[GH-ISSUE #23409] issue: OAuth authentication fails when provider uses redirects #58641

New Issue

Closed

opened 2026-05-05 23:37:03 -05:00 by GiteaMirror · 2 comments

GiteaMirror commented 2026-05-05 23:37:03 -05:00

Owner

Copy Link

Originally created by @olivier-lacroix on GitHub (Apr 5, 2026).
Original GitHub issue: https://github.com/open-webui/open-webui/issues/23409

Bug Report

Check Existing Issues

• I have searched for any existing and/or related issues.
• I have searched for any existing and/or related discussions.
• I have also searched in the CLOSED issues AND CLOSED discussions and found no related items (your issue might already be addressed on the development branch!).
• I am using the latest version of Open WebUI.

Installation Method

• Docker

Open WebUI Version

• v0.8.12

Operating System

• Linux

Confirmation

• I have read and followed all instructions in README.md.
• I am using the latest version of both Open WebUI and Ollama.
• I have included the browser console logs.
• I have included the Docker container logs.
• I have provided every relevant configuration, setting, and environment variable used in my setup.
• I have clearly listed every relevant configuration, custom setting, environment variable, and command-line option that influences my setup (such as Docker Compose overrides, .env values, browser settings, authentication configurations, etc).
• I have documented step-by-step reproduction instructions that are precise, sequential, and leave nothing to interpretation.

Expected Behavior

OAuth authentication should complete successfully even if the OAuth provider's endpoints (e.g., token endpoint or user info endpoint) perform HTTP redirects.

Actual Behavior

The OAuth authentication flow fails with an error during the exchange or profile retrieval phase because the underlying HTTP client does not follow redirects by default. This results in a failure to obtain tokens or user information when the provider redirects the request.

Steps to Reproduce

1. Configure an OAuth provider in Open WebUI that uses redirects on its token or user info endpoints.
2. Attempt to sign in using this OAuth provider.
3. Observe that the authentication flow fails after the initial authorization step, typically when the backend attempts to communicate with the provider's API.

Logs & Screenshots

 httpx.HTTPStatusError: Redirect response '302 Found' for url 'https://mcp-server.egnyte.com/.well-known/oauth-authorization-server/mcp'"

Additional Information

The issue is caused by the OAuthClientManager not setting follow_redirects=True in the client_kwargs for the OAuth client. Enabling this option ensures that the HTTP client correctly handles redirects from OAuth providers.

Originally created by @olivier-lacroix on GitHub (Apr 5, 2026). Original GitHub issue: https://github.com/open-webui/open-webui/issues/23409 ### Bug Report #### Check Existing Issues - [x] I have searched for any existing and/or related issues. - [x] I have searched for any existing and/or related discussions. - [x] I have also searched in the CLOSED issues AND CLOSED discussions and found no related items (your issue might already be addressed on the development branch!). - [x] I am using the latest version of Open WebUI. #### Installation Method - Docker #### Open WebUI Version - v0.8.12 #### Operating System - Linux #### Confirmation - [x] I have read and followed all instructions in `README.md`. - [x] I am using the latest version of **both** Open WebUI and Ollama. - [ ] I have included the browser console logs. - [ ] I have included the Docker container logs. - [x] I have **provided every relevant configuration, setting, and environment variable used in my setup.** - [x] I have clearly **listed every relevant configuration, custom setting, environment variable, and command-line option that influences my setup** (such as Docker Compose overrides, .env values, browser settings, authentication configurations, etc). - [x] I have documented **step-by-step reproduction instructions that are precise, sequential, and leave nothing to interpretation**. #### Expected Behavior OAuth authentication should complete successfully even if the OAuth provider's endpoints (e.g., token endpoint or user info endpoint) perform HTTP redirects. #### Actual Behavior The OAuth authentication flow fails with an error during the exchange or profile retrieval phase because the underlying HTTP client does not follow redirects by default. This results in a failure to obtain tokens or user information when the provider redirects the request. #### Steps to Reproduce 1. Configure an OAuth provider in Open WebUI that uses redirects on its token or user info endpoints. 2. Attempt to sign in using this OAuth provider. 3. Observe that the authentication flow fails after the initial authorization step, typically when the backend attempts to communicate with the provider's API. #### Logs & Screenshots ``` httpx.HTTPStatusError: Redirect response '302 Found' for url 'https://mcp-server.egnyte.com/.well-known/oauth-authorization-server/mcp'" ``` #### Additional Information The issue is caused by the `OAuthClientManager` not setting `follow_redirects=True` in the `client_kwargs` for the OAuth client. Enabling this option ensures that the HTTP client correctly handles redirects from OAuth providers.

