OIDC Auth and City Visits Data

documentation/.vitepress/config.mts

@@ -92,6 +92,28 @@ export default defineConfig({
             text: "Immich Integration",
             link: "/docs/configuration/immich_integration",
           },
+          {
+            text: "Social Auth and OIDC",
+            link: "/docs/configuration/social_auth",
+          },
+          {
+            text: "Authentication Providers",
+            collapsed: false,
+            items: [
+              {
+                text: "Authentik",
+                link: "/docs/configuration/social_auth/authentik",
+              },
+              {
+                text: "GitHub",
+                link: "/docs/configuration/social_auth/github",
+              },
+              {
+                text: "Open ID Connect",
+                link: "/docs/configuration/social_auth/oidc",
+              },
+            ],
+          },
           {
             text: "Update App",
             link: "/docs/configuration/updating",

documentation/docs/configuration/social_auth.md

@@ -0,0 +1,15 @@
+# Social Authentication
+
+AdventureLog support autentication via 3rd party services and self-hosted identity providers. Once these services are enabled, users can log in to AdventureLog using their accounts from these services and link exising AdventureLog accounts to these services for easier access.
+
+The steps for each service varies so please refer to the specific service's documentation for more information.
+
+## Supported Services
+
+- [Authentik](social_auth/authentik.md) (self-hosted)
+- [GitHub](social_auth/github.md)
+- [Open ID Connect](social_auth/oidc.md)
+
+## Linking Existing Accounts
+
+If you already have an AdventureLog account and would like to link it to a 3rd party service, you can do so by logging in to AdventureLog and navigating to the `Account Settings` page. From there, scroll down to `Social and OIDC Authentication` and click the `Launch Account Connections` button. If identity providers have been enabled on your instance, you will see a list of available services to link to.

documentation/docs/configuration/social_auth/authentik.md

@@ -0,0 +1,56 @@
+# Authentik OIDC Authentication
+
+<img src="https://repository-images.githubusercontent.com/230885748/19f01d00-8e26-11eb-9a14-cf0d28a1b68d" alt="Authentik Logo" width="400" />
+
+Authentik is a self-hosted identity provider that supports OpenID Connect and OAuth2. AdventureLog can be configured to use Authentik as an identity provider for social authentication. Learn more about Authentik at [goauthentik.io](https://goauthentik.io/).
+
+Once Authentik is configured by the administrator, users can log in to AdventureLog using their Authentik account and link existing AdventureLog accounts to Authentik for easier access.
+
+# Configuration
+
+To enable Authentik as an identity provider, the administrator must first configure Authentik to allow AdventureLog to authenticate users.
+
+### Authentik Configuration
+
+1. Log in to Authentik and navigate to the `Providers` page and create a new provider.
+2. Select `OAuth2/OpenID Provider` as the provider type.
+3. Name it `AdventureLog` or any other name you prefer.
+4. Set the `Redirect URI` of type `Regex` to `^http://<adventurelog-server-url>/accounts/oidc/.*$` where `<adventurelog-url>` is the URL of your AdventureLog Server service.
+5. Copy the `Client ID` and `Client Secret` generated by Authentik, you will need these to configure AdventureLog.
+6. Create an application in Authentik and assign the provider to it, name the `slug` `adventurelog` or any other name you prefer.
+7. If you want the logo, you can find it [here](https://adventurelog.app/adventurelog.png).
+
+### AdventureLog Configuration
+
+This configuration is done in the [Admin Panel](../../guides/admin_panel.md). You can either launch the pannel directly from the `Settings` page or navigate to `/admin` on your AdventureLog server.
+
+1. Login to AdventureLog as an administrator and navigate to the `Settings` page.
+2. Scroll down to the `Administration Settings` and launch the admin panel.
+3. In the admin panel, navigate to the `Social Accounts` section and click the add button next to `Social applications`. Fill in the following fields:
+
+   - Provider: `OpenID Connect`
+   - Provider ID: Autnentik Client ID
+   - Name: `Authentik`
+   - Client ID: Authentik Client ID
+   - Secret Key: Authentik Client Secret
+   - Key: can be left blank
+   - Settings: (make sure http/https is set correctly)
+
+   ```json
+   {
+     "server_url": "http://<authentik_url>/application/o/[YOUR_SLUG]/"
+   }
+   ```
+
+   ::: warning
+   `localhost` is most likely not a valid `server_url` for Authentik in this instance because `localhost` is the server running AdventureLog, not Authentik. You should use the IP address of the server running Authentik or the domain name if you have one.
+
+- Sites: move over the sites you want to enable Authentik on, usually `example.com` and `www.example.com` unless you renamed your sites.
+
+#### What it Should Look Like
+
+![Authentik Social Auth Configuration](/authentik_settings.png)
+
+4. Save the configuration.
+
+Ensure that the Authentik server is running and accessible by AdventureLog. Users should now be able to log in to AdventureLog using their Authentik account.

