spaceb0t
IImmich
•Created by gabemcg on 2/11/2023 in #help-desk-support
Pre-install questions
Did you get this working? I have the same setup, minus CF tunnel. I have no problems signing in on desktop using FQDN with workflow:
But in iOS I am only able to sign in using
http://<local-ip>:<port>/api
If I try to use the domain, Immich can’t connect via user/password, and the Authentik SSO button never appears119 replies
IImmich
•Created by Jiibus on 1/8/2023 in #help-desk-support
Connecting to Authentik
i did not actually look at the immich docs, I already knew which Authentik fields to post where based on the field names
77 replies
IImmich
•Created by Jiibus on 1/8/2023 in #help-desk-support
Connecting to Authentik
yeah, appears so
77 replies
IImmich
•Created by Jiibus on 1/8/2023 in #help-desk-support
Connecting to Authentik
here's the full text under that last screenshot:
https://cdn.securelink.to/u/CSdD8a.png
77 replies
IImmich
•Created by Jiibus on 1/8/2023 in #help-desk-support
Connecting to Authentik
¯\_(ツ)_/¯
77 replies
IImmich
•Created by Jiibus on 1/8/2023 in #help-desk-support
Connecting to Authentik
yeah, i used to think so too, but then suddenly they started magically appearing in Authentik
77 replies
IImmich
•Created by Jiibus on 1/8/2023 in #help-desk-support
Connecting to Authentik
well, i suppose it's a matter of symantics...maybe it's better to say - "Authentik grabs the redirect URL"
77 replies
IImmich
•Created by Jiibus on 1/8/2023 in #help-desk-support
Connecting to Authentik
Authentik generates 2 configuration links for OAuth2. By using the
/.well-known/ link in the Immich OAuth2 config section, upon first connection, Immich pushes basic config info back to Authentik (like the redirect URI).
However, since the mobile app has a different redirect, it's not going to get automatically populated
I'm not smart enough to know if it can be done automatically, I just figured I'd post the solution for the next person who comes searching for it77 replies
IImmich
•Created by Jiibus on 1/8/2023 in #help-desk-support
Connecting to Authentik
FWIW - Authentik does support the return URI
app.immich:/ but you have to input it manually in the Authentik settings
It seems that once Immich connects the first time with .../o/immich/.well-known/... that it doesn't automatically add a 2nd return URI for mobile
so you have to make sure both are listed in Authentik, manually:
https://cdn.securelink.to/u/EIQ9tv.png77 replies
IImmich
•Created by Jiibus on 1/8/2023 in #help-desk-support
Connecting to Authentik
i just had to put https://my.immichsite.com/api as the end point, which is what is listed as default, but I didn't see it until I had tried a bunch of other ones
77 replies
IImmich
•Created by Jiibus on 1/8/2023 in #help-desk-support
Connecting to Authentik
yeah, took me a bit to find the right url
77 replies
IImmich
•Created by Jiibus on 1/8/2023 in #help-desk-support
Connecting to Authentik
for OP - the settings for Immich OAuth2 in Authentik are more or less the same as Portainer, try this guide from the docs:
https://goauthentik.io/integrations/services/portainer/
77 replies
IImmich
•Created by Jiibus on 1/8/2023 in #help-desk-support
Connecting to Authentik
found this thread trying to get SSO working from the mobile app, couple of clarifications:
- Authentik works fine with Immich using OAuth2 on TrueNAS with proper settings
- The "Scale" app for DNS that OP is referring to is just Traefik
77 replies