41 lines
1.0 KiB
Markdown
41 lines
1.0 KiB
Markdown
# Authentik SSO Setup
|
|
|
|
## Create the Authentik application
|
|
|
|
1. In Authentik, create an OAuth2/OpenID Provider.
|
|
2. Create an Application and link it to that provider.
|
|
3. Copy the generated client ID and client secret.
|
|
|
|
## Required environment variables
|
|
|
|
Set these values for the gateway/auth runtime:
|
|
|
|
```bash
|
|
AUTHENTIK_CLIENT_ID=your-client-id
|
|
AUTHENTIK_CLIENT_SECRET=your-client-secret
|
|
AUTHENTIK_ISSUER=https://authentik.example.com
|
|
```
|
|
|
|
`AUTHENTIK_ISSUER` should be the Authentik base URL, for example `https://authentik.example.com`.
|
|
|
|
## Redirect URI
|
|
|
|
Configure this redirect URI in the Authentik provider/application:
|
|
|
|
```text
|
|
{BETTER_AUTH_URL}/api/auth/callback/authentik
|
|
```
|
|
|
|
Example:
|
|
|
|
```text
|
|
https://mosaic.example.com/api/auth/callback/authentik
|
|
```
|
|
|
|
## Test the flow
|
|
|
|
1. Start the gateway with `BETTER_AUTH_URL` and the Authentik environment variables set.
|
|
2. Open the Mosaic login flow and choose the Authentik provider.
|
|
3. Complete the Authentik login.
|
|
4. Confirm the browser returns to Mosaic and a session is created successfully.
|