updates for v1.9.4 fixes

CHANGELOG.md

@@ -14,6 +14,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ### Fixed
 - **Critical UI Fix for Access Policies:** Resolved a critical bug causing an 'Internal Server Error' when creating or editing manual rules, or updating a Docker-managed rule's policy, to use the 'Authenticate by Email' method via the web UI. This was a regression caused by recent updates to the Cloudflare Access API handling in `access_manager.py` which were not reflected in the UI routes. The routes in `app/web/routes.py` have been updated to correctly construct the Access Policy payload, resolving the `TypeError` and API validation errors.
 - **Service Validation for Docker Names:** Corrected the `is_valid_service` validation regex to properly allow underscores (`_`) in service hostnames (e.g., `http://my_app:80`), accommodating common Docker service naming conventions.
+- **Auto-Redirect for Identity Providers:** Resolved a regression from v1.9.0 where using the `access.auto_redirect_to_identity=true` label along with `access.allowed_idps` would result in a Cloudflare API error. The `access_manager.py` module has been corrected to include the required top-level `allowed_idps` field in the API payload, restoring the auto-redirect functionality for label-based rules.
 
 ### Changed
 - **Optional Ports for HTTP/HTTPS Services:** Modified the `is_valid_service` validation to make the port optional for `http://` and `https://` service targets (e.g., `http://my-service` is now valid). Cloudflare Tunnel will implicitly use the default ports (80 for HTTP, 443 for HTTPS) if none are specified.