Setting up OIDC

Note

You can find reference information in the OIDC authentication docs.

Authentik

For this guide, drop.tld is used as a placeholder for your Drop instance’s domain. Make sure to replace it with your actual domain.

In Authentik

1. Go to the admin dashboard
2. In the applications section, click Create with Provider Set any name and slug you want
3. Select OpenID Connect as the provider type
4. Configure the provider
   • Copy the client ID, and secret, you’ll need them for Drop
   • Set the redirect as Strict and the URL to https://drop.tld/api/v1/auth/odic/callback
   • Set the logout URL to https://drop.tld/api/v1/auth/odic/logout
     • Make sure to set the logout URL as a back-channel logout in the dropdown
5. Configure everything else as you see fit

For Drop

Note

Make sure to replace the client ID, secret, and well-known url with your actual values. You can find the well-known URL in the provider’s configuration page in Authentik.

For drop, the docker compose configuration would look like this:

services:
  drop:
    environment:
      - OIDC_CLIENT_ID=authentik-client-id
      - OIDC_CLIENT_SECRET=authentik-client-secret
      - OIDC_ADMIN_GROUP=admin-group-name
      - OIDC_WELLKNOWN=https://authentik.tld/application/o/<slug>/.well-known/openid-configuration