authentik icon indicating copy to clipboard operation
authentik copied to clipboard
verified publisher icon goauthentik

Add possibility to protect subpathes

Open KoMa1012 opened this issue 2 years ago • 2 comments

Is your feature request related to a problem? Please describe. I'm using multiple apps which right nor require app1.domain.tld app2.domain.tld etc... However, they are all routing to the same PC, but different docker containers. I'm routing the subdomain to authentik and then use a proxy provider to log in. However, I'm getting: "error to many redirects, delete your cookies" message when I try to log in.

Describe the solution you'd like It would be great to have the option to do something like internal.domain.tld/app1 internal.domain.tld/app2 etc... this will clean up the environment of subdomains and will be a bit more hidden (since no public DNS entry)

Describe alternatives you've considered I considdered using a catch all adress which goes to authentik, this way I'd have all no defined subdomains ending at authentik, but this isn't an elegant solution either.

KoMa1012 avatar Feb 06 '24 09:02 KoMa1012

Bearer tokens can be set for a specific path. I don't believe this is really done by authentik but by the application that sets to token for itself. At least Traefik has a way to set this because applications may not know their own path, cookie path prefixer is one of the plugins.

Header should be: Set-Cookie: =; Path=

wjbrf avatar Feb 10 '24 21:02 wjbrf

thank you, will double check with this information!

KoMa1012 avatar Feb 12 '24 10:02 KoMa1012