eliott/authentik
1
0
Fork 0
mirror of https://github.com/goauthentik/authentik synced 2026-05-01 11:57:09 +02:00
Code Issues Packages Projects Releases Wiki Activity
21,675 Commits 340 Branches 440 Tags
e7fcfb7e67d5df3e8a8a5da170f18fa4c6b98731
Commit Graph

794 Commits

Author SHA1 Message Date
Jens L.
fcc0438961 web/admin: prevent file upload attempt when backend not managed (#18646) 
* web/admin: prevent file upload attempt when backend not managed

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* wip

* fixup

* rework

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* format

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add check for reports

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix delete table for data exports missing details

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Dominic R <dominic@sdko.org>
 2025-12-23 13:41:27 +01:00
Jens L.
7fa28c60c7 enterprise/reports: improve export list, confirmation (#18981) 
* enterprise/reports: use verbose name for model label

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add confirmation for export

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update docs

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* remove duplicated api

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix duplicate

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix search query not updated

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* exclude page & page size

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* improve query display

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix user display

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* exclude unset params

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* Apply suggestions from code review

Co-authored-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com>
Signed-off-by: Jens L. <jens@beryju.org>

* more code style

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* format

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix types

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens L. <jens@beryju.org>
Co-authored-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com>
 2025-12-22 20:35:18 +01:00
Dominic R
59460ac840 flows/executor: fix KeyError when session has no existing plan (#18951) 2025-12-19 00:21:32 +00:00
Jens L.
603820854b stages/authenticator_*: fix code input field not string (#18875) 
* stages/authenticator_*: fix code input field not string

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* Update authentik/stages/authenticator_totp/stage.py

Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
Signed-off-by: Jens L. <jens@beryju.org>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens L. <jens@beryju.org>
Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
 2025-12-16 19:10:48 +01:00
Connor Peshek
c557b55e0e crypto: Store details parsed from includeDetails in database instead (#18013) 
* crypto: Store details parsed from includeDetails in database instead

* fix signal for tests

* Update authentik/crypto/signals.py

Co-authored-by: Jens L. <jens@goauthentik.io>
Signed-off-by: Connor Peshek <connor@connorpeshek.me>

* Update authentik/crypto/apps.py

Co-authored-by: Jens L. <jens@goauthentik.io>
Signed-off-by: Connor Peshek <connor@connorpeshek.me>

* Update authentik/crypto/signals.py

Co-authored-by: Jens L. <jens@goauthentik.io>
Signed-off-by: Connor Peshek <connor@connorpeshek.me>

* Add feedback

* cleanup

* update

* cleanup

* simplify serializer

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* Update KID for when updating certificates

* lint

---------

Signed-off-by: Connor Peshek <connor@connorpeshek.me>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: connor peshek <connorpeshek@connors-MacBook-Pro.local>
Co-authored-by: Jens L. <jens@goauthentik.io>
 2025-12-15 13:50:16 -06:00
authentik-automation[bot]
fbe8028b08 root: bump version to 2026.2.0-rc1 (#18794) 
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
 2025-12-12 20:59:47 +00:00
Marcelo Elizeche Landó
15b93a5e9d stages/identification: Add WebAuthn conditional UI (passkey autofill) support (#18377) 
* add passkey_login to identification stage

* handle passkey auth in identification stage

* Add passkey settings in identification stage in the admin UI

* Add UI changes for basic passkey conditional login

* Fix linting

* rework

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update tests

* update admin form

* allow passing stage to validate_challenge_webauthn

* update flows/tests/test_inspector.py

* update for new field

* Fix linting

* update go solvers for identification challenge

* Refactor tests

* Skip mfa validation if user already authenticated via passkey at identification stage

* Add skip_if_passkey_authenticated option to authenticator validate stage and UI

* Add e2e test for passkey login conditional ui

* add policy

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* Remove skip_if_passkey_authenticated

* fix blueprint

* Set backend so password stage policy knows user is already authenticated

* Set backend so password stage policy knows user is already authenticated

* fix linting

* slight tweaks

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* simplify e2e test

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Marcelo Elizeche Landó <marcelo@goauthentik.io>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
 2025-12-11 11:49:05 -03:00
Nuno Alves
196bce348f api: allow configuring default page_size and max_page_size (#18165) 
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
 2025-12-11 14:45:50 +00:00
Alexander Tereshkin
572d965084 sources/telegram: implement connecting existing user to a Telegram account (#18517) 2025-12-10 18:20:40 +01:00
Marc 'risson' Schmitt
92c5efbac1 sources/sync: configuration for outgoing sync trigger mode (#17669) 
* sources/sync: configuration for outgoing sync trigger mode

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* lint

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* api and frontend

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* fix tests

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* update migrations

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* Wrap `msg` calls in function to fix translation. Update props to accept
callbacks.

