github-starred/open-webui
2
0
Fork 0
mirror of https://github.com/open-webui/open-webui.git synced 2026-05-07 03:18:23 -05:00
Code Issues 1.3k Packages Projects Releases 126 Wiki Activity

[GH-ISSUE #23668] Bug: admin-configured scopes overridden by discovered scopes_supported in static-credential OAuth flow #35569

New Issue
Closed
opened 2026-04-25 09:45:33 -05:00 by GiteaMirror · 2 comments
GiteaMirror commented 2026-04-25 09:45:33 -05:00
Owner
Copy Link

Originally created by @dhruvalgupta2003 on GitHub (Apr 13, 2026).
Original GitHub issue: https://github.com/open-webui/open-webui/issues/23668

Summary

In get_oauth_client_info_with_static_credentials, the scope value is unconditionally set from the authorization server's scopes_supported metadata when available. This silently overrides any custom scope string the admin supplied when registering the tool server.

For setups that rely on scope bundling (e.g. registering multiple MCP servers backed by the same Entra AD app, so one consent grants access to all of them — Calendar + Mail + User in a typical M365 deployment), this override means the authorization request ends up with only the generic discovered scopes (e.g. openid profile offline_access) and omits the custom resource scopes. Users get prompted for consent multiple times, or the resulting access token is missing the required audiences.

Location

backend/open_webui/utils/oauth.py around lines 478–481:

scope = None
if oauth_server_metadata and oauth_server_metadata.scopes_supported:
    scope = ' '.join(oauth_server_metadata.scopes_supported)

Impact

  • Breaks the "one consent, N MCP servers" pattern for M365 / Entra ID integrations.
  • Silently drops admin-chosen scopes with no warning.

Suggested fix

Prefer the admin-provided scope if one was supplied; fall back to discovered scopes_supported only when no explicit scope exists. Log when metadata-discovered scopes are being used so the behaviour is visible.

Originally created by @dhruvalgupta2003 on GitHub (Apr 13, 2026). Original GitHub issue: https://github.com/open-webui/open-webui/issues/23668 ### Summary In `get_oauth_client_info_with_static_credentials`, the scope value is unconditionally set from the authorization server's `scopes_supported` metadata when available. This silently overrides any custom scope string the admin supplied when registering the tool server. For setups that rely on **scope bundling** (e.g. registering multiple MCP servers backed by the same Entra AD app, so one consent grants access to all of them — Calendar + Mail + User in a typical M365 deployment), this override means the authorization request ends up with only the generic discovered scopes (e.g. `openid profile offline_access`) and omits the custom resource scopes. Users get prompted for consent multiple times, or the resulting access token is missing the required audiences. ### Location `backend/open_webui/utils/oauth.py` around lines 478–481: ```python scope = None if oauth_server_metadata and oauth_server_metadata.scopes_supported: scope = ' '.join(oauth_server_metadata.scopes_supported) ``` ### Impact - Breaks the "one consent, N MCP servers" pattern for M365 / Entra ID integrations. - Silently drops admin-chosen scopes with no warning. ### Suggested fix Prefer the admin-provided scope if one was supplied; fall back to discovered `scopes_supported` only when no explicit scope exists. Log when metadata-discovered scopes are being used so the behaviour is visible.
GiteaMirror commented 2026-04-25 09:45:34 -05:00
Author
Owner
Copy Link

@tjbck commented on GitHub (Apr 17, 2026):

Likely addressed with 349ea4ea9e.

Dynamic Oauth2.1 should be used in general.

<!-- gh-comment-id:4265055871 --> @tjbck commented on GitHub (Apr 17, 2026): Likely addressed with 349ea4ea9e577f2cbfb4917ef5f52e5ac53c5b70. Dynamic Oauth2.1 should be used in general.
GiteaMirror commented 2026-04-25 09:45:34 -05:00
Author
Owner
Copy Link

@p-ob commented on GitHub (Apr 22, 2026):

Was this issue actually resolved in 349ea4ea9e?

Per https://datatracker.ietf.org/doc/html/rfc6749#section-3.3,

If the client omits the scope parameter when requesting
authorization, the authorization server MUST either process the
request using a pre-defined default value or fail the request
indicating an invalid scope. The authorization server SHOULD
document its scope requirements and default value (if defined).

I agree that DCR or CIMD should be supported by IdPs, but for those IdPs that still require static client configuration, the ability for an admin in Open WebUI to be able to specify those scopes for static clients seems valuable.

Edit: On review of the MCP spec, I think the original behavior for when scopes aren't defined was what was originally implemented: https://modelcontextprotocol.io/specification/2025-11-25/basic/authorization#scope-selection-strategy

Use scope parameter from the initial WWW-Authenticate header in the 401 response, if provided
If scope is not available, use all scopes defined in scopes_supported from the Protected Resource Metadata document, omitting the scope parameter if scopes_supported is undefined.

<!-- gh-comment-id:4296171637 --> @p-ob commented on GitHub (Apr 22, 2026): Was this issue actually resolved in https://github.com/open-webui/open-webui/commit/349ea4ea9e577f2cbfb4917ef5f52e5ac53c5b70? Per <https://datatracker.ietf.org/doc/html/rfc6749#section-3.3>, > If the client omits the scope parameter when requesting authorization, the authorization server MUST either process the request using a pre-defined default value or fail the request indicating an invalid scope. The authorization server SHOULD document its scope requirements and default value (if defined). I agree that DCR or CIMD should be supported by IdPs, but for those IdPs that still require static client configuration, the ability for an admin in Open WebUI to be able to specify those scopes for static clients seems valuable. **Edit:** On review of the MCP spec, I think the original behavior for when scopes aren't defined was what was originally implemented: <https://modelcontextprotocol.io/specification/2025-11-25/basic/authorization#scope-selection-strategy> > Use scope parameter from the initial WWW-Authenticate header in the 401 response, if provided If scope is not available, use all scopes defined in scopes_supported from the Protected Resource Metadata document, omitting the scope parameter if scopes_supported is undefined.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
bug
confirmed
confirmed issue
core
documentation
enhancement
good first issue
help wanted
non-core
pull-request
Mirrored from GitHub Pull Request
 python
question
testing wanted
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/open-webui#35569
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?