github-starred/open-webui
2
0
Fork 0
mirror of https://github.com/open-webui/open-webui.git synced 2026-05-07 03:18:23 -05:00
Code Issues 1.3k Packages Projects Releases 126 Wiki Activity

issue: Error Logout with Google Oauth #4754

New Issue
Closed
opened 2025-11-11 16:02:08 -06:00 by GiteaMirror · 18 comments
GiteaMirror commented 2025-11-11 16:02:08 -06:00
Owner
Copy Link

Originally created by @mballesterosc on GitHub (Apr 7, 2025).

Check Existing Issues

  • I have searched the existing issues and discussions.
  • I am using the latest version of Open WebUI.

Installation Method

Pip Install

Open WebUI Version

0.6.2

Ollama Version (if applicable)

No response

Operating System

Windows Server 2016

Browser (if applicable)

Chrome

Confirmation

  • I have read and followed all instructions in README.md.
  • I am using the latest version of both Open WebUI and Ollama.
  • I have included the browser console logs.
  • I have included the Docker container logs.
  • I have listed steps to reproduce the bug in detail.

Expected Behavior

When user is login with Google Oauth, he can logout without problem

Actual Behavior

After version 0.6 when user is login with Google Oauth, it is missing to logout:

Steps to Reproduce

  1. Login with Google Oauth
  2. Logout

Logs & Screenshots

Image

Image

Additional Information

No response

Originally created by @mballesterosc on GitHub (Apr 7, 2025). ### Check Existing Issues - [x] I have searched the existing issues and discussions. - [x] I am using the latest version of Open WebUI. ### Installation Method Pip Install ### Open WebUI Version 0.6.2 ### Ollama Version (if applicable) _No response_ ### Operating System Windows Server 2016 ### Browser (if applicable) Chrome ### Confirmation - [x] I have read and followed all instructions in `README.md`. - [x] I am using the latest version of **both** Open WebUI and Ollama. - [x] I have included the browser console logs. - [x] I have included the Docker container logs. - [x] I have listed steps to reproduce the bug in detail. ### Expected Behavior When user is login with Google Oauth, he can logout without problem ### Actual Behavior After version 0.6 when user is login with Google Oauth, it is missing to logout: ### Steps to Reproduce 1. Login with Google Oauth 2. Logout ### Logs & Screenshots ![Image](https://github.com/user-attachments/assets/7f9bd118-4d73-4e0c-8ceb-0c9142469345) ![Image](https://github.com/user-attachments/assets/176b7635-6d99-4dbd-b49b-04c55502441f) ### Additional Information _No response_
GiteaMirror added the bug label 2025-11-11 16:02:08 -06:00
GiteaMirror commented 2025-11-11 16:02:09 -06:00
Author
Owner
Copy Link

@matthew-kusz commented on GitHub (Apr 8, 2025):

Missed this when checking issues before posting a discussion about OIDC: https://github.com/open-webui/open-webui/discussions/12605.

@matthew-kusz commented on GitHub (Apr 8, 2025): Missed this when checking issues before posting a discussion about OIDC: https://github.com/open-webui/open-webui/discussions/12605.
GiteaMirror commented 2025-11-11 16:02:09 -06:00
Author
Owner
Copy Link

@tjeerdhans commented on GitHub (Apr 9, 2025):

I think I have the same problem using Microsoft oauth.

@tjeerdhans commented on GitHub (Apr 9, 2025): I think I have the same problem using Microsoft oauth.
GiteaMirror commented 2025-11-11 16:02:09 -06:00
Author
Owner
Copy Link

@mintplo commented on GitHub (Apr 10, 2025):

I'm experiencing the same issue with Google OAuth on Chrome.

but it doesn't appear on Firefox.

