sources/oauth: allow overriding of all scopes

closes #3747

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2022-10-16 21:21:43 +02:00
parent 10cfccd999
commit 96a30af0eb
15 changed files with 23971 additions and 22998 deletions

View file

@ -58,6 +58,13 @@ class TestTypeGoogle(TestCase):
"email%20profile" "email%20profile"
), ),
) )
def test_authorize_url_additional(self):
"""Test authorize URL"""
request = self.request_factory.get("/")
middleware = SessionMiddleware(dummy_get_response)
middleware.process_request(request)
request.session.save()
self.source.additional_scopes = "foo" self.source.additional_scopes = "foo"
self.source.save() self.source.save()
redirect = GoogleOAuthRedirect(request=request).get_redirect_url( redirect = GoogleOAuthRedirect(request=request).get_redirect_url(
@ -72,3 +79,24 @@ class TestTypeGoogle(TestCase):
"email%20foo%20profile" "email%20foo%20profile"
), ),
) )
def test_authorize_url_additional_replace(self):
"""Test authorize URL"""
request = self.request_factory.get("/")
middleware = SessionMiddleware(dummy_get_response)
middleware.process_request(request)
request.session.save()
self.source.additional_scopes = "*foo"
self.source.save()
redirect = GoogleOAuthRedirect(request=request).get_redirect_url(
source_slug=self.source.slug
)
self.assertEqual(
redirect,
(
f"https://accounts.google.com/o/oauth2/auth?client_id={self.source.consumer_key}&re"
"direct_uri=http%3A%2F%2Ftestserver%2Fsource%2Foauth%2Fcallback%2Ftest%2F&response_"
f"type=code&state={request.session['oauth-client-test-request-state']}&scope="
"foo"
),
)

View file

@ -44,5 +44,8 @@ class OAuthRedirect(OAuthClientMixin, RedirectView):
params = self.get_additional_parameters(source) params = self.get_additional_parameters(source)
params.setdefault("scope", []) params.setdefault("scope", [])
if source.additional_scopes != "": if source.additional_scopes != "":
params["scope"] += source.additional_scopes.split(" ") if source.additional_scopes.startswith("*"):
params["scope"] = source.additional_scopes[1:].split(" ")
else:
params["scope"] += source.additional_scopes.split(" ")
return client.get_redirect_url(params) return client.get_redirect_url(params)

