authentik

mirror of https://github.com/goauthentik/authentik synced 2026-04-27 18:07:15 +02:00

Author	SHA1	Message	Date
Marc 'risson' Schmitt	2f70351c90	packages/client-go: init (#21139 ) * packages/client-go: init Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * format Signed-off-by: Jens Langhammer <jens@goauthentik.io> * remove mod/sum Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix translate Signed-off-by: Jens Langhammer <jens@goauthentik.io> * no go replace Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update rust makefile with pwd Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * fix build Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix docs Signed-off-by: Jens Langhammer <jens@goauthentik.io> * don't need a version ig? Signed-off-by: Jens Langhammer <jens@goauthentik.io> * exclude go client from cspell Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix main docker build Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> Signed-off-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: Jens Langhammer <jens@goauthentik.io>	2026-03-25 15:26:50 +01:00
Xabier Napal	35e025b25a	outpost/proxyv2: prevent panic in handleSignOut (#20097 ) outpost/proxyv2: use safe claims extraction in handleSignOut to prevent panic Signed-off-by: Xabier Napal <xabier.napal@dvzr.io>	2026-03-03 18:21:25 +01:00
Brolywood	17ab3a4b73	providers/proxy: preserve URL-encoded path characters in redirect (#20476 ) Use r.URL.EscapedPath() instead of r.URL.Path when building the redirect URL in redirectToStart(). The decoded Path field converts %2F to /, which url.JoinPath then collapses via path.Clean, stripping encoded slashes from the URL. EscapedPath() preserves the original encoding, fixing 301 redirects that break apps like RabbitMQ which use %2F in their API paths.	2026-02-23 17:30:47 +01:00
dependabot[bot]	122cee049a	core: bump library/golang from 1.25.5-trixie to 1.26.0-trixie in /lifecycle/container (#20381 ) * core: bump library/golang in /lifecycle/container Bumps library/golang from 1.25.5-trixie to 1.26.0-trixie. --- updated-dependencies: - dependency-name: library/golang dependency-version: 1.26.0-trixie dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * bump & fix Signed-off-by: Jens Langhammer <jens@goauthentik.io> * bump docs too Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Jens Langhammer <jens@goauthentik.io>	2026-02-19 12:35:00 +00:00
Chetan Sarva	3f1a0f83ca	outpost/proxyv2: revalidate auth if session fails to load (#18063 )	2026-02-05 17:19:28 +00:00
Marc 'risson' Schmitt	85434710f3	root: update client-go generation (#19762 )	2026-01-26 19:51:38 +01:00
Vít Skalický	bc3a1f128b	providers/proxy: Fix incorrect comparison of redirect URL and CookieDomain (#15686 ) * Fix incorect comparison of redirect URL and CookieDomain. Fixes #15685 According to docs, URL.Host contains the host and port, while Hostname returns only the host without the port. CookieDomain obviously does not contain the port. string.HasSuffix function is used, so if a port is set in the redirect URL, this check always fails. * Fixed missing parentheses --------- Co-authored-by: Dewi Roberts <dewi@goauthentik.io>	2026-01-22 17:44:22 +00:00
Dominic R	3873f43ea3	outpost/proxyv2: fix stale session cookie causing 400 error in createState (#19026 )	2026-01-13 10:52:42 -05:00
Dominic R	3353db0d7f	outpost/proxyv2: more tests, fix pg password with spaces, and existing session on restart (#18211 ) * outpost/proxyv2: handle PostgreSQL passwords with spaces and special characters And modify / add some more tests and a bit of refactoring * Potential fix for code scanning alert no. 268: Disabled TLS certificate check Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Signed-off-by: Dominic R <dominic@sdko.org> * Revert "Potential fix for code scanning alert no. 268: Disabled TLS certificate check" This reverts commit `ead227a272`. * wip * fix incorrect status code in error response Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Dominic R <dominic@sdko.org> Signed-off-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Co-authored-by: Jens Langhammer <jens@goauthentik.io>	2025-12-11 14:25:41 +00:00
