github-starred/open-webui
2
0
Fork 0
mirror of https://github.com/open-webui/open-webui.git synced 2026-05-07 03:18:23 -05:00
Code Issues 1.3k Packages Projects Releases 126 Wiki Activity

Feature: Add Pomerium JWT Validation Support to OpenWebUI #3290

New Issue
Closed
opened 2025-11-11 15:28:09 -06:00 by GiteaMirror · 0 comments
GiteaMirror commented 2025-11-11 15:28:09 -06:00
Owner
Copy Link

Originally created by @nickytonline on GitHub (Jan 15, 2025).

Feature Request

Request to add support for Pomerium JWT validation in OpenWebUI, complementing the existing trusted headers authentication method.

Important Notes

Overview

Request to add support for Pomerium JWT validation in OpenWebUI, complementing the existing trusted headers authentication method.

Background

OpenWebUI already supports Pomerium integration via trusted headers (as shown in Pomerium's official integration guide for OpenWebUI). Adding JWT validation support would:

  • Provide a more secure authentication option for environments requiring it
  • Allow for offline validation of user claims
  • Reduce reliance on header trust in certain deployments

Implementation Requirements

  1. JWT Validation Support

    • Validate Pomerium-issued JWTs
    • Extract user claims (email, groups, etc.) from validated tokens
    • Configure via environment variables
    • Fall back to existing trusted headers method if JWT validation is not enabled

  2. Documentation Needs

    • Add JWT validation section to existing Pomerium integration docs
    • Include configuration examples for:
      • Environment variables for JWT setup
      • Docker Compose configuration
      • JWT public key or JWKS configuration
    • Document security considerations vs. trusted headers approach

Happy to provide pull requests for this and the documentation. 😎

Is your feature request related to a problem? Please describe.

N/A

Describe the solution you'd like

The solution would be similar to https://github.com/argoproj/argo-cd/pull/20928

Describe alternatives you've considered

The alternatives are the current way, i.e. Trusted Headers

Additional context

Add any other context or screenshots about the feature request here.

Originally created by @nickytonline on GitHub (Jan 15, 2025). # Feature Request Request to add support for [Pomerium JWT validation](https://www.pomerium.com/docs/capabilities/getting-users-identity#jwt-validation) in OpenWebUI, complementing the existing trusted headers authentication method. ## Important Notes ### Overview Request to add support for [Pomerium JWT validation](https://www.pomerium.com/docs/capabilities/getting-users-identity#jwt-validation) in OpenWebUI, complementing the existing trusted headers authentication method. ### Background OpenWebUI already supports Pomerium integration via trusted headers (as shown in [Pomerium's official integration guide for OpenWebUI](https://www.pomerium.com/docs/guides/secure-llm-webui)). Adding JWT validation support would: * Provide a more secure authentication option for environments requiring it * Allow for offline validation of user claims * Reduce reliance on header trust in certain deployments ### Implementation Requirements 1. JWT Validation Support * Validate Pomerium-issued JWTs * Extract user claims (email, groups, etc.) from validated tokens * Configure via environment variables * Fall back to existing trusted headers method if JWT validation is not enabled 2. Documentation Needs * Add JWT validation section to existing Pomerium integration docs * Include configuration examples for: * Environment variables for JWT setup * Docker Compose configuration * JWT public key or JWKS configuration * Document security considerations vs. trusted headers approach Happy to provide pull requests for this and the documentation. 😎 --- **Is your feature request related to a problem? Please describe.** N/A **Describe the solution you'd like** The solution would be similar to https://github.com/argoproj/argo-cd/pull/20928 **Describe alternatives you've considered** The alternatives are the current way, i.e. Trusted Headers **Additional context** Add any other context or screenshots about the feature request here.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
bug
confirmed
confirmed issue
core
documentation
enhancement
good first issue
help wanted
non-core
pull-request
Mirrored from GitHub Pull Request
 python
question
testing wanted
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/open-webui#3290
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?