github-starred/open-webui
2
0
Fork 0
mirror of https://github.com/open-webui/open-webui.git synced 2026-05-06 10:58:17 -05:00
Code Issues 1.2k Packages Projects Releases 126 Wiki Activity

[PR #22266] [CLOSED] feat: Add OAuth2.1 static auth for MCP servers #49625

New Issue
Closed
opened 2026-04-30 01:56:10 -05:00 by GiteaMirror · 0 comments
GiteaMirror commented 2026-04-30 01:56:10 -05:00
Owner
Copy Link

📋 Pull Request Information

Original PR: https://github.com/open-webui/open-webui/pull/22266
Author: @DonMul
Created: 3/5/2026
Status: Closed

Base: devHead: addOAuth2.1Static

📝 Commits (10+)

📊 Changes

7 files changed (+210 additions, -39 deletions)

View changed files

📝 backend/open_webui/main.py (+29 -24)
📝 backend/open_webui/routers/configs.py (+29 -8)
📝 backend/open_webui/routers/tools.py (+2 -2)
📝 backend/open_webui/utils/middleware.py (+1 -1)
📝 backend/open_webui/utils/oauth.py (+98 -1)
📝 src/lib/apis/configs/index.ts (+3 -0)
📝 src/lib/components/AddToolServerModal.svelte (+48 -3)

📄 Description

Changelog Entry

Added OAuth2.1 Static authentication option for static client_id and client_secret for MCP servers

Description

I needed to add some MCP servers to an Open WebUI instance, but these MCP servers required static oauth client data (client_id and client_secret). This was not possible with the current version of Open WebUI. I developed an extra authentication option where these fields can be entered by the end user, and those being used to register the client.

Added

Added OAuth 2.1 - Static auth type for MCP servers. See screenshot below in the Screenshots section

Additional Information

I was doubting to include these options directly in the OAuth 2.1 aut htype, but deliberately decided to make it a separate option to reduce possible confusion since a lot of MCPs actually do accept the dynamic OAuth data.

Screenshots or Videos

Screenshot 2026-03-05 at 16 17 43

Contributor License Agreement

By submitting this pull request, I confirm that I have read and fully agree to the Contributor License Agreement (CLA), and I am providing my contributions under its terms.

Note

Deleting the CLA section will lead to immediate closure of your PR and it will not be merged in.

🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/open-webui/open-webui/pull/22266 **Author:** [@DonMul](https://github.com/DonMul) **Created:** 3/5/2026 **Status:** ❌ Closed **Base:** `dev` ← **Head:** `addOAuth2.1Static` --- ### 📝 Commits (10+) - [`fe6783c`](https://github.com/open-webui/open-webui/commit/fe6783c16699911c7be17392596d579333fb110c) Merge pull request #19030 from open-webui/dev - [`fc05e0a`](https://github.com/open-webui/open-webui/commit/fc05e0a6c5d39da60b603b4d520f800d6e36f748) Merge pull request #19405 from open-webui/dev - [`e3faec6`](https://github.com/open-webui/open-webui/commit/e3faec62c58e3a83d89aa3df539feacefa125e0c) Merge pull request #19416 from open-webui/dev - [`9899293`](https://github.com/open-webui/open-webui/commit/9899293f050ad50ae12024cbebee7e018acd851e) Merge pull request #19448 from open-webui/dev - [`140605e`](https://github.com/open-webui/open-webui/commit/140605e660b8186a7d5c79fb3be6ffb147a2f498) Merge pull request #19462 from open-webui/dev - [`6f1486f`](https://github.com/open-webui/open-webui/commit/6f1486ffd0cb288d0e21f41845361924e0d742b3) Merge pull request #19466 from open-webui/dev - [`d95f533`](https://github.com/open-webui/open-webui/commit/d95f533214e3fe5beb5e41ec1f349940bc4c7043) Merge pull request #19729 from open-webui/dev - [`a727153`](https://github.com/open-webui/open-webui/commit/a7271532f8a38da46785afcaa7e65f9a45e7d753) 0.6.43 (#20093) - [`6adde20`](https://github.com/open-webui/open-webui/commit/6adde203cd292a9e3af9c64a2ae36b603fed096a) Merge pull request #20394 from open-webui/dev - [`f9b0534`](https://github.com/open-webui/open-webui/commit/f9b0534e0c442631d1cb7205169588b9b6204179) Merge pull request #20522 from open-webui/dev ### 📊 Changes **7 files changed** (+210 additions, -39 deletions) <details> <summary>View changed files</summary> 📝 `backend/open_webui/main.py` (+29 -24) 📝 `backend/open_webui/routers/configs.py` (+29 -8) 📝 `backend/open_webui/routers/tools.py` (+2 -2) 📝 `backend/open_webui/utils/middleware.py` (+1 -1) 📝 `backend/open_webui/utils/oauth.py` (+98 -1) 📝 `src/lib/apis/configs/index.ts` (+3 -0) 📝 `src/lib/components/AddToolServerModal.svelte` (+48 -3) </details> ### 📄 Description <!-- ⚠️ CRITICAL CHECKS FOR CONTRIBUTORS (READ, DON'T DELETE) ⚠️ 1. Target the `dev` branch. PRs targeting `main` will be automatically closed. 2. Do NOT delete the CLA section at the bottom. It is required for the bot to accept your PR. --> # Changelog Entry Added `OAuth2.1 Static` authentication option for static client_id and client_secret for MCP servers ### Description I needed to add some MCP servers to an Open WebUI instance, but these MCP servers required static oauth client data (client_id and client_secret). This was not possible with the current version of Open WebUI. I developed an extra authentication option where these fields can be entered by the end user, and those being used to register the client. ### Added Added `OAuth 2.1 - Static` auth type for MCP servers. See screenshot below in the Screenshots section --- ### Additional Information I was doubting to include these options directly in the OAuth 2.1 aut htype, but deliberately decided to make it a separate option to reduce possible confusion since a lot of MCPs actually do accept the dynamic OAuth data. ### Screenshots or Videos <img width="483" height="513" alt="Screenshot 2026-03-05 at 16 17 43" src="https://github.com/user-attachments/assets/f6b00266-21e3-43a4-960c-d274369c350d" /> ### Contributor License Agreement <!-- 🚨 DO NOT DELETE THE TEXT BELOW 🚨 Keep the "Contributor License Agreement" confirmation text intact. Deleting it will trigger the CLA-Bot to INVALIDATE your PR. --> By submitting this pull request, I confirm that I have read and fully agree to the [Contributor License Agreement (CLA)](https://github.com/open-webui/open-webui/blob/main/CONTRIBUTOR_LICENSE_AGREEMENT), and I am providing my contributions under its terms. > [!NOTE] > Deleting the CLA section will lead to immediate closure of your PR and it will not be merged in. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
GiteaMirror added the pull-request label 2026-04-30 01:56:10 -05:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
bug
confirmed
confirmed issue
core
documentation
enhancement
good first issue
help wanted
non-core
pull-request
Mirrored from GitHub Pull Request
 python
question
testing wanted
No Label pull-request
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/open-webui#49625
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?