ba62507fc2
root: introduce allinone mode ( #21990 )
2026-05-04 16:43:11 +02:00
82fc2e2c80
website/docs: add SAML source mapping guidance ( #21978 )
2026-05-04 10:14:25 -04:00
80b3739640
website/docs: fix misplaced AWS-LC clang warning ( #22034 )
2026-05-04 15:41:57 +02:00
1258e1eada
lifecycle/worker_process: fix healthchecks and metrics not reloading db connections after a failure ( #21992 )
2026-05-04 15:06:30 +02:00
96ed17e760
root: add more logging to worker requests ( #21989 )
2026-05-04 15:06:28 +02:00
4b17468b6e
root/channels: use group_send_blocking where possible ( #21993 )
2026-05-04 14:53:22 +02:00
c834681251
core, web: update translations ( #22014 )
...
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
2026-05-04 14:41:55 +02:00
9edd7cfbda
translate: Updates for project authentik and language fr_FR ( #22015 )
...
translate: Translate web/xliff/en.xlf in fr_FR
100% translated source file: 'web/xliff/en.xlf'
on 'fr_FR'.
Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2026-05-04 14:24:04 +02:00
4851179522
enterprise/providers/ssf: more conformance fixes ( #21521 )
...
* enterprise/providers/ssf: more conformance fixes
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* include request when possible
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* remove null state
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* t
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* re-gen & format
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* remove None state
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix ci
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* revert a thing
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix ssf conformance test
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* no subtest
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix network
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add test for stream update
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2026-05-04 14:11:21 +02:00
685f920de2
web/flows: update flow background ( #22032 )
...
* web/flows: update flow background
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* Optimised images with calibre/image-actions
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
2026-05-04 14:11:10 +02:00
3b4d51b0c5
website/integrations: update NetBox OIDC config ( #22018 )
2026-05-04 07:17:13 -04:00
a1098d00b7
web: bump @formatjs/intl-listformat from 8.3.2 to 8.3.4 in /web ( #22026 )
...
Bumps [@formatjs/intl-listformat](https://github.com/formatjs/formatjs ) from 8.3.2 to 8.3.4.
- [Release notes](https://github.com/formatjs/formatjs/releases )
- [Commits](https://github.com/formatjs/formatjs/compare/@formatjs/intl-listformat@8.3.2...@formatjs/intl-listformat@8.3.4 )
---
updated-dependencies:
- dependency-name: "@formatjs/intl-listformat"
dependency-version: 8.3.4
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-05-04 12:22:15 +02:00
0d4984b964
web: bump knip from 6.6.3 to 6.7.0 in /web ( #22027 )
...
Bumps [knip](https://github.com/webpro-nl/knip/tree/HEAD/packages/knip ) from 6.6.3 to 6.7.0.
- [Release notes](https://github.com/webpro-nl/knip/releases )
- [Commits](https://github.com/webpro-nl/knip/commits/knip@6.7.0/packages/knip )
---
updated-dependencies:
- dependency-name: knip
dependency-version: 6.7.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-05-04 12:22:05 +02:00
38330df1f9
core: bump metrics from 0.24.3 to 0.24.5 ( #22030 )
...
Bumps [metrics](https://github.com/metrics-rs/metrics ) from 0.24.3 to 0.24.5.
- [Changelog](https://github.com/metrics-rs/metrics/blob/main/release.toml )
- [Commits](https://github.com/metrics-rs/metrics/compare/metrics-v0.24.3...metrics-v0.24.5 )
---
updated-dependencies:
- dependency-name: metrics
dependency-version: 0.24.5
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-05-04 12:21:22 +02:00
8b03c36d5a
core: bump github.com/getsentry/sentry-go from 0.46.0 to 0.46.1 ( #22019 )
...
Bumps [github.com/getsentry/sentry-go](https://github.com/getsentry/sentry-go ) from 0.46.0 to 0.46.1.
- [Release notes](https://github.com/getsentry/sentry-go/releases )
- [Changelog](https://github.com/getsentry/sentry-go/blob/master/CHANGELOG.md )
- [Commits](https://github.com/getsentry/sentry-go/compare/v0.46.0...v0.46.1 )
---
updated-dependencies:
- dependency-name: github.com/getsentry/sentry-go
dependency-version: 0.46.1
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-05-04 12:13:02 +02:00
07a53a101c
website: bump the docusaurus group in /website with 10 updates ( #22020 )
...