OS: Amazon Linux release 2023.6.20250317 (Amazon Linux)
OpenWebUI Version: 0.6.2
Browser: Google Chrome 135.0.7049.42

openwebui-1               | 2025-04-10 08:45:00.117 | ERROR    | open_webui.routers.auths:signout:552 - OpenID signout error:  - {}
openwebui-1               | 2025-04-10 08:45:00.118 | INFO     | uvicorn.protocols.http.httptools_impl:send:476 - 10.0.10.72:0 - "GET /api/v1/auths/signout HTTP/1.1" 500 - {}
@mintplo commented on GitHub (Apr 10, 2025): I'm experiencing the same issue with Google OAuth on Chrome. but it doesn't appear on Firefox. OS: Amazon Linux release 2023.6.20250317 (Amazon Linux) OpenWebUI Version: 0.6.2 Browser: Google Chrome 135.0.7049.42 ``` openwebui-1 | 2025-04-10 08:45:00.117 | ERROR | open_webui.routers.auths:signout:552 - OpenID signout error: - {} openwebui-1 | 2025-04-10 08:45:00.118 | INFO | uvicorn.protocols.http.httptools_impl:send:476 - 10.0.10.72:0 - "GET /api/v1/auths/signout HTTP/1.1" 500 - {} ```
GiteaMirror commented 2025-11-11 16:02:09 -06:00
Author
Owner
Copy Link

@goveebee commented on GitHub (Apr 10, 2025):

I cannot log out at all from the default user. Using verision 0.6.2. No auth, just standard user/password logged in user.

@goveebee commented on GitHub (Apr 10, 2025): I cannot log out at all from the default user. Using verision 0.6.2. No auth, just standard user/password logged in user.
GiteaMirror commented 2025-11-11 16:02:09 -06:00
Author
Owner
Copy Link

@Davidliu012 commented on GitHub (Apr 11, 2025):

I can logout from user/password logged in user, but not able to log out with Microsoft oauth. (0.6.2)

@Davidliu012 commented on GitHub (Apr 11, 2025): I **can** logout from user/password logged in user, but **not able** to log out with Microsoft oauth. (0.6.2)
GiteaMirror commented 2025-11-11 16:02:10 -06:00
Author
Owner
Copy Link

@MarouaneZhani commented on GitHub (Apr 11, 2025):

on 0.6.0 everything is working as expected
on 0.6.1 I cannot log out from user/password AND from Microsoft oauth.
on 0.6.2 I can logout from user/password logged in user, but not able to log out with Microsoft oauth.

@MarouaneZhani commented on GitHub (Apr 11, 2025): on 0.6.0 everything is working as expected on 0.6.1 I cannot log out from user/password AND from Microsoft oauth. on 0.6.2 I can logout from user/password logged in user, but not able to log out with Microsoft oauth.
GiteaMirror commented 2025-11-11 16:02:11 -06:00
Author
Owner
Copy Link

@ucchash111 commented on GitHub (Apr 11, 2025):

same

@ucchash111 commented on GitHub (Apr 11, 2025): same
GiteaMirror commented 2025-11-11 16:02:11 -06:00
Author
Owner
Copy Link

@tzesoon commented on GitHub (Apr 14, 2025):

I managed to fix unable to Sign Out issue by setting env OPENID_PROVIDER_URL=https://accounts.google.com/.well-known/openid-configuration.

For context, previously I only had these Google related envs

  1. GOOGLE_CLIENT_ID
  2. GOOGLE_CLIENT_SECRET
@tzesoon commented on GitHub (Apr 14, 2025): I managed to fix unable to Sign Out issue by setting env `OPENID_PROVIDER_URL=https://accounts.google.com/.well-known/openid-configuration`. For context, previously I only had these Google related envs 1. `GOOGLE_CLIENT_ID` 2. `GOOGLE_CLIENT_SECRET`
GiteaMirror commented 2025-11-11 16:02:11 -06:00
Author
Owner
Copy Link

@gvo commented on GitHub (Apr 14, 2025):

I managed to fix unable to Sign Out issue by setting env OPENID_PROVIDER_URL=https://accounts.google.com/.well-known/openid-configuration.

For context, previously I only had these Google related envs

  1. GOOGLE_CLIENT_ID
  2. GOOGLE_CLIENT_SECRET

Using Microsoft OAuth authentication here, saw the suggestion to set OPENID_PROVIDER_URL which fixed the issue for me.

