diff --git a/apps/authentik/2025.10.3/data.yml b/apps/authentik/2025.10.3/data.yml
new file mode 100644
index 000000000..20df3e011
--- /dev/null
+++ b/apps/authentik/2025.10.3/data.yml
@@ -0,0 +1,127 @@
+additionalProperties:
+  formFields:
+    - default: 8080
+      envKey: PANEL_APP_PORT_HTTP
+      labelZh: HTTP 端口
+      labelEn: HTTP Port
+      label:
+        zh: HTTP 端口
+        zh-Hant: HTTP 連接埠
+        en: HTTP Port
+        ja: HTTP ポート
+        ko: HTTP 포트
+        ms: Port HTTP
+        pt-br: Porta HTTP
+        ru: HTTP Порт
+        tr: HTTP Portu
+      description:
+        zh: "设置应用的 HTTP 访问端口，有效范围: 1-65535"
+        zh-Hant: "設定應用程式的 HTTP 存取連接埠，有效範圍: 1-65535"
+        en: "Set the HTTP access port for the application, valid range: 1-65535"
+        ja: "アプリケーションのHTTPアクセスポートを設定します。有効範囲: 1-65535"
+        ko: "애플리케이션의 HTTP 접근 포트를 설정합니다. 유효 범위: 1-65535"
+        ms: "Tetapkan port akses HTTP untuk aplikasi, julat sah: 1-65535"
+        pt-br: "Defina a porta de acesso HTTP para o aplicativo, intervalo válido: 1-65535"
+        ru: "Установите порт доступа HTTP для приложения, допустимый диапазон: 1-65535"
+        tr: "Uygulama için HTTP erişim portunu ayarlayın, geçerli aralık: 1-65535"
+      required: true
+      type: number
+      edit: true
+      rule: paramPort
+    - default: ""
+      envKey: PANEL_DB_HOST
+      labelZh: 数据库
+      labelEn: Database
+      label:
+        en: Database
+        ja: データベース
+        ko: 데이터베이스
+        ms: Pangkalan Data
+        pt-br: Banco de Dados
+        ru: База данных
+        tr: Veritabanı
+        zh: 数据库
+        zh-Hant: 資料庫
+      required: true
+      type: service
+      key: postgresql
+    - default: authentik
+      envKey: PANEL_DB_USER
+      labelZh: 数据库用户名
+      labelEn: Database Username
+      label:
+        en: Database Username
+        ja: データベースユーザー名
+        ko: 데이터베이스 사용자 이름
+        ms: Nama Pengguna Pangkalan Data
+        pt-br: Nome de Usuário do Banco de Dados
+        ru: Имя пользователя базы данных
+        tr: Veritabanı Kullanıcı Adı
+        zh: 数据库用户名
+        zh-Hant: 資料庫使用者名稱
+      required: true
+      type: text
+      rule: paramCommon
+      random: true
+    - default: authentik_pwd
+      envKey: PANEL_DB_USER_PASSWORD
+      labelZh: 数据库密码
+      labelEn: Database Password
+      label:
+        en: Database Password
+        ja: データベースパスワード
+        ko: 데이터베이스 비밀번호
+        ms: Kata Laluan Pangkalan Data
+        pt-br: Senha do Banco de Dados
+        ru: Пароль базы данных
+        tr: Veritabanı Parolası
+        zh: 数据库密码
+        zh-Hant: 資料庫密碼
+      required: true
+      type: password
+      rule: paramComplexity
+      random: true
+    - default: authentik
+      envKey: PANEL_DB_NAME
+      labelZh: 数据库名
+      labelEn: Database Name
+      label:
+        en: Database Name
+        ja: データベース名
+        ko: 데이터베이스 이름
+        ms: Nama Pangkalan Data
+        pt-br: Nome do Banco de Dados
+        ru: Имя базы данных
+        tr: Veritabanı Adı
+        zh: 数据库名
+        zh-Hant: 資料庫名稱
+      required: true
+      type: text
+      rule: paramCommon
+      random: true
+    - default: ""
+      envKey: AUTHENTIK_SECRET_KEY
+      labelZh: Cookie 签名密钥
+      labelEn: Cookie Signing Key
+      label:
+        zh: Cookie 签名密钥
+        zh-Hant: Cookie 簽署金鑰
+        en: Cookie Signing Key
+        ja: Cookie 署名キー
+        ko: 쿠키 서명 키
+        ms: Kunci Penandatanganan Cookie
+        pt-br: Chave de Assinatura de Cookie
+        ru: Ключ подписи Cookie
+        tr: Çerez İmzalama Anahtarı
+      description:
+        zh: 使用 "openssl rand -base64 48" 创建密钥
+        zh-Hant: 使用 "openssl rand -base64 48" 建立金鑰
+        en: Use "openssl rand -base64 48" to create the key
+        ja: '"openssl rand -base64 48" を使用してキーを作成'
+        ko: '"openssl rand -base64 48"를 사용하여 키 생성'
+        ms: Gunakan "openssl rand -base64 48" untuk mencipta kunci
+        pt-br: Use "openssl rand -base64 48" para criar a chave
+        ru: Используйте "openssl rand -base64 48" для создания ключа
+        tr: Anahtarı oluşturmak için "openssl rand -base64 48" kullanın
+      required: true
+      type: text
diff --git a/apps/authentik/2025.10.3/docker-compose.yml b/apps/authentik/2025.10.3/docker-compose.yml
new file mode 100644
index 000000000..49b17a81a
--- /dev/null
+++ b/apps/authentik/2025.10.3/docker-compose.yml
@@ -0,0 +1,42 @@
+x-authentik-envs: &a1
+  AUTHENTIK_POSTGRESQL__HOST: ${PANEL_DB_HOST}
+  AUTHENTIK_POSTGRESQL__PORT: ${PANEL_DB_PORT}
+  AUTHENTIK_POSTGRESQL__NAME: ${PANEL_DB_NAME}
+  AUTHENTIK_POSTGRESQL__PASSWORD: ${PANEL_DB_USER_PASSWORD}
+  AUTHENTIK_POSTGRESQL__USER: ${PANEL_DB_USER}
+  AUTHENTIK_SECRET_KEY: ${AUTHENTIK_SECRET_KEY}
+services:
+  server:
+    image: ghcr.io/goauthentik/server:2025.10.3
+    command: server
+    environment: *a1
+    ports:
+      - ${PANEL_APP_PORT_HTTP}:9000
+    volumes:
+      - ./geoip:/geoip
+      - ./media:/media
+      - ./custom-templates:/templates
+    container_name: ${CONTAINER_NAME}
+    networks:
+      - 1panel-network
+    labels:
+      createdBy: Apps
+  worker:
+    image: ghcr.io/goauthentik/server:2025.10.3
+    command: worker
+    user: root
+    environment: *a1
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - ./geoip:/geoip
+      - ./media:/media
+      - ./certs:/certs
+      - ./custom-templates:/templates
+    container_name: ${CONTAINER_NAME}-worker
+    networks:
+      - 1panel-network
+    labels:
+      createdBy: Apps
+networks:
+  1panel-network:
+    external: true
diff --git a/apps/authentik/README.md b/apps/authentik/README.md
new file mode 100644
index 000000000..f36878535
--- /dev/null
+++ b/apps/authentik/README.md
@@ -0,0 +1,32 @@
+## 产品介绍
+
+authentik 是一款面向现代单点登录 (SSO) 的开源身份提供商 (IdP)。
+
+## 配置和使用说明
+
+1. 要开始初始设置，请导航到 `http://<your server's IP or hostname>:port/if/flow/initial-setup/` 。
+
+   > 您如果在初始设置 URL 中不包括末尾的反斜杠 Not Found ，将会收到一个 / 错误。请确保您使用包括末尾反斜杠的完整 URL `http://<your server's IP or hostname>:port/if/flow/initial-setup/` 。
+
+2. 安装应用后，可以编辑 `docker-compose.yml` 添加其它环境变量。环境变量参考[文档](https://docs.goauthentik.io/install-config/configuration/)。
+
+   示例
+    ```yaml
+    x-authentik-envs: &a1
+      # Reference https://docs.goauthentik.io/install-config/configuration/
+      # SMTP Host Emails are sent to
+      AUTHENTIK_EMAIL__HOST: localhost
+      AUTHENTIK_EMAIL__PORT: 25
+      # Optionally authenticate (don't add quotation marks to your password)
+      AUTHENTIK_EMAIL__USERNAME: 
+      AUTHENTIK_EMAIL__PASSWORD: 
+      # Use StartTLS
+      AUTHENTIK_EMAIL__USE_TLS: false
+      # Use SSL
+      AUTHENTIK_EMAIL__USE_SSL: false
+      AUTHENTIK_EMAIL__TIMEOUT: 10
+      # Email address authentik will send from, should have a correct @domain
+      AUTHENTIK_EMAIL__FROM: authentik@localhost
+  ```
+
+3. 安装应用后，可将 `GeoLite2-City.mmdb` 与 `GeoLite2-ASN.mmdb` 拷贝到 `geoip` 目录下以启用[GeoIP](https://support.maxmind.com/knowledge-base/articles/create-a-maxmind-account) 支持。
\ No newline at end of file
diff --git a/apps/authentik/README_en.md b/apps/authentik/README_en.md
new file mode 100644
index 000000000..f46c21cdd
--- /dev/null
+++ b/apps/authentik/README_en.md
@@ -0,0 +1,32 @@
+## Introduction
+
+authentik is an open-source Identity Provider (IdP) for modern SSO.
