mirror of
https://github.com/open-webui/open-webui.git
synced 2026-07-10 23:55:15 -05:00
[PR #24304] fix: support separate MCP OAuth issuer URL #66449
Reference in New Issue
Block a user
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
📋 Pull Request Information
Original PR: https://github.com/open-webui/open-webui/pull/24304
Author: @Genmin
Created: 5/1/2026
Status: 🔄 Open
Base:
dev← Head:fix/mcp-oauth-issuer-url📝 Commits (10+)
fe6783cMerge pull request #19030 from open-webui/devfc05e0aMerge pull request #19405 from open-webui/deve3faec6Merge pull request #19416 from open-webui/dev9899293Merge pull request #19448 from open-webui/dev140605eMerge pull request #19462 from open-webui/dev6f1486fMerge pull request #19466 from open-webui/devd95f533Merge pull request #19729 from open-webui/deva7271530.6.43 (#20093)6adde20Merge pull request #20394 from open-webui/devf9b0534Merge pull request #20522 from open-webui/dev📊 Changes
6 files changed (+110 additions, -12 deletions)
View changed files
📝
backend/open_webui/main.py(+5 -1)📝
backend/open_webui/routers/configs.py(+5 -2)➕
backend/open_webui/test/utils/test_oauth.py(+47 -0)📝
backend/open_webui/utils/oauth.py(+15 -5)📝
src/lib/apis/configs/index.ts(+1 -0)📝
src/lib/components/AddToolServerModal.svelte(+37 -4)📄 Description
Pull Request Checklist
Before submitting, make sure you've checked the following:
devbranch. PRs targetingmainwill be immediately closed.devto ensure no unrelated commits (e.g. frommain) are included. Push updates to the existing PR branch instead of closing and reopening.fixprefix.Summary
Fixes #24216.
This adds an optional OAuth authorization/discovery URL for MCP OAuth 2.1 static tool servers. It is needed for providers such as Google's official Gmail MCP server, where the MCP endpoint is on
gmailmcp.googleapis.combut OAuth discovery lives underaccounts.google.com.When the new field is blank, Open WebUI preserves the existing MCP-server-host discovery fallback. When it is set, registration, connection verification, and persisted re-registration use the explicit authorization server/discovery URL.
Testing
.well-known/openid-configurationoverride, and the existing no-override fallback order.Commands run:
PYTHONPATH=backend uv run --no-project --with-requirements backend/requirements.txt --with pytest --with pytest-asyncio pytest backend/open_webui/test/utils/test_oauth.py -quv run --no-sync --with ruff ruff check backend/open_webui/test/utils/test_oauth.pypython3 -m compileall -q backend/open_webui/utils/oauth.py backend/open_webui/routers/configs.py backend/open_webui/main.py backend/open_webui/test/utils/test_oauth.pynpx prettier --plugin-search-dir --write src/lib/components/AddToolServerModal.svelte src/lib/apis/configs/index.tssrc/lib/components/AddToolServerModal.sveltegit diff --checkNote:
npm run checkcurrently fails on the existing repo-wide Svelte/TypeScript baseline diagnostics unrelated to this change; the touched component compiles directly.Changelog Entry
Description
Added
Changed
Deprecated
Removed
Fixed
Security
Breaking Changes
Additional Information
Screenshots or Videos
Contributor License Agreement
🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.