issue: I can't log in with OPENID+Microsoft Entra ID (The button does not apear) #6207

New Issue

Closed

opened 2025-11-11 16:48:13 -06:00 by GiteaMirror · 3 comments

GiteaMirror commented 2025-11-11 16:48:13 -06:00

Owner

Copy Link

Originally created by @brunesIT on GitHub (Aug 25, 2025).

Check Existing Issues

• I have searched the existing issues and discussions.
• I am using the latest version of Open WebUI.

Installation Method

Docker

Open WebUI Version

v0.6.25

Ollama Version (if applicable)

No response

Operating System

Ubuntu 24.04.2 LTS

Browser (if applicable)

Edge

Confirmation

• I have read and followed all instructions in README.md.
• I am using the latest version of both Open WebUI and Ollama.
• I have included the browser console logs.
• I have included the Docker container logs.
• I have provided every relevant configuration, setting, and environment variable used in my setup.
• I have clearly listed every relevant configuration, custom setting, environment variable, and command-line option that influences my setup (such as Docker Compose overrides, .env values, browser settings, authentication configurations, etc).
• I have documented step-by-step reproduction instructions that are precise, sequential, and leave nothing to interpretation. My steps:
• Start with the initial platform/version/OS and dependencies used,
• Specify exact install/launch/configure commands,
• List URLs visited, user input (incl. example values/emails/passwords if needed),
• Describe all options and toggles enabled or changed,
• Include any files or environmental changes,
• Identify the expected and actual result at each stage,
• Ensure any reasonably skilled user can follow and hit the same issue.

Expected Behavior

When entering openwebUI, I expected to see the Log In button with OpenID.

Actual Behavior

open-webui | AssertionError
open-webui | Exception in ASGI application
open-webui | Traceback (most recent call last):
open-webui | File "/usr/local/lib/python3.11/site-packages/uvicorn/protocols/websockets/websockets_impl.py", line 244, in run_asgi
open-webui | result = await self.app(self.scope, self.asgi_receive, self.asgi_send) # type: ignore[func-returns-value]
open-webui | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
open-webui | File "/usr/local/lib/python3.11/site-packages/uvicorn/middleware/proxy_headers.py", line 60, in call
open-webui | return await self.app(scope, receive, send)
open-webui | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
open-webui | File "/usr/local/lib/python3.11/site-packages/fastapi/applications.py", line 1054, in call
open-webui | await super().call(scope, receive, send)
open-webui | File "/usr/local/lib/python3.11/site-packages/starlette/applications.py", line 112, in call
open-webui | await self.middleware_stack(scope, receive, send)
open-webui | File "/usr/local/lib/python3.11/site-packages/starlette/middleware/errors.py", line 152, in call
open-webui | await self.app(scope, receive, send)
open-webui | File "/usr/local/lib/python3.11/site-packages/starlette/middleware/cors.py", line 77, in call
open-webui | await self.app(scope, receive, send)
open-webui | File "/usr/local/lib/python3.11/site-packages/starlette/middleware/base.py", line 100, in call
open-webui | await self.app(scope, receive, send)
open-webui | File "/usr/local/lib/python3.11/site-packages/starlette/middleware/base.py", line 100, in call
open-webui | await self.app(scope, receive, send)
open-webui | File "/usr/local/lib/python3.11/site-packages/starlette/middleware/base.py", line 100, in call
open-webui | await self.app(scope, receive, send)
open-webui | [Previous line repeated 2 more times]
open-webui | File "/usr/local/lib/python3.11/site-packages/starlette_compress/init.py", line 86, in call
open-webui | return await self.app(scope, receive, send)
open-webui | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
open-webui | File "/usr/local/lib/python3.11/site-packages/starlette/middleware/exceptions.py", line 62, in call
open-webui | await wrap_app_handling_exceptions(self.app, conn)(scope, receive, send)
open-webui | File "/usr/local/lib/python3.11/site-packages/starlette/_exception_handler.py", line 53, in wrapped_app
open-webui | raise exc
open-webui | File "/usr/local/lib/python3.11/site-packages/starlette/_exception_handler.py", line 42, in wrapped_app
open-webui | await app(scope, receive, sender)
open-webui | File "/usr/local/lib/python3.11/site-packages/starlette/routing.py", line 715, in call
open-webui | await self.middleware_stack(scope, receive, send)
open-webui | File "/usr/local/lib/python3.11/site-packages/starlette/routing.py", line 735, in app
open-webui | await route.handle(scope, receive, send)
open-webui | File "/usr/local/lib/python3.11/site-packages/starlette/routing.py", line 460, in handle
open-webui | await self.app(scope, receive, send)
open-webui | File "/usr/local/lib/python3.11/site-packages/starlette/staticfiles.py", line 91, in call
open-webui | assert scope["type"] == "http"
open-webui | ^^^^^^^^^^^^^^^^^^^^^^^
open-webui | AssertionError

