Jens L.
915b5a73fc
enterprise/endpoints/connectors/agent: add independent secure enclave support for tap to login ( #20766 )
...
* enterprise/endpoints/connectors/agent: add independent secure enclave support for tap to login
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* format
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix API url
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* remove optional settings
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add a missing text
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2026-04-18 20:29:17 +02:00
Jens L.
00639d9596
policies/event_matcher: Add query option to filter events ( #21618 )
...
* policies/event_matcher: support QL query
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix lit dev warning
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* cache autocomplete data if QL isn't setup yet
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add ui
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* dont use ql input in modal
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* cleanup
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix codespell
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2026-04-16 01:52:11 +02:00
Fletcher Heisler
c32f21046d
enterprise/search: move QL to open source] ( #21484 )
...
* enterprise/search move to /search
* use make gen for schema updates
* update docs
* re-org
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* cleanup more
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix web
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* oops
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* huh
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* typing
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* gen
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Jens Langhammer <jens@goauthentik.io >
2026-04-09 16:37:11 +02:00
Connor Peshek
8c3d5f1269
providers/oauth: post_logout_redirect_uri support ( #20011 )
...
* oauth2/providers: add post logout redirect uri to providers
* properly handle post_logout_redirect_uri and frontchannel message to rp
* add backchannel support
* move logout url logic
* hanlde forbidden_uri_schemes on post_logout_redirect_uri
* merge post_logout with redirect_uri
---------
Signed-off-by: Connor Peshek <connor@connorpeshek.me >
Co-authored-by: Jens L. <jens@goauthentik.io >
2026-04-07 03:46:11 -05:00
Jens L.
ea2bdde5a3
enterprise/providers/ssf: test conformance ( #21383 )
...
* bump conformance server
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add support for rfc push
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make format and aud optional
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix some endpoints
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* force 401
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* implement get and patch for streams
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* cleanup
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* enable async stream deletion
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* allow configuring remote certificate validation
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add verification endpoint
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add support for authorization_header
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* set default aud cause spec cant agree with itself
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* bump timeout
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix header `typ`
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* enabled -> status
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* re-migrate
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* gen
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* more tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* more tests and a fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make streams deletable
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* and more logs and fix a silly bug
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add stream status endpoint
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* move ssf out of preview
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* unrelated typing fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* format
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* sigh
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* more tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2026-04-05 16:35:39 +02:00
Connor Peshek
8dddc05bc0
source/saml: Add forceauthn to saml authnrequest ( #20883 )
...
* source/saml: Add ForceAuthn support to SAML AuthnRequest
2026-03-31 22:54:01 -05:00
Jens L.
0b1ba60354
stages/authenticator_webauthn: save attestation certificate when creating credential ( #20095 )
...
* stages/authenticator_webauthn: save attestation certificate when creating credential
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add toggle
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix migration
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* gen
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* squash
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* better test
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* ui
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* gen
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2026-03-30 13:55:39 +02:00
Jens L.
1a43ac1dc2
providers/scim: add webex compatibility mode ( #21208 )
...
* providers/scim: add webex compatibility mode
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* migrate
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2026-03-27 21:39:39 +01:00
Jens L.
59263ae678
events: add option to configure webhook CA ( #20823 )
...
* events: add option to configure webhook CA
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* Update website/docs/sys-mgmt/events/transports.md
Co-authored-by: Dewi Roberts <dewi@goauthentik.io >
Signed-off-by: Jens L. <jens@beryju.org >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Signed-off-by: Jens L. <jens@beryju.org >
Co-authored-by: Dewi Roberts <dewi@goauthentik.io >
2026-03-14 21:01:01 +01:00
Marcelo Elizeche Landó
e9b33be694
stages/authenticator_webauthn: Add WebAuthn client hints support ( #20700 )
...
* Add webauthn_hints to models
* Add migrations
* Add webauthn_hints to the API
* Add enum to settings.py
* Add webauthn client hints to configuration forms in authenticator_webauthn and authenticator_validate
* Add compatability for older user agents auto infering authenticatorAttachment
* Rewording
* Fix capitalization
* Add tests
* Use ak-dual-select instead of checkboxes for hints
* Add preserve-order, no-search and no-status properties to ak-dual-select
* add no-search and no-status to ak-dual-select in AuthenticatorValidateStageForm.ts
2026-03-13 20:36:28 -03:00
Jens L.
d880c46d7c
enterprise/endpoints/connectors: add google_chrome ( #19129 )
...
