205hlab-mirrors/authentik
2
0
Fork 0
mirror of https://github.com/goauthentik/authentik.git synced 2026-06-17 19:09:11 +03:00
Code Issues Packages Projects Releases Wiki Activity
22,063 Commits 384 Branches 449 Tags
2c3d11a4c347bd078ffd0f583f9cac82a836d574
T
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Teffen Ellis 2c3d11a4c3 core: harden npm install against supply-chain attacks (#22245) 
* core: add .npmrc baseline to block dependency lifecycle scripts

Set ignore-scripts=true at the repo root, plus engine-strict, save-exact,
audit, and prefer-offline. This neutralizes the dominant npm supply-chain
attack vector — postinstall scripts in transitive dependencies — at the
cost of requiring an explicit rebuild for the handful of packages that
legitimately need install scripts (esbuild, chromedriver, tree-sitter,
tree-sitter-json). The next commit wires that rebuild into the Makefile.

Co-Authored-By: Playpen Agent <279763771+playpen-agent@users.noreply.github.com>

* core: route node installs through make to retire website preinstall hook

Make docs-install depend on a new root-node-install so the root deps
are guaranteed before the website install runs, removing the need for
the website/preinstall lifecycle script. Rebuild the small audited list
of trusted packages (esbuild, chromedriver, tree-sitter, tree-sitter-json)
after the web install so ignore-scripts=true remains the only path that
needs maintenance. web/README documents the new workflow.

Co-Authored-By: Playpen Agent <279763771+playpen-agent@users.noreply.github.com>

* Clean up install scripts.

* Track .npmrc in CODEOWNERS

---------

Co-authored-by: Playpen Agent <279763771+playpen-agent@users.noreply.github.com>
2026-05-13 12:20:36 +00:00
.cargo
root: init rust worker (#21324)
2026-04-27 01:08:32 +02:00
.github
ci: bump taiki-e/install-action from 2.77.3 to 2.77.4 in /.github/actions/setup (#22321)
2026-05-13 13:49:53 +02:00
.vscode
core, web: Vendored client follow-ups (#21174)
2026-03-26 18:33:24 +01:00
authentik
endpoints: remove print line (#22325)
2026-05-13 13:45:28 +02:00
blueprints
enterprise: fix account lockdown target handling (#22246)
2026-05-12 01:59:00 +00:00
cmd
root: introduce allinone mode (#21990)
2026-05-04 16:43:11 +02:00
internal
internal: Automated internal backport: GHSA-5wcc-hf24-rf5h.sec.patch to authentik-main (#22304)
2026-05-12 19:37:42 +02:00
lifecycle
core: bump python-kadmin-rs from 0.7.1 to 0.7.2 (#22234)
2026-05-11 17:29:07 +00:00
locale
core, web: update translations (#22318)
2026-05-13 09:27:14 +02:00
packages
internal: Automated internal backport: CVE-2026-40166.sec.patch to authentik-main (#22299)
2026-05-12 20:15:56 +02:00
schemas
enterprise/providers: WS-Federation (#19583)
2026-01-28 17:43:16 +01:00
scripts
scripts/api_filter_schema: fix authentication (#21644)
2026-04-16 16:19:32 +00:00
src
root: introduce allinone mode (#21990)
2026-05-04 16:43:11 +02:00
tests
web: fix identification stage OUIA attributes (#22049)
2026-05-06 02:31:17 +02:00
web
core: harden npm install against supply-chain attacks (#22245)
2026-05-13 12:20:36 +00:00
website
core: harden npm install against supply-chain attacks (#22245)
2026-05-13 12:20:36 +00:00
.dockerignore
packages/ak-lib: init (#21257)
2026-03-31 11:33:46 +02:00
.editorconfig
website: add netlify cache plugin (#15113)
2025-06-18 15:07:15 +02:00
.gitattributes
packages/django-dramatiq-postgres: fix default value for HTTPServerThread (#21216)
2026-03-28 20:57:46 +01:00
.gitignore
root: introduce allinone mode (#21990)
2026-05-04 16:43:11 +02:00
.npmrc
core: harden npm install against supply-chain attacks (#22245)
2026-05-13 12:20:36 +00:00
.prettierignore
core, web: Vendored client follow-ups (#21174)
2026-03-26 18:33:24 +01:00
build.rs
root: fix rust build with uv-installed Python (#21858)
2026-04-28 18:11:22 +02:00
Cargo.lock
core: bump tokio from 1.52.2 to 1.52.3 (#22262)
2026-05-12 15:16:23 +02:00
Cargo.toml
core: bump tokio from 1.52.2 to 1.52.3 (#22262)
2026-05-12 15:16:23 +02:00
CODE_OF_CONDUCT.md
CODEOWNERS
core: harden npm install against supply-chain attacks (#22245)
2026-05-13 12:20:36 +00:00
CONTRIBUTING.md
root: clean up README (#16286)
2025-09-02 21:38:53 +00:00
cspell.config.jsonc
policies/event_matcher: Add query option to filter events (#21618)
2026-04-16 01:52:11 +02:00
go.mod
core: bump github.com/go-openapi/runtime from 0.29.4 to 0.29.5 (#22151)
2026-05-11 12:56:12 +02:00
go.sum
core: bump github.com/go-openapi/runtime from 0.29.4 to 0.29.5 (#22151)
2026-05-11 12:56:12 +02:00
LICENSE
Makefile
core: harden npm install against supply-chain attacks (#22245)
2026-05-13 12:20:36 +00:00
manage.py
root: init rust worker (#21324)
2026-04-27 01:08:32 +02:00
package-lock.json
root: bump version to 2026.8.0-rc1 (#22167)
2026-05-08 17:15:32 +00:00
package.json
root: bump version to 2026.8.0-rc1 (#22167)
2026-05-08 17:15:32 +00:00
pyproject.toml
core: bump django-stubs[compatible-mypy] from 6.0.3 to 6.0.4 (#22319)
2026-05-13 13:49:57 +02:00
README.md
root: Fix transifex link (#17696)
2025-10-24 19:01:42 +02:00
rust-toolchain.toml
core: bump rust-toolchain from 1.94.1 to 1.95.0 (#21660)
2026-04-17 23:48:49 +01:00
schema.yml
internal: Automated internal backport: CVE-2026-40166.sec.patch to authentik-main (#22299)
2026-05-12 20:15:56 +02:00
SECURITY.md
security: add item to intended behavior section of security policy (#21430)
2026-04-07 13:00:26 +02:00
tsconfig.json
core, web: Vendored client follow-ups (#21174)
2026-03-26 18:33:24 +01:00
uv.lock
core: bump django-stubs[compatible-mypy] from 6.0.3 to 6.0.4 (#22319)
2026-05-13 13:49:57 +02:00