---------

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
Co-authored-by: Teffen Ellis <teffen@goauthentik.io>
 2025-12-10 12:40:32 -03:00
Connor Peshek
efdc11e413 web/admin: Add SAML metadata form to wizard (#17690) 
Co-authored-by: connor peshek <connorpeshek@connors-MacBook-Pro.local>
 2025-12-10 13:58:13 +01:00
Anduin Xue
cd09bff247 sources/oauth: add WeChat type (#18086) 
* Add wechat.

* Refactor comments and formatting in wechat.py

Signed-off-by: Anduin Xue <anduin@aiursoft.com>

* Fix lint.

Signed-off-by: Anduin Xue <anduin@aiursoft.com>

* Fix lint.

* fix: Rename `WeChat` enum member to `Wechat` for consistency

* docs: Add WeChat social login integration guide.

* Docs updates

* Revise WeChat integration instructions

Updated instructions for creating a WeChat Website Application and added details about scopes and user attribute mappings.

Signed-off-by: Anduin Xue <anduin@aiursoft.com>

* Prettier

* Update wechat.py

Signed-off-by: Anduin Xue <anduin@aiursoft.com>

---------

Signed-off-by: Anduin Xue <anduin@aiursoft.com>
Co-authored-by: dewi-tik <dewi@goauthentik.io>
Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
 2025-12-10 12:48:12 +00:00
Jens L.
379a9d09f1 endpoints: fix device access group missing from blueprint (#18703) 
* endpoints: fix device access group missing from blueprint

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* also fix flow_set not being read_only

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix general blueprint schema issue of incorrect related PK fields having the wrong type some places

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix web format

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2025-12-09 19:46:49 +01:00
Alexander Tereshkin
7e9e0a87f7 enterprise/reports: add users and events export (#18088) 
* enterprise: add users and events export (reports app)

* enterprise/reports: replace assert with AsertionError so that the assumption check is not lost when compiling to optimised byte code

* enterprise/reports: use ConditionalInheritance with ExportMixin to make reduce coupling of enterprise with the rest of authentik

* enterprise/reports: use custom iterative File to save data export instead of accessing default_storage directly, so all the FileField.save logic can run correctly (e.g. creating directories)

* enterprise/reports: change app label to simply "authentik_reports"

* wip

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* update for new file api

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* lint

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* Apply suggestions from code review

Signed-off-by: Dominic R <dominic@sdko.org>

* wip

* sources/oauth: save returned oauth refresh tokens and add slack provider (#18501)

* sources/oauth: save returned oauth refresh tokens

* Update authentik/sources/oauth/models.py

Co-authored-by: Jens L. <jens@goauthentik.io>
Signed-off-by: Connor Peshek <connor@connorpeshek.me>

* lint

* add tests

* fix proper id setting

* update id test

---------

Signed-off-by: Connor Peshek <connor@connorpeshek.me>
Co-authored-by: connor peshek <connorpeshek@unknown1641287c8f5d.attlocal.net>
Co-authored-by: Jens L. <jens@goauthentik.io>
Co-authored-by: connor peshek <connorpeshek@connors-MacBook-Pro.local>

* core: custom avatar url improvements (#10525)

Co-authored-by: Dominic R <dominic@sdko.org>

* website/integrations: add salesforce (#18516)

Co-authored-by: connor peshek <connorpeshek@connors-MacBook-Pro.local>
Co-authored-by: dewi-tik <dewi@goauthentik.io>
Co-authored-by: Dominic R <dominic@sdko.org>

* endpoints: implement endpoint stage (#18468)

* endpoints: implement endpoint stage

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* format

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix mismatched label

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix url in mdm config

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* rephrase

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* and API & UI

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add deprecated support and deprecate gdtc

