[GH-ISSUE #20847] issue: MCP OAuth2.1 initial auth doesn't work when a tool is enabled by default for a model #57976

New Issue

Closed

opened 2026-05-05 22:04:43 -05:00 by GiteaMirror · 2 comments

GiteaMirror commented 2026-05-05 22:04:43 -05:00

Owner

Copy Link

Originally created by @Lemmons on GitHub (Jan 21, 2026).
Original GitHub issue: https://github.com/open-webui/open-webui/issues/20847

Check Existing Issues

• I have searched for any existing and/or related issues.
• I have searched for any existing and/or related discussions.
• I have also searched in the CLOSED issues AND CLOSED discussions and found no related items (your issue might already be addressed on the development branch!).
• I am using the latest version of Open WebUI.

Installation Method

Other

Open WebUI Version

v0.7.2

Ollama Version (if applicable)

No response

Operating System

EKS (Amazon Linux)

Browser (if applicable)

Chrome 143.0

Confirmation

• I have read and followed all instructions in README.md.
• I am using the latest version of both Open WebUI and Ollama.
• I have included the browser console logs.
• I have included the Docker container logs.
• I have provided every relevant configuration, setting, and environment variable used in my setup.
• I have clearly listed every relevant configuration, custom setting, environment variable, and command-line option that influences my setup (such as Docker Compose overrides, .env values, browser settings, authentication configurations, etc).
• I have documented step-by-step reproduction instructions that are precise, sequential, and leave nothing to interpretation. My steps:
• Start with the initial platform/version/OS and dependencies used,
• Specify exact install/launch/configure commands,
• List URLs visited, user input (incl. example values/emails/passwords if needed),
• Describe all options and toggles enabled or changed,
• Include any files or environmental changes,
• Identify the expected and actual result at each stage,
• Ensure any reasonably skilled user can follow and hit the same issue.

Expected Behavior

If a user is not authenticated for a tool which is enabled by default for a given model, when the agent first attempts to use the tool, it will properly go through the OAuth2.1 workflow, prompting the user for auth and permissions, etc, in the same way it currently does when a user manually enables a tool for a given chat.

Actual Behavior

If a user is not authenticated for a tool which is enabled by default for a given model, when the agent first attempts to use the tool, the tool use fails with the message "Failed to connect to MCP server '{server-name}'". The mcp server is properly responding with a 401 and www-authenticate header, as specified by OAuth2.1, but OpenWebUI is failing to respond to that correctly by taking the user through the authentication process.

From what I can tell this only affects first time login. It appears that token refresh is working properly.

Steps to Reproduce

1. Add an MCP OAuth2.1 external tool server
2. Add that tool to a configured model's enabled tools in the model settings
3. Attempt to use the model in a way which would exercise the tool (as a user who has not perviously authed with the tool)
4. Fails

