ti.sil/open-webui
1
0
Fork 0
mirror of https://github.com/open-webui/open-webui.git synced 2025-12-12 20:35:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
open-webui/backend/open_webui
History
jamie b766a23e36
fix: MCP OAuth discovery via Protected Resource metadata flow 
When an MCP server's OAuth authorization server is on a different domain
(e.g., Todoist MCP at ai.todoist.net with OAuth at todoist.com), the
current implementation fails because it only looks for OAuth metadata at
the MCP server's domain.

This commit implements the full MCP Protected Resource discovery flow as
specified in the MCP authorization spec:

1. Make an unauthenticated request to the MCP endpoint
2. Parse the WWW-Authenticate header to get the resource_metadata URL
3. Fetch the Protected Resource metadata
4. Extract the authorization_servers array
5. Use those servers for OAuth metadata discovery

The fix is backwards-compatible - if Protected Resource discovery fails,
it falls back to the existing behavior.

Fixes #19794
2025-12-07 12:53:22 +11:00
..
data refac: mv backend files to /open_webui dir 2024-09-04 16:54:48 +02:00
internal refactor: format 2025-08-10 22:28:31 +08:00
migrations refac 2025-12-02 11:00:34 -05:00
models enh: group members endpoint 2025-12-02 11:24:23 -05:00
retrieval chore: format 2025-12-02 16:06:57 -05:00
routers fix: Default Group ID assignment on SSO/OAUTH and LDAP (#19685) 2025-12-02 16:48:00 -05:00
socket refac 2025-11-30 14:51:44 -05:00
static refac 2025-08-10 00:02:58 +04:00
storage refac/fix: s3 checksum validation 2025-08-21 12:44:16 +04:00
test chore: format, lint 2025-07-16 15:23:18 +09:00
utils fix: MCP OAuth discovery via Protected Resource metadata flow 2025-12-07 12:53:22 +11:00
__init__.py Update __init__.py 2025-04-15 09:55:35 +02:00
alembic.ini fix: Alembic CLI commands from failing 2025-08-15 04:17:47 -04:00
config.py feat: Adds document intelligence model configuration (#19692) 2025-12-02 14:41:09 -05:00
constants.py feat/enh: optional password validation 2025-11-20 17:44:49 -05:00
env.py fix: ENABLE_CHAT_RESPONSE_BASE64_IMAGE_URL_CONVERSION env var 2025-11-25 04:15:41 -05:00
functions.py refac: user valves 2025-09-26 17:49:42 -05:00
main.py refac 2025-12-02 15:17:47 -05:00
tasks.py 0.6.33 (#18118) 2025-10-07 16:20:27 -05:00