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add stage mode

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fixup

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* rework stage slightly, add frontend

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* include jwks, add iat and exp

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* set kid

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* include device details in event list

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* format

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* implement device summary

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add remaining tables

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* revert sanitize

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix uuid format issues

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* web/flows: update default background image (#18540)

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* website/integrations: add hoop.dev (#17868)

Co-authored-by: iops <iops@syneforge.com>
Co-authored-by: Dominic R <dominic@sdko.org>

* website: Docusaurus 3.9.2 (#18506)

* endpoints/stage: v2, better error handling, more settings (#18545)

* add options, idle fallback

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* delete other device tokens during enroll

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* better error handling

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* website: Glossary (#16007)

* website: Glossary

fix minor issues

wip

Apply suggestion from @dominic-r

Signed-off-by: Dominic R <dominic@sdko.org>

anchor to param

wip

wip

at least the lockfile changes now

sure

a-z first as tana asked

idk why i switched in the first place

wip

wip

lock

lockfiles are hard

wip

please work

no have?

Revert "no have?"

This reverts commit 743dbc1bc2900eedcc2c93af248e6afdec3688a3.

* changed to sentence-case capitalization

---------

Co-authored-by: Tana M Berry <tana@goauthentik.io>

* web/i18n: Locale Context Merge Branch (#18426)

* web: Update fonts to Patternfly 5 variants.

* Fix order of heading override.

* web: Flesh out locale context.

* Fix Han pattern.

* Remove comment.

* Add additional regional codes.

* Clarify comment.

* Fix typos.

* web/i18n: Add locale-specific font overrides.

* Fix stale session in locale lifecycle.

* core, web: Fix Han language codes.

* Fix warnings about invalid BCP language code.

* Build translations.

* Add locale relative labels.

* Add locale translations for Finnish and Portuguese.

* Fix XLIFF errors.

* Clean up labels.

* Tidy regions.

* Match region comment.

* Update extracted values.

* Fix locale switch not triggering on source language.

* Split labels.

* Clean up labels.

* providers/scim: cache ServiceProviderConfig (#18047)

* Update authentik/enterprise/reports/api/reports.py

Co-authored-by: Jens L. <jens@beryju.org>
Signed-off-by: Alexander Tereshkin <96586+atereshkin@users.noreply.github.com>

* enterprise/reports: got rid of unnecessary method-level import

* enterprise/reports: celan up code duplication in data export generation (invoke viewset.filter_queryset directly instead of replicating it)

* enterprise/reports: add check for app label when switching on content types

* enterprise/reports: make hyperlink field on Notification larger so it can fit the security token in the export file URL

* enterprise/reports: add is_superuser back in users export

* enterprise/reports: split tests into multiple files

* Apply suggestions from code review

Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Fixed prettier issue

* Update web/src/admin/events/DataExportListPage.ts

Co-authored-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com>
Signed-off-by: Alexander Tereshkin <96586+atereshkin@users.noreply.github.com>

* Update web/src/admin/events/DataExportListPage.ts

Co-authored-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com>
Signed-off-by: Alexander Tereshkin <96586+atereshkin@users.noreply.github.com>

* Update web/src/admin/events/EventListPage.ts

Co-authored-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com>
Signed-off-by: Alexander Tereshkin <96586+atereshkin@users.noreply.github.com>

* Update web/src/admin/reports/ExportButton.ts

Co-authored-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com>
Signed-off-by: Alexander Tereshkin <96586+atereshkin@users.noreply.github.com>

* Update web/src/admin/reports/ExportButton.ts

Co-authored-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com>
Signed-off-by: Alexander Tereshkin <96586+atereshkin@users.noreply.github.com>

* Update web/src/admin/users/UserListPage.ts

Co-authored-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com>
Signed-off-by: Alexander Tereshkin <96586+atereshkin@users.noreply.github.com>

* Update web/src/elements/notifications/NotificationDrawer.ts

Co-authored-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com>
Signed-off-by: Alexander Tereshkin <96586+atereshkin@users.noreply.github.com>

* Update web/src/elements/sidebar/SidebarItem.css

Co-authored-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com>
Signed-off-by: Alexander Tereshkin <96586+atereshkin@users.noreply.github.com>

