mirror of
https://github.com/open-webui/docs.git
synced 2026-01-02 17:59:41 +07:00
Update env-configuration.md
This commit is contained in:
Classic298
@@ -2946,6 +2946,12 @@ If the OAuth picture claim is disabled by setting `OAUTH_PICTURE_CLAIM` to `''`
|
||||
- Description: Controls whether the **legacy** `oauth_id_token` cookie (unsafe, not recommended, token can go stale/orphaned) is set in the browser upon a successful OAuth login. This is provided for **backward compatibility** with custom tools or older versions that might rely on scraping this cookie. **The new, recommended approach is to use the server-side session management.**
|
||||
- Usage: For new and secure deployments, **it is recommended to set this to `False`** to minimize the information exposed to the client-side. Keep it as `True` only if you have integrations that depend on the old cookie-based method.
|
||||
|
||||
#### `OAUTH_CLIENT_INFO_ENCRYPTION_KEY`
|
||||
|
||||
- Type: `str`
|
||||
- Default: Falls back to the value of `WEBUI_SECRET_KEY`.
|
||||
- Description: Specifies the secret key used to encrypt and decrypt OAuth client tokens stored server-side in the database. This is a critical security component for OAuth client tokens. If not set, it defaults to using the main `WEBUI_SECRET_KEY`, but it is highly recommended to set it to a unique, securely generated value for production environments. `OAUTH_CLIENT_INFO_ENCRYPTION_KEY` is used in conjunction with OAuth 2.1 MCP server authentication.
|
||||
|
||||
#### `OAUTH_SESSION_TOKEN_ENCRYPTION_KEY`
|
||||
|
||||
- Type: `str`
|
||||
|
||||
Reference in New Issue
Block a user