Update MCP Oauth server metadata discovery order (#19244)

2025-12-11 20:05:19 +00:00 · 2025-11-17 18:24:43 -05:00 · 2025-11-17 18:24:43 -05:00 · 0ed174f6a1
commit 0ed174f6a1
parent 58cff5e482
1 changed files with 18 additions and 11 deletions
--- a/backend/open_webui/utils/oauth.py
+++ b/backend/open_webui/utils/oauth.py
@ -238,23 +238,30 @@ def get_parsed_and_base_url(server_url) -> tuple[urllib.parse.ParseResult, str]:
 def get_discovery_urls(server_url) -> list[str]:
    parsed, base_url = get_parsed_and_base_url(server_url)

-    urls = [
-        urllib.parse.urljoin(base_url, "/.well-known/oauth-authorization-server"),
-        urllib.parse.urljoin(base_url, "/.well-known/openid-configuration"),
-    ]
+    urls = []

    if parsed.path and parsed.path != "/":
-        urls.append(
+        # Generate discovery URLs based on https://modelcontextprotocol.io/specification/draft/basic/authorization#authorization-server-metadata-discovery
+        tenant = parsed.path.rstrip('/')
+        urls.extend([
            urllib.parse.urljoin(
                base_url,
-                f"/.well-known/oauth-authorization-server{parsed.path.rstrip('/')}",
-            )
-        )
-        urls.append(
+                f"/.well-known/oauth-authorization-server{tenant}",
+            ),
            urllib.parse.urljoin(
-                base_url, f"/.well-known/openid-configuration{parsed.path.rstrip('/')}"
-            )
+                base_url,
+                f"/.well-known/openid-configuration{tenant}"
+            ),
+            urllib.parse.urljoin(
+                base_url,
+                f"{tenant}/.well-known/openid-configuration"
            )
+        ])
+
+    urls.extend([
+        urllib.parse.urljoin(base_url, "/.well-known/oauth-authorization-server"),
+        urllib.parse.urljoin(base_url, "/.well-known/openid-configuration"),
+    ])

    return urls