title | description | summary | date | draft | images | weight | toc | community | seo | ||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Mealie |
Integrating Mealie with the Authelia OpenID Connect 1.0 Provider. |
2024-04-13 21:01:17 +1000 |
false |
620 |
true |
true |
|
{{% oidc-common %}}
This example makes the following assumptions:
- Application Root URL:
https://mealie.example.com/
- Authelia Root URL:
https://auth.example.com/
- Client ID:
mealie
The following YAML configuration is an example Authelia client configuration for use with Mealie which will operate with the application example:
identity_providers:
oidc:
## The other portions of the mandatory OpenID Connect 1.0 configuration go here.
## See: https://www.authelia.com/c/oidc
clients:
- client_id: 'mealie'
client_name: 'Mealie'
public: true
authorization_policy: 'two_factor'
require_pkce: true
pkce_challenge_method: 'S256'
redirect_uris:
- 'https://mealie.example.com/login'
scopes:
- 'openid'
- 'email'
- 'profile'
- 'groups'
userinfo_signed_response_alg: 'none'
token_endpoint_auth_method: 'none'
Important Note: This configuration assumes Mealie administrators are part of the mealie-admins
group, and
Mealie users are part of the mealie-users
group. Depending on your specific group configuration, you will have to
adapt the OIDC_ADMIN_GROUP
and OIDC_USER_GROUP
nodes respectively. Alternatively you may elect to create a new
authorization policy in [provider authorization policies] then utilize that policy as the
[client authorization policy].
To configure Mealie to utilize Authelia as an OpenID Connect 1.0 Provider use the following environment variables:
OIDC_AUTH_ENABLED=true
OIDC_SIGNUP_ENABLED=true
OIDC_CONFIGURATION_URL=https://auth.example.com/.well-known/openid-configuration
OIDC_CLIENT_ID=mealie
OIDC_AUTO_REDIRECT=false
OIDC_ADMIN_GROUP=mealie-admins
OIDC_USER_GROUP=mealie-users