* test format
* ran make docs
* Updated integration guides with the old label "Create with Provider" to new label of "New Application".
* mention drop-down menu
* add ellipses
* edit procedure
* update create a user
* edit first steps doc
* punctuation
* dewi and dominic edits
* typo
* tweak
* more dominic edits
* tweak and ran make install
* tweak and ran uv lock
* edit dir to folder
* wtfci
* undo uv.lock change
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* removed mention of selecting folder
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Dominic R <dominic@goauthentik.io>
* .
* Did I miss something?
* That was a stupid spelling error.
* ## What
Extend ak-drawer to comply with the full specification; port ak-drawer to use Patternfly 5; vendor the Patternfly 5 subsystems directly responsible for the Drawer into the CSS.
## Why
To meet the requirements of the Drawer, of the LightDOM project, and of the Patternfly 5 vendoring port.
## Details
The Drawer’s internal CSS is now entirely within the Lit framework; the controlling CSS is namespaced to `ak-v2-c--drawer` and placed into the global CSS. Every bit of the drawer has a `part` name, so it can be customized to your heart’s content.
Added stylelint to make sure I’m doing this correctly.
* TSC (!) had opinions.
* Re-arranged to avoid having a 'devDependencies' block.
* Nobody liked this choice.
* Extend ak-drawer to comply with the full specification; port ak-drawer to use Patternfly 5; vendor the Patternfly 5 subsystems directly responsible for the Drawer into the CSS.
This drawer is completely independent of Patternfly 4; it brings everything in-house, everything is under `ak-v2-c-drawer`, and we read our variables from `ak-v2-global` entries as part of the style folder.
The contents of the folder are slotted, so they’re part of the parent DOM and parent CSS context, and can be controlled from there without having to do any magic on the Drawer.
To comply with the standards of the HTML disclosure pattern, the drawer uses `expanded` instead of `open`; it listens for an event to trigger open/close; it emits a `toggle` event when completed. Shortcoming: to completely comply with the disclosure pattern, it should emit a `beforeToggle` to let other clients intercept the request and prevent it from happening, but we don’t do that yet.
Unlike the previous drawer, this one has `resizable`, `position`, `inline/static`, and responsive width breakpoints, all features of the Patternfly 5 React web-component. The resizable variant gives you a visible handle, and even responds to keyborad controls.
Along with the native control through CSS Custom Properties, every part of the component has a `part` declaration, so if you *really* want to customize the thing that’s now possible.
Unlike the Patternfly 5 React version, we impose **no** structure on the internals of the component; no padding, no margin, no header/main/footer segmentation. That pattern is universal, and doesn’t need to be specified for each and every component. If you need that, build it into whatever element you put into the unnamed “main” or `panel` slots.
There is a comprehensive Storybook story page for the component.
To meet the requirements of the Drawer, of the LightDOM project, and of the Patternfly 5 vendoring port.
* Prettier has opinions, as usual.
* UV lockfile update required.
* Restoring from main.
* Merge screwed up the library resolveds again.
* A hail-mary pass.
* Still trying to get this past lint.
* Updgrade Typescript to use Typescript 7 (aka TSGO)
* web: drop `packages/` and composite from `tsc -p .` graph (#22100)
Excluding the workspace subpackages cuts the program graph from 2719 to
1800 non-`node_modules` files (-34%) — most of the drop is the 912
generated files in `packages/client-ts/src/`, which are pulled in by
the recursive include glob even though that package has its own
composite tsconfig and is consumed via `@goauthentik/api/dist/*.d.ts`.
The base `@goauthentik/tsconfig` sets `composite: true`, which forced
TS6307 the moment we tried to exclude `packages/` (`@goauthentik/core`
imports get followed into `web/packages/core/`). Nothing references
`web` in this repo, so disabling composite is safe; `incremental` is
inherited from the base and still drives the `.tsbuildinfo` cache.
On this branch:
- cold `tsc -p .` 26.3s → 22.7s (-14%)
- warm `tsc -p .` 4.1s → 3.5s (-15%)
- `npm run precommit` 39.9s → 37.9s warm
Type coverage is unchanged: each excluded package already type-checks
itself via its own tsconfig + build, and stories/tests/e2e remain in
the include set.
Co-Authored-By: Agent (authentik-i22100-affordable-constant-chartreuse) <279763771+playpen-agent@users.noreply.github.com>
* Fix types.