* init
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add icon
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* actually load
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix serializer
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* init ui
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix duplicated element name
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* include chrome url
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make it work, some small UI fixes
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* format
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* invisible submit for frame
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix device not set in flow plan, fix other small things, more tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* simplify
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* Minor doc changes
* dedupe templates
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Dewi Roberts <dewi@goauthentik.io >
2026-03-09 11:17:56 +01:00
dependabot[bot]
fe0f559cd2
core: bump django-countries from 7.6.1 to 8.2.0 ( #19459 )
...
* core: bump django-countries from 7.6.1 to 8.2.0
Bumps [django-countries](https://github.com/SmileyChris/django-countries ) from 7.6.1 to 8.2.0.
- [Changelog](https://github.com/SmileyChris/django-countries/blob/main/CHANGES.md )
- [Commits](https://github.com/SmileyChris/django-countries/compare/v7.6.1...v8.2.0 )
---
updated-dependencies:
- dependency-name: django-countries
dependency-version: 8.2.0
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
# Conflicts:
# pyproject.toml
# uv.lock
* re-gen schema
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: dependabot[bot] <support@github.com >
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io >
2026-02-17 18:13:41 +01:00
Connor Peshek
858a040dfb
providers/saml: send logoutResponse on sp-init logout ( #17691 )
...
* providers/saml: send logoutResponse on sp-init logout
* Use first updated to fix multiple submits
* add backchannel logoutResponse
* tests
---------
Signed-off-by: Connor Peshek <connor@connorpeshek.me >
Co-authored-by: connor peshek <connorpeshek@connors-MacBook-Pro.local >
2026-02-11 14:18:39 -06:00
authentik-automation[bot]
7cb789e777
root: bump version to 2026.5.0-rc1 ( #20174 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
2026-02-11 01:43:16 +01:00
Alexander Tereshkin
2f2488b326
enterprise/lifecycle: implement Object Lifecycle Management ( #20015 )
...
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Co-authored-by: Jens L. <jens@beryju.org >
Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
Co-authored-by: Dominic R <dominic@sdko.org >
Co-authored-by: Dewi Roberts <dewi@goauthentik.io >
Co-authored-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com >
2026-02-10 18:33:06 +01:00
Jens L.
ef74ca01a2
enterprise/providers: WSFed configurable realm, default wreply ( #19996 )
...
* enterprise/providers/wsfed: make realm configurable
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make wreply optional, fallback to configure
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* use audience instead of issuer
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix lookup
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2026-02-06 00:14:10 +01:00
Jens L.
68c7037eea
flows: add option for flow layout with frame background ( #19527 )
...
* flows: add option for flow layout with frame background
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* Tidy variables. Fix mobile and tablet layouts, shadows.
* Update web/src/flow/FlowExecutor.ts
Co-authored-by: Jens L. <jens@goauthentik.io >
Signed-off-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Signed-off-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com >
Co-authored-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com >
2026-02-04 17:39:01 +01:00
Simonyi Gergő
1b9653901c
rbac: clean up roles and permissions ( #19588 )
...
* clean up roles and permissions
This was purposefully not included in `2025.12` to split the changes up.
The main content of this patch is in the migrations. Everything else
follows more or less automatically.
* add breaking change warning to release notes
* add `ak_groups` --> `groups` deprecated proxy
* fixup! add `ak_groups` --> `groups` deprecated proxy
* fixup! add `ak_groups` --> `groups` deprecated proxy
* fixup! add `ak_groups` --> `groups` deprecated proxy
* add configuration warning to default notifications blueprint
* add rudimentary tests for User.ak_groups
* remove no longer used permissions
* clarify deprecation
Co-authored-by: Jens L. <jens@goauthentik.io >
Signed-off-by: Simonyi Gergő <28359278+gergosimonyi@users.noreply.github.com >
* remove integration changes
These will be included in a separate PR once this is released.
---------
Signed-off-by: Simonyi Gergő <28359278+gergosimonyi@users.noreply.github.com >
Co-authored-by: Jens L. <jens@goauthentik.io >
2026-01-29 19:12:38 +01:00
Immanuel von Neumann
6ca26b501b
providers/scim: modify user- and group syncing behavior ( #13947 )
...
