openapi-servers (multi-user)

[smithinoz]

What is the most reliable way to make tools such as filesystem safe for multi-users?

If I set the Tool Auth to Session, could part of the session info (hopefully username) be passed through to the code to be used in the ALLOWED_DIRECTORIES to provide session privacy?
If so can I please have some guidance.

[one-juru]

I have the same question. I'm trying to implement a tool that lets AI models create an editable PowerPoint presentation. It would be awesome if the tool somehow would be able to access username and email address, so I can hash them and anonymously map users to presentations and use the data in the presentation itself.

A "classical" tool directly in OpenWebUI could have access to this if manually included in the request, so maybe an Idea could be to include a toggle in the OpenWebUI settings page where OpenAPI endpoints are added to include additional headers like user information?

[one-juru]

Another idea I had during lunch break: It would also be awesome, though a bit more complicated, if another toggle could be integrated that would generate a limited API key for the user that is valid for, let's say 5 minutes and would be sent to the external tool as well. This would enable external tools specifically for OpenWebUI to upload files for the user, or add something to a collection, or many more other things. It would certainly help to make the gap between local tools and tool servers much smaller :)