Fading Coder

One Final Commit for the Last Sprint

Home > Tech > Content

Configuring Generic OAuth2 Authentication for Wiki.js

Tech 1

Overview of Wiki.js

Wiki.js is an open-source wiki platform designed for building personal knowledge bases and documentation systems. This article covers setting up authentication via Generic OAuth2 in version 2.5.289.

Authentication setup consists of two primary sections: Authorization Settings and Registration Settings.

1. Authorization Settings

This section often presents challenges due to limited error feedback.

1.1 Client ID

Used as a parameter during token acquisition.

1.2 Client Secret

Also passed as a parameter during token exchange.

1.3 Authorization Endpoint URL

The endpoint where users are redirected for authorization. After selecting Generic OAuth2 on the login screen, this URL will be used for redirection. If the redirect URL is incorrect, an error like Invalid authentication provider. may occur.

1.4 Token Endpoint URL

The API endpoint for retrieving tokens. Wiki.js sends these parameters automatically:

  1. grant_type=authorization_code
  2. client_id (from step 1.1)
  3. client_secret (from step 1.2)
  4. Additional custom parameters from the authorization URL

The server must return a JSON response containing:

{
  "access_token": "xxx"
}

Failure to comply results in the error message Failed to obtain access token.

1.5 User Info Endpoint URL

After obtaining the token, this endpoint fetches user details. You can configure how the token is sent — either through query strings or the Authorization header.

Expected response fields:

{
  "UserId": 10086,
  "Name": "Zhang San",
  "Email": "zs@test.com"
}

An invalid or missing email leads to Missing or invalid email address from profile.

Note: The system uses the email address to uniquely identify users; duplicate emails are not allowed.

1.6 ID Claim

Field name in the user info response representing the unique idantifier.

1.7 Display Name Claim

Field name for the user's display name.

1.8 Email Claim

Field name for the user’s email address, which must be unique.

2. Registration Settings

2.1 Enable Open Registration

When a new user logs in via OAuth2 and their email isn't found in Wiki.js, a new account is created automatically.

2.2 Disable Open Registration

Only pre-existing users with matching emails can log in. Attempting to log in with an unregistered email results in You are not authorized to login.

Tags: wiki.js
Back to List

Prev: Troubleshooting and Fixing 100% CPU Utilization for Apache on CentOS

Next: Managing Topological State in Kubernetes with StatefulSet

Related Articles

Understanding Strong and Weak References in Java

Strong References Strong reference are the most prevalent type of object referencing in Java. When an object has a strong reference pointing to it, the garbage collector will not reclaim its memory. F...

Comprehensive Guide to SSTI Explained with Payload Bypass Techniques

Introduction Server-Side Template Injection (SSTI) is a vulnerability in web applications where user input is improper handled within the template engine and executed on the server. This exploit can r...

Implement Image Upload Functionality for Django Integrated TinyMCE Editor

Django’s Admin panel is highly user-friendly, and pairing it with TinyMCE, an effective rich text editor, simplifies content management significantly. Combining the two is particular useful for bloggi...

Leave a Comment

Anonymous

◎Feel free to join the discussion and share your thoughts.

Copyright © fadingcoder.top