eliott/authentik
1
0
Fork 0
mirror of https://github.com/goauthentik/authentik synced 2026-05-09 08:32:47 +02:00
Code Issues Packages Projects Releases Wiki Activity
21,675 Commits 342 Branches 440 Tags
e7fcfb7e67d5df3e8a8a5da170f18fa4c6b98731
Commit Graph

21675 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
dependabot[bot]
63863dcf53 core: bump gunicorn from 25.2.0 to 25.3.0 (#21187) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-27 12:49:30 +00:00
dependabot[bot]
c0cc333074 ci: bump codecov/codecov-action from 5.5.3 to 6.0.0 in /.github/actions/test-results (#21192) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-27 13:49:06 +01:00
ember ana
70d0ed3456 crypto: improve discovery for mounted k8s TLS Secrets (#17636) 
Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
 2026-03-27 13:47:36 +01:00
dependabot[bot]
5e8784280a core: bump uuid from 1.22.0 to 1.23.0 (#21195) 
Bumps [uuid](https://github.com/uuid-rs/uuid) from 1.22.0 to 1.23.0.
- [Release notes](https://github.com/uuid-rs/uuid/releases)
- [Commits](https://github.com/uuid-rs/uuid/compare/v1.22.0...v1.23.0)

---
updated-dependencies:
- dependency-name: uuid
  dependency-version: 1.23.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-27 12:45:28 +00:00
dependabot[bot]
6541fd2f93 core: bump rust-toolchain from 1.94.0 to 1.94.1 (#21193) 
Bumps [rust-toolchain](https://github.com/rust-lang/rust) from 1.94.0 to 1.94.1.
- [Release notes](https://github.com/rust-lang/rust/releases)
- [Changelog](https://github.com/rust-lang/rust/blob/main/RELEASES.md)
- [Commits](https://github.com/rust-lang/rust/compare/1.94.0...1.94.1)

---
updated-dependencies:
- dependency-name: rust-toolchain
  dependency-version: 1.94.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-27 12:44:30 +00:00
dependabot[bot]
86bd41d804 core: bump ruff from 0.15.7 to 0.15.8 (#21188) 
Bumps [ruff](https://github.com/astral-sh/ruff) from 0.15.7 to 0.15.8.
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](https://github.com/astral-sh/ruff/compare/0.15.7...0.15.8)

---
updated-dependencies:
- dependency-name: ruff
  dependency-version: 0.15.8
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-27 12:44:12 +00:00
Jens L.
b55c989274 web/admin: Cleanup spacing in and around cards (#21199) 
* fix double spacing on tables in cards

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* align policy engine mode

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix more nested table spacing

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* more

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* aaand finish it

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* the rest of the owl

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix padding on lifecycle page

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2026-03-27 13:33:13 +01:00
Jens L.
bfac76ed09 web/elements: Add static table class (#21181) 
* add static table class

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* use it & cleanup

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update bulk delete

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update log viewer

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix sort

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* cleanup

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix bulk delete

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* bulk session table

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* small tweaks

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2026-03-27 11:11:06 +01:00
Connor Peshek
0a73322b0d web/applications: add wsfed to app wizard (#20880) 
* web/applications: add wsfed to app wizard

---------

Co-authored-by: Jens Langhammer <jens@goauthentik.io>
 2026-03-26 20:12:41 -05:00
Jens L.
432bbb0b8c revert: web: bump @openlayers-elements/core from 0.4.0 to 0.5.0 in /web (#21182) 
Revert "web: bump @openlayers-elements/core from 0.4.0 to 0.5.0 in /web (#21169)"

This reverts commit 50e7de8965.
 2026-03-27 00:34:53 +01:00
Jens L.
749cd1402e web/admin: add outposts view page (#21167) 
* init

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* move deployment info, add provider list

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add custom progress for health

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* Tidy. Use new modals.

* Table clean up.

