diff --git a/authentik/core/api/applications.py b/authentik/core/api/applications.py
index 651331207..e5b75f8ac 100644
--- a/authentik/core/api/applications.py
+++ b/authentik/core/api/applications.py
@@ -28,6 +28,7 @@ from authentik.core.api.providers import ProviderSerializer
 from authentik.core.models import Application
 from authentik.events.models import EventAction
 from authentik.policies.engine import PolicyEngine
+from authentik.stages.user_login.stage import USER_LOGIN_AUTHENTICATED
 
 LOGGER = get_logger()
 
@@ -130,6 +131,7 @@ class ApplicationViewSet(ModelViewSet):
     )
     def list(self, request: Request) -> Response:
         """Custom list method that checks Policy based access instead of guardian"""
+        self.request.session.pop(USER_LOGIN_AUTHENTICATED, None)
         queryset = self._filter_queryset_for_list(self.get_queryset())
         self.paginate_queryset(queryset)
 
diff --git a/authentik/providers/oauth2/views/authorize.py b/authentik/providers/oauth2/views/authorize.py
index 5823631a6..5319ce40d 100644
--- a/authentik/providers/oauth2/views/authorize.py
+++ b/authentik/providers/oauth2/views/authorize.py
@@ -54,6 +54,7 @@ from authentik.stages.consent.stage import (
     PLAN_CONTEXT_CONSENT_PERMISSIONS,
     ConsentStageView,
 )
+from authentik.stages.user_login.stage import USER_LOGIN_AUTHENTICATED
 
 LOGGER = get_logger()
 
@@ -437,6 +438,10 @@ class AuthorizationFlowInitView(PolicyAccessView):
         if (
             PROMPT_LOGIN in self.params.prompt
             and SESSION_NEEDS_LOGIN not in self.request.session
+            # To prevent the user from having to double login when prompt is set to login
+            # and the user has just signed it. This session variable is set in the UserLoginStage
+            # and is (quite hackily) removed from the session in applications's API's List method
+            and USER_LOGIN_AUTHENTICATED not in self.request.session
         ):
             self.request.session[SESSION_NEEDS_LOGIN] = True
             return self.handle_no_permission()
diff --git a/authentik/root/settings.py b/authentik/root/settings.py
index 195c1c38b..a52475a73 100644
--- a/authentik/root/settings.py
+++ b/authentik/root/settings.py
@@ -367,7 +367,7 @@ if _ERROR_REPORTING:
         environment=CONFIG.y("error_reporting.environment", "customer"),
         send_default_pii=CONFIG.y_bool("error_reporting.send_pii", False),
     )
-    set_tag("authentik:build_hash", os.environ.get(ENV_GIT_HASH_KEY, ""))
+    set_tag("authentik:build_hash", os.environ.get(ENV_GIT_HASH_KEY, "tagged"))
     set_tag(
         "authentik:env", "kubernetes" if "KUBERNETES_PORT" in os.environ else "compose"
     )
diff --git a/authentik/stages/user_login/stage.py b/authentik/stages/user_login/stage.py
index 5f82e7ac1..e6e521e11 100644
--- a/authentik/stages/user_login/stage.py
+++ b/authentik/stages/user_login/stage.py
@@ -12,6 +12,7 @@ from authentik.stages.password.stage import PLAN_CONTEXT_AUTHENTICATION_BACKEND
 
 LOGGER = get_logger()
 DEFAULT_BACKEND = "django.contrib.auth.backends.ModelBackend"
+USER_LOGIN_AUTHENTICATED = "user_login_authenticated"
 
 
 class UserLoginStageView(StageView):
@@ -43,5 +44,6 @@ class UserLoginStageView(StageView):
             flow_slug=self.executor.flow.slug,
             session_duration=self.executor.current_stage.session_duration,
         )
+        self.request.session[USER_LOGIN_AUTHENTICATED] = True
         messages.success(self.request, _("Successfully logged in!"))
         return self.executor.stage_ok()