Logs & Screenshots

2026-01-21 18:26:26.510 | DEBUG    | open_webui.utils.middleware:process_chat_payload:1765 - unhandled errors in a TaskGroup (1 sub-exception) 
2026-01-21 18:26:26.510 | DEBUG    | httpcore._trace:atrace:87 - response_closed.complete 
2026-01-21 18:26:26.509 | DEBUG    | httpcore._trace:atrace:87 - response_closed.started 
2026-01-21 18:26:26.509 | INFO     | httpx._client:_send_single_request:1740 - HTTP Request: POST REDACTED/mcp "HTTP/1.1 401 Unauthorized" 
2026-01-21 18:26:26.509 | DEBUG    | httpcore._trace:atrace:87 - receive_response_headers.complete return_value=(b'HTTP/1.1', 401, b'Unauthorized', [(b'date', b'Wed, 21 Jan 2026 18:26:26 GMT'), (b'server', b'istio-envoy'), (b'content-type', b'application/json'), (b'content-length', b'74'), (b'www-authenticate', b'Bearer error="invalid_token", error_description="Authentication required", resource_metadata="REDACTED/mcp/.well-known/oauth-protected-resource"'), (b'x-envoy-upstream-service-time', b'3')]) 
2026-01-21 18:26:26.504 | DEBUG    | httpcore._trace:atrace:87 - receive_response_headers.started request=<Request [b'POST']> 
2026-01-21 18:26:26.503 | DEBUG    | httpcore._trace:atrace:87 - send_request_body.complete 
2026-01-21 18:26:26.503 | DEBUG    | httpcore._trace:atrace:87 - send_request_body.started request=<Request [b'POST']> 
2026-01-21 18:26:26.503 | DEBUG    | httpcore._trace:atrace:87 - send_request_headers.complete 
2026-01-21 18:26:26.503 | DEBUG    | httpcore._trace:atrace:87 - send_request_headers.started request=<Request [b'POST']> 
2026-01-21 18:26:26.502 | DEBUG    | httpcore._trace:atrace:87 - start_tls.complete return_value=<httpcore._backends.anyio.AnyIOStream object at 0x7ff8121d3c50> 
2026-01-21 18:26:26.491 | DEBUG    | httpcore._trace:atrace:87 - start_tls.started ssl_context=<ssl.SSLContext object at 0x7ff82a35be30> server_hostname='REDACTED' timeout=30 
2026-01-21 18:26:26.491 | DEBUG    | httpcore._trace:atrace:87 - connect_tcp.complete return_value=<httpcore._backends.anyio.AnyIOStream object at 0x7ff82a3b7310> 
2026-01-21 18:26:26.486 | INFO     | uvicorn.protocols.http.httptools_impl:send:483 - 173.75.44.30:0 - "GET /api/v1/chats/?page=1 HTTP/1.1" 200 
2026-01-21 18:26:26.485 | DEBUG    | httpcore._trace:atrace:87 - connect_tcp.started host='REDACTED' port=443 local_address=None timeout=30 socket_options=None 
2026-01-21 18:26:26.484 | DEBUG    | mcp.client.streamable_http:post_writer:547 - Sending client message: root=JSONRPCRequest(method='initialize', params={'protocolVersion': '2025-11-25', 'capabilities': {}, 'clientInfo': {'name': 'mcp', 'version': '0.1.0'}}, jsonrpc='2.0', id=0) 
2026-01-21 18:26:26.483 | DEBUG    | mcp.client.streamable_http:streamable_http_client:649 - Connecting to StreamableHTTP endpoint: REDACTED/mcp
2026-01-21 18:26:26.432 | WARNING  | open_webui.utils.oauth:get_oauth_token:680 - No OAuth session found for user REDACTED, client_id mcp:test 
2026-01-21 18:26:26.426 | DEBUG    | open_webui.utils.middleware:process_chat_payload:1642 - direct_tool_servers=[] 
2026-01-21 18:26:26.425 | DEBUG    | open_webui.utils.middleware:process_chat_payload:1641 - tool_ids=['server:mcp:test'] 