* move health

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com>
 2026-03-27 00:34:41 +01:00
dependabot[bot]
50e7de8965 web: bump @openlayers-elements/core from 0.4.0 to 0.5.0 in /web (#21169) 
* web: bump @openlayers-elements/core from 0.4.0 to 0.5.0 in /web

Bumps [@openlayers-elements/core](https://github.com/openlayers-elements/openlayers-elements) from 0.4.0 to 0.5.0.
- [Release notes](https://github.com/openlayers-elements/openlayers-elements/releases)
- [Commits](https://github.com/openlayers-elements/openlayers-elements/commits)

---
updated-dependencies:
- dependency-name: "@openlayers-elements/core"
  dependency-version: 0.5.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* update both

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
 2026-03-26 23:15:59 +01:00
Jens L.
236276498b website/integrations: add OAUTH_AUTO_REDIRECT for karakeep (#21180) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2026-03-26 19:27:50 +00:00
Webstijlen
28d0b6050f website/integrations: beszel: add email scope (#21176) 
* Update index.mdx

Authentik 2025.10+ needs to reverse a email scope change to work, tested

Signed-off-by: Webstijlen <peterpaul@webstijlen.nl>

* wip

Signed-off-by: Dominic R <dominic@sdko.org>

---------

Signed-off-by: Webstijlen <peterpaul@webstijlen.nl>
Signed-off-by: Dominic R <dominic@sdko.org>
Co-authored-by: Dominic R <dominic@sdko.org>
 2026-03-26 19:22:02 +00:00
Ken Sternberg
6baa127709 web: lint/small type errors (#21179) 
* ## What

         window.authentik.flow = {
             "layout": "{{ flow.layout }}",
    +        "background": "{{ flow.background }}",
    +        "title": "{{ flow.title }}",
         };

Amends the `flow.html` template and `GlobalAuthentik` parser to include new parameters, `background` and `title`, in the flow-specific part of the configuration written to the HTML `<head>` object, and to provide those parameters to client code.

## Why

The `layout` is start-up critical: it tells the Flow interface how the admin wants the Flow page to look, and allows the HTML and CSS to be pre-aligned to that condition. `layout` is determined on a per-Flow bases, not a per-Stage basis; Flows are derived from a tuple of `(Brand, Application?)`, where the opening policy *may* direct a user to a different flow if the user reached authentik via a redirect from a specific application, but will otherwise fall back to the default Flow for the Brand.

The `background` is a field that is required if the `Flow`’s layout is of type `frame_background`; in this case, the part of the viewport not dedicated to the FlowExecutor is reserved for an `<iframe>` that will be filled in with whatever the administrator specifies. Although this gives it the same priority as `layout` (whether it’s provided or undefined) for describing the [chrome](https://developer.mozilla.org/en-US/docs/Glossary/Chrome) around a challenge, it is currently not provided to the application in the start-up config; it is provided in the `challenge` and renders the IFrame as part of the initial challenge.

This patch fixes that; if `layout` is provided, `background` ought to be as well, even if it’s empty. The execution of a Challenge ought not have any influence over the look and feel of the Flow-defined appearance *around* that Challenge.

I have added `title` as well; with that, all of the current theme-and-appearance related configuration details are placed into `<head>` and can be removed from the FlowExecutor.

Server-side, `background` is currently specified: `background = FileField(blank=True, default="")` which is … interesting since we also appear to store URLs in it. I don’t see anything in the FlowSerializer that would change that from a client’s point of view.

This patch furthers the effort to separate flow execution from flow presentation.

- \[🐰\] The code has been formatted (`make web`)

* ## What

Fix two small type declarations in `jsdoc/tsdoc` format used by `tsc` to validate type declarations in vanilla JavaScript.

## Why

I discovered these while cranking TSC 6 up to be as paranoid as possible. These are small and obviously didn’t break anything. They’re still incorrect, and they will be moved from silent warnings to full errors in Typescript 7.