Bumps the docusaurus group in /website with 10 updates:
| Package | From | To |
| --- | --- | --- |
| [@docusaurus/preset-classic](https://github.com/facebook/docusaurus/tree/HEAD/packages/docusaurus-preset-classic ) | `3.10.0` | `3.10.1` |
| [@docusaurus/core](https://github.com/facebook/docusaurus/tree/HEAD/packages/docusaurus ) | `3.10.0` | `3.10.1` |
| [@docusaurus/faster](https://github.com/facebook/docusaurus/tree/HEAD/packages/docusaurus-faster ) | `3.10.0` | `3.10.1` |
| [@docusaurus/module-type-aliases](https://github.com/facebook/docusaurus/tree/HEAD/packages/docusaurus-module-type-aliases ) | `3.10.0` | `3.10.1` |
| [@docusaurus/plugin-client-redirects](https://github.com/facebook/docusaurus/tree/HEAD/packages/docusaurus-plugin-client-redirects ) | `3.10.0` | `3.10.1` |
| [@docusaurus/plugin-content-docs](https://github.com/facebook/docusaurus/tree/HEAD/packages/docusaurus-plugin-content-docs ) | `3.10.0` | `3.10.1` |
| [@docusaurus/theme-common](https://github.com/facebook/docusaurus/tree/HEAD/packages/docusaurus-theme-common ) | `3.10.0` | `3.10.1` |
| [@docusaurus/tsconfig](https://github.com/facebook/docusaurus/tree/HEAD/packages/docusaurus-tsconfig ) | `3.10.0` | `3.10.1` |
| [@docusaurus/types](https://github.com/facebook/docusaurus/tree/HEAD/packages/docusaurus-types ) | `3.10.0` | `3.10.1` |
| [@docusaurus/theme-mermaid](https://github.com/facebook/docusaurus/tree/HEAD/packages/docusaurus-theme-mermaid ) | `3.10.0` | `3.10.1` |
Updates `@docusaurus/preset-classic` from 3.10.0 to 3.10.1
- [Release notes](https://github.com/facebook/docusaurus/releases )
- [Changelog](https://github.com/facebook/docusaurus/blob/main/CHANGELOG.md )
- [Commits](https://github.com/facebook/docusaurus/commits/v3.10.1/packages/docusaurus-preset-classic )
Updates `@docusaurus/core` from 3.10.0 to 3.10.1
- [Release notes](https://github.com/facebook/docusaurus/releases )
- [Changelog](https://github.com/facebook/docusaurus/blob/main/CHANGELOG.md )
- [Commits](https://github.com/facebook/docusaurus/commits/v3.10.1/packages/docusaurus )
Updates `@docusaurus/faster` from 3.10.0 to 3.10.1
- [Release notes](https://github.com/facebook/docusaurus/releases )
- [Changelog](https://github.com/facebook/docusaurus/blob/main/CHANGELOG.md )
- [Commits](https://github.com/facebook/docusaurus/commits/v3.10.1/packages/docusaurus-faster )
Updates `@docusaurus/module-type-aliases` from 3.10.0 to 3.10.1
- [Release notes](https://github.com/facebook/docusaurus/releases )
- [Changelog](https://github.com/facebook/docusaurus/blob/main/CHANGELOG.md )
- [Commits](https://github.com/facebook/docusaurus/commits/v3.10.1/packages/docusaurus-module-type-aliases )
Updates `@docusaurus/plugin-client-redirects` from 3.10.0 to 3.10.1
- [Release notes](https://github.com/facebook/docusaurus/releases )
- [Changelog](https://github.com/facebook/docusaurus/blob/main/CHANGELOG.md )
- [Commits](https://github.com/facebook/docusaurus/commits/v3.10.1/packages/docusaurus-plugin-client-redirects )
Updates `@docusaurus/plugin-content-docs` from 3.10.0 to 3.10.1
- [Release notes](https://github.com/facebook/docusaurus/releases )
- [Changelog](https://github.com/facebook/docusaurus/blob/main/CHANGELOG.md )
- [Commits](https://github.com/facebook/docusaurus/commits/v3.10.1/packages/docusaurus-plugin-content-docs )
Updates `@docusaurus/theme-common` from 3.10.0 to 3.10.1
- [Release notes](https://github.com/facebook/docusaurus/releases )
- [Changelog](https://github.com/facebook/docusaurus/blob/main/CHANGELOG.md )
- [Commits](https://github.com/facebook/docusaurus/commits/v3.10.1/packages/docusaurus-theme-common )
Updates `@docusaurus/tsconfig` from 3.10.0 to 3.10.1
- [Release notes](https://github.com/facebook/docusaurus/releases )
- [Changelog](https://github.com/facebook/docusaurus/blob/main/CHANGELOG.md )
- [Commits](https://github.com/facebook/docusaurus/commits/v3.10.1/packages/docusaurus-tsconfig )
