Bug Report: "Not you?" Button Cancels Authentication Flow for Applications

[cdmx1]

Describe the bug
When attempting to log in to an application via authentik-2024.04.02, clicking the "Not you?" button on the top right cancels the authentication flow. However, after continuing to login with the different or same credentials, instead of returning the user to the application's login page, it redirects them to the authentik dashboard.

To Reproduce
Steps to reproduce the behavior:

• Go to the login page of any application integrated with authentik.
• Begin the login process.
• On the login page, locate and click the "Not you?" button on the top right.
• Continue to Login with same/different credentials
• Observe the redirection behavior.

Expected behavior
Clicking the "Not you?" button should cancel the current authentication flow and return the user to the application's login page, allowing another user to attempt login without being redirected to the authentik dashboard.

Version and Deployment:
authentik version: 2024.04.02
Deployment: docker-compose

Additional context
This issue disrupts the user experience by taking users away from the intended application, causing confusion and requiring additional steps to navigate back to the application’s login page.

[BeryJu]

This happens due to the Not you? button cancelling the flow execution by removing the currently planned flow, which also contains the final URL that the user should be sent to

[cdmx1]

Hi @BeryJu, but that creates a flow break for the user, could you please provide guidance or a potential solution on how we can preserve the final URL of the application during the flow cancellation? This would ensure that users are redirected back to the application's login flow rather than the authentik dashboard.

[BeryJu]

I'm not saying that I dont agree with your point, this was just for context of why the current behaviour happens as it does.

I think this might be also fixable by ensuring the correct ?next url is set for all those flows, as in that case the redirect from authz flow -> cancel -> invalidation -> authentication should keep the correct final next parameter, which would also solve this issue, and wouldn't require us to decide which flow plan items should be deleted and which shouldn't

[authentik-automation]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

[cdmx1]

@BeryJu could you please share the exact steps to fix this using the flow/policies, or will you be fixing it from the code end?

[wazoo]

I ran into this today as well and I am not sure where to make the change either.

I am using version 2024.6.3 of Authentik and all of my flows are set to message_continue but even with the next variable populated in the URL it is not part of the link to /flows/-/cancel/ under the "Not You?" text and does not preserve the value of next through to the new login page (where /flows/-/cancel/ ends up).

I am not sure where that cancel flow lives, I don't have a flow with that slug and it doesn't seem to be a default so maybe its just a built in? Anyway, if there is more detail available that would be great but I will keep poking at it.

[authentik-automation]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.