website/integrations: Added Tandoor Recipe documentation

[fyksen]

Details

Added Tandoor recipe. Just started using Authentik, so please check that it looks good.

---

If applicable

• The documentation has been updated
• The documentation has been formatted (make website)

[netlify]

✅ Deploy Preview for authentik-storybook ready!

Name	Link
🔨 Latest commit	869d550
🔍 Latest deploy log	https://app.netlify.com/sites/authentik-storybook/deploys/64eddc70513c270008832184
😎 Deploy Preview	https://deploy-preview-6609--authentik-storybook.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify site configuration.

[netlify]

✅ Deploy Preview for authentik ready!

Name	Link
🔨 Latest commit	869d550
🔍 Latest deploy log	https://app.netlify.com/sites/authentik/deploys/64eddc709684a10008b5109f
😎 Deploy Preview	https://deploy-preview-6609--authentik.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify site configuration.

[codecov]

Codecov Report

Patch coverage has no change and project coverage change: +40.73% 🎉

Comparison is base (dd8bacc) 51.76% compared to head (0b44d94) 92.48%.
Report is 2 commits behind head on main.

Additional details and impacted files

@@             Coverage Diff             @@
##             main    #6609       +/-   ##
===========================================
+ Coverage   51.76%   92.48%   +40.73%     
===========================================
  Files         561      561               
  Lines       27093    27093               
===========================================
+ Hits        14022    25055    +11033     
+ Misses      13071     2038    -11033     

Flag	Coverage Δ
e2e	51.63% <ø> (+1.68%)	⬆️
integration	26.57% <ø> (ø)
unit	89.29% <ø> (?)

Flags with carried forward coverage won't be shown. Click here to find out more.

see 379 files with indirect coverage changes

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[tanberry]

Hi @fyksen , thanks for the contribution! I'll do a copy-edit on the accompanying documentation; let me know if you have any questions at all about my suggested edits. Thanks again!

[tanberry]

A few edits to make. Thanks again for your contribution!

[rissson]

I think the example with the SOCIALACCOUNT_PROVIDERS environment variable got lost somewhere. Would it be possible to put it back in?

[tanberry]

@fyksen heads up about above note...

[entnx-01]

Just fyi. I had to enable the new provider. Maybe something you should add to the documentation:
SOCIAL_PROVIDERS = allauth.socialaccount.providers.openid_connect

[nicedevil007]

can someone share information what the issue maybe if we get this error?

I'm using this URI for my Redirect URIs => https://tandoor.mydomain.com/accounts/authentik/login/callback/

[nicedevil007]

Ok it is working for new accounts but not on existing ones that I want to link later on, is that possible to achieve as well?

[NathanReus]

@fyksen This should be https://tandoor.company/accounts/oidc/authentik/login/callback/ (note the added 'oidc').

[nicedevil007]

Were you able to fix the issue with linking existing local accounts to OIDC accounts?

[NathanReus]

Yes. I configured it with Authentik as per the instructions in this PR (with the change as per my previous comment in the callback URL). I logged in as my local Tandoor user, went into user settings and there was a button to connect a social account. I did so, it went through Authentik's authorisation flow, and redirected me back to Tandoor, at which time it told me it was successfully linked. I've since logged out and back in without issue.

I'm on the latest version of both Authentik (2024.2.2) and Tandoor (1.5.17).

[nicedevil007]

figured out that I already got the 'oidc' part in my CallbackURL but it is still erroring out with Server Error 500 (ofc most recent version, both)

[nicedevil007]

I found the issue :/

I had to convert the PSQL encodging from SQL_ASCII to UTF8 on tandoor and after this my account was able to be connected with authentik

I switched to UTF8 and now it is working for existing user accounts.

[koseduhemak]

@nicedevil007 are you sure the issue was related to PSQL encoding?
I have the same problem - error 500 when trying to login with authentik. I also changed the callback URL but had not luck so far.
I checked my PSQL database and it is UTF8 encoded:

Does anyone has an idea how to fix the error 500 after trying to login with authentik?

Logs:

recipes  | ::ffff:172.16.1.24 - - [30/Apr/2024:15:53:59 +0200] "GET /accounts/login/?next=/search/ HTTP/1.0" 500 145 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15"
recipes  |   File "/opt/recipes/venv/lib/python3.12/site-packages/django/template/defaulttags.py", line 238, in render
recipes  |     nodelist.append(node.render_annotated(context))
recipes  |                     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
recipes  |   File "/opt/recipes/venv/lib/python3.12/site-packages/django/template/base.py", line 966, in render_annotated
recipes  |     return self.render(context)
recipes  |            ^^^^^^^^^^^^^^^^^^^^
recipes  |   File "/opt/recipes/venv/lib/python3.12/site-packages/django/template/defaulttags.py", line 321, in render
recipes  |     return nodelist.render(context)
recipes  |            ^^^^^^^^^^^^^^^^^^^^^^^^
recipes  |   File "/opt/recipes/venv/lib/python3.12/site-packages/django/template/base.py", line 1005, in render
recipes  |     return SafeString("".join([node.render_annotated(context) for node in self]))
recipes  |                                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
recipes  |   File "/opt/recipes/venv/lib/python3.12/site-packages/django/template/base.py", line 966, in render_annotated
recipes  |     return self.render(context)
recipes  |            ^^^^^^^^^^^^^^^^^^^^
recipes  |   File "/opt/recipes/venv/lib/python3.12/site-packages/django/template/library.py", line 237, in render
recipes  |     output = self.func(*resolved_args, **resolved_kwargs)
recipes  |              ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
recipes  |   File "/opt/recipes/venv/lib/python3.12/site-packages/allauth/socialaccount/templatetags/socialaccount.py", line 20, in provider_login_url
recipes  |     provider = adapter.get_provider(request, provider)
recipes  |                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
recipes  |   File "/opt/recipes/venv/lib/python3.12/site-packages/allauth/socialaccount/adapter.py", line 216, in get_provider
recipes  |     app = self.get_app(request, provider=provider)
recipes  |           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
recipes  |   File "/opt/recipes/venv/lib/python3.12/site-packages/allauth/socialaccount/adapter.py", line 301, in get_app
recipes  |     raise MultipleObjectsReturned
recipes  | django.core.exceptions.MultipleObjectsReturned

[koseduhemak]

Ok I think i figured it out. I had both configured - OIDC within the Django admin panel & as environment variables. I guess it was related to previous experiments. However it worked fine for the last 10 months.
Now I removed the config from Django admin and exclusively configured docker env variables.
I detached the identities from the old OIDC provider and linked it again - now it is working again.