The most notable error is this:

      * @template {string} [Prefix='import.meta.env.']

An `@template` describes to the compiler the name of a generic parameter in the current scope; `{string}` is not generic. The correct way to achieve what’s intended here `@typeParam`.

- \[👩‍⚖️\] The code has been formatted (`make web`)

---------

Co-authored-by: Jens Langhammer <jens@goauthentik.io>
 2026-03-26 20:00:11 +01:00
Marc 'risson' Schmitt
1d06d96aea packages/django-dramatiq-postgres: add index for (queue_name, state, eta) (#21175) 2026-03-26 18:13:51 +00:00
Jens L.
109d5933af root: add git attributes for generated/vendored (#21177) 2026-03-26 19:04:27 +01:00
dependabot[bot]
3730768667 web: bump vite from 8.0.2 to 8.0.3 in /web (#21171) 
* web: bump vite from 8.0.2 to 8.0.3 in /web

Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) from 8.0.2 to 8.0.3.
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/create-vite@8.0.3/packages/vite)

---
updated-dependencies:
- dependency-name: vite
  dependency-version: 8.0.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* Fix import declaration order.

* Fix live reload imports, package declarations.

* Tidy admin entrypoint.

* Rename.

* Fix import.

* Fix import.

* Update paths. Update Knip.

* Bump knip.

* Update esbuild.d.ts

Signed-off-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com>
 2026-03-26 17:35:42 +00:00
Teffen Ellis
1b1be27f6a core, web: Vendored client follow-ups (#21174) 
* core, web: Vendored client follow-ups

- Updated packages for use with TypeScript 6
- Fix search results including symlinks.

* Bump docker package.

* web: bump vite from 8.0.2 to 8.0.3 in /web

Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) from 8.0.2 to 8.0.3.
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/create-vite@8.0.3/packages/vite)

---
updated-dependencies:
- dependency-name: vite
  dependency-version: 8.0.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* Fix import declaration order.

* Fix live reload imports, package declarations.

* Tidy admin entrypoint.

* Rename.

* Fix import.

* Fix import.

* Update paths. Update Knip.

* Bump knip.

* Update esbuild.d.ts

Signed-off-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com>

* Bump.

* Re-enable deprecation warning.

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com>
Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-26 18:33:24 +01:00
Dominic R
12a546e18a website: Enable gtag in production (#21151) 
* website: disable gtag in development

* Use affirmative check.

---------

Co-authored-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com>
 2026-03-26 17:54:24 +01:00
Marc 'risson' Schmitt
31ab7e3ca4 root: cleanup API generation (#21172) 2026-03-26 13:48:01 +00:00
Marc 'risson' Schmitt
ef1d0b0279 packages/client-ts: init (#21120) 
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
 2026-03-26 13:34:48 +01:00
authentik-automation[bot]
527c44ca27 core, web: update translations (#21159) 
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
 2026-03-26 10:18:41 +00:00
dependabot[bot]
91f8abf3d5 website: bump @goauthentik/docusaurus-config from 2.5.1 to 2.6.0 in /website in the docusaurus group (#21161) 
website: bump @goauthentik/docusaurus-config

Bumps the docusaurus group in /website with 1 update: [@goauthentik/docusaurus-config](https://github.com/goauthentik/authentik/tree/HEAD/packages/docusaurus-config).


Updates `@goauthentik/docusaurus-config` from 2.5.1 to 2.6.0
- [Release notes](https://github.com/goauthentik/authentik/releases)
- [Commits](https://github.com/goauthentik/authentik/commits/HEAD/packages/docusaurus-config)

---
updated-dependencies:
- dependency-name: "@goauthentik/docusaurus-config"
  dependency-version: 2.6.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: docusaurus
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-26 10:18:37 +00:00
dependabot[bot]
51ac71d14c core: bump cryptography from 46.0.5 to 46.0.6 (#21162) 
Bumps [cryptography](https://github.com/pyca/cryptography) from 46.0.5 to 46.0.6.
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/pyca/cryptography/compare/46.0.5...46.0.6)

---
updated-dependencies:
- dependency-name: cryptography
  dependency-version: 46.0.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-26 10:18:34 +00:00
dependabot[bot]
412a7fbea5 core: bump library/node from 25.8.1-trixie to 25.8.2-trixie in /website (#21163) 
Bumps library/node from 25.8.1-trixie to 25.8.2-trixie.

