eliott/authentik
1
0
Fork 0
mirror of https://github.com/goauthentik/authentik synced 2026-05-11 09:26:22 +02:00
Code Issues Packages Projects Releases Wiki Activity
21,675 Commits 366 Branches 440 Tags
e7fcfb7e67d5df3e8a8a5da170f18fa4c6b98731
Commit Graph

21675 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
CodeMax IT Solutions Pvt. Ltd.
d60806dfc3 core: add bulk session revocation (#18564) 
* feat: add bulk session revocation functionality for users

* feat: add bulk delete functionality for authenticated sessions

- Implemented BulkDeleteSessionSerializer for handling bulk session deletions.
- Added bulk_delete action to AuthenticatedSessionViewSet for revoking sessions by user IDs.
- Updated API schema to include new endpoint for bulk session deletion.
- Modified UserBulkRevokeSessionsForm to utilize the new bulk delete API.

* Update authentik/core/api/authenticated_sessions.py

Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
Signed-off-by: CodeMax IT Solutions Pvt. Ltd. <137166088+cdmx-in@users.noreply.github.com>

* Update authentik/core/api/authenticated_sessions.py

PassiveSerializer for BulkDeleteSessionSerializer

Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
Signed-off-by: CodeMax IT Solutions Pvt. Ltd. <137166088+cdmx-in@users.noreply.github.com>

* Update authentik/core/api/authenticated_sessions.py

user_pks  instead of user_ids

Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
Signed-off-by: CodeMax IT Solutions Pvt. Ltd. <137166088+cdmx-in@users.noreply.github.com>

* feat: enhance bulk delete functionality for authenticated sessions

* feat: update bulk delete endpoint for authenticated sessions to use DELETE method and query parameters

* Update authentik/core/api/authenticated_sessions.py

Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
Signed-off-by: CodeMax IT Solutions Pvt. Ltd. <137166088+cdmx-in@users.noreply.github.com>

* lint

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* Prettier

---------

Signed-off-by: CodeMax IT Solutions Pvt. Ltd. <137166088+cdmx-in@users.noreply.github.com>
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
Co-authored-by: Dewi Roberts <dewi@goauthentik.io>
 2026-01-22 17:17:04 +00:00
Dewi Roberts
226cf584cf website/docs: endpoint devices: add serial number note (#19677) 
* Add serial number note

* Add more info
 2026-01-22 14:16:53 +00:00
Jens L.
526b832a74 sources/oauth: add fallback for id_token when profile URL is not available (#19311) 
* sources/oauth: add fallback for id_token when profile URL is not available

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* format

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2026-01-22 15:08:03 +01:00
Dewi Roberts
749a322b5b website/docs: update LDAP search permission instructions (#19676) 
Updates LDAP permissions
 2026-01-22 13:44:59 +00:00
Jeroen
5c51ee5960 providers/oauth2: add logout+jwt token type for oidc logout token. (#19554) 
* providers/oauth2: add `logout+jwt` token type for oidc logout token.

The oidc back-channel logout spec recommends using explicitly typed JWTs using the `typ` parameter in the JWT's header.

[spec](https://openid.net/specs/openid-connect-backchannel-1_0.html#CrossJWT)

This may be a breaking change for some implementations if they were already checking the type of the token to be `JWT` (the default value).

* Apply suggestion from @BeryJu

Signed-off-by: Jens L. <jens@beryju.org>

---------

Signed-off-by: Jens L. <jens@beryju.org>
Co-authored-by: Jens L. <jens@beryju.org>
 2026-01-22 13:48:58 +01:00
dependabot[bot]
95e7d194d3 web: bump core-js from 3.47.0 to 3.48.0 in /web (#19665) 
Bumps [core-js](https://github.com/zloirock/core-js/tree/HEAD/packages/core-js) from 3.47.0 to 3.48.0.
- [Release notes](https://github.com/zloirock/core-js/releases)
- [Changelog](https://github.com/zloirock/core-js/blob/master/CHANGELOG.md)
- [Commits](https://github.com/zloirock/core-js/commits/v3.48.0/packages/core-js)

