From 6821402fef0ea8f6590c6f8c920364e8e0b165de Mon Sep 17 00:00:00 2001 From: Jens L Date: Sat, 11 Jun 2022 19:48:07 +0200 Subject: [PATCH] providers/oauth2: remove deprecated verification_keys (#3071) remove verification_keys Signed-off-by: Jens Langhammer --- authentik/providers/oauth2/api/provider.py | 1 - ...remove_oauth2provider_verification_keys.py | 17 ++ authentik/providers/oauth2/models.py | 13 -- .../oauth2/tests/test_token_cc_jwt.py | 203 ------------------ authentik/providers/oauth2/views/token.py | 22 -- schema.yml | 27 --- web/src/locales/de.po | 8 +- web/src/locales/en.po | 8 +- web/src/locales/es.po | 8 +- web/src/locales/fr_FR.po | 8 +- web/src/locales/pl.po | 8 +- web/src/locales/pseudo-LOCALE.po | 8 +- web/src/locales/tr.po | 8 +- web/src/locales/zh-Hant.po | 8 +- web/src/locales/zh_TW.po | 8 +- .../providers/oauth2/OAuth2ProviderForm.ts | 38 ---- 16 files changed, 35 insertions(+), 358 deletions(-) create mode 100644 authentik/providers/oauth2/migrations/0012_remove_oauth2provider_verification_keys.py delete mode 100644 authentik/providers/oauth2/tests/test_token_cc_jwt.py diff --git a/authentik/providers/oauth2/api/provider.py b/authentik/providers/oauth2/api/provider.py index f7d77b9c3..7ee52209d 100644 --- a/authentik/providers/oauth2/api/provider.py +++ b/authentik/providers/oauth2/api/provider.py @@ -34,7 +34,6 @@ class OAuth2ProviderSerializer(ProviderSerializer): "sub_mode", "property_mappings", "issuer_mode", - "verification_keys", "jwks_sources", ] diff --git a/authentik/providers/oauth2/migrations/0012_remove_oauth2provider_verification_keys.py b/authentik/providers/oauth2/migrations/0012_remove_oauth2provider_verification_keys.py new file mode 100644 index 000000000..3a9168133 --- /dev/null +++ b/authentik/providers/oauth2/migrations/0012_remove_oauth2provider_verification_keys.py @@ -0,0 +1,17 @@ +# Generated by Django 4.0.5 on 2022-06-04 21:26 + +from django.db import migrations + + +class Migration(migrations.Migration): + + dependencies = [ + ("authentik_providers_oauth2", "0011_oauth2provider_jwks_sources_and_more"), + ] + + operations = [ + migrations.RemoveField( + model_name="oauth2provider", + name="verification_keys", + ), + ] diff --git a/authentik/providers/oauth2/models.py b/authentik/providers/oauth2/models.py index b84c7301e..3821d2b7b 100644 --- a/authentik/providers/oauth2/models.py +++ b/authentik/providers/oauth2/models.py @@ -222,19 +222,6 @@ class OAuth2Provider(Provider): ), ) - verification_keys = models.ManyToManyField( - CertificateKeyPair, - verbose_name=_("Allowed certificates for JWT-based client_credentials"), - help_text=_( - ( - "DEPRECATED. JWTs created with the configured " - "certificates can authenticate with this provider." - ) - ), - related_name="oauth2_providers", - default=None, - blank=True, - ) jwks_sources = models.ManyToManyField( OAuthSource, verbose_name=_( diff --git a/authentik/providers/oauth2/tests/test_token_cc_jwt.py b/authentik/providers/oauth2/tests/test_token_cc_jwt.py deleted file mode 100644 index 4f879b3b3..000000000 --- a/authentik/providers/oauth2/tests/test_token_cc_jwt.py +++ /dev/null @@ -1,203 +0,0 @@ -"""Test token view""" -from datetime import datetime, timedelta -from json import loads - -from django.test import RequestFactory -from django.urls import reverse -from jwt import decode - -from authentik.core.models import Application, Group -from authentik.core.tests.utils import create_test_cert, create_test_flow -from authentik.lib.generators import generate_id, generate_key -from authentik.managed.manager import ObjectManager -from authentik.policies.models