Steps to Reproduce

start docker
set up docker compose
docker compose up
see the logs

Logs & Screenshots

Additional Information

DOCKER COMPOSE BELOW

services:
open-webui:
image: ghcr.io/open-webui/open-webui:v0.6.25
container_name: open-webui
ports:
- "8080:8080"
environment:
OPENAI_API_KEY: "sk-xxx"
OPENAI_API_BASE_URL: "https://api.deepseek.com/v1"
MODEL_NAME: "deepseek-chat"
DEFAULT_MODELS: "deepseek-chat"

  ENABLE_SIGNUP: "false"
  WEBUI_AUTH: "true"
  ENABLE_COMMUNITY_SHARING: "false"
  ENABLE_MODEL_FILTER: "true"

  HOST: "0.0.0.0"
  PORT: "8080"

  DOMAIN_CLIENT: "https://mydomain.com"
  DOMAIN_SERVER: "https://mydomain.com"
  
  CREDS_KEY: ""
  CREDS_IV: ""
  JWT_SECRET: ""
  JWT_REFRESH_SECRET: ""

  DISABLE_COMPRESS: "true"
  # Azure / OpenID
  OPENID_CLIENT_ID: "xxxxxxXXxxXXXX"
  OPENID_CLIENT_SECRET: "xxxxxxXXxxXXXXxxxxxxXXxxXXXX"
  OPENID_ISSUER: "https://login.microsoftonline.com/xxxxxxXXxxXXXX/v2.0"
  OPENID_SESSION_SECRET: "xxxxxxXXxxXXXXxxxxxxXXxxXXXX"
  OPENID_SCOPE: "openid profile email"
  OPENID_CALLBACK_URL: "https://mydomain.com/oauth/openid/callback"
  OPENID_REQUIRED_ROLE: ""
  OPENID_REQUIRED_ROLE_TOKEN_KIND: "id"
  OPENID_REQUIRED_ROLE_PARAMETER_PATH: ""


volumes:
  - open-webui:/app/backend/data
restart: unless-stopped

volumes:
open-webui: {}

I'M USING NGINX PROXY MANAGER
CONFIG:

http://open-webui:8080 | Let's Encrypt

Advanced:

Disable caching for login / OAuth / websockets endpoints

location ~* ^/(api|oauth|callback|login|ws|websocket) {
proxy_no_cache 1;
proxy_cache_bypass 1;

proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;

proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";

proxy_read_timeout 3600s;
proxy_send_timeout 3600s;

proxy_set_header Accept-Encoding "";

}

I'M NEW AT GITHUB ISSUES

Originally created by @brunesIT on GitHub (Aug 25, 2025). ### Check Existing Issues - [x] I have searched the existing issues and discussions. - [x] I am using the latest version of Open WebUI. ### Installation Method Docker ### Open WebUI Version v0.6.25 ### Ollama Version (if applicable) _No response_ ### Operating System Ubuntu 24.04.2 LTS ### Browser (if applicable) Edge ### Confirmation - [x] I have read and followed all instructions in `README.md`. - [x] I am using the latest version of **both** Open WebUI and Ollama. - [x] I have included the browser console logs. - [x] I have included the Docker container logs. - [x] I have **provided every relevant configuration, setting, and environment variable used in my setup.** - [x] I have clearly **listed every relevant configuration, custom setting, environment variable, and command-line option that influences my setup** (such as Docker Compose overrides, .env values, browser settings, authentication configurations, etc). - [x] I have documented **step-by-step reproduction instructions that are precise, sequential, and leave nothing to interpretation**. My steps: - Start with the initial platform/version/OS and dependencies used, - Specify exact install/launch/configure commands, - List URLs visited, user input (incl. example values/emails/passwords if needed), - Describe all options and toggles enabled or changed, - Include any files or environmental changes, - Identify the expected and actual result at each stage, - Ensure any reasonably skilled user can follow and hit the same issue. ### Expected Behavior When entering openwebUI, I expected to see the Log In button with OpenID. ### Actual Behavior open-webui | AssertionError open-webui | Exception in ASGI application open-webui | Traceback (most recent call last): open-webui | File "/usr/local/lib/python3.11/site-packages/uvicorn/protocols/websockets/websockets_impl.py", line 244, in run_asgi open-webui | result = await self.app(self.scope, self.asgi_receive, self.asgi_send) # type: ignore[func-returns-value] open-webui | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ open-webui | File "/usr/local/lib/python3.11/site-packages/uvicorn/middleware/proxy_headers.py", line 60, in __call__ open-webui | return await self.app(scope, receive, send) open-webui | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ open-webui | File "/usr/local/lib/python3.11/site-packages/fastapi/applications.py", line 1054, in __call__ open-webui | await super().__call__(scope, receive, send) open-webui | File "/usr/local/lib/python3.11/site-packages/starlette/applications.py", line 112, in __call__ open-webui | await self.middleware_stack(scope, receive, send) open-webui | File "/usr/local/lib/python3.11/site-packages/starlette/middleware/errors.py", line 152, in __call__ open-webui | await self.app(scope, receive, send) open-webui | File "/usr/local/lib/python3.11/site-packages/starlette/middleware/cors.py", line 77, in __call__ open-webui | await self.app(scope, receive, send) open-webui | File "/usr/local/lib/python3.11/site-packages/starlette/middleware/base.py", line 100, in __call__ open-webui | await self.app(scope, receive, send) open-webui | File "/usr/local/lib/python3.11/site-packages/starlette/middleware/base.py", line 100, in __call__ open-webui | await self.app(scope, receive, send) open-webui | File "/usr/local/lib/python3.11/site-packages/starlette/middleware/base.py", line 100, in __call__ open-webui | await self.app(scope, receive, send) open-webui | [Previous line repeated 2 more times] open-webui | File "/usr/local/lib/python3.11/site-packages/starlette_compress/__init__.py", line 86, in __call__ open-webui | return await self.app(scope, receive, send) open-webui | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ open-webui | File "/usr/local/lib/python3.11/site-packages/starlette/middleware/exceptions.py", line 62, in __call__ open-webui | await wrap_app_handling_exceptions(self.app, conn)(scope, receive, send) open-webui | File "/usr/local/lib/python3.11/site-packages/starlette/_exception_handler.py", line 53, in wrapped_app open-webui | raise exc open-webui | File "/usr/local/lib/python3.11/site-packages/starlette/_exception_handler.py", line 42, in wrapped_app open-webui | await app(scope, receive, sender) open-webui | File "/usr/local/lib/python3.11/site-packages/starlette/routing.py", line 715, in __call__ open-webui | await self.middleware_stack(scope, receive, send) open-webui | File "/usr/local/lib/python3.11/site-packages/starlette/routing.py", line 735, in app open-webui | await route.handle(scope, receive, send) open-webui | File "/usr/local/lib/python3.11/site-packages/starlette/routing.py", line 460, in handle open-webui | await self.app(scope, receive, send) open-webui | File "/usr/local/lib/python3.11/site-packages/starlette/staticfiles.py", line 91, in __call__ open-webui | assert scope["type"] == "http" open-webui | ^^^^^^^^^^^^^^^^^^^^^^^ open-webui | AssertionError ### Steps to Reproduce start docker set up docker compose docker compose up see the logs ### Logs & Screenshots <img width="744" height="586" alt="Image" src="https://github.com/user-attachments/assets/a05022de-aac2-4e7e-a845-7f6eb57dcec3" /> ### Additional Information **DOCKER COMPOSE BELOW** services: open-webui: image: ghcr.io/open-webui/open-webui:v0.6.25 container_name: open-webui ports: - "8080:8080" environment: OPENAI_API_KEY: "sk-xxx" OPENAI_API_BASE_URL: "https://api.deepseek.com/v1" MODEL_NAME: "deepseek-chat" DEFAULT_MODELS: "deepseek-chat" ENABLE_SIGNUP: "false" WEBUI_AUTH: "true" ENABLE_COMMUNITY_SHARING: "false" ENABLE_MODEL_FILTER: "true" HOST: "0.0.0.0" PORT: "8080" DOMAIN_CLIENT: "https://mydomain.com" DOMAIN_SERVER: "https://mydomain.com" CREDS_KEY: "" CREDS_IV: "" JWT_SECRET: "" JWT_REFRESH_SECRET: "" DISABLE_COMPRESS: "true" # Azure / OpenID OPENID_CLIENT_ID: "xxxxxxXXxxXXXX" OPENID_CLIENT_SECRET: "xxxxxxXXxxXXXXxxxxxxXXxxXXXX" OPENID_ISSUER: "https://login.microsoftonline.com/xxxxxxXXxxXXXX/v2.0" OPENID_SESSION_SECRET: "xxxxxxXXxxXXXXxxxxxxXXxxXXXX" OPENID_SCOPE: "openid profile email" OPENID_CALLBACK_URL: "https://mydomain.com/oauth/openid/callback" OPENID_REQUIRED_ROLE: "" OPENID_REQUIRED_ROLE_TOKEN_KIND: "id" OPENID_REQUIRED_ROLE_PARAMETER_PATH: "" volumes: - open-webui:/app/backend/data restart: unless-stopped volumes: open-webui: {} **_I'M USING NGINX PROXY MANAGER_** CONFIG: http://open-webui:8080 | Let's Encrypt Advanced: # Disable caching for login / OAuth / websockets endpoints location ~* ^/(api|oauth|callback|login|ws|websocket) { proxy_no_cache 1; proxy_cache_bypass 1; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_read_timeout 3600s; proxy_send_timeout 3600s; proxy_set_header Accept-Encoding ""; } I'M NEW AT GITHUB ISSUES

