sources/oauth: allow overriding of all scopes
closes #3747 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
parent
10cfccd999
commit
96a30af0eb
|
@ -58,6 +58,13 @@ class TestTypeGoogle(TestCase):
|
|||
"email%20profile"
|
||||
),
|
||||
)
|
||||
|
||||
def test_authorize_url_additional(self):
|
||||
"""Test authorize URL"""
|
||||
request = self.request_factory.get("/")
|
||||
middleware = SessionMiddleware(dummy_get_response)
|
||||
middleware.process_request(request)
|
||||
request.session.save()
|
||||
self.source.additional_scopes = "foo"
|
||||
self.source.save()
|
||||
redirect = GoogleOAuthRedirect(request=request).get_redirect_url(
|
||||
|
@ -72,3 +79,24 @@ class TestTypeGoogle(TestCase):
|
|||
"email%20foo%20profile"
|
||||
),
|
||||
)
|
||||
|
||||
def test_authorize_url_additional_replace(self):
|
||||
"""Test authorize URL"""
|
||||
request = self.request_factory.get("/")
|
||||
middleware = SessionMiddleware(dummy_get_response)
|
||||
middleware.process_request(request)
|
||||
request.session.save()
|
||||
self.source.additional_scopes = "*foo"
|
||||
self.source.save()
|
||||
redirect = GoogleOAuthRedirect(request=request).get_redirect_url(
|
||||
source_slug=self.source.slug
|
||||
)
|
||||
self.assertEqual(
|
||||
redirect,
|
||||
(
|
||||
f"https://accounts.google.com/o/oauth2/auth?client_id={self.source.consumer_key}&re"
|
||||
"direct_uri=http%3A%2F%2Ftestserver%2Fsource%2Foauth%2Fcallback%2Ftest%2F&response_"
|
||||
f"type=code&state={request.session['oauth-client-test-request-state']}&scope="
|
||||
"foo"
|
||||
),
|
||||
)
|
||||
|
|
|
@ -44,5 +44,8 @@ class OAuthRedirect(OAuthClientMixin, RedirectView):
|
|||
params = self.get_additional_parameters(source)
|
||||
params.setdefault("scope", [])
|
||||
if source.additional_scopes != "":
|
||||
params["scope"] += source.additional_scopes.split(" ")
|
||||
if source.additional_scopes.startswith("*"):
|
||||
params["scope"] = source.additional_scopes[1:].split(" ")
|
||||
else:
|
||||
params["scope"] += source.additional_scopes.split(" ")
|
||||
return client.get_redirect_url(params)
|
||||
|
|
|
@ -8,7 +8,7 @@ msgid ""
|
|||
msgstr ""
|
||||
"Project-Id-Version: PACKAGE VERSION\n"
|
||||
"Report-Msgid-Bugs-To: \n"
|
||||
"POT-Creation-Date: 2022-10-10 10:27+0000\n"
|
||||
"POT-Creation-Date: 2022-10-16 19:21+0000\n"
|
||||
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
|
||||
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
|
||||
"Language-Team: LANGUAGE <LL@li.org>\n"
|
||||
|
@ -194,7 +194,6 @@ msgid "Loading..."
|
|||
msgstr ""
|
||||
|
||||
#: authentik/core/templates/if/end_session.html:7
|
||||
#: authentik/core/templates/if/error.html:7
|
||||
msgid "End session"
|
||||
msgstr ""
|
||||
|
||||
|
@ -240,7 +239,8 @@ msgid "Powered by authentik"
|
|||
msgstr ""
|
||||
|
||||
#: authentik/core/views/apps.py:48
|
||||
#: authentik/providers/oauth2/views/authorize.py:359
|
||||
#: authentik/providers/oauth2/views/authorize.py:358
|
||||
#: authentik/providers/oauth2/views/device_init.py:68
|
||||
#: authentik/providers/saml/views/sso.py:69
|
||||
#, python-format
|
||||
msgid "You're about to sign into %(application)s."