* enterprise/reports: resolve code review merge errors

* enterprise/reports: remove the export button from the dom flow (by settings display:none) when there's no license

* enterprise/reports: improve docs

* include notification link in email

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* format

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* enterprise/reports: remove assignment assertion in ExportButton.ts

* cleanup tests after perm update

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
Signed-off-by: Dominic R <dominic@sdko.org>
Signed-off-by: Connor Peshek <connor@connorpeshek.me>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Alexander Tereshkin <96586+atereshkin@users.noreply.github.com>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>
Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
Co-authored-by: Dominic R <dominic@sdko.org>
Co-authored-by: Connor Peshek <connor@connorpeshek.me>
Co-authored-by: connor peshek <connorpeshek@unknown1641287c8f5d.attlocal.net>
Co-authored-by: Jens L. <jens@goauthentik.io>
Co-authored-by: connor peshek <connorpeshek@connors-MacBook-Pro.local>
Co-authored-by: Konrad Mösch <konrad@moesch.org>
Co-authored-by: dewi-tik <dewi@goauthentik.io>
Co-authored-by: shcherbak <ju.shcherbak@gmail.com>
Co-authored-by: iops <iops@syneforge.com>
Co-authored-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com>
Co-authored-by: Tana M Berry <tana@goauthentik.io>
Co-authored-by: Jens L. <jens@beryju.org>
 2025-12-09 09:35:41 -05:00
Simonyi Gergő
f7e23295ed core: add digraph group hierarchy (#17050) 
* move imports

* core: add digraph group hierarchy

* move to permissions from Group or User to Role

* set group parents on frontend

* do not serialize `GroupParentageNode` directly

* core: enforce unique group name on database level

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* use group parents in LDAP provider

* add user-role relationship control to frontend

* move materialized view to be more discoverable

* add guardian to mypy exceptions

* make `Role` a `ManagedModel`

* fixup! make `Role` a `ManagedModel`

* simplify `get_objects_for_user`

* fix flaky unit test

* rename `django-guardian` fork to `ak-guardian`

* add tests around users/groups/roles

* remove unused guardian config variable

* simplify guardian file structure

* clean up frontend

* initial docs

* remove `mode` from `InitialPermissions`

This is no longer needed, since users no longer directly have permissions.

* fixup! Merge branch 'main' into core/add-digraph-group-hierarchy

* clean up docs for managing permissions

* addendums from docs review

* fixup! Merge branch 'main' into core/add-digraph-group-hierarchy

* tweaks

* dewi and tana edits to docs

* tweak

* truly final tweaks, for now

* relabel Role Permissions table

* clarify button label

* fixup! Merge branch 'main' into core/add-digraph-group-hierarchy

* fixup! Merge branch 'main' into core/add-digraph-group-hierarchy

* merge migrations

* fixup! Merge branch 'main' into core/add-digraph-group-hierarchy

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Tana M Berry <tana@goauthentik.io>
 2025-12-08 12:04:04 +01:00
Jens L.
475ab76a5e endpoints: fix UI bugs, add user binding, etc (#18609) 
* fix serializer for device user binding

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix missing import

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* don't expire enrollment tokens by default

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* slightly better config modal error handling

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add ability to bind to device

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add text when authenticating to device

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* prevent error when no authz flow is set

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add device to token log

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* address comments

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* rework config

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix expiring default

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* don't require page refresh for enrollment token to show up

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* make config

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2025-12-08 01:13:29 +01:00
Jens L.
31186baf25 flows: refresh unauthenticated tabs (#18621) 
* flows: implement signaling

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add flag

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* better flag configuration

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* format

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* Update web/src/flow/FlowExecutor.ts

Co-authored-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com>
Signed-off-by: Jens L. <jens@beryju.org>

* format

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens L. <jens@beryju.org>
Co-authored-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com>
 2025-12-05 16:03:16 +01:00
Dominic R
c1cfeaf4b5 providers/scim: cache ServiceProviderConfig (#18047) 2025-12-03 08:07:00 -05:00
Jens L.
d0ef8a8b8e endpoints/stage: v2, better error handling, more settings (#18545) 
* add options, idle fallback

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* delete other device tokens during enroll

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* better error handling

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2025-12-02 22:25:47 +01:00
Jens L.
5ccd66ddca endpoints: implement endpoint stage (#18468) 
* endpoints: implement endpoint stage