documentation/docs/configuration/social_auth/github.md

@@ -0,0 +1,44 @@
+# GitHub Social Authentication
+
+AdventureLog can be configured to use GitHub as an identity provider for social authentication. Users can then log in to AdventureLog using their GitHub account.
+
+# Configuration
+
+To enable GitHub as an identity provider, the administrator must first configure GitHub to allow AdventureLog to authenticate users.
+
+### GitHub Configuration
+
+1. Visit the GitHub OAuth Apps Settings page at [https://github.com/settings/developers](https://github.com/settings/developers).
+2. Click on `New OAuth App`.
+3. Fill in the following fields:
+
+   - Application Name: `AdventureLog` or any other name you prefer.
+   - Homepage URL: `<adventurelog-frontend-url>` where `<adventurelog-frontend-url>` is the URL of your AdventureLog Frontend service.
+   - Application Description: `AdventureLog` or any other description you prefer.
+   - Authorization callback URL: `http://<adventurelog-backend-url>/accounts/github/login/callback/` where `<adventurelog-backend-url>` is the URL of your AdventureLog Backend service.
+   - If you want the logo, you can find it [here](https://adventurelog.app/adventurelog.png).
+
+### AdventureLog Configuration
+
+This configuration is done in the [Admin Panel](../../guides/admin_panel.md). You can either launch the pannel directly from the `Settings` page or navigate to `/admin` on your AdventureLog server.
+
+1. Login to AdventureLog as an administrator and navigate to the `Settings` page.
+2. Scroll down to the `Administration Settings` and launch the admin panel.
+3. In the admin panel, navigate to the `Social Accounts` section and click the add button next to `Social applications`. Fill in the following fields:
+
+   - Provider: `GitHub`
+   - Provider ID: GitHub Client ID
+   - Name: `GitHub`
+   - Client ID: GitHub Client ID
+   - Secret Key: GitHub Client Secret
+   - Key: can be left blank
+   - Settings: can be left blank
+   - Sites: move over the sites you want to enable Authentik on, usually `example.com` and `www.example.com` unless you renamed your sites.
+
+#### What it Should Look Like
+
+![Authentik Social Auth Configuration](/github_settings.png)
+
+4. Save the configuration.
+
+Users should now be able to log in to AdventureLog using their GitHub account, and link it to exisiting accounts.

documentation/docs/configuration/social_auth/oidc.md

@@ -0,0 +1,7 @@
+# OIDC Social Authentication
+
+AdventureLog can be configured to use OpenID Connect (OIDC) as an identity provider for social authentication. Users can then log in to AdventureLog using their OIDC account.
+
+The configuration is basically the same as [Authentik](./authentik.md), but you replace the client and secret with the OIDC client and secret provided by your OIDC provider. The `server_url` should be the URL of your OIDC provider where you can find the OIDC configuration.
+
+Each provider has a different configuration, so you will need to check the documentation of your OIDC provider to find the correct configuration.

documentation/docs/configuration/updating.md

@@ -20,5 +20,5 @@ docker exec -it <container> bash
 Once you are in the container run the following command to resync the region data.
 
 ```bash
-python manage.py download-countries
+python manage.py download-countries --force
 ```

documentation/docs/install/docker.md

@@ -11,6 +11,12 @@ Docker is the preferred way to run AdventureLog on your local machine. It is a l
 
 Get the `docker-compose.yml` file from the AdventureLog repository. You can download it from [here](https://github.com/seanmorley15/AdventureLog/blob/main/docker-compose.yml) or run this command to download it directly to your machine:
 
+::: tip
+
+If running on an ARM based machine, you will need to use a different PostGIS Image. It is recommended to use the `tobi312/rpi-postgresql-postgis:15-3.3-alpine-arm` image or a custom version found [here](https://hub.docker.com/r/tobi312/rpi-postgresql-postgis/tags). The AdventureLog containers are ARM compatible.
+
+:::
+
 ```bash
 wget https://raw.githubusercontent.com/seanmorley15/AdventureLog/main/docker-compose.yml
 ```