---------
Co-authored-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com>
Co-authored-by: Agent (authentik-i22100-affordable-constant-chartreuse) <279763771+playpen-agent@users.noreply.github.com>
WebdriverIO was replaced by Playwright in #11598; chromedriver has
been an unused optionalDependency since. Drops 34 transitive packages
(basic-ftp, proxy-agent, pac-proxy-agent, get-uri, ...) and eliminates
roughly 21 dependabot PRs every 6 months with no functional change.
Co-authored-by: Agent <279763771+playpen-agent@users.noreply.github.com>
- Use the pending lockdown target in the example blueprint warning and avoid repeating the username when email/name is not distinct.
- Hide the admin Account Lockdown action for internal service accounts.
# What
1. Moves the notifications folder from elements to components: the API and Notifications drawers are API-aware. If we want to separate that out and do something unique, we can, but for now, let’s just get things where they should be.
2. Adjusts all the imports correctly.
3. (Minor): Mutating the array and then calling `requestUpdate()`, especially when the array is then sorted-and-reversed, doesn’t save anything over creating a new array with the new item shifted onto the head, sorted once, and then saved to the property, which triggers an update automatically.
* main: (47 commits)
core: bump python-kadmin-rs from 0.7.1 to 0.7.2 (#22234)
website: bump react-dom from 19.2.5 to 19.2.6 in /website (#22198)
web: bump the react group across 1 directory with 2 updates (#22208)
web: bump knip from 6.9.0 to 6.11.0 in /web (#22212)
web: bump @formatjs/intl-listformat from 8.3.4 to 8.3.5 in /web (#22211)
website: bump react from 19.2.5 to 19.2.6 in /website (#22199)
core: update psycopg[pool] requirement from <4,>=3 to >=3.3.4,<4 (#22201)
core: bump the uv group across 1 directory with 2 updates (#22237)
ci: fix make gen in release workflows (#22235)
ci: run make gen when tagging a new release (#22229)
ci: Improve branch-off action description (#22188)
web/admin: fix user wizard close button (#22222)
core: bump pydantic from 2.13.3 to 2.13.4 (#22207)
core: bump tokio from 1.52.1 to 1.52.2 (#22160)
core: bump library/node from `735dd68` to `4f2b45e` in /lifecycle/container (#22210)
core, web: update translations (#22140)
core: bump twilio from 9.10.5 to 9.10.9 (#22202)
core: bump python-kadmin-rs from 0.7.0 to 0.7.1 (#22205)
core: bump cachetools from 7.0.6 to 7.1.1 (#22204)
core: bump types-requests from 2.33.0.20260408 to 2.33.0.20260503 (#22206)
...
* docs/integrations: Update all guides to match auto generated issuer
* clean up audience mismatches
* clean up more
* update saml providers page
* fix url breaking build
* clean up pipeline errors
* Apply suggestion from @dominic-r
Signed-off-by: Dominic R <dominic@goauthentik.io>
---------
Signed-off-by: Dominic R <dominic@goauthentik.io>
Co-authored-by: Dominic R <dominic@goauthentik.io>
* web/admin: fix log-viewer layout again
I thought I only recently fixed this...?