GiteaMirror added the bug label 2025-11-11 16:48:13 -06:00

GiteaMirror closed this issue 2025-11-11 16:48:14 -06:00

GiteaMirror commented 2025-11-11 16:48:15 -06:00

Author

Owner

Copy Link

@Classic298 commented on GitHub (Aug 26, 2025):

It seems you did not set ENABLE_OAUTH_SIGNUP and ENABLE_LOGIN_FORM

There might be other variables you also did not set.

Please check the env var docs here https://docs.openwebui.com/getting-started/env-configuration

And the SSO Docs here https://docs.openwebui.com/features/sso/

And troubleshooting here
https://docs.openwebui.com/troubleshooting/sso

@Classic298 commented on GitHub (Aug 26, 2025): It seems you did not set ENABLE_OAUTH_SIGNUP and ENABLE_LOGIN_FORM There might be other variables you also did not set. Please check the env var docs here https://docs.openwebui.com/getting-started/env-configuration And the SSO Docs here https://docs.openwebui.com/features/sso/ And troubleshooting here https://docs.openwebui.com/troubleshooting/sso

GiteaMirror commented 2025-11-11 16:48:15 -06:00

Author

Owner

Copy Link

@JARZcorp commented on GitHub (Aug 26, 2025):

Is there a reason you are using the OpenID env variables instead of the Microsoft env varialbes since you are using Entra ID?

You also need to create an app registration in Azure, but as Ckassuc298 pointed out check out the documentation around SSO.

---

MICROSOFT_CLIENT_ID
Type: str
Description: Sets the client ID for Microsoft OAuth.
Persistence: This environment variable is a PersistentConfig variable.
MICROSOFT_CLIENT_SECRET
Type: str
Description: Sets the client secret for Microsoft OAuth.
Persistence: This environment variable is a PersistentConfig variable.
MICROSOFT_CLIENT_TENANT_ID
Type: str
Description: Sets the tenant ID for Microsoft OAuth.
Persistence: This environment variable is a PersistentConfig variable.
MICROSOFT_OAUTH_SCOPE
Type: str
Default: openid email profile
Description: Sets the scope for Microsoft OAuth authentication.
Persistence: This environment variable is a PersistentConfig variable.
MICROSOFT_REDIRECT_URI
Type: str
Default: /oauth/microsoft/callback
Description: Sets the redirect URI for Microsoft OAuth.
Persistence: This environment variable is a PersistentConfig variable.

@JARZcorp commented on GitHub (Aug 26, 2025): Is there a reason you are using the OpenID env variables instead of the Microsoft env varialbes since you are using Entra ID? You also need to create an app registration in Azure, but as Ckassuc298 pointed out check out the documentation around SSO. --- MICROSOFT_CLIENT_ID Type: str Description: Sets the client ID for Microsoft OAuth. Persistence: This environment variable is a PersistentConfig variable. MICROSOFT_CLIENT_SECRET Type: str Description: Sets the client secret for Microsoft OAuth. Persistence: This environment variable is a PersistentConfig variable. MICROSOFT_CLIENT_TENANT_ID Type: str Description: Sets the tenant ID for Microsoft OAuth. Persistence: This environment variable is a PersistentConfig variable. MICROSOFT_OAUTH_SCOPE Type: str Default: openid email profile Description: Sets the scope for Microsoft OAuth authentication. Persistence: This environment variable is a PersistentConfig variable. MICROSOFT_REDIRECT_URI Type: str Default: <backend>/oauth/microsoft/callback Description: Sets the redirect URI for Microsoft OAuth. Persistence: This environment variable is a PersistentConfig variable.

GiteaMirror commented 2025-11-11 16:48:15 -06:00

Author

Owner

Copy Link

@brunesIT commented on GitHub (Aug 26, 2025):

@JARZcorp @Classic298 First of all Thank you for the help. Would it be better for me to use OPEN ID or Microsoft auth?
I have used OpenID with Librechat (another WebUI) and it worked. What would be best to integrate with n8n?

@brunesIT commented on GitHub (Aug 26, 2025): @JARZcorp @Classic298 First of all Thank you for the help. Would it be better for me to use OPEN ID or Microsoft auth? I have used OpenID with Librechat (another WebUI) and it worked. What would be best to integrate with n8n?