---
updated-dependencies:
- dependency-name: library/node
  dependency-version: 25.8.2-trixie
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-26 10:18:30 +00:00
dependabot[bot]
d09ff59dee ci: bump taiki-e/install-action from 2.69.9 to 2.69.10 in /.github/actions/setup (#21164) 
ci: bump taiki-e/install-action in /.github/actions/setup

Bumps [taiki-e/install-action](https://github.com/taiki-e/install-action) from 2.69.9 to 2.69.10.
- [Release notes](https://github.com/taiki-e/install-action/releases)
- [Changelog](https://github.com/taiki-e/install-action/blob/main/CHANGELOG.md)
- [Commits](328a871ad8...7627fb428e)

---
updated-dependencies:
- dependency-name: taiki-e/install-action
  dependency-version: 2.69.10
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-26 10:18:27 +00:00
dependabot[bot]
853cd355ba web: bump the goauthentik group across 1 directory with 3 updates (#21165) 
Bumps the goauthentik group with 3 updates in the /web directory: [@goauthentik/esbuild-plugin-live-reload](https://github.com/goauthentik/authentik/tree/HEAD/packages/esbuild-plugin-live-reload), [@goauthentik/prettier-config](https://github.com/goauthentik/authentik/tree/HEAD/packages/prettier-config) and [@goauthentik/tsconfig](https://github.com/goauthentik/authentik/tree/HEAD/packages/tsconfig).


Updates `@goauthentik/esbuild-plugin-live-reload` from 1.6.1 to 2.0.0
- [Release notes](https://github.com/goauthentik/authentik/releases)
- [Commits](https://github.com/goauthentik/authentik/commits/HEAD/packages/esbuild-plugin-live-reload)

Updates `@goauthentik/prettier-config` from 3.4.3 to 3.5.0
- [Release notes](https://github.com/goauthentik/authentik/releases)
- [Commits](https://github.com/goauthentik/authentik/commits/HEAD/packages/prettier-config)

Updates `@goauthentik/tsconfig` from 1.0.7 to 1.0.8
- [Release notes](https://github.com/goauthentik/authentik/releases)
- [Commits](https://github.com/goauthentik/authentik/commits/HEAD/packages/tsconfig)

---
updated-dependencies:
- dependency-name: "@goauthentik/esbuild-plugin-live-reload"
  dependency-version: 2.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: goauthentik
- dependency-name: "@goauthentik/prettier-config"
  dependency-version: 3.5.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: goauthentik
- dependency-name: "@goauthentik/tsconfig"
  dependency-version: 1.0.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: goauthentik
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-26 10:18:23 +00:00
dependabot[bot]
8262989de0 web: bump typescript from 5.9.3 to 6.0.2 in /web (#21107) 
* Bump related TS packages.

* Fix type.

* Fix styles.

* web: bump typescript from 5.9.3 to 6.0.2 in /web

Bumps [typescript](https://github.com/microsoft/TypeScript) from 5.9.3 to 6.0.2.
- [Release notes](https://github.com/microsoft/TypeScript/releases)
- [Commits](https://github.com/microsoft/TypeScript/compare/v5.9.3...v6.0.2)

---
updated-dependencies:
- dependency-name: typescript
  dependency-version: 6.0.2
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* Partial upgrade.

* Add dep.

* Re-add preinstall.

