[Bug]: SSO breaks Browser plugin #1083
Description
I've read the documentation
- I'm running the latest version of Tube Archivist and have read the release notes.
- I'm beta testing and am running the latest unstable build.
- I have read the how to open an issue guide, particularly the bug report section. I've double checked that I don't open a yt-dlp issue here.
Operating System
Talos Linux
Your Bug Report
Describe the bug
When using TubeArchivist with authentik as SSO [1] auth it breaks the Tube Archivist Browser Plugin. Because every redirect will now be forwarded to authentik and authentik itself will not accept only the Tube Archivist API key.
As workaround, I disabled SSO, logged in Tube Archivist, sync the YouTube Cookie and re-enable authentik SSO.
The problem is that authentik is listening on https://tubearchivist.example.org**/** and the api request is moved to /api/
But when excluding /api/ from authentik the SSO login will also fails. Another idea was to make the api under https://api.tubearchivist.example.org available but then i will get security error that api.tubearchivist.example.org does not match with tubearchivist.example.org (as the TA_HOST variable)
[1] https://docs.goauthentik.io/add-secure-apps/providers/proxy/server_traefik/
In the logs is nothing to see when trying to connect to Tube Archivist with enabled authentik SSO
Relevant log output
│ [2025-10-31 08:40:51,354: DEBUG/MainProcess] beat: Waking up in 5.00 seconds. │
│ [2025-10-31 08:40:56,356: DEBUG/MainProcess] beat: Waking up in 5.00 seconds. │
│ [2025-10-31 08:41:01,358: DEBUG/MainProcess] beat: Waking up in 5.00 seconds. │
│ [2025-10-31 08:41:06,360: DEBUG/MainProcess] beat: Waking up in 5.00 seconds. │
│ [2025-10-31 08:41:11,361: DEBUG/MainProcess] beat: Waking up in 5.00 seconds. │
│ [2025-10-31 08:41:16,363: DEBUG/MainProcess] beat: Waking up in 5.00 seconds. │
│ [2025-10-31 08:41:21,365: DEBUG/MainProcess] beat: Waking up in 5.00 seconds. │
│ [2025-10-31 08:41:26,367: DEBUG/MainProcess] beat: Waking up in 5.00 seconds. │
│ [2025-10-31 08:41:31,369: DEBUG/MainProcess] beat: Waking up in 5.00 seconds. │
│ [2025-10-31 08:41:36,371: DEBUG/MainProcess] beat: Waking up in 5.00 seconds. │
│ [2025-10-31 08:41:41,372: DEBUG/MainProcess] beat: Waking up in 5.00 seconds. │
│ Language set to en │
│ INFO: 10.244.0.10:0 - "GET /api/ping/ HTTP/1.0" 200 OK │
│ Language set to en │
│ INFO: 10.244.0.10:0 - "GET /api/user/me/ HTTP/1.0" 200 OK │
│ INFO: 10.244.0.10:0 - "GET /api/user/account/ HTTP/1.0" 200 OK │
│ INFO: 10.244.0.10:0 - "GET /api/appsettings/config/ HTTP/1.0" 200 OK │
│ INFO: 10.244.0.10:0 - "GET /api/video/?watch=unwatched&sort=published&order=desc HTTP/1.0" 200 OK │
│ INFO: 10.244.0.10:0 - "GET /api/video/?watch=continue HTTP/1.0" 200 OK │
│ Language set to en │
│ INFO: 10.244.0.10:0 - "GET /api/video/?watch=unwatched&sort=published&order=desc HTTP/1.0" 200 OK │
│ INFO: 10.244.0.10:0 - "GET /api/video/?watch=continue HTTP/1.0" 200 OK │
│ [2025-10-31 08:41:46,374: DEBUG/MainProcess] beat: Waking up in 5.00 seconds. │
│ [2025-10-31 08:41:51,376: DEBUG/MainProcess] beat: Waking up in 5.00 seconds. │
│Anything else?
Environment Variables:
TZ: 'Europe/Berlin'
ES_URL: 'http://tubearchivist-elasticsearch:9200'
REDIS_CON: 'redis://tubearchivist-redis:6379'
HOST_UID: '1001'
HOST_GID: '100'
TA_HOST: https://tubearchivist.exampl.eorg
TA_USERNAME: 'REDACTED'
TA_PASSWORD: 'REDACTED'
# authentik auth
TA_LOGIN_AUTH_MODE: 'forwardauth'
TA_AUTH_PROXY_USERNAME_HEADER: 'X_AUTHENTIK_USERNAME'
DJANGO_DEBUG: 'true'
image: bbilly1/tubearchivist:v0.5.7