authentik

mirror of https://github.com/goauthentik/authentik.git synced 2026-06-17 19:09:11 +03:00

T

Dominic R abdff1c877 flows: preserve signed background URLs in CSS (#21868 )

* flows: preserve signed background URLs in CSS

Flow background URLs can include signed S3 query parameters with & separators. These values are rendered inside <style> tags, where Django autoescaping changes & to &amp;; browsers then request the literal escaped query string from S3, causing 400 responses for presigned background images.

Mark the flow background URL values as safe in the CSS-only template contexts used by the standard flow interface, the SFE flow page, and the full-screen login background. Regression coverage asserts that signed URL query separators are preserved in the rendered CSS for both standard and SFE flows.

Co-authored-by: Codex <codex@openai.com>

* flows: preserve signed background URLs in CSS

* fix unrelated test

---------

Co-authored-by: Codex <codex@openai.com>

2026-04-30 07:53:41 -04:00

.cargo

root: init rust worker (#21324 )

2026-04-27 01:08:32 +02:00

.github

ci: bump taiki-e/install-action from 2.75.22 to 2.75.23 in /.github/actions/setup (#21982 )

2026-04-30 13:40:21 +02:00

.vscode

core, web: Vendored client follow-ups (#21174 )

2026-03-26 18:33:24 +01:00

authentik

flows: preserve signed background URLs in CSS (#21868 )

2026-04-30 07:53:41 -04:00

blueprints

core: support hashed password in users API + automated install (#18686 )

2026-04-29 06:27:59 +02:00

cmd

root: init rust worker (#21324 )

2026-04-27 01:08:32 +02:00

internal

providers/radius: fix message authenticator validation (#21824 )

2026-04-25 20:53:29 +02:00

lifecycle

root: fix rust build with uv-installed Python (#21858 )

2026-04-28 18:11:22 +02:00

locale

core, web: update translations (#21966 )

2026-04-30 13:41:38 +02:00

packages

core: support hashed password in users API + automated install (#18686 )

2026-04-29 06:27:59 +02:00

schemas

enterprise/providers: WS-Federation (#19583 )

2026-01-28 17:43:16 +01:00

scripts

scripts/api_filter_schema: fix authentication (#21644 )

2026-04-16 16:19:32 +00:00

src

root: init rust worker (#21324 )

2026-04-27 01:08:32 +02:00

tests

providers/saml: generate issuer url when provider is set on app (#18022 )

2026-04-28 17:31:12 -05:00

web

core, web: update translations (#21966 )

2026-04-30 13:41:38 +02:00

website

website/integrations: Refactor and cleanup GitHub Enterprise (#21685 )

2026-04-30 07:11:27 -04:00

.dockerignore

packages/ak-lib: init (#21257 )

2026-03-31 11:33:46 +02:00

.editorconfig

website: add netlify cache plugin (#15113 )

2025-06-18 15:07:15 +02:00

.gitattributes

packages/django-dramatiq-postgres: fix default value for HTTPServerThread (#21216 )

2026-03-28 20:57:46 +01:00

.gitignore

root: cleanup API generation (#21172 )

2026-03-26 13:48:01 +00:00

.prettierignore

core, web: Vendored client follow-ups (#21174 )

2026-03-26 18:33:24 +01:00

build.rs

root: fix rust build with uv-installed Python (#21858 )

2026-04-28 18:11:22 +02:00

Cargo.lock

core: bump rustls from 0.23.39 to 0.23.40 (#21958 )

2026-04-29 12:34:27 +02:00

Cargo.toml

core: bump rustls from 0.23.39 to 0.23.40 (#21958 )

2026-04-29 12:34:27 +02:00

CODE_OF_CONDUCT.md

…

CODEOWNERS

root: fix rust build with uv-installed Python (#21858 )

2026-04-28 18:11:22 +02:00

CONTRIBUTING.md

root: clean up README (#16286 )

2025-09-02 21:38:53 +00:00

cspell.config.jsonc

policies/event_matcher: Add query option to filter events (#21618 )

2026-04-16 01:52:11 +02:00

go.mod

core: bump github.com/getsentry/sentry-go from 0.45.1 to 0.46.0 (#21955 )

2026-04-29 12:36:43 +02:00

go.sum

core: bump github.com/getsentry/sentry-go from 0.45.1 to 0.46.0 (#21955 )

2026-04-29 12:36:43 +02:00

LICENSE

…

Makefile

root: init rust worker (#21324 )

2026-04-27 01:08:32 +02:00

manage.py

root: init rust worker (#21324 )

2026-04-27 01:08:32 +02:00

package-lock.json

web: bump brace-expansion from 1.1.13 to 1.1.14 (#21820 )

2026-04-25 11:27:27 +02:00

package.json

web: bump cspell from 9.7.0 to 10.0.0 (#21427 )

2026-04-07 15:15:53 +01:00

pyproject.toml

core: bump uvicorn[standard] from 0.44.0 to 0.45.0 (#21956 )

2026-04-29 12:35:09 +02:00

README.md

root: Fix transifex link (#17696 )

2025-10-24 19:01:42 +02:00

rust-toolchain.toml

core: bump rust-toolchain from 1.94.1 to 1.95.0 (#21660 )

2026-04-17 23:48:49 +01:00

schema.yml

core: support hashed password in users API + automated install (#18686 )

2026-04-29 06:27:59 +02:00

SECURITY.md

security: add item to intended behavior section of security policy (#21430 )

2026-04-07 13:00:26 +02:00

tsconfig.json

core, web: Vendored client follow-ups (#21174 )

2026-03-26 18:33:24 +01:00

uv.lock

core: bump uvicorn[standard] from 0.44.0 to 0.45.0 (#21956 )

2026-04-29 12:35:09 +02:00

README.md

What is authentik?

authentik is an open-source Identity Provider (IdP) for modern SSO. It supports SAML, OAuth2/OIDC, LDAP, RADIUS, and more, designed for self-hosting from small labs to large production clusters.

Our enterprise offering is available for organizations to securely replace existing IdPs such as Okta, Auth0, Entra ID, and Ping Identity for robust, large-scale identity management.

Installation

Docker Compose: recommended for small/test setups. See the documentation.
Kubernetes (Helm Chart): recommended for larger setups. See the documentation and the Helm chart repository.
AWS CloudFormation: deploy on AWS using our official templates. See the documentation.
DigitalOcean Marketplace: one-click deployment via the official Marketplace app. See the app listing.