OIDC: how can I prevent username from being set randomly, how can users find each other?


I set up today Vikunja with Authentik, so far it works fine, only that on first login a user is generated (that’s fine) with a random username (thats a bit of a problem), and not e.g. the username of authentik

How would users know their username in Vikunja? How are users supposed to find each others in teams afterwards if they are usernamed something like “uniquely-probable-bedbug” and not even can view or change their own username?

Did I misconfigure something? Thanks a lot for any advice!

Perfect would be, that not a random username is taken, but the one of authentik. Is that possible?

And by the way: I’m really amazed bei Vikunja, thanks a lot!



Vikunja will take the username from the preferred_username claim, if available. Otherwise, it’s going to create a random username.

I’m not too familiar with Authentik, but basically you’ll need to make sure that the ID token contains the preferred_username claim. In Keycloak for example that’s mapped to the profile scope, which is requested by Vikunja by default.

It’s up to you how you make the claim available. You can either make sure its added to one of the scopes requested by Vikunja (openid, email, profile, according to the specs it should be included in profile), or add a custom scope, or simply statically map the claim to the ID token.

I’ve created a PR to add more information to the docs. The more detailed information are now available in the documentation.

thanks a lot :slight_smile:
I understood my problem and were able to resolve it with the explanations :slight_smile:

1 Like