eliott/authentik
1
0
Fork 0
mirror of https://github.com/goauthentik/authentik synced 2026-04-25 17:15:26 +02:00
Code Issues Packages Projects Releases Wiki Activity
21,733 Commits 321 Branches 440 Tags
main
Commit Graph

286 Commits

Author SHA1 Message Date
Bapuji Koraganti
24edee3e78 flows: add warning message for expired password reset links (#21395) 
* flows: add warning message for expired password reset links

Fixes #21306

* Replace token expiry check with REQUIRE_TOKEN authentication requirement

Incorporate review comments to move expired/invalid token handling from executor-level check to flow planner authentication requirement. This avoids disclosing whether a token ever existed and handles already-cleaned-up tokens.

* The fix was changing gettext_lazy to gettext

* remove unneeded migration

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update form

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
 2026-04-22 15:09:05 +02:00
Jens L.
915b5a73fc enterprise/endpoints/connectors/agent: add independent secure enclave support for tap to login (#20766) 
* enterprise/endpoints/connectors/agent: add independent secure enclave support for tap to login

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* format

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix API url

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* remove optional settings

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add a missing text

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2026-04-18 20:29:17 +02:00
Marc 'risson' Schmitt
05bb1d1fdd packages/ak-axum/server: fix unix socket cleanup when allow_failure is unset (#21645) 2026-04-16 16:20:16 +00:00
Marc 'risson' Schmitt
d51296cbb9 scripts/api_filter_schema: fix authentication (#21644) 2026-04-16 16:19:32 +00:00
Marc 'risson' Schmitt
1b53426e2c packages/ak-common/tracing: get sentry config from API for outposts (#21625) 2026-04-16 14:00:01 +02:00
Jens L.
00639d9596 policies/event_matcher: Add query option to filter events (#21618) 
* policies/event_matcher: support QL query

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix lit dev warning

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* cache autocomplete data if QL isn't setup yet

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add ui

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* dont use ql input in modal

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* cleanup

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix codespell

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2026-04-16 01:52:11 +02:00
Marc 'risson' Schmitt
668f37ea41 packages/clients: only generate needed endpoints (#21578) 
* packages/clients: only generate needed endpoints

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* lint

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* machete

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* fixup

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* lint

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

---------

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
 2026-04-15 13:11:25 +00:00
João C. Fernandes
bbd0cb2521 packages/django-dramatiq-postgres: reset db connections in raise_connection_error (#21577) 
Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
 2026-04-14 12:20:23 +00:00
Fletcher Heisler
c32f21046d enterprise/search: move QL to open source] (#21484) 
* enterprise/search move to /search

* use make gen for schema updates

* update docs

* re-org

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* cleanup more

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix web

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* oops

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* huh

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* typing

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* gen

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
 2026-04-09 16:37:11 +02:00
Marc 'risson' Schmitt
0dbd6a68b6 packages/ak-common/db: init (#21357) 2026-04-09 13:57:44 +02:00
Marc 'risson' Schmitt
dedbbee55c packages/ak-axum/extract/host: init (#21323) 2026-04-09 13:57:15 +02:00
Marc 'risson' Schmitt
ad9f0feb68 packages/ak-common: use imports where possible (#21478) 2026-04-08 14:58:55 +00:00
Marc 'risson' Schmitt
300e77b30c packages/ak-axum/server: cleanup unix socket (#21477) 2026-04-08 14:52:12 +00:00
Marc 'risson' Schmitt
318ed2eca0 packages/ak-common, ak-axum: improve logging (#21476) 2026-04-08 14:48:48 +00:00
Marc 'risson' Schmitt
d4e651d893 packages/ak-axum/extract/scheme: init (#21322) 2026-04-08 14:39:58 +00:00
Simonyi Gergő
2b8313ee91 core: fix policy binding objects not being nullable (#21421) 
* fix policy binding objects not being nullable

