205hlab-mirrors/authentik
2
0
Fork 0
mirror of https://github.com/goauthentik/authentik.git synced 2026-06-17 19:09:11 +03:00
Code Issues Packages Projects Releases Wiki Activity
22,413 Commits 384 Branches 449 Tags
mdx-sans-react
T
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Teffen Ellis c025fdd703 web/elements/ak-mdx: sanitize replacer output, note pipeline drift 
Address PR review feedback on the URL-mode trust boundary. `<ak-mdx>`'s
`replacers` hook runs over pre-rendered build-time HTML before it is
stamped into the DOM, and consumers (e.g. `ProxyProviderViewPage`) splice
admin-controlled values such as `provider.externalHost` into it. The old
React pipeline ran replacers on raw markdown that was then compiled, so
those values were HTML-escaped on serialization; the new URL mode passed
the post-replacer HTML straight through, dropping that guarantee.

Replace the passthrough `CompiledMarkdownTrustPolicy` with
`CompiledMarkdownSanitizePolicy`: a DOMPurify policy that whitelists the
custom elements (`<ak-alert>`, `<ak-md-a>`, `<ak-diagram>`) and the
`part`/`level` attributes our pipeline emits, and strips anything else a
replacer could inject.

Also add a reciprocal drift note to the runtime `markdown.ts` pointing at
`bundler/mdx-plugin/`, mirroring the existing note on the bundler side.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-11 07:15:15 +02:00
.cargo
root: init rust worker (#21324)
2026-04-27 01:08:32 +02:00
.github
ci: bump astral-sh/setup-uv from 8.1.0 to 8.2.0 in /.github/actions/setup (#22923)
2026-06-09 14:56:51 +02:00
.vscode
ci: Consistent NPM versions via Corepack (#20400)
2026-05-13 22:05:07 +00:00
authentik
core, web: Remove stale compatibility paths (#22192)
2026-06-10 12:31:48 -04:00
blueprints
core, web: Remove stale compatibility paths (#22192)
2026-06-10 12:31:48 -04:00
cmd
root: introduce allinone mode (#21990)
2026-05-04 16:43:11 +02:00
internal
providers/radius: fix panic in log due to type (#22965)
2026-06-10 00:12:33 +02:00
lifecycle
core: bump goauthentik/fips-python from dc515b7 to ede0a00 in /lifecycle/container (#22971)
2026-06-10 16:57:41 +02:00
locale
core, web: update translations (#22983)
2026-06-11 05:35:35 +02:00
packages
core, web: Remove stale compatibility paths (#22192)
2026-06-10 12:31:48 -04:00
schemas
scripts
ci: explicitly exit Node lint scripts to fix CI hang (#22794)
2026-06-02 18:42:14 +02:00
src
root: introduce allinone mode (#21990)
2026-05-04 16:43:11 +02:00
tests
tests/e2e: bump selenium and ak-agent to fix endpoint tests (#22942)
2026-06-09 01:37:58 +02:00
web
web/elements/ak-mdx: sanitize replacer output, note pipeline drift
2026-06-11 07:15:15 +02:00
website
website/integrations: dokuwiki: add post logout and logout urls (#22984)
2026-06-11 02:32:15 +00:00
.dockerignore
packages/ak-lib: init (#21257)
2026-03-31 11:33:46 +02:00
.editorconfig
.gitattributes
packages/django-dramatiq-postgres: fix default value for HTTPServerThread (#21216)
2026-03-28 20:57:46 +01:00
.gitignore
root: gitignore release generation artifacts (#22549)
2026-06-03 13:30:58 +02:00
.npmrc
core: harden npm install against supply-chain attacks (#22245)
2026-05-13 12:20:36 +00:00
.prettierignore
core, web: Vendored client follow-ups (#21174)
2026-03-26 18:33:24 +01:00
build.rs
root: fix rust build with uv-installed Python (#21858)
2026-04-28 18:11:22 +02:00
Cargo.lock
core: bump uuid from 1.23.1 to 1.23.2 (#22849)
2026-06-04 15:06:05 +02:00
Cargo.toml
core: bump uuid from 1.23.1 to 1.23.2 (#22849)
2026-06-04 15:06:05 +02:00
CODE_OF_CONDUCT.md
CODEOWNERS
root: Update CODEOWNERS for spellcheck dictionaries (#22408)
2026-05-18 16:14:18 +02:00
CONTRIBUTING.md
cspell.config.jsonc
website/docs: mark cves CVE-2026-49443 and CVE-2026-49448 (#22808)
2026-06-04 20:01:33 +00:00
go.mod
core: bump github.com/jackc/pgx/v5 from 5.9.2 to 5.10.0 (#22969)
2026-06-10 16:57:51 +02:00
go.sum
core: bump github.com/jackc/pgx/v5 from 5.9.2 to 5.10.0 (#22969)
2026-06-10 16:57:51 +02:00
LICENSE
Makefile
root: update gen-changelog to filter unnecessary commits (#22550)
2026-06-03 14:04:11 +02:00
manage.py
root: init rust worker (#21324)
2026-04-27 01:08:32 +02:00
package-lock.json
web: bump shell-quote from 1.8.3 to 1.8.4 (#22959)
2026-06-10 16:39:05 +02:00
package.json
ci: Consistent NPM versions via Corepack (#20400)
2026-05-13 22:05:07 +00:00
pyproject.toml
core: bump cryptography from 48.0.0 to 48.0.1 (#22972)
2026-06-10 16:57:36 +02:00
README.md
website: Docs and README new screenshots (#22341)
2026-05-18 16:15:38 +02:00
rust-toolchain.toml
core: bump rust-toolchain from 1.94.1 to 1.95.0 (#21660)
2026-04-17 23:48:49 +01:00
schema.yml
core, web: Remove stale compatibility paths (#22192)
2026-06-10 12:31:48 -04:00
SECURITY.md
root: update security release versions (#22583)
2026-05-22 22:44:44 -05:00
tsconfig.json
core, web: Vendored client follow-ups (#21174)
2026-03-26 18:33:24 +01:00
uv.lock
core: bump cryptography from 48.0.0 to 48.0.1 (#22972)
2026-06-10 16:57:36 +02:00