View file

@ -8,7 +8,7 @@ msgid ""
msgstr "" msgstr ""
"Project-Id-Version: PACKAGE VERSION\n" "Project-Id-Version: PACKAGE VERSION\n"
"Report-Msgid-Bugs-To: \n" "Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2022-10-10 10:27+0000\n" "POT-Creation-Date: 2022-10-16 19:21+0000\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n" "Language-Team: LANGUAGE <LL@li.org>\n"
@ -194,7 +194,6 @@ msgid "Loading..."
msgstr "" msgstr ""
#: authentik/core/templates/if/end_session.html:7 #: authentik/core/templates/if/end_session.html:7
#: authentik/core/templates/if/error.html:7
msgid "End session" msgid "End session"
msgstr "" msgstr ""
@ -240,7 +239,8 @@ msgid "Powered by authentik"
msgstr "" msgstr ""
#: authentik/core/views/apps.py:48 #: authentik/core/views/apps.py:48
#: authentik/providers/oauth2/views/authorize.py:359 #: authentik/providers/oauth2/views/authorize.py:358
#: authentik/providers/oauth2/views/device_init.py:68
#: authentik/providers/saml/views/sso.py:69 #: authentik/providers/saml/views/sso.py:69
#, python-format #, python-format
msgid "You're about to sign into %(application)s." msgid "You're about to sign into %(application)s."
@ -347,11 +347,11 @@ msgid "Notification Rules"
msgstr "" msgstr ""
#: authentik/events/models.py:580 #: authentik/events/models.py:580
msgid "Notification Webhook Mapping" msgid "Webhook Mapping"
msgstr "" msgstr ""
#: authentik/events/models.py:581 #: authentik/events/models.py:581
msgid "Notification Webhook Mappings" msgid "Webhook Mappings"
msgstr "" msgstr ""
#: authentik/events/monitored_tasks.py:195 #: authentik/events/monitored_tasks.py:195
@ -826,7 +826,8 @@ msgstr ""
msgid "OAuth2/OpenID Providers" msgid "OAuth2/OpenID Providers"
msgstr "" msgstr ""
#: authentik/providers/oauth2/models.py:323 #: authentik/providers/oauth2/models.py:324
#: authentik/providers/oauth2/models.py:530
msgid "Scopes" msgid "Scopes"
msgstr "" msgstr ""
@ -878,12 +879,24 @@ msgstr ""
msgid "OAuth2 Tokens" msgid "OAuth2 Tokens"
msgstr "" msgstr ""
#: authentik/providers/oauth2/views/authorize.py:413 #: authentik/providers/oauth2/models.py:542
msgid "Device Token"
msgstr ""
#: authentik/providers/oauth2/models.py:543
msgid "Device Tokens"
msgstr ""
#: authentik/providers/oauth2/views/authorize.py:412
#: authentik/providers/saml/views/flows.py:86 #: authentik/providers/saml/views/flows.py:86
#, python-format #, python-format
msgid "Redirecting to %(app)s..." msgid "Redirecting to %(app)s..."
msgstr "" msgstr ""
#: authentik/providers/oauth2/views/device_init.py:142
msgid "Invalid code"
msgstr ""
#: authentik/providers/oauth2/views/userinfo.py:46 #: authentik/providers/oauth2/views/userinfo.py:46
#: authentik/providers/oauth2/views/userinfo.py:47 #: authentik/providers/oauth2/views/userinfo.py:47
msgid "GitHub Compatibility: Access your User Information" msgid "GitHub Compatibility: Access your User Information"
@ -965,39 +978,39 @@ msgstr ""
msgid "NameID Property Mapping" msgid "NameID Property Mapping"
msgstr "" msgstr ""
#: authentik/providers/saml/models.py:109 authentik/sources/saml/models.py:139 #: authentik/providers/saml/models.py:109 authentik/sources/saml/models.py:141
msgid "SHA1" msgid "SHA1"
msgstr "" msgstr ""
#: authentik/providers/saml/models.py:110 authentik/sources/saml/models.py:140 #: authentik/providers/saml/models.py:110 authentik/sources/saml/models.py:142
msgid "SHA256" msgid "SHA256"
msgstr "" msgstr ""
#: authentik/providers/saml/models.py:111 authentik/sources/saml/models.py:141 #: authentik/providers/saml/models.py:111 authentik/sources/saml/models.py:143
msgid "SHA384" msgid "SHA384"
msgstr "" msgstr ""
#: authentik/providers/saml/models.py:112 authentik/sources/saml/models.py:142 #: authentik/providers/saml/models.py:112 authentik/sources/saml/models.py:144
msgid "SHA512" msgid "SHA512"
msgstr "" msgstr ""
#: authentik/providers/saml/models.py:119 authentik/sources/saml/models.py:149 #: authentik/providers/saml/models.py:119 authentik/sources/saml/models.py:151
msgid "RSA-SHA1" msgid "RSA-SHA1"
msgstr "" msgstr ""
#: authentik/providers/saml/models.py:120 authentik/sources/saml/models.py:150 #: authentik/providers/saml/models.py:120 authentik/sources/saml/models.py:152
msgid "RSA-SHA256" msgid "RSA-SHA256"
msgstr "" msgstr ""
#: authentik/providers/saml/models.py:121 authentik/sources/saml/models.py:151 #: authentik/providers/saml/models.py:121 authentik/sources/saml/models.py:153
msgid "RSA-SHA384" msgid "RSA-SHA384"
msgstr "" msgstr ""
#: authentik/providers/saml/models.py:122 authentik/sources/saml/models.py:152 #: authentik/providers/saml/models.py:122 authentik/sources/saml/models.py:154
msgid "RSA-SHA512" msgid "RSA-SHA512"
msgstr "" msgstr ""
#: authentik/providers/saml/models.py:123 authentik/sources/saml/models.py:153 #: authentik/providers/saml/models.py:123 authentik/sources/saml/models.py:155
msgid "DSA-SHA1" msgid "DSA-SHA1"
msgstr "" msgstr ""
@ -1009,7 +1022,7 @@ msgstr ""
msgid "Keypair used to sign outgoing Responses going to the Service Provider." msgid "Keypair used to sign outgoing Responses going to the Service Provider."
msgstr "" msgstr ""
#: authentik/providers/saml/models.py:150 authentik/sources/saml/models.py:129 #: authentik/providers/saml/models.py:150 authentik/sources/saml/models.py:131
msgid "Signing Keypair" msgid "Signing Keypair"
msgstr "" msgstr ""