Dominic R	ec00a918b3	outposts: update permissions more eagerly (#17783 ) * wip * wip * a * a Signed-off-by: Dominic R <dominic@sdko.org> * rm * this * rm test files * cover one more case Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Dominic R <dominic@sdko.org> Signed-off-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: Jens Langhammer <jens@goauthentik.io>	2025-10-30 18:33:51 +01:00
Jens L.	e7235732bb	providers/proxy: fix missing JWT/claims header (#17759 ) * replace interface{} with any Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix raw token not saved to map or json Signed-off-by: Jens Langhammer <jens@goauthentik.io> * also fix proxy claims Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix test Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-10-28 15:14:07 +01:00
Jens L.	e2904d13a9	providers/proxy: add gorm logging (#17758 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-10-28 14:39:47 +01:00
Jens L.	e9347e88e1	providers/proxy: drop headers with underscores (#17650 ) drop any headers with underscores that we set in the remote system Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-10-22 15:19:34 +02:00
Dominic R	795a025af9	outpost/proxyv2: postgresstore: db/pool/misc cleanup and enhancement (#17511 ) * wip * Update internal/outpost/proxyv2/application/session_postgres_test.go Signed-off-by: Dominic R <dominic@sdko.org> * Update refresh.go Co-authored-by: Jens L. <jens@goauthentik.io> Signed-off-by: Dominic R <dominic@sdko.org> --------- Signed-off-by: Dominic R <dominic@sdko.org> Co-authored-by: Jens L. <jens@goauthentik.io>	2025-10-20 16:25:13 +02:00
Dominic R	6dde8bdd4a	outpost: proxyv2: Use Postgres for the Embedded Outpost (#16628 ) * wip Co-authored-by: Jens Langhammer <jens@goauthentik.io> Signed-off-by: Jens Langhammer <jens@goauthentik.io> Signed-off-by: Dominic R <dominic@sdko.org> * remove testing files * a * wip * pls * pls2 * a * Update authentik/providers/proxy/models.py Co-authored-by: Jens L. <jens@beryju.org> Signed-off-by: Dominic R <dominic@sdko.org> * makemigrations * pls * pls1000 * dont migrate in go Signed-off-by: Jens Langhammer <jens@goauthentik.io> * set uuid Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix more test cases Signed-off-by: Jens Langhammer <jens@goauthentik.io> * better logging Signed-off-by: Jens Langhammer <jens@goauthentik.io> * set gorm nowfunc (gorm defaults to local time) Signed-off-by: Jens Langhammer <jens@goauthentik.io> * improve test db closing Signed-off-by: Jens Langhammer <jens@goauthentik.io> * move expiration to field Signed-off-by: Jens Langhammer <jens@goauthentik.io> * dont' manually set table Signed-off-by: Jens Langhammer <jens@goauthentik.io> * refactor tests more Signed-off-by: Jens Langhammer <jens@goauthentik.io> * more refactor Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix em Signed-off-by: Jens Langhammer <jens@goauthentik.io> * postgres cleanup is done by worker Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update expiry and set expiring Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io> Signed-off-by: Dominic R <dominic@sdko.org> Co-authored-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: Jens L. <jens@beryju.org>	2025-10-09 16:59:15 +02:00
Marco Lecheler	df33b4d3e9	website: fix docs links (#16926 ) * fix: add other docker-compose links * fix: update other docs urls	2025-09-24 11:48:33 -04:00
Dominic R	ffe767fe13	outpost: proxy: handle nil HTTP response in attemptBasicAuth function (#13781 ) * outpost: proxy: handle nil HTTP response in attemptBasicAuth function Fixes a nil pointer dereference that occurs when an HTTP request fails in the attemptBasicAuth function. Added additional checks to safely handle cases where the HTTP response or its body is nil. * add defer res.Body.Close() to prevent resource leaks in basic auth * oops * this * Revert "this" This reverts commit `7f7d110291`. * wip * better?	2025-08-12 11:40:18 +01:00
Tom Neuber	7ed3fed5c3	outpost/proxyv2: add session cleanup for filesystem session store (#15798 ) * proxyv2/filesystemstore: add persistent filesystem store to implement a session cleanup job * proxyv2: add session cleanup for filesystem session store	2025-08-09 20:13:39 +01:00
Jens L.	dea2d67ceb	internal/outpost: fix incorrect usage of golang SHA API (#14981 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-06-09 20:57:36 +02:00