---
updated-dependencies:
- dependency-name: core-js
  dependency-version: 3.48.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-01-22 12:23:51 +01:00
dependabot[bot]
df91a63ead web: bump the rollup group across 1 directory with 4 updates (#19663) 
Bumps the rollup group with 4 updates in the /web directory: [@rollup/rollup-darwin-arm64](https://github.com/rollup/rollup), [@rollup/rollup-linux-arm64-gnu](https://github.com/rollup/rollup), [@rollup/rollup-linux-x64-gnu](https://github.com/rollup/rollup) and [rollup](https://github.com/rollup/rollup).


Updates `@rollup/rollup-darwin-arm64` from 4.55.2 to 4.55.3
- [Release notes](https://github.com/rollup/rollup/releases)
- [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rollup/rollup/compare/v4.55.2...v4.55.3)

Updates `@rollup/rollup-linux-arm64-gnu` from 4.55.2 to 4.55.3
- [Release notes](https://github.com/rollup/rollup/releases)
- [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rollup/rollup/compare/v4.55.2...v4.55.3)

Updates `@rollup/rollup-linux-x64-gnu` from 4.55.2 to 4.55.3
- [Release notes](https://github.com/rollup/rollup/releases)
- [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rollup/rollup/compare/v4.55.2...v4.55.3)

Updates `rollup` from 4.55.2 to 4.55.3
- [Release notes](https://github.com/rollup/rollup/releases)
- [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rollup/rollup/compare/v4.55.2...v4.55.3)

---
updated-dependencies:
- dependency-name: "@rollup/rollup-darwin-arm64"
  dependency-version: 4.55.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: rollup
- dependency-name: "@rollup/rollup-linux-arm64-gnu"
  dependency-version: 4.55.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: rollup
- dependency-name: "@rollup/rollup-linux-x64-gnu"
  dependency-version: 4.55.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: rollup
- dependency-name: rollup
  dependency-version: 4.55.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: rollup
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-01-22 12:20:26 +01:00
dependabot[bot]
21ab6b459d web: bump the storybook group across 1 directory with 5 updates (#19661) 
Bumps the storybook group with 4 updates in the /web directory: [@storybook/addon-docs](https://github.com/storybookjs/storybook/tree/HEAD/code/addons/docs), [@storybook/addon-links](https://github.com/storybookjs/storybook/tree/HEAD/code/addons/links), [@storybook/web-components](https://github.com/storybookjs/storybook/tree/HEAD/code/renderers/web-components) and [@storybook/web-components-vite](https://github.com/storybookjs/storybook/tree/HEAD/code/frameworks/web-components-vite).


Updates `@storybook/addon-docs` from 10.1.11 to 10.2.0
- [Release notes](https://github.com/storybookjs/storybook/releases)
- [Changelog](https://github.com/storybookjs/storybook/blob/next/CHANGELOG.md)
- [Commits](https://github.com/storybookjs/storybook/commits/v10.2.0/code/addons/docs)

Updates `@storybook/addon-links` from 10.1.11 to 10.2.0
- [Release notes](https://github.com/storybookjs/storybook/releases)
- [Changelog](https://github.com/storybookjs/storybook/blob/next/CHANGELOG.md)
- [Commits](https://github.com/storybookjs/storybook/commits/v10.2.0/code/addons/links)

Updates `@storybook/web-components` from 10.1.11 to 10.2.0
- [Release notes](https://github.com/storybookjs/storybook/releases)
- [Changelog](https://github.com/storybookjs/storybook/blob/next/CHANGELOG.md)
- [Commits](https://github.com/storybookjs/storybook/commits/v10.2.0/code/renderers/web-components)

