Update To OpenWebUI v0.6.34 #1

lgarceau768 · 2025-11-03T23:42:16Z

Pull Request Checklist

Note to first-time contributors: Please open a discussion post in Discussions and describe your changes before submitting a pull request.

Before submitting, make sure you've checked the following:

Target branch: Please verify that the pull request targets the dev branch.
Description: Provide a concise description of the changes made in this pull request.
Changelog: Ensure a changelog entry following the format of Keep a Changelog is added at the bottom of the PR description.
Documentation: Have you updated relevant documentation Open WebUI Docs, or other documentation sources?
Dependencies: Are there any new dependencies? Have you updated the dependency versions in the documentation?
Testing: Have you written and run sufficient tests to validate the changes?
Code review: Have you performed a self-review of your code, addressing any coding standard issues and ensuring adherence to the project's coding standards?
Prefix: To clearly categorize this pull request, prefix the pull request title using one of the following:
- BREAKING CHANGE: Significant changes that may affect compatibility
- build: Changes that affect the build system or external dependencies
- ci: Changes to our continuous integration processes or workflows
- chore: Refactor, cleanup, or other non-functional code changes
- docs: Documentation update or addition
- feat: Introduces a new feature or enhancement to the codebase
- fix: Bug fix or error correction
- i18n: Internationalization or localization changes
- perf: Performance improvement
- refactor: Code restructuring for better maintainability, readability, or scalability
- style: Changes that do not affect the meaning of the code (white space, formatting, missing semi-colons, etc.)
- test: Adding missing tests or correcting existing tests
- WIP: Work in progress, a temporary label for incomplete or ongoing work

Changelog Entry

Description

Added Google Cloud Identity API support for OAuth role assignment since Google SSO does not include group or role claims in JWT tokens like other OAuth2 identity providers

Added

Google Cloud Identity API integration to fetch user groups for role assignment
Support for https://www.googleapis.com/auth/cloud-identity.groups.readonly scope in Google OAuth
Automatic fallback to traditional claims-based authentication for non-Google providers
Enhanced role assignment logic that works with Google Cloud Identity API groups
Comprehensive test coverage for Google Cloud Identity API integration
Documentation for configuring Google OAuth with Cloud Identity groups

Changed

Modified OAuth role determination to fetch groups via Google Cloud Identity API when Google OAuth is used with the appropriate scope
Updated group management to support both traditional OAuth claims and Google Cloud Identity API groups

Fixed

Enabled proper role assignment for Google SSO users by fetching groups via API instead of relying on missing JWT claims

Security

Added proper URL encoding for Google Cloud Identity API queries
Implemented secure token handling for Google Cloud Identity API requests

Additional Information

This enhancement enables proper role assignment for Google SSO by addressing the fact that Google OAuth does not include group or role claims in JWT tokens like other OAuth2 identity providers.

Why this is needed:

Google OAuth JWT tokens do not contain group membership information in claims
-Other OAuth providers (like Azure AD, Auth0, etc.) typically include group/role information in JWT claims
Without group information, Google SSO users cannot be properly assigned roles based on their group membership

How it works:

When Google OAuth is configured with cloud-identity.groups.readonly scope, the system fetches user groups via Google Cloud Identity API
For other OAuth providers, the system continues to use traditional claims-based role assignment
Graceful fallback ensures compatibility with existing configurations

#Configuration Requirements:

Add https://www.googleapis.com/auth/cloud-identity.groups.readonly to GOOGLE_OAUTH_SCOPE
Configure OAUTH_ADMIN_ROLES with Google group email addresses
Ensure OAuth client has necessary permissions for Cloud Identity API

Contributor License Agreement

By submitting this pull request, I confirm that I have read and fully agree to the Contributor License Agreement (CLA), and I am providing my contributions under its terms.

0.6.32

DEV branch changelog 0.6.32

Dev

…image b64

fix: onedrive

Fix: Tool task only include text

i18n: improve Chinese (zhCN & zh-TW) translation

fix: handle non‑UTF8 chars in third‑party responses without error

i18n: German translation of new strings

fix: log web search queries only with level 'debug' instead of 'info'

Co-Authored-By: Classic298 <[email protected]>

fix: allow toast notifications to be closed when a modal is open

enh: lower JWT expiration default value and add warn message

i18n: Update Czech translation

i18n: update Turkish translations for various UI elements

chore: feat template

Improve the translations to match more with the contexts.

enh: restore visible scrollbar

Improved the Thai translations to match more with the contexts they're being used for.

