Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add documentation on using Authentik with Zipline #65

Closed
wants to merge 2 commits into from
Closed

Add documentation on using Authentik with Zipline #65

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
17855ca
Add documentation on using Authentik with Zipline
gwaldvogel Sep 28, 2023
2741dec
Fix link to variable documentation
gwaldvogel Sep 28, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
54 changes: 54 additions & 0 deletions docs/config/oauth.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -41,4 +41,58 @@ The Google client secret for your application. This is used to authenticate with

```bash
OAUTH_GOOGLE_CLIENT_SECRET=qwertyuiopasdfghjklzxcvbnm
```

## `OAUTH_OIDC_CLIENT_ID`
The client ID for your application, as provided by your IdP.
```bash
OAUTH_OIDC_CLIENT_ID=qwertyuiopasdfghjklzxcvbnm
```

## `OAUTH_OIDC_CLIENT_SECRET`
The client secret for your application, as provided by your IdP.
```bash
OAUTH_OIDC_CLIENT_SECRET=qwertyuiopasdfghjklzxcvbnm
```

## `OAUTH_OIDC_AUTHORIZE_URL`
The authorize endpoint for your application, as provided by your IdP
```bash
OAUTH_OIDC_AUTHORIZE_URL=https://authentik.example.com/application/o/authorize/
```

## `OAUTH_OIDC_TOKEN_URL`
The token endpoint for your application, as provided by your IdP
```bash
OAUTH_OIDC_TOKEN_URL=https://authentik.example.com/application/o/token/
```

## `OAUTH_OIDC_USERINFO_URL`
The userinfo endpoint for your application, as provided by your IdP
```bash
OAUTH_OIDC_USERINFO_URL=https://authentik.example.com/application/o/userinfo/
```

## `OAUTH_OIDC_SCOPES`
The scopes required for authentication
```bash
OAUTH_OIDC_SCOPES=openid profile email
```

## `OAUTH_OIDC_NAME_FIELD`
The field used as a username, e.g. `email` or `preferred_username`
```bash
OAUTH_OIDC_NAME_FIELD=email
```

## `OAUTH_OIDC_USER_ID_FIELD`
The field used as a userid, e.g. `email`
```bash
OAUTH_OIDC_USER_ID_FIELD=email
```

## `OAUTH_OIDC_PROVIDER_DISPLAY_NAME`
The displayed name for this provider
```bash
OAUTH_OIDC_PROVIDER_DISPLAY_NAME=OIDC
```
2 changes: 1 addition & 1 deletion docs/guides/oauth/google.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -58,4 +58,4 @@ OAUTH_GOOGLE_CLIENT_SECRET=qwertyuiopasdfghjklzxcvbnm

Make sure you have the [`FEATURES_OAUTH_REGISTRATION`](/docs/config/features#featuresoauthregistration) environment variable set to `true`, or none of the endpoints will work.

If you have set up everything correctly, you can now navigate to the login page and click the "Login with Discord" button.
If you have set up everything correctly, you can now navigate to the login page and click the "Login with Google" button.
42 changes: 42 additions & 0 deletions docs/guides/oauth/oidc.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
# Authentik / OIDC
This will walk you through the process of setting up OAuth with Authentik, but it should be applicable to any IdP that supports OIDC.

## Create an Authentik Application

### Create OAuth2/OpenID Provider
1. Go to the Authentik Admin Interface
2. Click `Create` under Applications > Providers.
3. Select `OAuth2/OpenID Provider` as type. Click Next.
4. Fill out the form:
1. Pick a recognizable name
2. Select your Authentication and Authorization Flows. The default implicit flow is what was used for testing.
3. Client type is Confidential
4. In Redirect URIs/Origins you need to enter a RegEx that fits the URL where Zipline is running, e.g. `https:\/\/zipline.example.com\/.*`
5. Everything else can be left default.
6. You can copy Client ID and Client Secret from this page, so you can copy them to their corresponding environment variables.
5. After creating the provider, click on it in the provider list to open the provider details. There you can find the Authorize, Token and Userinfo URLs , you will need to copy those to the corresponding environment variables.

### Create Application
1. Click `Create` under Applications > Applications
2. Enter all required fields as you wish
3. Select the provider you created earlier
4. Under UI Settings you can optionally provide the URL of your Zipline instance and additional infos for your users.

## Configure Zipline
Set the [`OAUTH_OIDC_*`](/docs/config/oauth#oauth_oidc_client_id) environment variables to the values you copied earlier.

```bash
OAUTH_OIDC_CLIENT_ID=qwertyuiopasdfghjklzxcvbnm
OAUTH_OIDC_CLIENT_SECRET=qwertyuiopasdfghjklzxcvbnm
OAUTH_OIDC_AUTHORIZE_URL=https://authentik.example.com/application/o/authorize/
OAUTH_OIDC_TOKEN_URL=https://authentik.example.com/application/o/token/
OAUTH_OIDC_USERINFO_URL=https://authentik.example.com/application/o/userinfo/
OAUTH_OIDC_SCOPES=openid profile email
OAUTH_OIDC_NAME_FIELD=email
OAUTH_OIDC_USER_ID_FIELD=email
OAUTH_OIDC_PROVIDER_DISPLAY_NAME=Authentik
```

Make sure you have the [`FEATURES_OAUTH_REGISTRATION`](/docs/config/features#featuresoauthregistration) environment variable set to `true`, or none of the endpoints will work.

If you have set up everything correctly, you can now navigate to the login page and click the "Login with Authentik" button.