* providers/scim: modify user- and group syncing behavior
rename filtergroup to groupfilters and allow multiple values
only sync groups which are in the scimprovider's attribute \"group_filters\"
only sync users which are entitled to view the scimprovider's application
* Update authentik/providers/scim/api/providers.py
Signed-off-by: Immanuel von Neumann <45020096+ImmanuelVonNeumann@users.noreply.github.com >
* fix(authentik/scim): update schema.yml and test name
* merge migrations
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* providers/scim: fix linting
* format
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* filter eagerly
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Immanuel von Neumann <45020096+ImmanuelVonNeumann@users.noreply.github.com >
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Jens Langhammer <jens@goauthentik.io >
2026-01-29 17:07:58 +01:00
Jens L.
d1fb7dde14
enterprise/providers: WS-Federation ( #19583 )
...
* init
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix metadata
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* aight
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* progress
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix timedelta
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* start testing metadata
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add some more tests and schemas
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* test signature
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* attempt to fix signed xml linebreak
https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/1258
https://github.com/robrichards/xmlseclibs/issues/28
https://github.com/xmlsec/python-xmlsec/issues/196
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* format + gen
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update web
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* more validation
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* hmm
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add e2e test
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* qol fix in wait_for_url
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add UI
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* acs -> reply url
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* sign_out
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix some XML typing
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* remove verification_kp as its not used
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix reply url
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add ws-fed to tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add logout test
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add SAMLSession
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* refactor
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* unrelated type fixes
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add backchannel logout
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* delete import_metadata in wsfed
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* include generated realm
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* Update web/src/admin/providers/wsfed/WSFederationProviderViewPage.ts
Co-authored-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com >
Signed-off-by: Jens L. <jens@beryju.org >
* include wtrealm in ui
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Signed-off-by: Jens L. <jens@beryju.org >
Co-authored-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com >
2026-01-28 17:43:16 +01:00
Jens L.
e2cb1a8d0c
endpoints: FleetDM connector ( #18589 )
...
* enterprise/endpoints/connectors/fleet: init
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
# Conflicts:
# blueprints/schema.json
# schema.yml
* add ui
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix desc
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add configurable headers
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* Address review feedback on FleetDM connector implementation (#18651 )
* Initial plan
* Add public override modifiers to updated method
Co-authored-by: GirlBossRush <592134+GirlBossRush@users.noreply.github.com >
* Address additional feedback from PR #18589
Co-authored-by: GirlBossRush <592134+GirlBossRush@users.noreply.github.com >
* Fix indentation in ak-switch-input component
Co-authored-by: GirlBossRush <592134+GirlBossRush@users.noreply.github.com >
---------
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com >
Co-authored-by: GirlBossRush <592134+GirlBossRush@users.noreply.github.com >
* fix permission model
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add attributes to device access group
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add option to map device team
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* cleanup
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update schema
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* format
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* switch connector to grid, add icons
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix pagination
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add software tab
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix pages in test
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add more test devices
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add fedora test machine
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* better formatting for OS version
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Copilot <198982749+Copilot@users.noreply.github.com >
Co-authored-by: GirlBossRush <592134+GirlBossRush@users.noreply.github.com >
2026-01-23 21:40:28 +01:00
dependabot[bot]
288f6f50f6
core: bump bandit from 1.9.2 to 1.9.3 ( #19566 )
...
* core: bump bandit from 1.9.2 to 1.9.3
Bumps [bandit](https://github.com/PyCQA/bandit ) from 1.9.2 to 1.9.3.
- [Release notes](https://github.com/PyCQA/bandit/releases )
- [Commits](https://github.com/PyCQA/bandit/compare/1.9.2...1.9.3 )
---
updated-dependencies:
- dependency-name: bandit
dependency-version: 1.9.3
dependency-type: direct:development
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
* update config, fix warnings
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: dependabot[bot] <support@github.com >
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io >
2026-01-20 01:45:45 +01:00
Dominic R
39f6f72e96
stages/authenticator_static: set max token length to 100 chars ( #19162 )
...
* stages/authenticator_static: add max length validation for token_length field
* wip
* wip
2026-01-07 22:50:10 +00:00
Jens L.
46297698d6
blueprints: set enrollment token key ( #19061 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2025-12-26 17:37:48 +01:00
authentik-automation[bot]
fbe8028b08
root: bump version to 2026.2.0-rc1 ( #18794 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
2025-12-12 20:59:47 +00:00
Marcelo Elizeche Landó
15b93a5e9d
stages/identification: Add WebAuthn conditional UI (passkey autofill) support ( #18377 )
...
