ti.sil/open-webui
1
0
Fork 0
mirror of https://github.com/open-webui/open-webui.git synced 2025-12-11 20:05:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 4
open-webui/backend
History
jamie b766a23e36
fix: MCP OAuth discovery via Protected Resource metadata flow 
When an MCP server's OAuth authorization server is on a different domain
(e.g., Todoist MCP at ai.todoist.net with OAuth at todoist.com), the
current implementation fails because it only looks for OAuth metadata at
the MCP server's domain.

This commit implements the full MCP Protected Resource discovery flow as
specified in the MCP authorization spec:

1. Make an unauthenticated request to the MCP endpoint
2. Parse the WWW-Authenticate header to get the resource_metadata URL
3. Fetch the Protected Resource metadata
4. Extract the authorization_servers array
5. Use those servers for OAuth metadata discovery

The fix is backwards-compatible - if Protected Resource discovery fails,
it falls back to the existing behavior.

Fixes #19794
2025-12-07 12:53:22 +11:00
..
data refac: mv backend files to /open_webui dir 2024-09-04 16:54:48 +02:00
open_webui fix: MCP OAuth discovery via Protected Resource metadata flow 2025-12-07 12:53:22 +11:00
.dockerignore fix: litellm config issue 2024-02-24 22:35:11 -08:00
.gitignore refac 2024-09-06 04:59:20 +02:00
dev.sh feat: add Feishu OAuth integration 2025-09-12 14:09:32 +08:00
requirements-min.txt Chore: dep bump (#19667) 2025-12-02 02:34:57 -05:00
requirements.txt Chore: dep bump (#19667) 2025-12-02 02:34:57 -05:00
start.sh 0.6.33 (#18118) 2025-10-07 16:20:27 -05:00
start_windows.bat fix: windows start script 2025-06-27 15:46:38 +04:00