-
-
Notifications
You must be signed in to change notification settings - Fork 945
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
website/integrations: add Frappe #10797
website/integrations: add Frappe #10797
Conversation
✅ Deploy Preview for authentik-docs ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
✅ Deploy Preview for authentik-storybook canceled.
|
- **Client ID**: Either create your own Client ID or use the auto-populated ID | ||
- **Client Secret**: Either create your own Client Secret or use the auto-populated secret | ||
:::note | ||
Take note of the `Client ID` and `Client Secret` as they are required when configuring Immich. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
required when configuring --> Immich.
? And I don't think it's a good idea to add a note in the middle of that instruction set. You could say something like "Take note of these values as you will need them later.
- **Authentication flow**: default-authentication-flow | ||
- **Authorization flow**: default-provider-authorization-explicit-consent | ||
- **Client type**: Confidential | ||
- **Client ID**: Either create your own Client ID or use the auto-populated ID |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's best to suggest the auto-created one for security reasons
|
||
1. Create a new OAuth2/OpenID Provider under **Applications** > **Providers** using the following settings: | ||
- **Name**: Frappe | ||
- **Authentication flow**: default-authentication-flow |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Some users might have different flows
1. Create a new OAuth2/OpenID Provider under **Applications** > **Providers** using the following settings: | ||
- **Name**: Frappe | ||
- **Authentication flow**: default-authentication-flow | ||
- **Authorization flow**: default-provider-authorization-explicit-consent |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Some users might have different flows
- **Authorization flow**: default-provider-authorization-explicit-consent | ||
- **Client type**: Confidential | ||
- **Client ID**: Either create your own Client ID or use the auto-populated ID | ||
- **Client Secret**: Either create your own Client Secret or use the auto-populated secret |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's best to suggest the auto-created one for security reasons
- `https://frappe.company/api/method/frappe.integrations.oauth2_logins.custom/provider` | ||
- **Scopes**: `email`, `openid`, `profile` | ||
- **Subject mode**: `Based on the Users's username` | ||
:::danger |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
same comment as above about notes in the middle of instruction sets
- **Include claims in id_token**: `True` | ||
- Leave everything else as default | ||
|
||
## Service configuration |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
## Service configuration | |
## Frappe configuration |
|
||
## Service configuration | ||
|
||
1. In Frappe main menu, navigate to Integrations, then to Social Login Key. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
1. In Frappe main menu, navigate to Integrations, then to Social Login Key. | |
1. From the Frappe main menu navigate to ***Integrations**, then to **Social Login Key**. |
|
||
1. In Frappe main menu, navigate to Integrations, then to Social Login Key. | ||
|
||
Add a new Social login Key using `+ Add Social Login Key` on top right. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
not sure about the formulation here. you could just say the button on the top right instead of adding it's full name in codeblock
|
||
In Client Credentials section: | ||
- Enable Social Login: Turn the checkmark to the _on_ position. | ||
- Client ID: _CLIENT_ID_ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
is this referencing values in authentik? if so, it should be said
website/docs: integrations: fixed the errors
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #10797 +/- ##
==========================================
+ Coverage 92.56% 92.74% +0.17%
==========================================
Files 727 736 +9
Lines 35541 36243 +702
==========================================
+ Hits 32900 33615 +715
+ Misses 2641 2628 -13
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
|
||
## authentik configuration | ||
|
||
1. Create a new OAuth2/OpenID Provider under **Applications** > **Providers** using the following settings: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
1. Create a new OAuth2/OpenID Provider under **Applications** > **Providers** using the following settings: | |
1. Log in to authentik as an admin, and go to the Admin interface, | |
2. Create a new OAuth2/OpenID Provider under **Applications** -> **Providers** using the following settings: |
|
||
Take note of **Client ID** and **Client Secret** as you will need them later. | ||
|
||
2. Create a new Application under **Applications** > **Applications** and assign the created provider. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
2. Create a new Application under **Applications** > **Applications** and assign the created provider. | |
2. Create a new Application under **Applications** -> **Applications** and assign the provider that you just created. |
In Client Information: | ||
- Auth URL Data: `{"response_type": "code", "scope": "email profile openid"}` | ||
|
||
![](./frappe4.png) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is there any final step here? Is there a way to verify that all of the configs were successful?
Seems like an abrupt ending... ;-)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As for verifying that it worked, I would offer to go to frappe.company and press that Login with provider.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks so much @Infernogeek1 for this contribution! A few nits with phrasing, and a question about how to end the topic, but looks good! Please make any suggested changes you agree with and let's get this merged!
|
||
## Frappe configuration | ||
|
||
1. From the Frappe main menu navigate to **Integrations**, then to **Social Login Key**. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
1. From the Frappe main menu navigate to **Integrations**, then to **Social Login Key**. | |
1. From the Frappe main menu, navigate to **Integrations**, then to **Social Login Key**. |
|
||
Take note of **Client ID** and **Client Secret** as you will need them later. | ||
|
||
3. Create a new Application under **Applications** > **Applications** and assign the provider that you have just created. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
creating an application is more than the provider you could also say "select a name, a slug, and assign the provider" not in dept either just indirectly saying that there's more than the provider if you know what i mean
|
||
1. Go to `https://frappe.company` from Incognito mode. | ||
2. Press **Login with provider** on the login screen. | ||
3. Authorize with Authentik. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
3. Authorize with Authentik. | |
3. Authorize with authentik. |
authentik is always lowercase. if the out reference it with uppercase elsewhere in the docs it should also be changed
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks so much for this contribution, @Infernogeek1. A couple of nits... you might need to double-check the indentation on some of the images that are within numbered steps; I am not sure everything is aligned there, but the Suggestion box doesn't allow me to put in proper indentations, only spaces.