import PolicyBinding -from authentik.providers.oauth2.constants import ( - GRANT_TYPE_CLIENT_CREDENTIALS, - SCOPE_OPENID, - SCOPE_OPENID_EMAIL, - SCOPE_OPENID_PROFILE, -) -from authentik.providers.oauth2.models import OAuth2Provider, ScopeMapping -from authentik.providers.oauth2.tests.utils import OAuthTestCase - - -class TestTokenClientCredentialsJWT(OAuthTestCase): - """Test token (client_credentials, with JWT) view""" - - def setUp(self) -> None: - super().setUp() - ObjectManager().run() - self.factory = RequestFactory() - self.cert = create_test_cert() - self.provider: OAuth2Provider = OAuth2Provider.objects.create( - name="test", - client_id=generate_id(), - client_secret=generate_key(), - authorization_flow=create_test_flow(), - redirect_uris="http://testserver", - signing_key=self.cert, - ) - self.provider.verification_keys.set([self.cert]) - self.provider.property_mappings.set(ScopeMapping.objects.all()) - self.app = Application.objects.create(name="test", slug="test", provider=self.provider) - - def test_invalid_type(self): - """test invalid type""" - response = self.client.post( - reverse("authentik_providers_oauth2:token"), - { - "grant_type": GRANT_TYPE_CLIENT_CREDENTIALS, - "scope": f"{SCOPE_OPENID} {SCOPE_OPENID_EMAIL} {SCOPE_OPENID_PROFILE}", - "client_id": self.provider.client_id, - "client_assertion_type": "foo", - "client_assertion": "foo.bar", - }, - ) - self.assertEqual(response.status_code, 400) - body = loads(response.content.decode()) - self.assertEqual(body["error"], "invalid_grant") - - def test_invalid_jwt(self): - """test invalid JWT""" - response = self.client.post( - reverse("authentik_providers_oauth2:token"), - { - "grant_type": GRANT_TYPE_CLIENT_CREDENTIALS, - "scope": f"{SCOPE_OPENID} {SCOPE_OPENID_EMAIL} {SCOPE_OPENID_PROFILE}", - "client_id": self.provider.client_id, - "client_assertion_type": "urn:ietf:params:oauth:client-assertion-type:jwt-bearer", - "client_assertion": "foo.bar", - }, - ) - self.assertEqual(response.status_code, 400) - body = loads(response.content.decode()) - self.assertEqual(body["error"], "invalid_grant") - - def test_invalid_signature(self): - """test invalid JWT""" - token = self.provider.encode( - { - "sub": "foo", - "exp": datetime.now() + timedelta(hours=2), - } - ) - response = self.client.post( - reverse("authentik_providers_oauth2:token"), - { - "grant_type": GRANT_TYPE_CLIENT_CREDENTIALS, - "scope": f"{SCOPE_OPENID} {SCOPE_OPENID_EMAIL} {SCOPE_OPENID_PROFILE}", - "client_id": self.provider.client_id, - "client_assertion_type": "urn:ietf:params:oauth:client-assertion-type:jwt-bearer", - "client_assertion": token + "foo", - }, - ) - self.assertEqual(response.status_code, 400) - body = loads(response.content.decode()) - self.assertEqual(body["error"], "invalid_grant") - - def test_invalid_expired(self): - """test invalid JWT""" - token = self.provider.encode( - { - "sub": "foo", - "exp": datetime.now() - timedelta(hours=2), - } - ) - response = self.client.post( - reverse("authentik_providers_oauth2:token"), - { - "grant_type": GRANT_TYPE_CLIENT_CREDENTIALS, - "scope": f"{SCOPE_OPENID} {SCOPE_OPENID_EMAIL} {SCOPE_OPENID_PROFILE}", - "client_id": self.provider.client_id, - "client_assertion_type": "urn:ietf:params:oauth:client-assertion-type:jwt-bearer", - "client_assertion": token, - }, - ) - self.assertEqual(response.status_code, 400) - body = loads(response.content.decode()) - self.assertEqual(body["error"], "invalid_grant") - - def test_invalid_no_app(self): - """test invalid JWT""" - self.app.provider = None - self.app.save() - token = self.provider.encode( - { - "sub": "foo", - "exp": datetime.now() + timedelta(hours=2), - } - ) - response = self.client.post( - reverse("authentik_providers_oauth2:token"), - { - "grant_type": GRANT_TYPE_CLIENT_CREDENTIALS, - "scope": f"{SCOPE_OPENID} {SCOPE_OPENID_EMAIL} {SCOPE_OPENID_PROFILE}", - "client_id": self.provider.client_id, - "client_assertion_type": "urn:ietf:params:oauth:client-assertion-type:jwt-bearer", - "client_assertion": token, - }, - ) - self.assertEqual(response.status_code, 400) - body = loads(response.content.decode()) - self.assertEqual(body["error"], "invalid_grant") - - def test_invalid_access_denied(self): - """test invalid JWT""" - group = Group.objects.create(name="foo") - PolicyBinding.objects.create( - group=group, - target=self.app, - order=0, - ) - token = self.provider.encode( - { - "sub": "foo", - "exp": datetime.now() + timedelta(hours=2), - } - ) - response = self.client.post( - reverse("authentik_providers_oauth2:token"), - { - "grant_type": GRANT_TYPE_CLIENT_CREDENTIALS, - "scope": f"{SCOPE_OPENID} {SCOPE_OPENID_EMAIL} {SCOPE_OPENID_PROFILE}", - "client_id": self.provider.client_id, - "client_assertion_type": "urn:ietf:params:oauth:client-assertion-type:jwt-bearer", - "client_assertion": token, - }, - ) - self.assertEqual(response.status_code, 400) - body = loads(response.content.decode()) - self.assertEqual(body["error"], "invalid_grant") - - def test_successful(self): - """test successful""" - token = self.provider.encode( - { - "sub": "foo", - "exp": datetime.now() + timedelta(hours=2), - } - ) - response = self.client.post( - reverse("authentik_providers_oauth2:token"), - { - "grant_type": GRANT_TYPE_CLIENT_CREDENTIALS, - "scope": f"{SCOPE_OPENID} {SCOPE_OPENID_EMAIL} {SCOPE_OPENID_PROFILE}", - "client_id": self.provider.client_id, - "client_assertion_type": "urn:ietf:params:oauth:client-assertion-type:jwt-bearer", - "client_assertion": token, - }, - ) - self.assertEqual(response.status_code, 200) - body = loads(response.content.decode()) - self.assertEqual(body["token_type"], "bearer") - _, alg = self.provider.get_jwt_key() - jwt = decode( - body["access_token"], - key=self.provider.signing_key.public_key, - algorithms=[alg], - audience=self.provider.client_id, - ) - self.assertEqual( - jwt["given_name"], "Autogenerated user from application test (client credentials JWT)" - ) - self.assertEqual(jwt["preferred_username"], "test-foo") diff --git a/authentik/providers/oauth2/views/token.py b/authentik/providers/oauth2/views/token.py index a3c8735e2..a82b8f1a0 100644 --- a/authentik/providers/oauth2/views/token.py +++ b/authentik/providers/oauth2/views/token.py @@ -21,7 +21,6 @@ from authentik.core.models import ( TokenIntents, User, ) -from authentik.crypto.models import CertificateKeyPair from authentik.events.models import Event, EventAction from authentik.lib.utils.time import timedelta_from_string from authentik.policies.engine import PolicyEngine @@ -38,7 +37,6 @@ from authentik.providers.oauth2.errors import TokenError, UserAuthError from authentik.providers.oauth2.models import ( AuthorizationCode, ClientTypes, - JWTAlgorithms, OAuth2Provider, RefreshToken, ) @@ -292,26 +290,6 @@ class TokenParams: token = None - # TODO: Remove in 2022.7, deprecated field `verification_keys`` - for cert in self.provider.verification_keys.all(): - LOGGER.debug("verifying jwt with key", key=cert.name) - cert: CertificateKeyPair - public_key = cert.certificate.public_key() - if cert.private_key: - public_key = cert.private_key.public_key() - try: - token = decode( - assertion, - public_key, - algorithms=[JWTAlgorithms.RS256, JWTAlgorithms.ES256], - options={ - "verify_aud": False, - }, - ) - except (PyJWTError, ValueError, TypeError) as exc: - LOGGER.warning("failed to validate jwt", exc=exc) - # TODO: End remove block - source: Optional[OAuthSource] = None parsed_key: Optional[PyJWK] = None for source in self.provider.jwks_sources.all(): diff --git a/schema.yml b/schema.yml index 16ce5b89e..3b84e872f 100644 --- a/schema.yml +++ b/schema.yml @@ -23237,15 +23237,6 @@ components: allOf: - $ref: '#/components/schemas/IssuerModeEnum' description: Configure how the issuer field of the ID Token should be filled. - verification_keys: - type: array - items: - type: string - format: uuid - title: Allowed certificates for JWT-based client_credentials - title: Allowed certificates for JWT-based client_credentials - description: DEPRECATED. JWTs created with the configured certificates can - authenticate with this provider. jwks_sources: type: array items: @@ -23325,15 +23316,6 @@ components: allOf: - $ref: '#/components/schemas/IssuerModeEnum' description: Configure how the issuer field of the ID Token should be filled. - verification_keys: - type: array - items: - type: string - format: uuid - title: Allowed certificates for JWT-based client_credentials - title: Allowed certificates for JWT-based client_credentials - description: DEPRECATED. JWTs created with the configured certificates can - authenticate with this provider. jwks_sources: type: array items: @@ -27711,15 +27693,6 @@ components: allOf: - $ref: '#/components/schemas/IssuerModeEnum' description: Configure how the issuer field of the ID Token should be filled. - verification_keys: - type: array - items: - type: string - format: uuid - title: Allowed certificates for JWT-based client_credentials - title: Allowed certificates for JWT-based client_credentials - description: DEPRECATED. JWTs created with the configured certificates can - authenticate with this provider. jwks_sources: type: array items: diff --git a/web/src/locales/de.po b/web/src/locales/de.po index 1c6f0ac05..5a4bbdaa2 100644 --- a/web/src/locales/de.po +++ b/web/src/locales/de.po @@ -1552,7 +1552,6 @@ msgstr "{0} löschen" msgid "Deny the user access" msgstr "Dem Benutzer den Zugang verweigern" -#: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/oauth2/OAuth2ProviderForm.ts msgid "Deprecated. Instead of using this field, configure the JWKS data/URL in Sources." msgstr "" @@ -2471,7 +2470,6 @@ msgstr "Interne Konten ausblenden" #: src/pages/outposts/OutpostForm.ts #: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/oauth2/OAuth2ProviderForm.ts -#: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/proxy/ProxyProviderForm.ts #: src/pages/providers/saml/SAMLProviderForm.ts #: src/pages/sources/ldap/LDAPSourceForm.ts @@ -2753,7 +2751,6 @@ msgstr "" #~ msgid "JWT Algorithm" #~ msgstr "JWT Algorithmus" -#: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/oauth2/OAuth2ProviderForm.ts msgid "JWTs signed by certificates configured here can be used to authenticate to the provider." msgstr "" @@ -2937,7 +2934,6 @@ msgstr "Wird geladen" #: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/oauth2/OAuth2ProviderForm.ts -#: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/proxy/ProxyProviderForm.ts #: src/pages/providers/proxy/ProxyProviderForm.ts #: src/pages/providers/proxy/ProxyProviderForm.ts @@ -6308,8 +6304,8 @@ msgid "Verification Certificate" msgstr "Zertifikat zur Überprüfung" #: src/pages/providers/oauth2/OAuth2ProviderForm.ts -msgid "Verification certificates" -msgstr "" +#~ msgid "Verification certificates" +#~ msgstr "" #: src/pages/stages/authenticator_sms/AuthenticatorSMSStageForm.ts #~ msgid "Verify only" diff --git a/web/src/locales/en.po b/web/src/locales/en.po index f684393b9..e2616357d 100644 --- a/web/src/locales/en.po +++ b/web/src/locales/en.po @@ -1570,7 +1570,6 @@ msgstr "Delete {0}" msgid "Deny the user access" msgstr "Deny the user access" -#: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/oauth2/OAuth2ProviderForm.ts msgid "Deprecated. Instead of using this field, configure the JWKS data/URL in Sources." msgstr "Deprecated. Instead of using this field, configure the JWKS data/URL in Sources." @@ -2510,7 +2509,6 @@ msgstr "Hide service-accounts" #: src/pages/outposts/OutpostForm.ts #: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/oauth2/OAuth2ProviderForm.ts -#: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/proxy/ProxyProviderForm.ts #: src/pages/providers/saml/SAMLProviderForm.ts #: src/pages/sources/ldap/LDAPSourceForm.ts @@ -2803,7 +2801,6 @@ msgstr "JWKS URL" #~ msgid "JWT Algorithm" #~ msgstr "JWT Algorithm" -#: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/oauth2/OAuth2ProviderForm.ts msgid "JWTs signed by certificates configured here can be used to authenticate to the provider." msgstr "JWTs signed by certificates configured here can be used to authenticate to the provider." @@ -2989,7 +2986,6 @@ msgstr "Loading" #: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/oauth2/OAuth2ProviderForm.ts -#: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/proxy/ProxyProviderForm.ts #: src/pages/providers/proxy/ProxyProviderForm.ts #: src/pages/providers/proxy/ProxyProviderForm.ts @@ -6434,8 +6430,8 @@ msgid "Verification Certificate" msgstr "Verification Certificate" #: src/pages/providers/oauth2/OAuth2ProviderForm.ts -msgid "Verification certificates" -msgstr "Verification certificates" +#~ msgid "Verification certificates" +#~ msgstr "Verification certificates" #: src/pages/stages/authenticator_sms/AuthenticatorSMSStageForm.ts #~ msgid "Verify only" diff --git a/web/src/locales/es.po b/web/src/locales/es.po index 54fe201f5..dd697c6ad 100644 --- a/web/src/locales/es.po +++ b/web/src/locales/es.po @@ -1543,7 +1543,6 @@ msgstr "Eliminar {0}" msgid "Deny the user access" msgstr "Denegar el acceso al usuario" -#: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/oauth2/OAuth2ProviderForm.ts msgid "Deprecated. Instead of using this field, configure the JWKS data/URL in Sources." msgstr "" @@ -2462,7 +2461,6 @@ msgstr "Ocultar cuentas de servicio" #: src/pages/outposts/OutpostForm.ts #: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/oauth2/OAuth2ProviderForm.ts -#: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/proxy/ProxyProviderForm.ts #: src/pages/providers/saml/SAMLProviderForm.ts #: src/pages/sources/ldap/LDAPSourceForm.ts @@ -2746,7 +2744,6 @@ msgstr "" #~ msgid "JWT Algorithm" #~ msgstr "algoritmo JWT" -#: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/oauth2/OAuth2ProviderForm.ts msgid "JWTs signed by certificates configured here can be used to authenticate to the provider." msgstr "" @@ -2930,7 +2927,6 @@ msgstr "Cargando" #: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/oauth2/OAuth2ProviderForm.ts -#: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/proxy/ProxyProviderForm.ts #: src/pages/providers/proxy/ProxyProviderForm.ts #: src/pages/providers/proxy/ProxyProviderForm.ts @@ -6302,8 +6298,8 @@ msgid "Verification Certificate" msgstr "Certificado de verificación" #: src/pages/providers/oauth2/OAuth2ProviderForm.ts -msgid "Verification certificates" -msgstr "" +#~ msgid "Verification certificates" +#~ msgstr "" #: src/pages/stages/authenticator_sms/AuthenticatorSMSStageForm.ts #~ msgid "Verify only" diff --git a/web/src/locales/fr_FR.po b/web/src/locales/fr_FR.po index 32fd8f284..f94d956ca 100644 --- a/web/src/locales/fr_FR.po +++ b/web/src/locales/fr_FR.po @@ -1555,7 +1555,6 @@ msgstr "Supprimer {0}" msgid "Deny the user access" msgstr "Refuser l'accès à l'utilisateu" -#: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/oauth2/OAuth2ProviderForm.ts msgid "Deprecated. Instead of using this field, configure the JWKS data/URL in Sources." msgstr "" @@ -2488,7 +2487,6 @@ msgstr "Cacher les comptes de service" #: src/pages/outposts/OutpostForm.ts #: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/oauth2/OAuth2ProviderForm.ts -#: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/proxy/ProxyProviderForm.ts #: src/pages/providers/saml/SAMLProviderForm.ts #: src/pages/sources/ldap/LDAPSourceForm.ts @@ -2776,7 +2774,6 @@ msgstr "" #~ msgid "JWT Algorithm" #~ msgstr "Algorithme JWT" -#: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/oauth2/OAuth2ProviderForm.ts msgid "JWTs signed by certificates configured here can be used to authenticate to the provider." msgstr "" @@ -2961,7 +2958,6 @@ msgstr "Chargement en cours" #: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/oauth2/OAuth2ProviderForm.ts -#: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/proxy/ProxyProviderForm.ts #: src/pages/providers/proxy/ProxyProviderForm.ts #: src/pages/providers/proxy/ProxyProviderForm.ts @@ -6363,8 +6359,8 @@ msgid "Verification Certificate" msgstr "Certificat de validation" #: src/pages/providers/oauth2/OAuth2ProviderForm.ts -msgid "Verification certificates" -msgstr "" +#~ msgid "Verification certificates" +#~ msgstr "" #: src/pages/stages/authenticator_sms/AuthenticatorSMSStageForm.ts #~ msgid "Verify only" diff --git a/web/src/locales/pl.po b/web/src/locales/pl.po index 3e92e7dea..562e05800 100644 --- a/web/src/locales/pl.po +++ b/web/src/locales/pl.po @@ -1540,7 +1540,6 @@ msgstr "Usuń {0}" msgid "Deny the user access" msgstr "Odmów użytkownikowi dostępu" -#: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/oauth2/OAuth2ProviderForm.ts msgid "Deprecated. Instead of using this field, configure the JWKS data/URL in Sources." msgstr "" @@ -2459,7 +2458,6 @@ msgstr "Ukryj konta serwisowe" #: src/pages/outposts/OutpostForm.ts #: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/oauth2/OAuth2ProviderForm.ts -#: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/proxy/ProxyProviderForm.ts #: src/pages/providers/saml/SAMLProviderForm.ts #: src/pages/sources/ldap/LDAPSourceForm.ts @@ -2743,7 +2741,6 @@ msgstr "" #~ msgid "JWT Algorithm" #~ msgstr "Algorytm JWT" -#: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/oauth2/OAuth2ProviderForm.ts msgid "JWTs signed by certificates configured here can be used to authenticate to the provider." msgstr "" @@ -2927,7 +2924,6 @@ msgstr "Ładowanie" #: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/oauth2/OAuth2ProviderForm.ts -#: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/proxy/ProxyProviderForm.ts #: src/pages/providers/proxy/ProxyProviderForm.ts #: src/pages/providers/proxy/ProxyProviderForm.ts @@ -6299,8 +6295,8 @@ msgid "Verification Certificate" msgstr "Certyfikat weryfikacji" #: src/pages/providers/oauth2/OAuth2ProviderForm.ts -msgid "Verification certificates" -msgstr "" +#~ msgid "Verification certificates" +#~ msgstr "" #: src/pages/stages/authenticator_sms/AuthenticatorSMSStageForm.ts #~ msgid "Verify only" diff --git a/web/src/locales/pseudo-LOCALE.po b/web/src/locales/pseudo-LOCALE.po index 4500804c9..ad72c490a 