mirror of
https://github.com/open-webui/open-webui.git
synced 2026-07-16 05:47:50 -05:00
[GH-ISSUE #19915] issue: JWT auth causes 500 with stack trace #57705
Reference in New Issue
Block a user
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @pvutov on GitHub (Dec 12, 2025).
Original GitHub issue: https://github.com/open-webui/open-webui/issues/19915
Check Existing Issues
Installation Method
Pip Install
Open WebUI Version
open-webui@0.6.41
Ollama Version (if applicable)
No response
Operating System
debian 13
Browser (if applicable)
curl
Confirmation
README.md.Expected Behavior
I want to use the API with a token. When I click "Create new secret key" in the browser on my admin account's options, I get a 403 (any idea why?). Fortunately there is already a prefilled JWT token that I can use anyway.
I copy the JWT token and do the following:
I expect my request to be forwarded to some LLM, to correctly authenticate or at least to get an auth refusal.
Actual Behavior
open-webui responds with an internal server error.
Steps to Reproduce
Go to the open-webui interface, settings -> account -> API keys. Copy the pregenerated JWT value.
Take an arbitrary linux machine and call:
Where TOKEN is the JWT and example.org is the hostname of your open-webui instance.
I start open-webui like this, on a fresh debian 13 install using
uv 0.9.17(manually extracted to /usr/local/bin):Logs & Screenshots
The response is
At the same time openwebui prints the following stack trace:
Additional Information
No response
@owui-terminator[bot] commented on GitHub (Dec 12, 2025):
🔍 Similar Issues Found
I found some existing issues that might be related to this one. Please check if any of these are duplicates or contain helpful solutions:
#19823 Issue: Auth 2.1 Authorization/Token retrival is broken in v0.6.41
by mllab-nl • Dec 08, 2025 •
bug#19777 issue:
by Yaute7 • Dec 05, 2025 •
bug#19877 issue:
by dotmobo • Dec 11, 2025 •
bug#18975 issue: 500: Internal Error
by nurb2kea • Nov 06, 2025 •
bug#19496 issue: 500 internal server error appears in v0.6.40
by cloudtuotuo • Nov 26, 2025 •
bugShow 5 more related issues
#15970 issue: Internal 500 error
by YifengChenGeotab • Jul 23, 2025 •
bug#19417 issue: v0.6.37 SQL Error
by AKHYP • Nov 24, 2025 •
bug#16722 issue: Random 500 and 502 even when open-webui is not used.
by nitanmarcel • Aug 19, 2025 •
bug#14176 issue: Front-End fails silently once JWT Token expires
by cmbaatz • May 22, 2025 •
bug#19563 issue:
by naruto7g • Nov 28, 2025 •
bug💡 Tips:
This comment was generated automatically by a bot. Please react with a 👍 if this comment was helpful, or a 👎 if it was not.
@pvutov commented on GitHub (Dec 12, 2025):
Probably irrelevant, but my instance also runs behind an nginx reverse proxy with the following config:
@Classic298 commented on GitHub (Dec 12, 2025):
You mixed a few words here
Do you mean the api key or the jwt?
Did you enable api keys?
@pvutov commented on GitHub (Dec 12, 2025):
I used the JWT. I was not able to generate an api key (my browser receives a 403 status code when I click the button). I probably have not correctly enabled api keys (I enabled some option about allowing users to talk to the backend but I guess that was the wrong one).
I assume that I am not supposed to use the JWT by stuffing it into the Authentication header. Still, it seems like a minor bug for OWUI to throw a stack trace as opposed to 403.
@silentoplayz commented on GitHub (Dec 12, 2025):
Well, in Open WebUI, there is a
Default Permissionstoggle forAPI Keys. If this is toggled off, it is likely the source of your problems here.To get there in Open WebUI, visit the
Admin Panel->Userstab ->Groups->Default permissions. Scroll down toFeatures Permissionsand check the toggled state of theAPI Keysoption.@silentoplayz commented on GitHub (Dec 12, 2025):
My apologies. I gave accurate info above, but only if you want any users that have signed up for your OpenWebUI instance to have access to creating their own API keys from their
Accountsettings in the user settings modal.If you as an admin wish to enable the
API Keysfeature for your Open WebUI instance, you must visit theGeneraladmin settings tab and toggle onEnable API Keysfrom there.