Reloading loop after update to 2023.10.1

[Dual-0]

Hello,

after the update to 2023.10.1 I notice a reloading loop after the authentication to my Prometheus site.
I use Proxy Provider with default-source-authentication (Welcome to authentik!) and default-provider-authorization-implicit-consent (Authorize Application) flow but I also try the default-authentication-flow (Welcome to authentik!) flow.

To Reproduce
Steps to reproduce the behavior:

1. go to https://prometheus.mydomain.tld
2. login with username + password
3. type totp or use webauth

Expected behavior
Just login

Screenshots

Logs

docker-compose server log

{"auth_via": "session", "event": "/application/o/authorize/?client_id=UNLD8W5HQ0EF8bGKDJjeibPpBYjaGtynRjgJU6zR&redirect_uri=https%3A%2F%2Fprometheus.mydomain.tld%2Foutpost.goauthentik.io%2Fcallback%3FX-authentik-auth-callback%3Dtrue&response_type=code&scope=email+ak_proxy+profile+openid&state=WS0YaYkNCzXGmK0HUiaOB5h6Crpja_qVXVcthdwEF7A", "host": "auth.mydomain.tld", "level": "info", "logger": "authentik.asgi", "method": "GET", "pid": 204645, "remote": "1.2.3.4", "request_id": "a7b9fdd8db374879a392d09307b38221", "runtime": 89, "scheme": "https", "status": 302, "timestamp": "2023-10-27T10:51:44.044205", "user": "myuser", "user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36"}
{"auth_via": "session", "event": "/if/flow/default-provider-authorization-implicit-consent/?client_id=UNLD8W5HQ0EF8bGKDJjeibPpBYjaGtynRjgJU6zR&redirect_uri=https%3A%2F%2Fprometheus.mydomain.tld%2Foutpost.goauthentik.io%2Fcallback%3FX-authentik-auth-callback%3Dtrue&response_type=code&scope=email+ak_proxy+profile+openid&state=WS0YaYkNCzXGmK0HUiaOB5h6Crpja_qVXVcthdwEF7A", "host": "auth.mydomain.tld", "level": "info", "logger": "authentik.asgi", "method": "GET", "pid": 204645, "remote": "1.2.3.4", "request_id": "0dd8162c2d3845b6975bbeca170ce7af", "runtime": 65, "scheme": "https", "status": 200, "timestamp": "2023-10-27T10:51:44.135165", "user": "myuser", "user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36"}
{"event": "/ws/client/", "level": "info", "logger": "authentik.asgi", "pid": 204645, "remote": "1.2.3.4", "scheme": "ws", "timestamp": "2023-10-27T10:51:44.250939", "user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36"}
{"action": "authorize_application", "auth_via": "session", "client_ip": "1.2.3.4", "context": {"authorized_application": {"app": "authentik_core", "model_name": "application", "name": "Prometheus", "pk": "760e94c87e2348f4be08fa7fd0dda582"}, "flow": "736a469f79d045de9a03745a4791cd12", "geo": {"city": "Michelstadt", "continent": "EU", "country": "DE", "lat": 49.677, "long": 8.9925}, "http_request": {"args": {"client_id": "UNLD8W5HQ0EF8bGKDJjeibPpBYjaGtynRjgJU6zR", "redirect_uri": "https://prometheus.mydomain.tld/outpost.goauthentik.io/callback?X-authentik-auth-callback=true", "response_type": "code", "scope": "email ak_proxy profile openid", "state": "WS0YaYkNCzXGmK0HUiaOB5h6Crpja_qVXVcthdwEF7A"}, "method": "GET", "path": "/api/v3/flows/executor/default-provider-authorization-implicit-consent/"}, "scopes": "email ak_proxy profile openid"}, "event": "Created Event", "host": "auth.mydomain.tld", "level": "info", "logger": "authentik.events.models", "pid": 204645, "request_id": "70e4784e4b3b46dbabc0d0a70bbcc74b", "timestamp": "2023-10-27T10:51:44.285462", "user": {"email": "myuserver@myseconddomain.tld", "pk": 4, "username": "myuser"}}
