jyapayne/kaboot
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add Authentik blueprints for automated OAuth2/OIDC setup

Browse source 
Automate the manual Authentik configuration process using native YAML blueprints
that are applied on container startup.

Changes:
- Add kaboot-setup.yaml blueprint for local development
- Add kaboot-setup-production.yaml.example for production with configurable domains
- Update docker-compose.yml and docker-compose.prod.yml to mount blueprints
- Add AUTHENTIK_BOOTSTRAP_PASSWORD/TOKEN env vars for automated admin setup
- Update setup.sh to generate bootstrap credentials and display admin password
- Update Caddyfile.example with proper proxy headers for Authentik
- Add Caddyfile to .gitignore (user-specific config)
- Update docs with Quick Start sections for automated setup

The blueprints create:
- OAuth2/OIDC provider (public client, client_id: kaboot-spa)
- Kaboot application with redirect URIs
- kaboot-users group with application binding
- Enrollment flow with sign-up capability
- Password complexity policy
- Test user and service account (passwords set manually)
This commit is contained in:
Joey Yakimowich-Payne 2026-01-14 16:20:10 -07:00
commit 1506210a2e
No known key found for this signature in database
GPG key ID: DDF6AF5B21B407D4
11 changed files with 765 additions and 131 deletions
Download patch file Download diff file Expand all files Collapse all files

39
docs/AUTHENTIK_SETUP.md
View file

@ -2,6 +2,45 @@
This guide walks through configuring Authentik as the OAuth2/OIDC identity provider for Kaboot.
## Quick Start (Automated Setup)
The recommended approach uses Authentik Blueprints for automatic configuration:
```bash
# 1. Run setup script (generates all secrets including admin password)
./scripts/setup.sh
# 2. Start the stack
docker compose up -d
# 3. Wait for Authentik to initialize (~30 seconds)
docker compose logs -f authentik-server | grep -i blueprint
# 4. Set password for test user
docker compose exec authentik-server ak set_password kaboottest
# Enter: kaboottest (or your preferred password)
# 5. (Optional) Create app password for service account via UI
# See "Step 7: Create a Service Account" below
```
The blueprint automatically creates:
- Kaboot OAuth2/OIDC Provider (public client, client_id: `kaboot-spa`)
- Kaboot Application with proper redirect URIs
- `kaboot-users` Group
- Enrollment flow with sign-up capability
- Password complexity policy
- Test user (`kaboottest`)
- Service account (`kaboot-test-service`)
Your admin credentials are printed by `setup.sh` - save them!
---
## Manual Setup (Alternative)
If you prefer manual configuration or need to customize the setup, follow the steps below.
## Prerequisites
- Docker and Docker Compose installed