feat: add mineru as document parser backend with support of both local and managed api

fix: reword misleading knowledge base warning in documents settings

* Update CHANGELOG.md * Update CHANGELOG.md * Update CHANGELOG.md * Update CHANGELOG.md * Update CHANGELOG.md * Update CHANGELOG for version 0.6.34 Updated changelog for version 0.6.34 with new features, fixes, and improvements. * Woops

Update Georgian translation

Google Groups Functionaliity on top of version 0.6.34

commit 677f4b5f95544b75ca17afa3539f4260c311455d Merge: 308d2cb 2b26355 Author: Luke Garceau <[email protected]> Date: Mon Jan 12 13:18:34 2026 -0500 merge conflicts commit 308d2cb Author: Luke Garceau <[email protected]> Date: Wed Dec 31 13:51:48 2025 -0500 Revert "Merge branch 'dev' of github.com:open-webui/open-webui into feat/google-oauth-groups-lgarceau" This reverts commit 6dd6e0c, reversing changes made to dd1e2b5. commit 6dd6e0c Merge: dd1e2b5 fe3047d Author: Luke Garceau <[email protected]> Date: Mon Dec 29 17:14:48 2025 -0500 Merge branch 'dev' of github.com:open-webui/open-webui into feat/google-oauth-groups-lgarceau commit dd1e2b5 Merge: 943e4ca a727153 Author: Luke Garceau <[email protected]> Date: Mon Dec 29 16:05:54 2025 -0500 Merge branch 'main' of personal:flexion/open-webui into feat/google-oauth-groups-lgarceau commit 943e4ca Author: Luke Garceau <[email protected]> Date: Mon Dec 29 16:05:52 2025 -0500 resolve oauth issues commit 4b34300 Merge: 6f1486f 9eb4484 Author: Luke Garceau <[email protected]> Date: Tue Dec 9 16:51:53 2025 -0500 init implementation commit commit 9eb4484 Merge: e0d5de1 d277696 Author: Luke Garceau <[email protected]> Date: Thu Nov 27 15:46:49 2025 -0500 Merge pull request #2 from lgarceau768/main Version 0.6.34 Updates commit d277696 Merge: 6c86ff7 e0d5de1 Author: Luke Garceau <[email protected]> Date: Sat Nov 22 11:24:58 2025 -0500 Merge branch 'main' into main commit 6c86ff7 Merge: 7a83e7d 6dbc01c Author: Luke Garceau <[email protected]> Date: Wed Nov 5 12:05:23 2025 -0500 Merge pull request #1 from lgarceau768/feat/google-groups Google Groups Functionaliity on top of version 0.6.34 commit 6dbc01c Merge: 7a83e7d cc6a1a7 Author: Luke Garceau <[email protected]> Date: Wed Nov 5 10:44:30 2025 -0500 - resolve merge conflicts commit cc6a1a7 Author: Brice Ruth <[email protected]> Date: Mon Jun 16 18:18:52 2025 -0500 update tests for adjusted query string & payload commit 64ce040 Author: Brice Ruth <[email protected]> Date: Mon Jun 16 17:49:42 2025 -0500 fix google cloud identity query string commit a909fd9 Author: Brice Ruth <[email protected]> Date: Mon Jun 16 11:35:47 2025 -0500 feat: Add Google Cloud Identity API support for OAuth group-based roles Enables Google Workspace group-based role assignment by integrating with Google Cloud Identity API to fetch user groups in real-time. Key improvements: - Fetches groups directly from Google API using cloud-identity.groups.readonly scope - Enables admin role assignment based on Google group membership - Maintains full backward compatibility with existing OAuth configurations - Includes comprehensive test suite with proper async mocking - Complete documentation with Google Cloud Console setup guide Addresses limitation where Google Workspace doesn't include group membership claims in OAuth JWT tokens, preventing group-based role assignment. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <[email protected]>

tjbck and others added 30 commits September 29, 2025 00:58

chore: bump

da236d5

doc: changelog

b6a4853

Merge pull request #17827 from open-webui/dev

37d1c85

0.6.32

i18n: improve Chinese translation

3b1197a

fix: handle non‑UTF8 chars in third‑party responses without error

3389f0e

German translation of new strings in i18n

a395af3

log web search queries only with level 'debug' instead of 'info'

