providers/proxy: include auth headers

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

authentik/providers/proxy/controllers/k8s/traefik.py

@@ -116,7 +116,7 @@ class TraefikMiddlewareReconciler(KubernetesObjectReconciler[TraefikMiddleware])
                 forwardAuth=TraefikMiddlewareSpecForwardAuth(
                     address=f"http://{self.name}.{self.namespace}:9000/akprox/auth/traefik",
                     authResponseHeaders=[],
-                    authResponseHeadersRegex="^(Remote|X).*$",
+                    authResponseHeadersRegex="^(Auth|Remote|X).*$",
                     trustForwardHeader=True,
                 )
             ),

website/docs/providers/proxy/_traefik_compose.md

@@ -34,7 +34,7 @@ services:
       # `authentik-proxy` refers to the service name in the compose file.
       traefik.http.middlewares.authentik.forwardauth.address: http://authentik-proxy:9000/akprox/auth/traefik
       traefik.http.middlewares.authentik.forwardauth.trustForwardHeader: true
-      traefik.http.middlewares.authentik.forwardauth.authResponseHeadersRegex: ^(Remote|X).*$$
+      traefik.http.middlewares.authentik.forwardauth.authResponseHeadersRegex: ^(Auth|Remote|X).*$$
     restart: unless-stopped
 
   whoami:

website/docs/providers/proxy/_traefik_ingress.md

@@ -9,7 +9,7 @@ spec:
   forwardAuth:
     address: http://outpost.company:9000/akprox/auth/traefik
     trustForwardHeader: true
-    authResponseHeadersRegex: ^(Remote|X).*$
+    authResponseHeadersRegex: ^(Auth|Remote|X).*$
 ```
 
 Add the following settings to your IngressRoute

website/docs/providers/proxy/_traefik_standalone.md

@@ -5,7 +5,7 @@ http:
       forwardAuth:
         address: http://outpost.company:9000/akprox/auth/traefik
         trustForwardHeader: true
-        authResponseHeadersRegex: ^(Remote|X).*$
+        authResponseHeadersRegex: ^(Auth|Remote|X).*$
   routers:
     default-router:
       rule: "Host(`app.company`)"