github-starred/open-webui
2
0
Fork 0
mirror of https://github.com/open-webui/open-webui.git synced 2026-05-23 01:51:58 -05:00
Code Issues 2.4k Packages Projects Releases 129 Wiki Activity

[PR #7678] [MERGED] feat: implement OAuth logout functionality for keyclock to terminate sso session #8888

New Issue
Closed
opened 2025-11-11 18:08:44 -06:00 by GiteaMirror · 0 comments
GiteaMirror commented 2025-11-11 18:08:44 -06:00
Owner
Copy Link

📋 Pull Request Information

Original PR: https://github.com/open-webui/open-webui/pull/7678
Author: @ZaibanAli
Created: 12/7/2024
Status: Merged
Merged: 12/10/2024
Merged by: @tjbck

Base: devHead: feature/keycloak-terminate-sso-session

📝 Commits (5)

  • d5ce85f feat: implement OAuth logout functionality for keyclock to terminate sso session
  • 9918ec6 feat: update signout functionality to use OpenID configuration for logout URL and remove the logout variable from config
  • 48d604a feat: enable OAuth signup configuration for signout functionality
  • 899424b feat: refactor signout functionality to use aiohttp for OpenID configuration retrieval
  • a3ca632 refac: id_token -> oauth_id_token

📊 Changes

2 files changed (+40 additions, -3 deletions)

View changed files

📝 backend/open_webui/apps/webui/routers/auths.py (+30 -2)
📝 backend/open_webui/utils/oauth.py (+10 -1)

📄 Description

Pull Request Checklist

Note to first-time contributors: Please open a discussion post in Discussions and describe your changes before submitting a pull request.

Before submitting, make sure you've checked the following:

  • Target branch: Please verify that the pull request targets the dev branch.
  • Description: Provide a concise description of the changes made in this pull request.
  • Changelog: Ensure a changelog entry following the format of Keep a Changelog is added at the bottom of the PR description.
  • Documentation: Have you updated relevant documentation Open WebUI Docs, or other documentation sources?
  • Dependencies: Are there any new dependencies? Have you updated the dependency versions in the documentation?
  • Testing: Have you written and run sufficient tests for validating the changes?
  • Code review: Have you performed a self-review of your code, addressing any coding standard issues and ensuring adherence to the project's coding standards?
  • Prefix: To cleary categorize this pull request, prefix the pull request title, using one of the following:
    • BREAKING CHANGE: Significant changes that may affect compatibility
    • build: Changes that affect the build system or external dependencies
    • ci: Changes to our continuous integration processes or workflows
    • chore: Refactor, cleanup, or other non-functional code changes
    • docs: Documentation update or addition
    • feat: Introduces a new feature or enhancement to the codebase
    • fix: Bug fix or error correction
    • i18n: Internationalization or localization changes
    • perf: Performance improvement
    • refactor: Code restructuring for better maintainability, readability, or scalability
    • style: Changes that do not affect the meaning of the code (white-space, formatting, missing semi-colons, etc.)
    • test: Adding missing tests or correcting existing tests
    • WIP: Work in progress, a temporary label for incomplete or ongoing work

Changelog Entry

Description

  • Signout doesn't terminate SSO sessions ISSUE_LINK
  • Clicking the logout button only deletes the cookie for Open Webui, but does not end the session in Keycloak.
  • As a result, users can still access the webui (and any other SSO-enabled service) without having to re-authenticate by simply clicking the button to sign in with the IDP again.

Added

  • Adding id_token to the cookie when the oidc provider signup is True. This is required to cleanup the session when signing out.

Changed

  • Updated the /signout endpoint to include logic for cleaning up the oidc session (keycloak) using the id_token. (backend/open_webui/apps/webui/routers/auths.py)
  • Enhanced the OAuth callback functionality to set an id_token cookie when using the OAUTH oidc provider. (backend/open_webui/utils/oauth.py)

Deprecated

  • [List any deprecated functionality or features that have been removed]

Removed

  • [List any removed features, files, or functionalities]

Fixed

  • Resolved an issue where the signout function did not correctly handle Keycloak logouts due to missing id_token.