Let me know if any questions, and as soon as you make these few changes, let's get it merged!
|
||
## authentik configuration | ||
|
||
1. Log in to authentik as an admin, and go to the Admin interface, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
1. Log in to authentik as an admin, and go to the Admin interface, | |
1. Log in to authentik as an admin, and go to the Admin interface. |
|
||
Take note of **Client ID** and **Client Secret** as you will need them later. | ||
|
||
3. Create a new Application under **Applications** > **Applications**, pick a name and a slug, and assign the provider that you have just created. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
3. Create a new Application under **Applications** > **Applications**, pick a name and a slug, and assign the provider that you have just created. | |
3. Create a new application under **Applications** -> **Applications**, pick a name and a slug, and assign the provider that you have just created. |
|
||
2. Enter the following settings: | ||
|
||
In Client Credentials section: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In Client Credentials section: | |
In the **Client Credentials** section: |
- Client ID: _client-id-from-authentik_ | ||
- Client Secret: _client-secret-from-authentik_ | ||
|
||
In Configuration section: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In Configuration section: | |
In the **Configuration** section: |
|
||
![](./frappe2.png) | ||
|
||
In Identity Details section: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In Identity Details section: | |
In the **Identity Details** section: |
|
||
![](./frappe3.png) | ||
|
||
In Client Information: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In Client Information: | |
In the **Client Information** section: |
In Client Information: | ||
- Auth URL Data: `{"response_type": "code", "scope": "email profile openid"}` | ||
|
||
![](./frappe4.png) 3. Press the black **Save** button on the top right. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
![](./frappe4.png) 3. Press the black **Save** button on the top right. | |
![](./frappe4.png) | |
3. Click **Save** on the top right. |
## Verification | ||
|
||
1. Go to `https://frappe.company` from Incognito mode. | ||
2. Press **Login with provider** on the login screen. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
2. Press **Login with provider** on the login screen. | |
2. Click **Login with provider** on the login screen. |
@tanberry, I tried |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks so much @Infernogeek1 for all the fixes, we'll merge now.
* main: (57 commits) web/elements: fix empty enterprise banner (#10882) root: fix docker build warnings (#10881) website/integrations: compress images (#10880) website/integrations: add Frappe (#10797) translate: Updates for file web/xliff/en.xlf in ru (#10878) core, web: update translations (#10877) web: bump API Client version (#10876) providers: add provider/ prefix for property mappings API (#10874) core, web: update translations (#10831) core: bump gunicorn from 22.0.0 to 23.0.0 (#10861) web: bump the swc group across 2 directories with 11 updates (#10868) web: bump ts-pattern from 5.2.0 to 5.3.1 in /web (#10870) web: bump @eslint/js from 9.8.0 to 9.9.0 in /web (#10871) web: bump @sentry/browser from 8.24.0 to 8.25.0 in /web in the sentry group across 1 directory (#10853) core: bump goauthentik.io/api/v3 from 3.2024063.6 to 3.2024063.8 (#10850) core: bump paramiko from 3.4.0 to 3.4.1 (#10862) core: bump lxml from 5.2.2 to 5.3.0 (#10863) core: bump watchdog from 4.0.1 to 4.0.2 (#10864) web: bump API Client version (#10844) core: bump aiohttp from 3.9.5 to 3.10.2 (#10843) ...
* main: (26 commits) translate: Updates for file locale/en/LC_MESSAGES/django.po in ru (#10884) core, web: update translations (#10887) web: bump typescript-eslint from 8.0.1 to 8.1.0 in /web (#10889) web: bump @goauthentik/api from 2024.6.3-1723234818 to 2024.6.3-1723497462 in /web/sfe (#10890) core: bump goauthentik.io/api/v3 from 3.2024063.8 to 3.2024063.10 (#10891) web: bump API Client version (#10886) outposts: add better UI for showing mismatched versions (#10885) website/integrations: Add Semgrep (#10849) web/elements: fix empty enterprise banner (#10882) root: fix docker build warnings (#10881) website/integrations: compress images (#10880) website/integrations: add Frappe (#10797) translate: Updates for file web/xliff/en.xlf in ru (#10878) core, web: update translations (#10877) web: bump API Client version (#10876) providers: add provider/ prefix for property mappings API (#10874) core, web: update translations (#10831) core: bump gunicorn from 22.0.0 to 23.0.0 (#10861) web: bump the swc group across 2 directories with 11 updates (#10868) web: bump ts-pattern from 5.2.0 to 5.3.1 in /web (#10870) ...
I have dogfooded my own docs and found out I screwed up and included a trailing slash where it should not have been. - Redirect URL: /api/method/frappe.integrations.oauth2_logins.custom/provider/
+ Redirect URL: /api/method/frappe.integrations.oauth2_logins.custom/provider |
Hi hi, @Infernogeek1 good catch, thanks. Do you want to open a new PR with this fix (since the PR has already been merged), or I can do it, as you wish. |
Details
Add Frappe OIDC integration
Checklist
ak test authentik/
)make lint-fix
)If an API change has been made
make gen-build
)If changes to the frontend have been made
make web
)If applicable
make website
)