diff --git a/backend/open_webui/utils/oauth.py b/backend/open_webui/utils/oauth.py index 184afcb789..5776b85568 100644 --- a/backend/open_webui/utils/oauth.py +++ b/backend/open_webui/utils/oauth.py @@ -520,7 +520,7 @@ class OAuthManager: response.set_cookie( key="token", value=jwt_token, - httponly=True, # Ensures the cookie is not accessible via JavaScript + httponly=False, # Required for frontend access samesite=WEBUI_AUTH_COOKIE_SAME_SITE, secure=WEBUI_AUTH_COOKIE_SECURE, ) @@ -539,6 +539,6 @@ class OAuthManager: redirect_base_url = str(request.app.state.config.WEBUI_URL or request.base_url) if redirect_base_url.endswith("/"): redirect_base_url = redirect_base_url[:-1] - redirect_url = f"{redirect_base_url}/auth#token={jwt_token}" + redirect_url = f"{redirect_base_url}/auth" return RedirectResponse(url=redirect_url, headers=response.headers) diff --git a/src/routes/auth/+page.svelte b/src/routes/auth/+page.svelte index 660f813f1e..2d72e47cdd 100644 --- a/src/routes/auth/+page.svelte +++ b/src/routes/auth/+page.svelte @@ -101,18 +101,19 @@ }; const checkOauthCallback = async () => { - if (!$page.url.hash) { - return; + // Get the value of the 'token' cookie + function getCookie(name) { + const match = document.cookie.match( + new RegExp('(?:^|; )' + name.replace(/([.$?*|{}()[\]\\/+^])/g, '\\$1') + '=([^;]*)') + ); + return match ? decodeURIComponent(match[1]) : null; } - const hash = $page.url.hash.substring(1); - if (!hash) { - return; - } - const params = new URLSearchParams(hash); - const token = params.get('token'); + + const token = getCookie('token'); if (!token) { return; } + const sessionUser = await getSessionUser(token).catch((error) => { toast.error(`${error}`); return null; @@ -120,6 +121,7 @@ if (!sessionUser) { return; } + localStorage.token = token; await setSessionUser(sessionUser); };