* add passkey_login to identification stage
* handle passkey auth in identification stage
* Add passkey settings in identification stage in the admin UI
* Add UI changes for basic passkey conditional login
* Fix linting
* rework
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update tests
* update admin form
* allow passing stage to validate_challenge_webauthn
* update flows/tests/test_inspector.py
* update for new field
* Fix linting
* update go solvers for identification challenge
* Refactor tests
* Skip mfa validation if user already authenticated via passkey at identification stage
* Add skip_if_passkey_authenticated option to authenticator validate stage and UI
* Add e2e test for passkey login conditional ui
* add policy
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* Remove skip_if_passkey_authenticated
* fix blueprint
* Set backend so password stage policy knows user is already authenticated
* Set backend so password stage policy knows user is already authenticated
* fix linting
* slight tweaks
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* simplify e2e test
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Signed-off-by: Marcelo Elizeche Landó <marcelo@goauthentik.io >
Co-authored-by: Jens Langhammer <jens@goauthentik.io >
2025-12-11 11:49:05 -03:00
Marc 'risson' Schmitt
92c5efbac1
sources/sync: configuration for outgoing sync trigger mode ( #17669 )
...
* sources/sync: configuration for outgoing sync trigger mode
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* api and frontend
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* update migrations
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Wrap `msg` calls in function to fix translation. Update props to accept
callbacks.
---------
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
Co-authored-by: Teffen Ellis <teffen@goauthentik.io >
2025-12-10 12:40:32 -03:00
Anduin Xue
cd09bff247
sources/oauth: add WeChat type ( #18086 )
...
* Add wechat.
* Refactor comments and formatting in wechat.py
Signed-off-by: Anduin Xue <anduin@aiursoft.com >
* Fix lint.
Signed-off-by: Anduin Xue <anduin@aiursoft.com >
* Fix lint.
* fix: Rename `WeChat` enum member to `Wechat` for consistency
* docs: Add WeChat social login integration guide.
* Docs updates
* Revise WeChat integration instructions
Updated instructions for creating a WeChat Website Application and added details about scopes and user attribute mappings.
Signed-off-by: Anduin Xue <anduin@aiursoft.com >
* Prettier
* Update wechat.py
Signed-off-by: Anduin Xue <anduin@aiursoft.com >
---------
Signed-off-by: Anduin Xue <anduin@aiursoft.com >
Co-authored-by: dewi-tik <dewi@goauthentik.io >
Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
2025-12-10 12:48:12 +00:00
Jens L.
379a9d09f1
endpoints: fix device access group missing from blueprint ( #18703 )
...
* endpoints: fix device access group missing from blueprint
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* also fix flow_set not being read_only
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix general blueprint schema issue of incorrect related PK fields having the wrong type some places
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix web format
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2025-12-09 19:46:49 +01:00
Alexander Tereshkin
7e9e0a87f7
enterprise/reports: add users and events export ( #18088 )
...
* enterprise: add users and events export (reports app)
* enterprise/reports: replace assert with AsertionError so that the assumption check is not lost when compiling to optimised byte code
* enterprise/reports: use ConditionalInheritance with ExportMixin to make reduce coupling of enterprise with the rest of authentik
* enterprise/reports: use custom iterative File to save data export instead of accessing default_storage directly, so all the FileField.save logic can run correctly (e.g. creating directories)
* enterprise/reports: change app label to simply "authentik_reports"
* wip
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* update for new file api
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Apply suggestions from code review
Signed-off-by: Dominic R <dominic@sdko.org >
* wip
* sources/oauth: save returned oauth refresh tokens and add slack provider (#18501 )
* sources/oauth: save returned oauth refresh tokens
* Update authentik/sources/oauth/models.py
Co-authored-by: Jens L. <jens@goauthentik.io >
Signed-off-by: Connor Peshek <connor@connorpeshek.me >
* lint
* add tests
* fix proper id setting
* update id test
---------
Signed-off-by: Connor Peshek <connor@connorpeshek.me >
Co-authored-by: connor peshek <connorpeshek@unknown1641287c8f5d.attlocal.net >
Co-authored-by: Jens L. <jens@goauthentik.io >
Co-authored-by: connor peshek <connorpeshek@connors-MacBook-Pro.local >
* core: custom avatar url improvements (#10525 )
Co-authored-by: Dominic R <dominic@sdko.org >
* website/integrations: add salesforce (#18516 )
Co-authored-by: connor peshek <connorpeshek@connors-MacBook-Pro.local >
Co-authored-by: dewi-tik <dewi@goauthentik.io >
Co-authored-by: Dominic R <dominic@sdko.org >
* endpoints: implement endpoint stage (#18468 )
* endpoints: implement endpoint stage
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* format
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix mismatched label
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix url in mdm config
