Forward-Auth seems to match with wrong app

[samip5]

Describe the bug I have multiple apps on one domain, and I want control over which app users can access but Authentik doesn't understand the difference between https://dh.example.com/ and https://dh.example.com/sonarr/ as it's always matching the sonarr app despite going to the root of the subdomain.

To Reproduce Steps to reproduce the behavior:

1. Create two forward-auth single apps with external hosts as https://dh.example.com/ and https://dh.example.com/sonarr/
2. Try to authenicate using Traefik and Forward Auth
3. Notice that it tries to use the Sonarr one
4. Unable to login as it's the wrong app

Expected behavior I would have expected it to properly match to the / app and not the Sonarr one.

Logs Outpost:

timestamp="2023-05-01T17:08:42Z" level=trace event="Found app based direct host match" app=dh-sonarr-fw host=dh.example.com logger=authentik.outpost.proxyv2
timestamp="2023-05-01T17:08:42Z" level=trace event="passing to application mux" host=dh.example.com logger=authentik.outpost.proxyv2
timestamp="2023-05-01T17:08:42Z" level=trace event="tracing headers for debug" header="map[Accept:[*/*] Accept-Encoding:[gzip] User-Agent:[curl/7.88.1] X-Forwarded-For:[2001:14ba:16e5:faaf:f9b7:eda0:ecb7:baf0] X-Forwarded-Host:[dh.example.com] X-Forwarded-Method:[GET] X-Forwarded-Port:[443] X-Forwarded-Proto:[https] X-Forwarded-Server:[plex-server] X-Forwarded-Uri:[/] X-Real-Ip:[2001:14ba:16e5:faaf:f9b7:eda0:ecb7:baf0]]" logger=authentik.outpost.proxyv2.application name=dh-sonarr-fw
timestamp="2023-05-01T17:08:42Z" level=trace event="traefik forwarded url" logger=authentik.outpost.proxyv2.application name=dh-sonarr-fw url="https://dh.example.com/"

Version and Deployment

• authentik version: 2023.4.1
• Deployment: Helm with Outpost on docker-compose