Add authentik provider (#152)

* Add authentik provider

* Add authentik provider

* Add authentik provider

* Add authentik provider

Author: batizisanya

.env.example

@@ -23,11 +23,6 @@ DATABASE_URL="postgresql://splitpro:password@localhost:54321/splitpro"
 NEXTAUTH_SECRET="secret"
 NEXTAUTH_URL="http://localhost:3000"
 
-# Auth providers
-# Specify them separated by commas
-# Available providers : GOOGLE,EMAIL
-AUTH_PROVIDERS=GOOGLE,EMAIL
-
 # Enable sending invites
 ENABLE_SENDING_INVITES=false
 #********* END OF REQUIRED ENV VARS *********
@@ -45,6 +40,12 @@ EMAIL_SERVER_PASSWORD=
 GOOGLE_CLIENT_ID=
 GOOGLE_CLIENT_SECRET=
 
+# Authentic Providder : https://next-auth.js.org/providers/authentik
+# Issuer: should include the slug without a trailing slash – e.g., https://my-authentik-domain.com/application/o/splitpro
+AUTHENTIK_ID=
+AUTHENTIK_SECRET=
+AUTHENTIK_ISSUER=
+
 # Storage: any S3 compatible storage will work, for self hosting can use minio
 # If you're using minio for dev, you can generate access keys from the console http://localhost:9001/access-keys/new-account
 # R2_ACCESS_KEY="access-key"

docker/prod/compose.yml

@@ -30,7 +30,6 @@ services:
       - DATABASE_URL=${DATABASE_URL:?err}
       - NEXTAUTH_URL=${NEXTAUTH_URL:?err}
       - NEXTAUTH_SECRET=${NEXTAUTH_SECRET:?err}
-      - AUTH_PROVIDERS=${AUTH_PROVIDERS:?err}
       - ENABLE_SENDING_INVITES=${ENABLE_SENDING_INVITES:?err}
       - FROM_EMAIL=${FROM_EMAIL}
       - EMAIL_SERVER_HOST=${EMAIL_SERVER_HOST}
@@ -39,6 +38,9 @@ services:
       - EMAIL_SERVER_PASSWORD=${EMAIL_SERVER_PASSWORD}
       - GOOGLE_CLIENT_ID=${GOOGLE_CLIENT_ID}
       - GOOGLE_CLIENT_SECRET=${GOOGLE_CLIENT_SECRET}
+      - AUTHENTIK_ID=${AUTHENTIK_ID}
+      - AUTHENTIK_SECRET=${AUTHENTIK_SECRET}
+      - AUTHENTIK_ISSUER=${AUTHENTIK_ISSUER}
       - R2_ACCESS_KEY=${R2_ACCESS_KEY}
       - R2_SECRET_KEY=${R2_SECRET_KEY}
       - R2_BUCKET=${R2_BUCKET}

src/env.js

@@ -31,6 +31,9 @@ export const env = createEnv({
     EMAIL_SERVER_PASSWORD: z.string().optional(),
     GOOGLE_CLIENT_ID: z.string().optional(),
     GOOGLE_CLIENT_SECRET: z.string().optional(),
+    AUTHENTIK_ID: z.string().optional(),
+    AUTHENTIK_SECRET: z.string().optional(),
+    AUTHENTIK_ISSUER: z.string().optional(),
     R2_ACCESS_KEY: z.string().optional(),
     R2_SECRET_KEY: z.string().optional(),
     R2_BUCKET: z.string().optional(),
@@ -69,6 +72,9 @@ export const env = createEnv({
     EMAIL_SERVER_PASSWORD: process.env.EMAIL_SERVER_PASSWORD,
     GOOGLE_CLIENT_ID: process.env.GOOGLE_CLIENT_ID,
     GOOGLE_CLIENT_SECRET: process.env.GOOGLE_CLIENT_SECRET,
+    AUTHENTIK_ID: process.env.AUTHENTIK_ID,
+    AUTHENTIK_SECRET: process.env.AUTHENTIK_SECRET,
+    AUTHENTIK_ISSUER: process.env.AUTHENTIK_ISSUER,
     R2_ACCESS_KEY: process.env.R2_ACCESS_KEY,
     R2_SECRET_KEY: process.env.R2_SECRET_KEY,
     R2_BUCKET: process.env.R2_BUCKET,

src/server/auth.ts

@@ -4,6 +4,7 @@ import { getServerSession, type DefaultSession, type NextAuthOptions } from 'nex
 import DiscordProvider from 'next-auth/providers/discord';
 import GoogleProvider from 'next-auth/providers/google';
 import EmailProvider from 'next-auth/providers/email';
+import AuthentikProvider from 'next-auth/providers/authentik';
 
 import { env } from '~/env';
 import { db } from '~/server/db';
@@ -144,6 +145,17 @@ function getProviders() {
     );
   }
 
+  if (env.AUTHENTIK_ID && env.AUTHENTIK_SECRET && env.AUTHENTIK_ISSUER) {
+    providersList.push(
+      AuthentikProvider({
+        clientId: env.AUTHENTIK_ID,
+        clientSecret: env.AUTHENTIK_SECRET,
+        issuer: env.AUTHENTIK_ISSUER,
+		allowDangerousEmailAccountLinking: true,
+      })
+    );
+  }
+  
   return providersList;
 }