After leaving this alone for awhile, I’ve come back re-invigorated. I’m not sure how I fixed it, but here we are!
I removed a trailing comma from a section in seahub_settings.py:
Before:
OAUTH_SCOPE = [ “openid”, “profile”, “email”, ]
After:
OAUTH_SCOPE = [ “openid”, “profile”, “email” ]
I don’t think this is the fix - you have the same trailing comma, after all.
But, I also changed the OAUTH_ATTRIBUTE_MAP:
“email”: (True, “uid”),
“uid”: (True, “email”),
“name”: (False, “name”)
And dialled back Authelia’s configuration to basics:
- client_id: 'seafile123'
client_name: 'Seafile'
client_secret: '$pbkdf2-sha512$310000$10QJVuo0RAC9K5bdi1qZ2w$32UiCqlotLyVBvUyesvTA8jYoiN4sGb1Sj9r>
public: false
authorization_policy: 'two_factor'
require_pkce: false
redirect_uris:
- 'https://cloud.domain.com/oauth/callback/'
scopes:
- openid
- profile
- email
And… it seems to work. Now I just need to get attribute mapping like before so the user isn’t given “random_string@auth.local” as their email 
Finally I can put this to rest, and move on to more fun things! Thanks for your input Tom!