62 lines
1.6 KiB
Markdown
62 lines
1.6 KiB
Markdown
---
|
|
title: Mastodon
|
|
---
|
|
|
|
<span class="badge badge--secondary">Support level: Community</span>
|
|
|
|
## What is Mastodon
|
|
|
|
From https://joinmastodon.org/
|
|
:::note
|
|
Mastodon is free and open-source software for running self-hosted social networking services. It has microblogging features similar to Twitter
|
|
:::
|
|
|
|
## Preparation
|
|
|
|
The following placeholders will be used:
|
|
|
|
- `mastodon.company` is the FQDN of the mastodon install.
|
|
- `authentik.company` is the FQDN of the authentik install.
|
|
|
|
## authentik Configuration
|
|
|
|
### Step 1 - OAuth2/OpenID Provider
|
|
|
|
Create a OAuth2/OpenID Provider (under _Applications/Providers_) with these settings:
|
|
|
|
- Name : mastodon
|
|
- Redirect URI: `https://mastodon.company/auth/auth/openid_connect/callback`
|
|
|
|
### Step 3 - Application
|
|
|
|
Create an application (under _Resources/Applications_) with these settings:
|
|
|
|
- Name: Mastodon
|
|
- Slug: mastodon
|
|
- Provider: mastodon
|
|
|
|
## Mastodon Setup
|
|
|
|
Configure Mastodon `OIDC_` settings by editing the `.env.production` and add the following:
|
|
|
|
```
|
|
OIDC_ENABLED=true
|
|
OIDC_DISPLAY_NAME=authentik
|
|
OIDC_DISCOVERY=true
|
|
OIDC_ISSUER=< OpenID Configuration Issuer>
|
|
OIDC_AUTH_ENDPOINT=https://authentik.company/application/o/authorize/
|
|
OIDC_SCOPE=openid,profile,email
|
|
OIDC_UID_FIELD=sub
|
|
OIDC_CLIENT_ID=<Client ID>
|
|
OIDC_CLIENT_SECRET=<Client Secret>
|
|
OIDC_REDIRECT_URI=https://mastodon.company/auth/auth/openid_connect/callback
|
|
OIDC_SECURITY_ASSUME_EMAIL_IS_VERIFIED=true
|
|
```
|
|
|
|
Restart mastodon-web.service
|
|
|
|
## Additional Resources
|
|
|
|
- https://github.com/mastodon/mastodon/pull/16221
|
|
- https://forum.fedimins.net/t/sso-fuer-verschiedene-dienste/42
|