providers/scim: fix group membership check failing

[BeryJu]

closes #12917

Details

the actual stacktrace for this one was

Traceback (most recent call last):
  File "/ak-root/.venv/lib/python3.12/site-packages/celery/app/trace.py", line 453, in trace_task
    R = retval = fun(*args, **kwargs)
                 ^^^^^^^^^^^^^^^^^^^^
  File "/ak-root/.venv/lib/python3.12/site-packages/sentry_sdk/utils.py", line 1783, in runner
    return sentry_patched_function(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/ak-root/.venv/lib/python3.12/site-packages/sentry_sdk/integrations/celery/__init__.py", line 415, in _inner
    reraise(*exc_info)
  File "/ak-root/.venv/lib/python3.12/site-packages/sentry_sdk/utils.py", line 1718, in reraise
    raise value
  File "/ak-root/.venv/lib/python3.12/site-packages/sentry_sdk/integrations/celery/__init__.py", line 410, in _inner
    return f(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^
  File "/ak-root/.venv/lib/python3.12/site-packages/celery/app/trace.py", line 736, in __protected_call__
    return self.run(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/ak-root/.venv/lib/python3.12/site-packages/celery/app/autoretry.py", line 38, in run
    return task._orig_run(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/authentik/providers/scim/tasks.py", line 14, in scim_sync_objects
    return sync_tasks.sync_objects(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/authentik/lib/sync/outgoing/tasks.py", line 138, in sync_objects
    client.write(obj)
  File "/authentik/lib/sync/outgoing/base.py", line 74, in write
    self.update(obj, connection)
  File "/authentik/providers/scim/clients/groups.py", line 118, in update
    return self._update_put(group, scim_group, connection)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/authentik/providers/scim/clients/groups.py", line 158, in _update_put
    return self.patch_compare_users(group)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/contextlib.py", line 81, in inner
    return func(*args, **kwds)
           ^^^^^^^^^^^^^^^^^^^
  File "/authentik/providers/scim/clients/groups.py", line 247, in patch_compare_users
    if len([x for x in current_group.members if x.value == user]) < 1:
                       ^^^^^^^^^^^^^^^^^^^^^
builtins.TypeError: 'NoneType' object is not iterable

---

Checklist

• Local tests pass (ak test authentik/)
• The code has been formatted (make lint-fix)

If an API change has been made

• The API schema has been updated (make gen-build)

If changes to the frontend have been made

• The code has been formatted (make web)

If applicable

• The documentation has been updated
• The documentation has been formatted (make website)

[netlify]

✅ Deploy Preview for authentik-storybook canceled.

Name	Link
🔨 Latest commit	71512cc
🔍 Latest deploy log	https://app.netlify.com/sites/authentik-storybook/deploys/67e0c2afdd868e0007495805

[netlify]

✅ Deploy Preview for authentik-docs canceled.

Name	Link
🔨 Latest commit	71512cc
🔍 Latest deploy log	https://app.netlify.com/sites/authentik-docs/deploys/67e0c2afa921660008ea3ff8

[codecov]

Codecov Report

Attention: Patch coverage is 0% with 4 lines in your changes missing coverage. Please review.

Project coverage is 92.75%. Comparing base (dc9b12f) to head (71512cc).
Report is 1 commits behind head on main.

✅ All tests successful. No failed tests found.

Files with missing lines	Patch %	Lines
authentik/providers/scim/clients/groups.py	0.00%	4 Missing ⚠️

Additional details and impacted files

@@           Coverage Diff           @@
##             main   #13644   +/-   ##
=======================================
  Coverage   92.75%   92.75%           
=======================================
  Files         794      794           
  Lines       40523    40524    +1     
=======================================
+ Hits        37588    37589    +1     
  Misses       2935     2935           

Flag	Coverage Δ
e2e	47.95% <0.00%> (+<0.01%)	⬆️
integration	24.29% <0.00%> (-0.01%)	⬇️
unit	90.53% <0.00%> (-0.01%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[github-actions]

authentik PR Installation instructions

Instructions for docker-compose

Add the following block to your .env file:

AUTHENTIK_IMAGE=ghcr.io/goauthentik/dev-server
AUTHENTIK_TAG=gh-71512cc4743297fbd034167d295c694ad68b18da
AUTHENTIK_OUTPOSTS__CONTAINER_IMAGE_BASE=ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s

Afterwards, run the upgrade commands from the latest release notes.

Instructions for Kubernetes

Add the following block to your values.yml file:

authentik:
    outposts:
        container_image_base: ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s
global:
    image:
        repository: ghcr.io/goauthentik/dev-server
        tag: gh-71512cc4743297fbd034167d295c694ad68b18da

Afterwards, run the upgrade commands from the latest release notes.

[rissson]

/cherry-pick version-2025.2