OAUTH2 Authentication with authentik

Howdy, it has been a while - work has been busy.

Have been having a play with my home set up and for fun looking at using authentik as the SSO for my home lab. I am learning on the fly here so probably have made a silly mistake

Was pleasantly surprised that they support Node Red oauth2

Have followed the instructions found here

installed the passport-openidconnect package and updated settings.js


adminAuth: {
strategy: {
        name: "openidconnect",
        label: 'Sign in with authentik',
        strategy: require("passport-openidconnect").Strategy,
        options: {
                issuer: 'https://authentik.xxxx.com/application/o/nodered-slug/',
                authorizationURL: 'https://authentik.xxxx.com/application/o/authorize/',
                tokenURL: 'https://authentik.xxxxx.com/application/o/token/',
                userInfoURL: 'https://authentik.xxxx.com/application/o/userinfo/',
                clientID: 'clientIsRedacted',
                clientSecret: 'clientSecretIsRedacted',
                callbackURL: 'https://nr.xxxx.com/auth/strategy/callback/',
                scope: ['email', 'profile', 'openid'],
                proxy: true,
        verify: function(issuer, profile, done) {
                done(null, profile)
    users: function(user) {
        return Promise.resolve({ username: user, permissions: "*" });

The authentication appears to work (logs form authentik ) however getting a ENOTFOUD on the return to node red. There is nothing in any logs

A hope that someone may have see something similar

Hey I wrote that guide, hopefully I can be of help. I've not seen the ENOTFOUD error before.

Have you changed the logging level in your settings.js yet?

    // Configure the logging output
    logging: {
        console: {
            level: "trace",
            metrics: true,
            audit: true

Oh also in Authentik go to Admin Interface -> Providers -> Node-RED and verify the URL's:

  1. OpenID Configuration Issuer -> issuer:
  2. Authorize URL -> authorizationURL:
  3. Token URL -> tokenURL:
  4. Userinfo URL -> userInfoURL:


thanks for the quick reply. As I was checking I attempted to ping the authentik host from the nr container, and guess what I can't. It looks like an issue with dns in docker when running a dns host (pi hole) on the same host. Alas it is to late to night to diagnose but for tomorrow

BTW thanks for the doco and support

1 Like

So hacked the hosts file so it resolves and all good - proper soln tomorrow

For the record - google was not a great help here. The commonly suggested soln (adding the explicit ip to the port definition in pihole) did not work for me, however adding a explicit dns record in the node-red service of the docker compose file worked.

For anyone who has a similar issue


Thx again

1 Like

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.