ti.sil/open-webui
1
0
Fork 0
mirror of https://github.com/open-webui/open-webui.git synced 2025-12-12 04:15:25 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

refac/fix: oauth jwt cookie

Browse source
This commit is contained in:
Timothy Jaeryang Baek 2025-08-14 02:00:38 +04:00
parent 84fd0e4152
commit 2ed9896dea
1 changed files with 12 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

23
backend/open_webui/utils/oauth.py
View file

@ -356,9 +356,9 @@ class OAuthManager:
raise HTTPException(400, detail=ERROR_MESSAGES.INVALID_CRED) raise HTTPException(400, detail=ERROR_MESSAGES.INVALID_CRED)
user_data: UserInfo = token.get("userinfo") user_data: UserInfo = token.get("userinfo")
if ( if (
(not user_data) or (not user_data)
(auth_manager_config.OAUTH_EMAIL_CLAIM not in user_data) or or (auth_manager_config.OAUTH_EMAIL_CLAIM not in user_data)
(auth_manager_config.OAUTH_USERNAME_CLAIM not in user_data) or (auth_manager_config.OAUTH_USERNAME_CLAIM not in user_data)
): ):
user_data: UserInfo = await client.userinfo(token=token) user_data: UserInfo = await client.userinfo(token=token)
if not user_data: if not user_data:
@ -529,7 +529,15 @@ class OAuthManager:
default_permissions=request.app.state.config.USER_PERMISSIONS, default_permissions=request.app.state.config.USER_PERMISSIONS,
) )
redirect_base_url = str(request.app.state.config.WEBUI_URL or request.base_url)
if redirect_base_url.endswith("/"):
redirect_base_url = redirect_base_url[:-1]
redirect_url = f"{redirect_base_url}/auth"
response = RedirectResponse(url=redirect_url, headers=response.headers)
# Set the cookie token # Set the cookie token
# Redirect back to the frontend with the JWT token
response.set_cookie( response.set_cookie(
key="token", key="token",
value=jwt_token, value=jwt_token,
@ -547,11 +555,4 @@ class OAuthManager:
samesite=WEBUI_AUTH_COOKIE_SAME_SITE, samesite=WEBUI_AUTH_COOKIE_SAME_SITE,
secure=WEBUI_AUTH_COOKIE_SECURE, secure=WEBUI_AUTH_COOKIE_SECURE,
) )
# Redirect back to the frontend with the JWT token return response
redirect_base_url = str(request.app.state.config.WEBUI_URL or request.base_url)
if redirect_base_url.endswith("/"):
redirect_base_url = redirect_base_url[:-1]
redirect_url = f"{redirect_base_url}/auth"
return RedirectResponse(url=redirect_url, headers=response.headers)