OAuth 2.0 is an authorization protocol and NOT an authentication protocol. As such, it is designed primarily as a means of granting access to a set of resources, for example, remote APIs or user data. OAuth 2.0 uses Access Tokens.
If you are having issues with redirect uri please check the listed items
- Are you accessing the service trough a local ip
Example 192.168.1.25 or 127.24.4.1
- Have you checked the provider
Redirect URIs/Origins (RegEx)
Head to Applications > Providers > YOR_PROVIDER > Edit to check
- Go to Applications > Providers
- Create a new Provider
- Choose OAuth2/OpenID Provider
- Name: Immich
- Authentication flow: default-authentication-flow
- Authorization flow: default-provider-authorization-explicit-consent
- Redirect URIs/Origins (RegEx):
https://photos.yourdomain.com
https://photos.yourdomain.com.*
http://localhost:2283
- Make sure you copy the
Client ID and Client Secret into notepad
- Create the provider
- Edit the Provider
- Scroll down to Redirect URIs/Origins (RegEx)
- Add URIs
app.immich:///oauth-callback
app.immich:///oauth-callback.*
- Save the provider and test mobile
- Go to Applications > Applications
- Create a new application
- Use these options
- name:
Immich
- slug:
photos ( Recommended )
- provider:
Immich
- Hit create
- Head back to the provider
- Copy the
OpenID Configuration Issuer into notepad
- Go to Administration > Settings > Auth settings > OAuth
- Paste/Put in the values
- ISSUER URL - paste the
OpenID Configuration Issuer here
- CLIENT ID - paste the
Client Id here
- CLIENT SECRET - paste the
Client Secret here
- Check if these options are correct
| Service |
scope |
Signing algorithim |
Button text |
| Authentik |
openid email profile |
RS256 |
Authentik |
- Save the config
- Go to Applications > Providers
- Create a new provider
- Choose OAuth2/OpenID Provider
- Name: Gitea
- Authentication flow: default-authentication-flow
- Authorization flow: default-provider-authorization-explicit-consent
- Copy the
Client Id and Client Secret into notepad
- Create the provider
- Go to Applications > Applications
- Create a new Application
- Use these options
name: Gitea
slug: git ( Recommended )
provider: Gitea
- Hit create
- Head back to the provider
- Copy the
OpenID Configuration URL into notepad
- Head to Settings > Developer Options > OAuth Apps
- Clock on New OAuth App
- Put in these values
- Application Name:
Gitea
- Homepage Url:
YOUR_GITEA_URL_INSTANCE
- Application Description:
Login to (URL_HERE) using github
- Authorization callback url>
URL_HERE/user/oauth2/Github/callback
- Register the Application
- Generate a new Client Secret
- Copy the Client Id and CLient Secret
- Go to Sitea Administration > Identity & Access > Authentication Sources
- Click on Add Authentication Source
Paste/Put in the values
- Authentication Name:
Authentik
- Authentication Type:
OAuth2
- OAuth2 Provider:
OpenID Connect
- Client Id >
PASTE_THE_CLIENT_ID_YOU_SAVED
- Client Secret >
PASTE_THE_CLIENT_SECRET_YOU_SAVED
- OpenID Connect Auto Discovery URL >
PASTE_THE_OPENID_CONFIGURATION_URL_YOU_SAVED
- Additional Scopes:
email profile
- ( Optional ) Icon url:
https://authentik.yourdomain.com/static/dist/assets/icons/icon.svg
Create the Source once finished
Paste/Put in the values
- Authentication Name:
Github
- Authentication Type:
OAuth2
- OAuth2 Provider:
Github
- Client Id >
PASTE_THE_CLIENT_ID_YOU_SAVED
- Client Secret >
PASTE_THE_CLIENT_SECRET_YOU_SAVED
- ( Optional ) Icon URL:
https://github.githubassets.com/images/modules/logos_page/GitHub-Mark.png
Create the Source once finished