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* format

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix mismatched label

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix url in mdm config

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* rephrase

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* and API & UI

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add deprecated support and deprecate gdtc

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add stage mode

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fixup

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* rework stage slightly, add frontend

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* include jwks, add iat and exp

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* set kid

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* include device details in event list

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* format

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* implement device summary

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add remaining tables

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* revert sanitize

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix uuid format issues

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2025-12-02 19:19:14 +01:00
Connor Peshek
45ee4af451 sources/oauth: save returned oauth refresh tokens and add slack provider (#18501) 
* sources/oauth: save returned oauth refresh tokens

* Update authentik/sources/oauth/models.py

Co-authored-by: Jens L. <jens@goauthentik.io>
Signed-off-by: Connor Peshek <connor@connorpeshek.me>

* lint

* add tests

* fix proper id setting

* update id test

---------

Signed-off-by: Connor Peshek <connor@connorpeshek.me>
Co-authored-by: connor peshek <connorpeshek@unknown1641287c8f5d.attlocal.net>
Co-authored-by: Jens L. <jens@goauthentik.io>
Co-authored-by: connor peshek <connorpeshek@connors-MacBook-Pro.local>
 2025-12-02 11:49:40 -06:00
Marc 'risson' Schmitt
c30d1a478d files: rework (#17535) 
Co-authored-by: Dominic R <dominic@sdko.org>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Tana M Berry <tana@goauthentik.io>
 2025-12-02 18:01:51 +01:00
Jens L.
874a20b908 enterprise: Apple Platform SSO (#15318) 
* init

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* snap

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* format

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* it works

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* give session

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix session

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* better endpoint

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add api

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* attempt endpoint

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* refactor into endpoints system

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* start reworking

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* make it work more

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* re-add user data

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add jwks

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add rest of the endpoints

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix test

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix lookup

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix device group selection

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix incorrect device id

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix register

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* implement the thing

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix a bunch of things

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix issuer

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix fully

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* format

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add test for apple JWE

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add more tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add token tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* make auth session duration configurable, merge migrations

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update api & ui

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix enterprise

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* include platform sso in generated mdm config

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2025-12-01 00:28:09 +01:00
Jens L.
f1a1f327cd endpoints: rework perms (#18422) 
* fix api being incorrect

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* more lenient facts

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix authz flow not returning slug

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* different auth header for multi-auth

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2025-11-28 17:26:11 +01:00
Jens L.
59da20e81c endpoints: include device ID in agent config (#18414) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2025-11-27 19:23:56 +01:00
Jens L.
1fb71371cb endpoints: AuthN and AuthZ (#18350) 
* start agent auth

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* also check windows system disk (hardcode C: for now)

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add process table

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* include jwks

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* nonce

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* snap

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* missing exp and username (temp values)

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix missing meta

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* rework auth and migrations

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* include system config in agent config

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix a bunch of broken stuff

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update ui

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* format

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add device to login event

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add ssh

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* start adding tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* policies

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* remove domain name

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix leftover

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add device to flow context

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* dont allow access without policies

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* some ui changes

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* re-invent the wheel again

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* start updating tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* t

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* Revert "t"

This reverts commit b74db5f5d4.

* Revert "start updating tests"

This reverts commit b2524c00b2.

* Revert "re-invent the wheel again"

This reverts commit c7cdf4c018.

* fixup

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix ui

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* re-migrate

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix web build

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* f

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add device users and device groups

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* expand users

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2025-11-27 19:05:57 +01:00
Marc 'risson' Schmitt
9621082f06 *: convert slugfields to textfields (#17411) 
* *: convert slugfields to textfields

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* update migrations

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

---------

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
 2025-11-25 17:56:36 +00:00
Dominic R
b8dee0c0c3 web/sources: Add promoted source (#18334) 
* web/sources: Add promoted source

* fix some css

* fix test
 2025-11-25 10:54:07 -05:00
Dominic R
c18f6d2f21 root: regen schema (#18327) 2025-11-24 14:31:41 +01:00
Jens L.
e9c2e10828 endpoints: initial data structure + agent (#11499) 
* endpoints: initial data structure