Updates `@docusaurus/types` from 3.10.0 to 3.10.1
- [Release notes](https://github.com/facebook/docusaurus/releases )
- [Changelog](https://github.com/facebook/docusaurus/blob/main/CHANGELOG.md )
- [Commits](https://github.com/facebook/docusaurus/commits/v3.10.1/packages/docusaurus-types )
Updates `@docusaurus/theme-mermaid` from 3.10.0 to 3.10.1
- [Release notes](https://github.com/facebook/docusaurus/releases )
- [Changelog](https://github.com/facebook/docusaurus/blob/main/CHANGELOG.md )
- [Commits](https://github.com/facebook/docusaurus/commits/v3.10.1/packages/docusaurus-theme-mermaid )
---
updated-dependencies:
- dependency-name: "@docusaurus/preset-classic"
dependency-version: 3.10.1
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: docusaurus
- dependency-name: "@docusaurus/core"
dependency-version: 3.10.1
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: docusaurus
- dependency-name: "@docusaurus/faster"
dependency-version: 3.10.1
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: docusaurus
- dependency-name: "@docusaurus/module-type-aliases"
dependency-version: 3.10.1
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: docusaurus
- dependency-name: "@docusaurus/plugin-client-redirects"
dependency-version: 3.10.1
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: docusaurus
- dependency-name: "@docusaurus/plugin-content-docs"
dependency-version: 3.10.1
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: docusaurus
- dependency-name: "@docusaurus/theme-common"
dependency-version: 3.10.1
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: docusaurus
- dependency-name: "@docusaurus/tsconfig"
dependency-version: 3.10.1
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: docusaurus
- dependency-name: "@docusaurus/types"
dependency-version: 3.10.1
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: docusaurus
- dependency-name: "@docusaurus/theme-mermaid"
dependency-version: 3.10.1
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: docusaurus
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-05-04 12:12:58 +02:00
a3db2ce6a3
core: bump packaging from 26.1 to 26.2 ( #22021 )
...
Bumps [packaging](https://github.com/pypa/packaging ) from 26.1 to 26.2.
- [Release notes](https://github.com/pypa/packaging/releases )
- [Changelog](https://github.com/pypa/packaging/blob/main/CHANGELOG.rst )
- [Commits](https://github.com/pypa/packaging/compare/26.1...26.2 )
---
updated-dependencies:
- dependency-name: packaging
dependency-version: '26.2'
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-05-04 12:12:53 +02:00
5487cdb874
core: bump aws-cdk-lib from 2.250.0 to 2.251.0 ( #22022 )
...
Bumps [aws-cdk-lib](https://github.com/aws/aws-cdk ) from 2.250.0 to 2.251.0.
- [Release notes](https://github.com/aws/aws-cdk/releases )
- [Changelog](https://github.com/aws/aws-cdk/blob/main/CHANGELOG.v2.alpha.md )
- [Commits](https://github.com/aws/aws-cdk/compare/v2.250.0...v2.251.0 )
---
updated-dependencies:
- dependency-name: aws-cdk-lib
dependency-version: 2.251.0
dependency-type: direct:development
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-05-04 12:12:49 +02:00
2d5160d09b
ci: bump int128/docker-manifest-create-action from 2.19.0 to 2.20.0 ( #22025 )
...
Bumps [int128/docker-manifest-create-action](https://github.com/int128/docker-manifest-create-action ) from 2.19.0 to 2.20.0.
- [Release notes](https://github.com/int128/docker-manifest-create-action/releases )
- [Commits](https://github.com/int128/docker-manifest-create-action/compare/7df7f9e221d927eaadf87db231ddf728047308a4...fa55f72001a6c74b0f4997dca65c70d334905180 )
---
updated-dependencies:
- dependency-name: int128/docker-manifest-create-action
dependency-version: 2.20.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-05-04 12:12:45 +02:00
973fe0bd65
web: bump dompurify from 3.4.1 to 3.4.2 in /web ( #22028 )
...
Bumps [dompurify](https://github.com/cure53/DOMPurify ) from 3.4.1 to 3.4.2.
