Hi,
Vikunja will take the username from the preferred_username claim, if available. Otherwise, it’s going to create a random username.
I’m not too familiar with Authentik, but basically you’ll need to make sure that the ID token contains the preferred_username claim. In Keycloak for example that’s mapped to the profile scope, which is requested by Vikunja by default.
It’s up to you how you make the claim available. You can either make sure its added to one of the scopes requested by Vikunja (openid, email, profile, according to the specs it should be included in profile), or add a custom scope, or simply statically map the claim to the ID token.