Dominic R
3353db0d7f
outpost/proxyv2: more tests, fix pg password with spaces, and existing session on restart ( #18211 )
...
* outpost/proxyv2: handle PostgreSQL passwords with spaces and special characters
And modify / add some more tests and a bit of refactoring
* Potential fix for code scanning alert no. 268: Disabled TLS certificate check
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
Signed-off-by: Dominic R <dominic@sdko.org >
* Revert "Potential fix for code scanning alert no. 268: Disabled TLS certificate check"
This reverts commit ead227a272jens@goauthentik.io >
---------
Signed-off-by: Dominic R <dominic@sdko.org >
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io >
2025-12-11 14:25:41 +00:00
Dominic R
6dde8bdd4a
outpost: proxyv2: Use Postgres for the Embedded Outpost ( #16628 )
...
* wip
Co-authored-by: Jens Langhammer <jens@goauthentik.io >
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Signed-off-by: Dominic R <dominic@sdko.org >
* remove testing files
* a
* wip
* pls
* pls2
* a
* Update authentik/providers/proxy/models.py
Co-authored-by: Jens L. <jens@beryju.org >
Signed-off-by: Dominic R <dominic@sdko.org >
* makemigrations
* pls
* pls1000
* dont migrate in go
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* set uuid
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix more test cases
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* better logging
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* set gorm nowfunc (gorm defaults to local time)
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* improve test db closing
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* move expiration to field
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* dont' manually set table
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* refactor tests more
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* more refactor
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix em
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* postgres cleanup is done by worker
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update expiry and set expiring
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Signed-off-by: Dominic R <dominic@sdko.org >
Co-authored-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Jens L. <jens@beryju.org >
2025-10-09 16:59:15 +02:00
Jens L
c45bb8e985
providers/proxy: rework redirect mechanism ( #8594 )
...
* providers/proxy: rework redirect mechanism
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add session id, don't tie to state in session
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* handle state failing to parse
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* save session after creating state
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* remove debug
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* include task expiry in status
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix redirect URL detection
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-05-06 03:07:08 +02:00
Jens L
1ea3dae5ac
providers/proxy: use access token ( #8022 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-12-30 16:36:43 +01:00
Jens L
ec42b597ab
providers/proxy: send token request internally, with overwritten host header ( #4675 )
...
* send token request internally, with overwritten host header
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-02-13 16:34:47 +01:00
Jens L
cd12e177ea
providers/proxy: add initial header token auth ( #4421 )
...
* initial implementation
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* check for openid/profile claims
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* include jwks sources in proxy provider
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add web ui for jwks
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* only show sources with JWKS data configured
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix introspection tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* start basic
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add basic auth
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add docs, update admonitions
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add client_id to api, add tab for auth
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update locale
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-01-13 16:22:03 +01:00
Jens L
d53733b6fc
outposts/proxy: reduce possibility for redirect loops, keep single state ( #3831 )
...
use single state, redirect when start url is hit with active session
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2022-10-20 21:27:34 +02:00
Jens L
47daaf969a
outposts: fix oauth state when using signature routing ( #3616 )
...
* fix oauth state when using signature routing
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* more retires
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2022-09-19 21:38:34 +02:00
Jens Langhammer
220f123b29
internal: add more tracing for states
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2022-09-07 09:53:10 +02:00
Jens Langhammer
410d1b97cd
outposts/proxy: add support for multiple states, when multiple requests are redirect at once
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2021-12-26 14:16:02 +01:00
Jens Langhammer
2ddf122d27
Revert "outposts/proxy: don't save raw jwt in cookie to prevent securecookie: the value is too long"
...
This reverts commit b3e40c6aed
2021-12-12 17:58:19 +01:00
Jens Langhammer
b3e40c6aed
outposts/proxy: don't save raw jwt in cookie to prevent securecookie: the value is too long
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2021-12-06 13:54:59 +01:00
Jens Langhammer
347c3793fc
outposts/proxy: add additional headers
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2021-12-02 14:19:57 +01:00
Jens L
3c1b70c355
outposts/proxyv2 ( #1365 )
...
* outposts/proxyv2: initial commit
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
add rs256
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
more stuff
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
add forward auth an sign_out
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
match cookie name
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
re-add support for rs256 for backwards compat
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
add error handler
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
ensure unique user-agent is used
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
set cookie duration based on id_token expiry
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
build proxy v2
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
add ssl
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
add basic auth and custom header support
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
add application cert loading
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
implement whitelist
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
add redis
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
migrate embedded outpost to v2
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
remove old proxy
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
providers/proxy: make token expiration configurable
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
add metrics
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
fix tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* providers/proxy: only allow one redirect URI
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* fix docker build for proxy
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* remove default port offset
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* add AUTHENTIK_HOST_BROWSER
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* tests: fix e2e/integration tests not using proper tags
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* remove references of old port
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* fix user_attributes not being loaded correctly
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* cleanup dependencies
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* cleanup
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2021-09-08 18:04:56 +00:00