GiteaMirror added the bug label 2026-05-05 23:37:03 -05:00

GiteaMirror closed this issue 2026-05-05 23:37:06 -05:00

GiteaMirror commented 2026-05-05 23:37:12 -05:00

Author

Owner

Copy Link

@olivier-lacroix commented on GitHub (Apr 7, 2026):

Fox proposed in https://github.com/open-webui/open-webui/pull/23410

<!-- gh-comment-id:4196548152 --> @olivier-lacroix commented on GitHub (Apr 7, 2026): Fox proposed in https://github.com/open-webui/open-webui/pull/23410

GiteaMirror commented 2026-05-05 23:37:14 -05:00

Author

Owner

Copy Link

@tjbck commented on GitHub (Apr 13, 2026):

Addressed in dev.

<!-- gh-comment-id:4239158327 --> @tjbck commented on GitHub (Apr 13, 2026): Addressed in dev.

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

dev

v0.9.2

v0.9.1

v0.9.0

v0.8.12

v0.8.11

v0.8.10

v0.8.9

v0.8.8

v0.8.7

v0.8.6

v0.8.5

v0.8.4

v0.8.3

v0.8.2

v0.8.1

v0.8.0

v0.7.2

v0.7.1

v0.7.0

v0.6.43

v0.6.42

v0.6.41

v0.6.40

v0.6.39

v0.6.38

v0.6.37

v0.6.36

v0.6.35

v0.6.34

v0.6.33

v0.6.32

v0.6.31

v0.6.30

v0.6.29

v0.6.28

v0.6.27

v0.6.26

v0.6.25

v0.6.24

v0.6.23

v0.6.22

v0.6.21

v0.6.20

v0.6.19

v0.6.18

v0.6.17

v0.6.16

v0.6.15

v0.6.14

v0.6.13

v0.6.12

v0.6.11

v0.6.10

v0.6.9

v0.6.8

v0.6.7

v0.6.6

v0.6.5

v0.6.4

v0.6.3

v0.6.2

v0.6.1

v0.6.0

v0.5.20

v0.5.19

v0.5.18

v0.5.17

v0.5.16

v0.5.15

v0.5.14

v0.5.13

v0.5.12

v0.5.11

v0.5.10

v0.5.9

v0.5.8

v0.5.7

v0.5.6

v0.5.5

v0.5.4

v0.5.3

v0.5.2

v0.5.1

v0.5.0

v0.4.8

v0.4.7

v0.4.6

v0.4.5

v0.4.4

v0.4.3

v0.4.2

v0.4.1

v0.4.0

v0.3.35

v0.3.34

v0.3.33

v0.3.32

v0.3.31

v0.3.30

v0.3.29

v0.3.28

v0.3.27

v0.3.26

v0.3.25

v0.3.24

v0.3.23

v0.3.22

v0.3.21

v0.3.20

v0.3.19

v0.3.18

v0.3.17

v0.3.16

v0.3.15

v0.3.14

v0.3.13

v0.3.12

v0.3.11

v0.3.10

v0.3.9

v0.3.8

v0.3.7

v0.3.6

v0.3.5

v0.3.4

v0.3.3

v0.3.2

v0.3.1

v0.3.0

v0.2.5

v0.2.4

v0.2.3

v0.2.2

v0.2.1

v0.2.0

v0.1.125

v0.1.124

v0.1.123

v0.1.122

v0.1.121

v0.1.120

v0.1.119

v0.1.118

v0.1.117

v0.1.116

v0.1.115

v0.1.114

v0.1.113

v0.1.112

v0.1.111

v0.1.110

v0.1.109

v0.1.108

v0.1.107

v0.1.106

v0.1.105

v0.1.104

v0.1.103

v0.1.102

Labels

Clear labels

bug

confirmed

confirmed issue

core

documentation

enhancement

good first issue

help wanted

non-core

pull-request

Mirrored from GitHub Pull Request

python

question

testing wanted

No Label bug

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

GiteaMirror ninjasurge

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/open-webui#58641