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* some moving

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* more stuff

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* rework models a bit

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* small QOL

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix API

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* more structure, early UI

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* start agent connector

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix IDs

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix schema

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* init fleet

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* t

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add more pages

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* more

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* more

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* stage

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* start challenge

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* t

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* I had an idea

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* more stuf

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* more frontend plumbing

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* keep original gdtc for now

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* move agent to non enterprise

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* small stuff

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add last_update

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* rework common facts

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add processes

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add last_update

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* very basic UI

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* rework

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add path

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* capacity in int64

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add support for multiple versions of data

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* expiring snapshots

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update API

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* better structure and query and fleet

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix more

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add more metrics

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* more UI

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* more device data

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* format

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* correct task schedule

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* ignore device snapshot

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix more things, agent connector form

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* connector edit

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix some api stuff

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix build

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add preview banner

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add percentage

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* start agent view page

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add enrollment token api

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* start agent connector view page

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* more UI

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* small fix

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* ephemeral devices

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* less hardcoded

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add refresh interval

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix fleet os family, os family label

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix some things

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* start writing tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* rework auth to be more rest-framework like

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* move enterprise parts to enterprise

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* remove chrome from this PR

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* remove fleet from this PR

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* optimise API to use cached facts on list

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* rename some things

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* use hostname

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* re-migrate

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* cleanup unused things

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* remove stage for now

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* format

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* save connector related to user binding of device

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* device attributes

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add device group selector

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix expandable

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix missing device group obj

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* purge through cache if we get a snapshot from a new connection

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* dont log devicetoken

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* make device deletable

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* handle no facts

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add device form

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix device group not assigned

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add tests for facts merging

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix lint

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* start setup, generate mdm config

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* connector -> controller to avoid duplicate names

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* format

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add full how to

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* format

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* enable search

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* more things

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add support on type create page for above form text

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix enrollment token expiry (list and form)

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add token copy

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* annotate mdm config correctly

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix config download

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* decent design

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* remove placeholders

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* pre-add fields for apple platform sso

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2025-11-20 22:31:30 +01:00
Connor Peshek
0b01f45b07 crypto: update certificate api and component (#17921) 
* Update crypto api and front-end component

---------

Co-authored-by: connor peshek <connorpeshek@connors-MacBook-Pro.local>
 2025-11-04 14:44:57 -06:00
Marc 'risson' Schmitt
e593933bca lib/sync/outgoing: store sync settings in database (#17630) 2025-10-22 17:15:37 +02:00
authentik-automation[bot]
db213a8944 root: bump version to 2025.12.0-rc1 (#17603) 
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
 2025-10-21 01:10:16 +02:00
Jens L.
2484f28bb6 sources/oauth: configurable PKCE mode (#17487) 
* sources/oauth: configurable PKCE mode

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* common function for pkce s256

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2025-10-16 13:32:03 +02:00
Erik Ahlund
619fdb506f stages/prompt: add ability to set separate labels and values for choices (#16693) 
* Choices can have value and label

Value and label are set turned to a string.
This will make choices into a Array<{ [key: string]: any; }> | null which at some point it should be a defined interface.

* Auto Updated schema.yml

* Used label and value in choice

Label and Value are used for Dropdown and RadioButtonGroup. Strings are still accepted.

* docs: Updated stages/prompt documentation

* Updated docs for initial-value

Also fixed wrong choice example in previous docs changes

* Check if choice is dict

Choice can of course be anything, we shouldn't assume it's string or dict

* Check if choice is dict for initial value

Same as before, choice can be anything. We check if it's explicitely a dict

* Added tests for dict choices

* ran make lint-fix

* Apply typo fix from code review

Co-authored-by: macmoritz <49832924+macmoritz@users.noreply.github.com>
Signed-off-by: Erik Ahlund <erik@ahlund.me>

* stages/prompt: add PromptChoiceSerializer

choices are now a list of PromptChoiceSerializer instead of a generic DictField.
The PromptChallenge also forces the use of value/label object.

* web: use PromptChoice object

The front end can now safely use choices as an array of PromptChoice instead of it being either a string or an object.