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-26 01:35:40 +01:00
Jens L.
ed4d75cbdc web/flows: fix continuous flow leftovers (#21158) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2026-03-26 01:27:25 +01:00
dependabot[bot]
8d24668ce7 web: bump picomatch from 4.0.3 to 4.0.4 (#21157) 
Bumps [picomatch](https://github.com/micromatch/picomatch) from 4.0.3 to 4.0.4.
- [Release notes](https://github.com/micromatch/picomatch/releases)
- [Changelog](https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md)
- [Commits](https://github.com/micromatch/picomatch/compare/4.0.3...4.0.4)

---
updated-dependencies:
- dependency-name: picomatch
  dependency-version: 4.0.4
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-26 01:08:08 +01:00
dependabot[bot]
40ae86504f web: bump yaml from 2.8.2 to 2.8.3 (#21156) 
Bumps [yaml](https://github.com/eemeli/yaml) from 2.8.2 to 2.8.3.
- [Release notes](https://github.com/eemeli/yaml/releases)
- [Commits](https://github.com/eemeli/yaml/compare/v2.8.2...v2.8.3)

---
updated-dependencies:
- dependency-name: yaml
  dependency-version: 2.8.3
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-26 01:06:54 +01:00
dependabot[bot]
986d1360ca website: bump picomatch in /website (#21155) 
Bumps  and [picomatch](https://github.com/micromatch/picomatch). These dependencies needed to be updated together.

Updates `picomatch` from 4.0.3 to 4.0.4
- [Release notes](https://github.com/micromatch/picomatch/releases)
- [Changelog](https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md)
- [Commits](https://github.com/micromatch/picomatch/compare/4.0.3...4.0.4)

Updates `picomatch` from 2.3.1 to 2.3.2
- [Release notes](https://github.com/micromatch/picomatch/releases)
- [Changelog](https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md)
- [Commits](https://github.com/micromatch/picomatch/compare/4.0.3...4.0.4)

---
updated-dependencies:
- dependency-name: picomatch
  dependency-version: 4.0.4
  dependency-type: indirect
- dependency-name: picomatch
  dependency-version: 2.3.2
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-26 00:07:25 +01:00
dependabot[bot]
c294d90bee web: bump smol-toml from 1.6.0 to 1.6.1 (#21154) 
Bumps [smol-toml](https://github.com/squirrelchat/smol-toml) from 1.6.0 to 1.6.1.
- [Release notes](https://github.com/squirrelchat/smol-toml/releases)
- [Commits](https://github.com/squirrelchat/smol-toml/compare/v1.6.0...v1.6.1)

---
updated-dependencies:
- dependency-name: smol-toml
  dependency-version: 1.6.1
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-26 00:06:30 +01:00
dependabot[bot]
a2668346fd web: bump picomatch from 2.3.1 to 2.3.2 in /web (#21153) 
Bumps [picomatch](https://github.com/micromatch/picomatch) from 2.3.1 to 2.3.2.
- [Release notes](https://github.com/micromatch/picomatch/releases)
- [Changelog](https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md)
- [Commits](https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2)

---
updated-dependencies:
- dependency-name: picomatch
  dependency-version: 2.3.2
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-26 00:05:58 +01:00
dependabot[bot]
02a39cf379 web: bump smol-toml from 1.6.0 to 1.6.1 in /web (#21152) 
Bumps [smol-toml](https://github.com/squirrelchat/smol-toml) from 1.6.0 to 1.6.1.
- [Release notes](https://github.com/squirrelchat/smol-toml/releases)
- [Commits](https://github.com/squirrelchat/smol-toml/compare/v1.6.0...v1.6.1)

---
updated-dependencies:
- dependency-name: smol-toml
  dependency-version: 1.6.1
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-26 00:05:30 +01:00
Jens L.
3eb20c079f root: optimise api client generation speed (#21141) 
Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
 2026-03-25 22:35:54 +00:00
LuisThe0ne
970a1ef347 website/integrations: nextcloud add back-channel logout documentation (#21147) 
* website/integrations: nextcloud add back-channel logout documentation

