From 4aeb7c8a84fc17bce6e0af903e9c3490b9c437a6 Mon Sep 17 00:00:00 2001
From: 4d62 <github-user@sdko.org>
Date: Mon, 2 Dec 2024 22:49:18 -0500
Subject: [PATCH] website/integrations: mastodon: set correct uid field
 (#11945)

* website/integrations: mastodon: set correct uid field

Setting the `OIDC_UID_FIELD` as `sub` created users on Mastodon with random usernames. Once this was changed to `preferred_username`, new users were created with their usernames set in authentik. My assumption is that users would wish to have the same username rather than have a random one generated.

Signed-off-by: 4d62 <github-user@sdko.org>

* website/integrations: mastodon: apply review suggestions

A: https://github.com/goauthentik/authentik/pull/11945#pullrequestreview-2427160470
B: https://github.com/goauthentik/authentik/pull/11945#discussion_r1837134142

Signed-off-by: 4d62 <github-user@sdko.org>

---------

Signed-off-by: 4d62 <github-user@sdko.org>
---
 website/integrations/services/mastodon/index.md | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/website/integrations/services/mastodon/index.md b/website/integrations/services/mastodon/index.md
index 8babeb3340..e1f0ec5c7a 100644
--- a/website/integrations/services/mastodon/index.md
+++ b/website/integrations/services/mastodon/index.md
@@ -41,6 +41,14 @@ Create an application (under _Resources/Applications_) with these settings:
 
 Configure Mastodon `OIDC_` settings by editing the `.env.production` and add the following:
 
+:::warning
+When using `preferred_username` as the user identifier, ensure that the [Allow users to change username setting](https://docs.goauthentik.io/docs/sys-mgmt/settings#allow-users-to-change-username) is disabled to prevent authentication issues.
+:::
+
+:::info
+You can configure Mastodon to use either the `sub` or `preferred_username` as the UID field under `OIDC_UID_FIELD`. The `sub` option uses a unique, stable identifier for the user, while `preferred_username` uses the username configured in authentik.
+:::
+
 ```
 OIDC_ENABLED=true
 OIDC_DISPLAY_NAME=authentik
@@ -48,7 +56,7 @@ OIDC_DISCOVERY=true
 OIDC_ISSUER=< OpenID Configuration Issuer>
 OIDC_AUTH_ENDPOINT=https://authentik.company/application/o/authorize/
 OIDC_SCOPE=openid,profile,email
-OIDC_UID_FIELD=sub
+OIDC_UID_FIELD=preferred_username
 OIDC_CLIENT_ID=<Client ID>
 OIDC_CLIENT_SECRET=<Client Secret>
 OIDC_REDIRECT_URI=https://mastodon.company/auth/auth/openid_connect/callback