@gvo commented on GitHub (Apr 14, 2025): > I managed to fix unable to Sign Out issue by setting env `OPENID_PROVIDER_URL=https://accounts.google.com/.well-known/openid-configuration`. > > For context, previously I only had these Google related envs > > 1. `GOOGLE_CLIENT_ID` > 2. `GOOGLE_CLIENT_SECRET` Using Microsoft OAuth authentication here, saw the suggestion to set OPENID_PROVIDER_URL which fixed the issue for me.
GiteaMirror commented 2025-11-11 16:02:11 -06:00
Author
Owner
Copy Link

@MarouaneZhani commented on GitHub (Apr 14, 2025):

@gvo didnt work for me, to which url you set it to ?
I have tried both https://login.microsoftonline.com/organizations/v2.0/.well-known/openid-configuration and https://login.microsoftonline.com/{my_tenant_id}/v2.0/.well-known/openid-configuration
but didnt work...

@MarouaneZhani commented on GitHub (Apr 14, 2025): @gvo didnt work for me, to which url you set it to ? I have tried both https://login.microsoftonline.com/organizations/v2.0/.well-known/openid-configuration and https://login.microsoftonline.com/{my_tenant_id}/v2.0/.well-known/openid-configuration but didnt work...
GiteaMirror commented 2025-11-11 16:02:12 -06:00
Author
Owner
Copy Link

@gvo commented on GitHub (Apr 14, 2025):

@gvo didnt work for me, to which url you set it to ? I have tried both https://login.microsoftonline.com/organizations/v2.0/.well-known/openid-configuration and https://login.microsoftonline.com/{my_tenant_id}/v2.0/.well-known/openid-configuration but didnt work...

Exactly as you have https://login.microsoftonline.com/{redacted_tenant_id}/v2.0/.well-known/openid-configuration. Tested on both 0.6.2 and 0.6.5

@gvo commented on GitHub (Apr 14, 2025): > [@gvo](https://github.com/gvo) didnt work for me, to which url you set it to ? I have tried both https://login.microsoftonline.com/organizations/v2.0/.well-known/openid-configuration and [https://login.microsoftonline.com/{my_tenant_id}/v2.0/.well-known/openid-configuration](https://login.microsoftonline.com/%7Bmy_tenant_id%7D/v2.0/.well-known/openid-configuration) but didnt work... Exactly as you have [https://login.microsoftonline.com/{redacted_tenant_id}/v2.0/.well-known/openid-configuration](https://login.microsoftonline.com/{redacted_tenant_id}/v2.0/.well-known/openid-configuration). Tested on both 0.6.2 and 0.6.5
GiteaMirror commented 2025-11-11 16:02:12 -06:00
Author
Owner
Copy Link

@MarouaneZhani commented on GitHub (Apr 15, 2025):

@gvo for me not working... could you share with me please the other env. variables (related to Oauth) that you are setting ? maybe I m not setting all needed variables

@MarouaneZhani commented on GitHub (Apr 15, 2025): @gvo for me not working... could you share with me please the other env. variables (related to Oauth) that you are setting ? maybe I m not setting all needed variables
GiteaMirror commented 2025-11-11 16:02:12 -06:00
Author
Owner
Copy Link

@frk-ti8m commented on GitHub (Apr 16, 2025):

I have the same issue, and created a duplicate ticket, before I became aware of this one. https://github.com/open-webui/open-webui/issues/12920

Any updates, regarding suggested solutions? I am using Microsoft Oauth.

@frk-ti8m commented on GitHub (Apr 16, 2025): I have the same issue, and created a duplicate ticket, before I became aware of this one. https://github.com/open-webui/open-webui/issues/12920 Any updates, regarding suggested solutions? I am using Microsoft Oauth.
GiteaMirror commented 2025-11-11 16:02:13 -06:00
Author
Owner
Copy Link

@frk-ti8m commented on GitHub (Apr 16, 2025):

on 0.6.0 everything is working as expected on 0.6.1 I cannot log out from user/password AND from Microsoft oauth. on 0.6.2 I can logout from user/password logged in user, but not able to log out with Microsoft oauth.

