mirror of
https://github.com/open-webui/open-webui.git
synced 2026-07-16 06:03:26 -05:00
[PR #15691] [CLOSED] Fix oauth logout #94951
Reference in New Issue
Block a user
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
📋 Pull Request Information
Original PR: https://github.com/open-webui/open-webui/pull/15691
Author: @Hisma
Created: 7/13/2025
Status: ❌ Closed
Base:
dev← Head:fix-oauth-logout📝 Commits (10+)
bd99da4fix: implement dynamic OpenID discovery for OAuth logout across providers904a8e9fix: construct post logout redirect9656128fix: import quote from urllib.parsee018b92fix: update oauth.py to address "mismatching_state: CSRF Warning!" warning in log2cbd9f3use starlette RedirectResponse instead of fastapi6590945missing comma0606fbeci formatting fix10ecbc3post formatter fixaf0f2ceMerge remote-tracking branch 'upstream/dev' into fix-oauth-logout944b61dmerge updates from dev branch to auth.py📊 Changes
1 file changed (+71 additions, -9 deletions)
View changed files
📝
backend/open_webui/routers/auths.py(+71 -9)📄 Description
Pull Request Checklist
Note to first-time contributors: Please open a discussion post in Discussions and describe your changes before submitting a pull request.
Before submitting, make sure you've checked the following:
devbranch.Changelog Entry
Description
Added
issandaudclaims fromoauth_id_tokeninauths.py.post_logout_redirect_uriandclient_idparameters in logout URLs, prioritizingWEBUI_AUTH_SIGNOUT_REDIRECT_URL.oauth.pyto return 200 OK silently.jwtandquotefromurllib.parseinauths.py.Responsefromfastapiinoauth.py.Changed
signoutfunction inauths.pyto use decoded token claims for provider-specific logout logic.handle_callbackinoauth.pyto short-circuit onsidparam withoutstatefor logout notifications.Deprecated
Removed
Fixed
post_logout_redirect_uri.Security
Breaking Changes
Additional Information
post_logout_redirect_uri(e.g.,/signin) in provider app registrations (e.g., Azure Entra ID under Authentication > Redirect URIs).<owuiaddress>/loginScreenshots or Videos
Testing was performing by building a dev container
docker build --build-arg USE_CUDA=true --build-arg USE_CUDA_VER=cu121 --build-arg USE_OLLAMA=false -t openwebui-custom:dev .Screenshot of successful Microsoft logout page:


returned back to login screen:
Backend log snippet demonstrating proper logout behavior (no errors/CSRF warnings):
Contributor License Agreement
By submitting this pull request, I confirm that I have read and fully agree to the Contributor License Agreement (CLA), and I am providing my contributions under its terms.
🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.