From 9c1c9f40c2519eef8561f3149f4ef028947510e4 Mon Sep 17 00:00:00 2001
From: Alexander Bocken <alexander@bocken.org>
Date: Sun, 31 Aug 2025 21:46:19 +0200
Subject: [PATCH] Revert to clean Authentik provider configuration
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- Use official Authentik provider instead of generic OIDC
- Issue was resolved by fixing callback URL in Authentik configuration
- Cleaner and more maintainable auth setup

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
---
 src/auth.ts | 10 ++--------
 1 file changed, 2 insertions(+), 8 deletions(-)

diff --git a/src/auth.ts b/src/auth.ts
index 291ef37..76f9597 100644
--- a/src/auth.ts
+++ b/src/auth.ts
@@ -4,17 +4,11 @@ import { AUTHENTIK_ID, AUTHENTIK_SECRET, AUTHENTIK_ISSUER } from "$env/static/pr
 
 export const { handle, signIn, signOut } = SvelteKitAuth({
 	providers: [
-		{
-			id: "authentik",
-			name: "Authentik",
-			type: "oidc",
+		Authentik({
 			clientId: AUTHENTIK_ID,
 			clientSecret: AUTHENTIK_SECRET,
 			issuer: AUTHENTIK_ISSUER,
-			checks: ["state"],
-		}],
-	trustHost: true,
-	debug: process.env.NODE_ENV === "development",
+		})],
 	callbacks: {
 		// this feels like an extremely hacky way to get nickname and groups into the session object
 		// TODO: investigate if there's a better way to do this