This commit is contained in:
Timothy Jaeryang Baek
2026-03-24 05:13:31 -05:00
parent bd8aa3b6a0
commit 69171a4c8b
2 changed files with 15 additions and 0 deletions

View File

@@ -642,6 +642,18 @@ OAUTH_AUDIENCE = PersistentConfig(
os.environ.get('OAUTH_AUDIENCE', ''),
)
OAUTH_AUTHORIZE_PARAMS = {}
_oauth_authorize_params = os.environ.get('OAUTH_AUTHORIZE_PARAMS', '')
if _oauth_authorize_params:
try:
_parsed = json.loads(_oauth_authorize_params)
if isinstance(_parsed, dict):
OAUTH_AUTHORIZE_PARAMS = _parsed
else:
log.warning('OAUTH_AUTHORIZE_PARAMS must be a JSON object, ignoring')
except (json.JSONDecodeError, TypeError):
log.warning('OAUTH_AUTHORIZE_PARAMS is not valid JSON, ignoring')
def load_oauth_providers():
OAUTH_PROVIDERS.clear()

View File

@@ -60,6 +60,7 @@ from open_webui.config import (
OAUTH_UPDATE_EMAIL_ON_LOGIN,
OAUTH_ACCESS_TOKEN_REQUEST_INCLUDE_CLIENT_ID,
OAUTH_AUDIENCE,
OAUTH_AUTHORIZE_PARAMS,
WEBHOOK_URL,
JWT_EXPIRES_IN,
AppConfig,
@@ -1286,6 +1287,8 @@ class OAuthManager:
kwargs = {}
if auth_manager_config.OAUTH_AUDIENCE:
kwargs['audience'] = auth_manager_config.OAUTH_AUDIENCE
if OAUTH_AUTHORIZE_PARAMS:
kwargs.update(OAUTH_AUTHORIZE_PARAMS)
return await client.authorize_redirect(request, redirect_uri, **kwargs)