Skip to main content

Integrate with Discourse

Support level: Community

What is Discourse?

Discourse is an open-source platform for community discussion, including forums and real-time chat.

-- https://www.discourse.org/

Preparation

The following placeholders are used in this guide:

  • discourse.company is the FQDN of the Discourse installation.
  • authentik.company is the FQDN of the authentik installation.
info

This documentation lists only the settings that you need to change from their default values. Be aware that any changes other than those explicitly mentioned in this guide could cause issues accessing your application.

The OpenID Connect plugin is included with self-hosted Discourse. For sites hosted by Discourse, the plugin is available on the Business and Enterprise plans.

authentik configuration

Redirect URI changes in authentik 2026.5

In authentik versions earlier than 2026.5, all Redirect URIs are automatically treated as Authorization type. If you are using one of these older authentik versions, add only the Authorization URL to your Redirect URIs and do not configure a Post Logout URI.

To support the integration of Discourse with authentik, you need to create an application/provider pair in authentik.

Create an application and provider

  1. Log in to authentik as an administrator and open the authentik Admin interface.

  2. Navigate to Applications > Applications and click New Application to open the application wizard.

    • Application: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. Note the Slug value because it is required later.
    • Choose a Provider type: select OAuth2/OpenID Connect as the provider type.
    • Configure the Provider: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.
      • Note the Client ID and Client Secret values because they are required later.
      • Add a Redirect URI of type Strict Authorization with a value of https://discourse.company/auth/oidc/callback.
      • Select any available signing key.
    • Configure Bindings (optional): you can create a binding (policy, group, or user) to manage the listing and access to applications on a user's Application Dashboard page.
  3. Click Submit to save the new application and provider.

Discourse configuration

Configure OpenID Connect

  1. Log in to Discourse as an administrator and open the Discourse Admin interface.
  2. Navigate to Settings and search for openid_connect.
  3. Configure the following settings:
    • openid connect enabled: enable this setting.
    • openid connect discovery document: https://authentik.company/application/o/<application_slug>/.well-known/openid-configuration
    • openid connect client id: Client ID from authentik
    • openid connect client secret: Client Secret from authentik
    • openid connect authorize scope: openid email profile
  4. Save the changes.

Enable single logout (optional)

To end the user's authentik session when they log out of Discourse, configure RP-initiated logout:

  1. In the authentik Admin interface, navigate to Applications > Providers and open the provider that you created for Discourse.
  2. Add a Redirect URI of type Strict Post Logout with a value of https://discourse.company/.
  3. Click Update to save the provider.
  4. Return to the OpenID Connect settings in Discourse and configure the following settings:
    • openid connect rp initiated logout: enable this setting.
    • openid connect rp initiated logout redirect: https://discourse.company/
  5. Save the changes.

Skip account confirmation (optional)

By default, Discourse asks a new user to confirm their account details after the first successful OpenID Connect login. To create the account without this additional step, navigate to Admin > All site settings > Login and enable auth skip create confirm.

Configuration verification

To confirm that authentik is properly configured with Discourse, open Discourse and click Login with OpenID Connect. You should be redirected to authentik and returned to Discourse after authentication.

Resources