@ -1297,75 +1310,83 @@ msgstr ""
msgid "User Plex Source Connections" msgid "User Plex Source Connections"
msgstr "" msgstr ""
#: authentik/sources/saml/models.py:38 #: authentik/sources/saml/models.py:40
msgid "Redirect Binding" msgid "Redirect Binding"
msgstr "" msgstr ""
#: authentik/sources/saml/models.py:39 #: authentik/sources/saml/models.py:41
msgid "POST Binding" msgid "POST Binding"
msgstr "" msgstr ""
#: authentik/sources/saml/models.py:40 #: authentik/sources/saml/models.py:42
msgid "POST Binding with auto-confirmation" msgid "POST Binding with auto-confirmation"
msgstr "" msgstr ""
#: authentik/sources/saml/models.py:68 #: authentik/sources/saml/models.py:70
msgid "Flow used before authentication." msgid "Flow used before authentication."
msgstr "" msgstr ""
#: authentik/sources/saml/models.py:75 #: authentik/sources/saml/models.py:77
msgid "Issuer" msgid "Issuer"
msgstr "" msgstr ""
#: authentik/sources/saml/models.py:76 #: authentik/sources/saml/models.py:78
msgid "Also known as Entity ID. Defaults the Metadata URL." msgid "Also known as Entity ID. Defaults the Metadata URL."
msgstr "" msgstr ""
#: authentik/sources/saml/models.py:80 #: authentik/sources/saml/models.py:82
msgid "SSO URL" msgid "SSO URL"
msgstr "" msgstr ""
#: authentik/sources/saml/models.py:81 #: authentik/sources/saml/models.py:83
msgid "URL that the initial Login request is sent to." msgid "URL that the initial Login request is sent to."
msgstr "" msgstr ""
#: authentik/sources/saml/models.py:87 #: authentik/sources/saml/models.py:89
msgid "SLO URL" msgid "SLO URL"
msgstr "" msgstr ""
#: authentik/sources/saml/models.py:88 #: authentik/sources/saml/models.py:90
msgid "Optional URL if your IDP supports Single-Logout." msgid "Optional URL if your IDP supports Single-Logout."
msgstr "" msgstr ""
#: authentik/sources/saml/models.py:94 #: authentik/sources/saml/models.py:96
msgid "" msgid ""
"Allows authentication flows initiated by the IdP. This can be a security " "Allows authentication flows initiated by the IdP. This can be a security "
"risk, as no validation of the request ID is done." "risk, as no validation of the request ID is done."
msgstr "" msgstr ""
#: authentik/sources/saml/models.py:102 #: authentik/sources/saml/models.py:104
msgid "" msgid ""
"NameID Policy sent to the IdP. Can be unset, in which case no Policy is sent." "NameID Policy sent to the IdP. Can be unset, in which case no Policy is sent."
msgstr "" msgstr ""
#: authentik/sources/saml/models.py:113 #: authentik/sources/saml/models.py:115
msgid "Delete temporary users after" msgid "Delete temporary users after"
msgstr "" msgstr ""
#: authentik/sources/saml/models.py:131 #: authentik/sources/saml/models.py:133
msgid "" msgid ""
"Keypair which is used to sign outgoing requests. Leave empty to disable " "Keypair which is used to sign outgoing requests. Leave empty to disable "
"signing." "signing."
msgstr "" msgstr ""
#: authentik/sources/saml/models.py:199 #: authentik/sources/saml/models.py:214
msgid "SAML Source" msgid "SAML Source"
msgstr "" msgstr ""
#: authentik/sources/saml/models.py:200 #: authentik/sources/saml/models.py:215
msgid "SAML Sources" msgid "SAML Sources"
msgstr "" msgstr ""
#: authentik/sources/saml/models.py:231
msgid "User SAML Source Connection"
msgstr ""
#: authentik/sources/saml/models.py:232
msgid "User SAML Source Connections"
msgstr ""
#: authentik/stages/authenticator_duo/models.py:81 #: authentik/stages/authenticator_duo/models.py:81
msgid "Duo Authenticator Setup Stage" msgid "Duo Authenticator Setup Stage"
msgstr "" msgstr ""
@ -1382,26 +1403,30 @@ msgstr ""
msgid "Duo Devices" msgid "Duo Devices"
msgstr "" msgstr ""
#: authentik/stages/authenticator_sms/models.py:56 #: authentik/stages/authenticator_sms/models.py:57
msgid "" msgid ""
"When enabled, the Phone number is only used during enrollment to verify the " "When enabled, the Phone number is only used during enrollment to verify the "
"users authenticity. Only a hash of the phone number is saved to ensure it is " "users authenticity. Only a hash of the phone number is saved to ensure it is "
"not re-used in the future." "not re-used in the future."
msgstr "" msgstr ""
#: authentik/stages/authenticator_sms/models.py:158 #: authentik/stages/authenticator_sms/models.py:68
msgid "Optionally modify the payload being sent to custom providers."
msgstr ""
#: authentik/stages/authenticator_sms/models.py:176
msgid "SMS Authenticator Setup Stage" msgid "SMS Authenticator Setup Stage"
msgstr "" msgstr ""
#: authentik/stages/authenticator_sms/models.py:159 #: authentik/stages/authenticator_sms/models.py:177
msgid "SMS Authenticator Setup Stages" msgid "SMS Authenticator Setup Stages"
msgstr "" msgstr ""
#: authentik/stages/authenticator_sms/models.py:204 #: authentik/stages/authenticator_sms/models.py:222
msgid "SMS Device" msgid "SMS Device"
msgstr "" msgstr ""
#: authentik/stages/authenticator_sms/models.py:205 #: authentik/stages/authenticator_sms/models.py:223
msgid "SMS Devices" msgid "SMS Devices"
msgstr "" msgstr ""
@ -1871,10 +1896,10 @@ msgid ""
"and `ba.b`" "and `ba.b`"
msgstr "" msgstr ""
#: authentik/tenants/models.py:95 #: authentik/tenants/models.py:98
msgid "Tenant" msgid "Tenant"
msgstr "" msgstr ""
#: authentik/tenants/models.py:96 #: authentik/tenants/models.py:99
msgid "Tenants" msgid "Tenants"
msgstr "" msgstr ""

