Forward-Auth seems to match with wrong app

[samip5]

Describe the bug I have multiple apps on one domain, and I want control over which app users can access but Authentik doesn't understand the difference between https://dh.example.com/ and https://dh.example.com/sonarr/ as it's always matching the sonarr app despite going to the root of the subdomain.

To Reproduce Steps to reproduce the behavior:

1. Create two forward-auth single apps with external hosts as https://dh.example.com/ and https://dh.example.com/sonarr/
2. Try to authenicate using Traefik and Forward Auth
3. Notice that it tries to use the Sonarr one
4. Unable to login as it's the wrong app

Expected behavior I would have expected it to properly match to the / app and not the Sonarr one.

Logs Outpost:

timestamp="2023-05-01T17:08:42Z" level=trace event="Found app based direct host match" app=dh-sonarr-fw host=dh.example.com logger=authentik.outpost.proxyv2
timestamp="2023-05-01T17:08:42Z" level=trace event="passing to application mux" host=dh.example.com logger=authentik.outpost.proxyv2
timestamp="2023-05-01T17:08:42Z" level=trace event="tracing headers for debug" header="map[Accept:[*/*] Accept-Encoding:[gzip] User-Agent:[curl/7.88.1] X-Forwarded-For:[2001:14ba:16e5:faaf:f9b7:eda0:ecb7:baf0] X-Forwarded-Host:[dh.example.com] X-Forwarded-Method:[GET] X-Forwarded-Port:[443] X-Forwarded-Proto:[https] X-Forwarded-Server:[plex-server] X-Forwarded-Uri:[/] X-Real-Ip:[2001:14ba:16e5:faaf:f9b7:eda0:ecb7:baf0]]" logger=authentik.outpost.proxyv2.application name=dh-sonarr-fw
timestamp="2023-05-01T17:08:42Z" level=trace event="traefik forwarded url" logger=authentik.outpost.proxyv2.application name=dh-sonarr-fw url="https://dh.example.com/"

Version and Deployment

• authentik version: 2023.4.1
• Deployment: Helm with Outpost on docker-compose

[samip5]

I think I located the problem to https://github.com/goauthentik/authentik/blob/fef841a458b3847464584aaaac090d5b6a03af82/internal/outpost/proxyv2/handlers.go#L44#L77

[samip5]

@BeryJu It seems that it hasn't been thought about when a user has multiple apps under the same domain, and only difference is subpath?

[authentik-automation[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

[samip5]

not stale

[smohri-michibiki]

I am facing the same problem.

[authentik-automation[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

[samip5]

this should be fixed

[authentik-automation[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

[samip5]

Not stale really tho..

[authentik-automation[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

[samip5]

This should be fixed...

[authentik-automation[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

[samip5]

This should be looked at..

[authentik-automation[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

[samip5]

What can one do to get this fixed/looked at?