trustchain-oc1-orchestral
/
authentik
Archived
10
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

website/docs: update flow context variables 

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2022-12-13 14:37:37 +00:00
parent 291573fbc5
commit 1dfc0b2e93
1 changed files with 25 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
website/docs/policies/expression.mdx
View File

@ -87,16 +87,38 @@ Additionally, when the policy is executed from a flow, every variable from the f
This includes the following: This includes the following:
- `context['flow_plan']`: The actual flow plan itself, can be used to inject stages. - `context['flow_plan']`: The actual flow plan itself, can be used to inject stages.
- `context['prompt_data']`: Data which has been saved from a prompt stage or an external source. - `context['redirect']`: The URL the user should be redirected to after the flow execution succeeds. (Optional)
- `context['application']`: The application the user is in the process of authorizing. - `context['prompt_data']`: Data which has been saved from a prompt stage or an external source. (Optional)
- `context['application']`: The application the user is in the process of authorizing. (Optional)
- `context['source']`: The source the user is authenticating/enrolling with. (Optional)
- `context['pending_user']`: The currently pending user, see [User](../user-group/user.md#object-attributes) - `context['pending_user']`: The currently pending user, see [User](../user-group/user.md#object-attributes)
- `context['auth_method']`: Authentication method set (this value is set by password stages) - `context['is_restored']`: Set to `True` when the flow plan has been restored from a flow token, for example the user clicked a link to a flow which was sent by an email stage. (Optional)
- `context['auth_method']`: Authentication method (this value is set by password stages) (Optional)
Depending on method, `context['auth_method_args']` is also set. Depending on method, `context['auth_method_args']` is also set.
Can be any of: Can be any of:
- `password`: Standard password login - `password`: Standard password login
- `auth_mfa`: MFA login (this method is only set if no password was used)
Sets `context['auth_method_args']` to
```json
{
"mfa_devices": [
{
"pk": 1,
"app": "otp_static",
"name": "Static Token",
"model_name": "staticdevice"
}
]
}
```
- `auth_webauthn_pwl`: Password-less WebAuthn login
- `jwt`: OAuth Machine-to-machine login via external JWT
- `app_password`: App password (token) - `app_password`: App password (token)
Sets `context['auth_method_args']` to Sets `context['auth_method_args']` to