root
/
open-webui
mirror of https://github.com/open-webui/open-webui.git
1
0
Fork 0
Code Issues Actions 4 Packages Projects Releases Wiki Activity
10,386 Commits 3 Branches 131 Tags 809 MiB
Commit Graph

61 Commits

Author SHA1 Message Date
Timothy Jaeryang Baek 754f631a07 feat: OAUTH_BLOCKED_GROUPS support 2025-05-02 14:47:02 +04:00
Timothy Jaeryang Baek 7d0a78a43a refac: aiohttp trust_env=True 2025-04-28 16:47:34 +04:00
Timothy Jaeryang Baek 5030041683 chore: format 2025-04-23 16:05:15 +09:00
Taylor Wilsdon 1dbf4d0461 Add ENABLE_OAUTH_GROUP_CREATION flag for JIT group creation with OAuth group updates enabled 2025-04-18 10:17:08 -07:00
Timothy Jaeryang Baek 7a1e10f3a7 refac: rm OAUTH_USE_PICTURE_CLAIM 2025-04-02 19:23:24 -07:00
CityOfBunbury 548c7f17d7 Added OAUTH_USE_PICTURE_CLAIM env var 
Added OAUTH_USE_PICTURE_CLAIM to config.py

Added check to oauth.py on OAUTH_USE_PICTURE_CLAIM, to decide whether to user the profile picture in the claim or the default user.png
 2025-04-03 08:24:14 +08:00
Timothy Jaeryang Baek 116e0559f6 refac: oauth 2025-03-10 09:42:59 +00:00
Dong Shin b8f3abda5a
fix: email claim constant 2025-03-04 15:50:04 +09:00
Timothy Jaeryang Baek 50dec12072 refac 2025-02-21 22:15:22 -08:00
Jeannot Damoiseaux d50098b622
Fix: Ensure `user_oauth_groups` defaults to an empty list to prevent TypeError 
When the OAuth groups claim does not yield a list, `user_oauth_groups` was previously
set to None, causing a TypeError during membership checks. Changed this default to
an empty list (`[]`) to ensure the variable is always iterable, preventing errors
for non-admin users while logging in.

This fix ensures stability in the `update_user_groups` function.
 2025-02-21 22:25:22 +01:00
Timothy Jaeryang Baek eeb00a5ca2 chore: format 2025-02-20 01:01:29 -08:00
星海 de8492de34
fix: GitHub OAuth email retrieval when public email is not set 2025-02-20 15:06:07 +08:00
Timothy Jaeryang Baek d5a049dc54
Merge pull request #10401 from xinhai-ai/main 
fix: email claim doesn't effect
 2025-02-19 20:43:43 -08:00
星海 dec44e4bcd
Fix: email claim doesn't effect 2025-02-20 11:32:48 +08:00
tarmst efe3bca19e Add nested claim search for groups oauth claim 2025-02-19 16:47:52 +00:00
Timothy Jaeryang Baek 63cf80a456 refac 2025-02-16 00:11:18 -08:00
pseudorm 336d1d95c5
Merge branch 'dev' into bug/user-signup/fix-oauth-username-claim-has-no-effect 2025-02-10 22:00:20 +08:00
chester.cheng 1b6e12a255 add warning 2025-02-10 20:49:55 +08:00
chester.cheng db0a12f9f1 check name is none 2025-02-10 20:36:01 +08:00
Timothy Jaeryang Baek 60095598ec chore: format 2025-02-09 22:20:47 -08:00
Timothy Jaeryang Baek dee07a6260
Merge pull request #9629 from rragundez/handle-no-picture 
Handle no picture when retrieving from Microsoft EntraID
 2025-02-07 22:52:35 -08:00
Rodrigo Agundez 546ef6ab42 Check is response is OK from retrieve the picture if not then default 2025-02-08 09:49:16 +09:00
Timothy Jaeryang Baek febc5d392f
Merge pull request #9620 from tarmst/add-oauth-debug-logs 
feat: Adding debug logs for oauth role & group management
 2025-02-07 14:41:43 -08:00
tarmst 85912d726e Adding debug logs for oauth role & group management 2025-02-07 19:53:25 +00:00
Girish Ramakrishnan 8215aa36d0 oidc: pick up username correctly 2025-02-06 17:59:16 +01:00
D. MacAlpine 34b62e71cc fix: check for email claim before skipping userinfo endpoint 2025-02-05 21:31:55 -05:00
Rodrigo Agundez 30e4b32a5b Set default picture to user.png 2025-02-01 08:32:04 +09:00
Rodrigo Agundez 1f2b5fa68f move comment to top 2025-01-31 23:05:33 +09:00
Rodrigo Agundez 681851ca6b Configurable default role for oauth 2025-01-31 23:00:24 +09:00
Timothy Jaeryang Baek be665f2a3e
Merge pull request #8493 from kyunwang/fix/oidc-500-error-name-field 
fix: Check OAuth name type with fallback
 2025-01-29 21:08:21 -08:00
Kangyun Wang 564c0fed95 Fallback using email 
- Use Email ass fallback for missing "name" field
- "email" because the email scope is required unlike the profile scope
 2025-01-27 13:11:20 +01:00
Kevin Wang 9eaf01c323
Merge branch 'open-webui:main' into fix/oidc-500-error-name-field 2025-01-27 13:10:08 +01:00
Antti Pyykkönen 412923dc91 feat: separate cookie settings between session & auth cookies 
Introducing two new env config options to control cookies settings regarding
authentication. These values are taken into use when setting 'token' and 'oauth_id_token'.
To maintain backwards compatibility, the original session cookie values are used as
fallback.