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* switch closeAfterSuccessfulSubmit -> keepOpenAfterSubmit with correct attribute name and false as default
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* main:
root: ensure uv sync does not update uv.lock (#22084)
core: bump dramatiq from 1.17.1 to 2.1.0 (#22076)
web: Fix Vendored Lex package. Add Unit Tests (#22083)
core, web: update translations (#22074)
website: bump the build group in /website with 6 updates (#22075)
web: bump ip-address from 10.1.0 to 10.2.0 in /web (#22082)
web: bump the swc group across 1 directory with 11 updates (#22078)
ci: bump taiki-e/install-action from 2.75.29 to 2.75.30 in /.github/actions/setup (#22077)
web: bump country-flag-icons from 1.6.16 to 1.6.17 in /web (#22079)
web: bump yaml from 2.8.3 to 2.8.4 in /web (#22080)
core: bump sentry from 0.47.0 to 0.48.0 (#22081)
packages/client-ts: Fix TypeScript config, ESBuild warnings (#21863)
web: fix identification stage OUIA attributes (#22049)
stages/invitation: Invitation wizard (#20399)
Web/release202604/nits 2 (#22040)
web: Gracefully handle missing element construction. (#21787)
* main: (24 commits)
root: update django to 5.2.14 (#22064)
tenants: add option to mark flag as deprecated (#22063)
web/stages: better wording for webauthn authenticator attachments options (#22062)
web: bump vite from 8.0.8 to 8.0.10 in /web (#21842)
api: set authenticated session user agent nullable properties (#22059)
web/admin: redirect stage: adds mention of static url (#22060)
web: bump axios from 1.15.0 to 1.16.0 in /web (#22058)
providers/oauth2: override RedirectURITypeEnum capitalization for generated API (#22037)
website/docs: document language settings (#21968)
website/docs: document supported PostgreSQL versions (#21967)
website: bump docusaurus-theme-openapi-docs from 5.0.1 to 5.0.2 in /website (#22052)
web: bump the storybook group across 1 directory with 5 updates (#22024)
revert: web: Consistent use of "User Dashboard" (#22038) (#22046)
core: bump metrics-exporter-prometheus from 0.18.1 to 0.18.3 (#22057)
core, web: update translations (#22047)
core: bump cryptography from 47.0.0 to 48.0.0 (#22053)
core: bump psycopg[c,pool] from 3.3.3 to 3.3.4 (#22054)
ci: bump taiki-e/install-action from 2.75.28 to 2.75.29 in /.github/actions/setup (#22056)
web: remove native fieldset borders from action groups (#21334)
website/docs: document blueprint import options (#21973)
...
* main:
web/admin: use bindings form for app entitlements (#22007)
website/integrations: Add guide to integrate Technitium DNS with authentik (#21826)
website/docs: clarify M2M scope requests (#21977)
website/docs: clarify LDAP TLS verification (#21974)
website/docs: clarify blueprint identifiers (#21976)
website/docs: document promoted sources (#21979)
lifecycle/aws: bump aws-cdk from 2.1118.4 to 2.1119.0 in /lifecycle/aws (#22001)
web: bump the swc group across 1 directory with 11 updates (#22004)
core: bump uvicorn[standard] from 0.45.0 to 0.46.0 (#22002)
web: bump @sentry/browser from 10.49.0 to 10.50.0 in /web in the sentry group across 1 directory (#22003)
ci: bump taiki-e/install-action from 2.75.23 to 2.75.25 in /.github/actions/setup (#22005)
core: bump reqwest from 0.13.2 to 0.13.3 (#22006)
stages/authenticator_webauthn: Update FIDO MDS3 & Passkey aaguid blobs (#21999)
core, web: update translations (#21998)
enterprise: account lockdown (#18615)
enterprise/lifecycle: remove one review per object limitation (#21046)
* main:
web: bump knip from 6.6.0 to 6.6.3 in /web (#21981)
packages/ak-common/tracing: make log level lowercase (#21991)
root: only allow listen failure in dev (#21987)
flows: preserve signed background URLs in CSS (#21868)
core, web: update translations (#21966)
core: fix search for app entitlements failing (#21944)
ci: bump taiki-e/install-action from 2.75.22 to 2.75.23 in /.github/actions/setup (#21982)
website/integrations: Refactor and cleanup GitHub Enterprise (#21685)
web: Clear remember me before navigation. (#21647)
web: bump knip from 6.4.1 to 6.6.0 in /web (#21957)
core: bump github.com/getsentry/sentry-go from 0.45.1 to 0.46.0 (#21955)
core: bump uvicorn[standard] from 0.44.0 to 0.45.0 (#21956)
core: bump rustls from 0.23.39 to 0.23.40 (#21958)
core: support hashed password in users API + automated install (#18686)
core, web: update translations (#21952)
providers/saml: generate issuer url when provider is set on app (#18022)
* main: (269 commits)
root: fix rust build with uv-installed Python (#21858)
core: add support for hiding applications from the user dashboard (#21530)
core: bump ruff from 0.15.11 to 0.15.12 (#21871)
packages/ak-axum/router: add X-Powered-By to all responses (#21940)
core: bump microsoft-kiota-serialization-form from 1.9.8 to v1.10.1 (#21909)
core: bump pytest-randomly from 4.0.1 to 4.1.0 (#21873)
core: users/groups reduce number of database queries (#20431)
core: bump types-channels from 4.3.0.20260408 to 4.3.0.20260421 (#21872)
ci: bump taiki-e/install-action from 2.75.21 to 2.75.22 in /.github/actions/setup (#21877)
core, web: update translations (#21870)
sources/oauth: ensure user ID is returned as str (#21880)
translate: Updates for project authentik and language no_NO (#21862)
core: bump maxminddb from 3.0.0 to v3.1.1 (#21907)
core: bump prometheus-client from 0.24.0 to v0.25.0 (#21919)
core: bump azure-identity from 1.25.1 to v1.25.3 (#21886)
core: bump aiohttp from 3.13.4 to v3.13.5 (#21882)
core: bump anyio from 4.12.1 to v4.13.0 (#21883)
core: bump asgiref from 3.11.0 to v3.11.1 (#21884)
core: bump azure-core from 1.38.0 to v1.39.0 (#21885)
core: bump blessed from 1.25.0 to v1.38.0 (#21887)
...