|
||||
|
@ -347,11 +347,11 @@ msgid "Notification Rules"
|
|||
msgstr ""
|
||||
|
||||
#: authentik/events/models.py:580
|
||||
msgid "Notification Webhook Mapping"
|
||||
msgid "Webhook Mapping"
|
||||
msgstr ""
|
||||
|
||||
#: authentik/events/models.py:581
|
||||
msgid "Notification Webhook Mappings"
|
||||
msgid "Webhook Mappings"
|
||||
msgstr ""
|
||||
|
||||
#: authentik/events/monitored_tasks.py:195
|
||||
|
@ -826,7 +826,8 @@ msgstr ""
|
|||
msgid "OAuth2/OpenID Providers"
|
||||
msgstr ""
|
||||
|
||||
#: authentik/providers/oauth2/models.py:323
|
||||
#: authentik/providers/oauth2/models.py:324
|
||||
#: authentik/providers/oauth2/models.py:530
|
||||
msgid "Scopes"
|
||||
msgstr ""
|
||||
|
||||
|
@ -878,12 +879,24 @@ msgstr ""
|
|||
msgid "OAuth2 Tokens"
|
||||
msgstr ""
|
||||
|
||||
#: authentik/providers/oauth2/views/authorize.py:413
|
||||
#: authentik/providers/oauth2/models.py:542
|
||||
msgid "Device Token"
|
||||
msgstr ""
|
||||
|
||||
#: authentik/providers/oauth2/models.py:543
|
||||
msgid "Device Tokens"
|
||||
msgstr ""
|
||||
|
||||
#: authentik/providers/oauth2/views/authorize.py:412
|
||||
#: authentik/providers/saml/views/flows.py:86
|
||||
#, python-format
|
||||
msgid "Redirecting to %(app)s..."
|
||||
msgstr ""
|
||||
|
||||
#: authentik/providers/oauth2/views/device_init.py:142
|
||||
msgid "Invalid code"
|
||||
msgstr ""
|
||||
|
||||
#: authentik/providers/oauth2/views/userinfo.py:46
|
||||
#: authentik/providers/oauth2/views/userinfo.py:47
|
||||
msgid "GitHub Compatibility: Access your User Information"
|
||||
|
@ -965,39 +978,39 @@ msgstr ""
|
|||
msgid "NameID Property Mapping"
|
||||
msgstr ""
|
||||
|
||||
#: authentik/providers/saml/models.py:109 authentik/sources/saml/models.py:139
|
||||
#: authentik/providers/saml/models.py:109 authentik/sources/saml/models.py:141
|
||||
msgid "SHA1"
|
||||
msgstr ""
|
||||
|
||||
#: authentik/providers/saml/models.py:110 authentik/sources/saml/models.py:140
|
||||
#: authentik/providers/saml/models.py:110 authentik/sources/saml/models.py:142
|
||||
msgid "SHA256"
|
||||
msgstr ""
|
||||
|
||||
#: authentik/providers/saml/models.py:111 authentik/sources/saml/models.py:141
|
||||
#: authentik/providers/saml/models.py:111 authentik/sources/saml/models.py:143
|
||||
msgid "SHA384"
|
||||
msgstr ""
|
||||
|
||||
#: authentik/providers/saml/models.py:112 authentik/sources/saml/models.py:142
|
||||
#: authentik/providers/saml/models.py:112 authentik/sources/saml/models.py:144
|
||||
msgid "SHA512"
|
||||
msgstr ""
|
||||
|
||||
#: authentik/providers/saml/models.py:119 authentik/sources/saml/models.py:149
|
||||
#: authentik/providers/saml/models.py:119 authentik/sources/saml/models.py:151
|
||||
msgid "RSA-SHA1"
|
||||
msgstr ""
|
||||
|
||||
#: authentik/providers/saml/models.py:120 authentik/sources/saml/models.py:150
|
||||
#: authentik/providers/saml/models.py:120 authentik/sources/saml/models.py:152
|
||||
msgid "RSA-SHA256"
|
||||
msgstr ""
|
||||
|
||||
#: authentik/providers/saml/models.py:121 authentik/sources/saml/models.py:151
|
||||
#: authentik/providers/saml/models.py:121 authentik/sources/saml/models.py:153
|
||||
msgid "RSA-SHA384"
|
||||
msgstr ""
|
||||
|
||||
#: authentik/providers/saml/models.py:122 authentik/sources/saml/models.py:152
|
||||
#: authentik/providers/saml/models.py:122 authentik/sources/saml/models.py:154
|
||||
msgid "RSA-SHA512"
|
||||
msgstr ""
|
||||
|
||||
#: authentik/providers/saml/models.py:123 authentik/sources/saml/models.py:153
|
||||
#: authentik/providers/saml/models.py:123 authentik/sources/saml/models.py:155
|
||||
msgid "DSA-SHA1"
|
||||
msgstr ""
|
||||
|
||||
|
@ -1009,7 +1022,7 @@ msgstr ""
|
|||
msgid "Keypair used to sign outgoing Responses going to the Service Provider."
