authentik

mirror of https://github.com/goauthentik/authentik.git synced 2026-06-17 19:09:11 +03:00

T

Ken Sternberg 6df62aaa2a web: fix a few visual nits reported after the latest release (#22012 )

* ## What

         window.authentik.flow = {
             "layout": "{{ flow.layout }}",
    +        "background": "{{ flow.background }}",
    +        "title": "{{ flow.title }}",
         };

Amends the `flow.html` template and `GlobalAuthentik` parser to include new parameters, `background` and `title`, in the flow-specific part of the configuration written to the HTML `<head>` object, and to provide those parameters to client code.

## Why

The `layout` is start-up critical: it tells the Flow interface how the admin wants the Flow page to look, and allows the HTML and CSS to be pre-aligned to that condition. `layout` is determined on a per-Flow bases, not a per-Stage basis; Flows are derived from a tuple of `(Brand, Application?)`, where the opening policy *may* direct a user to a different flow if the user reached authentik via a redirect from a specific application, but will otherwise fall back to the default Flow for the Brand.

The `background` is a field that is required if the `Flow`’s layout is of type `frame_background`; in this case, the part of the viewport not dedicated to the FlowExecutor is reserved for an `<iframe>` that will be filled in with whatever the administrator specifies. Although this gives it the same priority as `layout` (whether it’s provided or undefined) for describing the [chrome](https://developer.mozilla.org/en-US/docs/Glossary/Chrome) around a challenge, it is currently not provided to the application in the start-up config; it is provided in the `challenge` and renders the IFrame as part of the initial challenge.

This patch fixes that; if `layout` is provided, `background` ought to be as well, even if it’s empty. The execution of a Challenge ought not have any influence over the look and feel of the Flow-defined appearance *around* that Challenge.

I have added `title` as well; with that, all of the current theme-and-appearance related configuration details are placed into `<head>` and can be removed from the FlowExecutor.

Server-side, `background` is currently specified: `background = FileField(blank=True, default="")` which is … interesting since we also appear to store URLs in it. I don’t see anything in the FlowSerializer that would change that from a client’s point of view.

This patch furthers the effort to separate flow execution from flow presentation.

- \[🐰\] The code has been formatted (`make web`)

* The status label was using HTML booleans incorrectly. It is impossible for a boolean to be null. The default red was alarming, so I chose a neutral grey for the 'not default' state.

* It is not enough to provide a blank cell to ensure the header is spaced correctly; if the table is empty, that will collapse to zero width.  Providing the classes that go with the 'this cell may contain a toggle' provides the correct spacing as well.

* Fix inconsistent wording between menu and page; make the 'select type' radiocard and radiolist interfaces flush with the top of the form container, removing a weird jagged visual line between the menu and the content.

* Document adding 'toggle' to Table classes.

2026-05-02 18:25:23 +02:00

.cargo

root: init rust worker (#21324 )

2026-04-27 01:08:32 +02:00

.github

ci: bump taiki-e/install-action from 2.75.23 to 2.75.25 in /.github/actions/setup (#22005 )

2026-05-01 12:49:04 +02:00

.vscode

core, web: Vendored client follow-ups (#21174 )

2026-03-26 18:33:24 +01:00

authentik

stages/authenticator_webauthn: Update FIDO MDS3 & Passkey aaguid blobs (#21999 )

2026-05-01 12:48:51 +02:00

blueprints

enterprise: account lockdown (#18615 )

2026-04-30 23:02:46 +00:00

cmd

root: init rust worker (#21324 )

2026-04-27 01:08:32 +02:00

internal

providers/radius: fix message authenticator validation (#21824 )

2026-04-25 20:53:29 +02:00

lifecycle

lifecycle/aws: bump aws-cdk from 2.1118.4 to 2.1119.0 in /lifecycle/aws (#22001 )

2026-05-01 12:49:17 +02:00

locale

translate: Updates for project authentik and language fr_FR (#22008 )

2026-05-02 18:07:19 +02:00

packages

enterprise: account lockdown (#18615 )

2026-04-30 23:02:46 +00:00

schemas

enterprise/providers: WS-Federation (#19583 )

2026-01-28 17:43:16 +01:00

scripts

scripts/api_filter_schema: fix authentication (#21644 )

