Authentik (oauth) Configuration fails

Seafile Server
,
2

Hey,
So I used this post to help me figure it out:

But here are my settings. Hope it helps you. (If you do not want Authentik to override seafile user’s Profile Name, then # the line in “OAUTH_ATTRIBUTE_MAP” that says "name": (False, "name"),)

Here is my settings that I added to “seahub_settings.py”

It’s alos possbile to use the normal mode. You can basically use the configuration from the Authelia documentation:

ENABLE_OAUTH = True

# If create new user when he/she logs in Seafile for the first time, defalut `True`.
OAUTH_CREATE_UNKNOWN_USER = True

# If active new user when he/she logs in Seafile for the first time, defalut `True`.
OAUTH_ACTIVATE_USER_AFTER_CREATION = True

# Usually OAuth works through SSL layer. If your server is not parametrized to allow HTTPS, some method will raise an "oauthlib.oauth2.rfc6749.errors.InsecureTransportError". Set >
OAUTH_ENABLE_INSECURE_TRANSPORT = True

# Client id/secret generated by authorization server when you register your client application.
OAUTH_CLIENT_ID = "client_id"
OAUTH_CLIENT_SECRET = "client_secret"

# Callback url when user authentication succeeded. Note, the redirect url you input when you register your client application MUST be exactly the same as this value.
OAUTH_REDIRECT_URL = 'https://seafile_drive.tld/oauth/callback/'

# The following should NOT be changed if you are using Github as OAuth provider.
OAUTH_PROVIDER_DOMAIN = 'authentik.tld'
OAUTH_AUTHORIZATION_URL = 'https://authentik.tld/application/o/authorize/'
OAUTH_TOKEN_URL = 'https://authentik.tld/application/o/token/'
OAUTH_USER_INFO_URL = 'https://authentik.tld/application/o/userinfo/'
OAUTH_SCOPE = [ "openid", "profile", "email",]
OAUTH_ATTRIBUTE_MAP = {
    "email": (True, "email"),  # Please keep the 'email' option unchanged to be compatible with the login of users of version 11.0 and earlier.
    "name": (False, "name"),
    #"email": (False, "contact_email"),
    "id": (False, "not used"),   # Since 11.0 version, Seafile use 'uid' as the external unique identifier of the user.
                            # Different OAuth systems have different attributes, which may be: 'uid' or 'username', etc.
                            # If there is no 'uid' attribute, do not configure this option and keep the 'email' option unchanged,
                            # to be compatible with the login of users of version 11.0 and earlier.
}
1 Like