Configure OpenID via environment

Support
21

Not quite sure it works with the unstable tag, but maybe im just wrong.
Here is my values.yaml file:

      env: 
        VIKUNJA_AUTH_OPENID_ENABLED: TRUE
        VIKUNJA_AUTH_OPENID_PROVIDERS: AUTHENTIK
        VIKUNJA_AUTH_OPENID_PROVIDERS_AUTHENTIK_NAME: authentik
        VIKUNJA_AUTH_OPENID_PROVIDERS_AUTHENTIK_AUTHURL:
          valueFrom:
            secretKeyRef:
              name: sealed-secret-vikunja-passwords
              key: vikunja-openid-authurl
        VIKUNJA_AUTH_OPENID_PROVIDERS_AUTHENTIK_CLIENTID:
          valueFrom:
            secretKeyRef:
              name: sealed-secret-vikunja-passwords
              key: vikunja-openid-clientid
        VIKUNJA_AUTH_OPENID_PROVIDERS_AUTHENTIK_CLIENTSECRET:
          valueFrom:
            secretKeyRef:
              name: sealed-secret-vikunja-passwords
              key: vikunja-openid-clientsecret

and here is the error message I get:
2025-02-01T19:12:03Z: INFO :arrow_forward: 001 Using config file: /etc/vikunja/config.yml
panic: interface conversion: interface {} is string, not map[string]interface {}

Anything my config is missing or is this still not working?

22

if you are substituting values from a secret anyways, why not substitute into the configmap?

23

It should work with the latest unstable build. The format has changed
and that change was not yet released as stable.

panic: interface conversion: interface {} is string, not
map[string]interface {}

Try removing the VIKUNJA_AUTH_OPENID_PROVIDERS: AUTHENTIK line.

24

Thanks for implementing this! I am running version v0.24.1-821-398d0c7ab5 from the unstable branch on dockerhub. I am trying to set up OIDC to my keycloak instance through the ENV vars below:

# OpenID Connect ENVs
      VIKUNJA_AUTH_OPENID_ENABLED: true
      VIKUNJA_AUTH_OPENID_PROVIDERS_KEYCLOAK_NAME: Keycloak
      VIKUNJA_AUTH_OPENID_PROVIDERS_KEYCLOAK_ISSUERURL: https://domain.tld/auth/realms/my-realm/.well-known/openid-configuration
      VIKUNJA_AUTH_OPENID_PROVIDERS_KEYCLOAK_AUTHURL: https://domain.tld/auth/admin/my-realm
      VIKUNJA_AUTH_OPENID_PROVIDERS_KEYCLOAK_CLIENTID: vikunja-app
      VIKUNJA_AUTH_OPENID_PROVIDERS_KEYCLOAK_CLIENTSECRET: MWTcjN9zBoq1QqkI77xfDfpa1NbNUct1
      VIKUNJA_AUTH_OPENID_PROVIDERS_KEYCLOAK_SCOPE: "openid profile email"
      VIKUNJA_AUTH_OPENID_PROVIDERS_KEYCLOAK_LOGOUTURL: https://domain.tld/auth/admin/my-realm/protocol/openid-connect/logout

However, I’m getting the following error in the logs:
vikunja | 2025-02-23T20:57:25+01:00: ERROR ▶ 0f7 Error while getting openid provider keycloak: 405 Method Not Allowed: {"error":"HTTP 405 Method Not Allowed"}

I don’t know if its my enviorment variables that aren’t working or if it’s the keycloak instance (I’m too tired to troubleshoot it), so if anyone has any ideas - input is welcome.