github-starred/open-webui
2
0
Fork 0
mirror of https://github.com/open-webui/open-webui.git synced 2026-05-06 19:08:59 -05:00
Code Issues 1.3k Packages Projects Releases 126 Wiki Activity

[GH-ISSUE #19193] feat: Support token_endpoint_auth_methods_supported = client_secret_basic for remote MCP #57469

New Issue
Closed
opened 2026-05-05 20:57:29 -05:00 by GiteaMirror · 4 comments
GiteaMirror commented 2026-05-05 20:57:29 -05:00
Owner
Copy Link

Originally created by @molnarg on GitHub (Nov 15, 2025).
Original GitHub issue: https://github.com/open-webui/open-webui/issues/19193

Check Existing Issues

  • I have searched for all existing open AND closed issues and discussions for similar requests. I have found none that is comparable to my request.

Verify Feature Scope

  • I have read through and understood the scope definition for feature requests in the Issues section. I believe my feature request meets the definition and belongs in the Issues section instead of the Discussions.

Problem Description

I'm trying to integrate OpenWebUI with an MCP server that only supports this, and not client_secret_post.

Ther server's discovery doc: https://mcp.athom.com/.well-known/oauth-authorization-server

{"issuer":"https://mcp.athom.com","authorization_endpoint":"https://mcp.athom.com/oauth2/authorise","token_endpoint":"https://mcp.athom.com/oauth2/token","registration_endpoint":"https://mcp.athom.com/oauth2/client","response_types_supported":["code"],"response_modes_supported":["form_post"],"grant_types_supported":["authorization_code","refresh_token"],"token_endpoint_auth_methods_supported":["client_secret_basic"]}

I think the root cause might be the hardcoded client_secret_post value at e0d5de1697/backend/open_webui/utils/oauth.py (L283)

Desired Solution you'd like

Detect this registration method, and use it when it's the only one available.

Alternatives Considered

No response

Additional Context

No response

Originally created by @molnarg on GitHub (Nov 15, 2025). Original GitHub issue: https://github.com/open-webui/open-webui/issues/19193 ### Check Existing Issues - [x] I have searched for all existing **open AND closed** issues and discussions for similar requests. I have found none that is comparable to my request. ### Verify Feature Scope - [x] I have read through and understood the scope definition for feature requests in the Issues section. I believe my feature request meets the definition and belongs in the Issues section instead of the Discussions. ### Problem Description I'm trying to integrate OpenWebUI with an MCP server that only supports this, and not client_secret_post. Ther server's discovery doc: https://mcp.athom.com/.well-known/oauth-authorization-server `{"issuer":"https://mcp.athom.com","authorization_endpoint":"https://mcp.athom.com/oauth2/authorise","token_endpoint":"https://mcp.athom.com/oauth2/token","registration_endpoint":"https://mcp.athom.com/oauth2/client","response_types_supported":["code"],"response_modes_supported":["form_post"],"grant_types_supported":["authorization_code","refresh_token"],"token_endpoint_auth_methods_supported":["client_secret_basic"]}` I think the root cause might be the hardcoded `client_secret_post` value at https://github.com/open-webui/open-webui/blob/e0d5de16978786b8a7538adf1efcde5258f38faf/backend/open_webui/utils/oauth.py#L283 ### Desired Solution you'd like Detect this registration method, and use it when it's the only one available. ### Alternatives Considered _No response_ ### Additional Context _No response_
GiteaMirror commented 2026-05-05 20:57:30 -05:00
Author
Owner
Copy Link

@cutec-chris commented on GitHub (Nov 16, 2025):

+1

<!-- gh-comment-id:3539433791 --> @cutec-chris commented on GitHub (Nov 16, 2025): +1
GiteaMirror commented 2026-05-05 20:57:30 -05:00
Author
Owner
Copy Link

@tjbck commented on GitHub (Nov 19, 2025):

Should be addressed with 0c47cbd16a in dev, testing wanted here!

<!-- gh-comment-id:3551190659 --> @tjbck commented on GitHub (Nov 19, 2025): Should be addressed with 0c47cbd16a42355076a11ebf5bad9d13898329aa in dev, testing wanted here!
GiteaMirror commented 2026-05-05 20:57:31 -05:00
Author
Owner
Copy Link

@tcs-christian-ulrich commented on GitHub (Nov 19, 2025):

i will try to test this evening, thanks for the fast reaction :)

<!-- gh-comment-id:3552195699 --> @tcs-christian-ulrich commented on GitHub (Nov 19, 2025): i will try to test this evening, thanks for the fast reaction :)
GiteaMirror commented 2026-05-05 20:57:31 -05:00
Author
Owner
Copy Link

@cutec-chris commented on GitHub (Nov 19, 2025):

it works for connection now

<!-- gh-comment-id:3553851586 --> @cutec-chris commented on GitHub (Nov 19, 2025): it works for connection now
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
bug
confirmed
confirmed issue
core
documentation
enhancement
good first issue
help wanted
non-core
pull-request
Mirrored from GitHub Pull Request
 python
question
testing wanted
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/open-webui#57469
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?