Separation is done to prevent issues with the session cookie. When the config value was
set as 'strict', the oauth flow was broken (since the session cookie was not provided
after the callback).

Providing a separate config for auth & session cookies allows us to keep the 'strict'
settings for auth related cookies, while also allowing the session cookie to behave as
intended (e.g., by configuring it as 'lax').

The original config was added in commit #af4f8aa. However a later commit #a2e889c reused
this config option for other type of cookies, which was not the original intent.
 2025-01-23 16:16:50 +02:00
Tryanks f3e6dacf0d refac: Extend OIDC support to all OAuth authentication methods 2025-01-17 12:56:03 +08:00
Timothy Jaeryang Baek 5526c43853
Merge pull request #8620 from Tryanks/dev 
fix: incorrectly indexing the key userinfo in the token.
 2025-01-16 11:12:41 -08:00
Tryanks 4b6700a4b2
fixed: incorrectly indexing the key userinfo in the token. 2025-01-17 00:33:20 +08:00
Rodrigo Agundez 91df1c56b2 Add headers 2025-01-16 19:32:35 +08:00
Timothy Jaeryang Baek 3328e2ea97
Merge pull request #8566 from rragundez/ms-auth-picture 
Add functionality to retrive picture for microsoft oauth
 2025-01-15 10:02:28 -08:00
Rodrigo Agundez c8be0b20cc Add functionality to retrive picture for microsoft oauth 2025-01-15 09:17:22 +08:00
Kangyun Wang 1ad9be9c07 Check OAuth name type with fallback 2025-01-12 12:21:53 +01:00
Timothy Jaeryang Baek 987664f9b5 fix 
Co-Authored-By: Izhar Firdaus <480984+kagesenshi@users.noreply.github.com>
 2025-01-08 00:57:52 -08:00
Timothy Jaeryang Baek b3c7ecaea1 fix: oauth webhook 
Co-Authored-By: Izhar Firdaus <480984+kagesenshi@users.noreply.github.com>
 2025-01-08 00:38:00 -08:00
tarmst 8117bf8603 Add admin check 2025-01-06 18:23:42 +00:00
Timothy Jaeryang Baek 1902d4238b chore: format 2024-12-17 13:51:29 -08:00
tarmst 0f33856182 Removing prints used for debugging 2024-12-17 19:50:59 +00:00
tarmst 9737869d11 Adding oauth group management for users upon login 2024-12-17 19:38:07 +00:00
Timothy Jaeryang Baek d3d161f723 wip 2024-12-10 00:54:13 -08:00
Timothy Jaeryang Baek f264d82d13
Merge pull request #7551 from jonassvatos/patch-1 
feat: Add OAUTH_ALLOWED_DOMAINS
 2024-12-09 16:27:06 -08:00
Timothy Jaeryang Baek 8718067894
Merge pull request #7678 from ZaibanAli/feature/keycloak-terminate-sso-session 
feat: implement OAuth logout functionality for keyclock to terminate sso session
 2024-12-09 16:26:10 -08:00
Timothy Jaeryang Baek a3ca632921 refac: id_token -> oauth_id_token 2024-12-09 16:25:56 -08:00