authentik/website/integrations/services/mastodon/index.md

---
title: Mastodon
---

<span class="badge badge--secondary">Support level: Community</span>

## What is Mastodon

From https://joinmastodon.org/
:::note
Mastodon is free and open-source software for running self-hosted social networking services. It has microblogging features similar to Twitter
:::

## Preparation

The following placeholders will be used:

-   `mastodon.company` is the FQDN of the mastodon install.
-   `authentik.company` is the FQDN of the authentik install.

## authentik Configuration

### Step 1 - OAuth2/OpenID Provider

Create a OAuth2/OpenID Provider (under _Applications/Providers_) with these settings:

-   Name : mastodon
-   Redirect URI: `https://mastodon.company/auth/auth/openid_connect/callback`

### Step 3 - Application

Create an application (under _Resources/Applications_) with these settings:

-   Name: Mastodon
-   Slug: mastodon
-   Provider: mastodon

## Mastodon Setup

Configure Mastodon `OIDC_` settings by editing the `.env.production` and add the following:

```
OIDC_ENABLED=true
OIDC_DISPLAY_NAME=authentik
OIDC_DISCOVERY=true
OIDC_ISSUER=< OpenID Configuration Issuer>
OIDC_AUTH_ENDPOINT=https://authentik.company/application/o/authorize/
OIDC_SCOPE=openid,profile,email
OIDC_UID_FIELD=sub
OIDC_CLIENT_ID=<Client ID>
OIDC_CLIENT_SECRET=<Client Secret>
OIDC_REDIRECT_URI=https://mastodon.company/auth/auth/openid_connect/callback
OIDC_SECURITY_ASSUME_EMAIL_IS_VERIFIED=true
```

Restart mastodon-web.service

## Additional Resources

-   https://github.com/mastodon/mastodon/pull/16221
-   https://forum.fedimins.net/t/sso-fuer-verschiedene-dienste/42
website/integrations: Mastodon integration (#4733) * init mastodon integration Signed-off-by: Tealk <tealk@rollenspiel.monster> * replace inventory placeholder Signed-off-by: Tealk <tealk@rollenspiel.monster> * Replace placeholder Signed-off-by: Tealk <tealk@rollenspiel.monster> * replace username with sub Signed-off-by: Tealk <tealk@rollenspiel.monster> * text improvement Signed-off-by: Tealk <tealk@rollenspiel.monster> --------- Signed-off-by: Tealk <tealk@rollenspiel.monster> 2023-02-22 16:23:38 +00:00			`---`
			`title: Mastodon`
			`---`

			`<span class="badge badge--secondary">Support level: Community</span>`

			`## What is Mastodon`

			`From https://joinmastodon.org/`
			`:::note`
			`Mastodon is free and open-source software for running self-hosted social networking services. It has microblogging features similar to Twitter`
			`:::`

			`## Preparation`

			`The following placeholders will be used:`

			- `mastodon.company` is the FQDN of the mastodon install.
			- `authentik.company` is the FQDN of the authentik install.

			`## authentik Configuration`

			`### Step 1 - OAuth2/OpenID Provider`

			`Create a OAuth2/OpenID Provider (under _Applications/Providers_) with these settings:`

			`- Name : mastodon`
			- Redirect URI: `https://mastodon.company/auth/auth/openid_connect/callback`

			`### Step 3 - Application`

			`Create an application (under _Resources/Applications_) with these settings:`

			`- Name: Mastodon`
			`- Slug: mastodon`
			`- Provider: mastodon`

			`## Mastodon Setup`

			Configure Mastodon `OIDC_` settings by editing the `.env.production` and add the following:

			```
			`OIDC_ENABLED=true`
			`OIDC_DISPLAY_NAME=authentik`
			`OIDC_DISCOVERY=true`
			`OIDC_ISSUER=< OpenID Configuration Issuer>`
			`OIDC_AUTH_ENDPOINT=https://authentik.company/application/o/authorize/`
			`OIDC_SCOPE=openid,profile,email`
			`OIDC_UID_FIELD=sub`
			`OIDC_CLIENT_ID=<Client ID>`
			`OIDC_CLIENT_SECRET=<Client Secret>`
			`OIDC_REDIRECT_URI=https://mastodon.company/auth/auth/openid_connect/callback`
			`OIDC_SECURITY_ASSUME_EMAIL_IS_VERIFIED=true`
			```

			`Restart mastodon-web.service`

			`## Additional Resources`

			`- https://github.com/mastodon/mastodon/pull/16221`
			`- https://forum.fedimins.net/t/sso-fuer-verschiedene-dienste/42`