Integrate with Wekan
Support level: Community
What is Wekan
Wekan is an open-source kanban board which allows a card-based task and to-do management.
Preparation
The following placeholders are used in this guide:
wekan.companyis the FQDN of the wekan installation.authentik.companyis the FQDN of the authentik installation.
This documentation lists only the settings that you need to change from their default values. Be aware that any changes other than those explicitly mentioned in this guide could cause issues accessing your application.
Create an application in authentik. Create an OAuth2/OpenID provider with the following parameters:
- Client Type:
Confidential - Scopes: OpenID, Email and Profile
- Signing Key: Select any available key
- Redirect URIs:
https://wekan.company/_oauth/oidc
Note the Client ID and Client Secret values. Create an application, using the provider you've created above. Note the slug of the application you've created.
Wekan
- Docker
- Standalone
If your Wekan is running in docker, add the following environment variables for authentik
environment: OAUTH2_ENABLED=true
OAUTH2_LOGIN_STYLE=redirect
OAUTH2_CLIENT_ID=<Client ID from above>
OAUTH2_SERVER_URL=https://authentik.company
OAUTH2_AUTH_ENDPOINT=/application/o/authorize/
OAUTH2_USERINFO_ENDPOINT=/application/o/userinfo/
OAUTH2_TOKEN_ENDPOINT=/application/o/token/
OAUTH2_SECRET=<Client Secret from above>
OAUTH2_ID_MAP=sub
OAUTH2_USERNAME_MAP=email
OAUTH2_FULLNAME_MAP=given_name
OAUTH2_EMAIL_MAP=email
edit .env and add the following:
# authentik OAUTH Config
OAUTH2_ENABLED='true'
OAUTH2_LOGIN_STYLE='redirect'
OAUTH2_CLIENT_ID='<Client ID from above>'
OAUTH2_SERVER_URL='https://authentik.company'
OAUTH2_AUTH_ENDPOINT='/application/o/authorize/'
OAUTH2_USERINFO_ENDPOINT='/application/o/userinfo/'
OAUTH2_TOKEN_ENDPOINT='/application/o/token/'
OAUTH2_SECRET='<Client Secret from above>'
OAUTH2_ID_MAP='sub'
OAUTH2_USERNAME_MAP='email'
OAUTH2_FULLNAME_MAP='given_name'
OAUTH2_EMAIL_MAP='email'