groombook/api
13
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity

fix(auth): add accountLinking trustedProviders for authentik (GRO-1509)
CI / Test (pull_request) Failing after 44s
Details
CI / Lint & Typecheck (pull_request) Failing after 52s
Details
CI / Build & Push Docker Image (pull_request) Has been skipped
Details

Browse Source 
Betters Auth v1.5.6 link-account.mjs:22 rejects OAuth callbacks when the
genericOAuth provider is not in trustedProviders AND email_verified is
falsy. Adding authentik to trustedProviders bypasses this guard so OIDC
login works for TF-created users whose emails were never verified through
an authentik flow.

Co-Authored-By: Paperclip <noreply@paperclip.ing>
This commit is contained in:
Flea Flicker
2026-05-21 22:24:48 +00:00
parent 9692476202
commit 00dadac0a1
1 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/lib/auth.ts
+4
View File
@@ -251,6 +251,10 @@ export async function initAuth(): Promise<void> {
},
},
account: {
accountLinking: {
enabled: true,
trustedProviders: ["authentik"],
},
storeStateStrategy: "cookie" as const,
},
emailAndPassword: {