issue: Unable to login to Open WebUI using Authentik (OIDC) #5927

New Issue

GiteaMirror · 2025-11-11T16:39:05-06:00

GiteaMirror commented

2025-11-11 16:39:05 -06:00

Originally created by @navilg on GitHub (Jul 31, 2025).

Check Existing Issues

I have searched the existing issues and discussions.
I am using the latest version of Open WebUI.

Installation Method

Docker

Open WebUI Version

v0.6.16

Ollama Version (if applicable)

No response

Operating System

Ubuntu 24.04

Browser (if applicable)

No response

Confirmation

I have read and followed all instructions in README.md.
I am using the latest version of both Open WebUI and Ollama.
I have included the browser console logs.
I have included the Docker container logs.
I have provided every relevant configuration, setting, and environment variable used in my setup.
I have clearly listed every relevant configuration, custom setting, environment variable, and command-line option that influences my setup (such as Docker Compose overrides, .env values, browser settings, authentication configurations, etc).
I have documented step-by-step reproduction instructions that are precise, sequential, and leave nothing to interpretation. My steps:
Start with the initial platform/version/OS and dependencies used,
Specify exact install/launch/configure commands,
List URLs visited, user input (incl. example values/emails/passwords if needed),
Describe all options and toggles enabled or changed,
Include any files or environmental changes,
Identify the expected and actual result at each stage,
Ensure any reasonably skilled user can follow and hit the same issue.

Expected Behavior

Login using Authentik should work fine

Actual Behavior

Login using Authentik is failing with error The email or password provided is incorrect. Please check for typos and try logging in again.

Steps to Reproduce

Enable OAUTH login in an existing OpenWebUI instance with Authentik
Login to OpenWebUI with internal user account. And log out.
Try to login using Authentik for same user account

Logs & Screenshots

Screenshot:

Docker log:

2025-07-23 08:06:02.377 | INFO     | httpx._client:_send_single_request:1740 - HTTP Request: GET https://authentik.local/application/o/openwebui/.well-known/openid-configuration "HTTP/1.1 200 OK" - {}

2025-07-23 08:06:02.413 | INFO     | uvicorn.protocols.http.httptools_impl:send:476 - 129.159.228.200:0 - "GET /oauth/oidc/login HTTP/1.1" 302 - {}

2025-07-23 08:06:06.370 | INFO     | httpx._client:_send_single_request:1740 - HTTP Request: POST https://authentik.local/application/o/token/ "HTTP/1.1 200 OK" - {}

2025-07-23 08:06:10.196 | INFO     | httpx._client:_send_single_request:1740 - HTTP Request: GET https://authentik.local/application/o/openwebui/jwks/ "HTTP/1.1 200 OK" - {}

2025-07-23 08:06:10.197 | WARNING  | open_webui.utils.oauth:handle_callback:352 - OAuth callback error: unsupported_algorithm:  - {}

2025-07-23 08:06:10.197 | INFO     | uvicorn.protocols.http.httptools_impl:send:476 - 129.159.228.200:0 - "GET /oauth/oidc/callback?code=22f669ce06af47e0ac8e7929db3f1dc3&state=WMFh3ofigef9tFZrEelQ5S882e2I2w HTTP/1.1" 400 - {}

Additional Information

I am using open webui behind traefik

Below environment variable is used

      OAUTH_CLIENT_ID: ${OAUTH_CLIENT_ID}
      OAUTH_CLIENT_SECRET: ${OAUTH_CLIENT_SECRET}
      OAUTH_PROVIDER_NAME: ${OAUTH_PROVIDER_NAME}
      OPENID_PROVIDER_URL: ${OPENID_PROVIDER_URL}
      OPENID_REDIRECT_URI: https://${PROXY_DOMAIN}/oauth/oidc/callback
      ENABLE_OAUTH_SIGNUP: true
      OAUTH_MERGE_ACCOUNTS_BY_EMAIL: true
      OAUTH_SCOPES: openid email profile

