github-starred/open-webui
2
0
Fork 0
mirror of https://github.com/open-webui/open-webui.git synced 2026-05-06 02:48:13 -05:00
Code Issues 1.1k Packages Projects Releases 126 Wiki Activity

[GH-ISSUE #16635] issue: OAUTH_GROUPS_CLAIM isn't read correctly #33516

New Issue
Closed
opened 2026-04-25 07:25:47 -05:00 by GiteaMirror · 2 comments
GiteaMirror commented 2026-04-25 07:25:47 -05:00
Owner
Copy Link

Originally created by @antondelgado123 on GitHub (Aug 14, 2025).
Original GitHub issue: https://github.com/open-webui/open-webui/issues/16635

Check Existing Issues

  • I have searched the existing issues and discussions.
  • I am using the latest version of Open WebUI.

Installation Method

Git Clone

Open WebUI Version

v0.6.22

Ollama Version (if applicable)

No response

Operating System

Ubuntu 22.04

Browser (if applicable)

No response

Confirmation

  • I have read and followed all instructions in README.md.
  • I am using the latest version of both Open WebUI and Ollama.
  • I have included the browser console logs.
  • I have included the Docker container logs.
  • I have provided every relevant configuration, setting, and environment variable used in my setup.
  • I have clearly listed every relevant configuration, custom setting, environment variable, and command-line option that influences my setup (such as Docker Compose overrides, .env values, browser settings, authentication configurations, etc).
  • I have documented step-by-step reproduction instructions that are precise, sequential, and leave nothing to interpretation. My steps:
  • Start with the initial platform/version/OS and dependencies used,
  • Specify exact install/launch/configure commands,
  • List URLs visited, user input (incl. example values/emails/passwords if needed),
  • Describe all options and toggles enabled or changed,
  • Include any files or environmental changes,
  • Identify the expected and actual result at each stage,
  • Ensure any reasonably skilled user can follow and hit the same issue.

Expected Behavior

I have have configured Keycloak as my OAUTH identity provider (works as per the guide) and would like to also enable automatic group creation. Per the following settings, my Keycloak Token contains the relevant groups under "roles" (company specific config).

  • name: ENABLE_OAUTH_GROUP_MANAGEMENT
    value: "true"
  • name: ENABLE_OAUTH_GROUP_CREATION
    value: "true"
  • name: OAUTH_GROUPS_CLAIM
    value: "roles"

When running OI with the above config, I expect on the login of a non-admin user groups to be automatically created.

Actual Behavior

Groups are not automatically created

Steps to Reproduce

The reason for this behaviour is very simple - the os.environ.get call for this config has a typo.

OAUTH_GROUPS_CLAIM = PersistentConfig(
    "OAUTH_GROUPS_CLAIM",
    "oauth.oidc.group_claim",
    os.environ.get("OAUTH_GROUP_CLAIM", "groups"),
)

extract from config.py.

Logs & Screenshots

N/A

Additional Information

No response

Originally created by @antondelgado123 on GitHub (Aug 14, 2025). Original GitHub issue: https://github.com/open-webui/open-webui/issues/16635 ### Check Existing Issues - [x] I have searched the existing issues and discussions. - [x] I am using the latest version of Open WebUI. ### Installation Method Git Clone ### Open WebUI Version v0.6.22 ### Ollama Version (if applicable) _No response_ ### Operating System Ubuntu 22.04 ### Browser (if applicable) _No response_ ### Confirmation - [x] I have read and followed all instructions in `README.md`. - [x] I am using the latest version of **both** Open WebUI and Ollama. - [x] I have included the browser console logs. - [x] I have included the Docker container logs. - [x] I have **provided every relevant configuration, setting, and environment variable used in my setup.** - [x] I have clearly **listed every relevant configuration, custom setting, environment variable, and command-line option that influences my setup** (such as Docker Compose overrides, .env values, browser settings, authentication configurations, etc). - [x] I have documented **step-by-step reproduction instructions that are precise, sequential, and leave nothing to interpretation**. My steps: - Start with the initial platform/version/OS and dependencies used, - Specify exact install/launch/configure commands, - List URLs visited, user input (incl. example values/emails/passwords if needed), - Describe all options and toggles enabled or changed, - Include any files or environmental changes, - Identify the expected and actual result at each stage, - Ensure any reasonably skilled user can follow and hit the same issue. ### Expected Behavior I have have configured Keycloak as my OAUTH identity provider (works as per the guide) and would like to also enable automatic group creation. Per the following settings, my Keycloak Token contains the relevant groups under "roles" (company specific config). - name: ENABLE_OAUTH_GROUP_MANAGEMENT value: "true" - name: ENABLE_OAUTH_GROUP_CREATION value: "true" - name: OAUTH_GROUPS_CLAIM value: "roles" When running OI with the above config, I expect on the login of a non-admin user groups to be automatically created. ### Actual Behavior Groups are not automatically created ### Steps to Reproduce The reason for this behaviour is very simple - the os.environ.get call for this config has a typo. ``` OAUTH_GROUPS_CLAIM = PersistentConfig( "OAUTH_GROUPS_CLAIM", "oauth.oidc.group_claim", os.environ.get("OAUTH_GROUP_CLAIM", "groups"), ) ``` extract from `config.py`. ### Logs & Screenshots N/A ### Additional Information _No response_
GiteaMirror added the bug label 2026-04-25 07:25:47 -05:00
GiteaMirror commented 2026-04-25 07:25:48 -05:00
Author
Owner
Copy Link

@tjbck commented on GitHub (Aug 14, 2025):

Addressed with daa4b3284f

<!-- gh-comment-id:3189716513 --> @tjbck commented on GitHub (Aug 14, 2025): Addressed with daa4b3284f975fe9fd618de164a250f94818c180
GiteaMirror commented 2026-04-25 07:25:49 -05:00
Author
Owner
Copy Link

@antondelgado123 commented on GitHub (Aug 14, 2025):

Thanks @tjbck , I actually wanted to use this as an opportunity to raise a simple PR in the repo. No worries, I'll raise another a more complex one tomorrow.

<!-- gh-comment-id:3189723386 --> @antondelgado123 commented on GitHub (Aug 14, 2025): Thanks @tjbck , I actually wanted to use this as an opportunity to raise a simple PR in the repo. No worries, I'll raise another a more complex one tomorrow.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
bug
confirmed
confirmed issue
core
documentation
enhancement
good first issue
help wanted
non-core
pull-request
Mirrored from GitHub Pull Request
 python
question
testing wanted
No Label bug
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/open-webui#33516
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?