How to configure a provider for Odoo?

The odoo OAuth code was written something like 8 years ago and uses practices that were deemed OK then, but have since been considered insecure. I assume that’s why Authentik doesn’t seem to support it. I’ve been banging my head against this very same problem the past couple of days and happened on this thread while madly googling for a solution. Here’s how I got it to work: (in each section i will only mention the non obvious fields)

In Authentik: Client Type: Confidential Redirect URI: http://your.odoo/auth_oauth/signin/ –edited to add: The Redirect URI is where I have the most problems. I’ve had to include serveral URIs in this field for example: http://your.odoo/auth_oauth/signin/ https://your.odoo/auth_oauth/signin/ https://www.your.odoo/auth_oauth/signin/ – end edit Signing Key: authentik Self-signed certificate (RSA) please note the redirect uri is http NOT https but depending on your setup maybe you can get away with https and you need to specify a signing key or it won’t work.

In Odoo:

• Install the auth_oidc module from the OCA repo server-auth
• In Settings enable OAuth and configure a provider

Create a new OAuth provider: Auth Flow: OpenID Connect (authorization code flow) Token Map: email:user_id Fill in all the rest by plugging in values from your Authentik provider: Client ID Client Secret Authorization URL UserInfo URL Token URL JWKS URL   For every user you want to enable OAuth open the OAuth tab on the user record:

• OAuth provider: set to the provider you created above
• OAuth User id: the email the user will be using to login If it’s a pre-existing user you may have to send a reset password email to get this to work

As a last step: pray to the deity of your choice, maybe go to a sunday service or two, promise to sacrifice your first-born child and…

try not to rip your hair out or throw your computer out the window when it doesn’t work anyway.

Wow, thanks a lot for that detailed reply, I’ll try that right when I’m back to work