---
title: FreshRSS
---
Support level: Community
## What is FreshRSS
> FreshRSS is a self-hosted RSS feed aggregator.
>
> -- https://github.com/FreshRSS/FreshRSS
## Preparation
The following placeholders will be used:
- `freshrss.company` is the FQDN of the FreshRSS install.
- `port` is the port on which the FreshRSS install is running (usually 443)
- `authentik.company` is the FQDN of the authentik install.
## authentik Configuration
In Authentik, create an _OAuth2/OpenID Provider_ under _Applications > Providers_.
** Protocol Settings **
_Client Type_ : _Confidential_
:::note
Take note of the `Client ID` and `Client Secret`, you'll need them later.
:::
_Redirect URIs/Origins_ :
- `https://freshrss.company/i/oidc/`
- `https://freshrss.company:port/i/oidc`
_Signing Key_ : Any of your signing keys
Then click _Finish_ to create your provider.
Then create an _Application_, note its slug, and assign it to the provider you've just created.
## FreshRSS Configuration
:::info
This integration only works with the Docker or Kubernetes install of FreshRSS, using [FreshRSS docker image](https://hub.docker.com/r/freshrss/freshrss/), on x86_64 systems and without the Alpine version of the image. More information can be found on [this issue on FreshRSS GitHub](https://github.com/FreshRSS/FreshRSS/issues/5722)
:::
Add those environment variables to your _Docker_ image :
- `OIDC_ENABLED` : `1`
- `OIDC_PROVIDER_METADATA_URL` : `https://authentik.company/application/o//.well-known/openid-configuration` replacing `` with the slug of your created application
- `OIDC_CLIENT_ID` : the client ID of your provider
- `OIDC_CLIENT_SECRET` : the client secret of your provider
- `OIDC_X_FORWARDED_HEADERS` : `X-Forwarded-Port X-Forwarded-Proto X-Forwarded-Host`
- `OIDC_SCOPES` : `openid email profile`
Before restarting your Docker container, ensure that one of the Admin users of your FreshRSS instance has the same login as one of your Authentik user.
Restart your FreshRSS container, and login as a user that exists on both FreshRSS and your Authentik.
Navigate to _Settings_ > _Authentication_ in your FreshRSS instance, and choose as an authentication method _HTTP (for advanced users with HTTPS)_
You can find additional information on [FreshRSS documentation](https://freshrss.github.io/FreshRSS/en/admins/16_OpenID-Connect.html)