Updates `@storybook/web-components-vite` from 10.1.11 to 10.2.0
- [Release notes](https://github.com/storybookjs/storybook/releases)
- [Changelog](https://github.com/storybookjs/storybook/blob/next/CHANGELOG.md)
- [Commits](https://github.com/storybookjs/storybook/commits/v10.2.0/code/frameworks/web-components-vite)

Updates `storybook` from 10.1.11 to 10.2.0
- [Release notes](https://github.com/storybookjs/storybook/releases)
- [Changelog](https://github.com/storybookjs/storybook/blob/next/CHANGELOG.md)
- [Commits](https://github.com/storybookjs/storybook/commits/v10.2.0/code/core)

---
updated-dependencies:
- dependency-name: "@storybook/addon-docs"
  dependency-version: 10.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: storybook
- dependency-name: "@storybook/addon-links"
  dependency-version: 10.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: storybook
- dependency-name: "@storybook/web-components"
  dependency-version: 10.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: storybook
- dependency-name: "@storybook/web-components-vite"
  dependency-version: 10.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: storybook
- dependency-name: storybook
  dependency-version: 10.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: storybook
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-01-22 12:19:57 +01:00
dependabot[bot]
c8af6588e4 web: bump country-flag-icons from 1.6.4 to 1.6.7 in /web (#19666) 
Bumps [country-flag-icons](https://gitlab.com/catamphetamine/country-flag-icons) from 1.6.4 to 1.6.7.
- [Changelog](https://gitlab.com/catamphetamine/country-flag-icons/blob/master/CHANGELOG.md)
- [Commits](https://gitlab.com/catamphetamine/country-flag-icons/compare/v1.6.4...v1.6.7)

---
updated-dependencies:
- dependency-name: country-flag-icons
  dependency-version: 1.6.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-01-22 12:19:31 +01:00
dependabot[bot]
403db4cd64 web: bump prettier from 3.8.0 to 3.8.1 in /web (#19667) 
Bumps [prettier](https://github.com/prettier/prettier) from 3.8.0 to 3.8.1.
- [Release notes](https://github.com/prettier/prettier/releases)
- [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md)
- [Commits](https://github.com/prettier/prettier/compare/3.8.0...3.8.1)

---
updated-dependencies:
- dependency-name: prettier
  dependency-version: 3.8.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-01-22 12:19:05 +01:00
dependabot[bot]
7f65b86e34 web: bump @types/node from 25.0.9 to 25.0.10 in /web (#19669) 
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 25.0.9 to 25.0.10.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-version: 25.0.10
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-01-22 12:18:46 +01:00
dependabot[bot]
735146f9a6 core, web: bump lodash from 4.17.21 to 4.17.23 in /packages/docusaurus-config (#19655) 
core, web: bump lodash in /packages/docusaurus-config

Bumps [lodash](https://github.com/lodash/lodash) from 4.17.21 to 4.17.23.
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](https://github.com/lodash/lodash/compare/4.17.21...4.17.23)

---
updated-dependencies:
- dependency-name: lodash
  dependency-version: 4.17.23
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-01-22 11:51:30 +01:00
dependabot[bot]
95c974a3a3 ci: bump actions/setup-python from 6.1.0 to 6.2.0 in /.github/actions/setup (#19664) 
ci: bump actions/setup-python in /.github/actions/setup

Bumps [actions/setup-python](https://github.com/actions/setup-python) from 6.1.0 to 6.2.0.
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](83679a892e...a309ff8b42)

---
updated-dependencies:
- dependency-name: actions/setup-python
  dependency-version: 6.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-01-22 11:51:06 +01:00
dependabot[bot]
68096987fa ci: bump peter-evans/create-pull-request from 8.0.0 to 8.1.0 (#19662) 
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) from 8.0.0 to 8.1.0.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases)
- [Commits](98357b18bf...c0f553fe54)

---
updated-dependencies:
- dependency-name: peter-evans/create-pull-request
  dependency-version: 8.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-01-22 11:50:57 +01:00
dependabot[bot]
930a06ab8c web: bump @sentry/browser from 10.35.0 to 10.36.0 in /web in the sentry group across 1 directory (#19660) 
web: bump @sentry/browser in /web in the sentry group across 1 directory

Bumps the sentry group with 1 update in the /web directory: [@sentry/browser](https://github.com/getsentry/sentry-javascript).