Originally created by @navilg on GitHub (Jul 31, 2025). ### Check Existing Issues - [x] I have searched the existing issues and discussions. - [x] I am using the latest version of Open WebUI. ### Installation Method Docker ### Open WebUI Version v0.6.16 ### Ollama Version (if applicable) _No response_ ### Operating System Ubuntu 24.04 ### Browser (if applicable) _No response_ ### Confirmation - [x] I have read and followed all instructions in `README.md`. - [x] I am using the latest version of **both** Open WebUI and Ollama. - [x] I have included the browser console logs. - [x] I have included the Docker container logs. - [x] I have **provided every relevant configuration, setting, and environment variable used in my setup.** - [x] I have clearly **listed every relevant configuration, custom setting, environment variable, and command-line option that influences my setup** (such as Docker Compose overrides, .env values, browser settings, authentication configurations, etc). - [x] I have documented **step-by-step reproduction instructions that are precise, sequential, and leave nothing to interpretation**. My steps: - Start with the initial platform/version/OS and dependencies used, - Specify exact install/launch/configure commands, - List URLs visited, user input (incl. example values/emails/passwords if needed), - Describe all options and toggles enabled or changed, - Include any files or environmental changes, - Identify the expected and actual result at each stage, - Ensure any reasonably skilled user can follow and hit the same issue. ### Expected Behavior Login using Authentik should work fine ### Actual Behavior Login using Authentik is failing with error `The email or password provided is incorrect. Please check for typos and try logging in again.` ### Steps to Reproduce 1. Enable OAUTH login in an existing OpenWebUI instance with Authentik 2. Login to OpenWebUI with internal user account. And log out. 3. Try to login using Authentik for same user account ### Logs & Screenshots Screenshot: <img width="2809" height="912" alt="Image" src="https://github.com/user-attachments/assets/f4785824-72cb-405e-b5df-9406c2e50af8" /> Docker log: ```text 2025-07-23 08:06:02.377 | INFO | httpx._client:_send_single_request:1740 - HTTP Request: GET https://authentik.local/application/o/openwebui/.well-known/openid-configuration "HTTP/1.1 200 OK" - {} 2025-07-23 08:06:02.413 | INFO | uvicorn.protocols.http.httptools_impl:send:476 - 129.159.228.200:0 - "GET /oauth/oidc/login HTTP/1.1" 302 - {} 2025-07-23 08:06:06.370 | INFO | httpx._client:_send_single_request:1740 - HTTP Request: POST https://authentik.local/application/o/token/ "HTTP/1.1 200 OK" - {} 2025-07-23 08:06:10.196 | INFO | httpx._client:_send_single_request:1740 - HTTP Request: GET https://authentik.local/application/o/openwebui/jwks/ "HTTP/1.1 200 OK" - {} 2025-07-23 08:06:10.197 | WARNING | open_webui.utils.oauth:handle_callback:352 - OAuth callback error: unsupported_algorithm: - {} 2025-07-23 08:06:10.197 | INFO | uvicorn.protocols.http.httptools_impl:send:476 - 129.159.228.200:0 - "GET /oauth/oidc/callback?code=22f669ce06af47e0ac8e7929db3f1dc3&state=WMFh3ofigef9tFZrEelQ5S882e2I2w HTTP/1.1" 400 - {} ``` ### Additional Information I am using open webui behind traefik Below environment variable is used ```yaml OAUTH_CLIENT_ID: ${OAUTH_CLIENT_ID} OAUTH_CLIENT_SECRET: ${OAUTH_CLIENT_SECRET} OAUTH_PROVIDER_NAME: ${OAUTH_PROVIDER_NAME} OPENID_PROVIDER_URL: ${OPENID_PROVIDER_URL} OPENID_REDIRECT_URI: https://${PROXY_DOMAIN}/oauth/oidc/callback ENABLE_OAUTH_SIGNUP: true OAUTH_MERGE_ACCOUNTS_BY_EMAIL: true OAUTH_SCOPES: openid email profile ```

GiteaMirror added the bug label 2025-11-11 16:39:05 -06:00

GiteaMirror closed this issue

2025-11-11 16:39:05 -06:00

GiteaMirror referenced this issue

2025-11-11 18:00:23 -06:00

[PR #5927] [MERGED] i18n: Update Chinese translation #8584

Sign in to join this conversation.