Skip to main content

Vikunja

What is Vikunja

From https://vikunja.io/

note

Vikunja is an Open-Source, self-hosted To-Do list application for all platforms. It is licensed under the GPLv3.

note

This is based on authentik 2021.7.3 and Vikunja V0.17.1 using the Docker-Compose install https://vikunja.io/docs/full-docker-example/. Instructions may differ between versions.

Preparation

The following placeholders will be used:

  • vik.company is the FQDN of Vikunja.
  • authentik.company is the FQDN of authentik.

Step 1

In authentik, under Providers, create an OAuth2/OpenID Provider with these settings:

note

Only settings that have been modified from default have been listed.

Protocol Settings

  • Name: Vikunja
  • Client type: Confidential
  • Client ID: Copy and Save this for Later
  • Client Secret: Copy and Save this for later
  • Redirect URIs/Origins:
https://vik.company/auth/openid
https://vik.company/auth/openid/Vikunja

Step 2

Edit/Create you config.yml file for Vikunja

Incorporate the following example Auth block into your config.yml

auth:
# Local authentication will let users log in and register (if enabled) through the db.
# This is the default auth mechanism and does not require any additional configuration.
local:
# Enable or disable local authentication
enabled: true
# OpenID configuration will allow users to authenticate through a third-party OpenID Connect compatible provider.<br/>
# The provider needs to support the `openid`, `profile` and `email` scopes.<br/>
# **Note:** Some openid providers (like gitlab) only make the email of the user available through openid claims if they have set it to be publicly visible.
# If the email is not public in those cases, authenticating will fail.
# **Note 2:** The frontend expects to be redirected after authentication by the third party
# to <frontend-url>/auth/openid/<auth key>. Please make sure to configure the redirect url with your third party
# auth service accordingly if you're using the default Vikunja frontend.
# Take a look at the [default config file](https://kolaente.dev/vikunja/api/src/branch/main/config.yml.sample) for more information about how to configure openid authentication.
openid:
# Enable or disable OpenID Connect authentication
enabled: true
# The url to redirect clients to. Defaults to the configured frontend url. If you're using Vikunja with the official
# frontend, you don't need to change this value.
redirecturl: https://vik.company/auth/openid/
# A list of enabled providers
providers:
# The name of the provider as it will appear in the frontend.
- name: vikunja
# The auth url to send users to if they want to authenticate using OpenID Connect.
authurl: https://authentik.company/application/o/vikunja/
# The client ID used to authenticate Vikunja at the OpenID Connect provider.
clientid: THIS IS THE CLIENT ID YOU COPIED FROM STEP 1 in authentik
# The client secret used to authenticate Vikunja at the OpenID Connect provider.
clientsecret: THIS IS THE CLIENT SECRET YOU COPIED FROM STEP 1 in authentik

Step 3

In authentik, create an application which uses this provider. Optionally apply access restrictions to the application using policy bindings.

Notes

note

Recommend you restart the Vikunja stack after making the config file changes.