mosaicstack/stack
1
0
Fork 0
Code Issues 13 Pull Requests Actions Packages Projects Releases 11 Wiki Activity
Files
8fa5995bde0191c777a9ace71e304bb91a834160
stack/docs/plans/authentik-sso-setup.md
Jason Woltje e92de12cf9
All checks were successful
ci/woodpecker/push/ci Pipeline was successful
Details
ci/woodpecker/pr/ci Pipeline was successful
Details
feat(auth): add Authentik OIDC adapter 
Refs #96
2026-03-13 14:42:05 -05:00

1.0 KiB
Raw Blame History

Authentik SSO Setup

Create the Authentik application

  1. In Authentik, create an OAuth2/OpenID Provider.
  2. Create an Application and link it to that provider.
  3. Copy the generated client ID and client secret.

Required environment variables

Set these values for the gateway/auth runtime:

AUTHENTIK_CLIENT_ID=your-client-id
AUTHENTIK_CLIENT_SECRET=your-client-secret
AUTHENTIK_ISSUER=https://authentik.example.com

AUTHENTIK_ISSUER should be the Authentik base URL, for example https://authentik.example.com.

Redirect URI

Configure this redirect URI in the Authentik provider/application:

{BETTER_AUTH_URL}/api/auth/callback/authentik

Example:

https://mosaic.example.com/api/auth/callback/authentik

Test the flow

  1. Start the gateway with BETTER_AUTH_URL and the Authentik environment variables set.
  2. Open the Mosaic login flow and choose the Authentik provider.
  3. Complete the Authentik login.
  4. Confirm the browser returns to Mosaic and a session is created successfully.
Reference in New Issue View Git Blame Copy Permalink