Updates `@sentry/browser` from 10.35.0 to 10.36.0
- [Release notes](https://github.com/getsentry/sentry-javascript/releases)
- [Changelog](https://github.com/getsentry/sentry-javascript/blob/develop/CHANGELOG.md)
- [Commits](https://github.com/getsentry/sentry-javascript/compare/10.35.0...10.36.0)

---
updated-dependencies:
- dependency-name: "@sentry/browser"
  dependency-version: 10.36.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: sentry
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-01-22 11:50:46 +01:00
dependabot[bot]
2d92c340ae core: bump packaging from 25.0 to 26.0 (#19659) 
Bumps [packaging](https://github.com/pypa/packaging) from 25.0 to 26.0.
- [Release notes](https://github.com/pypa/packaging/releases)
- [Changelog](https://github.com/pypa/packaging/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/pypa/packaging/compare/25.0...26.0)

---
updated-dependencies:
- dependency-name: packaging
  dependency-version: '26.0'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-01-22 11:48:37 +01:00
authentik-automation[bot]
e8b0f498c4 core, web: update translations (#19654) 
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
 2026-01-22 11:47:41 +01:00
dependabot[bot]
b4fab52562 web: bump chromedriver from 143.0.4 to 144.0.0 in /web (#19668) 
Bumps [chromedriver](https://github.com/giggio/node-chromedriver) from 143.0.4 to 144.0.0.
- [Commits](https://github.com/giggio/node-chromedriver/compare/143.0.4...144.0.0)

---
updated-dependencies:
- dependency-name: chromedriver
  dependency-version: 144.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-01-22 11:44:12 +01:00
Dominic R
1fa2cc075b web/admin: fix captcha stage provider selector not showing saved value (#19555) 
* web/admin: fix captcha stage provider selector not showing saved value

Overview:

When editing an existing captcha stage, the Provider Type dropdown always showed "Google reCAPTCHA v2" (the first option) instead of the actual configured provider (e.g. Cloudflare Turnstile).

The root cause was using `.value=${this.selectedProvider}` on the `<select>` element, which doesn't work reliably in Lit templates. the browser selects the first `<option>` by default before the property binding takes effect.

Fixed by adding the `selected` attribute directly to each `<option>` element.

Testing:

1. Create a new captcha stage with Cloudflare Turnstile
2. Save and close the form
3. Edit the stage again
4. Verify the Provider Type dropdown shows "Cloudflare Turnstile" instead of "Google reCAPTCHA v2"

Motivation:

Closes https://github.com/goauthentik/authentik/issues/19550

* web/admin: default captcha provider selector to first option

Matches previous behavior and makes it slightly friendlier than a blank page without any help.
 2026-01-21 21:10:53 -05:00
Jens L.
77dd935bea web/flows: update icon and text for device classes (#19648) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2026-01-22 01:31:45 +01:00
Ken Sternberg
08b07979ad web/elements: remove pfbase everywhere (#19623) 
* web: Add InvalidationFlow to Radius Provider dialogues

## What

- Bugfix: adds the InvalidationFlow to the Radius Provider dialogues
  - Repairs: `{"invalidation_flow":["This field is required."]}` message, which was *not* propagated
    to the Notification.
- Nitpick: Pretties `?foo=${true}` expressions: `s/\?([^=]+)=\$\{true\}/\1/`

## Note

Yes, I know I'm going to have to do more magic when we harmonize the forms, and no, I didn't add the
Property Mappings to the wizard, and yes, I know I'm going to have pain with the *new* version of
the wizard. But this is a serious bug; you can't make Radius servers with *either* of the current
dialogues at the moment.

