fix(GRO-2089): correct Authentik customer credential source in UAT_PLAYBOOK §5.25 #41
Closed
Flea Flicker
wants to merge 1 commits from
flea/gro-2089-fix-authentik-credential-source into main
pull from: flea/gro-2089-fix-authentik-credential-source
merge into: groombook:main
groombook:main
groombook:gro-2381-agents-contributing
groombook:uat
groombook:flea/uat-to-main-gro-2359-web
groombook:promote/GRO-2373-dev-to-uat
groombook:dev
groombook:feature/gro-2373-chrome-signout
groombook:promote/GRO-2358-dev-to-uat
groombook:release/main-GRO-2319-web
groombook:promote/GRO-2319-web-to-uat
groombook:feat/GRO-2319-live-statusbadge-palette
groombook:flea/uat-to-main-gro-2160
groombook:promote/GRO-2160-dev-to-uat
groombook:flea/uat-to-main-gro-2159
groombook:promote/GRO-2159-dev-to-uat
groombook:feat/GRO-2159-route-drag-reorder
groombook:flea/uat-to-main-gro-2158
groombook:flea/dev-to-uat-gro-2158
groombook:feat/GRO-2158-route-planner
groombook:flea/dev-to-uat-gro-2236
groombook:flea/gro-2236-portal-service-cards
groombook:flea/uat-to-main-gro-2234-web
groombook:flea/promote-uat-gro-2234
groombook:flea-flicker/gro-2234-portal-waitlist-remint-on-401
groombook:fix/gro-2207-portal-pet-readview-fields
groombook:flea/gro-2218-playbook-512e
groombook:flea/gro-2213-portal-preferredtime
groombook:flea/gro-2180-appointments-starttime-shape
groombook:fix/gro-2094-react-blank-mount
groombook:flea/gro-2099-fix-authed-portal-nav
groombook:flea/gro-2012-portal-sessionid-fallback
groombook:flea/gro-2011-login-blank
groombook:gro-1867-portal-better-auth
groombook:gro-1829-swpwa-fix
groombook:ccfa5281-2076-40c2-87a9-bf2dbcf98d22/gro-1822-role-based-redirect
groombook:fix/gro-1822-role-based-redirect
groombook:feature/gro-1165e-booking-status-badge
groombook:feature/gro-1165d-booking-analytics
groombook:feature/gro-1165b-error-recovery
groombook:flea-flicker/pet-profile-editor
groombook:fix/gro-1757-uat-playbook
groombook:fix/gro-1633-web-ci-buildx
groombook:promote-uat-gro1592
groombook:fix/gro-1592-sso-session-cookie
groombook:pr-13
groombook:fix/gro-1414-pet-size-enum
groombook:pr-1
groombook:fix/ci-registry-auth
groombook:fix/GRO-1289-uat-playbook-web
groombook:add-renovate-config
groombook:docs/GRO-1099-uat-playbook-web
1 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
 Flea Flicker
|
affb697708 |
fix(GRO-2089): correct Authentik customer credential source in §5.25 pre-conditions
The UAT_PLAYBOOK §5.25 (Customer Portal — Better Auth SSO Bridge) pre-condition incorrectly stated that the Authentik customer password comes from seed-uat-passwords:customer-password. That Secret holds the *Better Auth* email+password credential — a different identity store. The actual Authentik uat-customer password lives in authentik-uat-users-credentials:uat_customer_password, provisioned by infra/terraform/users.tf with lifecycle.ignore_changes = [password]. UAT testers were using the Better Auth value at the Authentik OIDC step and getting 401'd, blocking GRO-2026. Verified 2026-06-02: pulling the correct Secret value, signing in via SSO, and POST /api/portal/session-from-auth all succeed (returns 201 with valid portal session). Co-Authored-By: Paperclip <noreply@paperclip.ing> |