Authentik is a popular open source identity provider that can be self-hosted. While investigating the overall security of the project we discovered a remote timing attack weakness in the code. We also looked at the big picture of security in Authentik.