README.md

authentik logo

Join Discord GitHub Workflow Status GitHub Workflow Status GitHub Workflow Status Code Coverage Latest version

What is authentik?

authentik is an open-source Identity Provider (IdP) for modern SSO. It supports SAML, OAuth2/OIDC, LDAP, RADIUS, and more, designed for self-hosting from small labs to large production clusters.

Our enterprise offering is available for organizations to securely replace existing IdPs such as Okta, Auth0, Entra ID, and Ping Identity for robust, large-scale identity management.

Installation

  • Docker Compose: recommended for small/test setups. See the documentation.
  • Kubernetes (Helm Chart): recommended for larger setups. See the documentation and the Helm chart repository.
  • AWS CloudFormation: deploy on AWS using our official templates. See the documentation.
  • DigitalOcean Marketplace: one-click deployment via the official Marketplace app. See the app listing.

Screenshots

Light Dark

Development and contributions

See the Developer Documentation for information about setting up local build environments, testing your contributions, and our contribution process.

When you contribute documentation, either to accompany a code change or as a standalone contribution, please be sure to follow our documentation Style Guide.

Security

Please see SECURITY.md.

Adoption

Using authentik? We'd love to hear your story and feature your logo. Email us at hello@goauthentik.io or open a GitHub Issue/PR!

License

MIT License CC BY-SA 4.0 authentik EE License

Reference in New Issue View Git Blame Copy Permalink
S
Description
The authentication glue you need.
authenticationauthentikauthorizationkubernetesoauth2oauth2-clientoauth2-serveroidcoidc-clientoidc-providerproxyreverse-proxysamlsaml-idpsaml-spsecuritysso
Readme MIT 1 GiB
Languages
Python 54.4%
TypeScript 34.9%
Go 4.2%
CSS 2.2%
Rust 1.9%
Other 2.3%