100644 --- a/web/src/locales/pseudo-LOCALE.po +++ b/web/src/locales/pseudo-LOCALE.po @@ -1556,7 +1556,6 @@ msgstr "" msgid "Deny the user access" msgstr "" -#: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/oauth2/OAuth2ProviderForm.ts msgid "Deprecated. Instead of using this field, configure the JWKS data/URL in Sources." msgstr "" @@ -2496,7 +2495,6 @@ msgstr "" #: src/pages/outposts/OutpostForm.ts #: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/oauth2/OAuth2ProviderForm.ts -#: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/proxy/ProxyProviderForm.ts #: src/pages/providers/saml/SAMLProviderForm.ts #: src/pages/sources/ldap/LDAPSourceForm.ts @@ -2785,7 +2783,6 @@ msgstr "" #~ msgid "JWT Algorithm" #~ msgstr "" -#: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/oauth2/OAuth2ProviderForm.ts msgid "JWTs signed by certificates configured here can be used to authenticate to the provider." msgstr "" @@ -2971,7 +2968,6 @@ msgstr "" #: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/oauth2/OAuth2ProviderForm.ts -#: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/proxy/ProxyProviderForm.ts #: src/pages/providers/proxy/ProxyProviderForm.ts #: src/pages/providers/proxy/ProxyProviderForm.ts @@ -6404,8 +6400,8 @@ msgid "Verification Certificate" msgstr "" #: src/pages/providers/oauth2/OAuth2ProviderForm.ts -msgid "Verification certificates" -msgstr "" +#~ msgid "Verification certificates" +#~ msgstr "" #: src/pages/stages/authenticator_sms/AuthenticatorSMSStageForm.ts #~ msgid "Verify only" diff --git a/web/src/locales/tr.po b/web/src/locales/tr.po index 4f2a01929..fcd1fbd51 100644 --- a/web/src/locales/tr.po +++ b/web/src/locales/tr.po @@ -1543,7 +1543,6 @@ msgstr "{0} Sil" msgid "Deny the user access" msgstr "Kullanıcı erişimini engelle" -#: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/oauth2/OAuth2ProviderForm.ts msgid "Deprecated. Instead of using this field, configure the JWKS data/URL in Sources." msgstr "" @@ -2462,7 +2461,6 @@ msgstr "Hizmet hesaplarını gizle" #: src/pages/outposts/OutpostForm.ts #: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/oauth2/OAuth2ProviderForm.ts -#: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/proxy/ProxyProviderForm.ts #: src/pages/providers/saml/SAMLProviderForm.ts #: src/pages/sources/ldap/LDAPSourceForm.ts @@ -2747,7 +2745,6 @@ msgstr "" #~ msgid "JWT Algorithm" #~ msgstr "JWT Algoritması" -#: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/oauth2/OAuth2ProviderForm.ts msgid "JWTs signed by certificates configured here can be used to authenticate to the provider." msgstr "" @@ -2931,7 +2928,6 @@ msgstr "Yükleniyor" #: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/oauth2/OAuth2ProviderForm.ts -#: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/proxy/ProxyProviderForm.ts #: src/pages/providers/proxy/ProxyProviderForm.ts #: src/pages/providers/proxy/ProxyProviderForm.ts @@ -6304,8 +6300,8 @@ msgid "Verification Certificate" msgstr "Doğrulama Sertifikası" #: src/pages/providers/oauth2/OAuth2ProviderForm.ts -msgid "Verification certificates" -msgstr "" +#~ msgid "Verification certificates" +#~ msgstr "" #: src/pages/stages/authenticator_sms/AuthenticatorSMSStageForm.ts #~ msgid "Verify only" diff --git a/web/src/locales/zh-Hant.po b/web/src/locales/zh-Hant.po index d6b2471c0..77dc0b945 100644 --- a/web/src/locales/zh-Hant.po +++ b/web/src/locales/zh-Hant.po @@ -1540,7 +1540,6 @@ msgstr "删除 {0}" msgid "Deny the user access" msgstr "拒绝用户访问" -#: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/oauth2/OAuth2ProviderForm.ts msgid "Deprecated. Instead