docs icon indicating copy to clipboard operation
docs copied to clipboard
verified publisher icon open-webui

issue: MCP stops working after recreating the container: Error decrypting tokens

Open tuzumkuru opened this issue 2 months ago • 1 comments

Check Existing Issues

  • [x] I have searched for any existing and/or related issues.
  • [x] I have searched for any existing and/or related discussions.
  • [x] I have also searched in the CLOSED issues AND CLOSED discussions and found no related items (your issue might already be addressed on the development branch!).
  • [x] I am using the latest version of Open WebUI.

Installation Method

Docker

Open WebUI Version

v0.6.36

Ollama Version (if applicable)

No response

Operating System

N/A

Browser (if applicable)

No response

Confirmation

  • [x] I have read and followed all instructions in README.md.
  • [x] I am using the latest version of both Open WebUI and Ollama.
  • [x] I have included the browser console logs.
  • [x] I have included the Docker container logs.
  • [x] I have provided every relevant configuration, setting, and environment variable used in my setup.
  • [x] I have clearly listed every relevant configuration, custom setting, environment variable, and command-line option that influences my setup (such as Docker Compose overrides, .env values, browser settings, authentication configurations, etc).
  • [x] I have documented step-by-step reproduction instructions that are precise, sequential, and leave nothing to interpretation. My steps:
  • Start with the initial platform/version/OS and dependencies used,
  • Specify exact install/launch/configure commands,
  • List URLs visited, user input (incl. example values/emails/passwords if needed),
  • Describe all options and toggles enabled or changed,
  • Include any files or environmental changes,
  • Identify the expected and actual result at each stage,
  • Ensure any reasonably skilled user can follow and hit the same issue.

Expected Behavior

OAuth sessions for Notion MCP should remain valid after recreating the OpenWebUI Docker container. Tokens should not become undecryptable simply from container recreation.

Actual Behavior

After recreating the doAfter updating or recreating the OpenWebUI container, Notion MCP OAuth sessions fail with errors like:

Error decrypting tokens
No OAuth session found for user <id>, client_id mcp:notion_mcp

The only workaround is to change the MCP server ID or delete all OAuth sessions and reauthorize.cker container without having the WEBUI_SECRET_KEY set, the ol

Steps to Reproduce

  1. Run OpenWebUI in Docker using docker-compose.yaml without WEBUI_SECRET_KEY set
  2. Connect and authorize any MCP integration. Verify it works.
  3. Recreate or update the OpenWebUI container (e.g., docker-compose down && docker-compose up -d).
  4. Attempt to use Notion MCP integration again.
  5. Observe that the OAuth sessions fail and the logs show errors about decrypting tokens or missing OAuth sessions.

Logs & Screenshots

ERROR | open_webui.models.oauth_sessions:_decrypt_token:105 - Error decrypting tokens WARNING | open_webui.utils.oauth:get_oauth_token:525 - No OAuth session found for user 9b688d61-0b1c-4022-8358-337d2498dca9, client_id mcp:notion_mcp

Additional Information

  • Deleting oauth_session entries or changing MCP server ID temporarily resolves the issue
  • The behavior suggests that token encryption depends on a container-specific secret that is regenerated on container recreation.

tuzumkuru avatar Nov 14 '25 23:11 tuzumkuru

WEBUI_SECRET_KEY is required, @silentoplayz @Classic298 our docs should be updated.

tjbck avatar Nov 16 '25 22:11 tjbck