coop-cloud/authentik
1
2
Fork 3
Code Issues 1 Pull Requests 1 Projects Releases Wiki Activity

After upgrading from 6.x to 7.x "The current brand must have a recovery flow configured to use a recovery link" #14

New Issue
Open
opened 2025-03-22 22:14:27 +00:00 by marlon · 7 comments
marlon commented 2025-03-22 22:14:27 +00:00
Owner
Copy Link

After upgrading an authentik instance from 6.11.0+2024.10.5 to versions after that (6.12.0+2024.12.3 or 7.0.1+2025.2.0), functions to reset a user's password like "Create Recovery Link" or "Email Recovery Link" fail, with the message "The current brand must have a recovery flow configured to use a recovery link"

Rolling back to 6.11.0+2024.10.5 fixes the problem.

After upgrading an authentik instance from 6.11.0+2024.10.5 to versions after that (6.12.0+2024.12.3 or 7.0.1+2025.2.0), functions to reset a user's password like "Create Recovery Link" or "Email Recovery Link" fail, with the message "The current brand must have a recovery flow configured to use a recovery link" Rolling back to 6.11.0+2024.10.5 fixes the problem.
iexos commented 2025-03-23 11:10:23 +00:00
Owner
Copy Link

Its a bug in authentik that is fixed in 2025.2.1. I updated the recipe to 2025.2.2, for me it works again.

Its a bug in authentik that is fixed in 2025.2.1. I updated the recipe to 2025.2.2, for me it works again.
❤️ 1 🎉 1
iexos closed this issue 2025-03-23 11:10:24 +00:00
marlon commented 2025-03-24 04:08:53 +00:00
Author
Owner
Copy Link

Thanks for taking a look! But I still get the same bug after upgrading to the 7.0.2+2025.2.2 tag.
I've tested two deployments and get the same behavior on both...

Thanks for taking a look! But I still get the same bug after upgrading to the 7.0.2+2025.2.2 tag. I've tested two deployments and get the same behavior on both...
marlon reopened this issue 2025-03-24 04:08:53 +00:00
marlon commented 2025-04-19 04:56:39 +00:00
Author
Owner
Copy Link

Just updating this to note that 7.1.0+2025.2.4 has this problem too on all servers I've tested. Next I want to try deploying a fresh one to compare against, to understand if it's an upgrade path issue...

Just updating this to note that 7.1.0+2025.2.4 has this problem too on all servers I've tested. Next I want to try deploying a fresh one to compare against, to understand if it's an upgrade path issue...
👍 1
moritz commented 2025-05-13 12:13:56 +00:00
Owner
Copy Link

I haven't dug deeper yet, but in this line

system_brand.yaml.tmpl Line 34 in efd67032cf
flow_recovery: !Find [authentik_flows.flow, [slug, default-recovery-flow]]
the recovery flow is set for the default brand. Did you changed or added any brand?

I haven't dug deeper yet, but in this line https://git.coopcloud.tech/coop-cloud/authentik/src/commit/efd67032cf378b5f51910083a049d4d667905acf/system_brand.yaml.tmpl#L34 the recovery flow is set for the default brand. Did you changed or added any brand?
marlon commented 2025-05-13 15:07:01 +00:00
Author
Owner
Copy Link

No, I didn't make any changes to brands. The only changes I made to the default deployment was creating users, groups, providers and apps.

When I look at the brand config, I see only one brand called authentik-default which is set as default, and which has Recovery Flow set to default-recovery-flow (Default recovery flow)
That all seems correct...

No, I didn't make any changes to brands. The only changes I made to the default deployment was creating users, groups, providers and apps. When I look at the brand config, I see only one brand called `authentik-default` which is set as default, and which has Recovery Flow set to `default-recovery-flow (Default recovery flow)` That all seems correct...
virtualboys commented 2025-06-18 19:05:10 +00:00
Owner
Copy Link

This appears to be a problem when running abra upgrade from 6.x to 7.x. Removing and redeploying the app with the 7.x recipe version fixes this issue.

This appears to be a problem when running abra upgrade from 6.x to 7.x. Removing and redeploying the app with the 7.x recipe version fixes this issue.
iexos commented 2025-08-13 16:34:45 +00:00
Owner
Copy Link

Maybe its related to the broken recovery flow blueprint that I fixed in c86640b0ab

I still don't really understand when and which blueprints are applied, and what is part of this recipe and what authentik ships with by default

Maybe its related to the broken recovery flow blueprint that I fixed in https://git.coopcloud.tech/coop-cloud/authentik/commit/c86640b0ab8cf4a3d8ef962900673b74dd4e55a2 I still don't really understand when and which blueprints are applied, and what is part of this recipe and what authentik ships with by default
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
No items
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
3wordchant aadil abra-bot ammaratef45 Apfelwurm appletalk arjan basebuilder Brooke carla cas codegod100 coopcloud cyrnel decentral1se fauno flancian Frando iexos jade javielico jmakdah2 joe-irving kawaiipunk knoflook kolaente lambdabundesverband linnealovespie marlon mayel mirsal moritz nicksellen notplants p4u1 pau pharaohgraphy renovate-bot ripclap rix rscmbbng sef simon sixsmith stevensting tobias trav val virtualboys wolcen wykwit xynosis yksflip
No Assignees
4 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: coop-cloud/authentik#14
No description provided.
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?