README.md

authentik logo

Join Discord GitHub Workflow Status GitHub Workflow Status GitHub Workflow Status Code Coverage Latest version

What is authentik?

authentik is an open-source Identity Provider (IdP) for modern SSO. It supports SAML, OAuth2/OIDC, LDAP, RADIUS, and more, designed for self-hosting from small labs to large production clusters.

Our enterprise offering is available for organizations to securely replace existing IdPs such as Okta, Auth0, Entra ID, and Ping Identity for robust, large-scale identity management.

Installation

  • Docker Compose: recommended for small/test setups. See the documentation.
  • Kubernetes (Helm Chart): recommended for larger setups. See the documentation and the Helm chart repository.
  • AWS CloudFormation: deploy on AWS using our official templates. See the documentation.
  • DigitalOcean Marketplace: one-click deployment via the official Marketplace app. See the app listing.

Screenshots

Light Dark

Development and contributions

See the Developer Documentation for information about setting up local build environments, testing your contributions, and our contribution process.

Security

Please see SECURITY.md.

Adoption

Using authentik? We'd love to hear your story and feature your logo. Email us at hello@goauthentik.io or open a GitHub Issue/PR!

License

MIT License CC BY-SA 4.0 authentik EE License

Reference in New Issue View Git Blame Copy Permalink
S
Description
The authentication glue you need.
authenticationauthentikauthorizationkubernetesoauth2oauth2-clientoauth2-serveroidcoidc-clientoidc-providerproxyreverse-proxysamlsaml-idpsaml-spsecuritysso
Readme MIT 1 GiB
Languages
Python 54.4%
TypeScript 34.9%
Go 4.2%
CSS 2.2%
Rust 1.9%
Other 2.3%