FreshRSS
What is FreshRSS
FreshRSS is a self-hosted RSS feed aggregator.
Preparation
The following placeholders will be used:
freshrss.company
is the FQDN of the FreshRSS install.port
is the port on which the FreshRSS install is running (usually 443)authentik.company
is the FQDN of the authentik install.
authentik Configuration
In Authentik, create an OAuth2/OpenID Provider under Applications > Providers.
** Protocol Settings ** Client Type : Confidential
Take note of the Client ID
and Client Secret
, you'll need them later.
Redirect URIs/Origins :
https://freshrss.company/i/oidc/
https://freshrss.company:port/i/oidc
Signing Key : Any of your signing keys
Then click Finish to create your provider.
Then create an Application, note its slug, and assign it to the provider you've just created.
FreshRSS Configuration
This integration only works with the Docker or Kubernetes install of FreshRSS, using FreshRSS docker image, on x86_64 systems and without the Alpine version of the image. More information can be found on this issue on FreshRSS GitHub
Add those environment variables to your Docker image :
OIDC_ENABLED
:1
OIDC_PROVIDER_METADATA_URL
:https://authentik.company/application/o/<application-slug>/.well-known/openid-configuration
replacing<application-slug>
with the slug of your created applicationOIDC_CLIENT_ID
: the client ID of your providerOIDC_CLIENT_SECRET
: the client secret of your providerOIDC_X_FORWARDED_HEADERS
:X-Forwarded-Port X-Forwarded-Proto X-Forwarded-Host
OIDC_SCOPES
:openid email profile
Before restarting your Docker container, ensure that one of the Admin users of your FreshRSS instance has the same login as one of your Authentik user.
Restart your FreshRSS container, and login as a user that exists on both FreshRSS and your Authentik. Navigate to Settings > Authentication in your FreshRSS instance, and choose as an authentication method HTTP (for advanced users with HTTPS)
You can find additional information on FreshRSS documentation