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* rephrase
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* and API & UI
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add deprecated support and deprecate gdtc
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add stage mode
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fixup
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* rework stage slightly, add frontend
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* include jwks, add iat and exp
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* set kid
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* include device details in event list
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* format
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* implement device summary
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add remaining tables
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* revert sanitize
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix uuid format issues
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* web/flows: update default background image (#18540 )
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* website/integrations: add hoop.dev (#17868 )
Co-authored-by: iops <iops@syneforge.com >
Co-authored-by: Dominic R <dominic@sdko.org >
* website: Docusaurus 3.9.2 (#18506 )
* endpoints/stage: v2, better error handling, more settings (#18545 )
* add options, idle fallback
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* delete other device tokens during enroll
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* better error handling
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* website: Glossary (#16007 )
* website: Glossary
fix minor issues
wip
Apply suggestion from @dominic-r
Signed-off-by: Dominic R <dominic@sdko.org >
anchor to param
wip
wip
at least the lockfile changes now
sure
a-z first as tana asked
idk why i switched in the first place
wip
wip
lock
lockfiles are hard
wip
please work
no have?
Revert "no have?"
This reverts commit 743dbc1bc2900eedcc2c93af248e6afdec3688a3.
* changed to sentence-case capitalization
---------
Co-authored-by: Tana M Berry <tana@goauthentik.io >
* web/i18n: Locale Context Merge Branch (#18426 )
* web: Update fonts to Patternfly 5 variants.
* Fix order of heading override.
* web: Flesh out locale context.
* Fix Han pattern.
* Remove comment.
* Add additional regional codes.
* Clarify comment.
* Fix typos.
* web/i18n: Add locale-specific font overrides.
* Fix stale session in locale lifecycle.
* core, web: Fix Han language codes.
* Fix warnings about invalid BCP language code.
* Build translations.
* Add locale relative labels.
* Add locale translations for Finnish and Portuguese.
* Fix XLIFF errors.
* Clean up labels.
* Tidy regions.
* Match region comment.
* Update extracted values.
* Fix locale switch not triggering on source language.
* Split labels.
* Clean up labels.
* providers/scim: cache ServiceProviderConfig (#18047 )
* Update authentik/enterprise/reports/api/reports.py
Co-authored-by: Jens L. <jens@beryju.org >
Signed-off-by: Alexander Tereshkin <96586+atereshkin@users.noreply.github.com >
* enterprise/reports: got rid of unnecessary method-level import
* enterprise/reports: celan up code duplication in data export generation (invoke viewset.filter_queryset directly instead of replicating it)
* enterprise/reports: add check for app label when switching on content types
* enterprise/reports: make hyperlink field on Notification larger so it can fit the security token in the export file URL
* enterprise/reports: add is_superuser back in users export
* enterprise/reports: split tests into multiple files
* Apply suggestions from code review
Signed-off-by: Dewi Roberts <dewi@goauthentik.io >
* Fixed prettier issue
* Update web/src/admin/events/DataExportListPage.ts
Co-authored-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com >
Signed-off-by: Alexander Tereshkin <96586+atereshkin@users.noreply.github.com >
* Update web/src/admin/events/DataExportListPage.ts
Co-authored-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com >
Signed-off-by: Alexander Tereshkin <96586+atereshkin@users.noreply.github.com >
* Update web/src/admin/events/EventListPage.ts
Co-authored-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com >
Signed-off-by: Alexander Tereshkin <96586+atereshkin@users.noreply.github.com >
* Update web/src/admin/reports/ExportButton.ts
Co-authored-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com >
Signed-off-by: Alexander Tereshkin <96586+atereshkin@users.noreply.github.com >
* Update web/src/admin/reports/ExportButton.ts
Co-authored-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com >
Signed-off-by: Alexander Tereshkin <96586+atereshkin@users.noreply.github.com >
* Update web/src/admin/users/UserListPage.ts
Co-authored-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com >
Signed-off-by: Alexander Tereshkin <96586+atereshkin@users.noreply.github.com >
* Update web/src/elements/notifications/NotificationDrawer.ts
Co-authored-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com >
Signed-off-by: Alexander Tereshkin <96586+atereshkin@users.noreply.github.com >
* Update web/src/elements/sidebar/SidebarItem.css
Co-authored-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com >
Signed-off-by: Alexander Tereshkin <96586+atereshkin@users.noreply.github.com >
