Alfred-App/alfred-mobile
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
25455f7e6fc2101aef0e90973ebc4105a823b613
alfred-mobile/AUTHENTIK_SETUP.md
jknapp 6d4ae2e5c3 Initial commit: Alfred Mobile - AI Assistant Android App 
- OAuth authentication via Authentik
- WebSocket connection to OpenClaw gateway
- Configurable gateway URL with first-run setup
- User preferences sync across devices
- Multi-user support with custom assistant names
- ElevenLabs TTS integration (local + remote)
- FCM push notifications for alarms
- Voice input via Google Speech API
- No hardcoded secrets or internal IPs in tracked files
2026-02-09 11:12:51 -08:00

2.5 KiB
Raw Blame History

Authentik OAuth Configuration for Alfred Mobile

Issue

OAuth login fails with "Authorization failed: Unknown error" because the mobile redirect URI is not configured in Authentik.

Solution

Step 1: Access Authentik Admin

  1. Go to https://auth.dnspegasus.net/if/admin/
  2. Log in with admin credentials

Step 2: Update OAuth Provider

  1. Navigate to ApplicationsProviders
  2. Find the provider with Client ID: QeSNaZPqZUz5pPClZMA2bakSsddkStiEhqbE4QZR
  3. Click to edit

Step 3: Add Mobile Redirect URI

In the Redirect URIs field, add:

alfredmobile://oauth/callback

Important: Keep the existing redirect URIs! You should have:

  • https://alfred.dnspegasus.net/oauth/callback (web Control UI)
  • https://alfred-app.dnspegasus.net/oauth/callback (proxy)
  • alfredmobile://oauth/callback (mobile app) ← ADD THIS

Step 4: Verify Configuration

After saving, the provider should have:

  • Client ID: QeSNaZPqZUz5pPClZMA2bakSsddkStiEhqbE4QZR
  • Client type: Confidential (or Public if using PKCE)
  • Redirect URIs: All three URIs listed above
  • Scopes: openid profile email

Step 5: Test

  1. Open Alfred Mobile on tablet
  2. Tap "Sign In with Authentik"
  3. Log in with Authentik credentials
  4. Browser should redirect back to the app
  5. App should show "Login successful!" toast and "Logged In!" screen

Troubleshooting

Still getting "Unknown error"?

  • Check browser address bar when redirecting - does it show alfredmobile://...?
  • Verify redirect URI matches exactly (no trailing slash, correct scheme)
  • Check Authentik logs for rejected redirect attempts

Browser doesn't redirect back?

  • Android may ask "Open with Alfred?" - tap Yes
  • If app doesn't open, check AndroidManifest.xml has the intent-filter

"Invalid redirect URI" error?

  • The redirect URI in Authentik doesn't match
  • Make sure it's exactly: alfredmobile://oauth/callback (lowercase, no spaces)

Alternative: Create Separate Mobile Provider (Optional)

If you want separate OAuth clients for web vs mobile:

  1. Create a new OAuth2/OpenID Provider
  2. Name it "Alfred Mobile"
  3. Set Client ID to a new value (or keep the same)
  4. Set Redirect URI to alfredmobile://oauth/callback only
  5. Update secrets.properties with the new Client ID
  6. Rebuild the app

This keeps mobile and web OAuth flows isolated.

Current Config (shared provider):

  • Client ID: QeSNaZPqZUz5pPClZMA2bakSsddkStiEhqbE4QZR
  • Used by: Web Control UI, OAuth proxy, Mobile app
  • Redirect URIs: All three endpoints
Reference in New Issue View Git Blame Copy Permalink