View file

@ -306,17 +306,14 @@ export class OAuthSourceForm extends ModelForm<OAuthSource, string> {
> >
<textarea class="pf-c-form-control"></textarea> <textarea class="pf-c-form-control"></textarea>
</ak-form-element-horizontal> </ak-form-element-horizontal>
<ak-form-element-horizontal <ak-form-element-horizontal label=${t`Scopes`} name="additionalScopes">
label=${t`Additional Scope`}
name="additionalScopes"
>
<input <input
type="text" type="text"
value="${first(this.instance?.additionalScopes, "")}" value="${first(this.instance?.additionalScopes, "")}"
class="pf-c-form-control" class="pf-c-form-control"
/> />
<p class="pf-c-form__helper-text"> <p class="pf-c-form__helper-text">
${t`Additional scopes to be passed to the OAuth Provider, separated by space.`} ${t`Additional scopes to be passed to the OAuth Provider, separated by space. To replace existing scopes, prefix with *.`}
</p> </p>
</ak-form-element-horizontal> </ak-form-element-horizontal>
</div> </div>

File diff suppressed because it is too large Load diff

View file

@ -262,8 +262,8 @@ msgid "Addition User DN"
msgstr "Addition User DN" msgstr "Addition User DN"
#: src/admin/sources/oauth/OAuthSourceForm.ts #: src/admin/sources/oauth/OAuthSourceForm.ts
msgid "Additional Scope" #~ msgid "Additional Scope"
msgstr "Additional Scope" #~ msgstr "Additional Scope"
#: src/admin/applications/wizard/InitialApplicationWizardPage.ts #: src/admin/applications/wizard/InitialApplicationWizardPage.ts
msgid "Additional UI settings" msgid "Additional UI settings"
@ -278,8 +278,12 @@ msgid "Additional scope mappings, which are passed to the proxy."
msgstr "Additional scope mappings, which are passed to the proxy." msgstr "Additional scope mappings, which are passed to the proxy."
#: src/admin/sources/oauth/OAuthSourceForm.ts #: src/admin/sources/oauth/OAuthSourceForm.ts
msgid "Additional scopes to be passed to the OAuth Provider, separated by space." #~ msgid "Additional scopes to be passed to the OAuth Provider, separated by space."
msgstr "Additional scopes to be passed to the OAuth Provider, separated by space." #~ msgstr "Additional scopes to be passed to the OAuth Provider, separated by space."
#: src/admin/sources/oauth/OAuthSourceForm.ts
msgid "Additional scopes to be passed to the OAuth Provider, separated by space. To replace existing scopes, prefix with *."
msgstr "Additional scopes to be passed to the OAuth Provider, separated by space. To replace existing scopes, prefix with *."
#: src/admin/blueprints/BlueprintForm.ts #: src/admin/blueprints/BlueprintForm.ts
#: src/admin/sources/ldap/LDAPSourceForm.ts #: src/admin/sources/ldap/LDAPSourceForm.ts
@ -1081,6 +1085,7 @@ msgstr "Client type"
msgid "Close" msgid "Close"
msgstr "Close" msgstr "Close"
#: src/flow/providers/oauth2/DeviceCode.ts
#: src/flow/stages/authenticator_sms/AuthenticatorSMSStage.ts #: src/flow/stages/authenticator_sms/AuthenticatorSMSStage.ts
#: src/flow/stages/authenticator_totp/AuthenticatorTOTPStage.ts #: src/flow/stages/authenticator_totp/AuthenticatorTOTPStage.ts
#: src/flow/stages/authenticator_validate/AuthenticatorValidateStageCode.ts #: src/flow/stages/authenticator_validate/AuthenticatorValidateStageCode.ts
@ -1195,6 +1200,7 @@ msgstr "Confirmed"
#: src/user/user-settings/sources/SourceSettingsOAuth.ts #: src/user/user-settings/sources/SourceSettingsOAuth.ts
#: src/user/user-settings/sources/SourceSettingsPlex.ts #: src/user/user-settings/sources/SourceSettingsPlex.ts
#: src/user/user-settings/sources/SourceSettingsSAML.ts
msgid "Connect" msgid "Connect"
msgstr "Connect" msgstr "Connect"
@ -1278,6 +1284,7 @@ msgid "Context"
msgstr "Context" msgstr "Context"
#: src/admin/stages/authenticator_validate/AuthenticatorValidateStageForm.ts #: src/admin/stages/authenticator_validate/AuthenticatorValidateStageForm.ts
#: src/flow/providers/oauth2/DeviceCode.ts
#: src/flow/stages/authenticator_sms/AuthenticatorSMSStage.ts #: src/flow/stages/authenticator_sms/AuthenticatorSMSStage.ts
#: src/flow/stages/authenticator_sms/AuthenticatorSMSStage.ts #: src/flow/stages/authenticator_sms/AuthenticatorSMSStage.ts
#: src/flow/stages/authenticator_static/AuthenticatorStaticStage.ts #: src/flow/stages/authenticator_static/AuthenticatorStaticStage.ts
@ -1757,6 +1764,10 @@ msgstr "Device classes"
msgid "Device classes which can be used to authenticate." msgid "Device classes which can be used to authenticate."
msgstr "Device classes which can be used to authenticate." msgstr "Device classes which can be used to authenticate."
#: src/admin/tenants/TenantForm.ts
msgid "Device code flow"
msgstr "Device code flow"
#: #:
#~ msgid "Device name" #~ msgid "Device name"
#~ msgstr "Device name" #~ msgstr "Device name"
@ -1826,6 +1837,7 @@ msgstr "Disabled blueprints are never applied."
#: src/user/user-settings/sources/SourceSettingsOAuth.ts #: src/user/user-settings/sources/SourceSettingsOAuth.ts
#: src/user/user-settings/sources/SourceSettingsPlex.ts #: src/user/user-settings/sources/SourceSettingsPlex.ts
#: src/user/user-settings/sources/SourceSettingsSAML.ts
msgid "Disconnect" msgid "Disconnect"
msgstr "Disconnect" msgstr "Disconnect"
@ -2058,6 +2070,10 @@ msgstr "Enrollment"
