From b4465987f95fe062ef1df3c510ccd9631f58db0e Mon Sep 17 00:00:00 2001
From: Jarrod Lowe <jarrod@lowe.kiwi>
Date: Tue, 8 Apr 2025 13:39:00 +1200
Subject: [PATCH] Environment variable to redirect on logout

---
 backend/open_webui/env.py           | 3 +++
 backend/open_webui/main.py          | 2 ++
 backend/open_webui/routers/auths.py | 7 +++++++
 3 files changed, 12 insertions(+)

diff --git a/backend/open_webui/env.py b/backend/open_webui/env.py
index e3819fdc5..bcc8a02c3 100644
--- a/backend/open_webui/env.py
+++ b/backend/open_webui/env.py
@@ -340,6 +340,9 @@ BYPASS_MODEL_ACCESS_CONTROL = (
     os.environ.get("BYPASS_MODEL_ACCESS_CONTROL", "False").lower() == "true"
 )
 
+SIGNOUT_REDIRECT_URI = os.environ.get("SIGNOUT_REDIRECT_URI", None)
+
+
 ####################################
 # WEBUI_SECRET_KEY
 ####################################
diff --git a/backend/open_webui/main.py b/backend/open_webui/main.py
index c9ca059c2..07efa1e5f 100644
--- a/backend/open_webui/main.py
+++ b/backend/open_webui/main.py
@@ -335,6 +335,7 @@ from open_webui.env import (
     WEBUI_SESSION_COOKIE_SECURE,
     WEBUI_AUTH_TRUSTED_EMAIL_HEADER,
     WEBUI_AUTH_TRUSTED_NAME_HEADER,
+    SIGNOUT_REDIRECT_URI,
     ENABLE_WEBSOCKET_SUPPORT,
     BYPASS_MODEL_ACCESS_CONTROL,
     RESET_CONFIG_ON_START,
@@ -564,6 +565,7 @@ app.state.config.LDAP_CIPHERS = LDAP_CIPHERS
 
 app.state.AUTH_TRUSTED_EMAIL_HEADER = WEBUI_AUTH_TRUSTED_EMAIL_HEADER
 app.state.AUTH_TRUSTED_NAME_HEADER = WEBUI_AUTH_TRUSTED_NAME_HEADER
+app.state.SIGNOUT_REDIRECT_URI = SIGNOUT_REDIRECT_URI
 
 app.state.USER_COUNT = None
 app.state.TOOLS = {}
diff --git a/backend/open_webui/routers/auths.py b/backend/open_webui/routers/auths.py
index 67c2e9f2a..04e04afbf 100644
--- a/backend/open_webui/routers/auths.py
+++ b/backend/open_webui/routers/auths.py
@@ -27,6 +27,7 @@ from open_webui.env import (
     WEBUI_AUTH_TRUSTED_NAME_HEADER,
     WEBUI_AUTH_COOKIE_SAME_SITE,
     WEBUI_AUTH_COOKIE_SECURE,
+    SIGNOUT_REDIRECT_URI,
     SRC_LOG_LEVELS,
 )
 from fastapi import APIRouter, Depends, HTTPException, Request, status
@@ -555,6 +556,12 @@ async def signout(request: Request, response: Response):
                     detail="Failed to sign out from the OpenID provider.",
                 )
 
+    if SIGNOUT_REDIRECT_URI:
+        return RedirectResponse(
+            headers=response.headers,
+            url=SIGNOUT_REDIRECT_URI,
+        )
+
     return {"status": True}