- [Release notes](https://github.com/cure53/DOMPurify/releases )
- [Commits](https://github.com/cure53/DOMPurify/compare/3.4.1...3.4.2 )
---
updated-dependencies:
- dependency-name: dompurify
dependency-version: 3.4.2
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-05-04 12:12:41 +02:00
58b5e605de
ci: bump taiki-e/install-action from 2.75.25 to 2.75.28 in /.github/actions/setup ( #22029 )
...
ci: bump taiki-e/install-action in /.github/actions/setup
Bumps [taiki-e/install-action](https://github.com/taiki-e/install-action ) from 2.75.25 to 2.75.28.
- [Release notes](https://github.com/taiki-e/install-action/releases )
- [Changelog](https://github.com/taiki-e/install-action/blob/main/CHANGELOG.md )
- [Commits](https://github.com/taiki-e/install-action/compare/1329c298aa20c3257846c9b2e0e55967df3e3c37...51cd0b8c0499559d9a4d75c0f5c67bec3a894ec8 )
---
updated-dependencies:
- dependency-name: taiki-e/install-action
dependency-version: 2.75.28
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-05-04 12:12:37 +02:00
626e23b87a
fix(rbac): ensure migration 0056 runs before 0010 removes group field ( #21964 )
...
fix(rbac): ensure migration 0056 runs before group field is removed
Migration 0010 removes the `group` FK from the Role model, but
migration 0056 (authentik_core) queries `group_id` on Role as part of
a data migration to move guardian permissions to RBAC roles.
When upgrading from 2025.x, Django's migration executor can schedule
0010 before 0056 because neither depends on the other — only 0056
depends on 0008. This causes a FieldError at runtime:
Cannot resolve keyword 'group_id' into field.
Adding 0056 as a dependency of 0010 enforces the correct ordering:
the data migration that reads `group_id` must complete before the
schema migration that removes it.
2026-05-04 10:48:30 +02:00
3559beba9c
website/integrations: add OneUptime SAML integration guide ( #21534 )
...
* website/integrations: add OneUptime SAML integration guide
* website/integrations: populate OneUptime SAML integration guide
* wip
* remove link
* website/integrations: simplify OneUptime SAML setup
---------
Co-authored-by: Dominic R <dominic@sdko.org >
2026-05-04 03:03:53 +00:00
0b6d3a2850
core, web: update translations ( #22013 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
2026-05-02 18:26:22 +02:00
56ca192391
website: bump the build group in /website with 6 updates ( #22000 )
...
Bumps the build group in /website with 6 updates:
| Package | From | To |
| --- | --- | --- |
| [@swc/core-darwin-arm64](https://github.com/swc-project/swc ) | `1.15.30` | `1.15.32` |
| [@swc/core-linux-arm64-gnu](https://github.com/swc-project/swc ) | `1.15.30` | `1.15.32` |
| [@swc/core-linux-x64-gnu](https://github.com/swc-project/swc ) | `1.15.30` | `1.15.32` |
| [@swc/html-darwin-arm64](https://github.com/swc-project/swc ) | `1.15.30` | `1.15.32` |
| [@swc/html-linux-arm64-gnu](https://github.com/swc-project/swc ) | `1.15.30` | `1.15.32` |
| [@swc/html-linux-x64-gnu](https://github.com/swc-project/swc ) | `1.15.30` | `1.15.32` |
Updates `@swc/core-darwin-arm64` from 1.15.30 to 1.15.32
- [Release notes](https://github.com/swc-project/swc/releases )
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md )
- [Commits](https://github.com/swc-project/swc/compare/v1.15.30...v1.15.32 )
Updates `@swc/core-linux-arm64-gnu` from 1.15.30 to 1.15.32
- [Release notes](https://github.com/swc-project/swc/releases )
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md )
- [Commits](https://github.com/swc-project/swc/compare/v1.15.30...v1.15.32 )
Updates `@swc/core-linux-x64-gnu` from 1.15.30 to 1.15.32
- [Release notes](https://github.com/swc-project/swc/releases )
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md )
- [Commits](https://github.com/swc-project/swc/compare/v1.15.30...v1.15.32 )
Updates `@swc/html-darwin-arm64` from 1.15.30 to 1.15.32
- [Release notes](https://github.com/swc-project/swc/releases )
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md )
- [Commits](https://github.com/swc-project/swc/compare/v1.15.30...v1.15.32 )
Updates `@swc/html-linux-arm64-gnu` from 1.15.30 to 1.15.32
- [Release notes](https://github.com/swc-project/swc/releases )
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md )
- [Commits](https://github.com/swc-project/swc/compare/v1.15.30...v1.15.32 )
Updates `@swc/html-linux-x64-gnu` from 1.15.30 to 1.15.32
- [Release notes](https://github.com/swc-project/swc/releases )
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md )
- [Commits](https://github.com/swc-project/swc/compare/v1.15.30...v1.15.32 )
---
updated-dependencies:
- dependency-name: "@swc/core-darwin-arm64"
dependency-version: 1.15.32
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: build
- dependency-name: "@swc/core-linux-arm64-gnu"
dependency-version: 1.15.32
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: build
- dependency-name: "@swc/core-linux-x64-gnu"
dependency-version: 1.15.32
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: build
- dependency-name: "@swc/html-darwin-arm64"
dependency-version: 1.15.32
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: build
- dependency-name: "@swc/html-linux-arm64-gnu"
dependency-version: 1.15.32
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: build
- dependency-name: "@swc/html-linux-x64-gnu"
dependency-version: 1.15.32
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: build
...
