Merge pull request #12592 from jarrod-lowe/main

feat: Redirect on sign out

backend/open_webui/env.py

@@ -354,6 +354,9 @@ BYPASS_MODEL_ACCESS_CONTROL = (
     os.environ.get("BYPASS_MODEL_ACCESS_CONTROL", "False").lower() == "true"
 )
 
+SIGNOUT_REDIRECT_URI = os.environ.get("SIGNOUT_REDIRECT_URI", None)
+
+
 ####################################
 # WEBUI_SECRET_KEY
 ####################################

backend/open_webui/main.py

@@ -350,6 +350,7 @@ from open_webui.env import (
     WEBUI_SESSION_COOKIE_SECURE,
     WEBUI_AUTH_TRUSTED_EMAIL_HEADER,
     WEBUI_AUTH_TRUSTED_NAME_HEADER,
+    SIGNOUT_REDIRECT_URI,
     ENABLE_WEBSOCKET_SUPPORT,
     BYPASS_MODEL_ACCESS_CONTROL,
     RESET_CONFIG_ON_START,
@@ -590,6 +591,7 @@ app.state.config.LDAP_CIPHERS = LDAP_CIPHERS
 
 app.state.AUTH_TRUSTED_EMAIL_HEADER = WEBUI_AUTH_TRUSTED_EMAIL_HEADER
 app.state.AUTH_TRUSTED_NAME_HEADER = WEBUI_AUTH_TRUSTED_NAME_HEADER
+app.state.SIGNOUT_REDIRECT_URI = SIGNOUT_REDIRECT_URI
 app.state.EXTERNAL_PWA_MANIFEST_URL = EXTERNAL_PWA_MANIFEST_URL
 
 app.state.USER_COUNT = None

backend/open_webui/routers/auths.py

@@ -27,6 +27,7 @@ from open_webui.env import (
     WEBUI_AUTH_TRUSTED_NAME_HEADER,
     WEBUI_AUTH_COOKIE_SAME_SITE,
     WEBUI_AUTH_COOKIE_SECURE,
+    SIGNOUT_REDIRECT_URI,
     SRC_LOG_LEVELS,
 )
 from fastapi import APIRouter, Depends, HTTPException, Request, status
@@ -566,6 +567,12 @@ async def signout(request: Request, response: Response):
                     detail="Failed to sign out from the OpenID provider.",
                 )
 
+    if SIGNOUT_REDIRECT_URI:
+        return RedirectResponse(
+            headers=response.headers,
+            url=SIGNOUT_REDIRECT_URI,
+        )
+
     return {"status": True}