* This (temporary) change is needed to prevent the unit tests from failing.

\# What

\# Why

\# How

\# Designs

\# Test Steps

\# Other Notes

* Revert "This (temporary) change is needed to prevent the unit tests from failing."

This reverts commit dddde09be5.

* website: fix bad escaping of URLs in release notes

## What

Fixes bad escaping of URLs in the release notes that resulted in mangled output.

v2024.6.4 had entries that looked like this:

```
##### `GET` /providers/google_workspace/{#123;id}#125;/
```

v2025.4.md had entries that looked like this:

```
##### `GET` /policies/unique_password/{#125;#123;policy_uuid}/
```

A couple of straightforward search-and-replaces has fixed the issue.

## Notes

Two of the release notes had bad escaping of URLs. I'm not sure how the error was made or got past,
but it was obvious when visiting the page.

@Beryju suggested that the bug is due to our using `{...}` to symbolize parameters in a URL while
Docusaurus wants to interpret `{...}` as an internal template instruction, resulting in odd
behavior. In either case, docusarus interpreted the hashtagged entries as links to unrelated issues
in Github (the same two issues, which were "bump version of pylint" and "bump version of sentry"),
which could be very confusing.

The inconsistencies between the two releases, and the working releases, suggests that the error was
introduced manually.

* web: Remove PFBase.

* Remove stub.

* Just keeping this around.

* web/maintenance: deprecate PFBase in favor of an adopted stylesheet

# What !?!?!?

Removes `PFBase` from all components.

# Why !?!?!?

In `AkElement`, there was this code:

        protected static override finalizeStyles(styles?: CSSResultGroup): CSSResultOrNative[] {
            if (!styles) return [$PFBase, $AKBase];

            if (!Array.isArray(styles)) return [$PFBase, createCSSResult(styles), $PFBase, $AKBase];

            return [
                $PFBase,
                // ---
                ...(styles.flat() as CSSResultOrNative[]).map(createCSSResult),
                $AKBase,
            ];
        }

I’ve refined this:

        protected static override finalizeStyles(styles: CSSResultGroup = []): CSSResultOrNative[] {
            const elementStyles = [
                $PFBase,
                // Route around TSC`s known-to-fail typechecking of `.flat(Infinity)`. Removes types.
                ...([styles] as Array<unknown>).flat(Infinity),
                $AKBase,
                // Restore types. Safe: we control AKBase and PFBase in this file, and `styles` are
                // typed on function signature.
            ] as CSSResultOrNative[];

            // Remove duplicates in reverse order to preserve last-insert-wins semantics of CSS.
            const elementSet = new Set(elementStyles.reverse());
            // Reverse again because the return type is an array, and process as a CSSResult
            return Array.from(elementSet).reverse().map(createCSSResult);
        }

… with the duplication removal documented in Lit 3.0. `styles` defaults to an array, is cast to an array, then automatically flattented before the deduplication is run.

With this, both PFBase and AKBase are automatically included with each and every component that inherits from `AKElement`. At that point, the inclusion of `PFBase` interface-wide made no sense.

So they had to be removed:

    $ for i in $(rg -t typescript -l PFBase | rg -v 'elements/Base\.ts') ; do \
        perl -pi.bak -e 's{import PFBase from ".patternfly/patternfly/patternfly-base.css";}{}' "$i" ; \
        done
    $ for i in $(rg -t typescript -l PFBase | rg -v 'elements/Base\.ts') ; do \
        perl -pi.bak -e 's/PFBase,//' "$i" ; \
        done

This commit removes 131 `import` statements from the source code. As a result, the bundle is about 27K smaller… which admittedly is about 0.2% smaller than before. Ah, well. “Every little bit helps,” right?