* main: (36 commits)
web/e2e: accept options in NavigatorFixture.waitForPathname (#21507)
web/styles: switch to upstream RedHat variable fonts and brighten orange palette (#21509)
web/styles: add ak-c-loading-skeleton CSS component (#21510)
core, web: update translations (#21532)
core: bump lxml from 6.0.2 to 6.0.3 (#21523)
core: bump library/node from `45babd1` to `9707cd4` in /lifecycle/container (#21522)
tasks: better error message for Retry exceptions (#18235)
web/admin: fix user list avatar (#21531)
core: bump django from v5.2.12 to 5.2.13 (#21520)
core: add cooldown to dependabot (#21286)
web/admin: include avatar in user list page (#21518)
events: add index on Event.user.pk (#19576)
ci: always run apt update (#21516)
enterprise/search: move QL to open source] (#21484)
core: add logging when session decode fails (#21514)
website/docs: Refactor email configuration (#21130)
core: bump types-ldap3 from 2.9.13.20260402 to 2.9.13.20260408 (#21493)
packages/ak-common/db: init (#21357)
packages/ak-axum/extract/host: init (#21323)
web: bump knip from 6.3.0 to 6.3.1 in /web (#21505)
...
* main: (58 commits)
packages/ak-axum/error: init (#21315)
packages/ak-axum: init (#21313)
website: bump the build group across 1 directory with 9 updates (#21396)
core: bump jwcrypto from 1.5.6 to 1.5.7 (#21423)
web: bump fuse.js from 7.1.0 to 7.3.0 in /web (#21429)
web: bump the bundler group across 1 directory with 3 updates (#21425)
web: bump cspell from 9.7.0 to 10.0.0 (#21427)
web: bump knip from 6.1.0 to 6.3.0 in /web (#21428)
sources/ldap: Switch to new connection tracking, deprecated attribute-based connection (#21392)
packages/ak-common/mode: init (#21259)
packages/ak-common/tracing: init (#21263)
web/admin: Improve WS-Fed algo selection logic (#20881)
packages/ak-common/tls: init (#21262)
packages/ak-common/config: add set helper for tests (#21356)
tasks: allow retry for rejected tasks only (#21433)
core, web: update translations (#21394)
website/docs: clarify file upload troubleshooting (#21361)
ci: bump aws-actions/configure-aws-credentials from 6.0.0 to 6.1.0 (#21424)
core: bump uvicorn[standard] from 0.43.0 to 0.44.0 (#21422)
ci: bump taiki-e/install-action from 2.73.0 to 2.74.0 in /.github/actions/setup (#21426)
...
* main: (26 commits)
root: fix compose generation for patch releases release candidates (#21353)
web: bump @swc/cli from 0.8.0 to 0.8.1 in /web in the swc group across 1 directory (#21300)
providers/proxy: fix oidc client not using socket in embedded outpost (#21280)
packages/client-rust: fix portable sed usage (#21337)
packages/ak-common/tokio/proxy_procotol: init (#21311)
packages/ak-common/config: init (#21256)
core: bump beryju.io/ldap from 0.1.0 to 0.2.1 (#21235)
web: bump @sentry/browser from 10.46.0 to 10.47.0 in /web in the sentry group across 1 directory (#21297)
packages/ak-common/arbiter: init (#21253)
website/docs: fix full dev setup ordering (#21332)
core: bump types-docker from 7.1.0.20260328 to 7.1.0.20260402 (#21342)
packages/ak-common: rename from ak-lib (#21314)
root: fix rustfmt config (#21312)
core: bump types-ldap3 from 2.9.13.20260319 to 2.9.13.20260402 (#21343)
web: bump the bundler group across 1 directory with 4 updates (#21345)
core: bump aiohttp from 3.13.3 to 3.13.4 (#21333)
core, web: update translations (#21335)
lifecycle/aws: bump aws-cdk from 2.1115.1 to 2.1116.0 in /lifecycle/aws (#21338)
core: bump types-requests from 2.33.0.20260327 to 2.33.0.20260402 (#21339)
core: bump django-stubs[compatible-mypy] from 6.0.1 to 6.0.2 (#21340)
...