c9c0dd3

DEV branch changelog 0.6.32

f267e47

refac

a5a0989

Merge pull request #17890 from Classic298/patch-1

88f7852

DEV branch changelog 0.6.32

doc: changelog

5438eb0

Merge pull request #17892 from open-webui/dev

4d7fdda

Dev

Tool calls now only include text and dont inlcude other content like …

0a928d6

…image b64

fix onedrive

2a3f57b

Merge pull request #17902 from Classic298/patch-1

b15db79

fix: onedrive

Merge pull request #17897 from jmleksan/fix/tool-task-only-include-text

b387880

Fix: Tool task only include text

Merge pull request #17881 from ShirasawaSama/patch-20

7d513ff

i18n: improve Chinese (zhCN & zh-TW) translation

Merge pull request #17882 from ShirasawaSama/patch-3

170ae9f

fix: handle non‑UTF8 chars in third‑party responses without error

Merge pull request #17886 from Ithanil/de_i18n

ccf53af

i18n: German translation of new strings

Merge pull request #17888 from Ithanil/nolog_websearch

ddb109a

fix: log web search queries only with level 'debug' instead of 'info'

fix: discovery url

73f32a8

fix: default permissions not being loaded

887772d

fix: ai hallucination

58efa18

fix: non rich text input copy

fcc3d9e

refac: rm print statements

88a6fe3

refac: disable direct models from model editors

8c662c6

refac/fix: do not process xlsx files with azure doc intelligence

01a5b97

Update pull_request_template.md

0d0d286

Update generated image translation in DE-de

7259905

added missing danish translations

e96fb67

tjbck and others added 27 commits October 14, 2025 18:32

enh: jwt_expires_in security warning

91a4384

Co-Authored-By: Classic298 <[email protected]>

fix: tool server connection ui

ad61460

Merge pull request #18260 from silentoplayz/fix-toast-click-issue

7a68f06

fix: allow toast notifications to be closed when a modal is open

Merge pull request #18261 from Classic298/patch-1

9480655

enh: lower JWT expiration default value and add warn message

Merge pull request #18258 from petrkrapek/community

dd51808

i18n: Update Czech translation

chore: authlib bump

bcb7b65

remove "Note:"

ffe127e

refac

c46ea40

chore

aa5de4c

update Turkish translations

9dc7889

Merge pull request #18346 from cubukcum/main

62e57fe

i18n: update Turkish translations for various UI elements

Merge pull request #18344 from Classic298/patch-1

29d4148

chore: feat template

feat: use MINERU_PARAMS json field for mineru settings

288b323

Fix Thai translations for consistency

0dc04fd

Improve the translations to match more with the contexts.

restore visible scrollbar

fbeff47

Merge pull request #18369 from taylorwilsdon/issues/11782

9b79486

enh: restore visible scrollbar

Merge pull request #18361 from teephopdisawas/dev

2bd9723

Improved the Thai translations to match more with the contexts they're being used for.

Merge pull request #18306 from palazski/main

e8c1dbb

feat: add mineru as document parser backend with support of both local and managed api

Merge pull request #18263 from silentoplayz/chat-deletion-bug

417c9d9

fix: reword misleading knowledge base warning in documents settings

chore: bump

b48c790

chore: i18n

d0da1d7

chore: format

fd0e965

fix: system prompt perm

efed0e3

chore: Update CHANGELOG.md (#18199)

2783e0e

* Update CHANGELOG.md * Update CHANGELOG.md * Update CHANGELOG.md * Update CHANGELOG.md * Update CHANGELOG.md * Update CHANGELOG for version 0.6.34 Updated changelog for version 0.6.34 with new features, fixes, and improvements. * Woops

Merge pull request #18138 from open-webui/dev

9ae06a3

Update Georgian translation

850ca01

Merge pull request #18395 from EkaterinePapava/main

7a83e7d

Update Georgian translation

lgarceau768 closed this Nov 5, 2025

lgarceau768 added a commit that referenced this pull request Nov 27, 2025

Merge pull request #1 from lgarceau768/feat/google-groups

6c86ff7

Google Groups Functionaliity on top of version 0.6.34

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update To OpenWebUI v0.6.34 #1

Update To OpenWebUI v0.6.34 #1

Uh oh!

lgarceau768 commented Nov 3, 2025 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

20 participants

Update To OpenWebUI v0.6.34 #1

Update To OpenWebUI v0.6.34 #1

Uh oh!

Conversation

lgarceau768 commented Nov 3, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Pull Request Checklist

Note to first-time contributors: Please open a discussion post in Discussions and describe your changes before submitting a pull request.

Changelog Entry

Description

Added

Changed

Fixed

Security

Additional Information

Why this is needed:

How it works:

Contributor License Agreement

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

20 participants

lgarceau768 commented Nov 3, 2025 •

edited

Loading