* `make gen-clients`

* fix schema

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* tidy

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix test

* `make gen`

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
 2026-04-08 16:39:00 +02:00
Marc 'risson' Schmitt
c4627de55e packages/ak-axum/extract/client_ip: init (#21321) 2026-04-08 14:03:30 +00:00
Jens L.
5dc2f2e2b4 packages/docusaurus-config: update config for docusaurus 3.10 (#21471) 
* packages/docusaurus-config: update config for docusaurus 3.10

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* bump deps

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2026-04-08 15:08:31 +02:00
Marc 'risson' Schmitt
5b3caa598f packages/ak-axum/extract/trusted_proxy: init (#21320) 2026-04-08 13:03:14 +00:00
Marc 'risson' Schmitt
e2a578fc66 packages/ak-axum/accept/proxy_protocol: init (#21319) 2026-04-08 14:33:32 +02:00
Marc 'risson' Schmitt
ab911c364e packages/ak-axum/accept/tls: init (#21318) 2026-04-07 17:56:17 +00:00
Marc 'risson' Schmitt
db9de1ba3c packages/ak-axum/server: init (#21317) 2026-04-07 17:11:53 +00:00
Marc 'risson' Schmitt
f76736be2f packages/ak-axum/tracing: init (#21316) 2026-04-07 16:18:08 +00:00
Marc 'risson' Schmitt
34da1bbd6f packages/ak-axum/error: init (#21315) 2026-04-07 15:26:01 +00:00
Marc 'risson' Schmitt
a5aac6e0d2 packages/ak-axum: init (#21313) 2026-04-07 14:22:22 +00:00
Jens L.
57d2135c8a sources/ldap: Switch to new connection tracking, deprecated attribute-based connection (#21392) 
* init user

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix and update groups

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* split api

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* include user and group in ldap conn

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* unrelated cleanup

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add ldap users/groups page

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* ui cleanup

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fixup

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update error message

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix import

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add forms for user/group connections

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix py sync

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fixup web

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix connection not always saved

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* more tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix help text

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2026-04-07 16:13:05 +02:00
Marc 'risson' Schmitt
5c33cedc20 packages/ak-common/mode: init (#21259) 
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
 2026-04-07 13:55:41 +00:00
Marc 'risson' Schmitt
6792c2afeb packages/ak-common/tracing: init (#21263) 2026-04-07 13:42:45 +00:00
Marc 'risson' Schmitt
53c99429c9 packages/ak-common/tls: init (#21262) 2026-04-07 15:06:06 +02:00
Marc 'risson' Schmitt
a36a6faf65 packages/ak-common/config: add set helper for tests (#21356) 2026-04-07 13:02:53 +00:00
Connor Peshek
8c3d5f1269 providers/oauth: post_logout_redirect_uri support (#20011) 
* oauth2/providers: add post logout redirect uri to providers

* properly handle post_logout_redirect_uri and frontchannel message to rp

* add backchannel support

* move logout url logic

* hanlde forbidden_uri_schemes on post_logout_redirect_uri

* merge post_logout with redirect_uri

---------

Signed-off-by: Connor Peshek <connor@connorpeshek.me>
Co-authored-by: Jens L. <jens@goauthentik.io>
 2026-04-07 03:46:11 -05:00
Jens L.
ea2bdde5a3 enterprise/providers/ssf: test conformance (#21383) 
* bump conformance server

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add support for rfc push

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* make format and aud optional

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix some endpoints

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* force 401

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* implement get and patch for streams

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* cleanup

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* enable async stream deletion

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* allow configuring remote certificate validation

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add verification endpoint

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add support for authorization_header

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* set default aud cause spec cant agree with itself

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* bump timeout

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix header `typ`

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* enabled -> status

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* re-migrate

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* gen

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* more tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* more tests and a fix

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* make streams deletable

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* and more logs and fix a silly bug

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add stream status endpoint

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* move ssf out of preview

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* unrelated typing fix

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* format

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* sigh

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* more tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2026-04-05 16:35:39 +02:00
Jens L.
f38584b343 root: misc API client and web typing fixes (#21388) 
* fix relObjId type

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix slot comments

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* sigh

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* use prettier on generated ts code

