Skip to content

providers/proxy: fix Issuer when AUTHENTIK_HOST_BROWSER is set#11968

Merged
BeryJu merged 1 commit intomainfrom
providers/proxy/fix-host-browser-issuer
Nov 12, 2024
Merged

providers/proxy: fix Issuer when AUTHENTIK_HOST_BROWSER is set#11968
BeryJu merged 1 commit intomainfrom
providers/proxy/fix-host-browser-issuer

Conversation

@BeryJu
Copy link
Member

@BeryJu BeryJu commented Nov 8, 2024

correctly use host_browser's hostname as host header for token requests to ensure Issuer is identical

Details

closes #11883

Checklist

  • Local tests pass (ak test authentik/)
  • The code has been formatted (make lint-fix)

If an API change has been made

  • The API schema has been updated (make gen-build)

If changes to the frontend have been made

  • The code has been formatted (make web)

If applicable

  • The documentation has been updated
  • The documentation has been formatted (make website)

@BeryJu
providers/proxy: fix Issuer when AUTHENTIK_HOST_BROWSER is set
8f316f9 
correctly use host_browser's hostname as host header for token requests to ensure Issuer is identical
@BeryJu BeryJu requested review from a team as code owners November 8, 2024 15:51
@netlify
Copy link

netlify bot commented Nov 8, 2024
edited
Loading

Deploy Preview for authentik-docs canceled.

Name Link
🔨 Latest commit 8f316f9
🔍 Latest deploy log https://app.netlify.com/sites/authentik-docs/deploys/672e33732fa67c000871f7f3

@netlify
Copy link

netlify bot commented Nov 8, 2024
edited
Loading

Deploy Preview for authentik-storybook canceled.

Name Link
🔨 Latest commit 8f316f9
🔍 Latest deploy log https://app.netlify.com/sites/authentik-storybook/deploys/672e33739713af0008b3179c

@codecov
Copy link

codecov bot commented Nov 8, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 92.64%. Comparing base (022b520) to head (8f316f9).
Report is 19 commits behind head on main.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main   #11968      +/-   ##
==========================================
+ Coverage   92.63%   92.64%   +0.01%     
==========================================
  Files         761      761              
  Lines       37813    37813              
==========================================
+ Hits        35028    35032       +4     
+ Misses       2785     2781       -4
Flag Coverage Δ
e2e 49.21% <ø> (+<0.01%) ⬆️
integration 24.91% <ø> (ø)
unit 90.15% <ø> (+<0.01%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@github-actions
Copy link
Contributor

github-actions bot commented Nov 12, 2024

authentik PR Installation instructions

Instructions for docker-compose

Add the following block to your .env file:

AUTHENTIK_IMAGE=ghcr.io/goauthentik/dev-server
AUTHENTIK_TAG=gh-8f316f90ee70f186a795a599179b2ee8b3b9dd97
AUTHENTIK_OUTPOSTS__CONTAINER_IMAGE_BASE=ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s

For arm64, use these values:

AUTHENTIK_IMAGE=ghcr.io/goauthentik/dev-server
AUTHENTIK_TAG=gh-8f316f90ee70f186a795a599179b2ee8b3b9dd97-arm64
AUTHENTIK_OUTPOSTS__CONTAINER_IMAGE_BASE=ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s

Afterwards, run the upgrade commands from the latest release notes.

Instructions for Kubernetes

Add the following block to your values.yml file:

authentik:
    outposts:
        container_image_base: ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s
global:
    image:
        repository: ghcr.io/goauthentik/dev-server
        tag: gh-8f316f90ee70f186a795a599179b2ee8b3b9dd97

For arm64, use these values:

authentik:
    outposts:
        container_image_base: ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s
global:
    image:
        repository: ghcr.io/goauthentik/dev-server
        tag: gh-8f316f90ee70f186a795a599179b2ee8b3b9dd97-arm64

Afterwards, run the upgrade commands from the latest release notes.

