This repository has been archived on 2024-05-31. You can view files and clone it, but cannot push or open issues or pull requests.
authentik/website/integrations/services/vikunja/index.md
Jens Langhammer 8a1dd521e1 website: move integrations to separate folder, separate sidebar and new URL, add URL redirect
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-22 11:10:26 +01:00

102 lines
3.6 KiB
Markdown

---
title: Vikunja
---
## What is Vikunja
From https://vikunja.io/
:::note
Vikunja is an Open-Source, self-hosted To-Do list application for all platforms. It is licensed under the GPLv3.
:::
:::note
This is based on authentik 2021.7.3 and Vikunja V0.17.1 using the Docker-Compose install https://vikunja.io/docs/full-docker-example/. Instructions may differ between versions.
:::
## Preparation
The following placeholders will be used:
- `vik.company` is the FQDN of Vikunja.
- `authentik.company` is the FQDN of authentik.
### Step 1
In authentik, under _Providers_, create an _OAuth2/OpenID Provider_ with these settings:
:::note
Only settings that have been modified from default have been listed.
:::
**Protocol Settings**
- Name: Vikunja
- Client type: Confidential
- Client ID: Copy and Save this for Later
- Client Secret: Copy and Save this for later
- Redirect URIs/Origins:
```
https://vik.company/auth/openid
https://vik.company/auth/openid/Vikunja
```
![](./vikunja1.png)
### Step 2
Edit/Create you `config.yml` file for Vikunja
Incorporate the following example Auth block into your `config.yml`
```bash
auth:
# Local authentication will let users log in and register (if enabled) through the db.
# This is the default auth mechanism and does not require any additional configuration.
local:
# Enable or disable local authentication
enabled: true
# OpenID configuration will allow users to authenticate through a third-party OpenID Connect compatible provider.<br/>
# The provider needs to support the `openid`, `profile` and `email` scopes.<br/>
# **Note:** Some openid providers (like gitlab) only make the email of the user available through openid claims if they have set it to be publicly visible.
# If the email is not public in those cases, authenticating will fail.
# **Note 2:** The frontend expects to be redirected after authentication by the third party
# to <frontend-url>/auth/openid/<auth key>. Please make sure to configure the redirect url with your third party
# auth service accordingly if you're using the default Vikunja frontend.
# Take a look at the [default config file](https://kolaente.dev/vikunja/api/src/branch/main/config.yml.sample) for more information about how to configure openid authentication.
openid:
# Enable or disable OpenID Connect authentication
enabled: true
# The url to redirect clients to. Defaults to the configured frontend url. If you're using Vikunja with the official
# frontend, you don't need to change this value.
redirecturl: https://vik.company/auth/openid/
# A list of enabled providers
providers:
# The name of the provider as it will appear in the frontend.
- name: vikunja
# The auth url to send users to if they want to authenticate using OpenID Connect.
authurl: https://authentik.company/application/o/vikunja/
# The client ID used to authenticate Vikunja at the OpenID Connect provider.
clientid: THIS IS THE CLIENT ID YOU COPIED FROM STEP 1 in authentik
# The client secret used to authenticate Vikunja at the OpenID Connect provider.
clientsecret: THIS IS THE CLIENT SECRET YOU COPIED FROM STEP 1 in authentik
```
:::note
Vikunja Reference link: https://vikunja.io/docs/config-options/#auth
:::
### Step 3
In authentik, create an application which uses this provider. Optionally apply access restrictions to the application using policy bindings.
- Name: Vikunja
- Slug: vikunja
- Provider: vikunja
- Launch URL: https://vik.company
## Notes
:::note
Recommend you restart the Vikunja stack after making the config file changes.
:::