* main:
translate: Updates for project authentik and language fr_FR (#21285)
packages/django-postgres-cache: rework to use ORM (#17771)
providers/saml: Fix redirect for saml slo (#21258)
core: fix provider not nullable (#21275)
website/docs: ad source: add note about ldap signing (#21274)
website/api: update API clients doc (#21202)
ci: bump taiki-e/install-action from 2.70.2 to 2.70.3 in /.github/actions/setup (#21267)
lifecycle/aws: bump aws-cdk from 2.1114.1 to 2.1115.0 in /lifecycle/aws (#21265)
core, web: update translations (#21264)
packages/ak-lib: init (#21257)
website/docs: document group_uuid as a property for group object (#20865)
web/flow: extract lifecycle events peripheral to stage management into their own controllers (#20898)
core: bump pygments from 2.19.2 to 2.20.0 (#21260)
website/docs: add grafana dashboard (#21254)
* main: (52 commits)
stages/authenticator_webauthn: save attestation certificate when creating credential (#20095)
web/admin: fix missing icon on app view page (#21251)
web/elements: allow table per-column options (#21250)
ci: bump actions/setup-go from 6.3.0 to 6.4.0 (#21245)
web: bump knip from 6.0.6 to 6.1.0 in /web (#21241)
web: bump globby from 16.1.1 to 16.2.0 in /web (#21242)
core: bump types-requests from 2.32.4.20260324 to 2.33.0.20260327 (#21236)
core: bump types-docker from 7.1.0.20260322 to 7.1.0.20260328 (#21237)
core: bump aws-cdk-lib from 2.244.0 to 2.245.0 (#21238)
ci: bump int128/docker-manifest-create-action from 2.16.0 to 2.17.0 (#21244)
ci: bump astral-sh/setup-uv from 7.6.0 to 8.0.0 in /.github/actions/setup (#21246)
ci: bump taiki-e/install-action from 2.69.12 to 2.70.2 in /.github/actions/setup (#21247)
ci: bump actions/setup-go from 6.3.0 to 6.4.0 in /.github/actions/setup (#21248)
core, web: update translations (#21233)
translate: Updates for project authentik and language fr_FR (#21214)
web/admin: polish recent events, various button alignments and labels (#21232)
outposts: Create separate metrics service in Kubernetes (#21229)
events: fix exception in volume endpoint, adjust simple table size (#21230)
core: Application stats, device events & cleanup (#21225)
core: bump axllent/mailpit from v1.29.4 to v1.29.5 in /tests/e2e (#21226)
...
* main: (21 commits)
root: cleanup API generation (#21172)
packages/client-ts: init (#21120)
core, web: update translations (#21159)
website: bump @goauthentik/docusaurus-config from 2.5.1 to 2.6.0 in /website in the docusaurus group (#21161)
core: bump cryptography from 46.0.5 to 46.0.6 (#21162)
core: bump library/node from 25.8.1-trixie to 25.8.2-trixie in /website (#21163)
ci: bump taiki-e/install-action from 2.69.9 to 2.69.10 in /.github/actions/setup (#21164)
web: bump the goauthentik group across 1 directory with 3 updates (#21165)
web: bump typescript from 5.9.3 to 6.0.2 in /web (#21107)
web/flows: fix continuous flow leftovers (#21158)
web: bump picomatch from 4.0.3 to 4.0.4 (#21157)
web: bump yaml from 2.8.2 to 2.8.3 (#21156)
website: bump picomatch in /website (#21155)
web: bump smol-toml from 1.6.0 to 1.6.1 (#21154)
web: bump picomatch from 2.3.1 to 2.3.2 in /web (#21153)
web: bump smol-toml from 1.6.0 to 1.6.1 in /web (#21152)
root: optimise api client generation speed (#21141)
website/integrations: nextcloud add back-channel logout documentation (#21147)
core: bump requests from 2.32.5 to 2.33.0 (#21146)
web: bump chromedriver from 146.0.5 to 146.0.6 in /web (#21128)
...
