[PR #15366] [MERGED] feat: Custom oauth timeout #39433

New Issue

GiteaMirror · 2026-04-25T12:01:44-05:00

GiteaMirror commented

2026-04-25 12:01:44 -05:00

📋 Pull Request Information

Original PR: https://github.com/open-webui/open-webui/pull/15366
Author: @akiraro
Created: 6/27/2025
Status: ✅ Merged
Merged: 6/27/2025
Merged by: @tjbck

Base: dev ← Head: feat/oidc-httpx-timeout

📝 Commits (1)

88ea0f5 feat: custom oauth timeout

📊 Changes

1 file changed (+16 additions, -2 deletions)

View changed files

📝 backend/open_webui/config.py (+16 -2)

📄 Description

Pull Request Checklist

Note to first-time contributors: Please open a discussion post in Discussions and describe your changes before submitting a pull request.

Before submitting, make sure you've checked the following:

Target branch: Please verify that the pull request targets the dev branch.
Description: Provide a concise description of the changes made in this pull request.
Changelog: Ensure a changelog entry following the format of Keep a Changelog is added at the bottom of the PR description.
Documentation: Have you updated relevant documentation Open WebUI Docs, or other documentation sources?
Dependencies: Are there any new dependencies? Have you updated the dependency versions in the documentation?
Testing: Have you written and run sufficient tests to validate the changes?
Code review: Have you performed a self-review of your code, addressing any coding standard issues and ensuring adherence to the project's coding standards?
Prefix: To clearly categorize this pull request, prefix the pull request title using one of the following: feat

Changelog Entry

Description

This pull request addresses a timeout issue with all OAuth/OIDC-based SSO integrations by making the backend's HTTP client timeout configurable. When connecting to any external SSO provider (e.g., OIDC, Google, GitHub) that exhibits high latency, the previous short, hardcoded timeout would cause an httpx.ReadTimeout exception. This resulted in a failed login and a misleading "incorrect email or password" error in the UI.

This change introduces a new environment variable, OAUTH_TIMEOUT, allowing administrators to set a longer timeout for these connections. This improves the reliability and robustness of all SSO integrations, ensuring compatibility with a wider range of real-world providers and network conditions.

Added

New environment variable OAUTH_TIMEOUT to configure the timeout (in seconds) for all outbound SSO client HTTP requests. It defaults to a reasonable value (e.g., 20.0) if not set.

Changed

The AsyncOAuth2Client used for all SSO authentication flows now uses the value from OAUTH_TIMEOUT instead of a hardcoded default.

Deprecated

N/A

Removed

N/A

Fixed

Resolves bug where SSO login fails with an httpx.ReadTimeout when any OAuth/OIDC provider is slow to respond from its token endpoint.
Prevents the UI from displaying a misleading "incorrect email or password" error when the actual failure is a backend network timeout.

Security

N/A

Breaking Changes

N/A

Additional Information

This change was prompted by a detailed debugging session that isolated the root cause to a non-configurable HTTP client timeout affecting all SSO providers.
Fixes [GH-ISSUE #9034] enhancement: Ability to edit thinking models thoughts. (#15365)

Screenshots or Videos

N/A (This is a backend configuration change).

Contributor License Agreement

By submitting this pull request, I confirm that I have read and fully agree to the Contributor License Agreement (CLA), and I am providing my contributions under its terms.

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/open-webui/open-webui/pull/15366 **Author:** [@akiraro](https://github.com/akiraro) **Created:** 6/27/2025 **Status:** ✅ Merged **Merged:** 6/27/2025 **Merged by:** [@tjbck](https://github.com/tjbck) **Base:** `dev` ← **Head:** `feat/oidc-httpx-timeout` --- ### 📝 Commits (1) - [`88ea0f5`](https://github.com/open-webui/open-webui/commit/88ea0f523fe2c462c65658899b1ebeebef64c00a) feat: custom oauth timeout ### 📊 Changes **1 file changed** (+16 additions, -2 deletions) <details> <summary>View changed files</summary> 📝 `backend/open_webui/config.py` (+16 -2) </details> ### 📄 Description # Pull Request Checklist ### Note to first-time contributors: Please open a discussion post in [Discussions](https://github.com/open-webui/open-webui/discussions) and describe your changes before submitting a pull request. **Before submitting, make sure you've checked the following:** - [x] **Target branch:** Please verify that the pull request targets the `dev` branch. - [x] **Description:** Provide a concise description of the changes made in this pull request. - [x] **Changelog:** Ensure a changelog entry following the format of [Keep a Changelog](https://keepachangelog.com/) is added at the bottom of the PR description. - [ ] **Documentation:** Have you updated relevant documentation [Open WebUI Docs](https://github.com/open-webui/docs), or other documentation sources? - [ ] **Dependencies:** Are there any new dependencies? Have you updated the dependency versions in the documentation? - [ ] **Testing:** Have you written and run sufficient tests to validate the changes? - [x] **Code review:** Have you performed a self-review of your code, addressing any coding standard issues and ensuring adherence to the project's coding standards? - [x] **Prefix:** To clearly categorize this pull request, prefix the pull request title using one of the following: `feat` --- # Changelog Entry ### Description This pull request addresses a timeout issue with all OAuth/OIDC-based SSO integrations by making the backend's HTTP client timeout configurable. When connecting to any external SSO provider (e.g., OIDC, Google, GitHub) that exhibits high latency, the previous short, hardcoded timeout would cause an `httpx.ReadTimeout` exception. This resulted in a failed login and a misleading "incorrect email or password" error in the UI. This change introduces a new environment variable, `OAUTH_TIMEOUT`, allowing administrators to set a longer timeout for these connections. This improves the reliability and robustness of all SSO integrations, ensuring compatibility with a wider range of real-world providers and network conditions. ### Added - New environment variable `OAUTH_TIMEOUT` to configure the timeout (in seconds) for all outbound SSO client HTTP requests. It defaults to a reasonable value (e.g., `20.0`) if not set. ### Changed - The `AsyncOAuth2Client` used for all SSO authentication flows now uses the value from `OAUTH_TIMEOUT` instead of a hardcoded default. ### Deprecated - N/A ### Removed - N/A ### Fixed - Resolves bug where SSO login fails with an `httpx.ReadTimeout` when any OAuth/OIDC provider is slow to respond from its token endpoint. - Prevents the UI from displaying a misleading "incorrect email or password" error when the actual failure is a backend network timeout. ### Security - N/A ### Breaking Changes - N/A --- ### Additional Information - This change was prompted by a detailed debugging session that isolated the root cause to a non-configurable HTTP client timeout affecting all SSO providers. - Fixes #15365 ### Screenshots or Videos - N/A (This is a backend configuration change). ### Contributor License Agreement By submitting this pull request, I confirm that I have read and fully agree to the [Contributor License Agreement (CLA)](/CONTRIBUTOR_LICENSE_AGREEMENT), and I am providing my contributions under its terms. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>

GiteaMirror added the pull-request label 2026-04-25 12:01:44 -05:00

GiteaMirror closed this issue

2026-04-25 12:01:45 -05:00

Sign in to join this conversation.

Branches Tags

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/open-webui#39433