User / Group `additionalHeaders` not passed via proxy provider - 2025.10.0

[baudneo]

Describe the bug
IDK if this is a duplicate, sorry if it is. I have tried using some of the PR images but am still running into this issue.

I use authentik to protect frigate. The way frigate handles SSO is to turn auth off and pass a secret via a header. The username and user role are also passed via headers. These headers are no longer being passed to frigate.

IDK if this is related to the recent fixes for deserializing JWT and some claims, but I have been testing some of those PR images without success. I also setup a custom property mapping and hardcoded the username, role and secret and that also fails.

I am unsure if this is already fixed and I am just not finding the right image to pull and use for now, or if this is something else.

To Reproduce
Steps to reproduce the behavior:

1. Setup user / group additionalHeaders attribute
2. Navigate to a proxy provider protected endpoint and see if the headers are passed

Expected behavior
Headers passed

Screenshots
If applicable, add screenshots to help explain your problem.

Logs
Output of docker-compose logs or kubectl logs respectively

N/A

Version and Deployment (please complete the following information):

• authentik version: 2025.10.0
• Deployment: docker-compose

I also tried using some of the custom PR images (#17764):

# PR to fix JWT and claims deserialization
AUTHENTIK_IMAGE=ghcr.io/goauthentik/dev-server
AUTHENTIK_TAG=gh-6c26141acc2452aa0d4b124236f3214cbc97e918
AUTHENTIK_OUTPOSTS__CONTAINER_IMAGE_BASE=ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s

Additional context
Add any other context about the problem here.

[baudneo]

Fixed for 10.1 from what I understand