As of v0.6.5:

  • only login form: login/logout works, but buggy for multi user scenario
  • only microsoft oauth: login works reliably, logout does not work
  • login form + microsoft oauth: login and logout work, but this setup is not desirable for our use case
@frk-ti8m commented on GitHub (Apr 16, 2025): > on 0.6.0 everything is working as expected on 0.6.1 I cannot log out from user/password AND from Microsoft oauth. on 0.6.2 I can logout from user/password logged in user, but not able to log out with Microsoft oauth. As of v0.6.5: - only login form: login/logout works, but buggy for multi user scenario - only microsoft oauth: login works reliably, logout does not work - login form + microsoft oauth: login and logout work, but this setup is not desirable for our use case
GiteaMirror commented 2025-11-11 16:02:14 -06:00
Author
Owner
Copy Link

@athoik commented on GitHub (Apr 22, 2025):

Hi,

I had that problem as well, using v0.6.5 and Microsoft.

ENABLE_LOGIN_FORM=False
ENABLE_OAUTH_SIGNUP=True
OAUTH_MERGE_ACCOUNTS_BY_EMAIL=True
OPENID_PROVIDER_URL=https://login.microsoftonline.com/.../v2.0/.well-known/openid-configuration
MICROSOFT_CLIENT_ID=...
MICROSOFT_CLIENT_SECRET=...
MICROSOFT_CLIENT_TENANT_ID=...
CORS_ALLOW_ORIGIN=*
WEBUI_SECRET_KEY=...
WEBUI_URL=https://...
WEBUI_SESSION_COOKIE_SECURE=True

Adding OPENID_PROVIDER_URL seem to solve the problem, together with setting the "Front-channel logout URL" in Entra Id.

Image

https://open-webi.url/auth
@athoik commented on GitHub (Apr 22, 2025): Hi, I had that problem as well, using v0.6.5 and Microsoft. ``` ENABLE_LOGIN_FORM=False ENABLE_OAUTH_SIGNUP=True OAUTH_MERGE_ACCOUNTS_BY_EMAIL=True OPENID_PROVIDER_URL=https://login.microsoftonline.com/.../v2.0/.well-known/openid-configuration MICROSOFT_CLIENT_ID=... MICROSOFT_CLIENT_SECRET=... MICROSOFT_CLIENT_TENANT_ID=... CORS_ALLOW_ORIGIN=* WEBUI_SECRET_KEY=... WEBUI_URL=https://... WEBUI_SESSION_COOKIE_SECURE=True ``` Adding OPENID_PROVIDER_URL seem to solve the problem, together with setting the "Front-channel logout URL" in Entra Id. ![Image](https://github.com/user-attachments/assets/b95d489a-1216-436e-bee6-7e26bde02d71) ``` https://open-webi.url/auth ```
GiteaMirror commented 2025-11-11 16:02:14 -06:00
Author
Owner
Copy Link

@KevinRohn commented on GitHub (Apr 22, 2025):

Hi,

I had that problem as well, using v0.6.5 and Microsoft.

ENABLE_LOGIN_FORM=False
ENABLE_OAUTH_SIGNUP=True
OAUTH_MERGE_ACCOUNTS_BY_EMAIL=True
OPENID_PROVIDER_URL=https://login.microsoftonline.com/.../v2.0/.well-known/openid-configuration
MICROSOFT_CLIENT_ID=...
MICROSOFT_CLIENT_SECRET=...
MICROSOFT_CLIENT_TENANT_ID=...
CORS_ALLOW_ORIGIN=*
WEBUI_SECRET_KEY=...
WEBUI_URL=https://...
WEBUI_SESSION_COOKIE_SECURE=True

Adding OPENID_PROVIDER_URL seem to solve the problem, together with setting the "Front-channel logout URL" in Entra Id.

Image

https://open-webi.url/auth

Thank you @athoik ! Just a note, you can find the URI under this section:

Browse to Identity > Applications > App registrations > > Endpoints.
Locate the URI under OpenID Connect metadata document.