+
+## Configuration and Usage Instructions
+
+1. To start the initial setup, navigate to `http://<your server's IP or hostname>:port/if/flow/initial-setup/`
+
+    > You will get a Not Found error if initial setup URL doesn't include the trailing forward slash /. Make sure you use the complete url (http://<your server's IP or hostname>:port/if/flow/initial-setup/) including the trailing forward slash.
+
+2. After installing the application, you can edit `docker-compose.yml` to add other environment variables. Refer to the [documentation](https://docs.goauthentik.io/install-config/configuration/) for environment variables.
+
+    For example
+    ```yaml
+    x-authentik-envs: &a1
+      # Reference https://docs.goauthentik.io/install-config/configuration/
+      # SMTP Host Emails are sent to
+      AUTHENTIK_EMAIL__HOST: localhost
+      AUTHENTIK_EMAIL__PORT: 25
+      # Optionally authenticate (don't add quotation marks to your password)
+      AUTHENTIK_EMAIL__USERNAME: 
+      AUTHENTIK_EMAIL__PASSWORD: 
+      # Use StartTLS
+      AUTHENTIK_EMAIL__USE_TLS: false
+      # Use SSL
+      AUTHENTIK_EMAIL__USE_SSL: false
+      AUTHENTIK_EMAIL__TIMEOUT: 10
+      # Email address authentik will send from, should have a correct @domain
+      AUTHENTIK_EMAIL__FROM: authentik@localhost
+  ```
+
+3. After installing the application, copy `GeoLite2-City.mmdb` and `GeoLite2-ASN.mmdb` to the `geoip` directory to enable [GeoIP](https://support.maxmind.com/knowledge-base/articles/create-a-maxmind-account) support.
\ No newline at end of file
diff --git a/apps/authentik/data.yml b/apps/authentik/data.yml
new file mode 100644
index 000000000..3348d86b0
--- /dev/null
+++ b/apps/authentik/data.yml
@@ -0,0 +1,31 @@
+name: authentik
+tags:
+  - 实用工具
+title: 单点登录开源身份提供商
+description: 单点登录开源身份提供商
+additionalProperties:
+  key: authentik
+  name: authentik
+  tags:
+    - Tool
+  shortDescZh: 单点登录开源身份提供商
+  shortDescEn: Open-source Identity Provider for modern SSO
+  description:
+    en: Open-source Identity Provider for modern SSO
+    zh: 单点登录开源身份提供商
+    zh-Hant: 單點登入開源身份提供者
+    ja: モダンなシングルサインオンのためのオープンソース Identity Provider
+    ms: Penyedia Identiti Sumber Terbuka untuk SSO moden
+    pt-br: Provedor de Identidade de Código Aberto para SSO moderno
+    ru: Провайдер идентификации с открытым исходным кодом для современного единого входа
+    ko: 현대식 SSO를 위한 오픈소스 Identity Provider
+  type: website
+  crossVersionUpdate: true
+  limit: 0
+  website: https://goauthentik.io
+  github: https://github.com/goauthentik/authentik
+  document: https://docs.goauthentik.io
+  memoryRequired: 2048
+  architectures:
+    - amd64
+    - arm64
diff --git a/apps/authentik/logo.png b/apps/authentik/logo.png
new file mode 100644
index 000000000..acaf9071f
Binary files /dev/null and b/apps/authentik/logo.png differ