- Python 3.11
- Poetry, which is used to manage dependencies
- Go 1.20
- Node.js 20
- PostgreSQL (any recent version will do)
- Redis (any recent version will do)
For PostgreSQL and Redis, you can use the
docker-compose.yml file in
/scripts.To use these pre-configured database instances, navigate to the
/scripts directory in your local copy of the authentik git repo, and run
docker compose up -d.
You can also use a native install, if you prefer.
If you use locally installed databases, the PostgreSQL credentials given to authentik should have permissions for
CREATE DATABASE and
DROP DATABASE, because authentik creates a temporary database for tests.
Depending on your platform, some native dependencies might be required. On macOS, run
brew install libxmlsec1 libpq, and for the CLI tools
brew install postgresql redis node@20
First, you need to create an isolated Python environment. To create the environment and install dependencies, run the following commands in the same directory as your authentik git repository:
poetry shell # Creates a python virtualenv, and activates it in a new shell
To configure authentik to use the local databases, we need a local config file. This file can be generated by running
To apply database migrations, run
make migrate. This is needed after the initial setup, and whenever you fetch new source from upstream.
Generally speaking, authentik is a Django application, ran by gunicorn, proxied by a Go application. The Go application serves static files.
Most functions and classes have type-hints and docstrings, so it is recommended to install a Python Type-checking Extension in your IDE to navigate around the code.
Before committing code, run
make lint to ensure your code is formatted well. This also requires
pyright, which is installed in the
web/ folder to make dependency management easier.
make gen to generate an updated OpenAPI document for any changes you made.
By default, no compiled bundle of the frontend is included so this step is required even if you're not developing for the UI.
To build the UI once, run
Alternatively, if you want to live-edit the UI, you can run
make web-watch instead.
This will immediately update the UI with any changes you make so you can see the results in real time without needing to rebuild.
To format the frontend code, run
Now that the backend and frontend have been setup and built, you can start authentik by running
ak server. authentik should now be accessible at
To define a password for the default admin (called akadmin), you can manually enter the
/if/flow/initial-setup/ path in the browser address bar to launch the initial flow.