* Update comment to point to semantic rules for `finalizeStyles` in Lit reactive-element

* Yeah, didn't need the analysis files lying around.

* Merge confirmed

---------

Co-authored-by: Teffen Ellis <teffen@goauthentik.io>
 2026-01-21 12:54:09 -08:00
Teffen Ellis
4f1b8be014 web/a11y: Locale selector select styles, contrast. (#19634) 
web: Fix issues surrounding select styles, alignment, contrast.
 2026-01-21 20:59:21 +01:00
Teffen Ellis
9290e55aa7 web: Reduce Sentry Development Errors (#19504) 2026-01-21 20:59:12 +01:00
Connor Peshek
e69bb40a75 sources/saml: properly catch InvalidSignature exception (#19641) 
Fix error catching
 2026-01-21 11:18:05 -06:00
Katsushi Kobayashi
6057b29369 sources/saml: Set AuthnRequest ProtocolBinding to HTTP-POST instead of HTTP-Redirect (#17378) 
* Use HTTP-POST instead of HTTP-Redirect for ProtocolBinding attribute in AuthnRequest

* Fix nits

Signed-off-by: Katsushi Kobayashi <ikob@acm.org>

---------

Signed-off-by: Katsushi Kobayashi <ikob@acm.org>
 2026-01-21 11:13:44 -06:00
Jens L.
3d06d5d6a9 website/docs: update endpoint agent windows log location (#19645) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2026-01-21 13:00:38 +00:00
dependabot[bot]
43fb92756c core: bump library/node from 25.3.0-trixie to 25.4.0-trixie in /website (#19632) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-01-21 13:57:52 +01:00
authentik-automation[bot]
965e776797 core, web: update translations (#19535) 
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
 2026-01-21 13:52:25 +01:00
dependabot[bot]
7351512ce6 core: bump github.com/pires/go-proxyproto from 0.8.1 to 0.9.0 (#19628) 
Bumps [github.com/pires/go-proxyproto](https://github.com/pires/go-proxyproto) from 0.8.1 to 0.9.0.
- [Release notes](https://github.com/pires/go-proxyproto/releases)
- [Commits](https://github.com/pires/go-proxyproto/compare/v0.8.1...v0.9.0)

---
updated-dependencies:
- dependency-name: github.com/pires/go-proxyproto
  dependency-version: 0.9.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-01-21 13:52:03 +01:00
dependabot[bot]
0660d06d8a core: bump django-stubs[compatible-mypy] from 5.2.8 to 5.2.9 (#19629) 
Bumps [django-stubs[compatible-mypy]](https://github.com/sponsors/typeddjango) from 5.2.8 to 5.2.9.
- [Commits](https://github.com/sponsors/typeddjango/commits)

---
updated-dependencies:
- dependency-name: django-stubs[compatible-mypy]
  dependency-version: 5.2.9
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-01-21 13:51:19 +01:00
dependabot[bot]
f6a011c48a web: bump @types/react from 19.2.8 to 19.2.9 in /web in the react group across 1 directory (#19631) 
web: bump @types/react in /web in the react group across 1 directory

Bumps the react group with 1 update in the /web directory: [@types/react](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/react).


Updates `@types/react` from 19.2.8 to 19.2.9
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/react)

---
updated-dependencies:
- dependency-name: "@types/react"
  dependency-version: 19.2.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: react
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-01-21 13:50:51 +01:00
dependabot[bot]
6c0a300639 core: bump sentry-sdk from 2.49.0 to 2.50.0 (#19630) 
Bumps [sentry-sdk](https://github.com/getsentry/sentry-python) from 2.49.0 to 2.50.0.
- [Release notes](https://github.com/getsentry/sentry-python/releases)
- [Changelog](https://github.com/getsentry/sentry-python/blob/master/CHANGELOG.md)
- [Commits](https://github.com/getsentry/sentry-python/compare/2.49.0...2.50.0)