Signed-off-by: dependabot[bot] <support@github.com >
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-05-02 18:25:36 +02:00
6df62aaa2a
web: fix a few visual nits reported after the latest release ( #22012 )
...
* ## What
window.authentik.flow = {
"layout": "{{ flow.layout }}",
+ "background": "{{ flow.background }}",
+ "title": "{{ flow.title }}",
};
Amends the `flow.html` template and `GlobalAuthentik` parser to include new parameters, `background` and `title`, in the flow-specific part of the configuration written to the HTML `<head>` object, and to provide those parameters to client code.
## Why
The `layout` is start-up critical: it tells the Flow interface how the admin wants the Flow page to look, and allows the HTML and CSS to be pre-aligned to that condition. `layout` is determined on a per-Flow bases, not a per-Stage basis; Flows are derived from a tuple of `(Brand, Application?)`, where the opening policy *may* direct a user to a different flow if the user reached authentik via a redirect from a specific application, but will otherwise fall back to the default Flow for the Brand.
The `background` is a field that is required if the `Flow`’s layout is of type `frame_background`; in this case, the part of the viewport not dedicated to the FlowExecutor is reserved for an `<iframe>` that will be filled in with whatever the administrator specifies. Although this gives it the same priority as `layout` (whether it’s provided or undefined) for describing the [chrome](https://developer.mozilla.org/en-US/docs/Glossary/Chrome ) around a challenge, it is currently not provided to the application in the start-up config; it is provided in the `challenge` and renders the IFrame as part of the initial challenge.
This patch fixes that; if `layout` is provided, `background` ought to be as well, even if it’s empty. The execution of a Challenge ought not have any influence over the look and feel of the Flow-defined appearance *around* that Challenge.
I have added `title` as well; with that, all of the current theme-and-appearance related configuration details are placed into `<head>` and can be removed from the FlowExecutor.
Server-side, `background` is currently specified: `background = FileField(blank=True, default="")` which is … interesting since we also appear to store URLs in it. I don’t see anything in the FlowSerializer that would change that from a client’s point of view.
This patch furthers the effort to separate flow execution from flow presentation.
- \[🐰 \] The code has been formatted (`make web`)
* The status label was using HTML booleans incorrectly. It is impossible for a boolean to be null. The default red was alarming, so I chose a neutral grey for the 'not default' state.
* It is not enough to provide a blank cell to ensure the header is spaced correctly; if the table is empty, that will collapse to zero width. Providing the classes that go with the 'this cell may contain a toggle' provides the correct spacing as well.
* Fix inconsistent wording between menu and page; make the 'select type' radiocard and radiolist interfaces flush with the top of the form container, removing a weird jagged visual line between the menu and the content.
* Document adding 'toggle' to Table classes.
2026-05-02 18:25:23 +02:00
ca344a64c4
translate: Updates for project authentik and language fr_FR ( #22008 )
...
* translate: Translate django.po in fr_FR
100% translated source file: 'django.po'
on 'fr_FR'.
* translate: Translate web/xliff/en.xlf in fr_FR
100% translated source file: 'web/xliff/en.xlf'
on 'fr_FR'.
---------
Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2026-05-02 18:07:19 +02:00
a0cdd81f71
tests: add mixin to launch traefik for tests requiring SSL ( #22011 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2026-05-01 18:23:13 +02:00
8eff4c7e0b
website/docs: document air-gapped upgrades ( #21972 )
...
* website/docs: document air-gapped upgrades
Explain how to prepare mirrored artifacts for air-gapped upgrades.