* slight revise

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* small ui

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* Apply suggestion from @dominic-r

Signed-off-by: Dominic R <dominic@sdko.org>

* Apply suggestion from @dominic-r

Signed-off-by: Dominic R <dominic@sdko.org>

* Apply suggestion from @dominic-r

Signed-off-by: Dominic R <dominic@sdko.org>

---------

Signed-off-by: Erik Ahlund <erik@ahlund.me>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Dominic R <dominic@sdko.org>
Co-authored-by: macmoritz <49832924+macmoritz@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Dominic R <dominic@sdko.org>
 2025-10-15 16:30:27 +02:00
Marc 'risson' Schmitt
23357f45e9 *: remove Redis leftovers (#17146) 
* *: remove Redis leftovers

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* more removal

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* fix leftover

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* more removal

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* lint

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* fix broken anchor

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* re-add redis for previous version migrations

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
 2025-10-11 01:46:53 +02:00
Marc 'risson' Schmitt
7dbdb4c613 tasks: store messages in separate table (#17359) 2025-10-10 14:35:13 +00:00
Connor Peshek
48797c6d35 providers/saml: add frontchannel idp slo, backchannel post idp slo (#15863) 
* providers/saml: add frontchannel idp slo, backchannel post idp slo

* move signal to user_logout stage

* split logic for injection of stages into proper providers signals

* cleanup data structures

* scope stages

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* uuid pk

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* cleanup schema

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* format

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* format, again

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* Update tasks.py

* Update pyproject.toml

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: connor peshek <connorpeshek@connors-MacBook-Pro.local>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
 2025-10-10 12:01:39 +00:00
Jens L.
bbf77002d5 api: Clean schema up more (#17055) 
* api: better filtering

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* revamp prompt

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add common query param to dedupe

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* simplify paginated results

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* simplify error responses

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* keep error schemas

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* better structure

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* format

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* ok simplifying too far

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix web

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* remove unused optimization

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* re-gen

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2025-10-08 22:35:10 +02:00
Marc 'risson' Schmitt
a4a6c1fe3b tasks: show number of retries and planned execution time (#17295) 
Co-authored-by: Jens L. <jens@goauthentik.io>
 2025-10-08 16:45:18 +02:00
Jens L.
e3ae6eea00 tasks: add task status summary (#17302) 2025-10-07 18:20:31 +02:00
Marc 'risson' Schmitt
907ccd63a0 tasks: add preprocess, running and postprocess statuses (#17297) 2025-10-07 14:19:03 +00:00
Alexander Tereshkin
eeb5cb08cd sources: add Telegram source (#15749) 
* sources: add Telegram source (#2232)

* sources/telegram: put telegram user info into policy context (#2232)

* sources/telegram: replace regular input for bot token with a "secret" one (#2232)

* sources/telegram: fix typo on Telegram source form

* sources/telegram: added UserSourceConnection/GroupSourceConnection and SourceFlowManager subclasses for Telegram source

* sources/telegram: improved code layout

* sources/telegram: collapsed migrations

* sources/telegram: fix lint errors

* sources/telegram: fixed lint errors in docs

* sources/telegram: fix app config

* Update website/docs/users-sources/sources/social-logins/telegram/index.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Alexander Tereshkin <96586+atereshkin@users.noreply.github.com>

* Update website/docs/users-sources/sources/social-logins/telegram/index.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Alexander Tereshkin <96586+atereshkin@users.noreply.github.com>

* Update website/docs/users-sources/sources/social-logins/telegram/index.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Alexander Tereshkin <96586+atereshkin@users.noreply.github.com>

* Update website/docs/users-sources/sources/social-logins/telegram/index.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Alexander Tereshkin <96586+atereshkin@users.noreply.github.com>

* Update website/docs/users-sources/sources/social-logins/telegram/index.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Alexander Tereshkin <96586+atereshkin@users.noreply.github.com>

* Update website/docs/users-sources/sources/social-logins/telegram/index.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Alexander Tereshkin <96586+atereshkin@users.noreply.github.com>

* Update website/docs/users-sources/sources/social-logins/telegram/index.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Alexander Tereshkin <96586+atereshkin@users.noreply.github.com>

* Update website/docs/users-sources/sources/social-logins/telegram/index.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Alexander Tereshkin <96586+atereshkin@users.noreply.github.com>

* Update website/docs/users-sources/sources/social-logins/telegram/index.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Alexander Tereshkin <96586+atereshkin@users.noreply.github.com>

