Authentik Custom OAuth Provider

rgoedertwalton · October 24, 2023, 9:50am

Im trying to add Authentik as a custom provider. I have a simple next auth app to test the integration, and it works perfect with github, but is not working with Authentik, i keep gettinh the error

Strapi Callback Data >>>>>>>>>>>>>>  {
  data: null,
  error: {
    status: 400,
    name: 'ApplicationError',
    message: 'connect ECONNREFUSED 127.0.0.1:9000',
    details: {}
  }
}

I think the problem is in purest, as im not sure about the paths that i have added to the patches:

Purest Patch:

diff --git a/node_modules/purest/config/providers.json b/node_modules/purest/config/providers.json
index 8dd1dae..718a217 100644
--- a/node_modules/purest/config/providers.json
+++ b/node_modules/purest/config/providers.json
@@ -2784,5 +2784,31 @@
         "authorization": "Bearer {auth}"
       }
     }
-  }
+  },
+  "authentik": {
+    "default": {
+      "origin": "http://localhost:9000",
+      "path": "api/{path}",
+      "headers": {
+        "authorization": "Bearer {auth}"
+      }
+    },
+    "oauth": {
+      "origin": "http://localhost:9000",
+      "path": "oauth/{path}"
+    }
+  },
 }

Grant Patch:

diff --git a/node_modules/grant/config/oauth.json b/node_modules/grant/config/oauth.json
index da4e41b..428eaf4 100644
--- a/node_modules/grant/config/oauth.json
+++ b/node_modules/grant/config/oauth.json
@@ -1180,5 +1180,17 @@
     "access_url": "https://zoom.us/oauth/token",
     "oauth": 2,
     "scope_delimiter": " "
+  },
+  "authentik":{
+    "authorize_url": "http://localhost:9000/application/o/authorize/",
+    "access_url": "http://localhost:9000/application/o/token/",
+    "oauth": 2,
+    "scope_delimiter": " "
+  },
 }
diff --git a/node_modules/grant/config/profile.json b/node_modules/grant/config/profile.json
index 365ba91..23f0810 100644
--- a/node_modules/grant/config/profile.json
+++ b/node_modules/grant/config/profile.json
@@ -634,5 +634,11 @@
   },
   "zoom": {
     "profile_url": "https://api.zoom.us/v2/users/me"
+  },
+  "authentik": {
+    "profile_url": "http://localhost:9000/application/o/userinfo/"
+  },
 }

strapi Plugin patch

diff --git a/node_modules/@strapi/plugin-users-permissions/server/bootstrap/grant-config.js b/node_modules/@strapi/plugin-users-permissions/server/bootstrap/grant-config.js
index 31c612c..34a6fdc 100644
--- a/node_modules/@strapi/plugin-users-permissions/server/bootstrap/grant-config.js
+++ b/node_modules/@strapi/plugin-users-permissions/server/bootstrap/grant-config.js
@@ -128,4 +128,14 @@ module.exports = (baseURL) => ({
     callback: `${baseURL}/patreon/callback`,
     scope: ['identity', 'identity[email]'],
   },
+  authentik: {
+    enabled: true,
+    icon: 'authentik',
+    key: '',
+    secret: '',
+    basicHeader: '',
+    openPlanetSecret: '',
+    callback: `${baseURL}/authentik/callback`,
+    scope:[]
+  },
 });
diff --git a/node_modules/@strapi/plugin-users-permissions/server/services/providers-registry.js b/node_modules/@strapi/plugin-users-permissions/server/services/providers-registry.js
index 875b4e9..2fd3f2d 100644
--- a/node_modules/@strapi/plugin-users-permissions/server/services/providers-registry.js
+++ b/node_modules/@strapi/plugin-users-permissions/server/services/providers-registry.js
@@ -331,6 +331,28 @@ const getInitialProviders = ({ purest }) => ({
         };
       });
   },
+
+  async authentik({ accessToken }) {
+    const authentik = purest({ provider: 'authentik' });
+    const { body: userBody } = await authentik.get('user').auth(accessToken).request();
+
+    // The userBody may differ from provider to provider, refer to the provider documentation for details
+    return {
+      username: userBody.user_username,
+      email: userBody.user_email
+    };
+  },
+
 });
 
 module.exports = () => {