From 4ef2ddd223491bf3b5ed5869957db8abc65495ab Mon Sep 17 00:00:00 2001
From: many <emmanuel@archiemd.com>
Date: Wed, 9 Apr 2025 16:48:43 -0400
Subject: [PATCH] update readme with authentik integration guide

---
 README.md | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/README.md b/README.md
index 7f2b065..f709a40 100644
--- a/README.md
+++ b/README.md
@@ -19,17 +19,19 @@
 * `abra app new civicrm-wordpress`
 * `abra app config <app-name>`
 
-Generate secrets (be sure to save them):
-* `abra app secret g <app-name> db_root_password v1`
-* `abra app secret g <app-name> db_password v1`
-* `abra app secret g <app-name> civicrm_site_key v1`
-* `abra app secret g <app-name> civicrm_cred_key v1`
-* `abra app secret g <app-name> civicrm_sign_key v1`
+Authentik integration:
+* When configuring, uncomment `COMPOSE_FILE`, `OPEN_ID_CLIENT_ID`, `SECRET_OPEN_ID_CLIENT_SECRET_VERSION`, and `AUTHENTIK_DOMAIN`
+* To configure your Authentik deployment, follow the guide at [`docs.goauthentik.io/integrations/services/wordpress`](https://docs.goauthentik.io/integrations/services/wordpress/).
+* NOTE: at the time of writing the Authentik integration guide incorrectly says to set the redirect URI to `https://wp.company/admin-ajax.php?action=openid-connect-authorize` when it should be `https://wp.company/wp-admin/admin-ajax.php?action=openid-connect-authorize`
+* If using a different OpenID provider, leave `AUTHENTIK_DOMAIN` commented and uncomment the other OpenID configuration options
 
 Insert secrets:
 * `abra app secret i <app-name> wordpress_admin_password v1 '<temp account password>'`
 * `abra app secret i <app-name> smtp_password v1 '<smtp password>'`
 
+Generate secrets (be sure to save them):
+* `abra app secret g -a <app-name>`
+
 Deploy app:
 * `abra app deploy <app-name>`