OpenWebUI/open-webui
1
0
Fork 0
mirror of https://github.com/open-webui/open-webui synced 2025-06-09 16:07:54 +00:00
Code Issues Actions 4 Packages Projects Releases Wiki Activity

Added OAUTH_USE_PICTURE_CLAIM env var

Browse Source 
Added OAUTH_USE_PICTURE_CLAIM to config.py

Added check to oauth.py on OAUTH_USE_PICTURE_CLAIM, to decide whether to user the profile picture in the claim or the default user.png
This commit is contained in:
CityOfBunbury 2025-04-03 08:24:14 +08:00
parent 04799f1f95
commit 548c7f17d7
2 changed files with 47 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
backend/open_webui/config.py
View File

@ -331,6 +331,12 @@ JWT_EXPIRES_IN = PersistentConfig(
# OAuth config # OAuth config
#################################### ####################################
OAUTH_USE_PICTURE_CLAIM = PersistentConfig(
"OAUTH_USE_PICTURE_CLAIM",
"oauth.oidc.use_picture_claim",
os.environ.get("OAUTH_USE_PICTURE_CLAIM", "True").lower() == "true",
)
ENABLE_OAUTH_SIGNUP = PersistentConfig( ENABLE_OAUTH_SIGNUP = PersistentConfig(
"ENABLE_OAUTH_SIGNUP", "ENABLE_OAUTH_SIGNUP",
"oauth.enable_signup", "oauth.enable_signup",

7
backend/open_webui/utils/oauth.py
View File

@ -23,6 +23,7 @@ from open_webui.config import (
OAUTH_PROVIDERS, OAUTH_PROVIDERS,
ENABLE_OAUTH_ROLE_MANAGEMENT, ENABLE_OAUTH_ROLE_MANAGEMENT,
ENABLE_OAUTH_GROUP_MANAGEMENT, ENABLE_OAUTH_GROUP_MANAGEMENT,
OAUTH_USE_PICTURE_CLAIM,
OAUTH_ROLES_CLAIM, OAUTH_ROLES_CLAIM,
OAUTH_GROUPS_CLAIM, OAUTH_GROUPS_CLAIM,
OAUTH_EMAIL_CLAIM, OAUTH_EMAIL_CLAIM,
@ -57,6 +58,7 @@ auth_manager_config.ENABLE_OAUTH_SIGNUP = ENABLE_OAUTH_SIGNUP
auth_manager_config.OAUTH_MERGE_ACCOUNTS_BY_EMAIL = OAUTH_MERGE_ACCOUNTS_BY_EMAIL auth_manager_config.OAUTH_MERGE_ACCOUNTS_BY_EMAIL = OAUTH_MERGE_ACCOUNTS_BY_EMAIL
auth_manager_config.ENABLE_OAUTH_ROLE_MANAGEMENT = ENABLE_OAUTH_ROLE_MANAGEMENT auth_manager_config.ENABLE_OAUTH_ROLE_MANAGEMENT = ENABLE_OAUTH_ROLE_MANAGEMENT
auth_manager_config.ENABLE_OAUTH_GROUP_MANAGEMENT = ENABLE_OAUTH_GROUP_MANAGEMENT auth_manager_config.ENABLE_OAUTH_GROUP_MANAGEMENT = ENABLE_OAUTH_GROUP_MANAGEMENT
auth_manager_config.OAUTH_USE_PICTURE_CLAIM = OAUTH_USE_PICTURE_CLAIM
auth_manager_config.OAUTH_ROLES_CLAIM = OAUTH_ROLES_CLAIM auth_manager_config.OAUTH_ROLES_CLAIM = OAUTH_ROLES_CLAIM
auth_manager_config.OAUTH_GROUPS_CLAIM = OAUTH_GROUPS_CLAIM auth_manager_config.OAUTH_GROUPS_CLAIM = OAUTH_GROUPS_CLAIM
auth_manager_config.OAUTH_EMAIL_CLAIM = OAUTH_EMAIL_CLAIM auth_manager_config.OAUTH_EMAIL_CLAIM = OAUTH_EMAIL_CLAIM
@ -325,6 +327,8 @@ class OAuthManager:
if existing_user: if existing_user:
raise HTTPException(400, detail=ERROR_MESSAGES.EMAIL_TAKEN) raise HTTPException(400, detail=ERROR_MESSAGES.EMAIL_TAKEN)
# Check if we should use the picture claim based on configuration
if auth_manager_config.OAUTH_USE_PICTURE_CLAIM:
picture_claim = auth_manager_config.OAUTH_PICTURE_CLAIM picture_claim = auth_manager_config.OAUTH_PICTURE_CLAIM
picture_url = user_data.get( picture_url = user_data.get(
picture_claim, OAUTH_PROVIDERS[provider].get("picture_url", "") picture_claim, OAUTH_PROVIDERS[provider].get("picture_url", "")
@ -361,6 +365,9 @@ class OAuthManager:
picture_url = "/user.png" picture_url = "/user.png"
if not picture_url: if not picture_url:
picture_url = "/user.png" picture_url = "/user.png"
else:
# If OAUTH_USE_PICTURE_CLAIM is False, just use the default image
picture_url = "/user.png"
username_claim = auth_manager_config.OAUTH_USERNAME_CLAIM username_claim = auth_manager_config.OAUTH_USERNAME_CLAIM