|
||||
msgstr ""
|
||||
|
||||
#: authentik/providers/saml/models.py:150 authentik/sources/saml/models.py:129
|
||||
#: authentik/providers/saml/models.py:150 authentik/sources/saml/models.py:131
|
||||
msgid "Signing Keypair"
|
||||
msgstr ""
|
||||
|
||||
|
@ -1297,75 +1310,83 @@ msgstr ""
|
|||
msgid "User Plex Source Connections"
|
||||
msgstr ""
|
||||
|
||||
#: authentik/sources/saml/models.py:38
|
||||
#: authentik/sources/saml/models.py:40
|
||||
msgid "Redirect Binding"
|
||||
msgstr ""
|
||||
|
||||
#: authentik/sources/saml/models.py:39
|
||||
#: authentik/sources/saml/models.py:41
|
||||
msgid "POST Binding"
|
||||
msgstr ""
|
||||
|
||||
#: authentik/sources/saml/models.py:40
|
||||
#: authentik/sources/saml/models.py:42
|
||||
msgid "POST Binding with auto-confirmation"
|
||||
msgstr ""
|
||||
|
||||
#: authentik/sources/saml/models.py:68
|
||||
#: authentik/sources/saml/models.py:70
|
||||
msgid "Flow used before authentication."
|
||||
msgstr ""
|
||||
|
||||
#: authentik/sources/saml/models.py:75
|
||||
#: authentik/sources/saml/models.py:77
|
||||
msgid "Issuer"
|
||||
msgstr ""
|
||||
|
||||
#: authentik/sources/saml/models.py:76
|
||||
#: authentik/sources/saml/models.py:78
|
||||
msgid "Also known as Entity ID. Defaults the Metadata URL."
|
||||
msgstr ""
|
||||
|
||||
#: authentik/sources/saml/models.py:80
|
||||
#: authentik/sources/saml/models.py:82
|
||||
msgid "SSO URL"
|
||||
msgstr ""
|
||||
|
||||
#: authentik/sources/saml/models.py:81
|
||||
#: authentik/sources/saml/models.py:83
|
||||
msgid "URL that the initial Login request is sent to."
|
||||
msgstr ""
|
||||
|
||||
#: authentik/sources/saml/models.py:87
|
||||
#: authentik/sources/saml/models.py:89
|
||||
msgid "SLO URL"
|
||||
msgstr ""
|
||||
|
||||
#: authentik/sources/saml/models.py:88
|
||||
#: authentik/sources/saml/models.py:90
|
||||
msgid "Optional URL if your IDP supports Single-Logout."
|
||||
msgstr ""
|
||||
|
||||
#: authentik/sources/saml/models.py:94
|
||||
#: authentik/sources/saml/models.py:96
|
||||
msgid ""
|
||||
"Allows authentication flows initiated by the IdP. This can be a security "
|
||||
"risk, as no validation of the request ID is done."