{"auth_via": "session", "event": "Task published", "host": "auth.mydomain.tld", "level": "info", "logger": "authentik.root.celery", "pid": 204645, "request_id": "70e4784e4b3b46dbabc0d0a70bbcc74b", "task_id": "59debf88d6b84b45b1c05069f99e1177", "task_name": "authentik.events.tasks.event_notification_handler", "timestamp": "2023-10-27T10:51:44.309565"}
{"auth_via": "session", "event": "/api/v3/flows/executor/default-provider-authorization-implicit-consent/?query=client_id%3DUNLD8W5HQ0EF8bGKDJjeibPpBYjaGtynRjgJU6zR%26redirect_uri%3Dhttps%253A%252F%252Fprometheus.mydomain.tld%252Foutpost.goauthentik.io%252Fcallback%253FX-authentik-auth-callback%253Dtrue%26response_type%3Dcode%26scope%3Demail%2Bak_proxy%2Bprofile%2Bopenid%26state%3DWS0YaYkNCzXGmK0HUiaOB5h6Crpja_qVXVcthdwEF7A", "host": "auth.mydomain.tld", "level": "info", "logger": "authentik.asgi", "method": "GET", "pid": 204645, "remote": "1.2.3.4", "request_id": "70e4784e4b3b46dbabc0d0a70bbcc74b", "runtime": 94, "scheme": "https", "status": 200, "timestamp": "2023-10-27T10:51:44.322200", "user": "myuser", "user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36"}
{"auth_via": "unauthenticated", "event": "/application/o/token/", "host": "auth.mydomain.tld", "level": "info", "logger": "authentik.asgi", "method": "POST", "pid": 204645, "remote": "127.0.0.1", "request_id": "78718fb199044b8db780119ee071fc17", "runtime": 96, "scheme": "https", "status": 200, "timestamp": "2023-10-27T10:51:44.557762", "user": "", "user_agent": "goauthentik.io/outpost/2023.10.1 (provider=Prometheus)"}
{"event":"/outpost.goauthentik.io/callback?X-authentik-auth-callback=true&code=9cb4d2b1e9074737a5a97c33d85761d0&state=WS0YaYkNCzXGmK0HUiaOB5h6Crpja_qVXVcthdwEF7A","host":"prometheus.mydomain.tld","level":"info","logger":"authentik.outpost.proxyv2.application","method":"GET","name":"Prometheus","remote":"10.0.0.2:53698","runtime":"101.622","scheme":"http","size":49,"status":302,"timestamp":"2023-10-27T10:51:44Z","user_agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36"}
{"event":"/outpost.goauthentik.io/auth/nginx","host":"prometheus.mydomain.tld","level":"info","logger":"authentik.outpost.proxyv2.application","method":"GET","name":"Prometheus","remote":"10.0.0.2:53714","runtime":"0.526","scheme":"http","size":21,"status":401,"timestamp":"2023-10-27T10:51:44Z","user_agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36"}
{"event":"/outpost.goauthentik.io/start?rd=https://prometheus.mydomain.tld/","host":"prometheus.mydomain.tld","level":"info","logger":"authentik.outpost.proxyv2.application","method":"GET","name":"Prometheus","remote":"10.0.0.2:53720","runtime":"0.554","scheme":"http","size":355,"status":302,"timestamp":"2023-10-27T10:51:44Z","user":"myuser","user_agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36"}
{"auth_via": "session", "event": "/application/o/authorize/?client_id=UNLD8W5HQ0EF8bGKDJjeibPpBYjaGtynRjgJU6zR&redirect_uri=https%3A%2F%2Fprometheus.mydomain.tld%2Foutpost.goauthentik.io%2Fcallback%3FX-authentik-auth-callback%3Dtrue&response_type=code&scope=email+ak_proxy+profile+openid&state=WS0YaYkNCzXGmK0HUiaOB5h6Crpja_qVXVcthdwEF7A", "host": "auth.mydomain.tld", "level": "info", "logger": "authentik.asgi", "method": "GET", "pid": 204645, "remote": "1.2.3.4", "request_id": "050e2ef5826247e4b68bf01d1ba0aa98", "runtime": 85, "scheme": "https", "status": 302, "timestamp": "2023-10-27T10:51:44.719550", "user": "myuser", "user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36"}