Closes: https://github.com/goauthentik/authentik/issues/21376
* Update website/docs/install-config/air-gapped.mdx
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Dominic R <dominic@sdko.org >
---------
Signed-off-by: Dominic R <dominic@sdko.org >
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
2026-05-01 11:54:37 -04:00
d241a0e8f1
web/admin: use bindings form for app entitlements ( #22007 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2026-05-01 16:28:46 +02:00
ebfc01fcda
website/integrations: Add guide to integrate Technitium DNS with authentik ( #21826 )
...
Co-authored-by: Dominic R <dominic@sdko.org >
2026-05-01 15:12:24 +02:00
4b0e8a411b
website/docs: clarify M2M scope requests ( #21977 )
2026-05-01 13:11:59 +00:00
9bf6595fc6
website/docs: clarify LDAP TLS verification ( #21974 )
2026-05-01 09:09:14 -04:00
5c07e845d2
website/docs: clarify blueprint identifiers ( #21976 )
...
Closes: https://github.com/goauthentik/authentik/issues/15601
2026-05-01 08:45:38 -04:00
4f76232e7c
website/docs: document promoted sources ( #21979 )
...
Closes: https://discord.com/channels/809154715984199690/809154716507963434/1499225991778926612
2026-05-01 08:00:33 -04:00
846f8a7e30
lifecycle/aws: bump aws-cdk from 2.1118.4 to 2.1119.0 in /lifecycle/aws ( #22001 )
...
Bumps [aws-cdk](https://github.com/aws/aws-cdk-cli/tree/HEAD/packages/aws-cdk ) from 2.1118.4 to 2.1119.0.
- [Release notes](https://github.com/aws/aws-cdk-cli/releases )
- [Commits](https://github.com/aws/aws-cdk-cli/commits/aws-cdk@v2.1119.0/packages/aws-cdk )
---
updated-dependencies:
- dependency-name: aws-cdk
dependency-version: 2.1119.0
dependency-type: direct:development
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-05-01 12:49:17 +02:00
fa1c3490c3
web: bump the swc group across 1 directory with 11 updates ( #22004 )
...
Bumps the swc group with 1 update in the /web directory: [@swc/core](https://github.com/swc-project/swc/tree/HEAD/packages/core ).
Updates `@swc/core` from 1.15.30 to 1.15.32
- [Release notes](https://github.com/swc-project/swc/releases )
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md )
- [Commits](https://github.com/swc-project/swc/commits/v1.15.32/packages/core )
Updates `@swc/core-darwin-arm64` from 1.15.30 to 1.15.32
- [Release notes](https://github.com/swc-project/swc/releases )
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md )
- [Commits](https://github.com/swc-project/swc/compare/v1.15.30...v1.15.32 )
Updates `@swc/core-darwin-x64` from 1.15.30 to 1.15.32
- [Release notes](https://github.com/swc-project/swc/releases )
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md )
- [Commits](https://github.com/swc-project/swc/compare/v1.15.30...v1.15.32 )
Updates `@swc/core-linux-arm-gnueabihf` from 1.15.30 to 1.15.32
- [Release notes](https://github.com/swc-project/swc/releases )
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md )
- [Commits](https://github.com/swc-project/swc/compare/v1.15.30...v1.15.32 )
Updates `@swc/core-linux-arm64-gnu` from 1.15.30 to 1.15.32
- [Release notes](https://github.com/swc-project/swc/releases )
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md )
- [Commits](https://github.com/swc-project/swc/compare/v1.15.30...v1.15.32 )
Updates `@swc/core-linux-arm64-musl` from 1.15.30 to 1.15.32
- [Release notes](https://github.com/swc-project/swc/releases )
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md )
- [Commits](https://github.com/swc-project/swc/compare/v1.15.30...v1.15.32 )
Updates `@swc/core-linux-x64-gnu` from 1.15.30 to 1.15.32
- [Release notes](https://github.com/swc-project/swc/releases )
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md )
- [Commits](https://github.com/swc-project/swc/compare/v1.15.30...v1.15.32 )
Updates `@swc/core-linux-x64-musl` from 1.15.30 to 1.15.32
- [Release notes](https://github.com/swc-project/swc/releases )
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md )
- [Commits](https://github.com/swc-project/swc/compare/v1.15.30...v1.15.32 )
Updates `@swc/core-win32-arm64-msvc` from 1.15.30 to 1.15.32
- [Release notes](https://github.com/swc-project/swc/releases )
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md )
- [Commits](https://github.com/swc-project/swc/compare/v1.15.30...v1.15.32 )
Updates `@swc/core-win32-ia32-msvc` from 1.15.30 to 1.15.32