Security

  • [List any new or updated security-related changes, including vulnerability fixes]

Breaking Changes

  • BREAKING CHANGE: [List any breaking changes affecting compatibility or functionality]

Additional Information

Screenshots or Videos

🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/open-webui/open-webui/pull/7678 **Author:** [@ZaibanAli](https://github.com/ZaibanAli) **Created:** 12/7/2024 **Status:** ✅ Merged **Merged:** 12/10/2024 **Merged by:** [@tjbck](https://github.com/tjbck) **Base:** `dev` ← **Head:** `feature/keycloak-terminate-sso-session` --- ### 📝 Commits (5) - [`d5ce85f`](https://github.com/open-webui/open-webui/commit/d5ce85f34a3578f393c32b6d6b1adfcde65dad45) feat: implement OAuth logout functionality for keyclock to terminate sso session - [`9918ec6`](https://github.com/open-webui/open-webui/commit/9918ec6246f8f6e20fd13389155b44ae51b33758) feat: update signout functionality to use OpenID configuration for logout URL and remove the logout variable from config - [`48d604a`](https://github.com/open-webui/open-webui/commit/48d604a525be76add87319ac4a8764aef173808f) feat: enable OAuth signup configuration for signout functionality - [`899424b`](https://github.com/open-webui/open-webui/commit/899424b3716d7c48ca0c2e3110b72e570dfc91ac) feat: refactor signout functionality to use aiohttp for OpenID configuration retrieval - [`a3ca632`](https://github.com/open-webui/open-webui/commit/a3ca6329215ccc6a8b9a43ef44467add7ec12e67) refac: id_token -> oauth_id_token ### 📊 Changes **2 files changed** (+40 additions, -3 deletions) <details> <summary>View changed files</summary> 📝 `backend/open_webui/apps/webui/routers/auths.py` (+30 -2) 📝 `backend/open_webui/utils/oauth.py` (+10 -1) </details> ### 📄 Description # Pull Request Checklist ### Note to first-time contributors: Please open a discussion post in [Discussions](https://github.com/open-webui/open-webui/discussions) and describe your changes before submitting a pull request. **Before submitting, make sure you've checked the following:** - [X] **Target branch:** Please verify that the pull request targets the `dev` branch. - [X] **Description:** Provide a concise description of the changes made in this pull request. - [X] **Changelog:** Ensure a changelog entry following the format of [Keep a Changelog](https://keepachangelog.com/) is added at the bottom of the PR description. - [X] **Documentation:** Have you updated relevant documentation [Open WebUI Docs](https://github.com/open-webui/docs), or other documentation sources? - [X] **Dependencies:** Are there any new dependencies? Have you updated the dependency versions in the documentation? - [X] **Testing:** Have you written and run sufficient tests for validating the changes? - [X] **Code review:** Have you performed a self-review of your code, addressing any coding standard issues and ensuring adherence to the project's coding standards? - [X] **Prefix:** To cleary categorize this pull request, prefix the pull request title, using one of the following: - **BREAKING CHANGE**: Significant changes that may affect compatibility - **build**: Changes that affect the build system or external dependencies - **ci**: Changes to our continuous integration processes or workflows - **chore**: Refactor, cleanup, or other non-functional code changes - **docs**: Documentation update or addition - **feat**: Introduces a new feature or enhancement to the codebase - **fix**: Bug fix or error correction - **i18n**: Internationalization or localization changes - **perf**: Performance improvement - **refactor**: Code restructuring for better maintainability, readability, or scalability - **style**: Changes that do not affect the meaning of the code (white-space, formatting, missing semi-colons, etc.) - **test**: Adding missing tests or correcting existing tests - **WIP**: Work in progress, a temporary label for incomplete or ongoing work # Changelog Entry ### Description - Signout doesn't terminate SSO sessions [ISSUE_LINK](https://github.com/open-webui/open-webui/issues/7583) - Clicking the logout button only deletes the cookie for Open Webui, but does not end the session in Keycloak. - As a result, users can still access the webui (and any other SSO-enabled service) without having to re-authenticate by simply clicking the button to sign in with the IDP again. ### Added - Adding id_token to the cookie when the oidc provider signup is True. This is required to cleanup the session when signing out. ### Changed - Updated the `/signout` endpoint to include logic for cleaning up the oidc session (keycloak) using the `id_token`. (backend/open_webui/apps/webui/routers/auths.py) - Enhanced the OAuth callback functionality to set an `id_token` cookie when using the OAUTH oidc provider. (backend/open_webui/utils/oauth.py) ### Deprecated - [List any deprecated functionality or features that have been removed] ### Removed - [List any removed features, files, or functionalities] ### Fixed - Resolved an issue where the `signout` function did not correctly handle Keycloak logouts due to missing `id_token`. ### Security - [List any new or updated security-related changes, including vulnerability fixes] ### Breaking Changes - **BREAKING CHANGE**: [List any breaking changes affecting compatibility or functionality] --- ### Additional Information - [ISSUE_7583](https://github.com/open-webui/open-webui/issues/7583) ### Screenshots or Videos - [Demonstration Video](https://drive.qaiv.com/s/8tkkEHQXYZ7i6Jm) --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
GiteaMirror added the pull-request label 2025-11-11 18:08:44 -06:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
bug
confirmed
confirmed issue
core
documentation
enhancement
good first issue
help wanted
non-core
pull-request
Mirrored from GitHub Pull Request
 python
question
testing wanted
No Label pull-request
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/open-webui#8888
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?