming
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
bug
confirmed
confirmed issue
core
documentation
enhancement
good first issue
help wanted
non-core
pull-request
Mirrored from GitHub Pull Request
 python
question
testing wanted
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/open-webui#30649
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?