Full development environment

Prerequisites

Before you begin, ensure you have the following tools installed:

• Python (3.13 or later)
• uv (Latest stable release)
• Go (1.24 or later)
• Node.js (24 or later)
• PostgreSQL (16 or later)
• Docker (Latest Community Edition or Docker Desktop)
• Docker Compose (Compose v2)
• Make (3 or later)

1. Setting Up Required Services

authentik depends on several external services:

• Redis for caching
• PostgreSQL for database storage
• Zenko CloudServer (S3) for object storage
• Sentry Spotlight for error tracking and visualization

Option A: Using Docker Compose (Recommended)

The easiest way to set up these services is using the provided Docker Compose configuration:

docker compose -f scripts/docker-compose.yml up -d

Option B: Using local installations

Alternatively, you can install and run these services directly on your system.

info

If using locally installed databases, ensure the PostgreSQL credentials provided to authentik have CREATE DATABASE and DROP DATABASE permissions, because authentik creates temporary databases for testing.

2. Installing Platform-Specific Dependencies

macOS

Install the required native dependencies on macOS using Homebrew:

brew install \
libxmlsec1 \
libpq \
pkg-config \
uv \
postgresql \
redis \
node@24 \
golangci-lint \
krb5

Linux

For Debian/Ubuntu-based distributions:

pip install uv
sudo apt-get install -y \
libgss-dev \
krb5-config \
libkrb5-dev \
postgresql-server-dev-all \
postgresql \
redis

For other distributions (Red Hat, SUSE, Arch), adjust the package names as needed.

Install golangci-lint by following the official installation instructions.

Windows

We're currently seeking community input on running the full development environment on Windows. If you have experience with this setup, please consider contributing to this documentation.

3. Set up the backend

info

All make commands must be executed from the root directory of your local authentik Git repository.

Install dependencies

Install all required JavaScript and Python dependencies and create an isolated Python environment:

make install

Generate development configuration

Create a local configuration file that uses the local databases for development:

make gen-dev-config

Initialize the database

Run all migrations with the following command:

make migrate

info

If you ever want to start over, use make dev-reset which drops and restores the authentik PostgreSQL database to the state after make migrate.

Understanding the architecture

authentik is primarily a Django application running under gunicorn, proxied by a Go application that serves static files. Most functions and classes have type hints and docstrings. For better code navigation, we recommend installing a Python Type-checking Extension in your IDE.

4. Set up the frontend

Even if you're not planning to develop the UI, you need to build the frontend as no compiled bundle is included by default.

Building the UI

Live development mode

For real-time feedback as you make changes:

make web-watch

Or instead, if you just want to build it once:

make web-build

5. Running authentik

Now that the backend and frontend have been set up and built, you can start authentik.

Start the server:

make run-server

In a separate process, start the worker:

make run-worker

info

The very first time a worker runs, it might need some time to clear the initial task queue. Adjust AUTHENTIK_WORKER__THREADS as required.

Both processes need to run to get a fully functioning authentik development environment.

authentik will be accessible at http://localhost:9000.

Initial setup

To set a password for the default admin user (akadmin):

1. Navigate to http://localhost:9000/if/flow/initial-setup/ in your browser.
2. Follow the prompts to set up your admin account.

Hot-reloading

When AUTHENTIK_DEBUG is set to true (the default for the development environment), the authentik server automatically reloads whenever changes are made to the code. However, due to instabilities in the reloading process of the worker, that behavior is turned off for the worker. You can enable code reloading in the worker by manually running uv run ak worker --watch.

End-to-End (E2E) Setup

Start the E2E test services with the following command:

docker compose -f tests/e2e/docker-compose.yml up -d

You can then view the Selenium Chrome browser via http://localhost:7900/ using the password: secret.

Alternatively, you can connect directly via VNC on port 5900 using the password: secret.

info

When using Docker Desktop, host networking needs to be enabled via Docker Settings > Resources > Network > Enable host networking.

6. Contributing code

Before submitting a pull request

Ensure your code meets our quality standards by running:

1. Code linting:

   make lint-fix
   make lint

2. Generate updated API documentation:

   make gen

3. Format frontend code:

   make web

4. Run tests:

   make test

You can run all these checks at once with:

make all

Submitting your changes

After your code passes all checks, submit a pull request on GitHub. Be sure to:

• Provide a clear description of your changes
• Reference any related issues
• Follow our code style guidelines
• Update any related documentation
• Include tests for your changes where appropriate

Thank you for contributing to authentik!