---
updated-dependencies:
- dependency-name: sentry-sdk
  dependency-version: 2.50.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-01-21 13:50:29 +01:00
Dewi Roberts
d677102587 website/integrations: update qnap (#19644) 
* Update based on issue

* Update website/integrations/infrastructure/qnap-nas/index.md

Signed-off-by: Dominic R <dominic@sdko.org>

---------

Signed-off-by: Dominic R <dominic@sdko.org>
Co-authored-by: Dominic R <dominic@sdko.org>
 2026-01-21 12:47:20 +00:00
Connor Peshek
e7fbda7711 website/docs: Update saml google workspace guide (#19624) 
* website/docs: Update saml google workspace guide

* Update website/docs/users-sources/sources/social-logins/google/workspace/index.md

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Connor Peshek <connor@connorpeshek.me>

* Update website/docs/users-sources/sources/social-logins/google/workspace/index.md

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Connor Peshek <connor@connorpeshek.me>

* Update website/docs/users-sources/sources/social-logins/google/workspace/index.md

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Connor Peshek <connor@connorpeshek.me>

* Update website/docs/users-sources/sources/social-logins/google/workspace/index.md

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Connor Peshek <connor@connorpeshek.me>

* Update website/docs/users-sources/sources/social-logins/google/workspace/index.md

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Connor Peshek <connor@connorpeshek.me>

* fix assertion signature typo

* add feedback

---------

Signed-off-by: Connor Peshek <connor@connorpeshek.me>
Co-authored-by: Dominic R <dominic@sdko.org>
Co-authored-by: Dewi Roberts <dewi@goauthentik.io>
 2026-01-21 11:31:44 +00:00
Dominic R
ec4d26293e web/elements: reduce spacing between collapsible form groups (#19627) 
Overview:

Reduce vertical padding on ak-form-group sections to create tighter spacing between collapsible form sections.

- Reduce summary padding-block from 1rem to 0.5rem when open
- Reduce summary padding-block to 0.25rem when closed
- Reduce content bottom padding from 1rem to 0.5rem
- Remove debug red outline on marker hover

Testing:

Visiting the UI

Screenshots:

Before:

<!-- TODO -->

After:

<!-- TODO -->

Motivation:

Tooooo muchhhh spaceeeeee wasssstedddd
 2026-01-21 07:58:39 +01:00
Dominic R
66d6d88ae7 web/forms: fix forms not resetting state when modal closes (#19562) 
* web/forms: fix forms not resetting state when modal closes

Overview:

Forms were not properly resetting their state when closing modals, which caused stale values to persist when reopening forms. This affected all forms with @state() decorated properties.

Testing:

1. Create any item (user, token, application, etc.), close modal
2. Click Create again, form should show default/empty values
3. Edit an item, cancel, click Create - form should be empty
4. Edit an item, cancel, edit same item - should show correct data

Motivation:

Form inputs retained values from previous create/edit operations.

* Fix linter errors, types.

* Add property accessors, types.

---------

Co-authored-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com>
 2026-01-21 07:15:14 +01:00
Julian van der Horst
61ddd761b5 web/user: fix Firefox for Android infinite render loop in user library (#19379) 
web: Add ARIA fixes, live region reporting.

Co-authored-by: Teffen Ellis <teffen@goauthentik.io>
 2026-01-21 03:14:54 +00:00
Connor Peshek
ecaa673171 website/docs: sources: add keycloak (#19591) 
* docs/sources: add keycloak as saml source steps

* add keycloak to sidebar

* Update website/docs/users-sources/sources/social-logins/keycloak/index.md

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Connor Peshek <connor@connorpeshek.me>

* Update website/docs/users-sources/sources/social-logins/keycloak/index.md

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Connor Peshek <connor@connorpeshek.me>

* add feedback

* fix slug and update steps

---------

Signed-off-by: Connor Peshek <connor@connorpeshek.me>
Co-authored-by: Dominic R <dominic@sdko.org>
 2026-01-20 14:24:11 -06:00
Fletcher Heisler
93a56f8084 website/docs: endpoints devices: typo fix (#19621) 
docs typo fix