Additional Information

No response

Originally created by @Lemmons on GitHub (Jan 21, 2026). Original GitHub issue: https://github.com/open-webui/open-webui/issues/20847 ### Check Existing Issues - [x] I have searched for any existing and/or related issues. - [x] I have searched for any existing and/or related discussions. - [x] I have also searched in the CLOSED issues AND CLOSED discussions and found no related items (your issue might already be addressed on the development branch!). - [x] I am using the latest version of Open WebUI. ### Installation Method Other ### Open WebUI Version v0.7.2 ### Ollama Version (if applicable) _No response_ ### Operating System EKS (Amazon Linux) ### Browser (if applicable) Chrome 143.0 ### Confirmation - [x] I have read and followed all instructions in `README.md`. - [x] I am using the latest version of **both** Open WebUI and Ollama. - [x] I have included the browser console logs. - [x] I have included the Docker container logs. - [x] I have **provided every relevant configuration, setting, and environment variable used in my setup.** - [x] I have clearly **listed every relevant configuration, custom setting, environment variable, and command-line option that influences my setup** (such as Docker Compose overrides, .env values, browser settings, authentication configurations, etc). - [x] I have documented **step-by-step reproduction instructions that are precise, sequential, and leave nothing to interpretation**. My steps: - Start with the initial platform/version/OS and dependencies used, - Specify exact install/launch/configure commands, - List URLs visited, user input (incl. example values/emails/passwords if needed), - Describe all options and toggles enabled or changed, - Include any files or environmental changes, - Identify the expected and actual result at each stage, - Ensure any reasonably skilled user can follow and hit the same issue. ### Expected Behavior If a user is not authenticated for a tool which is enabled by default for a given model, when the agent first attempts to use the tool, it will properly go through the OAuth2.1 workflow, prompting the user for auth and permissions, etc, in the same way it currently does when a user manually enables a tool for a given chat. ### Actual Behavior If a user is not authenticated for a tool which is enabled by default for a given model, when the agent first attempts to use the tool, the tool use fails with the message "Failed to connect to MCP server '{server-name}'". The mcp server is properly responding with a 401 and www-authenticate header, as specified by OAuth2.1, but OpenWebUI is failing to respond to that correctly by taking the user through the authentication process. From what I can tell this only affects first time login. It appears that token refresh is working properly. ### Steps to Reproduce 1. Add an MCP OAuth2.1 external tool server 2. Add that tool to a configured model's enabled tools in the model settings 3. Attempt to use the model in a way which would exercise the tool (as a user who has not perviously authed with the tool) 4. Fails ### Logs & Screenshots <img width="999" height="441" alt="Image" src="https://github.com/user-attachments/assets/98d313ce-8c8a-4b6d-902d-14c3d8ef01a7" /> ``` 2026-01-21 18:26:26.510 | DEBUG | open_webui.utils.middleware:process_chat_payload:1765 - unhandled errors in a TaskGroup (1 sub-exception) 2026-01-21 18:26:26.510 | DEBUG | httpcore._trace:atrace:87 - response_closed.complete 2026-01-21 18:26:26.509 | DEBUG | httpcore._trace:atrace:87 - response_closed.started 2026-01-21 18:26:26.509 | INFO | httpx._client:_send_single_request:1740 - HTTP Request: POST REDACTED/mcp "HTTP/1.1 401 Unauthorized" 2026-01-21 18:26:26.509 | DEBUG | httpcore._trace:atrace:87 - receive_response_headers.complete return_value=(b'HTTP/1.1', 401, b'Unauthorized', [(b'date', b'Wed, 21 Jan 2026 18:26:26 GMT'), (b'server', b'istio-envoy'), (b'content-type', b'application/json'), (b'content-length', b'74'), (b'www-authenticate', b'Bearer error="invalid_token", error_description="Authentication required", resource_metadata="REDACTED/mcp/.well-known/oauth-protected-resource"'), (b'x-envoy-upstream-service-time', b'3')]) 2026-01-21 18:26:26.504 | DEBUG | httpcore._trace:atrace:87 - receive_response_headers.started request=<Request [b'POST']> 2026-01-21 18:26:26.503 | DEBUG | httpcore._trace:atrace:87 - send_request_body.complete 2026-01-21 18:26:26.503 | DEBUG | httpcore._trace:atrace:87 - send_request_body.started request=<Request [b'POST']> 2026-01-21 18:26:26.503 | DEBUG | httpcore._trace:atrace:87 - send_request_headers.complete 2026-01-21 18:26:26.503 | DEBUG | httpcore._trace:atrace:87 - send_request_headers.started request=<Request [b'POST']> 2026-01-21 18:26:26.502 | DEBUG | httpcore._trace:atrace:87 - start_tls.complete return_value=<httpcore._backends.anyio.AnyIOStream object at 0x7ff8121d3c50> 2026-01-21 18:26:26.491 | DEBUG | httpcore._trace:atrace:87 - start_tls.started ssl_context=<ssl.SSLContext object at 0x7ff82a35be30> server_hostname='REDACTED' timeout=30 2026-01-21 18:26:26.491 | DEBUG | httpcore._trace:atrace:87 - connect_tcp.complete return_value=<httpcore._backends.anyio.AnyIOStream object at 0x7ff82a3b7310> 2026-01-21 18:26:26.486 | INFO | uvicorn.protocols.http.httptools_impl:send:483 - 173.75.44.30:0 - "GET /api/v1/chats/?page=1 HTTP/1.1" 200 2026-01-21 18:26:26.485 | DEBUG | httpcore._trace:atrace:87 - connect_tcp.started host='REDACTED' port=443 local_address=None timeout=30 socket_options=None 2026-01-21 18:26:26.484 | DEBUG | mcp.client.streamable_http:post_writer:547 - Sending client message: root=JSONRPCRequest(method='initialize', params={'protocolVersion': '2025-11-25', 'capabilities': {}, 'clientInfo': {'name': 'mcp', 'version': '0.1.0'}}, jsonrpc='2.0', id=0) 2026-01-21 18:26:26.483 | DEBUG | mcp.client.streamable_http:streamable_http_client:649 - Connecting to StreamableHTTP endpoint: REDACTED/mcp 2026-01-21 18:26:26.432 | WARNING | open_webui.utils.oauth:get_oauth_token:680 - No OAuth session found for user REDACTED, client_id mcp:test 2026-01-21 18:26:26.426 | DEBUG | open_webui.utils.middleware:process_chat_payload:1642 - direct_tool_servers=[] 2026-01-21 18:26:26.425 | DEBUG | open_webui.utils.middleware:process_chat_payload:1641 - tool_ids=['server:mcp:test'] ``` ### Additional Information _No response_