@BeryJu BeryJu merged commit a892d4a into main Nov 12, 2024
@BeryJu BeryJu deleted the providers/proxy/fix-host-browser-issuer branch November 12, 2024 23:54
@BeryJu
Copy link
Member Author

BeryJu commented Nov 12, 2024

/cherry-pick version-2024.10

gcp-cherry-pick-bot bot pushed a commit that referenced this pull request Nov 12, 2024
@BeryJu
providers/proxy: fix Issuer when AUTHENTIK_HOST_BROWSER is set (#11968)
ad3519b 
correctly use host_browser's hostname as host header for token requests to ensure Issuer is identical
@gcp-cherry-pick-bot gcp-cherry-pick-bot bot mentioned this pull request Nov 12, 2024
Merged
BeryJu added a commit that referenced this pull request Nov 12, 2024
@gcp-cherry-pick-bot @BeryJu
providers/proxy: fix Issuer when AUTHENTIK_HOST_BROWSER is set (cherr…
feb13c8 
…y-pick #11968) (#12005)

providers/proxy: fix Issuer when AUTHENTIK_HOST_BROWSER is set (#11968)

correctly use host_browser's hostname as host header for token requests to ensure Issuer is identical

Co-authored-by: Jens L. <jens@goauthentik.io>
kensternberg-authentik added a commit that referenced this pull request Nov 14, 2024
@kensternberg-authentik
Merge branch 'main' into web/admin/better-footer-links
48a24ad 
* main:
  providers/ldap: fix global search_full_directory permission not being sufficient (#12028)
  website/docs: 2024.10.2 release notes (#12025)
  lifecycle: fix ak exit status not being passed (#12024)
  core: use versioned_script for path only (#12003)
  core, web: update translations (#12020)
  core: bump google-api-python-client from 2.152.0 to 2.153.0 (#12021)
  providers/oauth2: fix manual device code entry (#12017)
  crypto: validate that generated certificate's name is unique (#12015)
  core, web: update translations (#12006)
  core: bump google-api-python-client from 2.151.0 to 2.152.0 (#12007)
  translate: Updates for file locale/en/LC_MESSAGES/django.po in zh-Hans (#12011)
  translate: Updates for file locale/en/LC_MESSAGES/django.po in zh_CN (#12010)
  translate: Updates for file web/xliff/en.xlf in zh-Hans (#12012)
  translate: Updates for file web/xliff/en.xlf in zh_CN (#12013)
  providers/proxy: fix Issuer when AUTHENTIK_HOST_BROWSER is set (#11968)
  website/docs: move S3 ad GeoIP to System Management/Operations (#11998)
  website/integrations: nextcloud: add SSE warning (#11976)
kensternberg-authentik added a commit that referenced this pull request Nov 14, 2024
@kensternberg-authentik
:wqge branch 'main' into dev
36b10b4 
* main:
  providers/ldap: fix global search_full_directory permission not being sufficient (#12028)
  website/docs: 2024.10.2 release notes (#12025)
  lifecycle: fix ak exit status not being passed (#12024)
  core: use versioned_script for path only (#12003)
  core, web: update translations (#12020)
  core: bump google-api-python-client from 2.152.0 to 2.153.0 (#12021)
  providers/oauth2: fix manual device code entry (#12017)
  crypto: validate that generated certificate's name is unique (#12015)
  core, web: update translations (#12006)
  core: bump google-api-python-client from 2.151.0 to 2.152.0 (#12007)
  translate: Updates for file locale/en/LC_MESSAGES/django.po in zh-Hans (#12011)
  translate: Updates for file locale/en/LC_MESSAGES/django.po in zh_CN (#12010)
  translate: Updates for file web/xliff/en.xlf in zh-Hans (#12012)
  translate: Updates for file web/xliff/en.xlf in zh_CN (#12013)
  providers/proxy: fix Issuer when AUTHENTIK_HOST_BROWSER is set (#11968)
  website/docs: move S3 ad GeoIP to System Management/Operations (#11998)
  website/integrations: nextcloud: add SSE warning (#11976)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Infinite redirect loop on proxy providers since 2024.10

1 participant

@BeryJu