Skip to content

stages/authenticator_static: set max token length to 100 chars #19162

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
dominic-r merged 5 commits into from
Jan 7, 2026
Merged

stages/authenticator_static: set max token length to 100 chars #19162

dominic-r merged 5 commits into from
Jan 7, 2026

Conversation

@dominic-r
Copy link
Member

@dominic-r dominic-r commented Jan 2, 2026
edited
Loading

Sets maximum static token length to 100 cause of some math Gergo did. Also adds a validator and gives the max value to the user in the ui. slightly improves/tweaks the UI to wrap on long tokens and render one per line.

ui snapshots:

50:
image

16:
image

Closes: #19158

@dominic-r dominic-r added this to the Release 2025.12 milestone Jan 2, 2026
@dominic-r dominic-r self-assigned this Jan 2, 2026
@dominic-r dominic-r requested review from a team as code owners January 2, 2026 20:01
@dominic-r dominic-r added area:frontend Features or issues related to the browser, TypeScript, Node.js, etc area:backend labels Jan 2, 2026
@dominic-r dominic-r linked an issue Jan 2, 2026 that may be closed by this pull request
Static Tokens longer than 16 chars result in UI glitch and application+database error #19158
Closed
@netlify
Copy link

netlify bot commented Jan 2, 2026
edited
Loading

Deploy Preview for authentik-storybook ready!

Name Link
🔨 Latest commit b0a1c75
🔍 Latest deploy log https://app.netlify.com/projects/authentik-storybook/deploys/695edb8f1725660008d1b7ff
😎 Deploy Preview https://deploy-preview-19162--authentik-storybook.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

@netlify
Copy link

netlify bot commented Jan 2, 2026
edited
Loading

Deploy Preview for authentik-docs ready!

Name Link
🔨 Latest commit b0a1c75
🔍 Latest deploy log https://app.netlify.com/projects/authentik-docs/deploys/695edb8f67391100082c5618
😎 Deploy Preview https://deploy-preview-19162--authentik-docs.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

@codecov
Copy link

codecov bot commented Jan 2, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 93.35%. Comparing base (660a587) to head (b0a1c75).
⚠️ Report is 1 commits behind head on main.
✅ All tests successful. No failed tests found.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main   #19162      +/-   ##
==========================================
+ Coverage   93.15%   93.35%   +0.20%     
==========================================
  Files         949      949              
  Lines       52384    52385       +1     
==========================================
+ Hits        48797    48904     +107     
+ Misses       3587     3481     -106
Flag Coverage Δ
conformance 38.75% <100.00%> (+<0.01%) ⬆️
e2e 44.64% <100.00%> (+1.01%) ⬆️
integration 23.43% <100.00%> (+<0.01%) ⬆️
unit 91.57% <100.00%> (-0.02%) ⬇️
unit-migrate 91.62% <100.00%> (-0.02%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

kensternberg-authentik
kensternberg-authentik approved these changes Jan 2, 2026
View reviewed changes
@github-actions
Copy link
Contributor

github-actions bot commented Jan 2, 2026
edited
Loading

authentik PR Installation instructions

Instructions for docker-compose

Add the following block to your .env file:

AUTHENTIK_IMAGE=ghcr.io/goauthentik/dev-server
AUTHENTIK_TAG=gh-b0a1c75c0ab3de691e42fe106835bc461a22ad56
AUTHENTIK_OUTPOSTS__CONTAINER_IMAGE_BASE=ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s

Afterwards, run the upgrade commands from the latest release notes.

Instructions for Kubernetes

Add the following block to your values.yml file:

authentik:
    outposts:
        container_image_base: ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s
global:
    image:
        repository: ghcr.io/goauthentik/dev-server
        tag: gh-b0a1c75c0ab3de691e42fe106835bc461a22ad56

Afterwards, run the upgrade commands from the latest release notes.

gergosimonyi
gergosimonyi reviewed Jan 4, 2026
View reviewed changes
Copy link
Collaborator

@gergosimonyi gergosimonyi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Recommendation: instead, the database should accept tokens up to length n where n is way greater than 16 and, let's say, at least 43. With the current [0-9a-zA-Z] alphabet that would give log_2(62^43)≈256 bits of entropy for anyone who wants that.

