Skip to content

Goose always sends Authorization header to OpenAI-compatible local servers (causes 401) #6693

New issue
New issue
Closed
#6705
Closed
Goose always sends Authorization header to OpenAI-compatible local servers (causes 401)#6693
#6705
@joshuamhtsang

Description

@joshuamhtsang
joshuamhtsang
opened on Jan 24, 2026

Describe the bug

Goose always sends an Authorization: Bearer <API_KEY> header when using the OpenAI provider, even when pointing to a local OpenAI-compatible server that does not require authentication (e.g., Docker Model Runner). This causes the server to return 401 Unauthorized and makes it impossible to use Goose with local models.

To Reproduce

  1. Run a local OpenAI-compatible server (Docker Model Runner):
docker model run qwen3
  1. Confirm the server works without auth:
curl -i http://localhost:12434/v1/models

Expected: HTTP/1.1 200 OK

  1. Configure Goose to use the local server:
export GOOSE_PROVIDER=openai
export GOOSE_MODEL=qwen3
export OPENAI_API_BASE=http://localhost:12434/v1
export OPENAI_API_KEY="sk-irrelevant"
goose
  1. Run any prompt:
hello

Observed behavior

Goose fails with:

( O)> hello
Ran into this error: Authentication error: Authentication failed. Status: 401 Unauthorized. Response: Incorrect API key provided: sk-dummy. You can find your API key at https://platform.openai.com/account/api-keys..

Please retry if you think this is a transient or recoverable error.

Even though the local server accepts requests without authentication.

Expected behavior

Goose should allow connecting to OpenAI-compatible endpoints without requiring an API key, or provide a configuration option to disable Authorization headers for local endpoints.

Environment

  • OS & Arch: Ubuntu 24.04 x86_64
  • Interface: CLI
  • Goose version: (please fill in with goose --version)
  • Provider: OpenAI-compatible local server (Docker Model Runner)
  • Model: qwen3

Additional context

  • The local server returns 200 OK for /v1/models without any Authorization header.
  • The server rejects requests that include Authorization headers.
  • This prevents use of local models unless a proxy is used to strip headers.

Suggested fix

Add support for:

  • optional “no-auth” mode for OpenAI provider
  • or a flag/config setting to disable sending Authorization headers
  • or detect local endpoints and skip auth automatically

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions