|
| 1 | +--- |
| 2 | +title: Integrate with Tandoor |
| 3 | +sidebar_label: Tandoor |
| 4 | +support_level: community |
| 5 | +--- |
| 6 | + |
| 7 | +## What is Tandoor |
| 8 | + |
| 9 | +> Application for managing recipes, planning meals and building shopping lists. |
| 10 | +> |
| 11 | +> -- https://github.com/TandoorRecipes/recipes |
| 12 | +
|
| 13 | +## Preparation |
| 14 | + |
| 15 | +The following placeholders are used in this guide: |
| 16 | + |
| 17 | +- `tandoor.company` is the FQDN of the tandoor installation. |
| 18 | +- `authentik.company` is the FQDN of the authentik installation. |
| 19 | + |
| 20 | +:::note |
| 21 | +This documentation lists only the settings that you need to change from their default values. Be aware that any changes other than those explicitly mentioned in this guide could cause issues accessing your application. |
| 22 | +::: |
| 23 | + |
| 24 | +## authentik configuration |
| 25 | + |
| 26 | +To support the integration of Tandoor with authentik, you need to create an application/provider pair in authentik. |
| 27 | + |
| 28 | +### Create an application and provider in authentik |
| 29 | + |
| 30 | +1. Log in to authentik as an admin, and open the authentik Admin interface. |
| 31 | +2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can create only an application, without a provider, by clicking **Create**.) |
| 32 | + |
| 33 | +- **Application**: provide a descriptive name (e.g., `Tandoor`), an optional group for the type of application, the policy engine mode, and optional UI settings. |
| 34 | + |
| 35 | +- **Choose a Provider type**: Select **OAuth2/OpenID Provider** as the provider type. |
| 36 | + |
| 37 | +- **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations. |
| 38 | + |
| 39 | + - **Redirect URI**: |
| 40 | + - Strict: <kbd>https://<em>tandoor.company</em>/accounts/oidc/authentik/login/callback/</kbd> |
| 41 | + |
| 42 | +- **Configure Bindings** _(optional)_: you can create a [binding](/docs/add-secure-apps/flows-stages/bindings/) (policy, group, or user) to manage the listing and access to applications on a user's **My applications** page. |
| 43 | + |
| 44 | +3. Click **Submit** to save the new application and provider. |
| 45 | + |
| 46 | +## Tandoor configuration |
| 47 | + |
| 48 | +Add the following environment variables to your tandoor configuration. Make sure to fill in the client ID, client secret and OpenID Connect well-known URL from your authentik instance. |
| 49 | + |
| 50 | +```sh |
| 51 | +SOCIAL_PROVIDERS=allauth.socialaccount.providers.openid_connect |
| 52 | +SOCIALACCOUNT_PROVIDERS='{"openid_connect":{"APPS":[{"provider_id":"authentik","name":"authentik","client_id":"<Client ID from authentik>","secret":"<Client Secret from authentik>","settings":{"server_url":"https://authentik.company/application/o/<application slug>/.well-known/openid-configuration"}}]}}' |
| 53 | +``` |
| 54 | + |
| 55 | +Restart the Tandoor service for the changes to take effect. |
| 56 | + |
| 57 | +## Configuration verification |
| 58 | + |
| 59 | +To confirm that authentik is properly configured with Tandoor, log out of Tandoor, locate the "Sign in with authentik" button on the login page, click on it, and ensure you can successfully log in using Single Sign-On. |
0 commit comments