* enterprise/reports: resolve code review merge errors
* enterprise/reports: remove the export button from the dom flow (by settings display:none) when there's no license
* enterprise/reports: improve docs
* include notification link in email
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* format
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* enterprise/reports: remove assignment assertion in ExportButton.ts
* cleanup tests after perm update
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
Signed-off-by: Dominic R <dominic@sdko.org >
Signed-off-by: Connor Peshek <connor@connorpeshek.me >
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Signed-off-by: Alexander Tereshkin <96586+atereshkin@users.noreply.github.com >
Signed-off-by: Dewi Roberts <dewi@goauthentik.io >
Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
Co-authored-by: Dominic R <dominic@sdko.org >
Co-authored-by: Connor Peshek <connor@connorpeshek.me >
Co-authored-by: connor peshek <connorpeshek@unknown1641287c8f5d.attlocal.net >
Co-authored-by: Jens L. <jens@goauthentik.io >
Co-authored-by: connor peshek <connorpeshek@connors-MacBook-Pro.local >
Co-authored-by: Konrad Mösch <konrad@moesch.org >
Co-authored-by: dewi-tik <dewi@goauthentik.io >
Co-authored-by: shcherbak <ju.shcherbak@gmail.com >
Co-authored-by: iops <iops@syneforge.com >
Co-authored-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com >
Co-authored-by: Tana M Berry <tana@goauthentik.io >
Co-authored-by: Jens L. <jens@beryju.org >
2025-12-09 09:35:41 -05:00
Simonyi Gergő
f7e23295ed
core: add digraph group hierarchy ( #17050 )
...
* move imports
* core: add digraph group hierarchy
* move to permissions from Group or User to Role
* set group parents on frontend
* do not serialize `GroupParentageNode` directly
* core: enforce unique group name on database level
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* use group parents in LDAP provider
* add user-role relationship control to frontend
* move materialized view to be more discoverable
* add guardian to mypy exceptions
* make `Role` a `ManagedModel`
* fixup! make `Role` a `ManagedModel`
* simplify `get_objects_for_user`
* fix flaky unit test
* rename `django-guardian` fork to `ak-guardian`
* add tests around users/groups/roles
* remove unused guardian config variable
* simplify guardian file structure
* clean up frontend
* initial docs
* remove `mode` from `InitialPermissions`
This is no longer needed, since users no longer directly have permissions.
* fixup! Merge branch 'main' into core/add-digraph-group-hierarchy
* clean up docs for managing permissions
* addendums from docs review
* fixup! Merge branch 'main' into core/add-digraph-group-hierarchy
* tweaks
* dewi and tana edits to docs
* tweak
* truly final tweaks, for now
* relabel Role Permissions table
* clarify button label
* fixup! Merge branch 'main' into core/add-digraph-group-hierarchy
* fixup! Merge branch 'main' into core/add-digraph-group-hierarchy
* merge migrations
* fixup! Merge branch 'main' into core/add-digraph-group-hierarchy
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Tana M Berry <tana@goauthentik.io >
2025-12-08 12:04:04 +01:00
Jens L.
334c0175f9
crypto: separate permissions for certificate and private keydownload ( #18588 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2025-12-04 16:31:52 +01:00
Dominic R
c1cfeaf4b5
providers/scim: cache ServiceProviderConfig ( #18047 )
2025-12-03 08:07:00 -05:00
Jens L.
d0ef8a8b8e
endpoints/stage: v2, better error handling, more settings ( #18545 )
...
* add options, idle fallback
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* delete other device tokens during enroll
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* better error handling
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2025-12-02 22:25:47 +01:00
Jens L.
5ccd66ddca
endpoints: implement endpoint stage ( #18468 )
...
* endpoints: implement endpoint stage
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* format
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix mismatched label
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix url in mdm config
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* rephrase
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* and API & UI
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add deprecated support and deprecate gdtc
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add stage mode
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fixup
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* rework stage slightly, add frontend
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* include jwks, add iat and exp
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* set kid
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* include device details in event list
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* format
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* implement device summary
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add remaining tables
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* revert sanitize
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix uuid format issues
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2025-12-02 19:19:14 +01:00
Connor Peshek
45ee4af451
sources/oauth: save returned oauth refresh tokens and add slack provider ( #18501 )
...