- [Release notes](https://github.com/swc-project/swc/releases )
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md )
- [Commits](https://github.com/swc-project/swc/compare/v1.15.30...v1.15.32 )
Updates `@swc/core-win32-x64-msvc` from 1.15.30 to 1.15.32
- [Release notes](https://github.com/swc-project/swc/releases )
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md )
- [Commits](https://github.com/swc-project/swc/compare/v1.15.30...v1.15.32 )
---
updated-dependencies:
- dependency-name: "@swc/core"
dependency-version: 1.15.32
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: swc
- dependency-name: "@swc/core-darwin-arm64"
dependency-version: 1.15.32
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: swc
- dependency-name: "@swc/core-darwin-x64"
dependency-version: 1.15.32
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: swc
- dependency-name: "@swc/core-linux-arm-gnueabihf"
dependency-version: 1.15.32
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: swc
- dependency-name: "@swc/core-linux-arm64-gnu"
dependency-version: 1.15.32
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: swc
- dependency-name: "@swc/core-linux-arm64-musl"
dependency-version: 1.15.32
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: swc
- dependency-name: "@swc/core-linux-x64-gnu"
dependency-version: 1.15.32
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: swc
- dependency-name: "@swc/core-linux-x64-musl"
dependency-version: 1.15.32
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: swc
- dependency-name: "@swc/core-win32-arm64-msvc"
dependency-version: 1.15.32
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: swc
- dependency-name: "@swc/core-win32-ia32-msvc"
dependency-version: 1.15.32
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: swc
- dependency-name: "@swc/core-win32-x64-msvc"
dependency-version: 1.15.32
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: swc
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-05-01 12:49:14 +02:00
a35edf7d0f
core: bump uvicorn[standard] from 0.45.0 to 0.46.0 ( #22002 )
...
Bumps [uvicorn[standard]](https://github.com/Kludex/uvicorn ) from 0.45.0 to 0.46.0.
- [Release notes](https://github.com/Kludex/uvicorn/releases )
- [Changelog](https://github.com/Kludex/uvicorn/blob/main/docs/release-notes.md )
- [Commits](https://github.com/Kludex/uvicorn/compare/0.45.0...0.46.0 )
---
updated-dependencies:
- dependency-name: uvicorn[standard]
dependency-version: 0.46.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-05-01 12:49:12 +02:00
9d4d5b7133
web: bump @sentry/browser from 10.49.0 to 10.50.0 in /web in the sentry group across 1 directory ( #22003 )
...
web: bump @sentry/browser in /web in the sentry group across 1 directory
Bumps the sentry group with 1 update in the /web directory: [@sentry/browser](https://github.com/getsentry/sentry-javascript ).
Updates `@sentry/browser` from 10.49.0 to 10.50.0
- [Release notes](https://github.com/getsentry/sentry-javascript/releases )
- [Changelog](https://github.com/getsentry/sentry-javascript/blob/develop/CHANGELOG.md )
- [Commits](https://github.com/getsentry/sentry-javascript/compare/10.49.0...10.50.0 )
---
updated-dependencies:
- dependency-name: "@sentry/browser"
dependency-version: 10.50.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: sentry
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-05-01 12:49:08 +02:00
8d91a76bc9
ci: bump taiki-e/install-action from 2.75.23 to 2.75.25 in /.github/actions/setup ( #22005 )
...
ci: bump taiki-e/install-action in /.github/actions/setup
Bumps [taiki-e/install-action](https://github.com/taiki-e/install-action ) from 2.75.23 to 2.75.25.
- [Release notes](https://github.com/taiki-e/install-action/releases )
- [Changelog](https://github.com/taiki-e/install-action/blob/main/CHANGELOG.md )
- [Commits](https://github.com/taiki-e/install-action/compare/481c34c1cf3a84c68b5e46f4eccfc82af798415a...1329c298aa20c3257846c9b2e0e55967df3e3c37 )
---
updated-dependencies:
- dependency-name: taiki-e/install-action
dependency-version: 2.75.25
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-05-01 12:49:04 +02:00
6910428a93
core: bump reqwest from 0.13.2 to 0.13.3 ( #22006 )
...
Bumps [reqwest](https://github.com/seanmonstar/reqwest ) from 0.13.2 to 0.13.3.
