# Immich Tests ## Target - **URL:** https://immich. ## Dependencies - **Authentik** (`authentik.`) — required for SSO/OIDC testing ## Test Setup Before running all tests, the following must be in place: ### 1. Deploy authentik ```bash abra app deploy authentik. --chaos --force --no-input ``` ### 2. Deploy Immich ```bash abra app deploy immich. --chaos --force --no-input ``` ### 3. Run the Authentik integration setup ```bash python3 recipe-info/immich/setup_authentik_integration.py ``` This configures authentik as the OAuth provider for Immich: 1. Creates an OAuth2 provider (`immich`) via the authentik REST API 2. Creates an Application linked to the provider 3. Creates a test user (`testuser` / `testpass123`) with an APP_PASSWORD token 4. Creates an Immich admin account via the Immich API 5. Configures Immich's OAuth settings via the Immich system config API 6. Writes credentials to `authentik-test-credentials..toml` **Important:** The APP_PASSWORD token becomes invalid if authentik is redeployed. If the `oidc_login.py` test fails with "invalid, expired, revoked" token errors, re-run this setup script. ### 4. Verify No redeploy needed — Immich's OAuth is configured via its API, not env vars. ## Automated Tests - `tests/health_check.py` — Confirms the instance is reachable and returns HTTP 200. - `tests/oidc_login.py` — Tests SSO/OIDC integration with Authentik. Checks OIDC discovery, APP_PASSWORD token grant, and Immich API authentication. ### Credentials | Key | Description | |-----|-------------| | `ak_client_id` / `ak_client_secret` | OIDC client ID and secret | | `ak_test_user` / `ak_test_pass` | Test user credentials (password for browser login) | | `ak_test_app_password` | APP_PASSWORD token for password grant (authentik requires this instead of regular passwords) | | `ak_test_email` | Test user email | | `ak_discovery_endpoint` | Authentik OIDC discovery URL | Stored in `authentik-test-credentials..toml`. ## Manual Verification 1. Open https://immich. in a browser. 2. Confirm the Immich web interface loads without errors. 3. Confirm the "Login with Authentik" button appears on the login page. 4. Click it and verify redirect to Authentik for authentication.