|
||||
msgstr ""
|
||||
|
||||
#: authentik/sources/saml/models.py:102
|
||||
#: authentik/sources/saml/models.py:104
|
||||
msgid ""
|
||||
"NameID Policy sent to the IdP. Can be unset, in which case no Policy is sent."
|
||||
msgstr ""
|
||||
|
||||
#: authentik/sources/saml/models.py:113
|
||||
#: authentik/sources/saml/models.py:115
|
||||
msgid "Delete temporary users after"
|
||||
msgstr ""
|
||||
|
||||
#: authentik/sources/saml/models.py:131
|
||||
#: authentik/sources/saml/models.py:133
|
||||
msgid ""
|
||||
"Keypair which is used to sign outgoing requests. Leave empty to disable "
|
||||
"signing."
|
||||
msgstr ""
|
||||
|
||||
#: authentik/sources/saml/models.py:199
|
||||
#: authentik/sources/saml/models.py:214
|
||||
msgid "SAML Source"
|
||||
msgstr ""
|
||||
|
||||
#: authentik/sources/saml/models.py:200
|
||||
#: authentik/sources/saml/models.py:215
|
||||
msgid "SAML Sources"
|
||||
msgstr ""
|
||||
|
||||
#: authentik/sources/saml/models.py:231
|
||||
msgid "User SAML Source Connection"
|
||||
msgstr ""
|
||||
|
||||
#: authentik/sources/saml/models.py:232
|
||||
msgid "User SAML Source Connections"
|
||||
msgstr ""
|
||||
|
||||
#: authentik/stages/authenticator_duo/models.py:81
|
||||
msgid "Duo Authenticator Setup Stage"
|
||||
msgstr ""
|
||||
|
@ -1382,26 +1403,30 @@ msgstr ""
|
|||
msgid "Duo Devices"
|
||||
msgstr ""
|
||||
|
||||
#: authentik/stages/authenticator_sms/models.py:56
|
||||
#: authentik/stages/authenticator_sms/models.py:57
|
||||
msgid ""
|
||||
"When enabled, the Phone number is only used during enrollment to verify the "
|
||||
"users authenticity. Only a hash of the phone number is saved to ensure it is "
|
||||
"not re-used in the future."
|
||||
msgstr ""
|
||||
|
||||
#: authentik/stages/authenticator_sms/models.py:158
|
||||
#: authentik/stages/authenticator_sms/models.py:68
|
||||
msgid "Optionally modify the payload being sent to custom providers."
|
||||
msgstr ""
|
||||
|
||||
#: authentik/stages/authenticator_sms/models.py:176
|
||||
msgid "SMS Authenticator Setup Stage"
|
||||
msgstr ""
|
||||
|
||||
#: authentik/stages/authenticator_sms/models.py:159
|
||||
#: authentik/stages/authenticator_sms/models.py:177
|
||||
msgid "SMS Authenticator Setup Stages"
|
||||
msgstr ""
|
||||
|
||||
#: authentik/stages/authenticator_sms/models.py:204
|
||||
#: authentik/stages/authenticator_sms/models.py:222
|
||||
msgid "SMS Device"
|
||||
msgstr ""
|
||||
|
||||
#: authentik/stages/authenticator_sms/models.py:205
|
||||
#: authentik/stages/authenticator_sms/models.py:223
|
||||
msgid "SMS Devices"
|
||||
msgstr ""
|
||||
|
||||
|
@ -1871,10 +1896,10 @@ msgid ""
|
|||
"and `ba.b`"
|
||||
msgstr ""
|
||||
|
||||
#: authentik/tenants/models.py:95
|
||||
#: authentik/tenants/models.py:98
|
||||
msgid "Tenant"
|
||||
msgstr ""
|
||||
|
||||
#: authentik/tenants/models.py:96
|
||||
#: authentik/tenants/models.py:99
|
||||
msgid "Tenants"
|
||||
msgstr ""
|
||||
|
|
|
@ -306,17 +306,14 @@ export class OAuthSourceForm extends ModelForm<OAuthSource, string> {