- [Release notes](https://github.com/seanmonstar/reqwest/releases )
- [Changelog](https://github.com/seanmonstar/reqwest/blob/master/CHANGELOG.md )
- [Commits](https://github.com/seanmonstar/reqwest/compare/v0.13.2...v0.13.3 )
---
updated-dependencies:
- dependency-name: reqwest
dependency-version: 0.13.3
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-05-01 12:49:01 +02:00
cb181d388a
stages/authenticator_webauthn: Update FIDO MDS3 & Passkey aaguid blobs ( #21999 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
2026-05-01 12:48:51 +02:00
aad4b6f925
core, web: update translations ( #21998 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
2026-05-01 02:01:58 -03:00
821b74d7c1
enterprise: account lockdown ( #18615 )
2026-04-30 23:02:46 +00:00
8963d29ab4
enterprise/lifecycle: remove one review per object limitation ( #21046 )
...
* enterprise/lifecycle: allow multiple rules to apply to a single object (and thus, multiple concurrent reviews)
* enterprise/lifecyle: add missing migration to allow multiple lifecycle rules per object, add tests, update documentation
* enterprise/lifecycle: add a bit of padding to individual review iterations on Review tab for better visual separation
* enterprise/lifecycle: remove validation preventing the creation of multiple lifecycle rules for one object type
* enterprise/lifecycle: change the approach to querying the list of reviews with user_is_reviewer annotation to prevent duplicate rows
* enterprise/lifecycle: add custom per-type logic to get object name for use in a notification to prevent texts like "Review is due for Group Group X"
* enterprise/lifecycle: updated wording on lifecycle rule form and preview banner padding
* enterprise/lifecycle: remove task list from lifecycle rules and switch to using per-rule schedules
* enterprise/lifecycle: add a title to the lifecycle tab
* Revert "enterprise/lifecycle: remove task list from lifecycle rules and switch to using per-rule schedules"
This reverts commit 8a060015b693f65f651a71bdb0c47092d3463af1.
* enterprise/lifecycle: remove task list from the lifecycle rule list page and attach the tasks to the schedule
* enterprise/lifecycle: add proper caption when there are no reviews for an object
* enterprise/lifecycle: attach individual apply_lifecycle_rule tasks to the schedule when launched from apply_lifecycle_rules
* enterprise/lifecycle: update generated API clients
* enterprise/lifecycle: update wording
* enterprise/lifecycle: fix ts issues after rebase
* Update website/docs/sys-mgmt/object-lifecycle-management.md
Co-authored-by: Dominic R <dominic@sdko.org >
Signed-off-by: Alexander Tereshkin <96586+atereshkin@users.noreply.github.com >
* enterprise/lifecycle: remove fmall code artifact
---------
Signed-off-by: Alexander Tereshkin <96586+atereshkin@users.noreply.github.com >
Co-authored-by: Dominic R <dominic@sdko.org >
2026-04-30 14:11:07 -05:00
699360064e
web: bump knip from 6.6.0 to 6.6.3 in /web ( #21981 )
...
Bumps [knip](https://github.com/webpro-nl/knip/tree/HEAD/packages/knip ) from 6.6.0 to 6.6.3.
- [Release notes](https://github.com/webpro-nl/knip/releases )
- [Commits](https://github.com/webpro-nl/knip/commits/knip@6.6.3/packages/knip )
---
updated-dependencies:
- dependency-name: knip
dependency-version: 6.6.3
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-30 17:45:56 +02:00
3f94f830fc
packages/ak-common/tracing: make log level lowercase ( #21991 )
2026-04-30 14:58:10 +00:00
aaba353a9e
root: only allow listen failure in dev ( #21987 )
2026-04-30 14:17:48 +02:00
abdff1c877
flows: preserve signed background URLs in CSS ( #21868 )
...
* flows: preserve signed background URLs in CSS
Flow background URLs can include signed S3 query parameters with & separators. These values are rendered inside <style> tags, where Django autoescaping changes & to &; browsers then request the literal escaped query string from S3, causing 400 responses for presigned background images.
Mark the flow background URL values as safe in the CSS-only template contexts used by the standard flow interface, the SFE flow page, and the full-screen login background. Regression coverage asserts that signed URL query separators are preserved in the rendered CSS for both standard and SFE flows.
Co-authored-by: Codex <codex@openai.com >
* flows: preserve signed background URLs in CSS
* fix unrelated test
---------
Co-authored-by: Codex <codex@openai.com >
2026-04-30 07:53:41 -04:00
16fd8183b0
core, web: update translations ( #21966 )
...
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
2026-04-30 13:41:38 +02:00
Marc 'risson' Schmitt
Dominic R
authentik-automation[bot]
transifex-integration[bot]
Jens L.
dependabot[bot]
Chris
Matthew
Ken Sternberg
Simon Cinca
Alexander Tereshkin