Jens L.	a306cecb73	providers/proxy: add option to override host header with property mappings (#14927 )	2025-06-06 14:54:59 +02:00
Jens L.	65517f3b7f	enterprise/stages: Add MTLS stage (#14296 ) * prepare client auth with inbuilt server Signed-off-by: Jens Langhammer <jens@goauthentik.io> * introduce better IPC auth Signed-off-by: Jens Langhammer <jens@goauthentik.io> * init Signed-off-by: Jens Langhammer <jens@goauthentik.io> * start stage Signed-off-by: Jens Langhammer <jens@goauthentik.io> * only allow trusted proxies to set MTLS headers Signed-off-by: Jens Langhammer <jens@goauthentik.io> * more stage progress Signed-off-by: Jens Langhammer <jens@goauthentik.io> * dont fail if ipc_key doesn't exist Signed-off-by: Jens Langhammer <jens@goauthentik.io> * actually install app Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add some tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update API Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix unquote Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix int serial number not jsonable Signed-off-by: Jens Langhammer <jens@goauthentik.io> * init ui Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add UI Signed-off-by: Jens Langhammer <jens@goauthentik.io> * unrelated: fix git pull in makefile Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix parse helper Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add test for outpost Signed-off-by: Jens Langhammer <jens@goauthentik.io> * more tests and improvements Signed-off-by: Jens Langhammer <jens@goauthentik.io> * improve labels Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add support for multiple CAs on brand Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add support for multiple CAs to MTLS stage Signed-off-by: Jens Langhammer <jens@goauthentik.io> * dont log ipcuser secret views Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix go mod Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-05-19 22:48:17 +02:00
dependabot[bot]	84b5992e55	ci: bump golangci/golangci-lint-action from 6 to 7 (#13661 ) * ci: bump golangci/golangci-lint-action from 6 to 7 Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 6 to 7. - [Release notes](https://github.com/golangci/golangci-lint-action/releases) - [Commits](https://github.com/golangci/golangci-lint-action/compare/v6...v7) --- updated-dependencies: - dependency-name: golangci/golangci-lint-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * fix lint Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix v2 Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix v3 Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Jens Langhammer <jens@goauthentik.io>	2025-03-26 18:03:20 +01:00
Andrea Scarpino	94eff50306	root: redis, make sure tlscacert isn't an empty string (#12407 ) * root: redis, make sure tlscacert isn't an empty string * make TLSCaCert a string instead of pointer Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: Jens Langhammer <jens@goauthentik.io>	2025-01-13 20:14:26 +01:00
Jens L.	40a7135c0c	core: app entitlements (#12090 ) * core: initial app entitlements Signed-off-by: Jens Langhammer <jens@goauthentik.io> * base off of pbm Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add tests and oauth2 Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add to proxy Signed-off-by: Jens Langhammer <jens@goauthentik.io> * rewrite to use bindings Signed-off-by: Jens Langhammer <jens@goauthentik.io> * make policy bindings form and list more customizable Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * double fix Signed-off-by: Jens Langhammer <jens@goauthentik.io> * refine permissions Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add missing rbac modal to app entitlements Signed-off-by: Jens Langhammer <jens@goauthentik.io> * separate scope for app entitlements Signed-off-by: Jens Langhammer <jens@goauthentik.io> * include entitlements mapping in proxy Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add API validation to prevent policies from being bound to entitlements Signed-off-by: Jens Langhammer <jens@goauthentik.io> * make preview Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add initial docs Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix Signed-off-by: Jens Langhammer <jens@goauthentik.io> * remove duplicate docs Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2024-12-18 14:32:44 +01:00