@KevinRohn commented on GitHub (Apr 22, 2025): > Hi, > > I had that problem as well, using v0.6.5 and Microsoft. > > ``` > ENABLE_LOGIN_FORM=False > ENABLE_OAUTH_SIGNUP=True > OAUTH_MERGE_ACCOUNTS_BY_EMAIL=True > OPENID_PROVIDER_URL=https://login.microsoftonline.com/.../v2.0/.well-known/openid-configuration > MICROSOFT_CLIENT_ID=... > MICROSOFT_CLIENT_SECRET=... > MICROSOFT_CLIENT_TENANT_ID=... > CORS_ALLOW_ORIGIN=* > WEBUI_SECRET_KEY=... > WEBUI_URL=https://... > WEBUI_SESSION_COOKIE_SECURE=True > ``` > > Adding OPENID_PROVIDER_URL seem to solve the problem, together with setting the "Front-channel logout URL" in Entra Id. > > ![Image](https://github.com/user-attachments/assets/b95d489a-1216-436e-bee6-7e26bde02d71) > > ``` > https://open-webi.url/auth > ``` Thank you @athoik ! Just a note, you can find the URI under this section: Browse to Identity > Applications > App registrations > <your application> > Endpoints. Locate the URI under OpenID Connect metadata document.
GiteaMirror commented 2025-11-11 16:02:14 -06:00
Author
Owner
Copy Link

@Her-shey commented on GitHub (Apr 22, 2025):

If we provide a wrong or empty OPENID_PROVIDER_URL, the sign out function will raise error when aiohttp client session try to get an invalid url address. The error type would be <class 'aiohttp.client_exceptions.InvalidUrlClientError'> and its string representation repr is InvalidUrlClientError.

            try:
                async with ClientSession() as session:
                    async with session.get(OPENID_PROVIDER_URL.value) as resp:

https://github.com/open-webui/open-webui/blob/main/backend/open_webui/routers/auths.py#L558

The python logger as following is catch the string of client_exceptions which is the URL input for get function. In this issue, since OPENID_PROVIDER_URL is empty string "", the str of the exception for InvalidUrlClientError is also an empty string. Thus, maybe for stronger log mode, we can provide exception type or repr.

            except Exception as e:
                log.error(f"OpenID signout error: {str(e)}")
                raise HTTPException(
                    status_code=500,
                    detail="Failed to sign out from the OpenID provider.",
                )
@Her-shey commented on GitHub (Apr 22, 2025): If we provide a wrong or empty OPENID_PROVIDER_URL, the sign out function will raise error when aiohttp client session try to get an invalid url address. The error type would be **<class 'aiohttp.client_exceptions.InvalidUrlClientError'>** and its string representation __repr__ is InvalidUrlClientError. ```python try: async with ClientSession() as session: async with session.get(OPENID_PROVIDER_URL.value) as resp: ``` https://github.com/open-webui/open-webui/blob/main/backend/open_webui/routers/auths.py#L558 The python logger as following is catch the string of client_exceptions which is the URL input for get function. In this issue, since **OPENID_PROVIDER_URL** is empty string "", the __str__ of the exception for InvalidUrlClientError is also an empty string. Thus, maybe for stronger log mode, we can provide exception type or repr. ```python except Exception as e: log.error(f"OpenID signout error: {str(e)}") raise HTTPException( status_code=500, detail="Failed to sign out from the OpenID provider.", ) ```
GiteaMirror commented 2025-11-11 16:02:14 -06:00
Author
Owner
Copy Link

@spammenotinoz commented on GitHub (May 20, 2025):

Same issue, I don't see Open-Webui even attempting to make a logout call to the end_session_endpoint
Rest of the OIDC config works fine.

Quick check looks like logout call is only made when ENABLE_OAUTH_SIGNUP=true, being a persistent variable appears you can only set before the first run and cannot be changed via the GUI.
So if this was not defined on first run, OIDC seems to partially work.
Perhaps a manual DB update?

Perhaps I am reading the code wrong in /backend/open_webui/routers/auths.py

@spammenotinoz commented on GitHub (May 20, 2025): Same issue, I don't see Open-Webui even attempting to make a logout call to the end_session_endpoint Rest of the OIDC config works fine. Quick check looks like logout call is only made when ENABLE_OAUTH_SIGNUP=true, being a persistent variable appears you can only set before the first run and cannot be changed via the GUI. So if this was not defined on first run, OIDC seems to partially work. Perhaps a manual DB update? Perhaps I am reading the code wrong in /backend/open_webui/routers/auths.py
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
bug
confirmed
confirmed issue
core
documentation
enhancement
good first issue
help wanted
non-core
pull-request
Mirrored from GitHub Pull Request
 python
question
testing wanted
No Label bug
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/open-webui#4754
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?