msgid "Enrollment flow" msgid "Enrollment flow"
msgstr "Enrollment flow" msgstr "Enrollment flow"
#: src/flow/providers/oauth2/DeviceCode.ts
msgid "Enter the code shown on your device."
msgstr "Enter the code shown on your device."
#: src/admin/providers/saml/SAMLProviderViewPage.ts #: src/admin/providers/saml/SAMLProviderViewPage.ts
msgid "EntityID/Issuer" msgid "EntityID/Issuer"
msgstr "EntityID/Issuer" msgstr "EntityID/Issuer"
@ -2305,6 +2321,7 @@ msgstr "Failed to delete {0}: {1}"
#: src/user/user-settings/sources/SourceSettingsOAuth.ts #: src/user/user-settings/sources/SourceSettingsOAuth.ts
#: src/user/user-settings/sources/SourceSettingsPlex.ts #: src/user/user-settings/sources/SourceSettingsPlex.ts
#: src/user/user-settings/sources/SourceSettingsSAML.ts
msgid "Failed to disconnected source: {exc}" msgid "Failed to disconnected source: {exc}"
msgstr "Failed to disconnected source: {exc}" msgstr "Failed to disconnected source: {exc}"
@ -2799,6 +2816,10 @@ msgstr "If no explicit redirect URIs are specified, the first successfully used
#~ "If password change date is more than x days in the past, invalidate the user's password\n" #~ "If password change date is more than x days in the past, invalidate the user's password\n"
#~ "and show a notice." #~ "and show a notice."
#: src/admin/tenants/TenantForm.ts
msgid "If set, the OAuth Device Code profile can be used, and the selected flow will be used to enter the code."
msgstr "If set, the OAuth Device Code profile can be used, and the selected flow will be used to enter the code."
#: src/admin/tenants/TenantForm.ts #: src/admin/tenants/TenantForm.ts
msgid "If set, users are able to configure details of their profile." msgid "If set, users are able to configure details of their profile."
msgstr "If set, users are able to configure details of their profile." msgstr "If set, users are able to configure details of their profile."
@ -3152,6 +3173,8 @@ msgstr "Load servers"
#: src/flow/FlowExecutor.ts #: src/flow/FlowExecutor.ts
#: src/flow/FlowExecutor.ts #: src/flow/FlowExecutor.ts
#: src/flow/FlowInspector.ts #: src/flow/FlowInspector.ts
#: src/flow/providers/oauth2/DeviceCode.ts
#: src/flow/providers/oauth2/DeviceCodeFinish.ts
#: src/flow/stages/FlowErrorStage.ts #: src/flow/stages/FlowErrorStage.ts
#: src/flow/stages/access_denied/AccessDeniedStage.ts #: src/flow/stages/access_denied/AccessDeniedStage.ts
#: src/flow/stages/authenticator_duo/AuthenticatorDuoStage.ts #: src/flow/stages/authenticator_duo/AuthenticatorDuoStage.ts
@ -3228,6 +3251,7 @@ msgstr "Loading"
#: src/admin/stages/authenticator_duo/AuthenticatorDuoStageForm.ts #: src/admin/stages/authenticator_duo/AuthenticatorDuoStageForm.ts
#: src/admin/stages/authenticator_duo/DuoDeviceImportForm.ts #: src/admin/stages/authenticator_duo/DuoDeviceImportForm.ts
#: src/admin/stages/authenticator_sms/AuthenticatorSMSStageForm.ts #: src/admin/stages/authenticator_sms/AuthenticatorSMSStageForm.ts
#: src/admin/stages/authenticator_sms/AuthenticatorSMSStageForm.ts
#: src/admin/stages/authenticator_static/AuthenticatorStaticStageForm.ts #: src/admin/stages/authenticator_static/AuthenticatorStaticStageForm.ts
#: src/admin/stages/authenticator_totp/AuthenticatorTOTPStageForm.ts #: src/admin/stages/authenticator_totp/AuthenticatorTOTPStageForm.ts
#: src/admin/stages/authenticator_validate/AuthenticatorValidateStageForm.ts #: src/admin/stages/authenticator_validate/AuthenticatorValidateStageForm.ts
@ -3248,6 +3272,7 @@ msgstr "Loading"
#: src/admin/tenants/TenantForm.ts #: src/admin/tenants/TenantForm.ts
#: src/admin/tenants/TenantForm.ts #: src/admin/tenants/TenantForm.ts
#: src/admin/tenants/TenantForm.ts #: src/admin/tenants/TenantForm.ts
#: src/admin/tenants/TenantForm.ts
#: src/admin/tokens/TokenForm.ts #: src/admin/tokens/TokenForm.ts
#: src/admin/users/UserForm.ts #: src/admin/users/UserForm.ts
#: src/admin/users/UserResetEmailForm.ts #: src/admin/users/UserResetEmailForm.ts
@ -3367,6 +3392,10 @@ msgstr "Manual configuration"
msgid "Manually configure SAML" msgid "Manually configure SAML"
msgstr "Manually configure SAML" msgstr "Manually configure SAML"
#: src/admin/stages/authenticator_sms/AuthenticatorSMSStageForm.ts
msgid "Mapping"
msgstr "Mapping"
#: src/admin/stages/user_write/UserWriteStageForm.ts #: src/admin/stages/user_write/UserWriteStageForm.ts
msgid "Mark newly created users as inactive." msgid "Mark newly created users as inactive."
msgstr "Mark newly created users as inactive." msgstr "Mark newly created users as inactive."
@ -3471,6 +3500,10 @@ msgstr "Model updated"
msgid "Modern applications, APIs and Single-page applications." msgid "Modern applications, APIs and Single-page applications."
msgstr "Modern applications, APIs and Single-page applications." msgstr "Modern applications, APIs and Single-page applications."
#: src/admin/stages/authenticator_sms/AuthenticatorSMSStageForm.ts
msgid "Modify the payload sent to the custom provider."
msgstr "Modify the payload sent to the custom provider."
#: #:
#~ msgid "Monitor" #~ msgid "Monitor"
#~ msgstr "Monitor" #~ msgstr "Monitor"
@ -3897,8 +3930,8 @@ msgid "OIDC well-known configuration URL. Can be used to automatically configure
