From fc11e4384fe98fac659e10596f67c23483578867 Mon Sep 17 00:00:00 2001
From: Timothy Jaeryang Baek <tim@openwebui.com>
Date: Mon, 8 Sep 2025 18:17:11 +0400
Subject: [PATCH] refac

---
 backend/open_webui/routers/auths.py | 1 +
 backend/open_webui/utils/auth.py    | 4 ++++
 backend/open_webui/utils/oauth.py   | 4 ++--
 3 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/backend/open_webui/routers/auths.py b/backend/open_webui/routers/auths.py
index d044b4a168..e3271250c1 100644
--- a/backend/open_webui/routers/auths.py
+++ b/backend/open_webui/routers/auths.py
@@ -677,6 +677,7 @@ async def signup(request: Request, response: Response, form_data: SignupForm):
 async def signout(request: Request, response: Response):
     response.delete_cookie("token")
     response.delete_cookie("oui-session")
+    response.delete_cookie("oauth_id_token")
 
     oauth_session_id = request.cookies.get("oauth_session_id")
     if oauth_session_id:
diff --git a/backend/open_webui/utils/auth.py b/backend/open_webui/utils/auth.py
index 19994bafbd..f941ef9263 100644
--- a/backend/open_webui/utils/auth.py
+++ b/backend/open_webui/utils/auth.py
@@ -313,6 +313,10 @@ def get_current_user(
         # Delete the token cookie
         if request.cookies.get("token"):
             response.delete_cookie("token")
+
+        if request.cookies.get("oauth_id_token"):
+            response.delete_cookie("oauth_id_token")
+
         # Delete OAuth session if present
         if request.cookies.get("oauth_session_id"):
             response.delete_cookie("oauth_session_id")
diff --git a/backend/open_webui/utils/oauth.py b/backend/open_webui/utils/oauth.py
index 55ee3eee54..63250c2a54 100644
--- a/backend/open_webui/utils/oauth.py
+++ b/backend/open_webui/utils/oauth.py
@@ -824,7 +824,7 @@ class OAuthManager:
             if "expires_in" in token and "expires_at" not in token:
                 token["expires_at"] = datetime.now().timestamp() + token["expires_in"]
 
-            session_id = await OAuthSessions.create_session(
+            session = OAuthSessions.create_session(
                 user_id=user.id,
                 provider=provider,
                 token=token,
@@ -832,7 +832,7 @@ class OAuthManager:
 
             response.set_cookie(
                 key="oauth_session_id",
-                value=session_id,
+                value=session.id,
                 httponly=True,
                 samesite=WEBUI_AUTH_COOKIE_SAME_SITE,
                 secure=WEBUI_AUTH_COOKIE_SECURE,