@dominic-r dominic-r added the backport/version-2025.12 Add this label to PRs to backport changes to version-2025.12 label Jan 4, 2026
@dominic-r dominic-r requested a review from gergosimonyi January 6, 2026 23:52
@dominic-r dominic-r changed the title stages/authenticator_static: add max length validation for token_length field stages/authenticator_static: set max token length to 50 chars and tweak ui Jan 7, 2026
@dominic-r dominic-r changed the title stages/authenticator_static: set max token length to 50 chars and tweak ui stages/authenticator_static: set max token length to 50 chars Jan 7, 2026
@dominic-r dominic-r changed the title stages/authenticator_static: set max token length to 50 chars stages/authenticator_static: set max token length to 100 chars Jan 7, 2026
@github-project-automation github-project-automation bot moved this from Todo to In Progress in authentik Core Jan 7, 2026
@dominic-r dominic-r enabled auto-merge (squash) January 7, 2026 22:30
@dominic-r dominic-r merged commit 39f6f72 into main Jan 7, 2026
100 checks passed
@dominic-r dominic-r deleted the sdko/authenticator-static-token-valid branch January 7, 2026 22:50
@github-project-automation github-project-automation bot moved this from In Progress to Done in authentik Core Jan 7, 2026
authentik-automation bot pushed a commit that referenced this pull request Jan 7, 2026
@dominic-r @authentik-automation
stages/authenticator_static: set max token length to 100 chars (#19162)
5fbfc39 
* stages/authenticator_static: add max length validation for token_length field

* wip

* wip
@authentik-automation authentik-automation bot mentioned this pull request Jan 7, 2026
Merged
@authentik-automation
Copy link
Contributor

authentik-automation bot commented Jan 7, 2026

🍒 Cherry-pick to version-2025.12 created: #19231

rissson pushed a commit that referenced this pull request Jan 8, 2026
@authentik-automation @dominic-r
stages/authenticator_static: set max token length to 100 chars (cherr…
6e9d510 
…y-pick #19162 to version-2025.12) (#19231)

Co-authored-by: Dominic R <[email protected]>
kensternberg-authentik added a commit that referenced this pull request Jan 8, 2026
@kensternberg-authentik
Merge branch 'main' into web/maintenance/no-unknown-attributes-2
ba4e3ab 
* main:
  stages/prompt: optimize API endpoints (#19251)
  web: bump the rollup group across 1 directory with 4 updates (#19206)
  web: bump vite from 7.3.0 to 7.3.1 in /web (#19245)
  website/docs: update github social login script example (#19246)
  website/integrations: update AWS (#17861)
  core: bump goauthentik.io/api/v3 from 3.2026020.8 to 3.2026020.10 (#19242)
  website: Fix typos. (#19243)
  core: fix read replica routing during transactions (#19086)
  website/glossary: improve (#18969)
  stages/authenticator_static: set max token length to 100 chars (#19162)
kensternberg-authentik added a commit that referenced this pull request Jan 12, 2026
@kensternberg-authentik
Merge branch 'main' into dev
dd9eb42 
* main: (44 commits)
  web: Fix flow inspector advancement event. (#19309)
  web: bump knip from 5.80.0 to 5.80.1 in /web (#19301)
  core: bump urllib3 from 2.5.0 to v2.6.3 (#19287)
  endpoints: show agent version (#19239)
  core: bump django from v5.2.9 to 5.2.10 (#19290)
  web/admin: add banner to flow import form (#19288)
  web: bump chromedriver from 143.0.3 to 143.0.4 in /web (#19244)
  stages/password: replace session-based retries with reputation (#18643)
  website/integations: fix aws spelling (#19253)
  website/docs: update entra id provider docs (#18366)
  stages/prompt: optimize API endpoints (#19251)
  web: bump the rollup group across 1 directory with 4 updates (#19206)
  web: bump vite from 7.3.0 to 7.3.1 in /web (#19245)
  website/docs: update github social login script example (#19246)
  website/integrations: update AWS (#17861)
  core: bump goauthentik.io/api/v3 from 3.2026020.8 to 3.2026020.10 (#19242)
  website: Fix typos. (#19243)
  core: fix read replica routing during transactions (#19086)
  website/glossary: improve (#18969)
  stages/authenticator_static: set max token length to 100 chars (#19162)
  ...
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@gergosimonyi gergosimonyi gergosimonyi approved these changes

@kensternberg-authentik kensternberg-authentik kensternberg-authentik approved these changes

Assignees

@dominic-r dominic-r

Labels

area:backend area:frontend Features or issues related to the browser, TypeScript, Node.js, etc backport/version-2025.12 Add this label to PRs to backport changes to version-2025.12

Projects

authentik Core
Status: Done

Milestone

Release 2025.12

Development

Successfully merging this pull request may close these issues.

Static Tokens longer than 16 chars result in UI glitch and application+database error

4 participants

@dominic-r @gergosimonyi @kensternberg-authentik