* main: (26 commits)
endpoints/connectors: fix enabled flag not respected (#21144)
web: bump vite from 7.3.1 to 8.0.2 in /web (#21109)
website/docs: add a single page about our user interface, document Consent stage (#20533)
website: bump the build group across 1 directory with 9 updates (#21127)
web: bump knip from 5.88.1 to 6.0.5 in /web (#21129)
core: bump drf-spectacular from 0.28.0 to 0.29.0 (#19420)
packages/client-go: init (#21139)
providers/proxy: Add a default maxResponseBodySize to Traefik Middleware (#21111)
core: bump library/nginx from `dec7a90` to `7150b3a` in /website (#21137)
core: bump gunicorn from 25.1.0 to 25.2.0 (#21134)
core: bump github.com/getsentry/sentry-go from 0.43.0 to 0.44.1 (#21122)
core: bump astral-sh/uv from 0.11.0 to 0.11.1 in /lifecycle/container (#21135)
ci: bump taiki-e/install-action from 2.69.8 to 2.69.9 in /.github/actions/setup (#21136)
web/a11y: Modals, Command Palette (Merge branch) (#17812)
website/docs: document file picker values (#20994)
packages/client-rust: init (#21117)
core: bump sentry-sdk from 2.55.0 to 2.56.0 (#21124)
events: add helper to log deprecation configuration_warning message (#21115)
core: bump djangorestframework from 3.17.0 to 3.17.1 (#21126)
core: bump twilio from 9.10.3 to 9.10.4 (#21123)
...
* main:
core: remove filter_not_expired for QS (#18274)
tenants: fix default schema in initial migration (#21114)
core: bump django-stubs[compatible-mypy] from 5.2.9 to 6.0.1 (#21099)
core, web: update translations (#21097)
lifecycle/aws: bump aws-cdk from 2.1112.0 to 2.1113.0 in /lifecycle/aws (#21098)
core: bump types-requests from 2.32.4.20260107 to 2.32.4.20260324 (#21100)
core: bump constructs from 10.5.1 to 10.6.0 (#21101)
core: bump astral-sh/uv from 0.10.12 to 0.11.0 in /lifecycle/container (#21103)
ci: bump taiki-e/install-action from 2.69.6 to 2.69.7 in /.github/actions/setup (#21104)
web: bump flatted from 3.4.1 to 3.4.2 (#21076)
core: bump goauthentik.io/api/v3 to 3.2026.5.0-rc1-1774286095 (#21089)
core: bump cbor2 from 5.8.0 to 5.9.0 (#21094)
ci: fix cherry-pick action generating empty title (#21091)
web: bump the swc group across 1 directory with 11 updates (#21070)
web: bump yaml from 2.8.2 to 2.8.3 in /web (#21071)
core: add flag for future default behaviour of requiring a binding to access an application (#16247)
* main: (22 commits)
ci: rotate GH App private key (#21085)
internal/web: remove authentication for metrics (#21077)
lib/config: explicit some defaults (#21079)
internal: remove unix sockets on shutdown (#21081)
ci: fix escaping in cherry-pick action (#21082)
lib/config: support printing multiple values (#21080)
root: fix rust setup (#21078)
core: bump types-docker from 7.1.0.20260109 to 7.1.0.20260322 (#21062)
policies: remove BufferedPolicyAccessView leftovers (#21057)
core: bump axllent/mailpit from v1.29.3 to v1.29.4 in /tests/e2e (#21061)
core: bump types-channels from 4.3.0.20250822 to 4.3.0.20260321 (#21063)
core: bump github.com/jackc/pgx/v5 from 5.8.0 to 5.9.1 (#21059)
translate: Updates for project authentik and language fr_FR (#21056)
ci: bump taiki-e/install-action from 2.69.2 to 2.69.6 in /.github/actions/setup (#21068)
web: bump the storybook group across 1 directory with 5 updates (#21031)
web: bump knip from 5.88.0 to 5.88.1 in /web (#21033)
web: bump type-fest from 5.4.4 to 5.5.0 in /web (#21032)
events: prevent exception when events contains incompatible unicode (#21048)
web/admin: handle non-string values in formatUUID to prevent Event Log crash (#20804)
events: avoid implicitly setting context from login_failed event (#21045)
...