of using this field, configure the JWKS data/URL in Sources." msgstr "" @@ -2451,7 +2450,6 @@ msgstr "隐藏服务账户" #: src/pages/outposts/OutpostForm.ts #: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/oauth2/OAuth2ProviderForm.ts -#: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/proxy/ProxyProviderForm.ts #: src/pages/providers/saml/SAMLProviderForm.ts #: src/pages/sources/ldap/LDAPSourceForm.ts @@ -2734,7 +2732,6 @@ msgstr "" #~ msgid "JWT Algorithm" #~ msgstr "JWT 算法" -#: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/oauth2/OAuth2ProviderForm.ts msgid "JWTs signed by certificates configured here can be used to authenticate to the provider." msgstr "此处配置的证书签名的 JWT 可以用于此提供程序的身份验证。" @@ -2917,7 +2914,6 @@ msgstr "正在加载" #: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/oauth2/OAuth2ProviderForm.ts -#: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/proxy/ProxyProviderForm.ts #: src/pages/providers/proxy/ProxyProviderForm.ts #: src/pages/providers/proxy/ProxyProviderForm.ts @@ -6270,8 +6266,8 @@ msgid "Verification Certificate" msgstr "验证证书" #: src/pages/providers/oauth2/OAuth2ProviderForm.ts -msgid "Verification certificates" -msgstr "验证证书" +#~ msgid "Verification certificates" +#~ msgstr "验证证书" #: src/pages/stages/authenticator_sms/AuthenticatorSMSStageForm.ts #~ msgid "Verify only" diff --git a/web/src/locales/zh_TW.po b/web/src/locales/zh_TW.po index 7c9966763..09f9ff684 100644 --- a/web/src/locales/zh_TW.po +++ b/web/src/locales/zh_TW.po @@ -1540,7 +1540,6 @@ msgstr "删除 {0}" msgid "Deny the user access" msgstr "拒绝用户访问" -#: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/oauth2/OAuth2ProviderForm.ts msgid "Deprecated. Instead of using this field, configure the JWKS data/URL in Sources." msgstr "" @@ -2451,7 +2450,6 @@ msgstr "隐藏服务账户" #: src/pages/outposts/OutpostForm.ts #: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/oauth2/OAuth2ProviderForm.ts -#: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/proxy/ProxyProviderForm.ts #: src/pages/providers/saml/SAMLProviderForm.ts #: src/pages/sources/ldap/LDAPSourceForm.ts @@ -2734,7 +2732,6 @@ msgstr "" #~ msgid "JWT Algorithm" #~ msgstr "JWT 算法" -#: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/oauth2/OAuth2ProviderForm.ts msgid "JWTs signed by certificates configured here can be used to authenticate to the provider." msgstr "此处配置的证书签名的 JWT 可以用于此提供程序的身份验证。" @@ -2917,7 +2914,6 @@ msgstr "正在加载" #: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/oauth2/OAuth2ProviderForm.ts -#: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/proxy/ProxyProviderForm.ts #: src/pages/providers/proxy/ProxyProviderForm.ts #: src/pages/providers/proxy/ProxyProviderForm.ts @@ -6270,8 +6266,8 @@ msgid "Verification Certificate" msgstr "验证证书" #: src/pages/providers/oauth2/OAuth2ProviderForm.ts -msgid "Verification certificates" -msgstr "验证证书" +#~ msgid "Verification certificates" +#~ msgstr "验证证书" #: src/pages/stages/authenticator_sms/AuthenticatorSMSStageForm.ts #~ msgid "Verify only" diff --git a/web/src/pages/providers/oauth2/OAuth2ProviderForm.ts b/web/src/pages/providers/oauth2/OAuth2ProviderForm.ts index 490494959..3781dd4c6 100644 --- a/web/src/pages/providers/oauth2/OAuth2ProviderForm.ts +++ b/web/src/pages/providers/oauth2/OAuth2ProviderForm.ts @@ -405,44 +405,6 @@ ${this.instance?.redirectUris} - - -

- ${t`Deprecated. Instead of using this field, configure the JWKS data/URL in Sources.`} -

-

- ${t`JWTs signed by certificates configured here can be used to authenticate to the provider.`} -

-

- ${t`Hold control/command to select multiple items.`} -

-
`;