205hlab-mirrors/authentik
2
0
Fork 0
mirror of https://github.com/goauthentik/authentik.git synced 2026-06-17 19:09:11 +03:00
Code Issues Packages Projects Releases Wiki Activity
22,092 Commits 384 Branches 449 Tags
002178e2e1d4aaa18eb44f143fd77498111d6d09
T
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Oleksii Kondratiuk 002178e2e1 website/integrations: add rabbitmq (#22360) 
* website/integrations/infrastructure: add RabbitMQ

Add a community-supported integration document for RabbitMQ 4.x using
the `rabbitmq_auth_backend_oauth2` plugin. The same configuration
supports both Management UI login via OpenID Connect and AMQP / HTTP
API authentication with a JWT used as the password.

Includes the required scope mapping (aud claim + synthetic-SA groups
injection for the client_credentials grant), the two groups
(rabbitmq-administrator and rabbitmq-monitoring) used by RabbitMQ's
scope_aliases, and the application policy bindings that gate login at
the authentik layer.

* website/integrations/infrastructure: tighten SA bypass to internal_service_account

Use `request.user.type == "internal_service_account"` instead of a
suffix match on the username plus the broader `service_account` type.

`internal_service_account` is the authentik user type assigned only to
the synthetic SA that the OAuth2 provider creates for each
`client_credentials` grant; manually-created service accounts use the
plain `service_account` type. The previous check would let any admin-
created `service_account` whose username ended with `-client_credentials`
through the application policy, which is broader than intended.

* Update formatting, change language, remove line breaks

* Update.

---------

Co-authored-by: Dewi Roberts <dewi@goauthentik.io>
Co-authored-by: Dominic R <dominic@goauthentik.io>
2026-05-18 00:11:13 +00:00
.cargo
root: init rust worker (#21324)
2026-04-27 01:08:32 +02:00
.github
ci: bump actions/setup-go from 6.3.0 to 6.4.0 (#22353)
2026-05-14 13:59:13 +02:00
.vscode
ci: Consistent NPM versions via Corepack (#20400)
2026-05-13 22:05:07 +00:00
authentik
enterprise/stages/mtls: freeze time for expired certs (#22411)
2026-05-18 01:17:05 +02:00
blueprints
enterprise/providers/scim: add support for interactive OAuth2 (#22072)
2026-05-13 18:27:34 +02:00
cmd
root: introduce allinone mode (#21990)
2026-05-04 16:43:11 +02:00
internal
internal: Automated internal backport: GHSA-5wcc-hf24-rf5h.sec.patch to authentik-main (#22304)
2026-05-12 19:37:42 +02:00
lifecycle
lifecycle/aws: bump aws-cdk from 2.1120.0 to 2.1121.0 in /lifecycle/aws (#22350)
2026-05-14 14:00:13 +02:00
locale
core, web: update translations (#22344)
2026-05-14 13:17:31 +02:00
packages
flows: remove link to overview for non-internal user (#22362)
2026-05-14 23:23:14 +02:00
schemas
enterprise/providers: WS-Federation (#19583)
2026-01-28 17:43:16 +01:00
scripts
ci: Consistent NPM versions via Corepack (#20400)
2026-05-13 22:05:07 +00:00
src
root: introduce allinone mode (#21990)
2026-05-04 16:43:11 +02:00
tests
web: fix identification stage OUIA attributes (#22049)
2026-05-06 02:31:17 +02:00
web
web: bump @sentry/browser from 10.51.0 to 10.52.0 in /web in the sentry group across 1 directory (#22380)
2026-05-15 14:25:10 +02:00
website
website/integrations: add rabbitmq (#22360)
2026-05-18 00:11:13 +00:00
.dockerignore
packages/ak-lib: init (#21257)
2026-03-31 11:33:46 +02:00
.editorconfig
website: add netlify cache plugin (#15113)
2025-06-18 15:07:15 +02:00
.gitattributes
packages/django-dramatiq-postgres: fix default value for HTTPServerThread (#21216)
2026-03-28 20:57:46 +01:00
.gitignore
ci: Consistent NPM versions via Corepack (#20400)
2026-05-13 22:05:07 +00:00
.npmrc
core: harden npm install against supply-chain attacks (#22245)
2026-05-13 12:20:36 +00:00
.prettierignore
core, web: Vendored client follow-ups (#21174)
2026-03-26 18:33:24 +01:00
build.rs
root: fix rust build with uv-installed Python (#21858)
2026-04-28 18:11:22 +02:00
Cargo.lock
core: bump nix from 0.31.2 to 0.31.3 (#22384)
2026-05-15 17:01:20 +02:00
Cargo.toml
core: bump nix from 0.31.2 to 0.31.3 (#22384)
2026-05-15 17:01:20 +02:00
CODE_OF_CONDUCT.md
CODEOWNERS
core: harden npm install against supply-chain attacks (#22245)
2026-05-13 12:20:36 +00:00
CONTRIBUTING.md
root: clean up README (#16286)
2025-09-02 21:38:53 +00:00
cspell.config.jsonc
policies/event_matcher: Add query option to filter events (#21618)
2026-04-16 01:52:11 +02:00
go.mod
core: bump github.com/grafana/pyroscope-go from 1.2.8 to 1.3.0 (#22349)
2026-05-14 14:01:03 +02:00
go.sum
core: bump github.com/grafana/pyroscope-go from 1.2.8 to 1.3.0 (#22349)
2026-05-14 14:01:03 +02:00
LICENSE
Makefile
ci: Consistent NPM versions via Corepack (#20400)
2026-05-13 22:05:07 +00:00
manage.py
root: init rust worker (#21324)
2026-04-27 01:08:32 +02:00
package-lock.json
ci: Consistent NPM versions via Corepack (#20400)
2026-05-13 22:05:07 +00:00
package.json
ci: Consistent NPM versions via Corepack (#20400)
2026-05-13 22:05:07 +00:00
pyproject.toml
core: bump aws-cdk-lib from 2.252.0 to 2.253.0 (#22352)
2026-05-14 13:59:57 +02:00
README.md
root: Fix transifex link (#17696)
2025-10-24 19:01:42 +02:00
rust-toolchain.toml
core: bump rust-toolchain from 1.94.1 to 1.95.0 (#21660)
2026-04-17 23:48:49 +01:00
schema.yml
flows: remove link to overview for non-internal user (#22362)
2026-05-14 23:23:14 +02:00
SECURITY.md
security: add item to intended behavior section of security policy (#21430)
2026-04-07 13:00:26 +02:00
tsconfig.json
core, web: Vendored client follow-ups (#21174)
2026-03-26 18:33:24 +01:00
uv.lock
core: bump aws-cdk-lib from 2.252.0 to 2.253.0 (#22352)
2026-05-14 13:59:57 +02:00