* sources/oauth: save returned oauth refresh tokens
* Update authentik/sources/oauth/models.py
Co-authored-by: Jens L. <jens@goauthentik.io >
Signed-off-by: Connor Peshek <connor@connorpeshek.me >
* lint
* add tests
* fix proper id setting
* update id test
---------
Signed-off-by: Connor Peshek <connor@connorpeshek.me >
Co-authored-by: connor peshek <connorpeshek@unknown1641287c8f5d.attlocal.net >
Co-authored-by: Jens L. <jens@goauthentik.io >
Co-authored-by: connor peshek <connorpeshek@connors-MacBook-Pro.local >
2025-12-02 11:49:40 -06:00
Marc 'risson' Schmitt
c30d1a478d
files: rework ( #17535 )
...
Co-authored-by: Dominic R <dominic@sdko.org >
Co-authored-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Tana M Berry <tana@goauthentik.io >
2025-12-02 18:01:51 +01:00
Jens L.
874a20b908
enterprise: Apple Platform SSO ( #15318 )
...
* init
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* snap
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* format
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* it works
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* give session
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix session
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* better endpoint
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add api
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* attempt endpoint
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* refactor into endpoints system
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* start reworking
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make it work more
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* re-add user data
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add jwks
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add rest of the endpoints
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix test
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix lookup
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix device group selection
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix incorrect device id
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix register
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* implement the thing
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix a bunch of things
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix issuer
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix fully
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* format
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add test for apple JWE
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add more tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add token tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make auth session duration configurable, merge migrations
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update api & ui
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix enterprise
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* include platform sso in generated mdm config
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2025-12-01 00:28:09 +01:00
Jens L.
1fb71371cb
endpoints: AuthN and AuthZ ( #18350 )
...
* start agent auth
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* also check windows system disk (hardcode C: for now)
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add process table
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* include jwks
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* nonce
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* snap
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* missing exp and username (temp values)
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix missing meta
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* rework auth and migrations
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* include system config in agent config
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix a bunch of broken stuff
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update ui
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* format
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add device to login event
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add ssh
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* start adding tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* policies
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* remove domain name
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix leftover
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add device to flow context
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* dont allow access without policies
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* some ui changes
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* re-invent the wheel again
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* start updating tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* t
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* Revert "t"
This reverts commit b74db5f5d4b2524c00b2c7cdf4c018jens@goauthentik.io >
* fix ui
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* re-migrate
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix web build
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* f
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add device users and device groups
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* expand users
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2025-11-27 19:05:57 +01:00
Marc 'risson' Schmitt
9621082f06
*: convert slugfields to textfields ( #17411 )
...
* *: convert slugfields to textfields
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* update migrations
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
---------
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
2025-11-25 17:56:36 +00:00
Dominic R
b8dee0c0c3
web/sources: Add promoted source ( #18334 )
...
* web/sources: Add promoted source
* fix some css
* fix test
2025-11-25 10:54:07 -05:00
Dominic R
c18f6d2f21
root: regen schema ( #18327 )
2025-11-24 14:31:41 +01:00
Jens L.
e9c2e10828
endpoints: initial data structure + agent ( #11499 )
...