msgstr "OIDC well-known configuration URL. Can be used to automatically configure the URLs above." msgstr "OIDC well-known configuration URL. Can be used to automatically configure the URLs above."
#: src/admin/admin-overview/cards/SystemStatusCard.ts #: src/admin/admin-overview/cards/SystemStatusCard.ts
msgid "OK" #~ msgid "OK"
msgstr "OK" #~ msgstr "OK"
#: src/admin/events/EventInfo.ts #: src/admin/events/EventInfo.ts
#: src/admin/events/EventInfo.ts #: src/admin/events/EventInfo.ts
@ -4211,6 +4244,7 @@ msgstr "Plan history"
msgid "Please enter the code you received via SMS" msgid "Please enter the code you received via SMS"
msgstr "Please enter the code you received via SMS" msgstr "Please enter the code you received via SMS"
#: src/flow/providers/oauth2/DeviceCode.ts
#: src/flow/stages/authenticator_validate/AuthenticatorValidateStageCode.ts #: src/flow/stages/authenticator_validate/AuthenticatorValidateStageCode.ts
msgid "Please enter your Code" msgid "Please enter your Code"
msgstr "Please enter your Code" msgstr "Please enter your Code"
@ -4864,6 +4898,7 @@ msgstr "Scope which the client can specify to access these properties."
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts #: src/admin/providers/oauth2/OAuth2ProviderForm.ts
#: src/admin/providers/proxy/ProxyProviderForm.ts #: src/admin/providers/proxy/ProxyProviderForm.ts
#: src/admin/sources/oauth/OAuthSourceForm.ts
#: src/elements/oauth/UserRefreshList.ts #: src/elements/oauth/UserRefreshList.ts
msgid "Scopes" msgid "Scopes"
msgstr "Scopes" msgstr "Scopes"
@ -5589,6 +5624,7 @@ msgstr "Successfully deleted {0} {1}"
#: src/user/user-settings/sources/SourceSettingsOAuth.ts #: src/user/user-settings/sources/SourceSettingsOAuth.ts
#: src/user/user-settings/sources/SourceSettingsPlex.ts #: src/user/user-settings/sources/SourceSettingsPlex.ts
#: src/user/user-settings/sources/SourceSettingsSAML.ts
msgid "Successfully disconnected source" msgid "Successfully disconnected source"
msgstr "Successfully disconnected source" msgstr "Successfully disconnected source"
@ -5831,7 +5867,7 @@ msgstr "System"
msgid "System Tasks" msgid "System Tasks"
msgstr "System Tasks" msgstr "System Tasks"
#: src/admin/admin-overview/AdminOverviewPage.ts #: src/admin/admin-overview/cards/SystemStatusCard.ts
msgid "System status" msgid "System status"
msgstr "System status" msgstr "System status"
@ -6701,6 +6737,7 @@ msgstr "User mappings can only be checked if a user is already logged in when tr
#: src/admin/sources/oauth/OAuthSourceForm.ts #: src/admin/sources/oauth/OAuthSourceForm.ts
#: src/admin/sources/plex/PlexSourceForm.ts #: src/admin/sources/plex/PlexSourceForm.ts
#: src/admin/sources/saml/SAMLSourceForm.ts
msgid "User matching mode" msgid "User matching mode"
msgstr "User matching mode" msgstr "User matching mode"
@ -6882,7 +6919,7 @@ msgstr "Verification Certificate"
msgid "Verify the user's email address by sending them a one-time-link. Can also be used for recovery to verify the user's authenticity." msgid "Verify the user's email address by sending them a one-time-link. Can also be used for recovery to verify the user's authenticity."
msgstr "Verify the user's email address by sending them a one-time-link. Can also be used for recovery to verify the user's authenticity." msgstr "Verify the user's email address by sending them a one-time-link. Can also be used for recovery to verify the user's authenticity."
#: src/admin/admin-overview/AdminOverviewPage.ts #: src/admin/admin-overview/cards/VersionStatusCard.ts
msgid "Version" msgid "Version"
msgstr "Version" msgstr "Version"
@ -7083,7 +7120,7 @@ msgstr "Whoops!"
msgid "Windows" msgid "Windows"
msgstr "Windows" msgstr "Windows"
#: src/admin/admin-overview/AdminOverviewPage.ts #: src/admin/admin-overview/cards/WorkerStatusCard.ts
msgid "Workers" msgid "Workers"
msgstr "Workers" msgstr "Workers"
@ -7127,6 +7164,10 @@ msgstr "Yes"
msgid "Yes ({0})" msgid "Yes ({0})"
msgstr "Yes ({0})" msgstr "Yes ({0})"
#: src/flow/providers/oauth2/DeviceCodeFinish.ts
msgid "You can close this tab now."
msgstr "You can close this tab now."
#: src/admin/outposts/OutpostForm.ts #: src/admin/outposts/OutpostForm.ts
msgid "You can only select providers that match the type of the outpost." msgid "You can only select providers that match the type of the outpost."
msgstr "You can only select providers that match the type of the outpost." msgstr "You can only select providers that match the type of the outpost."
@ -7139,6 +7180,10 @@ msgstr "You're about to be redirect to the following URL."
msgid "You're currently impersonating {0}. Click to stop." msgid "You're currently impersonating {0}. Click to stop."
msgstr "You're currently impersonating {0}. Click to stop." msgstr "You're currently impersonating {0}. Click to stop."
#: src/flow/providers/oauth2/DeviceCodeFinish.ts
msgid "You've successfully authenticated your device."
msgstr "You've successfully authenticated your device."
#: src/admin/providers/proxy/ProxyProviderForm.ts #: src/admin/providers/proxy/ProxyProviderForm.ts
msgid "app1 running on app1.example.com" msgid "app1 running on app1.example.com"
msgstr "app1 running on app1.example.com" msgstr "app1 running on app1.example.com"

