matt/echo6-docs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
echo6-docs/docs/software/authentik.md
Matt Johnson 880ff09c90 Initial commit: infrastructure documentation 
Includes:
- Hardware environment reference (Proxmox cluster, VMs, LXCs)
- Services inventory with current deployments
- Caddy & DNS configuration reference
- Runbooks for common deployment procedures

Recent additions:
- SearXNG deployment (utility CT 102, search.echo6.co)
- TOC conversion to Proxmox with cortex VM
- Syncthing sync between Contabo and cortex

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-06 21:27:29 +01:00

2.2 KiB
Raw Blame History

Authentik SSO Configuration

Location

API Access

API token stored in /home/zvx/projects/.ref/credentials as AUTHENTIK_API_TOKEN

Flow UUIDs

Required for OAuth2 provider creation:

Flow UUID
Authorization (implicit) 86051292-389f-4bd9-b0f9-53cd32f197fd
Authorization (explicit) 6f9f5c89-9f98-4776-9e0d-a72a8ad17963
Invalidation ed861c0d-2c81-4c3d-819b-946a21c4296a
Provider Invalidation 1eb91626-19a3-4f45-b384-d699c6189197

Create New API Token

ssh root@100.64.0.6 'docker exec authentik-server ak shell -c "
from authentik.core.models import Token, User
user = User.objects.get(username=\"akadmin\")
token, created = Token.objects.get_or_create(
    identifier=\"token-name\",
    user=user,
    defaults={\"intent\": \"api\", \"expiring\": False}
)
print(token.key)
"'

Quick OAuth2 Provider Creation

# Source credentials
source /home/zvx/projects/.ref/credentials

# Create provider
curl -s -X POST "https://auth.echo6.co/api/v3/providers/oauth2/" \
  -H "Authorization: Bearer $AUTHENTIK_API_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "AppName",
    "authorization_flow": "86051292-389f-4bd9-b0f9-53cd32f197fd",
    "invalidation_flow": "ed861c0d-2c81-4c3d-819b-946a21c4296a",
    "client_type": "confidential",
    "client_id": "appname",
    "redirect_uris": [{"matching_mode": "strict", "url": "https://app.echo6.co/callback"}],
    "sub_mode": "user_username"
  }'

# Create application (use pk from provider response)
curl -s -X POST "https://auth.echo6.co/api/v3/core/applications/" \
  -H "Authorization: Bearer $AUTHENTIK_API_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "AppName",
    "slug": "appname",
    "provider": PROVIDER_PK,
    "meta_launch_url": "https://app.echo6.co"
  }'

Common Redirect URI Patterns

Application Type Redirect URI Pattern
Web app https://app.echo6.co/callback
Web app (oauth) https://app.echo6.co/oauth/callback
Caddy forward auth https://app.echo6.co/outpost.goauthentik.io/callback