mirror of
https://github.com/open-webui/open-webui.git
synced 2026-07-15 21:19:39 -05:00
[PR #21666] [CLOSED] fix: preserve OAuth session on token refresh failure #41822
Reference in New Issue
Block a user
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
📋 Pull Request Information
Original PR: https://github.com/open-webui/open-webui/pull/21666
Author: @Classic298
Created: 2/20/2026
Status: ❌ Closed
Base:
dev← Head:oauth📝 Commits (1)
1fb0306fix: preserve OAuth session on token refresh failure📊 Changes
1 file changed (+2 additions, -7 deletions)
View changed files
📝
backend/open_webui/utils/oauth.py(+2 -7)📄 Description
Previously, when an OAuth token refresh failed (e.g., no refresh token available, IDP temporarily unreachable, or refresh token expired), the OAuth session was deleted from the database and None was returned.
This caused two problems:
Tools accessing oauth_token would crash with a TypeError ("NoneType object is not subscriptable") instead of receiving a meaningful error from the downstream API.
The session deletion was irreversible. Even if the refresh failure was transient (network blip, IDP maintenance), the session could never self-heal. Users had to fully log out and re-authenticate to restore the OAuth token, despite still being logged into Open WebUI via the separate JWT session. The fix removes the destructive session deletion in both OAuthManager.get_oauth_token and OAuthClientManager.get_oauth_token. On refresh failure, the existing token data is now returned instead of None. This means:
Fixes #17678
Contributor License Agreement
By submitting this pull request, I confirm that I have read and fully agree to the Contributor License Agreement (CLA), and I am providing my contributions under its terms.
🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.