I just got this to work with Authentik OAuth2, however there were some hiccups with the oauth2 user json url setting. I used the user_info endpoint of Authentik for that (/application/o/userinfo/), however I did not know how to map the fields. For anyone looking how to set up Discourse with Authentik’s OAuth2, here’s the summary:
- User id path:
preferred_username - Username path:
preferred_username - Name path:
name - Email path:
email - Email verified path:
email_verified - Avatar: empty.
I had the following issues:
- At the beginning, I forgot the trailing slash in the json url
https://DOMAIN/application/o/userinfo/. This lead to the user info request (permalink to the source) to return a 301 HTTP code, which caused the login to fail. I do not know whether the trailing slash should be there by spec, but perhaps it would be good to handle 301 correctly. - Debugging this turned out tricky. The
oauth2 debug authsettings was a lifesaver but… Logster truncates the debug log before actually dumping the meaningful response data. I had to modify manually in the container the log line to
Perhaps that log line could be updated? I guess it could help other people figure out the json attributes path.log("user_json_response: #{user_json_response.status} #{user_json_response.headers} #{user_json_response.body}")