Skip to content

🚨 authentik outpost token malformed β€” config-fetch error loop (handed off from FuzeInfra #103)Β #104

Description

@izzywdev

CRIT log handed off from FuzeInfra

FuzeInfra's Loki crit-alert pipeline detected a critical error loop in the fuzefront/authentik-server pod and is routing it here, since the owning service lives in FuzeFront.

Symptom (repeating every ~3s, logger authentik.outpost.ak-api-controller):

Get "http://0.0.0.0:9000/api/v3/outposts/instances/": net/http: invalid header field value for "Authorization"
"Failed to fetch outpost configuration, retrying in 3 seconds"

Likely root cause: the embedded authentik outpost's API token is malformed β€” Go's HTTP client rejects an Authorization header containing an invalid byte (a stray newline / control char / whitespace). Classic symptom of an outpost token stored with a trailing newline or generated with a shell metachar.

Where to look (FuzeFront):

  • The authentik outpost token secret (e.g. AUTHENTIK_BOOTSTRAP_TOKEN / the outpost token), how it's generated/sealed, and whether it carries a trailing newline.
  • Regenerate the token cleanly (no newline), reseal, redeploy authentik-server.

Origin: FuzeInfra issue izzywdev/FuzeInfra#103 (auto-triaged). Detected 2026-06-26.


@claude please investigate the authentik outpost token in FuzeFront, fix the malformed-token root cause, and open a PR. Please confirm here when you've been triggered, and link the fix PR + deploy.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions