mirror of
https://github.com/open-webui/open-webui.git
synced 2026-07-16 14:39:31 -05:00
[GH-ISSUE #22257] issue: Cannot generate tokens via WebUI #74280
Reference in New Issue
Block a user
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @g4njawizard on GitHub (Mar 5, 2026).
Original GitHub issue: https://github.com/open-webui/open-webui/issues/22257
Check Existing Issues
Installation Method
Docker
Open WebUI Version
v0.8.8
Ollama Version (if applicable)
No response
Operating System
Linux jetson 5.15.148-tegra
Browser (if applicable)
Firefox 148.0
Confirmation
README.md.Expected Behavior
Generating Tokens as a user via OpenWebUI
Actual Behavior
I have activated the API Keys with the needed env:
ENABLE_API_KEYS="true"I see the API section from my user and I try to generate a token.
The default JWT token that is appearing doesn't seem to work for me. When I use the default JWT token, I get an 401 unauthorized message.
Generating a new token
Steps to Reproduce
docker run -d --restart always -v /mnt/openwebui:/app/backend/data --network=host -e ENABLE_API_KEYS="true" -e CORS_ALLOW_ORIGIN="https://ai.example.org" --add-host=host.docker.internal:host-gateway ghcr.io/open-webui/open-webui:main
Logs & Screenshots
Firefox console log when pressing the generate button:
Additional Information
The docker logs itself dont show information related to the interaction with the generate token button.
@Classic298 commented on GitHub (Mar 5, 2026):
Can't reproduce. Mind sharing a small sample snippet of an API call with your admin jwt that doesn't work? I suspect a syntax issue in your api call.
@g4njawizard commented on GitHub (Mar 5, 2026):
Shouldn't I be able to nevertheless generate new tokens if necessary?
DEBUG 2026-03-05T07:24:45 - HTTP Response: POST https://openwebui.example.org/api/chat/completions "401 Unauthorized" Headers({'alt-svc': 'h3=":8433"; ma=2592000', 'content-length': '29', 'content-type': 'application/json', 'date': 'Thu, 05 Mar 2026 06:24:45 GMT', 'server': 'uvicorn', 'via': '1.1 Caddy', 'x-process-time': '0'})It's an application called mealie. I dont have a proper curl command at hand.
@g4njawizard commented on GitHub (Mar 5, 2026):
I used the example curl from the docs:
@Classic298 commented on GitHub (Mar 5, 2026):
I am very sure this will just work. Let me try myself real quick. Chances are you got silently logged out and your JWT is now invalid (hence unauthorized)
@g4njawizard commented on GitHub (Mar 5, 2026):
And how am I able to revalidate my token if I am unable to generate a new one?
@Classic298 commented on GitHub (Mar 5, 2026):
by going to the auth and login endpoints and authenticating there, either with email/password if you configured that or SSO/Oauth
@Classic298 commented on GitHub (Mar 5, 2026):
Ok i just ran the same checks, and 5 more, with my Json Web Token, and it just worked.
So your JWT has run out of validity.
@Classic298 commented on GitHub (Mar 5, 2026):
using the JWT for programmatical access is not recommended, use an API Key instead
@Classic298 commented on GitHub (Mar 5, 2026):
Right here in your own screenshot
@Classic298 commented on GitHub (Mar 5, 2026):
And if you get an error while generating, you need to enable the api keys feature in admin panel > settings > general AND in your default user permissions in admin panel > users > groups
@g4njawizard commented on GitHub (Mar 5, 2026):
As the doc suggest:
"This system allows users to generate API keys that can authenticate API requests without requiring interactive login sessions"
I dont get why I should not be able to generate tokens for my user, but revalidating my existing single token instead.
As i initially stated, the button u just marked, isn't working for me.
See this console log;
@Classic298 commented on GitHub (Mar 5, 2026):
Docs say it here:
https://docs.openwebui.com/reference/env-configuration#enable_api_keys
https://docs.openwebui.com/reference/monitoring/#authentication-setup-for-api-key- <- here is the full tutorial which you should read
https://docs.openwebui.com/reference/env-configuration#user_permissions_features_api_keys
@Classic298 commented on GitHub (Mar 5, 2026):
@g4njawizard as i said you should follow the tutorial in the docs if you get an issue while generating the api key. Chances are high you misconfigured your open webui or didnt enable the api keys to begin with
The error message literally says you didn't enable it as per the tutorial and guidance in the docs
@g4njawizard commented on GitHub (Mar 5, 2026):
Sorry. seems that I have missed step 2 by explicitly granting the default user group api permission. I thought that would be managed by the main system setting.
@Classic298 commented on GitHub (Mar 5, 2026):
Glad it's solved!