Signed-off-by: LuisThe0ne <76198980+LuisThe0ne@users.noreply.github.com>

* wip

---------

Signed-off-by: LuisThe0ne <76198980+LuisThe0ne@users.noreply.github.com>
Co-authored-by: Dominic R <dominic@sdko.org>
 2026-03-25 21:59:30 +00:00
dependabot[bot]
a6e90ebbd7 core: bump requests from 2.32.5 to 2.33.0 (#21146) 
Bumps [requests](https://github.com/psf/requests) from 2.32.5 to 2.33.0.
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](https://github.com/psf/requests/compare/v2.32.5...v2.33.0)

---
updated-dependencies:
- dependency-name: requests
  dependency-version: 2.33.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-25 19:04:30 +01:00
dependabot[bot]
24a066e2a0 web: bump chromedriver from 146.0.5 to 146.0.6 in /web (#21128) 
* web: bump chromedriver from 146.0.5 to 146.0.6 in /web

Bumps [chromedriver](https://github.com/giggio/node-chromedriver) from 146.0.5 to 146.0.6.
- [Commits](https://github.com/giggio/node-chromedriver/compare/146.0.5...146.0.6)

---
updated-dependencies:
- dependency-name: chromedriver
  dependency-version: 146.0.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* blergh

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
 2026-03-25 18:44:26 +01:00
Ken Sternberg
7fc58a455c web/flow: provide layout url as needed (#20991) 
## What

         window.authentik.flow = {
             "layout": "{{ flow.layout }}",
    +        "background": "{{ flow.background }}",
    +        "title": "{{ flow.title }}",
         };

Amends the `flow.html` template and `GlobalAuthentik` parser to include new parameters, `background` and `title`, in the flow-specific part of the configuration written to the HTML `<head>` object, and to provide those parameters to client code.

## Why

The `layout` is start-up critical: it tells the Flow interface how the admin wants the Flow page to look, and allows the HTML and CSS to be pre-aligned to that condition. `layout` is determined on a per-Flow bases, not a per-Stage basis; Flows are derived from a tuple of `(Brand, Application?)`, where the opening policy *may* direct a user to a different flow if the user reached authentik via a redirect from a specific application, but will otherwise fall back to the default Flow for the Brand.

The `background` is a field that is required if the `Flow`’s layout is of type `frame_background`; in this case, the part of the viewport not dedicated to the FlowExecutor is reserved for an `<iframe>` that will be filled in with whatever the administrator specifies. Although this gives it the same priority as `layout` (whether it’s provided or undefined) for describing the [chrome](https://developer.mozilla.org/en-US/docs/Glossary/Chrome) around a challenge, it is currently not provided to the application in the start-up config; it is provided in the `challenge` and renders the IFrame as part of the initial challenge.

This patch fixes that; if `layout` is provided, `background` ought to be as well, even if it’s empty. The execution of a Challenge ought not have any influence over the look and feel of the Flow-defined appearance *around* that Challenge.

I have added `title` as well; with that, all of the current theme-and-appearance related configuration details are placed into `<head>` and can be removed from the FlowExecutor.

Server-side, `background` is currently specified: `background = FileField(blank=True, default="")` which is … interesting since we also appear to store URLs in it. I don’t see anything in the FlowSerializer that would change that from a client’s point of view.

This patch furthers the effort to separate flow execution from flow presentation.

- \[🐰\] The code has been formatted (`make web`)
 2026-03-25 10:05:24 -07:00
Jens L.
293801537c endpoints/connectors: fix enabled flag not respected (#21144) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2026-03-25 17:55:05 +01:00
dependabot[bot]
fc47b95821 web: bump vite from 7.3.1 to 8.0.2 in /web (#21109) 
* web: bump vite from 7.3.1 to 8.0.2 in /web

Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) from 7.3.1 to 8.0.2.
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/create-vite@8.0.2/packages/vite)

---
updated-dependencies:
- dependency-name: vite
  dependency-version: 8.0.2
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump Vite.

