From 0ed174f6a1eb015785d1154f814eda866bfed3f2 Mon Sep 17 00:00:00 2001 From: logan-hcg <121677654+logan-hcg@users.noreply.github.com> Date: Mon, 17 Nov 2025 18:24:43 -0500 Subject: [PATCH] Update MCP Oauth server metadata discovery order (#19244) --- backend/open_webui/utils/oauth.py | 29 ++++++++++++++++++----------- 1 file changed, 18 insertions(+), 11 deletions(-) diff --git a/backend/open_webui/utils/oauth.py b/backend/open_webui/utils/oauth.py index 58aa8edf89..031d116670 100644 --- a/backend/open_webui/utils/oauth.py +++ b/backend/open_webui/utils/oauth.py @@ -238,23 +238,30 @@ def get_parsed_and_base_url(server_url) -> tuple[urllib.parse.ParseResult, str]: def get_discovery_urls(server_url) -> list[str]: parsed, base_url = get_parsed_and_base_url(server_url) - urls = [ - urllib.parse.urljoin(base_url, "/.well-known/oauth-authorization-server"), - urllib.parse.urljoin(base_url, "/.well-known/openid-configuration"), - ] + urls = [] if parsed.path and parsed.path != "/": - urls.append( + # Generate discovery URLs based on https://modelcontextprotocol.io/specification/draft/basic/authorization#authorization-server-metadata-discovery + tenant = parsed.path.rstrip('/') + urls.extend([ urllib.parse.urljoin( base_url, - f"/.well-known/oauth-authorization-server{parsed.path.rstrip('/')}", - ) - ) - urls.append( + f"/.well-known/oauth-authorization-server{tenant}", + ), urllib.parse.urljoin( - base_url, f"/.well-known/openid-configuration{parsed.path.rstrip('/')}" + base_url, + f"/.well-known/openid-configuration{tenant}" + ), + urllib.parse.urljoin( + base_url, + f"{tenant}/.well-known/openid-configuration" ) - ) + ]) + + urls.extend([ + urllib.parse.urljoin(base_url, "/.well-known/oauth-authorization-server"), + urllib.parse.urljoin(base_url, "/.well-known/openid-configuration"), + ]) return urls