2026-04-16 16:19:32 +00:00

src

root: only allow listen failure in dev (#21987 )

2026-04-30 14:17:48 +02:00

tests

tests: add mixin to launch traefik for tests requiring SSL (#22011 )

2026-05-01 18:23:13 +02:00

web

web: fix a few visual nits reported after the latest release (#22012 )

2026-05-02 18:25:23 +02:00

website

website/docs: document air-gapped upgrades (#21972 )

2026-05-01 11:54:37 -04:00

.dockerignore

packages/ak-lib: init (#21257 )

2026-03-31 11:33:46 +02:00

.editorconfig

website: add netlify cache plugin (#15113 )

2025-06-18 15:07:15 +02:00

.gitattributes

packages/django-dramatiq-postgres: fix default value for HTTPServerThread (#21216 )

2026-03-28 20:57:46 +01:00

.gitignore

root: cleanup API generation (#21172 )

2026-03-26 13:48:01 +00:00

.prettierignore

core, web: Vendored client follow-ups (#21174 )

2026-03-26 18:33:24 +01:00

build.rs

root: fix rust build with uv-installed Python (#21858 )

2026-04-28 18:11:22 +02:00

Cargo.lock

core: bump reqwest from 0.13.2 to 0.13.3 (#22006 )

2026-05-01 12:49:01 +02:00

Cargo.toml

core: bump reqwest from 0.13.2 to 0.13.3 (#22006 )

2026-05-01 12:49:01 +02:00

CODE_OF_CONDUCT.md

…

CODEOWNERS

root: fix rust build with uv-installed Python (#21858 )

2026-04-28 18:11:22 +02:00

CONTRIBUTING.md

root: clean up README (#16286 )

2025-09-02 21:38:53 +00:00

cspell.config.jsonc

policies/event_matcher: Add query option to filter events (#21618 )

2026-04-16 01:52:11 +02:00

go.mod

core: bump github.com/getsentry/sentry-go from 0.45.1 to 0.46.0 (#21955 )

2026-04-29 12:36:43 +02:00

go.sum

core: bump github.com/getsentry/sentry-go from 0.45.1 to 0.46.0 (#21955 )

2026-04-29 12:36:43 +02:00

LICENSE

…

Makefile

root: init rust worker (#21324 )

2026-04-27 01:08:32 +02:00

manage.py

root: init rust worker (#21324 )

2026-04-27 01:08:32 +02:00

package-lock.json

web: bump brace-expansion from 1.1.13 to 1.1.14 (#21820 )

2026-04-25 11:27:27 +02:00

package.json

web: bump cspell from 9.7.0 to 10.0.0 (#21427 )

2026-04-07 15:15:53 +01:00

pyproject.toml

core: bump uvicorn[standard] from 0.45.0 to 0.46.0 (#22002 )

2026-05-01 12:49:12 +02:00

README.md

root: Fix transifex link (#17696 )

2025-10-24 19:01:42 +02:00

rust-toolchain.toml

core: bump rust-toolchain from 1.94.1 to 1.95.0 (#21660 )

2026-04-17 23:48:49 +01:00

schema.yml

enterprise: account lockdown (#18615 )

2026-04-30 23:02:46 +00:00

SECURITY.md

security: add item to intended behavior section of security policy (#21430 )

2026-04-07 13:00:26 +02:00

tsconfig.json

core, web: Vendored client follow-ups (#21174 )

2026-03-26 18:33:24 +01:00

uv.lock

core: bump uvicorn[standard] from 0.45.0 to 0.46.0 (#22002 )

2026-05-01 12:49:12 +02:00

README.md

What is authentik?

authentik is an open-source Identity Provider (IdP) for modern SSO. It supports SAML, OAuth2/OIDC, LDAP, RADIUS, and more, designed for self-hosting from small labs to large production clusters.

Our enterprise offering is available for organizations to securely replace existing IdPs such as Okta, Auth0, Entra ID, and Ping Identity for robust, large-scale identity management.

Installation

Docker Compose: recommended for small/test setups. See the documentation.
Kubernetes (Helm Chart): recommended for larger setups. See the documentation and the Helm chart repository.
AWS CloudFormation: deploy on AWS using our official templates. See the documentation.
DigitalOcean Marketplace: one-click deployment via the official Marketplace app. See the app listing.