Initial commit: Alfred Mobile - AI Assistant Android App
- OAuth authentication via Authentik - WebSocket connection to OpenClaw gateway - Configurable gateway URL with first-run setup - User preferences sync across devices - Multi-user support with custom assistant names - ElevenLabs TTS integration (local + remote) - FCM push notifications for alarms - Voice input via Google Speech API - No hardcoded secrets or internal IPs in tracked files
This commit is contained in:
76
AUTHENTIK_SETUP.md
Normal file
76
AUTHENTIK_SETUP.md
Normal file
@@ -0,0 +1,76 @@
|
||||
# Authentik OAuth Configuration for Alfred Mobile
|
||||
|
||||
## Issue
|
||||
OAuth login fails with "Authorization failed: Unknown error" because the mobile redirect URI is not configured in Authentik.
|
||||
|
||||
## Solution
|
||||
|
||||
### Step 1: Access Authentik Admin
|
||||
1. Go to https://auth.dnspegasus.net/if/admin/
|
||||
2. Log in with admin credentials
|
||||
|
||||
### Step 2: Update OAuth Provider
|
||||
1. Navigate to **Applications** → **Providers**
|
||||
2. Find the provider with Client ID: `QeSNaZPqZUz5pPClZMA2bakSsddkStiEhqbE4QZR`
|
||||
3. Click to edit
|
||||
|
||||
### Step 3: Add Mobile Redirect URI
|
||||
In the **Redirect URIs** field, add:
|
||||
```
|
||||
alfredmobile://oauth/callback
|
||||
```
|
||||
|
||||
**Important:** Keep the existing redirect URIs! You should have:
|
||||
- `https://alfred.dnspegasus.net/oauth/callback` (web Control UI)
|
||||
- `https://alfred-app.dnspegasus.net/oauth/callback` (proxy)
|
||||
- `alfredmobile://oauth/callback` (mobile app) ← **ADD THIS**
|
||||
|
||||
### Step 4: Verify Configuration
|
||||
|
||||
After saving, the provider should have:
|
||||
- **Client ID:** `QeSNaZPqZUz5pPClZMA2bakSsddkStiEhqbE4QZR`
|
||||
- **Client type:** Confidential (or Public if using PKCE)
|
||||
- **Redirect URIs:** All three URIs listed above
|
||||
- **Scopes:** `openid profile email`
|
||||
|
||||
### Step 5: Test
|
||||
1. Open Alfred Mobile on tablet
|
||||
2. Tap "Sign In with Authentik"
|
||||
3. Log in with Authentik credentials
|
||||
4. Browser should redirect back to the app
|
||||
5. App should show "Login successful!" toast and "Logged In!" screen
|
||||
|
||||
## Troubleshooting
|
||||
|
||||
### Still getting "Unknown error"?
|
||||
- Check browser address bar when redirecting - does it show `alfredmobile://...`?
|
||||
- Verify redirect URI matches exactly (no trailing slash, correct scheme)
|
||||
- Check Authentik logs for rejected redirect attempts
|
||||
|
||||
### Browser doesn't redirect back?
|
||||
- Android may ask "Open with Alfred?" - tap Yes
|
||||
- If app doesn't open, check AndroidManifest.xml has the intent-filter
|
||||
|
||||
### "Invalid redirect URI" error?
|
||||
- The redirect URI in Authentik doesn't match
|
||||
- Make sure it's exactly: `alfredmobile://oauth/callback` (lowercase, no spaces)
|
||||
|
||||
## Alternative: Create Separate Mobile Provider (Optional)
|
||||
|
||||
If you want separate OAuth clients for web vs mobile:
|
||||
|
||||
1. Create a new OAuth2/OpenID Provider
|
||||
2. Name it "Alfred Mobile"
|
||||
3. Set Client ID to a new value (or keep the same)
|
||||
4. Set Redirect URI to `alfredmobile://oauth/callback` only
|
||||
5. Update `secrets.properties` with the new Client ID
|
||||
6. Rebuild the app
|
||||
|
||||
This keeps mobile and web OAuth flows isolated.
|
||||
|
||||
---
|
||||
|
||||
**Current Config (shared provider):**
|
||||
- Client ID: `QeSNaZPqZUz5pPClZMA2bakSsddkStiEhqbE4QZR`
|
||||
- Used by: Web Control UI, OAuth proxy, Mobile app
|
||||
- Redirect URIs: All three endpoints
|
||||
Reference in New Issue
Block a user