Integrate with Mastodon
What is Mastodon
Mastodon is free and open-source software for running self-hosted social networking services. It has microblogging features similar to Twitter
Preparation
The following placeholders are used in this guide:
mastodon.companyis the FQDN of the mastodon installation.authentik.companyis the FQDN of the authentik installation.
This documentation lists only the settings that you need to change from their default values. Be aware that any changes other than those explicitly mentioned in this guide could cause issues accessing your application.
authentik Configuration
Step 1 - OAuth2/OpenID Provider
Create a OAuth2/OpenID Provider (under Applications/Providers) with these settings:
- Name : mastodon
- Redirect URI:
https://mastodon.company/auth/auth/openid_connect/callback
Step 3 - Application
Create an application (under Resources/Applications) with these settings:
- Name: Mastodon
- Slug: mastodon
- Provider: mastodon
Mastodon Setup
Configure Mastodon OIDC_ settings by editing the .env.production and add the following:
When using preferred_username as the user identifier, ensure that the Allow users to change username setting is disabled to prevent authentication issues.
You can configure Mastodon to use either the sub or preferred_username as the UID field under OIDC_UID_FIELD. The sub option uses a unique, stable identifier for the user, while preferred_username uses the username configured in authentik.
OIDC_ENABLED=true
OIDC_DISPLAY_NAME=authentik
OIDC_DISCOVERY=true
OIDC_ISSUER=< OpenID Configuration Issuer>
OIDC_AUTH_ENDPOINT=https://authentik.company/application/o/authorize/
OIDC_SCOPE=openid,profile,email
OIDC_UID_FIELD=preferred_username
OIDC_CLIENT_ID=<Client ID>
OIDC_CLIENT_SECRET=<Client Secret>
OIDC_REDIRECT_URI=https://mastodon.company/auth/auth/openid_connect/callback
OIDC_SECURITY_ASSUME_EMAIL_IS_VERIFIED=true
Restart mastodon-web.service