Jens L.	a892d4afd8	providers/proxy: fix Issuer when AUTHENTIK_HOST_BROWSER is set (#11968 ) correctly use host_browser's hostname as host header for token requests to ensure Issuer is identical	2024-11-13 00:54:40 +01:00
Simon Erhardt	f482937474	providers/proxy: fix handling of AUTHENTIK_HOST_BROWSER (#11722 ) * providers/proxy: fix handling of AUTHENTIK_HOST_BROWSER (#9622/#4688/#6476) * chore: fix tests	2024-10-24 16:34:45 +02:00
Jens L.	ad3820c11c	providers/proxy: fix panic, keep session storages open (#11439 ) * fix panic when redis connection fails Signed-off-by: Jens Langhammer <jens@goauthentik.io> * re-use session when refreshing apps Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2024-09-19 23:05:58 +02:00
Jens L.	171d0f55cb	providers/proxy: fix URL path getting lost when partial URL is given to rd= (#11354 ) * providers/proxy: fix URL path getting lost when partial URL is given to rd= Signed-off-by: Jens Langhammer <jens@goauthentik.io> * better fallback + tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2024-09-12 18:02:08 +02:00
Jens L	b8560f2a86	providers/proxy: bump go-oidc to v3 (#10432 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2024-07-10 12:54:45 +02:00
Jens L	c45bb8e985	providers/proxy: rework redirect mechanism (#8594 ) * providers/proxy: rework redirect mechanism Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add session id, don't tie to state in session Signed-off-by: Jens Langhammer <jens@goauthentik.io> * handle state failing to parse Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix Signed-off-by: Jens Langhammer <jens@goauthentik.io> * save session after creating state Signed-off-by: Jens Langhammer <jens@goauthentik.io> * remove debug Signed-off-by: Jens Langhammer <jens@goauthentik.io> * include task expiry in status Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix redirect URL detection Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2024-05-06 03:07:08 +02:00
Jens L	a742331484	root: make redis settings more consistent (#9335 ) * make redis settings more consistent Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add support to go Signed-off-by: Jens Langhammer <jens@goauthentik.io> * rewrite url Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix redis connect in wait_for_db Signed-off-by: Jens Langhammer <jens@goauthentik.io> * censor password when logging error Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update docs Signed-off-by: Jens Langhammer <jens@goauthentik.io> * reword docs Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add redis url generation helper Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2024-04-18 16:49:41 +02:00
Max	1b81973358	outposts/proxy: Fix invalid redirect on external hosts containing path components (#8915 ) * outposts/proxy: Fix invalid redirect on external hosts containing path components Signed-off-by: Max <github@germancoding.com> * outposts/proxy: Fix test for changed redirect logic Signed-off-by: Max <github@germancoding.com> --------- Signed-off-by: Max <github@germancoding.com>	2024-03-19 20:31:08 +01:00
Jens L	104e70c383	root: support redis username (#8935 )	2024-03-18 12:44:38 +01:00
Marc 'risson' Schmitt	d54b410429	outposts/proxy: better Redis error message (#8044 ) * outposts/proxy: better Redis error message Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * Update internal/outpost/proxyv2/application/session.go Co-authored-by: Jens L. <jens@goauthentik.io> Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> --------- Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> Co-authored-by: Jens L. <jens@goauthentik.io>	2024-01-02 20:01:53 +00:00
Jens L	1ea3dae5ac	providers/proxy: use access token (#8022 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-12-30 16:36:43 +01:00