{"auth_via": "session", "event": "/if/flow/default-provider-authorization-implicit-consent/?client_id=UNLD8W5HQ0EF8bGKDJjeibPpBYjaGtynRjgJU6zR&redirect_uri=https%3A%2F%2Fprometheus.mydomain.tld%2Foutpost.goauthentik.io%2Fcallback%3FX-authentik-auth-callback%3Dtrue&response_type=code&scope=email+ak_proxy+profile+openid&state=WS0YaYkNCzXGmK0HUiaOB5h6Crpja_qVXVcthdwEF7A", "host": "auth.mydomain.tld", "level": "info", "logger": "authentik.asgi", "method": "GET", "pid": 204645, "remote": "1.2.3.4", "request_id": "a879c0ce104f4b139a72ec614d132910", "runtime": 68, "scheme": "https", "status": 200, "timestamp": "2023-10-27T10:51:44.814714", "user": "myuser", "user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36"}
{"event": "/ws/client/", "level": "info", "logger": "authentik.asgi", "pid": 204412, "remote": "1.2.3.4", "scheme": "ws", "timestamp": "2023-10-27T10:51:44.944475", "user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36"}
{"action": "authorize_application", "auth_via": "session", "client_ip": "1.2.3.4", "context": {"authorized_application": {"app": "authentik_core", "model_name": "application", "name": "Prometheus", "pk": "760e94c87e2348f4be08fa7fd0dda582"}, "flow": "736a469f79d045de9a03745a4791cd12", "geo": {"city": "Michelstadt", "continent": "EU", "country": "DE", "lat": 49.677, "long": 8.9925}, "http_request": {"args": {"client_id": "UNLD8W5HQ0EF8bGKDJjeibPpBYjaGtynRjgJU6zR", "redirect_uri": "https://prometheus.mydomain.tld/outpost.goauthentik.io/callback?X-authentik-auth-callback=true", "response_type": "code", "scope": "email ak_proxy profile openid", "state": "WS0YaYkNCzXGmK0HUiaOB5h6Crpja_qVXVcthdwEF7A"}, "method": "GET", "path": "/api/v3/flows/executor/default-provider-authorization-implicit-consent/"}, "scopes": "email ak_proxy profile openid"}, "event": "Created Event", "host": "auth.mydomain.tld", "level": "info", "logger": "authentik.events.models", "pid": 204645, "request_id": "c580234d25904137a76cae31909bb237", "timestamp": "2023-10-27T10:51:44.969950", "user": {"email": "myuserver@myseconddomain.tld", "pk": 4, "username": "myuser"}}
{"auth_via": "session", "event": "Task published", "host": "auth.mydomain.tld", "level": "info", "logger": "authentik.root.celery", "pid": 204645, "request_id": "c580234d25904137a76cae31909bb237", "task_id": "da8a3fea2a704137bb293b5cfc708fe6", "task_name": "authentik.events.tasks.event_notification_handler", "timestamp": "2023-10-27T10:51:44.983304"}
{"auth_via": "session", "event": "/api/v3/flows/executor/default-provider-authorization-implicit-consent/?query=client_id%3DUNLD8W5HQ0EF8bGKDJjeibPpBYjaGtynRjgJU6zR%26redirect_uri%3Dhttps%253A%252F%252Fprometheus.mydomain.tld%252Foutpost.goauthentik.io%252Fcallback%253FX-authentik-auth-callback%253Dtrue%26response_type%3Dcode%26scope%3Demail%2Bak_proxy%2Bprofile%2Bopenid%26state%3DWS0YaYkNCzXGmK0HUiaOB5h6Crpja_qVXVcthdwEF7A", "host": "auth.mydomain.tld", "level": "info", "logger": "authentik.asgi", "method": "GET", "pid": 204645, "remote": "1.2.3.4", "request_id": "c580234d25904137a76cae31909bb237", "runtime": 76, "scheme": "https", "status": 200, "timestamp": "2023-10-27T10:51:44.992212", "user": "myuser", "user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36"}
