docs/content/integration/openid-connect/clients/actual-budget/index.md
{{% oidc-common %}}
This example makes the following assumptions:
https://actual-budget.{{< sitevar name="domain" nojs="example.com" >}}/
https://actual-budget.{{< sitevar name="domain" nojs="example.com" >}}/login.
This means if you change this value, you need to update the redirect URI.https://{{< sitevar name="subdomain-authelia" nojs="auth" >}}.{{< sitevar name="domain" nojs="example.com" >}}/actual-budgetinsecure_secretSome of the values presented in this guide can automatically be replaced with documentation variables.
{{< sitevar-preferences >}}
The following YAML configuration is an example Authelia client configuration for use with Actual Budget which will operate with the application example:
identity_providers:
oidc:
## The other portions of the mandatory OpenID Connect 1.0 configuration go here.
## See: https://www.authelia.com/c/oidc
clients:
- client_id: 'actual-budget'
client_name: 'Actual Budget'
client_secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'.
public: false
authorization_policy: 'two_factor'
require_pkce: false
pkce_challenge_method: ''
redirect_uris:
- 'https://actual-budget.{{< sitevar name="domain" nojs="example.com" >}}/openid/callback'
scopes:
- 'openid'
- 'profile'
- 'groups'
- 'email'
response_types:
- 'code'
grant_types:
- 'authorization_code'
access_token_signed_response_alg: 'none'
userinfo_signed_response_alg: 'none'
token_endpoint_auth_method: 'client_secret_basic'
To configure Actual Budget there are three methods, using the Configuration File, using Environment Variables, or using the Web GUI.
To configure Actual Budget to utilize Authelia as an OpenID Connect 1.0 Provider, use the following configuration:
{
"openId": {
"discoveryURL": "https://{{< sitevar name="subdomain-authelia" nojs="auth" >}}.{{< sitevar name="domain" nojs="example.com" >}}",
"client_id": "actual-budget",
"client_secret": "insecure_secret",
"server_hostname": "https://actual-budget.{{< sitevar name="domain" nojs="example.com" >}}",
"authMethod": "oauth2"
}
}
To configure Actual Budget to utilize Authelia as an OpenID Connect 1.0 Provider, use the following environment variables:
ACTUAL_OPENID_DISCOVERY_URL=https://{{< sitevar name="subdomain-authelia" nojs="auth" >}}.{{< sitevar name="domain" nojs="example.com" >}}
ACTUAL_OPENID_CLIENT_ID=actual-budget
ACTUAL_OPENID_CLIENT_SECRET=insecure_secret
ACTUAL_OPENID_SERVER_HOSTNAME=https://actual-budget.{{< sitevar name="domain" nojs="example.com" >}}
ACTUAL_OPENID_AUTH_METHOD=oauth2
services:
actual-budget:
environment:
ACTUAL_OPENID_DISCOVERY_URL: 'https://{{< sitevar name="subdomain-authelia" nojs="auth" >}}.{{< sitevar name="domain" nojs="example.com" >}}/.well-known/openid-configuration'
ACTUAL_OPENID_CLIENT_ID: 'actual-budget'
ACTUAL_OPENID_CLIENT_SECRET: 'insecure_secret'
ACTUAL_OPENID_SERVER_HOSTNAME: 'https://actual-budget.{{< sitevar name="domain" nojs="example.com" >}}'
ACTUAL_OPENID_AUTH_METHOD: 'oauth2'
To configure Actual Budget to utilize Authelia as an OpenID Connect 1.0 Provider, use the following instructions:
Otherhttps://{{< sitevar name="subdomain-authelia" nojs="auth" >}}.{{< sitevar name="domain" nojs="example.com" >}}actual-budgetinsecure_secret