goauthentik / authentik

The authentication glue you need.
https://goauthentik.io
Other
13.67k stars 915 forks source link

Incorrect redirect url migration for outposts #12135

Closed ftong2020 closed 16 hours ago

ftong2020 commented 16 hours ago

Describe the bug After upgrading authentik from 2024.6.5 to 2024.8.5, outpost will not work any more for invalid redirect url.

dig into authentik database, new strategy generated (table authentik_providers_oauth2_oauth2provider, column _oauth2_redirect) during upgrade giving following result [{"url": "https://my.domain/outpost.goauthentik.io/callback\\?X-authentik-auth-callback=true", "matching_mode": "strict"}, {"url": "https://my.domain\\?X-authentik-auth-callback=true", "matching_mode": "strict"}]

which is incorrect, in strict mode,there is no need to escape "?".

After manually delete all "\", authentik outposts works again

MFYDev commented 16 hours ago

Just met this issue as well after upgrade to 2024.10.3 and now I am not be able to log in anymore, every time authentik will have some bugs after the upugrade

MFYDev commented 16 hours ago

The issue is I am using domain level forward auth and I CANNOT even change the \ in the url

BeryJu commented 16 hours ago

See #12121, you can use ghcr.io/goauthentik/dev-server:gh-version-2024.10

mathieuruellan commented 15 hours ago

Thank you @BeryJu Do you plan to release a 2024.10.4 soon?