-
Notifications
You must be signed in to change notification settings - Fork 94
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
docs: add Authentik documentation (#124)
* Add Authentik documentation * Adjust description for Authentik. * Formatting adjustments
- Loading branch information
Showing
1 changed file
with
53 additions
and
0 deletions.
There are no files selected for viewing
53 changes: 53 additions & 0 deletions
53
pages/docs/configuration/authentication/OAuth2-OIDC/authentik.mdx
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,53 @@ | ||
| --- | ||
| title: Authentik | ||
| description: Learn how to configure LibreChat to use Authentik for user authentication. | ||
| --- | ||
|
|
||
| # Authentik | ||
|
|
||
| 1. **Access Authentik Admin Interface:** | ||
| - Open the Authentik Admin Interface in your browser. Can be found at a URL such as: `https://authentik.example.com/if/admin/#/administration/overview`. | ||
| > We will use `https://authentik.example.com` as an example URL. Replace this with the URL of your Authentik instance. | ||
| 2. **Create a new Application and Provider using the wizard:** | ||
| - Click on the Applications tab in the left sidebar and click on Applications again. | ||
| - At the top of the page you should see a button that says `Create with Wizard`. Click on it. | ||
| > Note: You can also create an application and provider manually just be sure to link them afterwards. | ||
| - You can name the application whatever you want. For this example, we will name it `LibreChat` and click next. | ||
| - Choose the `OAuth2/OIDC` provider and click next. | ||
| - Choose your authentication and authorization flows. | ||
| - Scroll down and take note of the `Client ID` and `Client Secret`. You will need these later. | ||
| - Under Advanced protocol settings change Subject mode to `Based on the User's Email`. | ||
| - Click Submit. | ||
| - Add the new application you created to an Outpost. | ||
| > Note: You should also apply any policies for access control that you want to apply to LibreChat at this point. | ||
| 3. **Gather Information for .env:** | ||
| - You will need the following information from Authentik: | ||
| - `Client ID` | ||
| - `Client Secret` | ||
| - `OpenID Configuration URL` | ||
| > All of these can be found by clicking on the provider you just created. | ||
| 3. **Configure LibreChat:** | ||
| - Open the `.env` file and add the following variables: | ||
| ```bash filename=".env" | ||
| OPENID_ISSUER=https://authentik.example.com/application/o/librechat/.well-known/openid-configuration | ||
| OPENID_CLIENT_ID=[YourClientID] | ||
| OPENID_CLIENT_SECRET=[YourClientSecret] | ||
| OPENID_SESSION_SECRET=[JustGenerateARandomSessionSecret] | ||
| OPENID_CALLBACK_URL=/oauth/openid/callback | ||
| OPENID_SCOPE=openid profile email | ||
| # Optional customization below | ||
| OPENID_BUTTON_LABEL=Login with Authentik | ||
| OPENID_IMAGE_URL=https://cdn.jsdelivr.net/gh/selfhst/icons/png/authentik.png | ||
| ``` | ||
| > Note: Make sure nothing is wrapped in quotes in your .env and you have allowed social login. | ||
| 4. **Check Configuration:** | ||
| - Restart LibreChat to apply the changes. | ||
| - Open an Icognito window and navigate to your LibreChat instance. | ||
| - Underneath the form login there should be a new button that says `Login with Authentik`. | ||
| - You should be redirected to Authentik to login. | ||
| - After logging in you should be redirected back to LibreChat and be logged in. | ||
| - If you are not redirected back to LibreChat, check Authentik logs for any errors. |