docs/content/integration/openid-connect/clients/audiobookshelf/index.md
{{% oidc-common %}}
This example makes the following assumptions:
https://audiobookshelf.{{< sitevar name="domain" nojs="example.com" >}}/
https://audiobookshelf.{{< sitevar name="domain" nojs="example.com" >}}/login.
This means if you change this value, you need to update the redirect URI.https://{{< sitevar name="subdomain-authelia" nojs="auth" >}}.{{< sitevar name="domain" nojs="example.com" >}}/audiobookshelfinsecure_secretSome of the values presented in this guide can automatically be replaced with documentation variables.
{{< sitevar-preferences >}}
The following YAML configuration is an example Authelia client configuration for use with audiobookshelf which will operate with the application example:
identity_providers:
oidc:
clients:
- client_id: 'audiobookshelf'
client_name: 'audiobookshelf'
client_secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'.
public: false
authorization_policy: 'two_factor'
require_pkce: true
pkce_challenge_method: 'S256'
redirect_uris:
- 'https://audiobookshelf.{{< sitevar name="domain" nojs="example.com" >}}/auth/openid/callback'
- 'https://audiobookshelf.{{< sitevar name="domain" nojs="example.com" >}}/auth/openid/mobile-redirect'
- 'audiobookshelf://oauth'
scopes:
- 'openid'
- 'profile'
- 'groups'
- 'email'
response_types:
- 'code'
grant_types:
- 'authorization_code'
access_token_signed_response_alg: 'none'
userinfo_signed_response_alg: 'none'
token_endpoint_auth_method: 'client_secret_basic'
To configure audiobookshelf there is one method, using the Web GUI.
To configure audiobookshelf to utilize Authelia as an OpenID Connect 1.0 Provider, use the following instructions:
Issuer URL and clicking
Auto-populate and just verifying the value is correct):
https://{{< sitevar name="subdomain-authelia" nojs="auth" >}}.{{< sitevar name="domain" nojs="example.com" >}}https://{{< sitevar name="subdomain-authelia" nojs="auth" >}}.{{< sitevar name="domain" nojs="example.com" >}}/api/oidc/authorizationhttps://{{< sitevar name="subdomain-authelia" nojs="auth" >}}.{{< sitevar name="domain" nojs="example.com" >}}/api/oidc/tokenhttps://{{< sitevar name="subdomain-authelia" nojs="auth" >}}.{{< sitevar name="domain" nojs="example.com" >}}/api/oidc/userinfohttps://{{< sitevar name="subdomain-authelia" nojs="auth" >}}.{{< sitevar name="domain" nojs="example.com" >}}/jwks.jsonaudiobookshelfinsecure_secretRS256audiobookshelf://oauthNoneLogin with AutheliaMatch by usernameIn addition to the configuration above you may want to consider enabling the Auto Launch and Auto Register features. It's important to note that if you enable Auto Launch you will automatically be redirected to Authelia for consent regardless if you have an account or not, and audiobookshelf does not seem to provide errors to the user when this happens.
Auto Registration is probably fine but if you only want some users to have access to audiobookshelf we suggest leaving it off.
The groups claim can be configured as groups but you must make sure the groups expected by audiobookshelf exist for
the users you want to have access. This will also mean the group management will occur in Authelia, not audiobookshelf
presumably.
{{< figure src="audiobookshelf_1.png" alt="audiobookshelf_1" width="300" >}}