{"auth_via": "unauthenticated", "event": "/application/o/token/", "host": "auth.mydomain.tld", "level": "info", "logger": "authentik.asgi", "method": "POST", "pid": 204645, "remote": "127.0.0.1", "request_id": "87f3d28d682d483388727e6e6e9522cc", "runtime": 105, "scheme": "https", "status": 200, "timestamp": "2023-10-27T10:51:45.207773", "user": "", "user_agent": "goauthentik.io/outpost/2023.10.1 (provider=Prometheus)"}
{"event":"/outpost.goauthentik.io/callback?X-authentik-auth-callback=true&code=44c773e6ef494fd7912d9265f89b63ec&state=WS0YaYkNCzXGmK0HUiaOB5h6Crpja_qVXVcthdwEF7A","host":"prometheus.mydomain.tld","level":"info","logger":"authentik.outpost.proxyv2.application","method":"GET","name":"Prometheus","remote":"10.0.0.2:53752","runtime":"111.063","scheme":"http","size":49,"status":302,"timestamp":"2023-10-27T10:51:45Z","user_agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36"}
{"event":"/outpost.goauthentik.io/auth/nginx","host":"prometheus.mydomain.tld","level":"info","logger":"authentik.outpost.proxyv2.application","method":"GET","name":"Prometheus","remote":"10.0.0.2:53758","runtime":"1.121","scheme":"http","size":21,"status":401,"timestamp":"2023-10-27T10:51:45Z","user_agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36"}
{"event":"/outpost.goauthentik.io/start?rd=https://prometheus.mydomain.tld/","host":"prometheus.mydomain.tld","level":"info","logger":"authentik.outpost.proxyv2.application","method":"GET","name":"Prometheus","remote":"10.0.0.2:53764","runtime":"0.900","scheme":"http","size":355,"status":302,"timestamp":"2023-10-27T10:51:45Z","user":"myuser","user_agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36"}
{"auth_via": "session", "event": "/application/o/authorize/?client_id=UNLD8W5HQ0EF8bGKDJjeibPpBYjaGtynRjgJU6zR&redirect_uri=https%3A%2F%2Fprometheus.mydomain.tld%2Foutpost.goauthentik.io%2Fcallback%3FX-authentik-auth-callback%3Dtrue&response_type=code&scope=email+ak_proxy+profile+openid&state=WS0YaYkNCzXGmK0HUiaOB5h6Crpja_qVXVcthdwEF7A", "host": "auth.mydomain.tld", "level": "info", "logger": "authentik.asgi", "method": "GET", "pid": 204645, "remote": "1.2.3.4", "request_id": "85faeeff10b14081b86c1251cdf4239c", "runtime": 88, "scheme": "https", "status": 302, "timestamp": "2023-10-27T10:51:45.373149", "user": "myuser", "user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36"}
{"auth_via": "session", "event": "/if/flow/default-provider-authorization-implicit-consent/?client_id=UNLD8W5HQ0EF8bGKDJjeibPpBYjaGtynRjgJU6zR&redirect_uri=https%3A%2F%2Fprometheus.mydomain.tld%2Foutpost.goauthentik.io%2Fcallback%3FX-authentik-auth-callback%3Dtrue&response_type=code&scope=email+ak_proxy+profile+openid&state=WS0YaYkNCzXGmK0HUiaOB5h6Crpja_qVXVcthdwEF7A", "host": "auth.mydomain.tld", "level": "info", "logger": "authentik.asgi", "method": "GET", "pid": 204645, "remote": "1.2.3.4", "request_id": "494493ad65f74cae8ac2cbe48f442b78", "runtime": 66, "scheme": "https", "status": 200, "timestamp": "2023-10-27T10:51:45.468381", "user": "myuser", "user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36"}
{"auth_via": "unauthenticated", "event": "/-/health/live/", "host": "localhost:8000", "level": "info", "logger": "authentik.asgi", "method": "GET", "pid": 204645, "remote": "255.255.255.255", "request_id": "844d441e095b458b8004f76cd76b41f6", "runtime": 41, "scheme": "http", "status": 204, "timestamp": "2023-10-27T10:51:46.292887", "user": "", "user_agent": "goauthentik.io/router/healthcheck"}
