mosaic/bootstrap
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
bootstrap/tools/authentik
History
Jason Woltje 21afb58b33 feat: multi-instance Authentik credentials with test_user support 
Add -a <instance> flag to all Authentik wrapper scripts, matching the
existing multi-instance pattern used by Woodpecker and Cloudflare.

credentials.json now supports per-instance Authentik config:
  authentik.<instance>.url      — instance URL
  authentik.<instance>.token    — API token (admin wrappers)
  authentik.<instance>.test_user — username/password (Playwright/agent tests)
  authentik.default             — default instance name

Legacy flat structure (authentik.url) still works as fallback.
Token cache is now per-instance (~/.cache/mosaic/authentik-token-<name>).

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-24 17:46:15 -06:00
..
admin-status.sh
feat: multi-instance Authentik credentials with test_user support
2026-02-24 17:46:15 -06:00
app-list.sh
feat: multi-instance Authentik credentials with test_user support
2026-02-24 17:46:15 -06:00
auth-token.sh
feat: multi-instance Authentik credentials with test_user support
2026-02-24 17:46:15 -06:00
flow-list.sh
feat: multi-instance Authentik credentials with test_user support
2026-02-24 17:46:15 -06:00
group-list.sh
feat: multi-instance Authentik credentials with test_user support
2026-02-24 17:46:15 -06:00
README.md
feat: rename rails/ to tools/ and add service tool suites (#4)
2026-02-22 17:52:23 +00:00
user-create.sh
feat: multi-instance Authentik credentials with test_user support
2026-02-24 17:46:15 -06:00
user-list.sh
feat: multi-instance Authentik credentials with test_user support
2026-02-24 17:46:15 -06:00

README.md

Authentik Tool Suite

Manage Authentik identity provider (SSO, users, groups, applications, flows) via CLI.

Prerequisites

  • jq installed
  • Authentik credentials in ~/src/jarvis-brain/credentials.json (or $MOSAIC_CREDENTIALS_FILE)
  • Required fields: authentik.url, authentik.username, authentik.password

Authentication

Scripts use auth-token.sh to auto-authenticate via username/password and cache the API token at ~/.cache/mosaic/authentik-token. The token is validated on each use and refreshed automatically when expired.

For better security, create a long-lived API token in Authentik admin (Directory > Tokens) and set $AUTHENTIK_TOKEN in your environment — the scripts will use it directly.

Scripts

Script Purpose
auth-token.sh Authenticate and cache API token
user-list.sh List users (search, filter by group)
user-create.sh Create user with optional group assignment
group-list.sh List groups
app-list.sh List OAuth/SAML applications
flow-list.sh List authentication flows
admin-status.sh System health and version info

Common Options

All scripts support:

  • -f json — JSON output (default: table)
  • -h — Show help

API Reference

  • Base URL: https://auth.diversecanvas.com
  • API prefix: /api/v3/
  • OpenAPI schema: /api/v3/schema/
  • Auth: Bearer token in Authorization header

Examples

# List all users
~/.config/mosaic/tools/authentik/user-list.sh

# Search for a user
~/.config/mosaic/tools/authentik/user-list.sh -s "jason"

# Create a user in the admins group
~/.config/mosaic/tools/authentik/user-create.sh -u newuser -n "New User" -e new@example.com -g admins

# List OAuth applications as JSON
~/.config/mosaic/tools/authentik/app-list.sh -f json

# Check system health
~/.config/mosaic/tools/authentik/admin-status.sh
Reference in New Issue View Git Blame Copy Permalink