File diff suppressed because it is too large Load diff

File diff suppressed because it is too large Load diff

File diff suppressed because it is too large Load diff

View file

@ -258,8 +258,8 @@ msgid "Addition User DN"
msgstr "" msgstr ""
#: src/admin/sources/oauth/OAuthSourceForm.ts #: src/admin/sources/oauth/OAuthSourceForm.ts
msgid "Additional Scope" #~ msgid "Additional Scope"
msgstr "" #~ msgstr ""
#: src/admin/applications/wizard/InitialApplicationWizardPage.ts #: src/admin/applications/wizard/InitialApplicationWizardPage.ts
msgid "Additional UI settings" msgid "Additional UI settings"
@ -274,7 +274,11 @@ msgid "Additional scope mappings, which are passed to the proxy."
msgstr "" msgstr ""
#: src/admin/sources/oauth/OAuthSourceForm.ts #: src/admin/sources/oauth/OAuthSourceForm.ts
msgid "Additional scopes to be passed to the OAuth Provider, separated by space." #~ msgid "Additional scopes to be passed to the OAuth Provider, separated by space."
#~ msgstr ""
#: src/admin/sources/oauth/OAuthSourceForm.ts
msgid "Additional scopes to be passed to the OAuth Provider, separated by space. To replace existing scopes, prefix with *."
msgstr "" msgstr ""
#: src/admin/blueprints/BlueprintForm.ts #: src/admin/blueprints/BlueprintForm.ts
@ -1069,6 +1073,7 @@ msgstr ""
msgid "Close" msgid "Close"
msgstr "" msgstr ""
#: src/flow/providers/oauth2/DeviceCode.ts
#: src/flow/stages/authenticator_sms/AuthenticatorSMSStage.ts #: src/flow/stages/authenticator_sms/AuthenticatorSMSStage.ts
#: src/flow/stages/authenticator_totp/AuthenticatorTOTPStage.ts #: src/flow/stages/authenticator_totp/AuthenticatorTOTPStage.ts
#: src/flow/stages/authenticator_validate/AuthenticatorValidateStageCode.ts #: src/flow/stages/authenticator_validate/AuthenticatorValidateStageCode.ts
@ -1183,6 +1188,7 @@ msgstr ""
#: src/user/user-settings/sources/SourceSettingsOAuth.ts #: src/user/user-settings/sources/SourceSettingsOAuth.ts
#: src/user/user-settings/sources/SourceSettingsPlex.ts #: src/user/user-settings/sources/SourceSettingsPlex.ts
#: src/user/user-settings/sources/SourceSettingsSAML.ts
msgid "Connect" msgid "Connect"
msgstr "" msgstr ""
@ -1266,6 +1272,7 @@ msgid "Context"
msgstr "" msgstr ""
#: src/admin/stages/authenticator_validate/AuthenticatorValidateStageForm.ts #: src/admin/stages/authenticator_validate/AuthenticatorValidateStageForm.ts
#: src/flow/providers/oauth2/DeviceCode.ts
#: src/flow/stages/authenticator_sms/AuthenticatorSMSStage.ts #: src/flow/stages/authenticator_sms/AuthenticatorSMSStage.ts
#: src/flow/stages/authenticator_sms/AuthenticatorSMSStage.ts #: src/flow/stages/authenticator_sms/AuthenticatorSMSStage.ts
#: src/flow/stages/authenticator_static/AuthenticatorStaticStage.ts #: src/flow/stages/authenticator_static/AuthenticatorStaticStage.ts
@ -1743,6 +1750,10 @@ msgstr ""
msgid "Device classes which can be used to authenticate." msgid "Device classes which can be used to authenticate."
msgstr "" msgstr ""
#: src/admin/tenants/TenantForm.ts
msgid "Device code flow"
msgstr ""
#: #:
#~ msgid "Device name" #~ msgid "Device name"
#~ msgstr "" #~ msgstr ""
@ -1812,6 +1823,7 @@ msgstr ""
#: src/user/user-settings/sources/SourceSettingsOAuth.ts #: src/user/user-settings/sources/SourceSettingsOAuth.ts
#: src/user/user-settings/sources/SourceSettingsPlex.ts #: src/user/user-settings/sources/SourceSettingsPlex.ts
#: src/user/user-settings/sources/SourceSettingsSAML.ts
msgid "Disconnect" msgid "Disconnect"
msgstr "" msgstr ""
@ -2044,6 +2056,10 @@ msgstr ""
msgid "Enrollment flow" msgid "Enrollment flow"
msgstr "" msgstr ""
#: src/flow/providers/oauth2/DeviceCode.ts
msgid "Enter the code shown on your device."
msgstr ""
#: src/admin/providers/saml/SAMLProviderViewPage.ts #: src/admin/providers/saml/SAMLProviderViewPage.ts
msgid "EntityID/Issuer" msgid "EntityID/Issuer"
msgstr "" msgstr ""
@ -2291,6 +2307,7 @@ msgstr ""
#: src/user/user-settings/sources/SourceSettingsOAuth.ts #: src/user/user-settings/sources/SourceSettingsOAuth.ts
#: src/user/user-settings/sources/SourceSettingsPlex.ts #: src/user/user-settings/sources/SourceSettingsPlex.ts
#: src/user/user-settings/sources/SourceSettingsSAML.ts
msgid "Failed to disconnected source: {exc}" msgid "Failed to disconnected source: {exc}"
msgstr "" msgstr ""
@ -2783,6 +2800,10 @@ msgstr ""
#~ "and show a notice." #~ "and show a notice."
#~ msgstr "" #~ msgstr ""
#: src/admin/tenants/TenantForm.ts
msgid "If set, the OAuth Device Code profile can be used, and the selected flow will be used to enter the code."
msgstr ""
#: src/admin/tenants/TenantForm.ts #: src/admin/tenants/TenantForm.ts
msgid "If set, users are able to configure details of their profile." msgid "If set, users are able to configure details of their profile."
msgstr "" msgstr ""
@ -3134,6 +3155,8 @@ msgstr ""
#: src/flow/FlowExecutor.ts #: src/flow/FlowExecutor.ts
#: src/flow/FlowExecutor.ts #: src/flow/FlowExecutor.ts
#: src/flow/FlowInspector.ts #: src/flow/FlowInspector.ts
#: src/flow/providers/oauth2/DeviceCode.ts
#: src/flow/providers/oauth2/DeviceCodeFinish.ts
#: src/flow/stages/FlowErrorStage.ts #: src/flow/stages/FlowErrorStage.ts
#: src/flow/stages/access_denied/AccessDeniedStage.ts #: src/flow/stages/access_denied/AccessDeniedStage.ts
#: src/flow/stages/authenticator_duo/AuthenticatorDuoStage.ts #: src/flow/stages/authenticator_duo/AuthenticatorDuoStage.ts
@ -3210,6 +3233,7 @@ msgstr ""
#: src/admin/stages/authenticator_duo/AuthenticatorDuoStageForm.ts #: src/admin/stages/authenticator_duo/AuthenticatorDuoStageForm.ts
#: src/admin/stages/authenticator_duo/DuoDeviceImportForm.ts #: src/admin/stages/authenticator_duo/DuoDeviceImportForm.ts
#: src/admin/stages/authenticator_sms/AuthenticatorSMSStageForm.ts #: src/admin/stages/authenticator_sms/AuthenticatorSMSStageForm.ts
#: src/admin/stages/authenticator_sms/AuthenticatorSMSStageForm.ts
#: src/admin/stages/authenticator_static/AuthenticatorStaticStageForm.ts #: src/admin/stages/authenticator_static/AuthenticatorStaticStageForm.ts
#: src/admin/stages/authenticator_totp/AuthenticatorTOTPStageForm.ts #: src/admin/stages/authenticator_totp/AuthenticatorTOTPStageForm.ts
#: src/admin/stages/authenticator_validate/AuthenticatorValidateStageForm.ts #: src/admin/stages/authenticator_validate/AuthenticatorValidateStageForm.ts