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com>
 2026-03-25 17:46:24 +01:00
Tana M Berry
a6c5540369 website/docs: add a single page about our user interface, document Consent stage (#20533) 
* rough draft

* more content, still drafty

* wow the Consent stage is interesting

* figured out consent policy binding

* more content

* tweak

* add steps to create Consent stage

* add to sidebar, more procedural content

* tested steps, more polish

* fixed mangled section

* work on user interface doc

* tweak to App paassword section

* tweaks about App passwords

* more mfa content

* tweaks

* website/docs/add-secure-apps/flows-stages/stages/consent/index.md

* fix link

* add info about recovery flow, tweaks

* removed/reworded talk of custom flows

* dominic edits

* rest of dominic's edits

* more excellent edits by dominic

* more dominc edits

* another edit

* more edits, restored unwanted files

* tweaks

* tweak to a preposition

* jens edits

* removed unrelated change to cspell file

* Apply suggestion from @BeryJu

Signed-off-by: Jens L. <jens@beryju.org>

* Jens edits

* two missed edits

---------

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Jens L. <jens@beryju.org>
Co-authored-by: Jens L. <jens@goauthentik.io>
 2026-03-25 16:25:39 +00:00
dependabot[bot]
0a951f0c84 website: bump the build group across 1 directory with 9 updates (#21127) 
* website: bump the build group across 1 directory with 9 updates

Bumps the build group with 9 updates in the /website directory:

| Package | From | To |
| --- | --- | --- |
| [@rspack/binding-darwin-arm64](https://github.com/web-infra-dev/rspack/tree/HEAD/packages/rspack) | `1.7.9` | `1.7.10` |
| [@rspack/binding-linux-arm64-gnu](https://github.com/web-infra-dev/rspack/tree/HEAD/packages/rspack) | `1.7.9` | `1.7.10` |
| [@rspack/binding-linux-x64-gnu](https://github.com/web-infra-dev/rspack/tree/HEAD/packages/rspack) | `1.7.9` | `1.7.10` |
| [@swc/core-darwin-arm64](https://github.com/swc-project/swc) | `1.15.18` | `1.15.21` |
| [@swc/core-linux-arm64-gnu](https://github.com/swc-project/swc) | `1.15.18` | `1.15.21` |
| [@swc/core-linux-x64-gnu](https://github.com/swc-project/swc) | `1.15.18` | `1.15.21` |
| [@swc/html-darwin-arm64](https://github.com/swc-project/swc) | `1.15.18` | `1.15.21` |
| [@swc/html-linux-arm64-gnu](https://github.com/swc-project/swc) | `1.15.18` | `1.15.21` |
| [@swc/html-linux-x64-gnu](https://github.com/swc-project/swc) | `1.15.18` | `1.15.21` |



Updates `@rspack/binding-darwin-arm64` from 1.7.9 to 1.7.10
- [Release notes](https://github.com/web-infra-dev/rspack/releases)
- [Commits](https://github.com/web-infra-dev/rspack/commits/v1.7.10/packages/rspack)

Updates `@rspack/binding-linux-arm64-gnu` from 1.7.9 to 1.7.10
- [Release notes](https://github.com/web-infra-dev/rspack/releases)
- [Commits](https://github.com/web-infra-dev/rspack/commits/v1.7.10/packages/rspack)

Updates `@rspack/binding-linux-x64-gnu` from 1.7.9 to 1.7.10
- [Release notes](https://github.com/web-infra-dev/rspack/releases)
- [Commits](https://github.com/web-infra-dev/rspack/commits/v1.7.10/packages/rspack)

Updates `@swc/core-darwin-arm64` from 1.15.18 to 1.15.21
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.15.18...v1.15.21)

Updates `@swc/core-linux-arm64-gnu` from 1.15.18 to 1.15.21
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.15.18...v1.15.21)

