From f0f737a1a9790e740f4af0231ee4eae8e97a9650 Mon Sep 17 00:00:00 2001
From: Slavik <Slavikca@gmail.com>
Date: Wed, 30 Oct 2024 22:59:28 -0400
Subject: [PATCH 1/2] add Authenik details to sso.md

---
 docs/tutorials/features/sso.md | 26 +++++++++++++++++++-------
 1 file changed, 19 insertions(+), 7 deletions(-)

diff --git a/docs/tutorials/features/sso.md b/docs/tutorials/features/sso.md
index 045bb1b..1b9fd54 100644
--- a/docs/tutorials/features/sso.md
+++ b/docs/tutorials/features/sso.md
@@ -227,16 +227,28 @@ services:
       - 4180:4180/tcp
 ```
 
+
+### Authentik
+
+To configure a [Authentik](https://goauthentik.io/) OAuth client, please refer to [documentation](https://docs.goauthentik.io/docs/applications) on how to create an application and `OAuth2/OpenID Provider`.
+The allowed redirect URI should include `<open-webui>/oauth/google/callback`.
+
+While creating provider, please note `App-name`, `Client-ID` and `Client-Secret` and use it for open-webui environment variables:
+
+```
+      - 'ENABLE_OAUTH_SIGNUP=true'
+      - 'OAUTH_MERGE_ACCOUNTS_BY_EMAIL=false'
+      - 'OAUTH_PROVIDER_NAME=Authentik'
+      - 'OPENID_PROVIDER_URL=https://<authentik-url>/application/o/<App-name>/.well-known/openid-configuration'
+      - 'OAUTH_CLIENT_ID=<Client-ID>'
+      - 'OAUTH_CLIENT_SECRET=<Client-Secret>'
+      - 'OAUTH_SCOPES=openid email profile'
+      - 'OPENID_REDIRECT_URI=https://<open-webui>/oauth/oidc/callback'
+```
+
 ### Authelia
 
 [Authelia](https://www.authelia.com/) can be configured to return a header for use with trusted header authentication.
 Documentation is available [here](https://www.authelia.com/integration/trusted-header-sso/introduction/).
 
 No example configs are provided due to the complexity of deploying Authelia.
-
-### Authentik
-
-[Authentik](https://goauthentik.io/) can be configured to return a header for use with trusted header authentication.
-Documentation is available [here](https://docs.goauthentik.io/docs/providers/proxy/). 
-
-No example configs are provided due to the complexity of deploying Authentik.

From 5a9a9f4a77e71fffe048322c75ff797a5558fff0 Mon Sep 17 00:00:00 2001
From: "slavik.fursov" <slavik.fursov@oracle.com>
Date: Thu, 31 Oct 2024 06:36:07 -0700
Subject: [PATCH 2/2] sso.md: few fixes for Authentik config docs

---
 docs/tutorials/features/sso.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/docs/tutorials/features/sso.md b/docs/tutorials/features/sso.md
index 1b9fd54..11c8a33 100644
--- a/docs/tutorials/features/sso.md
+++ b/docs/tutorials/features/sso.md
@@ -231,13 +231,13 @@ services:
 ### Authentik
 
 To configure a [Authentik](https://goauthentik.io/) OAuth client, please refer to [documentation](https://docs.goauthentik.io/docs/applications) on how to create an application and `OAuth2/OpenID Provider`.
-The allowed redirect URI should include `<open-webui>/oauth/google/callback`.
+The allowed redirect URI should include `<open-webui>/oauth/oidc/callback`.
 
 While creating provider, please note `App-name`, `Client-ID` and `Client-Secret` and use it for open-webui environment variables:
 
 ```
       - 'ENABLE_OAUTH_SIGNUP=true'
-      - 'OAUTH_MERGE_ACCOUNTS_BY_EMAIL=false'
+      - 'OAUTH_MERGE_ACCOUNTS_BY_EMAIL=true'
       - 'OAUTH_PROVIDER_NAME=Authentik'
       - 'OPENID_PROVIDER_URL=https://<authentik-url>/application/o/<App-name>/.well-known/openid-configuration'
       - 'OAUTH_CLIENT_ID=<Client-ID>'