authentik icon indicating copy to clipboard operation
authentik copied to clipboard
verified publisher icon goauthentik

Use Plex as a Source Enrollment Flow

Open MattyIceee opened this issue 1 year ago • 1 comments

Describe your question Has anyone successfully create a source enrollment flow for Plex?

Relevant info I currently have my Plex server successfully setup as a "Social Login" source. I can have existing Authentik users sync their Plex accounts and assuming they've joined my server, can log into Authentik via Plex.

Next I wanted to setup enrollment in the same way. Assuming a Plex user is part of my server, I want them to be able to use their Plex account to enroll a user in my Authentik space.

I tried using the default-source-enrollment flow but it says the user isn't allowed to use it (screenshot attached below). I'm assuming this has to do with the default policy on that flow being default-source-enrollment-if-sso which just calls ak_is_sso_flow. I don't fully understand this check but I think its supposed to tell us if the auth we just did was from outside Authentik or not? Only issue being that flow never reaches out to a source so I'm assuming the check always fails?

I dug around some of the other social logins and many of them have policies attached to their documentation that allow user enrollment. I honestly don't see any similarities in them and I'm completely lost how/where the user info is passed to the write user flow from. It looks like all these policies do is return pass/fail (true/false). Do you need to call ak_create_event to make a user?

Also not sure how to make the flow contact Plex to authenticate and extract the user info using a policy. The documentation references info and auth_api but they don't really go into detail and I'm not sure how to use those to map user info.

If anyone has a working flow/has an idea how to get this working I think it would benefit a bunch of people. I poked around a bit and didn't see any examples/questions so figured I'd consolidate it on this issue.

Finally, Thanks again for this awesome project! By far the best self hosted sso service I've used, period!

Screenshots plex-source-enrollment

Version and Deployment (please complete the following information):

  • authentik version: 2024.8.3
  • Deployment: helm

Additional context If we can get this hashed out I think it would be super beneficial to add the setup to the Plex Authentik documentation.

MattyIceee avatar Oct 12 '24 07:10 MattyIceee

Got this one figured out. I started using authentik two days ago so big grain of salt as far as validity. From what I can tell logging in through Plex doesn't actually trigger the Enrollment Flow. Looking at the logs it was trying to authenticate with an AnonymousUser account. Probs something I'm doing wrong but, this looks like it works.

Flows and Stages / Flows / default-source-authentication Image

Directory / Federation and Social Login / Plex Image

mcountryman avatar Jun 12 '25 20:06 mcountryman