README.md

authentik logo

Join Discord GitHub Workflow Status GitHub Workflow Status GitHub Workflow Status Code Coverage Latest version

What is authentik?

authentik is an open-source Identity Provider (IdP) for modern SSO. It supports SAML, OAuth2/OIDC, LDAP, RADIUS, and more, designed for self-hosting from small labs to large production clusters.

Our enterprise offering is available for organizations to securely replace existing IdPs such as Okta, Auth0, Entra ID, and Ping Identity for robust, large-scale identity management.

Installation

  • Docker Compose: recommended for small/test setups. See the documentation.
  • Kubernetes (Helm Chart): recommended for larger setups. See the documentation and the Helm chart repository.
  • AWS CloudFormation: deploy on AWS using our official templates. See the documentation.
  • DigitalOcean Marketplace: one-click deployment via the official Marketplace app. See the app listing.

Screenshots

Light Dark

Development and contributions

See the Developer Documentation for information about setting up local build environments, testing your contributions, and our contribution process.

Security

Please see SECURITY.md.

Adoption

Using authentik? We'd love to hear your story and feature your logo. Email us at hello@goauthentik.io or open a GitHub Issue/PR!

License

MIT License CC BY-SA 4.0 authentik EE License

Reference in New Issue View Git Blame Copy Permalink
S
Description
The authentication glue you need.
authenticationauthentikauthorizationkubernetesoauth2oauth2-clientoauth2-serveroidcoidc-clientoidc-providerproxyreverse-proxysamlsaml-idpsaml-spsecuritysso
Readme MIT 1 GiB
Languages
Python 54.4%
TypeScript 34.9%
Go 4.2%
CSS 2.2%
Rust 1.9%
Other 2.3%