@ -3230,6 +3254,7 @@ msgstr ""
#: src/admin/tenants/TenantForm.ts #: src/admin/tenants/TenantForm.ts
#: src/admin/tenants/TenantForm.ts #: src/admin/tenants/TenantForm.ts
#: src/admin/tenants/TenantForm.ts #: src/admin/tenants/TenantForm.ts
#: src/admin/tenants/TenantForm.ts
#: src/admin/tokens/TokenForm.ts #: src/admin/tokens/TokenForm.ts
#: src/admin/users/UserForm.ts #: src/admin/users/UserForm.ts
#: src/admin/users/UserResetEmailForm.ts #: src/admin/users/UserResetEmailForm.ts
@ -3349,6 +3374,10 @@ msgstr ""
msgid "Manually configure SAML" msgid "Manually configure SAML"
msgstr "" msgstr ""
#: src/admin/stages/authenticator_sms/AuthenticatorSMSStageForm.ts
msgid "Mapping"
msgstr ""
#: src/admin/stages/user_write/UserWriteStageForm.ts #: src/admin/stages/user_write/UserWriteStageForm.ts
msgid "Mark newly created users as inactive." msgid "Mark newly created users as inactive."
msgstr "" msgstr ""
@ -3453,6 +3482,10 @@ msgstr ""
msgid "Modern applications, APIs and Single-page applications." msgid "Modern applications, APIs and Single-page applications."
msgstr "" msgstr ""
#: src/admin/stages/authenticator_sms/AuthenticatorSMSStageForm.ts
msgid "Modify the payload sent to the custom provider."
msgstr ""
#: #:
#~ msgid "Monitor" #~ msgid "Monitor"
#~ msgstr "" #~ msgstr ""
@ -3879,8 +3912,8 @@ msgid "OIDC well-known configuration URL. Can be used to automatically configure
msgstr "" msgstr ""
#: src/admin/admin-overview/cards/SystemStatusCard.ts #: src/admin/admin-overview/cards/SystemStatusCard.ts
msgid "OK" #~ msgid "OK"
msgstr "" #~ msgstr ""
#: src/admin/events/EventInfo.ts #: src/admin/events/EventInfo.ts
#: src/admin/events/EventInfo.ts #: src/admin/events/EventInfo.ts
@ -4193,6 +4226,7 @@ msgstr ""
msgid "Please enter the code you received via SMS" msgid "Please enter the code you received via SMS"
msgstr "" msgstr ""
#: src/flow/providers/oauth2/DeviceCode.ts
#: src/flow/stages/authenticator_validate/AuthenticatorValidateStageCode.ts #: src/flow/stages/authenticator_validate/AuthenticatorValidateStageCode.ts
msgid "Please enter your Code" msgid "Please enter your Code"
msgstr "" msgstr ""
@ -4844,6 +4878,7 @@ msgstr ""
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts #: src/admin/providers/oauth2/OAuth2ProviderForm.ts
#: src/admin/providers/proxy/ProxyProviderForm.ts #: src/admin/providers/proxy/ProxyProviderForm.ts
#: src/admin/sources/oauth/OAuthSourceForm.ts
#: src/elements/oauth/UserRefreshList.ts #: src/elements/oauth/UserRefreshList.ts
msgid "Scopes" msgid "Scopes"
msgstr "" msgstr ""
@ -5569,6 +5604,7 @@ msgstr ""
#: src/user/user-settings/sources/SourceSettingsOAuth.ts #: src/user/user-settings/sources/SourceSettingsOAuth.ts
#: src/user/user-settings/sources/SourceSettingsPlex.ts #: src/user/user-settings/sources/SourceSettingsPlex.ts
#: src/user/user-settings/sources/SourceSettingsSAML.ts
msgid "Successfully disconnected source" msgid "Successfully disconnected source"
msgstr "" msgstr ""
@ -5811,7 +5847,7 @@ msgstr ""
msgid "System Tasks" msgid "System Tasks"
msgstr "" msgstr ""
#: src/admin/admin-overview/AdminOverviewPage.ts #: src/admin/admin-overview/cards/SystemStatusCard.ts
msgid "System status" msgid "System status"
msgstr "" msgstr ""
@ -6671,6 +6707,7 @@ msgstr ""
#: src/admin/sources/oauth/OAuthSourceForm.ts #: src/admin/sources/oauth/OAuthSourceForm.ts
#: src/admin/sources/plex/PlexSourceForm.ts #: src/admin/sources/plex/PlexSourceForm.ts
#: src/admin/sources/saml/SAMLSourceForm.ts
msgid "User matching mode" msgid "User matching mode"
msgstr "" msgstr ""
@ -6852,7 +6889,7 @@ msgstr ""
msgid "Verify the user's email address by sending them a one-time-link. Can also be used for recovery to verify the user's authenticity." msgid "Verify the user's email address by sending them a one-time-link. Can also be used for recovery to verify the user's authenticity."
msgstr "" msgstr ""
#: src/admin/admin-overview/AdminOverviewPage.ts #: src/admin/admin-overview/cards/VersionStatusCard.ts
msgid "Version" msgid "Version"
msgstr "" msgstr ""
@ -7049,7 +7086,7 @@ msgstr ""
msgid "Windows" msgid "Windows"
msgstr "" msgstr ""
#: src/admin/admin-overview/AdminOverviewPage.ts #: src/admin/admin-overview/cards/WorkerStatusCard.ts
msgid "Workers" msgid "Workers"
msgstr "" msgstr ""
@ -7091,6 +7128,10 @@ msgstr ""
msgid "Yes ({0})" msgid "Yes ({0})"
msgstr "" msgstr ""
#: src/flow/providers/oauth2/DeviceCodeFinish.ts
msgid "You can close this tab now."
msgstr ""
#: src/admin/outposts/OutpostForm.ts #: src/admin/outposts/OutpostForm.ts
msgid "You can only select providers that match the type of the outpost." msgid "You can only select providers that match the type of the outpost."
msgstr "" msgstr ""
@ -7103,6 +7144,10 @@ msgstr ""
msgid "You're currently impersonating {0}. Click to stop." msgid "You're currently impersonating {0}. Click to stop."
msgstr "" msgstr ""
#: src/flow/providers/oauth2/DeviceCodeFinish.ts
msgid "You've successfully authenticated your device."
msgstr ""
#: src/admin/providers/proxy/ProxyProviderForm.ts #: src/admin/providers/proxy/ProxyProviderForm.ts
msgid "app1 running on app1.example.com" msgid "app1 running on app1.example.com"
msgstr "" msgstr ""

File diff suppressed because it is too large Load diff

File diff suppressed because it is too large Load diff

File diff suppressed because it is too large Load diff

File diff suppressed because it is too large Load diff

View file

@ -14,6 +14,9 @@ This source allows users to enroll themselves with an external OAuth-based Ident
- Access Token URL: This value will be provided by the provider. - Access Token URL: This value will be provided by the provider.
- Profile URL: This URL is called by authentik to retrieve user information upon successful authentication. - Profile URL: This URL is called by authentik to retrieve user information upon successful authentication.
- Consumer key/Consumer secret: These values will be provided by the provider. - Consumer key/Consumer secret: These values will be provided by the provider.
- Scopes: Configure additional scopes to send to the provider.
Starting with authentik 2022.10, the default scopes can be replaced by prefix the value for scopes with `*`.
### OpenID Connect ### OpenID Connect