Hey folks,
just noticed a weird behavior after upgrading to 1.26:
We use authentik to manage the users and deploy them to gitea. So Gitea identifies these users correctly with ‘Authentication Source: ..some external ID’. If I used the local password as authentication method and later try to logout there is a inconsistent behavour:
- Instead of getting redirect to Gitea login page I land on the external Auth provider page
- If I login again with local password in gitea and then try to logout I land on a blank page with ‘Logout auccessful’ → the url points to an authentic fqdn with redirect instructions back to Gitea. This keeps the default behavior until I manually logout or reset the authentik user session.
I know this first looks like some kind of issue with the external auth provider authentik. But there were noch changes in our staging environment except the gitea update. Were there any changes in the logout logic on the gitea side?
I see no reason why gitea should try to terminate the external auth session if the user actively decides to use its local creds/session 