* Update website/docs/users-sources/sources/social-logins/telegram/index.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Alexander Tereshkin <96586+atereshkin@users.noreply.github.com>

* Update website/docs/users-sources/sources/social-logins/telegram/index.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Alexander Tereshkin <96586+atereshkin@users.noreply.github.com>

* Update website/docs/users-sources/sources/social-logins/telegram/index.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Alexander Tereshkin <96586+atereshkin@users.noreply.github.com>

* Update website/docs/users-sources/sources/social-logins/telegram/index.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Alexander Tereshkin <96586+atereshkin@users.noreply.github.com>

* Update website/docs/users-sources/sources/social-logins/telegram/index.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Alexander Tereshkin <96586+atereshkin@users.noreply.github.com>

* sources/telegram: add user source settings UI so that the users can disconnect Telegram source from their account

* sources/telegram: clean up code per @risson's suggestions

* sources/telegram: improve docs based on @tanberry's suggestions

* sources/telegram: fix minor docs formatting issue

* sources/teleram: add tests for views

* sources/telegram: update serielizer field types references to be in line with convention

* sources/telegram: add missing type annotations

* sources/telegram: add check for source.enabled in the redirect view

* sources/telegram: add pre-authentication flow to telegram source

* sources: add Telegram source (#2232)

* sources/telegram: added UserSourceConnection/GroupSourceConnection and SourceFlowManager subclasses for Telegram source

* sources/telegram: collapsed migrations

* sources/telegram: fix lint errors

* sources/telegram: clean up code per @risson's suggestions

* sources/teregram: fix merge errors

* sources/telegram: improve docs wording

* Standardized documentation

* sources/telegram: added telegram source package to the list of ignored modules for mypy

* sources/telegram: fix TS lint errors

* sources/telegram: improve test coverage

* web: bump @types/node from 22.15.19 to 24.5.2 in /web (#16989)

Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 22.15.19 to 24.5.2.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-version: 24.5.2
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

---------

Signed-off-by: Alexander Tereshkin <96586+atereshkin@users.noreply.github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Co-authored-by: dewi-tik <dewi@goauthentik.io>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-10-01 17:03:38 +02:00
Dominic R
0b667c8019 core: Add input validation for service account creation (#16964) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2025-09-30 14:07:41 +02:00
Jens L.
1028c962c7 providers/oauth2: only issue new refresh token if old one is about to expire (#16905) 
* providers/oauth2: only issue new refresh token if old one is about to expire

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* make configurable

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* tests and fixes

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* sigh

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2025-09-27 00:18:14 +02:00
Connor Peshek
87a28d63ed sources/saml: add location selection for Signature node (#15626) 
* sources/saml: add location selection for Signature node

---------

Signed-off-by: Connor Peshek <connor@connorpeshek.me>
Co-authored-by: connor <connor@connors-MacBook-Pro.local>
Co-authored-by: Dominic R <dominic@sdko.org>
Co-authored-by: connor peshek <connorpeshek@connors-MacBook-Pro.local>
Co-authored-by: Katsushi Kobayashi < ikob@acm.org>
 2025-09-26 11:07:51 -05:00
Jens L.
4ec785a598 core/api: Better naming for partial user/group serializer, optimise bindings (#17022) 
* core: add index on Group.is_superuser (#17011)

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update go code

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* also optimise bindings

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* typo

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* remove unused

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
 2025-09-26 14:43:39 +02:00
Jens L.
53308295a2 providers/scim: add salesforce support (#16976) 
* providers/scim: add salesforce support

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix lint

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2025-09-25 14:36:23 +02:00
Jens L.
1f81d234cb enterprise/providers/radius: add EAP-TLS support (#15702) 
* implement with library (backend)

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add outpost

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* format

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add basic docs

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add enterprise notice to certificate

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* clearer enterprise stuff

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* idk

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2025-09-23 23:54:09 +02:00
Jens L.
2e56082066 enterprise/providers/scim: Add SCIM OAuth support (#16903) 
* sources/oauth: add expires field to user source connection

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* providers/scim: add support for other auth methods

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* rest of the owl

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* allow specifying any params

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add UI

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* delete user when token

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add tests and fix

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* sigh

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* gen

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* better API validation

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix sentry

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* one more test and fix

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2025-09-23 17:52:02 +02:00