github-starred/open-webui
2
0
Fork 0
mirror of https://github.com/open-webui/open-webui.git synced 2026-05-06 10:58:17 -05:00
Code Issues 1.3k Packages Projects Releases 126 Wiki Activity

[GH-ISSUE #23128] issue: Feishu OAuth redirect_uri falls back to http:// behind reverse proxy #35419

New Issue
Closed
opened 2026-04-25 09:37:31 -05:00 by GiteaMirror · 2 comments
GiteaMirror commented 2026-04-25 09:37:31 -05:00
Owner
Copy Link

Originally created by @tuzkiyoung on GitHub (Mar 27, 2026).
Original GitHub issue: https://github.com/open-webui/open-webui/issues/23128

Check Existing Issues

  • I have searched for any existing and/or related issues.
  • I have searched for any existing and/or related discussions.
  • I have also searched in the CLOSED issues AND CLOSED discussions and found no related items (your issue might already be addressed on the development branch!).
  • I am using the latest version of Open WebUI.

Installation Method

Other

Open WebUI Version

0.8.11

Ollama Version (if applicable)

No response

Operating System

Ubuntu 24.04

Browser (if applicable)

No response

Confirmation

  • I have read and followed all instructions in README.md.
  • I am using the latest version of both Open WebUI and Ollama.
  • I have included the browser console logs.
  • I have included the Docker container logs.
  • I have provided every relevant configuration, setting, and environment variable used in my setup.
  • I have clearly listed every relevant configuration, custom setting, environment variable, and command-line option that influences my setup (such as Docker Compose overrides, .env values, browser settings, authentication configurations, etc).
  • I have documented step-by-step reproduction instructions that are precise, sequential, and leave nothing to interpretation. My steps:
  • Start with the initial platform/version/OS and dependencies used,
  • Specify exact install/launch/configure commands,
  • List URLs visited, user input (incl. example values/emails/passwords if needed),
  • Describe all options and toggles enabled or changed,
  • Include any files or environmental changes,
  • Identify the expected and actual result at each stage,
  • Ensure any reasonably skilled user can follow and hit the same issue.

Expected Behavior

When using Feishu OAuth behind a reverse proxy with HTTPS termination, the OAuth login fails because the redirect URI is generated as http:// instead of https://.

Actual Behavior

Feishu OAuth uses the configured FEISHU_CLIENT_REDIRECT_URI (e.g. https://example.com/oauth/feishu/callback) as the redirect URL, and login completes successfully — same as Google/Microsoft/GitHub/OIDC providers.

Steps to Reproduce

  1. Deploy Open WebUI behind a reverse proxy with HTTPS termination (nginx, ALB, Traefik, etc.)
  2. Set FEISHU_CLIENT_REDIRECT_URI=https://example.com/oauth/feishu/callback
  3. Configure matching redirect URI in the Feishu developer console
  4. Click "Login with Feishu" in the Open WebUI login page
  5. OAuth fails — Feishu rejects the http:// redirect URI

Logs & Screenshots

No error logs on the Open WebUI side. The failure occurs at Feishu's OAuth server which rejects the mismatched redirect URI (http:// vs registered https://).

Additional Information

This bug may not surface when the proxy correctly forwards X-Forwarded-Proto: https (e.g. single-layer Docker + ALB), but it breaks in multi-layer proxy setups (e.g. Kubernetes with Ingress) where the header may not reach uvicorn.

Originally created by @tuzkiyoung on GitHub (Mar 27, 2026). Original GitHub issue: https://github.com/open-webui/open-webui/issues/23128 ### Check Existing Issues - [x] I have searched for any existing and/or related issues. - [x] I have searched for any existing and/or related discussions. - [x] I have also searched in the CLOSED issues AND CLOSED discussions and found no related items (your issue might already be addressed on the development branch!). - [x] I am using the latest version of Open WebUI. ### Installation Method Other ### Open WebUI Version 0.8.11 ### Ollama Version (if applicable) _No response_ ### Operating System Ubuntu 24.04 ### Browser (if applicable) _No response_ ### Confirmation - [x] I have read and followed all instructions in `README.md`. - [x] I am using the latest version of **both** Open WebUI and Ollama. - [x] I have included the browser console logs. - [x] I have included the Docker container logs. - [x] I have **provided every relevant configuration, setting, and environment variable used in my setup.** - [x] I have clearly **listed every relevant configuration, custom setting, environment variable, and command-line option that influences my setup** (such as Docker Compose overrides, .env values, browser settings, authentication configurations, etc). - [x] I have documented **step-by-step reproduction instructions that are precise, sequential, and leave nothing to interpretation**. My steps: - Start with the initial platform/version/OS and dependencies used, - Specify exact install/launch/configure commands, - List URLs visited, user input (incl. example values/emails/passwords if needed), - Describe all options and toggles enabled or changed, - Include any files or environmental changes, - Identify the expected and actual result at each stage, - Ensure any reasonably skilled user can follow and hit the same issue. ### Expected Behavior When using Feishu OAuth behind a reverse proxy with HTTPS termination, the OAuth login fails because the redirect URI is generated as `http://` instead of `https://`. ### Actual Behavior Feishu OAuth uses the configured `FEISHU_CLIENT_REDIRECT_URI` (e.g. `https://example.com/oauth/feishu/callback`) as the redirect URL, and login completes successfully — same as Google/Microsoft/GitHub/OIDC providers. ### Steps to Reproduce 1. Deploy Open WebUI behind a reverse proxy with HTTPS termination (nginx, ALB, Traefik, etc.) 2. Set `FEISHU_CLIENT_REDIRECT_URI=https://example.com/oauth/feishu/callback` 3. Configure matching redirect URI in the Feishu developer console 4. Click "Login with Feishu" in the Open WebUI login page 5. OAuth fails — Feishu rejects the `http://` redirect URI ### Logs & Screenshots No error logs on the Open WebUI side. The failure occurs at Feishu's OAuth server which rejects the mismatched redirect URI (http:// vs registered https://). ### Additional Information This bug may not surface when the proxy correctly forwards X-Forwarded-Proto: https (e.g. single-layer Docker + ALB), but it breaks in multi-layer proxy setups (e.g. Kubernetes with Ingress) where the header may not reach uvicorn.
GiteaMirror added the bug label 2026-04-25 09:37:31 -05:00
GiteaMirror commented 2026-04-25 09:37:34 -05:00
Author
Owner
Copy Link

@tjbck commented on GitHub (Apr 1, 2026):

Addressed in dev.

<!-- gh-comment-id:4169327193 --> @tjbck commented on GitHub (Apr 1, 2026): Addressed in dev.
GiteaMirror commented 2026-04-25 09:37:35 -05:00
Author
Owner
Copy Link

@Classic298 commented on GitHub (Apr 1, 2026):

d6a9efca68

<!-- gh-comment-id:4169446475 --> @Classic298 commented on GitHub (Apr 1, 2026): https://github.com/open-webui/open-webui/commit/d6a9efca68afa75f58484c93b3f6e78544ea21a1
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
bug
confirmed
confirmed issue
core
documentation
enhancement
good first issue
help wanted
non-core
pull-request
Mirrored from GitHub Pull Request
 python
question
testing wanted
No Label bug
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/open-webui#35419
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?