github-starred/open-webui
2
0
Fork 0
mirror of https://github.com/open-webui/open-webui.git synced 2026-03-09 23:35:09 -05:00
Code Issues 308 Packages Projects Releases 100 Wiki Activity

feat: User Level MCP Connections #6645

New Issue
Closed
opened 2025-11-11 17:02:22 -06:00 by GiteaMirror · 8 comments
GiteaMirror commented 2025-11-11 17:02:22 -06:00
Owner
Copy Link

Originally created by @P0u4a on GitHub (Oct 10, 2025).

Check Existing Issues

  • I have searched the existing issues and discussions.

Problem Description

It's great to see MCP connections are now supported. I've noticed at the moment only admins can create them globally. However, in an enterprise setting, having only the admin be able to add tools greatly diminishes the benefits of MCP, since admins can't add tools that require bearer token auth (the token is unique to each user).

Desired Solution you'd like

Extend the existing MCP support to allow users to to set their connection type to MCP and create MCP connections within the "External Tools" tab in settings. Of course, assuming the user has been granted permission to create external tools.

Alternatives Considered

No response

Additional Context

We could just use the OpenAPI tool server mode. However, this reduces adoption for our team due to the increased complexity when connecting to the proxy server, and we would really prefer to use the new MCP support.

Originally created by @P0u4a on GitHub (Oct 10, 2025). ### Check Existing Issues - [x] I have searched the existing issues and discussions. ### Problem Description It's great to see MCP connections are now supported. I've noticed at the moment only admins can create them globally. However, in an enterprise setting, having only the admin be able to add tools greatly diminishes the benefits of MCP, since admins can't add tools that require bearer token auth (the token is unique to each user). ### Desired Solution you'd like Extend the existing MCP support to allow users to to set their connection type to MCP and create MCP connections within the "External Tools" tab in settings. Of course, assuming the user has been granted permission to create external tools. ### Alternatives Considered _No response_ ### Additional Context We could just use the OpenAPI tool server mode. However, this reduces adoption for our team due to the increased complexity when connecting to the proxy server, and we would really prefer to use the new MCP support.
GiteaMirror commented 2025-11-11 17:02:23 -06:00
Author
Owner
Copy Link

@frenzybiscuit commented on GitHub (Oct 10, 2025):

Image

Why cant you use this?

@frenzybiscuit commented on GitHub (Oct 10, 2025): <img width="937" height="574" alt="Image" src="https://github.com/user-attachments/assets/aebb6a40-fea6-4624-8a82-be8f45dda42d" /> Why cant you use this?
GiteaMirror commented 2025-11-11 17:02:23 -06:00
Author
Owner
Copy Link

@P0u4a commented on GitHub (Oct 10, 2025):

As a non-admin user I don't see the option to change the connection type to MCP. It seems like it's only possible via the Admin setting, as it mentions in the docs also https://docs.openwebui.com/features/mcp#-quick-start

@P0u4a commented on GitHub (Oct 10, 2025): As a non-admin user I don't see the option to change the connection type to MCP. It seems like it's only possible via the Admin setting, as it mentions in the docs also https://docs.openwebui.com/features/mcp#-quick-start
GiteaMirror commented 2025-11-11 17:02:24 -06:00
Author
Owner
Copy Link

@frenzybiscuit commented on GitHub (Oct 10, 2025):

As a non-admin user I don't see the option to change the connection type to MCP. It seems like it's only possible via the Admin setting, as it mentions in the docs also https://docs.openwebui.com/features/mcp#-quick-start

https://docs.openwebui.com/openapi-servers/mcp

@frenzybiscuit commented on GitHub (Oct 10, 2025): > As a non-admin user I don't see the option to change the connection type to MCP. It seems like it's only possible via the Admin setting, as it mentions in the docs also https://docs.openwebui.com/features/mcp#-quick-start https://docs.openwebui.com/openapi-servers/mcp
GiteaMirror commented 2025-11-11 17:02:24 -06:00
Author
Owner
Copy Link

@tjbck commented on GitHub (Oct 10, 2025):

Will not be supported due to security issues, use OAuth2.1 MCP servers instead.

@tjbck commented on GitHub (Oct 10, 2025): Will not be supported due to security issues, use OAuth2.1 MCP servers instead.
GiteaMirror commented 2025-11-11 17:02:24 -06:00
Author
Owner
Copy Link

@P0u4a commented on GitHub (Oct 11, 2025):

I understand the security implications, but the oauth spec in the protocol is not so great either with DCR, so using bearer auth is the most appropriate method for our use case. I don’t really see the problem if it’s locked behind an admin-assigned permission, not to mention you can already do user level tools via the OpenAPI tool server method, so I don’t see why it’s not the same for MCP, seems like a feature gap.

@P0u4a commented on GitHub (Oct 11, 2025): I understand the security implications, but the oauth spec in the protocol is not so great either with DCR, so using bearer auth is the most appropriate method for our use case. I don’t really see the problem if it’s locked behind an admin-assigned permission, not to mention you can already do user level tools via the OpenAPI tool server method, so I don’t see why it’s not the same for MCP, seems like a feature gap.
GiteaMirror commented 2025-11-11 17:02:25 -06:00
Author
Owner
Copy Link

@P0u4a commented on GitHub (Oct 15, 2025):

@tjbck Could you take another look at this. There will be many MCP servers that won't support DCR like Github.

@P0u4a commented on GitHub (Oct 15, 2025): @tjbck Could you take another look at this. There will be many MCP servers that won't support DCR like Github.
GiteaMirror commented 2025-11-11 17:02:25 -06:00
Author
Owner
Copy Link

@tjbck commented on GitHub (Oct 15, 2025):

You can just use tokens as well, did you mean user specified tokens?

@tjbck commented on GitHub (Oct 15, 2025): You can just use tokens as well, did you mean user specified tokens?
GiteaMirror commented 2025-11-11 17:02:25 -06:00
Author
Owner
Copy Link

@P0u4a commented on GitHub (Oct 15, 2025):

did you mean user specified tokens?

Yeah user specified. In this case we know this is safe to do because it's an internal app with internal users.

@P0u4a commented on GitHub (Oct 15, 2025): > did you mean user specified tokens? Yeah user specified. In this case we know this is safe to do because it's an internal app with internal users.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
bug
core
documentation
enhancement
good first issue
help wanted
non-core
pull-request
Mirrored from GitHub Pull Request
 python
question
testing wanted
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/open-webui#6645
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?