GiteaMirror added the bug label 2026-05-05 22:04:43 -05:00

GiteaMirror closed this issue 2026-05-05 22:04:46 -05:00

GiteaMirror commented 2026-05-05 22:04:49 -05:00

Author

Owner

Copy Link

@owui-terminator[bot] commented on GitHub (Jan 21, 2026):

🔍 Similar Issues Found

I found some existing issues that might be related to this one. Please check if any of these are duplicates or contain helpful solutions:

1. #20828 issue: OAuth2.1 MCP Tool Server Verification Error - Failed to connect to the tool server: 'coroutine' object is not iterable
   by Lemmons • Jan 20, 2026 • bug

2. #20808 issue: mcp oauth 2.1 callback always ends in 401 not authenticated
   by bk-lg • Jan 20, 2026 • bug

3. #19823 Issue: MCP with OAuth 2.1 Authorization/Token retrival is broken in v0.6.41
   by mllab-nl • Dec 08, 2025 • bug

4. #19116 issue: MCP OAuth 2.1 client registration fails when policy_uri, client_uri, logo_uri or tos_uri are not set
   by xqqp • Nov 11, 2025 • bug

5. #18010 issue: MCP OAuth 2.1 flow doesn't match standard (missing code_challenge and resource_url)
   by hsuyuming • Oct 02, 2025 • bug

Show 3 more related issues

6. #19148 issue: Verify OAuth mcp server sends incorrect authorization header
   by Oleg52 • Nov 12, 2025 • bug

7. #20291 issue: MCP Atlassian OAuth token refresh fails with "Constructor parameter should be str" in v0.6.43
   by rolandscho • Dec 31, 2025 • bug

8. #20629 issue: MCP server response fails
   by thrasher • Jan 12, 2026 • bug

---

💡 Tips:

• If this is a duplicate, please consider closing this issue and adding any additional details to the existing one
• If you found a solution in any of these issues, please share it here to help others

This comment was generated automatically by a bot. Please react with a 👍 if this comment was helpful, or a 👎 if it was not.

<!-- gh-comment-id:3780472132 --> @owui-terminator[bot] commented on GitHub (Jan 21, 2026): 🔍 **Similar Issues Found** I found some existing issues that might be related to this one. Please check if any of these are duplicates or contain helpful solutions: 1. [#20828](https://github.com/open-webui/open-webui/issues/20828) **issue: OAuth2.1 MCP Tool Server Verification Error - Failed to connect to the tool server: 'coroutine' object is not iterable** *by Lemmons • Jan 20, 2026 • `bug`* 2. [#20808](https://github.com/open-webui/open-webui/issues/20808) **issue: mcp oauth 2.1 callback always ends in 401 not authenticated** *by bk-lg • Jan 20, 2026 • `bug`* 3. [#19823](https://github.com/open-webui/open-webui/issues/19823) **Issue: MCP with OAuth 2.1 Authorization/Token retrival is broken in v0.6.41** *by mllab-nl • Dec 08, 2025 • `bug`* 4. [#19116](https://github.com/open-webui/open-webui/issues/19116) **issue: MCP OAuth 2.1 client registration fails when policy_uri, client_uri, logo_uri or tos_uri are not set** *by xqqp • Nov 11, 2025 • `bug`* 5. [#18010](https://github.com/open-webui/open-webui/issues/18010) **issue: MCP OAuth 2.1 flow doesn't match standard (missing code_challenge and resource_url)** *by hsuyuming • Oct 02, 2025 • `bug`* <details> <summary>Show 3 more related issues</summary> 6. [#19148](https://github.com/open-webui/open-webui/issues/19148) **issue: Verify OAuth mcp server sends incorrect authorization header** *by Oleg52 • Nov 12, 2025 • `bug`* 7. [#20291](https://github.com/open-webui/open-webui/issues/20291) **issue: MCP Atlassian OAuth token refresh fails with "Constructor parameter should be str" in v0.6.43** *by rolandscho • Dec 31, 2025 • `bug`* 8. [#20629](https://github.com/open-webui/open-webui/issues/20629) **issue: MCP server response fails** *by thrasher • Jan 12, 2026 • `bug`* </details> --- 💡 **Tips:** - If this is a duplicate, please consider closing this issue and adding any additional details to the existing one - If you found a solution in any of these issues, please share it here to help others *This comment was generated automatically by a bot.* Please react with a 👍 if this comment was helpful, or a 👎 if it was not.

