github-starred/open-webui
2
0
Fork 0
mirror of https://github.com/open-webui/open-webui.git synced 2026-05-08 04:16:03 -05:00
Code Issues 1.3k Packages Projects Releases 126 Wiki Activity

[PR #8638] [MERGED] refactor: Extend OIDC support to all OAuth authentication methods #37892

New Issue
Closed
opened 2026-04-25 11:10:18 -05:00 by GiteaMirror · 0 comments
GiteaMirror commented 2026-04-25 11:10:18 -05:00
Owner
Copy Link

📋 Pull Request Information

Original PR: https://github.com/open-webui/open-webui/pull/8638
Author: @Tryanks
Created: 1/17/2025
Status: Merged
Merged: 1/17/2025
Merged by: @tjbck

Base: devHead: oauth2-github

📝 Commits (2)

  • f3e6dac refac: Extend OIDC support to all OAuth authentication methods
  • e7971b5 enh: add github oauth2 provider support

📊 Changes

3 files changed (+100 additions, -24 deletions)

View changed files

📝 backend/open_webui/config.py (+81 -12)
📝 backend/open_webui/utils/oauth.py (+3 -12)
📝 src/routes/auth/+page.svelte (+16 -0)

📄 Description

Related Issue: #8614; Related PR: #8624
I sincerely apologize for opening two PRs for the same feature request. After thorough consideration, I believe it is more reasonable to reimplement the significant changes from a single commit into two separate changes.

Pull Request Checklist

Before submitting, make sure you've checked the following:

  • Target branch: Please verify that the pull request targets the dev branch.
  • Description: Provide a concise description of the changes made in this pull request.
  • Changelog: Ensure a changelog entry following the format of Keep a Changelog is added at the bottom of the PR description.
  • Documentation: Have you updated relevant documentation Open WebUI Docs, or other documentation sources? The Changelog could be Document in SSO part.
  • Dependencies: Are there any new dependencies? Have you updated the dependency versions in the documentation?
  • Testing: Have you written and run sufficient tests for validating the changes?
  • Code review: Have you performed a self-review of your code, addressing any coding standard issues and ensuring adherence to the project's coding standards?
  • Prefix: To cleary categorize this pull request, prefix the pull request title, using one of the following:
    • refactor: Code restructuring for better maintainability, readability, or scalability

Changelog Entry

Description

In the current OIDC implementation, OAUTH_PROVIDERS is hardcoded to only support the fixed OIDC format using the .well-known protocol. This means it cannot provide an integration method for authenticators like Github, which only offer OAuth 2.0.
This PR changes the way authlib.OAuth() registers providers by delegating the more flexible .register() behavior to the configuration initialization process. This enables support for all authenticator protocols that authlib can handle and further enhances extensibility.
Additionally, in the subsequent commit, the Github OAuth Provider has also been implemented.

Added Env vars:

  • GITHUB_CLIENT_ID - Github OAuth App Client ID
  • GITHUB_CLIENT_SECRET - Github OAuth App Client Secret
  • GITHUB_OAUTH_SCOPE - Github OAuth App Scope, default "user:email"
  • GITHUB_CLIENT_REDIRECT_URI - The recall url for Authentication.

Changed

  • Provider register has been moved to config

Added

  • Github OAuth2 Provider in SSO.

🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/open-webui/open-webui/pull/8638 **Author:** [@Tryanks](https://github.com/Tryanks) **Created:** 1/17/2025 **Status:** ✅ Merged **Merged:** 1/17/2025 **Merged by:** [@tjbck](https://github.com/tjbck) **Base:** `dev` ← **Head:** `oauth2-github` --- ### 📝 Commits (2) - [`f3e6dac`](https://github.com/open-webui/open-webui/commit/f3e6dacf0de0556ea7e34ccfde48186c52aee82e) refac: Extend OIDC support to all OAuth authentication methods - [`e7971b5`](https://github.com/open-webui/open-webui/commit/e7971b58409790b25257e44ca4b19341cfa37234) enh: add github oauth2 provider support ### 📊 Changes **3 files changed** (+100 additions, -24 deletions) <details> <summary>View changed files</summary> 📝 `backend/open_webui/config.py` (+81 -12) 📝 `backend/open_webui/utils/oauth.py` (+3 -12) 📝 `src/routes/auth/+page.svelte` (+16 -0) </details> ### 📄 Description Related Issue: #8614; Related PR: #8624 I sincerely apologize for opening two PRs for the same feature request. After thorough consideration, I believe it is more reasonable to reimplement the significant changes from a single commit into two separate changes. # Pull Request Checklist **Before submitting, make sure you've checked the following:** - [x] **Target branch:** Please verify that the pull request targets the `dev` branch. - [x] **Description:** Provide a concise description of the changes made in this pull request. - [x] **Changelog:** Ensure a changelog entry following the format of [Keep a Changelog](https://keepachangelog.com/) is added at the bottom of the PR description. - [ ] **Documentation:** Have you updated relevant documentation [Open WebUI Docs](https://github.com/open-webui/docs), or other documentation sources? **The Changelog could be Document in SSO part.** - [ ] **Dependencies:** Are there any new dependencies? Have you updated the dependency versions in the documentation? - [x] **Testing:** Have you written and run sufficient tests for validating the changes? - [x] **Code review:** Have you performed a self-review of your code, addressing any coding standard issues and ensuring adherence to the project's coding standards? - [x] **Prefix:** To cleary categorize this pull request, prefix the pull request title, using one of the following: - **refactor**: Code restructuring for better maintainability, readability, or scalability # Changelog Entry ### Description In the current OIDC implementation, `OAUTH_PROVIDERS` is hardcoded to only support the fixed OIDC format using the `.well-known` protocol. This means it cannot provide an integration method for authenticators like Github, which only offer OAuth 2.0. This PR changes the way `authlib.OAuth()` registers providers by delegating the more flexible `.register()` behavior to the configuration initialization process. This enables support for all authenticator protocols that authlib can handle and further enhances extensibility. Additionally, in the subsequent commit, the Github OAuth Provider has also been implemented. Added Env vars: - `GITHUB_CLIENT_ID` - Github OAuth App Client ID - `GITHUB_CLIENT_SECRET` - Github OAuth App Client Secret - `GITHUB_OAUTH_SCOPE` - Github OAuth App Scope, default "user:email" - `GITHUB_CLIENT_REDIRECT_URI` - The recall url for Authentication. ### Changed - Provider register has been moved to config ### Added - Github OAuth2 Provider in SSO. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
GiteaMirror added the pull-request label 2026-04-25 11:10:18 -05:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
bug
confirmed
confirmed issue
core
documentation
enhancement
good first issue
help wanted
non-core
pull-request
Mirrored from GitHub Pull Request
 python
question
testing wanted
No Label pull-request
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/open-webui#37892
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?