-
Notifications
You must be signed in to change notification settings - Fork 2.8k
Closed
Description
Describe the bug
Goose always sends an Authorization: Bearer <API_KEY> header when using the OpenAI provider, even when pointing to a local OpenAI-compatible server that does not require authentication (e.g., Docker Model Runner). This causes the server to return 401 Unauthorized and makes it impossible to use Goose with local models.
To Reproduce
- Run a local OpenAI-compatible server (Docker Model Runner):
docker model run qwen3- Confirm the server works without auth:
curl -i http://localhost:12434/v1/modelsExpected: HTTP/1.1 200 OK
- Configure Goose to use the local server:
export GOOSE_PROVIDER=openai
export GOOSE_MODEL=qwen3
export OPENAI_API_BASE=http://localhost:12434/v1
export OPENAI_API_KEY="sk-irrelevant"
goose- Run any prompt:
hello
Observed behavior
Goose fails with:
( O)> hello
Ran into this error: Authentication error: Authentication failed. Status: 401 Unauthorized. Response: Incorrect API key provided: sk-dummy. You can find your API key at https://platform.openai.com/account/api-keys..
Please retry if you think this is a transient or recoverable error.
Even though the local server accepts requests without authentication.
Expected behavior
Goose should allow connecting to OpenAI-compatible endpoints without requiring an API key, or provide a configuration option to disable Authorization headers for local endpoints.
Environment
- OS & Arch: Ubuntu 24.04 x86_64
- Interface: CLI
- Goose version: (please fill in with
goose --version) - Provider: OpenAI-compatible local server (Docker Model Runner)
- Model: qwen3
Additional context
- The local server returns
200 OKfor/v1/modelswithout any Authorization header. - The server rejects requests that include Authorization headers.
- This prevents use of local models unless a proxy is used to strip headers.
Suggested fix
Add support for:
- optional “no-auth” mode for OpenAI provider
- or a flag/config setting to disable sending Authorization headers
- or detect local endpoints and skip auth automatically
Reactions are currently unavailable
Metadata
Metadata
Assignees
Labels
No labels