mirror of
https://github.com/open-webui/open-webui.git
synced 2026-07-15 21:19:39 -05:00
[GH-ISSUE #17678] issue: OAuth token after some time missing in tool calls #89105
Reference in New Issue
Block a user
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @koflerm on GitHub (Sep 23, 2025).
Original GitHub issue: https://github.com/open-webui/open-webui/issues/17678
Check Existing Issues
Installation Method
Other
Open WebUI Version
v0.6.30
Ollama Version (if applicable)
No response
Operating System
Red Hat CoreOS (Kubernetes Cluster Installation)
Browser (if applicable)
No response
Confirmation
README.md.Expected Behavior
The oauth token should be always provided by the new tool call parameter
__oauth_token__. If the token is expired, the token should either be refreshed or the user should be logged out.Actual Behavior
We are using the following code in a test tool to print the OAuth token, provided via a parameter in the new Open WebUI version:
However, after the user is logged in for some time, this parameter is no longer set. I get then the following error:
'NoneType' object is not subscriptableSo it seems after some time the session for the user is lost, but the user is then not automatically logged out or the token is not refreshed.
Any idea what could be wrong here?
Steps to Reproduce
Import the following tool in your Open WebUI instance:
After direct login, the variable will be set.
If you try to re-execute the tool after some hours, the parameter will no longer be set (NoneType)
Logs & Screenshots
When querying the logs, I found at a different point in time (not when using the described tool) the following log messages:
When a user is performing a login, the following logs are written:
Additional Information
No response
@tjbck commented on GitHub (Sep 23, 2025):
This has been addressed in dev, please check for duplicate issues.
@koflerm commented on GitHub (Oct 6, 2025):
All right sorry oversaw this one thanks for the fast response as always!
@djmaze commented on GitHub (Nov 13, 2025):
Is this really fixed? Saw this just today with v0.6.36.
@koflerm commented on GitHub (Nov 19, 2025):
From our perspective it is also still a problem with v0.6.33, not sure if it was fixed in more recent versions but I guess as you see the issue with v0.6.36, it is still an open issue.
@tjbck can we re-open this issue?
@aKardasz commented on GitHub (Jan 14, 2026):
Running into the same issue or similar using Microsoft for auth in 0.7.1
@deepsweech commented on GitHub (Feb 17, 2026):
I have the same issue now in 0.7.2. The following day, refreshed the page, auto logged in as expected. oauth_token is None. This will only be fixed if I manually logout and login again.
@Classic298 commented on GitHub (Feb 17, 2026):
@deepsweech whats your oauth scope
@deepsweech commented on GitHub (Feb 18, 2026):
openid email profilei addedoffline_accessbut it is still the same.@Classic298 commented on GitHub (Feb 18, 2026):
Did you log out and delete all cookies and local storage and everything after adding offline access
@deepsweech commented on GitHub (Feb 18, 2026):
Is this a tested solution? I did not logout/delete cookies storage. I opened a new browser(edge) that i'm not using and logged in. will try again later and see if it's just old cache.
@Classic298 commented on GitHub (Feb 18, 2026):
It's just to ensure you get a new token
@deepsweech commented on GitHub (Feb 19, 2026):
Update: Issue still persists.
@deepsweech commented on GitHub (Feb 19, 2026):
@tjbck can we re-open this issue?
@deepsweech commented on GitHub (Feb 20, 2026):
This solutions works: Use request instead of
__oauth_token__.__request__.cookies.get("oauth_id_token")also contains the access_token.@Classic298 commented on GitHub (Feb 20, 2026):
feel free to PR
@deepsweech commented on GitHub (Feb 20, 2026):
This is not an actual code fix. This is just a solution to avoid the bug and this issue still is present in version 0.7.2
@Classic298 commented on GitHub (Feb 20, 2026):
@deepsweech https://github.com/open-webui/open-webui/pull/21666
@Classic298 commented on GitHub (Feb 21, 2026):
@deepsweech feel free to test and also comment under the PR
functionally it should work, but please do test and report under PR and vouch for it FWIW
@Classic298 commented on GitHub (Mar 15, 2026):
@koflerm testing wanted
@Classic298 commented on GitHub (Mar 28, 2026):
nobody was willing to test the PR - so i will not rebase and keep working on it.
But besides, if there's no demand for getting this fully fixed (see lack of interaction), i'll move this to discussions for now.