{"event":"updating tenant certificates","level":"info","logger":"authentik.router.tenant_tls","timestamp":"2023-10-27T10:51:48Z"}
{"auth_via": "secret_key", "event": "/api/v3/core/tenants/", "host": "0.0.0.0:9000", "level": "info", "logger": "authentik.asgi", "method": "GET", "pid": 204412, "remote": "127.0.0.1", "request_id": "859b18aa275d4283bd72bfdec87de00a", "runtime": 600, "scheme": "http", "status": 200, "timestamp": "2023-10-27T10:51:49.105568", "user": "ak-outpost-5d519aba45e24101b1edc324102bc38c", "user_agent": "goauthentik.io/outpost/2023.10.1"}
{"event":"/outpost.goauthentik.io/auth/nginx","host":"rss.mydomain.tld","level":"info","logger":"authentik.outpost.proxyv2.application","method":"GET","name":"RSS","remote":"10.0.0.2:48158","runtime":"0.877","scheme":"http","size":0,"status":200,"timestamp":"2023-10-27T10:52:10Z","user":"myuser","user_agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36"}
{"event":"/outpost.goauthentik.io/auth/nginx","host":"rss.mydomain.tld","level":"info","logger":"authentik.outpost.proxyv2.application","method":"GET","name":"RSS","remote":"10.0.0.2:48164","runtime":"0.312","scheme":"http","size":0,"status":200,"timestamp":"2023-10-27T10:52:10Z","user":"myuser","user_agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36"}
{"auth_via": "unauthenticated", "event": "/-/health/live/", "host": "localhost:8000", "level": "info", "logger": "authentik.asgi", "method": "GET", "pid": 204645, "remote": "255.255.255.255", "request_id": "0898170afe3f4f57ab91b8085625b2aa", "runtime": 36, "scheme": "http", "status": 204, "timestamp": "2023-10-27T10:52:16.289025", "user": "", "user_agent": "goauthentik.io/router/healthcheck"}
{"event": "/ws/client/", "level": "info", "logger": "authentik.asgi", "pid": 204645, "remote": "1.2.3.4", "scheme": "ws", "timestamp": "2023-10-27T10:52:23.510589", "user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36"}
{"auth_via": "unauthenticated", "event": "/-/health/live/", "host": "localhost:8000", "level": "info", "logger": "authentik.asgi", "method": "GET", "pid": 204645, "remote": "255.255.255.255", "request_id": "ae02d2159fd44b3bb68f599fc2d29813", "runtime": 45, "scheme": "http", "status": 204, "timestamp": "2023-10-27T10:52:46.298055", "user": "", "user_agent": "goauthentik.io/router/healthcheck"}
{"auth_via": "unauthenticated", "event": "/-/health/live/", "host": "localhost:8000", "level": "info", "logger": "authentik.asgi", "method": "GET", "pid": 204645, "remote": "255.255.255.255", "request_id": "1c22c57426e4474e9b35fcf7886d6c08", "runtime": 53, "scheme": "http", "status": 204, "timestamp": "2023-10-27T10:53:16.306369", "user": "", "user_agent": "goauthentik.io/router/healthcheck"}
{"event": "/ws/client/", "level": "info", "logger": "authentik.asgi", "pid": 204645, "remote": "1.2.3.4", "scheme": "ws", "timestamp": "2023-10-27T10:53:24.510672", "user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36"}
{"auth_via": "unauthenticated", "event": "/-/health/live/", "host": "localhost:8000", "level": "info", "logger": "authentik.asgi", "method": "GET", "pid": 204645, "remote": "255.255.255.255", "request_id": "e27746ff98944d509e81b6a984625268", "runtime": 46, "scheme": "http", "status": 204, "timestamp": "2023-10-27T10:53:46.307131", "user": "", "user_agent": "goauthentik.io/router/healthcheck"}