Jens L	729ef4d786	root: bump python deps (django 5) (#7862 ) * bump python deps Signed-off-by: Jens Langhammer <jens@goauthentik.io> * vendor pickle serializer for now Signed-off-by: Jens Langhammer <jens@goauthentik.io> #7761 * cleanup some things and re-build api scheme Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix web and go Signed-off-by: Jens Langhammer <jens@goauthentik.io> * actually fix go...? Signed-off-by: Jens Langhammer <jens@goauthentik.io> * better annotate json fields Signed-off-by: Jens Langhammer <jens@goauthentik.io> * use jsondictfield wherever Signed-off-by: Jens Langhammer <jens@goauthentik.io> * remove all virtualenvs? Signed-off-by: Jens Langhammer <jens@goauthentik.io> * ? Signed-off-by: Jens Langhammer <jens@goauthentik.io> * final version bump Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-12-18 22:07:59 +01:00
Jens L	dc7ffba8fa	internal: remove special route for /outpost.goauthentik.io (#7539 ) With this special route for outpost.goauthentik.io, misdirected requests to /outpost.goauthentik.io/auth/start will create a cookie for the domain authentik is accessed under, which will cause issues with the actual full auth flow. Requests to /outpost.goauthentik.io will still be routed to the outpost, but with this change only when the hostname matches Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-11-13 17:39:40 +01:00
thijs_a	695719540b	providers/proxy: Fix duplicate cookies when using file system store. (#7541 ) Fix duplicate cookies when using file system store.	2023-11-13 15:33:49 +01:00
Jens L	4080080acd	internal: remove deprecated metrics (#7540 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-11-13 14:48:37 +01:00
Jens L	dd4e9030b4	providers/proxy: fix closed redis client (#7385 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-11-03 15:19:21 +01:00
Jens L	7d91842e8a	providers/proxy: attempt to fix duplicate cookie (#7324 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-10-27 00:41:13 +02:00
Jens L	dd7d3bf738	providers/proxy: fix redis cookies missing strict path (#7135 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-10-10 12:17:35 +02:00
Jens L	4db365c947	providers/proxy: improve SLO by backchannel logging out sessions (#7099 ) * outposts: add support for provider-specific websocket messages Signed-off-by: Jens Langhammer <jens@goauthentik.io> * providers/proxy: add custom signal on logout to logout in provider Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-10-09 01:06:52 +02:00
Jens L	efb2823391	internal: fix redis session store (#7011 )	2023-09-28 21:06:27 +02:00
Jens L	c93c6ee6f9	root: replace boj/redistore with vendored version of rbcervilla/redisstore (#6988 ) * root: replace boj/redistore with vendored version of rbcervilla/redisstore Signed-off-by: Jens Langhammer <jens@goauthentik.io> * setup env for go tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-09-26 18:56:37 +02:00
Jens L	1410169af1	providers/proxy: fix JWKS url in embedded outpost (#6644 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-08-28 00:52:01 +02:00
Jens L	9e29789c09	root: fix config loading for outposts (#6640 ) * root: fix config loading for outposts Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix error handling Signed-off-by: Jens Langhammer <jens@goauthentik.io> * improve check to see if outpost is embedded or not Signed-off-by: Jens Langhammer <jens@goauthentik.io> * also fix oauth url fetching Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-08-26 19:40:48 +02:00
Jens L	f6b144a0fa	providers/proxy: only intercept auth header when a value is set (#6488 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-08-06 01:18:20 +02:00
Jens L	0782b3b0fa	providers/proxy: set outpost session cookie to httponly and secure wh… (#6482 ) * providers/proxy: set outpost session cookie to httponly and secure when possible Signed-off-by: Jens Langhammer <jens@goauthentik.io> * set samesite too Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-08-05 22:09:27 +02:00
Alexandre NICOLAIE	a2714ab1f1	outposts: make metrics compliant with Prometheus best-practices (#6398 ) web/outpost: make metrics compliant with Prometheus best-practices Today, all NewHistogramVec store values in nanoseconds without changing the default histogram bucket, which are made for seconds, making them a bit useless. In addition, some metrics names are not self-explanatoryand and do not comply with Prometheus best practices. This commit tries to fix all of this "issues". NOTE: I kept old metrics in order to avoid breaking changes with existing dashboards and metrics. Signed-off-by: Alexandre NICOLAIE <xunleii@users.noreply.github.com>	2023-07-27 18:51:08 +02:00

1 2 3 4

191 Commits