From f7b380ca76d1b112e6600e695ec8821cdd1f676d Mon Sep 17 00:00:00 2001 From: Dominic R Date: Thu, 4 Jun 2026 13:37:19 -0400 Subject: [PATCH] website/integrations: PocketBase: cleanup (#22705) * website/integrations: PocketBase: cleanup Agent-thread: https://sdko.org/internal/threads/019e6b67-aedf-7992-8101-7bc4b4a0c7c7 A7k-product: product A7k-product-repo: 2 Co-authored-by: Agent * Update website/integrations/platforms/pocketbase/index.md Signed-off-by: Dominic R --------- Signed-off-by: Dominic R Co-authored-by: Agent --- .../platforms/pocketbase/index.md | 63 ++++++++++--------- 1 file changed, 33 insertions(+), 30 deletions(-) diff --git a/website/integrations/platforms/pocketbase/index.md b/website/integrations/platforms/pocketbase/index.md index ab7e804c80..747e5bbbca 100644 --- a/website/integrations/platforms/pocketbase/index.md +++ b/website/integrations/platforms/pocketbase/index.md @@ -6,16 +6,9 @@ support_level: community ## What is PocketBase? -> PocketBase is a lightweight backend solution that provides a built-in database, authentication, and file storage. -> It allows developers to quickly set up and manage backend services without complex configurations. -> With its simple API and easy-to-use dashboard, it's perfect for small projects, prototypes, or even full-scale applications. +> PocketBase is an open source backend consisting of an embedded SQLite database, realtime subscriptions, built-in auth management, a dashboard UI, and a REST-like API. > -> -- https://pocketbase.io/ - -:::info -If your application relies on PocketBase as its backend, you may need to replace the pocketbase.company placeholder with your application's name. -However, if PocketBase is hosted on a separate domain and users are redirected there for authentication, this notice may not be necessary. Conversely, if PocketBase is hosted on the same domain as your application, this distinction might be relevant. -::: +> -- https://pocketbase.io ## Preparation @@ -36,29 +29,39 @@ To support the integration of PocketBase with authentik, you need to create an a 1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Applications** > **Applications** and click **New Application** to open the application wizard. - -- **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. -- **Choose a Provider type**: select **OAuth2/OpenID Connect** as the provider type. -- **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations. - - Note the **Client ID**, **Client Secret**, and **slug** values because they will be required later. - - Set a `Strict` redirect URI to `https://pocketbase.company/api/oauth2-redirect`. - - Select any available signing key. -- **Configure Bindings** _(optional)_: you can create a [binding](/docs/add-secure-apps/bindings-overview/) (policy, group, or user) to manage the listing and access to applications on a user's **Application Dashboard** page. + - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. + - **Choose a Provider type**: select **OAuth2/OpenID Connect** as the provider type. + - **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations. + - Note the **Client ID** and **Client Secret** values because they will be required later. + - Set a `Strict` redirect URI to `https://pocketbase.company/api/oauth2-redirect`. + - Select any available signing key. + - **Configure Bindings** _(optional)_: you can create a [binding](/docs/add-secure-apps/bindings-overview/) (policy, group, or user) to manage the listing and access to applications on a user's **Application Dashboard** page. 3. Click **Submit** to save the new application and provider. ## PocketBase configuration -1. Sign in to PocketBase and access the superusers dashboard by navigating to `https://pocketbase.company/\_/#/settings`. -2. Toggle off **Hide collection create and edit controls** then click the **Save changes** button. -3. Open the **users** collection by clicking the **Collections** icon on the sidebar or head to `https://pocketbase.company/\_/#/collections?collection=pb_users_auth`. -4. Click the gear icon next to the collection's name, then select the **Options** tab in the popup on the right. -5. Enable the **OAuth2** authentication method by clicking the **OAuth2** tab and toggling **Enable**. -6. Click **+ Add provider**, then select **OpenID Connect**. -7. Enter the following details from the authentik provider: - - Set **Client ID** to the Client ID copied from authentik. - - Set **Client secret** to the Client Secret copied from authentik. - - Set **Display name** to `authentik`. - - Set **Auth URL** to `https://authentik.company/application/o/authorize/`. - - Set **Token URL** to `https://authentik.company/application/o/token/`. - - Make sure **Fetch user info from** is set to `User info URL`, then set **User info URL** to `https://authentik.company/application/o/userinfo/` +1. Sign in to the PocketBase superuser dashboard at `https://pocketbase.company/_/`. +2. If collection controls are locked, navigate to **Settings** > **Application**, disable **Hide/Lock collection and record controls**, and click **Save changes**. +3. Navigate to **Collections** and open the **users** auth collection. +4. Click the gear icon next to the collection name and select the **Options** tab. +5. Open the **OAuth2** section and click **Add provider**. +6. Select **OIDC** and enter the following values: + - **Client ID**: enter the **Client ID** from authentik. + - **Client secret**: enter the **Client Secret** from authentik. + - **Display name**: `authentik` + - **Auth URL**: `https://authentik.company/application/o/authorize/` + - **Token URL**: `https://authentik.company/application/o/token/` + - **User info URL**: `https://authentik.company/application/o/userinfo/` +7. Click **Set provider config**. +8. Click **Save changes**. + +## Configuration verification + +To confirm that authentik is properly configured with PocketBase, open your application and sign in with the authentik OAuth2 provider. + +## Resources + +- [PocketBase documentation - Authenticate with OAuth2](https://pocketbase.io/docs/authentication/#authenticate-with-oauth2) +- [PocketBase source - OIDC provider](https://github.com/pocketbase/pocketbase/blob/master/tools/auth/oidc.go) +- [PocketBase source - OAuth2 redirect route](https://github.com/pocketbase/pocketbase/blob/master/apis/record_auth.go)