ti.sil/open-webui
1
0
Fork 0
mirror of https://github.com/open-webui/open-webui.git synced 2025-12-12 04:15:25 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 4
open-webui/backend/open_webui/utils
History
jamie b766a23e36
fix: MCP OAuth discovery via Protected Resource metadata flow 
When an MCP server's OAuth authorization server is on a different domain
(e.g., Todoist MCP at ai.todoist.net with OAuth at todoist.com), the
current implementation fails because it only looks for OAuth metadata at
the MCP server's domain.

This commit implements the full MCP Protected Resource discovery flow as
specified in the MCP authorization spec:

1. Make an unauthenticated request to the MCP endpoint
2. Parse the WWW-Authenticate header to get the resource_metadata URL
3. Fetch the Protected Resource metadata
4. Extract the authorization_servers array
5. Use those servers for OAuth metadata discovery

The fix is backwards-compatible - if Protected Resource discovery fails,
it falls back to the existing behavior.

Fixes #19794
2025-12-07 12:53:22 +11:00
..
images feat: comfyui image edit support 2025-11-06 03:43:59 -05:00
mcp chore: format 2025-10-26 19:33:39 -07:00
telemetry enh/refac: deprecate USER_POOL 2025-11-28 07:39:02 -05:00
access_control.py feat: user list in channels 2025-11-25 04:38:07 -05:00
audit.py fix: audit 2025-12-01 10:59:01 -05:00
auth.py refac 2025-12-02 04:03:44 -05:00
channels.py feat: channel/thread @ model 2025-09-17 00:49:44 -05:00
chat.py refac/fix: direct connection floating action buttons 2025-10-02 02:21:21 -05:00
code_interpreter.py chore: format 2025-05-10 19:00:01 +04:00
embeddings.py refac: embeddings endpoint 2025-06-05 00:37:31 +04:00
files.py enh/pref: convert markdown base64 images to urls 2025-11-20 04:00:02 -05:00
filter.py fix: setting file_handler in a filter would generate errors in messages with no files, because a "files: Null" in metadata would trigger an attempt to delete a non existent files object 2025-09-13 12:57:54 -03:00
groups.py chore: format 2025-12-02 17:16:12 -05:00
headers.py refac: images 2025-11-04 13:30:59 -05:00
logger.py chore: format 2025-08-06 14:27:58 +04:00
middleware.py refac 2025-12-01 13:52:09 -05:00
misc.py refac 2025-12-02 04:18:19 -05:00
models.py refac: show connection type for custom models 2025-12-02 06:19:48 -05:00
oauth.py fix: MCP OAuth discovery via Protected Resource metadata flow 2025-12-07 12:53:22 +11:00
payload.py refac 2025-10-25 23:01:13 -07:00
pdf_generator.py chore: remove unnecessary Path conversions 2025-03-04 19:53:52 +02:00
plugin.py refac: tools 2025-09-26 19:01:22 -05:00
rate_limit.py feat: signin rate limit 2025-12-02 03:52:38 -05:00
redis.py feat: signin rate limit 2025-12-02 03:52:38 -05:00
response.py fix: ollama tool call 2025-07-18 06:11:53 +08:00
security_headers.py chore: format 2024-11-30 23:36:30 -08:00
task.py refac/fix: rag template placeholder substitution 2025-11-11 00:08:05 -05:00
tools.py refac 2025-11-25 16:27:27 -05:00
webhook.py refac/fix: trusted env for proxy 2025-11-04 12:21:18 -05:00