OPENUI OAUTH FIX - QUICK IMPLEMENTATION ========================================= PROBLEM: -------- Open-UI gets: {"error":"invalid_client","error_description":"Client not registered."} Works fine in Claude.ai but fails after gateway restart. ROOT CAUSE: ----------- OAuth clients stored in RAM only → lost on restart Open-UI can register new client but then can't use it if gateway restarts SOLUTION: --------- Use persistent file storage for OAuth clients instead of RAM 3 SIMPLE STEPS: =============== STEP 1: Deploy oauth_storage.py ------ The file is ready at: gateway-proxy/oauth_storage.py No changes needed - just copy it to your gateway-proxy folder if not there already. STEP 2: Update gateway_proxy.py (3 edits) -------- EDIT 2A - Around line 27 (with other imports): ADD THIS: from .oauth_storage import load_oauth_clients, save_oauth_clients --- EDIT 2B - Around line 52 (where REGISTERED_CLIENTS is defined): CHANGE THIS: REGISTERED_CLIENTS: dict[str, dict] = {} TO THIS: REGISTERED_CLIENTS = load_oauth_clients() --- EDIT 2C - In oauth_register() function, after line 383: AFTER: REGISTERED_CLIENTS[client_id] = client_info ADD THIS NEW LINE: save_oauth_clients(REGISTERED_CLIENTS) So it looks like: REGISTERED_CLIENTS[client_id] = client_info save_oauth_clients(REGISTERED_CLIENTS) # <-- ADD THIS STEP 3: Update docker-compose.yml --------- Add a volume to the gateway-proxy service: Find: gateway-proxy: build: context: ./gateway-proxy ... Add volumes section (if not present): volumes: - gateway-data:/data And at the bottom of docker-compose.yml, add: volumes: gateway-data: Example: gateway-proxy: build: context: ./gateway-proxy ... volumes: - gateway-data:/data volumes: gateway-data: STEP 4: Restart ------- docker-compose down docker-compose up -d VERIFY IT WORKS: ================ After restart, check: 1. OAuth clients are saved: docker exec mcp-gateway ls -la /data/oauth_clients.json 2. Check contents: docker exec mcp-gateway cat /data/oauth_clients.json | jq '.' 3. Test in Open-UI: - Add gateway: http://mcp.wilddragon.net:8000 - Should NOT ask to authorize again (because client is persisted) - Should work normally WHY THIS WORKS: =============== Before: Gateway starts → RAM is empty → Open-UI registers new client → Client stored in RAM → Gateway restarts → RAM cleared → Client is GONE → Open-UI can't authenticate After: Gateway starts → Loads clients from /data/oauth_clients.json → Open-UI registers once → Stored on disk → Gateway restarts → Loads same clients from disk → Open-UI can use existing client FILE LOCATIONS: =============== Ready to use: ✅ gateway-proxy/oauth_storage.py (already created) ✅ OPENUI_OAUTH_FIX.md (detailed docs) ⏳ gateway-proxy/gateway_proxy.py (needs 3 small edits) ⏳ docker-compose.yml (add volume) TROUBLESHOOTING: ================ If /data/oauth_clients.json doesn't get created: 1. Check Docker volume was added to compose file 2. Check gateway logs: docker logs mcp-gateway | grep oauth_storage 3. Ensure /data folder exists in container: docker exec mcp-gateway ls /data If Open-UI still says "Client not registered": 1. Check file exists: docker exec mcp-gateway ls -la /data/oauth_clients.json 2. Check contents: docker exec mcp-gateway cat /data/oauth_clients.json 3. Check for save errors in logs: docker logs mcp-gateway | grep "Failed to save" If you want to force re-auth: 1. Delete the stored clients: docker exec mcp-gateway rm /data/oauth_clients.json 2. Restart: docker-compose restart gateway-proxy 3. Open-UI will need to register again TESTING PERSISTENCE: ==================== 1. Open-UI authorizes and gets token (works) 2. Test API works: curl with token (works) 3. Restart gateway: docker-compose restart gateway-proxy 4. Use same token to test API again (should still work!) If step 4 works, persistence is working correctly.