diff --git a/mcp-gateway/OPENUI_OAUTH_QUICK_FIX.txt b/mcp-gateway/OPENUI_OAUTH_QUICK_FIX.txt new file mode 100644 index 0000000..a91f1d4 --- /dev/null +++ b/mcp-gateway/OPENUI_OAUTH_QUICK_FIX.txt @@ -0,0 +1,167 @@ +OPENUI OAUTH FIX - QUICK IMPLEMENTATION +========================================= + +PROBLEM: +-------- +Open-UI gets: {"error":"invalid_client","error_description":"Client not registered."} +Works fine in Claude.ai but fails after gateway restart. + +ROOT CAUSE: +----------- +OAuth clients stored in RAM only → lost on restart +Open-UI can register new client but then can't use it if gateway restarts + +SOLUTION: +--------- +Use persistent file storage for OAuth clients instead of RAM + + +3 SIMPLE STEPS: +=============== + +STEP 1: Deploy oauth_storage.py +------ + +The file is ready at: + gateway-proxy/oauth_storage.py + +No changes needed - just copy it to your gateway-proxy folder if not there already. + + +STEP 2: Update gateway_proxy.py (3 edits) +-------- + +EDIT 2A - Around line 27 (with other imports): + +ADD THIS: + from .oauth_storage import load_oauth_clients, save_oauth_clients + +--- + +EDIT 2B - Around line 52 (where REGISTERED_CLIENTS is defined): + +CHANGE THIS: + REGISTERED_CLIENTS: dict[str, dict] = {} + +TO THIS: + REGISTERED_CLIENTS = load_oauth_clients() + +--- + +EDIT 2C - In oauth_register() function, after line 383: + +AFTER: + REGISTERED_CLIENTS[client_id] = client_info + +ADD THIS NEW LINE: + save_oauth_clients(REGISTERED_CLIENTS) + +So it looks like: + REGISTERED_CLIENTS[client_id] = client_info + save_oauth_clients(REGISTERED_CLIENTS) # <-- ADD THIS + + +STEP 3: Update docker-compose.yml +--------- + +Add a volume to the gateway-proxy service: + +Find: + gateway-proxy: + build: + context: ./gateway-proxy + ... + +Add volumes section (if not present): + volumes: + - gateway-data:/data + +And at the bottom of docker-compose.yml, add: + + volumes: + gateway-data: + +Example: + gateway-proxy: + build: + context: ./gateway-proxy + ... + volumes: + - gateway-data:/data + + volumes: + gateway-data: + + +STEP 4: Restart +------- + +docker-compose down +docker-compose up -d + + +VERIFY IT WORKS: +================ + +After restart, check: + +1. OAuth clients are saved: + docker exec mcp-gateway ls -la /data/oauth_clients.json + +2. Check contents: + docker exec mcp-gateway cat /data/oauth_clients.json | jq '.' + +3. Test in Open-UI: + - Add gateway: http://mcp.wilddragon.net:8000 + - Should NOT ask to authorize again (because client is persisted) + - Should work normally + + +WHY THIS WORKS: +=============== + +Before: Gateway starts → RAM is empty → Open-UI registers new client → Client stored in RAM → + Gateway restarts → RAM cleared → Client is GONE → Open-UI can't authenticate + +After: Gateway starts → Loads clients from /data/oauth_clients.json → Open-UI registers once → + Stored on disk → Gateway restarts → Loads same clients from disk → Open-UI can use existing client + + +FILE LOCATIONS: +=============== + +Ready to use: + ✅ gateway-proxy/oauth_storage.py (already created) + ✅ OPENUI_OAUTH_FIX.md (detailed docs) + ⏳ gateway-proxy/gateway_proxy.py (needs 3 small edits) + ⏳ docker-compose.yml (add volume) + + +TROUBLESHOOTING: +================ + +If /data/oauth_clients.json doesn't get created: + 1. Check Docker volume was added to compose file + 2. Check gateway logs: docker logs mcp-gateway | grep oauth_storage + 3. Ensure /data folder exists in container: docker exec mcp-gateway ls /data + +If Open-UI still says "Client not registered": + 1. Check file exists: docker exec mcp-gateway ls -la /data/oauth_clients.json + 2. Check contents: docker exec mcp-gateway cat /data/oauth_clients.json + 3. Check for save errors in logs: docker logs mcp-gateway | grep "Failed to save" + +If you want to force re-auth: + 1. Delete the stored clients: docker exec mcp-gateway rm /data/oauth_clients.json + 2. Restart: docker-compose restart gateway-proxy + 3. Open-UI will need to register again + + +TESTING PERSISTENCE: +==================== + +1. Open-UI authorizes and gets token (works) +2. Test API works: curl with token (works) +3. Restart gateway: docker-compose restart gateway-proxy +4. Use same token to test API again (should still work!) + +If step 4 works, persistence is working correctly.