Prompt stage

This stage is used to show the user arbitrary prompts.


The prompt can be any of the following types:

TextArbitrary text. No client-side validation is done.
Text (Read only)Same as above, but cannot be edited.
Text AreaArbitrary multiline text. No client-side validation is done.
Text Area (Read only)Same as above, but cannot be edited.
UsernameSame as text, except the username is validated to be unique.
EmailText input, ensures the value is an email address (validation is only done client-side).
PasswordSame as text, shown as a password field client-side, and custom validation (see below).
NumberNumerical textbox.
CheckboxSimple checkbox.
Radio Button GroupSimilar to checkboxes, but allows selecting a value from a set of predefined values.
DropdownA simple dropdown menu filled with predefined values.
DateSame as text, except the client renders a date-picker
Date-timeSame as text, except the client renders a date-time-picker
FileAllow users to upload a file, which will be available as base64-encoded data in the flow .
SeparatorPassive element to group surrounding elements
HiddenHidden input field. Allows for the pre-setting of default values.
StaticDisplay arbitrary value as is
authentik: LocaleDisplay a list of all locales authentik supports.

TextArea, TextArea (Read only), Radio Button Group and Dropdown options require authentik 2023.4+

Some types have special behaviors:

  • Username: Input is validated against other usernames to ensure a unique value is provided.
  • Password: All prompts with the type password within the same stage are compared and must be equal. If they are not equal, an error is shown
  • Hidden and Static: Their initial values are defaults and are not user-changeable.
  • Radio Button Group and Dropdown: Only allow the user to select one of a set of predefined values.

A prompt has the following attributes:


The field name used for the prompt. This key is also used to later retrieve the data in expression policies:



The label used to describe the field. Depending on the selected template, this may not be shown.


A flag which decides whether or not this field is required.


A field placeholder, shown within the input field.

By default, the placeholder is interpreted as-is. If you enable Interpret placeholder as expression, the placeholder will be evaluated as a Python expression. This happens in the same environment as Policies.

In the case of Radio Button Group and Dropdown prompts, this field defines all possible values (choices). When interpreted as-is, only one value will be allowed (the placeholder string). When interpreted as expression, a list of values can be returned to define multiple choices. For example, return ["first option", 42, "another option"] defines 3 possible values.

You can access both the HTTP request and the user as with a mapping. Additionally, you can access prompt_context, which is a dictionary of the current state of the prompt stage's data.

For Radio Button Group and Dropdown prompts, if a key with the same name as the prompt's field_key and a suffix of __choices (<field_key>__choices) is present in the prompt_context dictionary, its value will be returned directly, even if Interpret placeholder as expression is enabled.


The prompt's initial value. It can also be left empty, in which case the field will not have a pre-filled value.

With the hidden prompt, the initial value will also be the actual value, because the field is hidden to the user.

By default, the initial value is interpreted as-is. If you enable Interpret initial value as expression, the initial value will be evaluated as a Python expression. This happens in the same environment as Policies.

In the case of Radio Button Group and Dropdown prompts, this field defines the default choice. When interpreted as-is, the default choice will be the initial value string. When interpreted as expression, the default choice will be the returned value. For example, return 42 defines 42 as the default choice.


The default choice defined for any fixed choice field must be one of the valid choices specified in the prompt's placeholder.

You can access both the HTTP request and the user as with a mapping. Additionally, you can access prompt_context, which is a dictionary of the current state of the prompt stage's data. If a key with the same name as the prompt's field_key is present in the prompt_context dictionary, its value will be returned directly, even if Interpret initial value as expression is enabled.


The numerical index of the prompt. This applies to all stages which this prompt is a part of.


Further validation of prompts can be done using policies.

To validate that two password fields are identical, create the following expression policy:

if request.context.get('prompt_data').get('password') == request.context.get('prompt_data').get('password_repeat'):
return True

ak_message("Passwords don't match.")
return False

This policy expects you to have two password fields with field_key set to password and password_repeat.

Afterwards, bind this policy to the prompt stage you want to validate.

Before 2021.12, any policy was required to pass for the result to be considered valid. This has been changed, and now all policies are required to be valid.