OAUTH2 Authentication with authentik

chrisn-au · 28 November 2023 05:57

Howdy, it has been a while - work has been busy.

Have been having a play with my home set up and for fun looking at using authentik as the SSO for my home lab. I am learning on the fly here so probably have made a silly mistake

Was pleasantly surprised that they support Node Red oauth2

Have followed the instructions found here

installed the passport-openidconnect package and updated settings.js

with

adminAuth: {
type:"strategy",
strategy: {
        name: "openidconnect",
        label: 'Sign in with authentik',
        icon:"fa-cloud",
        strategy: require("passport-openidconnect").Strategy,
        options: {
                issuer: 'https://authentik.xxxx.com/application/o/nodered-slug/',
                authorizationURL: 'https://authentik.xxxx.com/application/o/authorize/',
                tokenURL: 'https://authentik.xxxxx.com/application/o/token/',
                userInfoURL: 'https://authentik.xxxx.com/application/o/userinfo/',
                clientID: 'clientIsRedacted',
                clientSecret: 'clientSecretIsRedacted',
                callbackURL: 'https://nr.xxxx.com/auth/strategy/callback/',
                scope: ['email', 'profile', 'openid'],
                proxy: true,
        verify: function(issuer, profile, done) {
                done(null, profile)
        }
      }
    },
    users: function(user) {
        return Promise.resolve({ username: user, permissions: "*" });
    }
},

The authentication appears to work (logs form authentik ) however getting a ENOTFOUD on the return to node red. There is nothing in any logs

A hope that someone may have see something similar

dugite-code · 29 November 2023 01:24

Hey I wrote that guide, hopefully I can be of help. I've not seen the ENOTFOUD error before.

Have you changed the logging level in your settings.js yet?

    // Configure the logging output
    logging: {
        console: {
            level: "trace",
            metrics: true,
            audit: true
        }
    },

dugite-code · 29 November 2023 01:33

Oh also in Authentik go to Admin Interface -> Providers -> Node-RED and verify the URL's:

OpenID Configuration Issuer -> issuer:
Authorize URL -> authorizationURL:
Token URL -> tokenURL:
Userinfo URL -> userInfoURL:

chrisn-au · 29 November 2023 10:20

Heh,

thanks for the quick reply. As I was checking I attempted to ping the authentik host from the nr container, and guess what I can't. It looks like an issue with dns in docker when running a dns host (pi hole) on the same host. Alas it is to late to night to diagnose but for tomorrow

BTW thanks for the doco and support

chrisn-au · 29 November 2023 10:29

So hacked the hosts file so it resolves and all good - proper soln tomorrow

chrisn-au · 29 November 2023 12:05

For the record - google was not a great help here. The commonly suggested soln (adding the explicit ip to the port definition in pihole) did not work for me, however adding a explicit dns record in the node-red service of the docker compose file worked.

For anyone who has a similar issue

dns:
    - 192.168.2.50

Thx again

Topic		Replies	Views
Setting up OIDC with Authentik gives SyntaxError: Unexpected token --> not valid JSON General docker	2	57	5 July 2025
Oauth2 adminAuth via dockercompose envvars General docker	1	128	9 June 2024
Okta SSO stopped functioning after upgrading from v3.02 to v4.05 General docker	1	46	6 April 2025
Nextcloud Oauth 2 Login General security	8	4442	15 March 2022
Issue with passport authentication (pkce flow), token url not reachable from nodered General docker	2	345	15 November 2022

OAUTH2 Authentication with authentik

Related topics