Signed-off-by: Fletcher Heisler <fheisler@users.noreply.github.com>
 2026-01-20 20:23:31 +00:00
Marc 'risson' Schmitt
6d9766e4a5 lib/sync/outgoing: handle deletions even if object does not exist in database (#18968) 2026-01-20 18:17:19 +01:00
Connor Peshek
1ddf4f8247 sources/saml: Fix signature verification order to accommodate encrypted assertions (#19593) 
* sources/saml: Fix signature verificaiton order on encrypted responses

* type hints

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
 2026-01-20 08:58:07 -06:00
Connor Peshek
d1a909ac69 providers/saml: fix structure of encrypted saml assertion (#19592) 2026-01-20 08:57:30 -06:00
Connor Peshek
31f8a1a0a0 providers/saml: allow encryption certificates without private keys (#19526) 
* providers/saml: allow selection of certificates without private keys for saml encryption

* fix back-end to support cert only
 2026-01-20 08:56:49 -06:00
Connor Peshek
511476a1f9 integrations: add saml steps to mattermost (#19590) 
* docs/integrations: add saml steps to mattermost

* Minor changes

---------

Co-authored-by: dewi-tik <dewi@goauthentik.io>
 2026-01-20 08:10:36 -06:00
Jens L.
3693fcf380 policies: fix Provider's authentication_flow not used when set (#19609) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2026-01-20 14:57:45 +01:00
dependabot[bot]
badabec056 web: bump type-fest from 5.4.0 to 5.4.1 in /web (#19473) 
Bumps [type-fest](https://github.com/sindresorhus/type-fest) from 5.4.0 to 5.4.1.
- [Release notes](https://github.com/sindresorhus/type-fest/releases)
- [Commits](https://github.com/sindresorhus/type-fest/compare/v5.4.0...v5.4.1)

---
updated-dependencies:
- dependency-name: type-fest
  dependency-version: 5.4.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-01-20 14:54:18 +01:00
Jens L.
97a9879127 endpoints: fix endpoints stage marked as enterprise (#19607) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2026-01-20 14:19:36 +01:00
dependabot[bot]
9448824304 core: bump selenium from 4.39.0 to 4.40.0 (#19564) 
Bumps [selenium](https://github.com/SeleniumHQ/Selenium) from 4.39.0 to 4.40.0.
- [Release notes](https://github.com/SeleniumHQ/Selenium/releases)
- [Commits](https://github.com/SeleniumHQ/Selenium/compare/selenium-4.39.0...selenium-4.40.0)

---
updated-dependencies:
- dependency-name: selenium
  dependency-version: 4.40.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-01-20 13:17:44 +01:00
dependabot[bot]
6a423dd409 core: bump goauthentik.io/api/v3 from 3.2026020.11 to 3.2026020.12 (#19594) 
Bumps [goauthentik.io/api/v3](https://github.com/goauthentik/client-go) from 3.2026020.11 to 3.2026020.12.
- [Release notes](https://github.com/goauthentik/client-go/releases)
- [Commits](https://github.com/goauthentik/client-go/compare/v3.2026020.11...v3.2026020.12)

---
updated-dependencies:
- dependency-name: goauthentik.io/api/v3
  dependency-version: 3.2026020.12
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-01-20 13:16:59 +01:00
dependabot[bot]
1fc0741af1 core: bump openapitools/openapi-generator-cli from v7.18.0 to v7.19.0 in /scripts/api (#19595) 
core: bump openapitools/openapi-generator-cli in /scripts/api

Bumps openapitools/openapi-generator-cli from v7.18.0 to v7.19.0.

---
updated-dependencies:
- dependency-name: openapitools/openapi-generator-cli
  dependency-version: v7.19.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-01-20 13:16:46 +01:00