GiteaMirror referenced this issue 2025-11-11 18:01:47 -06:00

[PR #6235] [MERGED] chore: add googleapis-common-protos dep #8640

GiteaMirror referenced this issue 2026-04-19 20:41:51 -05:00

[GH-ISSUE #6207] uv deps != pyproject.toml deps #14283

GiteaMirror referenced this issue 2026-04-20 03:45:09 -05:00

[PR #6235] [MERGED] chore: add googleapis-common-protos dep #21844

GiteaMirror referenced this issue 2026-04-25 04:13:20 -05:00

[GH-ISSUE #6207] uv deps != pyproject.toml deps #29811

GiteaMirror referenced this issue 2026-04-25 10:56:14 -05:00

[PR #6235] [MERGED] chore: add googleapis-common-protos dep #37474

GiteaMirror referenced this issue 2026-04-29 19:08:01 -05:00

[PR #6235] [MERGED] chore: add googleapis-common-protos dep #44892

GiteaMirror referenced this issue 2026-05-05 14:10:09 -05:00

[GH-ISSUE #6207] uv deps != pyproject.toml deps #52949

GiteaMirror referenced this issue 2026-05-06 03:40:41 -05:00

[PR #6235] [MERGED] chore: add googleapis-common-protos dep #60700

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

dev

v0.9.2

v0.9.1

v0.9.0

v0.8.12

v0.8.11

v0.8.10

v0.8.9

v0.8.8

v0.8.7

v0.8.6

v0.8.5

v0.8.4

v0.8.3

v0.8.2

v0.8.1

v0.8.0

v0.7.2

v0.7.1

v0.7.0

v0.6.43

v0.6.42

v0.6.41

v0.6.40

v0.6.39

v0.6.38

v0.6.37

v0.6.36

v0.6.35

v0.6.34

v0.6.33

v0.6.32

v0.6.31

v0.6.30

v0.6.29

v0.6.28

v0.6.27

v0.6.26

v0.6.25

v0.6.24

v0.6.23

v0.6.22

v0.6.21

v0.6.20

v0.6.19

v0.6.18

v0.6.17

v0.6.16

v0.6.15

v0.6.14

v0.6.13

v0.6.12

v0.6.11

v0.6.10

v0.6.9

v0.6.8

v0.6.7

v0.6.6

v0.6.5

v0.6.4

v0.6.3

v0.6.2

v0.6.1

v0.6.0

v0.5.20

v0.5.19

v0.5.18

v0.5.17

v0.5.16

v0.5.15

v0.5.14

v0.5.13

v0.5.12

v0.5.11

v0.5.10

v0.5.9

v0.5.8

v0.5.7

v0.5.6

v0.5.5

v0.5.4

v0.5.3

v0.5.2

v0.5.1

v0.5.0

v0.4.8

v0.4.7

v0.4.6

v0.4.5

v0.4.4

v0.4.3

v0.4.2

v0.4.1

v0.4.0

v0.3.35

v0.3.34

v0.3.33

v0.3.32

v0.3.31

v0.3.30

v0.3.29

v0.3.28

v0.3.27

v0.3.26

v0.3.25

v0.3.24

v0.3.23

v0.3.22

v0.3.21

v0.3.20

v0.3.19

v0.3.18

v0.3.17

v0.3.16

v0.3.15

v0.3.14

v0.3.13

v0.3.12

v0.3.11

v0.3.10

v0.3.9

v0.3.8

v0.3.7

v0.3.6

v0.3.5

v0.3.4

v0.3.3

v0.3.2

v0.3.1

v0.3.0

v0.2.5

v0.2.4

v0.2.3

v0.2.2

v0.2.1

v0.2.0

v0.1.125

v0.1.124

v0.1.123

v0.1.122

v0.1.121

v0.1.120

v0.1.119

v0.1.118

v0.1.117

v0.1.116

v0.1.115

v0.1.114

v0.1.113

v0.1.112

v0.1.111

v0.1.110

v0.1.109

v0.1.108

v0.1.107

v0.1.106

v0.1.105

v0.1.104

v0.1.103

v0.1.102

Labels

Clear labels

bug

confirmed

confirmed issue

core

documentation

enhancement

good first issue

help wanted

non-core

pull-request

Mirrored from GitHub Pull Request

python

question

testing wanted

No Label bug

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

GiteaMirror ninjasurge

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/open-webui#6207