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2026-04-05 13:46:08 +02:00
Jens L.
827a77dd52 web/admin: more and more polish (#21303) 
* fix user edit button

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix impersonate button not aligned

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* cleanup oauth2 provider page

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* better desc for outpost health

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix static table not updating when items change

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix lint

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* include oidc providers in ssf provider retrieve

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* consistent oauth provider label

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* rework ssf view page

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* make client-rust makefile on macos

specifically when gnu sed is installed in the path

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2026-04-04 22:35:11 +02:00
Dominic R
78f98641be packages/client-rust: fix portable sed usage (#21337) 
* packages/client-rust: fix portable sed usage

* cleanup

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
 2026-04-02 14:30:51 +00:00
Marc 'risson' Schmitt
62ccf88512 packages/ak-common/tokio/proxy_procotol: init (#21311) 2026-04-02 13:40:38 +00:00
Marc 'risson' Schmitt
3355669274 packages/ak-common/config: init (#21256) 2026-04-02 15:05:35 +02:00
Marc 'risson' Schmitt
d3fca338b3 packages/ak-common/arbiter: init (#21253) 
* packages/ak-arbiter: init

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* fixup

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* add tests

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* lint

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* sort out package versions

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* rename to ak-lib

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* fixup

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* packages/ak-lib: init

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* fixup

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* root: fix rustfmt config

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* packages/ak-common: rename from ak-lib

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

---------

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
 2026-04-02 14:06:28 +02:00
Marc 'risson' Schmitt
df6d580150 packages/ak-common: rename from ak-lib (#21314) 
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
 2026-04-02 11:00:01 +00:00
Marc 'risson' Schmitt
7a8a25a6ff packages/django-postgres-cache: fix expiry and delete (#21307) 2026-04-01 14:28:40 +00:00
Jens L.
8610c25bd3 blueprints: rework one-time import (#18074) 
* initial move

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* rework permissions

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* initial UI rework

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add option to one-time import from file

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* adjust ui

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update api

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix import form logs

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* reset correctly

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* improve error handling

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2026-04-01 15:03:16 +02:00
Connor Peshek
8dddc05bc0 source/saml: Add forceauthn to saml authnrequest (#20883) 
* source/saml: Add ForceAuthn support to SAML AuthnRequest
 2026-03-31 22:54:01 -05:00
Marc 'risson' Schmitt
fd3196744e packages/django-postgres-cache: rework to use ORM (#17771) 2026-03-31 17:05:14 +00:00
Jens L.
06408cba59 core: fix provider not nullable (#21275) 
* core: fix provider not nullable

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix more inconsistencies

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* idk man

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2026-03-31 18:27:22 +02:00
Marc 'risson' Schmitt
55e555c047 packages/ak-lib: init (#21257) 
* packages/ak-lib: init

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* fixup

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

---------

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
 2026-03-31 11:33:46 +02:00
Jens L.
0b1ba60354 stages/authenticator_webauthn: save attestation certificate when creating credential (#20095) 
* stages/authenticator_webauthn: save attestation certificate when creating credential

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add toggle

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix migration

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* gen

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* squash

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* better test

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* ui

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* docs

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* gen

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2026-03-30 13:55:39 +02:00
Jens L.
d1c997b2fe core: Application stats, device events & cleanup (#21225) 
* core: app stats

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* refctor

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* rework to generic API

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* oops

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* handling

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix docs

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* more docs

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* unrelated fix

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* allow filtering events by device

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* show device events on device page

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* simply event tables

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2026-03-29 21:58:12 +02:00
Jens L.
07de63ee98 packages/django-dramatiq-postgres: fix default value for HTTPServerThread (#21216) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2026-03-28 20:57:46 +01:00
Jens L.
1a43ac1dc2 providers/scim: add webex compatibility mode (#21208) 
* providers/scim: add webex compatibility mode

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* migrate

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2026-03-27 21:39:39 +01:00
Jens L.
d4590f15e7 packages: use openapi-generator-ignore instead of deleting extra files (#21209) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2026-03-27 21:39:24 +01:00