Version and Deployment (please complete the following information):

• authentik version: 2023.10.1
• Deployment: docker-compose

[BeryJu]

should be fixed by #7324, you can test with the images linked in that PR

[Kaaybi]

I can still reproduce after updating to 2023.10.2

[yaakovfeldman]

I can still reproduce after updating to 2023.10.2

So can I - I don't think that fix is in 2023.10.2

[aceat64]

I had this issue under 2023.10.1 and can confirm that it still occurring in 2023.10.2. I also tested with default-provider-authorization-explicit-consent to no avail.

[lexxxel]

@Kaaybi @yaakovfeldman @aceat64 Have you deleted the cookies for the URL? I had to delete the 2 cookies for the domain I tried to reach (after the update to 2023.10.2), then I could reach the site without a loop, again.

[aceat64]

I did, which will let me through, but the issue returns once the cookie named authentik_proxy_<redacted> expires. I have the "Token validity" setting hours=24, which means clearing my cookies is only good for a day.

[nismanoku]

I have the exact same issue with redis and postgress when i updated to version 2023.10.1. After the "Token validity" setting expires i get the login screen and enter my credentials. After that i can see login successful top right of the screen and then it keeps looping the same screen with the loading logo spinning. This happens with the forward auth middleware build in to traefik and update to 2023.10.2)

Authentik is proxied withouth the forward auth middleware and i can access it as normal. Also have one service (docker) running local using the OAuth2/OpenID Provider and this also has no issues when repeatedly logging in and out.

Seeing the redis errors in noted by #7374 in my logs.

Set a new database on redis and postgres and let authentik build it completely new and restored the old database for the case any tables where missing > issues still happening.

The only thing working is removing the cookies from the browser (chrome) and then login with forward auth works until the "Token validity" setting expires.

Also getting the error when authentik starts up:
{"app_name": "authentik.stages.authenticator", "event": "Could not import app's URLs", "exc": "ModuleNotFoundError(\"No module named 'authentik.stages.authenticator.urls'\")", "level": "warning", "logger": "authentik.api.v3.urls", "pid": 28, "timestamp": "2023-10-30T15:50:09.943172"} {"app_name": "authentik.stages.authenticator", "event": "Could not import app's URLs", "exc": "ModuleNotFoundError(\"No module named 'authentik.stages.authenticator.urls'\")", "level": "warning", "logger": "authentik.api.v3.urls", "pid": 27, "timestamp": "2023-10-30T15:50:10.394534"} {"app_name": "authentik.stages.authenticator", "event": "Could not import app's URLs", "exc": "ModuleNotFoundError(\"No module named 'authentik.stages.authenticator.urls'\")", "level": "warning", "logger": "authentik.api.v3.urls", "pid": 29, "timestamp": "2023-10-30T15:50:10.725651"} {"app_name": "authentik.stages.authenticator", "event": "Could not import app's URLs", "exc": "ModuleNotFoundError(\"No module named 'authentik.stages.authenticator.urls'\")", "level": "warning", "logger": "authentik.api.v3.urls", "pid": 30, "timestamp": "2023-10-30T15:50:10.823260"}

If any information is needed for debugging let me know as i'm happy to help improving this great product.

[raldnor]

I am bitten by exactly the same bug. Running Authentik 2023.10.1 behind Nginx. Deletion of cookies works until the new cookie expires.

[BeryJu]

@raldnor @nismanoku @aceat64 @lexxxel please test the images from here #7385 (comment)

[aceat64]

I cleared all cookies for my domains and updated to those images for testing. Same results. I was able to access the proxied service but once the access token expired the issue came back. (I deleted the cookie to simulate expiration)