Updates `@swc/core-linux-x64-gnu` from 1.15.18 to 1.15.21
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.15.18...v1.15.21)

Updates `@swc/html-darwin-arm64` from 1.15.18 to 1.15.21
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.15.18...v1.15.21)

Updates `@swc/html-linux-arm64-gnu` from 1.15.18 to 1.15.21
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.15.18...v1.15.21)

Updates `@swc/html-linux-x64-gnu` from 1.15.18 to 1.15.21
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.15.18...v1.15.21)

---
updated-dependencies:
- dependency-name: "@rspack/binding-darwin-arm64"
  dependency-version: 1.7.10
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
- dependency-name: "@rspack/binding-linux-arm64-gnu"
  dependency-version: 1.7.10
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
- dependency-name: "@rspack/binding-linux-x64-gnu"
  dependency-version: 1.7.10
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
- dependency-name: "@swc/core-darwin-arm64"
  dependency-version: 1.15.21
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
- dependency-name: "@swc/core-linux-arm64-gnu"
  dependency-version: 1.15.21
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
- dependency-name: "@swc/core-linux-x64-gnu"
  dependency-version: 1.15.21
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
- dependency-name: "@swc/html-darwin-arm64"
  dependency-version: 1.15.21
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
- dependency-name: "@swc/html-linux-arm64-gnu"
  dependency-version: 1.15.21
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
- dependency-name: "@swc/html-linux-x64-gnu"
  dependency-version: 1.15.21
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
...

Signed-off-by: dependabot[bot] <support@github.com>

* sigh

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
 2026-03-25 17:19:06 +01:00
dependabot[bot]
b56f468710 web: bump knip from 5.88.1 to 6.0.5 in /web (#21129) 
Bumps [knip](https://github.com/webpro-nl/knip/tree/HEAD/packages/knip) from 5.88.1 to 6.0.5.
- [Release notes](https://github.com/webpro-nl/knip/releases)
- [Commits](https://github.com/webpro-nl/knip/commits/knip@6.0.5/packages/knip)

---
updated-dependencies:
- dependency-name: knip
  dependency-version: 6.0.5
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-25 17:04:02 +01:00
dependabot[bot]
237423d458 core: bump drf-spectacular from 0.28.0 to 0.29.0 (#19420) 
* core: bump drf-spectacular from 0.28.0 to 0.29.0

Bumps [drf-spectacular](https://github.com/tfranzel/drf-spectacular) from 0.28.0 to 0.29.0.
- [Release notes](https://github.com/tfranzel/drf-spectacular/releases)
- [Changelog](https://github.com/tfranzel/drf-spectacular/blob/master/CHANGELOG.rst)
- [Commits](https://github.com/tfranzel/drf-spectacular/compare/0.28.0...0.29.0)

---
updated-dependencies:
- dependency-name: drf-spectacular
  dependency-version: 0.29.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* add fix for warnings

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update API

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix web

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
 2026-03-25 16:23:38 +01:00
Marc 'risson' Schmitt
2f70351c90 packages/client-go: init (#21139) 
* packages/client-go: init

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* format

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* remove mod/sum

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix translate

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* no go replace

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update rust makefile with pwd

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* fix build

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix docs

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* don't need a version ig?

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* exclude go client from cspell

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix main docker build

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
 2026-03-25 15:26:50 +01:00
William Howell
d2f3df72b1 providers/proxy: Add a default maxResponseBodySize to Traefik Middleware (#21111) 
* Add default maxResponseBodySize to traefik middleware component

* Fix AttributeError when patching custom kubernetes objects

* format

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
 2026-03-25 14:39:49 +01:00
dependabot[bot]
4a5902c3f2 core: bump library/nginx from dec7a90 to 7150b3a in /website (#21137) 
Bumps library/nginx from `dec7a90` to `7150b3a`.

---
updated-dependencies:
- dependency-name: library/nginx
  dependency-version: 1.29-trixie
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-25 13:00:28 +00:00