* endpoints: initial data structure
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* some moving
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* more stuff
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* rework models a bit
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* small QOL
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix API
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* more structure, early UI
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* start agent connector
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix IDs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix schema
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* init fleet
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* t
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add more pages
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* more
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* more
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* stage
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* start challenge
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* t
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* I had an idea
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* more stuf
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* more frontend plumbing
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* keep original gdtc for now
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* move agent to non enterprise
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* small stuff
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add last_update
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* rework common facts
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add processes
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add last_update
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* very basic UI
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* rework
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add path
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* capacity in int64
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add support for multiple versions of data
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* expiring snapshots
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update API
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* better structure and query and fleet
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix more
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add more metrics
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* more UI
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* more device data
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* format
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* correct task schedule
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* ignore device snapshot
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix more things, agent connector form
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* connector edit
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix some api stuff
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix build
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add preview banner
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add percentage
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* start agent view page
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add enrollment token api
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* start agent connector view page
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* more UI
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* small fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* ephemeral devices
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* less hardcoded
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add refresh interval
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix fleet os family, os family label
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix some things
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* start writing tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* rework auth to be more rest-framework like
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* move enterprise parts to enterprise
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* remove chrome from this PR
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* remove fleet from this PR
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* optimise API to use cached facts on list
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* rename some things
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* use hostname
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* re-migrate
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* cleanup unused things
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* remove stage for now
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* format
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* save connector related to user binding of device
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* device attributes
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add device group selector
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix expandable
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix missing device group obj
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* purge through cache if we get a snapshot from a new connection
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* dont log devicetoken
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make device deletable
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* handle no facts
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add device form
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix device group not assigned
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add tests for facts merging
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix lint
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* start setup, generate mdm config
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* connector -> controller to avoid duplicate names
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* format
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add full how to
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* format
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* enable search
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* more things
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add support on type create page for above form text
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix enrollment token expiry (list and form)
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add token copy
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* annotate mdm config correctly
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix config download
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* decent design
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* remove placeholders
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* pre-add fields for apple platform sso
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2025-11-20 22:31:30 +01:00
Marcelo Elizeche Landó
9802d4bcdd
core: Add example invitation blueprint ( #17661 )
...
* Add flows-invitation-enrollment.yaml blueprint example, make serializer add default anonymous user in blueprint context
* Add tests
* fix linting
* Update invitations docs
* Use custom attributes instead of fixed_data
* remove clutter
* Reworks the invitations doc to new styling standards
* Apply suggestions
* fix field
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* Add manual steps for invitation creation
* add both options at the beginning
* use serializer.context in InvitationViewSet.perform_create
* Apply suggestions from code review
Co-authored-by: Dominic R <dominic@sdko.org >
Signed-off-by: Marcelo Elizeche Landó <marce@melizeche.com >
* add description to bluprint
* Apply suggestions from code review
Co-authored-by: Dominic R <dominic@sdko.org >
Signed-off-by: Marcelo Elizeche Landó <marce@melizeche.com >
* tweaks to structure and formatting
* Optimised images with calibre/image-actions
* Update website/docs/users-sources/user/invitations.md
Co-authored-by: Dominic R <dominic@sdko.org >
Signed-off-by: Marcelo Elizeche Landó <marce@melizeche.com >
* fix linting
* imports
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* less branch
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* gen
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Signed-off-by: Marcelo Elizeche Landó <marce@melizeche.com >
Co-authored-by: dewi-tik <dewi@goauthentik.io >
Co-authored-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Dominic R <dominic@sdko.org >
Co-authored-by: Tana M Berry <tana@goauthentik.io >
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
2025-11-06 20:29:04 +01:00
Marc 'risson' Schmitt
e593933bca
lib/sync/outgoing: store sync settings in database ( #17630 )
2025-10-22 17:15:37 +02:00
authentik-automation[bot]
db213a8944
root: bump version to 2025.12.0-rc1 ( #17603 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
2025-10-21 01:10:16 +02:00
Jens L.
2484f28bb6
sources/oauth: configurable PKCE mode ( #17487 )
...
* sources/oauth: configurable PKCE mode
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* common function for pkce s256
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2025-10-16 13:32:03 +02:00
Connor Peshek
48797c6d35
providers/saml: add frontchannel idp slo, backchannel post idp slo ( #15863 )
...
* providers/saml: add frontchannel idp slo, backchannel post idp slo
* move signal to user_logout stage
* split logic for injection of stages into proper providers signals
* cleanup data structures
* scope stages
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* uuid pk
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* cleanup schema
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* format
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* format, again
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* Update tasks.py
* Update pyproject.toml
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: connor peshek <connorpeshek@connors-MacBook-Pro.local >
Co-authored-by: Jens Langhammer <jens@goauthentik.io >
2025-10-10 12:01:39 +00:00
Dominic R
87a0001a5d
blueprints: regenerate schema ( #17365 )
...
* blueprints: regenerate schema
* idk
2025-10-10 13:02:02 +02:00
Jens L.
bbf77002d5
api: Clean schema up more ( #17055 )
...
* api: better filtering
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* revamp prompt
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add common query param to dedupe
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* simplify paginated results
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* simplify error responses
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* keep error schemas
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* better structure
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* format
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* ok simplifying too far
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix web
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* remove unused optimization
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* re-gen
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2025-10-08 22:35:10 +02:00
