authentik fork
This repository has been archived on 2024-05-31. You can view files and clone it, but cannot push or open issues or pull requests.
Go to file
Jens L 47d79ac28c
security: fix CVE 2022 46172 (#4275)
* fallback to current user in user_write, add flag to disable user creation

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* update api and web ui

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* update default flows

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add cve post to website

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-23 14:16:26 +01:00
.github ci: allow errors in migrate-from-stable for now 2022-11-14 21:52:31 +01:00
.vscode blueprints: add desired state attribute to objects (#4061) 2022-11-22 14:27:20 +01:00
authentik security: fix CVE 2022 46172 (#4275) 2022-12-23 14:16:26 +01:00
blueprints security: fix CVE 2022 46172 (#4275) 2022-12-23 14:16:26 +01:00
cmd root: make sentry DSN configurable (#4016) 2022-11-15 16:05:29 +01:00
internal release: 2022.11.3 2022-12-02 23:00:59 +02:00
lifecycle root: use single redis db (#4009) 2022-11-15 14:31:29 +01:00
locale sources/oauth: allow overriding of all scopes 2022-10-16 21:21:43 +02:00
scripts root: update options for generating TS API (#3833) 2022-10-21 09:08:25 +02:00
tests providers/oauth2: add device flow (#3334) 2022-10-11 12:42:10 +02:00
web security: fix CVE 2022 46172 (#4275) 2022-12-23 14:16:26 +01:00
website security: fix CVE 2022 46172 (#4275) 2022-12-23 14:16:26 +01:00
xml */saml: test against SAML Schema 2020-12-13 19:53:16 +01:00
.bumpversion.cfg release: 2022.11.3 2022-12-02 23:00:59 +02:00
.dockerignore root: add bundled docs 2021-07-13 11:06:51 +02:00
.editorconfig repo cleanup, switch to new docker registry 2019-04-29 17:05:39 +02:00
.gitignore root: add vscode tasks 2022-07-01 16:10:08 +02:00
CODE_OF_CONDUCT.md root: rework and expand security policy 2022-11-30 13:05:35 +02:00
CONTRIBUTING.md root: rework and expand security policy 2022-11-30 13:05:35 +02:00
Dockerfile root: include security policy in website container 2022-11-30 13:05:38 +02:00
LICENSE root: relicense and launch blog post 2022-11-03 16:00:00 +01:00
Makefile root: use single redis db (#4009) 2022-11-15 14:31:29 +01:00
README.md root: rework and expand security policy 2022-11-30 13:05:35 +02:00
SECURITY.md root: rework and expand security policy 2022-11-30 13:05:35 +02:00
docker-compose.yml release: 2022.11.3 2022-12-02 23:00:59 +02:00
go.mod core: bump goauthentik.io/api/v3 from 3.2022101.8 to 3.2022110.1 (#4060) 2022-11-22 10:02:25 +01:00
go.sum core: bump goauthentik.io/api/v3 from 3.2022101.8 to 3.2022110.1 (#4060) 2022-11-22 10:02:25 +01:00
ldap.Dockerfile core: bump golang from 1.19.2-bullseye to 1.19.3-bullseye (#3925) 2022-11-01 23:26:17 +01:00
manage.py *: remove deprecated backup (#2129) 2022-02-05 18:54:15 +01:00
poetry.lock Revert "core: bump structlog from 22.1.0 to 22.2.0 (#4046)" 2022-11-21 15:08:39 +01:00
proxy.Dockerfile core: bump golang from 1.19.2-bullseye to 1.19.3-bullseye (#3925) 2022-11-01 23:26:17 +01:00
pyproject.toml release: 2022.11.3 2022-12-02 23:00:59 +02:00
schema.yml security: fix CVE 2022 46172 (#4275) 2022-12-23 14:16:26 +01:00

README.md

authentik logo


Join Discord GitHub Workflow Status GitHub Workflow Status GitHub Workflow Status Code Coverage Docker pulls Latest version

What is authentik?

authentik is an open-source Identity Provider focused on flexibility and versatility. You can use authentik in an existing environment to add support for new protocols. authentik is also a great solution for implementing signup/recovery/etc in your application, so you don't have to deal with it.

Installation

For small/test setups it is recommended to use docker-compose, see the documentation

For bigger setups, there is a Helm Chart here. This is documented here

Screenshots

Light Dark

Development

See Development Documentation

Security

See SECURITY.md

Sponsors

This project is proudly sponsored by:

DigitalOcean provides development and testing resources for authentik.

Deploys by Netlify

Netlify hosts the goauthentik.io site.