* main: (36 commits)
website: fix typos (#20996)
internal/outpost/ak: fix ws URL on outpost restart (#21041)
sources/ldap: fix incorrect error response for invalid sync_users_password (#21016)
website/docs: add missing dependencies for linux dev environment (#21020)
core, web: update translations (#21021)
web: bump flatted from 3.4.1 to 3.4.2 in /web (#21037)
web: bump @sentry/browser from 10.44.0 to 10.45.0 in /web in the sentry group across 1 directory (#21022)
website: bump flatted from 3.4.1 to 3.4.2 in /website (#21038)
core: bump astral-sh/uv from 0.10.11 to 0.10.12 in /lifecycle/container (#21027)
ci: bump actions-rust-lang/setup-rust-toolchain from 1.15.3 to 1.15.4 in /.github/actions/setup (#21030)
ci: bump taiki-e/install-action from 2.68.26 to 2.69.2 in /.github/actions/setup (#21029)
core: bump goauthentik/fips-debian from `7baeeaa` to `7726387` in /lifecycle/container (#21028)
core: bump aws-cdk-lib from 2.243.0 to 2.244.0 (#21026)
core: bump types-ldap3 from 2.9.13.20251121 to 2.9.13.20260319 (#21024)
core: bump ruff from 0.15.6 to 0.15.7 (#21023)
core: bump goauthentik/fips-python from `859ad57` to `bf45eb7` in /lifecycle/container (#21025)
website/integrations: fix AWS SCIM with Identity Center (#21017)
root: allow listening on multiple IPs (#20930)
website: switch docs analytics to gtag (#20993)
web: link file picker to docs (#20995)
...
window.authentik.flow = {
"layout": "{{ flow.layout }}",
+ "background": "{{ flow.background }}",
+ "title": "{{ flow.title }}",
};
Amends the `flow.html` template and `GlobalAuthentik` parser to include new parameters, `background` and `title`, in the flow-specific part of the configuration written to the HTML `<head>` object, and to provide those parameters to client code.
## Why
The `layout` is start-up critical: it tells the Flow interface how the admin wants the Flow page to look, and allows the HTML and CSS to be pre-aligned to that condition. `layout` is determined on a per-Flow bases, not a per-Stage basis; Flows are derived from a tuple of `(Brand, Application?)`, where the opening policy *may* direct a user to a different flow if the user reached authentik via a redirect from a specific application, but will otherwise fall back to the default Flow for the Brand.
The `background` is a field that is required if the `Flow`’s layout is of type `frame_background`; in this case, the part of the viewport not dedicated to the FlowExecutor is reserved for an `<iframe>` that will be filled in with whatever the administrator specifies. Although this gives it the same priority as `layout` (whether it’s provided or undefined) for describing the [chrome](https://developer.mozilla.org/en-US/docs/Glossary/Chrome) around a challenge, it is currently not provided to the application in the start-up config; it is provided in the `challenge` and renders the IFrame as part of the initial challenge.
This patch fixes that; if `layout` is provided, `background` ought to be as well, even if it’s empty. The execution of a Challenge ought not have any influence over the look and feel of the Flow-defined appearance *around* that Challenge.
I have added `title` as well; with that, all of the current theme-and-appearance related configuration details are placed into `<head>` and can be removed from the FlowExecutor.
Server-side, `background` is currently specified: `background = FileField(blank=True, default="")` which is … interesting since we also appear to store URLs in it. I don’t see anything in the FlowSerializer that would change that from a client’s point of view.
This patch furthers the effort to separate flow execution from flow presentation.
- \[🐰\] The code has been formatted (`make web`)
2026-03-18 15:25:11 -07:00
1489 changed files with 6633 additions and 3792 deletions
FROM--platform=${BUILDPLATFORM} docker.io/library/node:24-trixie-slim@sha256:735dd688da64d22ebd9dd374b3e7e5a874635668fd2a6ec20ca1f99264294086 AS node-builder
FROM--platform=${BUILDPLATFORM} docker.io/library/node:24-trixie-slim@sha256:4f2b45e32dc7d2caf66b6dbd59fac50e32f8077769efe0ef4d4c3f114672537d AS node-builder
Some files were not shown because too many files have changed in this diff
Show More
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
