Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Feat]: Authentik as OpenID Provider #680

Closed
support-tt opened this issue Feb 15, 2024 · 3 comments
Closed

[Feat]: Authentik as OpenID Provider #680

support-tt opened this issue Feb 15, 2024 · 3 comments
Labels
Enhancement New feature or request

Comments

@support-tt
Copy link

Is your feature request related to a problem? Please describe.
Authentik is a fast growing OpenID/SAML Provider that can also Proxy Traffic. I think it should be Supported by Lowcoder.
https://github.com/goauthentik/authentik
https://goauthentik.io/

Describe the solution you'd like
Because Authentik implementation auf OpenID is not much different from Keycloak the implementation should be not that hard. Unfortenetely im not a programmer but I can help with informations/testing etc.

Describe alternatives you've considered
Alternative is to have a generic Openid provider which supports all OpenID Providers.

Additional context
If Keycloak us used for the Syntax of the URL is:
https://KEYCLOAK.DOMAIN.DE/realms/REALMNAME/protocol/openid-connect/auth?response_type=code&client_id=CLIENDID&redirect_uri=LOWCODER_URL&scope=openid

With Authentik it is
https://AUTHENTIK.DOMAIN.DE/if/flow/FLOWNAME/?next=%2Fapplication%2Fo%2Fauthorize%2F%3Fscope%3Dopenid%2Bemail%2Bprofile%26response_type%3Dcode%26redirect_uri%3DLOWCODER_URL%26client_id%3dCLIENDID
@support-tt support-tt added the Enhancement New feature or request label Feb 15, 2024
@FalkWolsky
Copy link
Contributor

We work and will soon publish on a generic OAuth Provider, where you can configure all these details, so also Authentik should be supported then.

@beatles1
Copy link

beatles1 commented Mar 2, 2024

I was actually playing round with this and got Authentik working by adding some config to the Nginx reverse proxy infront of mine. I'm not actually sure if all of these locations are required but I had success with the below. It's very hacky and probably not ideal for production, do note this isn't very heavily tested but it seemed to work:

location /realms/lowcoder/.well-known/openid-configuration {
    proxy_pass https://<authentik-server>/application/o/lowcoder/.well-known/openid-configuration;
    proxy_set_header Host $host;
}
location /realms/lowcoder/protocol/openid-connect/auth {
    proxy_pass https://<authentik-server>/application/o/authorize/;
    proxy_set_header Host $host;
}
location /realms/lowcoder/protocol/openid-connect/userinfo {
    proxy_pass https://<authentik-server>/application/o/userinfo/;
    proxy_set_header Host $host;
    add_header content-type "application/json";
}
location /realms/lowcoder/protocol/openid-connect/token {
    default_type application/json;
    proxy_pass https://<authentik-server>/application/o/token/;
    proxy_set_header Host $host;
    add_header content-type "application/json";
}
location /realms/lowcoder/protocol/openid-connect/certs {
    default_type application/json;
    proxy_pass https://<authentik-server>/application/o/lowcoder/jwks/;
    proxy_set_header Host $host;
    add_header content-type "application/json";
}
location /realms/lowcoder {
    proxy_pass https://<authentik-server>/application/o/lowcoder/;
    proxy_set_header Host $host;
}

@FalkWolsky
Copy link
Contributor

This should now work smooth with the new introduced generic OAuth Provider from v2.4.0 on.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Enhancement New feature or request
Projects
Lowcoder
Status: Done
Milestone
No milestone
Development

No branches or pull requests
3 participants
@beatles1 @FalkWolsky @support-tt