GiteaMirror commented 2026-05-05 22:04:50 -05:00

Author

Owner

Copy Link

@tjbck commented on GitHub (Jan 21, 2026):

Thanks for flagging this issue. We may revisit this approach but for if the mcp server is using oauth2.1, it should NOT be set as a default tool. In our dev branch we've made it so that you're not able to set them as default tool. Also, open to discussion here!

<!-- gh-comment-id:3781584458 --> @tjbck commented on GitHub (Jan 21, 2026): Thanks for flagging this issue. We may revisit this approach but for if the mcp server is using oauth2.1, it should NOT be set as a default tool. In our dev branch we've made it so that you're not able to set them as default tool. Also, open to discussion here!

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

dev

v0.9.2

v0.9.1

v0.9.0

v0.8.12

v0.8.11

v0.8.10

v0.8.9

v0.8.8

v0.8.7

v0.8.6

v0.8.5

v0.8.4

v0.8.3

v0.8.2

v0.8.1

v0.8.0

v0.7.2

v0.7.1

v0.7.0

v0.6.43

v0.6.42

v0.6.41

v0.6.40

v0.6.39

v0.6.38

v0.6.37

v0.6.36

v0.6.35

v0.6.34

v0.6.33

v0.6.32

v0.6.31

v0.6.30

v0.6.29

v0.6.28

v0.6.27

v0.6.26

v0.6.25

v0.6.24

v0.6.23

v0.6.22

v0.6.21

v0.6.20

v0.6.19

v0.6.18

v0.6.17

v0.6.16

v0.6.15

v0.6.14

v0.6.13

v0.6.12

v0.6.11

v0.6.10

v0.6.9

v0.6.8

v0.6.7

v0.6.6

v0.6.5

v0.6.4

v0.6.3

v0.6.2

v0.6.1

v0.6.0

v0.5.20

v0.5.19

v0.5.18

v0.5.17

v0.5.16

v0.5.15

v0.5.14

v0.5.13

v0.5.12

v0.5.11

v0.5.10

v0.5.9

v0.5.8

v0.5.7

v0.5.6

v0.5.5

v0.5.4

v0.5.3

v0.5.2

v0.5.1

v0.5.0

v0.4.8

v0.4.7

v0.4.6

v0.4.5

v0.4.4

v0.4.3

v0.4.2

v0.4.1

v0.4.0

v0.3.35

v0.3.34

v0.3.33

v0.3.32

v0.3.31

v0.3.30

v0.3.29

v0.3.28

v0.3.27

v0.3.26

v0.3.25

v0.3.24

v0.3.23

v0.3.22

v0.3.21

v0.3.20

v0.3.19

v0.3.18

v0.3.17

v0.3.16

v0.3.15

v0.3.14

v0.3.13

v0.3.12

v0.3.11

v0.3.10

v0.3.9

v0.3.8

v0.3.7

v0.3.6

v0.3.5

v0.3.4

v0.3.3

v0.3.2

v0.3.1

v0.3.0

v0.2.5

v0.2.4

v0.2.3

v0.2.2

v0.2.1

v0.2.0

v0.1.125

v0.1.124

v0.1.123

v0.1.122

v0.1.121

v0.1.120

v0.1.119

v0.1.118

v0.1.117

v0.1.116

v0.1.115

v0.1.114

v0.1.113

v0.1.112

v0.1.111

v0.1.110

v0.1.109

v0.1.108

v0.1.107

v0.1.106

v0.1.105

v0.1.104

v0.1.103

v0.1.102

Labels

Clear labels

bug

confirmed

confirmed issue

core

documentation

enhancement

good first issue

help wanted

non-core

pull-request

Mirrored from GitHub Pull Request

python

question

testing wanted

No Label bug

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

GiteaMirror ninjasurge

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/open-webui#57976