-
-
Notifications
You must be signed in to change notification settings - Fork 889
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Flows should be aborted on policy errors #11708
Labels
enhancement
New feature or request
Comments
By undefined I mean authentik cannot know what should happen. Therefore the default should be "Don't pass". |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is your feature request related to a problem? Please describe.
When creating a flow that uses an expression policy, an error in the policy causes the last step of the flow to be executed. This can be a potential security issue.
If a policy throws an error, the intended behavior of the flow is undefined. The only safe default is to abort the flow. In my experiments, I had for example users being created although the policy should have prevented it, due to a policy error.
Describe the solution you'd like
The default for any created flow should be to abort if there is a policy error.
The text was updated successfully, but these errors were encountered: