Fix: new Environment variable OAUTH_DEFAULT_GROUP_PERMISSIONS & default Group behavior of {"config": {"share": False}} for sharing when new group created via oAuth

[antpar-rf]

Fix: OAUTH_DEFAULT_GROUP_PERMISSIONS

Add oAuth Group Permission logic for new groups based off of permissions environment model by default . If not set, sets to noone as best form of secops.

OAUTH_DEFAULT_GROUP_PERMISSIONS = 'members' , 'noone' or 'anyone'

            group_data_payload = {}
            oauth_default_permission = (
                auth_manager_config.OAUTH_DEFAULT_GROUP_PERMISSIONS
            )

            if oauth_default_permission:
                if oauth_default_permission.lower() == "members":
                    group_data_payload = {"config": {"share": "members"}}
                elif oauth_default_permission.lower() == "noone":
                    group_data_payload = {"config": {"share": False}}
                elif oauth_default_permission.lower() == "anyone":
                    group_data_payload = {"config": {"share": True}}
                else:
                    log.warning(
                        f"Unknown OAUTH_DEFAULT_GROUP_PERMISSIONS value: {oauth_default_permission}. "
                        "Using empty data payload."
                    )
                    group_data_payload = {"config": {"share": False}}

            log.debug(
                f"Group data payload for OAuth group creation: {group_data_payload}"
            )

Contributor License Agreement

By submitting this pull request, I confirm that I have read and fully agree to the Contributor License Agreement (CLA), and I am providing my contributions under its terms.

Note

Deleting the CLA section will lead to immediate closure of your PR and it will not be merged in.

[pr-validator-bot]

👋 Welcome and Thank You for Contributing!

We appreciate you taking the time to submit a pull request to Open WebUI!

⚠️ Important: Testing Requirements

We've recently seen an increase in PRs that have significant issues:

• PRs that don't actually fix the bug they claim to fix
• PRs that don't implement the feature they describe
• PRs that break existing functionality
• PRs that are clearly AI-generated without proper testing being done by the author
• PRs that simply don't work as intended

These untested PRs consume significant time from maintainers and volunteer contributors who review and test PRs in their free time.
Time that could be spent testing other PRs or improving Open WebUI in other ways.

Before marking your PR as "Ready for Review":

Please explicitly confirm:

1. ✅ You have personally tested ALL changes in this PR
2. ✅ How you tested it (specific steps you took to verify it works)
3. ✅ Visual evidence where applicable (screenshots or videos showing the feature/fix working) - if applicable to your specific PR

If you're not certain your PR works exactly as intended, please leave it in DRAFT mode until you've thoroughly tested it.

Thank you for helping us maintain quality and respecting the time of our community! 🙏

[tjbck]

4b9f821