|
|||
>
|
||||
<textarea class="pf-c-form-control"></textarea>
|
||||
</ak-form-element-horizontal>
|
||||
<ak-form-element-horizontal
|
||||
label=${t`Additional Scope`}
|
||||
name="additionalScopes"
|
||||
>
|
||||
<ak-form-element-horizontal label=${t`Scopes`} name="additionalScopes">
|
||||
<input
|
||||
type="text"
|
||||
value="${first(this.instance?.additionalScopes, "")}"
|
||||
class="pf-c-form-control"
|
||||
/>
|
||||
<p class="pf-c-form__helper-text">
|
||||
${t`Additional scopes to be passed to the OAuth Provider, separated by space.`}
|
||||
${t`Additional scopes to be passed to the OAuth Provider, separated by space. To replace existing scopes, prefix with *.`}
|
||||
</p>
|
||||
</ak-form-element-horizontal>
|
||||
</div>
|
||||
|
|
File diff suppressed because it is too large
Load diff
|
@ -262,8 +262,8 @@ msgid "Addition User DN"
|
|||
msgstr "Addition User DN"
|
||||
|
||||
#: src/admin/sources/oauth/OAuthSourceForm.ts
|
||||
msgid "Additional Scope"
|
||||
msgstr "Additional Scope"
|
||||
#~ msgid "Additional Scope"
|
||||
#~ msgstr "Additional Scope"
|
||||
|
||||
#: src/admin/applications/wizard/InitialApplicationWizardPage.ts
|
||||
msgid "Additional UI settings"
|
||||
|
@ -278,8 +278,12 @@ msgid "Additional scope mappings, which are passed to the proxy."
|
|||
msgstr "Additional scope mappings, which are passed to the proxy."
|
||||
|
||||
#: src/admin/sources/oauth/OAuthSourceForm.ts
|
||||
msgid "Additional scopes to be passed to the OAuth Provider, separated by space."
|
||||
msgstr "Additional scopes to be passed to the OAuth Provider, separated by space."
|
||||
#~ msgid "Additional scopes to be passed to the OAuth Provider, separated by space."
|
||||
#~ msgstr "Additional scopes to be passed to the OAuth Provider, separated by space."
|
||||
|
||||
#: src/admin/sources/oauth/OAuthSourceForm.ts
|
||||
msgid "Additional scopes to be passed to the OAuth Provider, separated by space. To replace existing scopes, prefix with *."
|
||||
msgstr "Additional scopes to be passed to the OAuth Provider, separated by space. To replace existing scopes, prefix with *."
|
||||
|
||||
#: src/admin/blueprints/BlueprintForm.ts
|
||||
#: src/admin/sources/ldap/LDAPSourceForm.ts
|
||||
|
@ -1081,6 +1085,7 @@ msgstr "Client type"
|
|||
msgid "Close"
|
||||
msgstr "Close"
|
||||
|
||||
#: src/flow/providers/oauth2/DeviceCode.ts
|
||||
#: src/flow/stages/authenticator_sms/AuthenticatorSMSStage.ts
|
||||
#: src/flow/stages/authenticator_totp/AuthenticatorTOTPStage.ts
|
||||
#: src/flow/stages/authenticator_validate/AuthenticatorValidateStageCode.ts
|
||||
|
@ -1195,6 +1200,7 @@ msgstr "Confirmed"
|
|||
|
||||
#: src/user/user-settings/sources/SourceSettingsOAuth.ts
|
||||
#: src/user/user-settings/sources/SourceSettingsPlex.ts
|
||||
#: src/user/user-settings/sources/SourceSettingsSAML.ts
|
||||
msgid "Connect"
|
||||
msgstr "Connect"
|
||||
|
||||
|
@ -1278,6 +1284,7 @@ msgid "Context"
|
|||
msgstr "Context"
|
||||
|
||||
#: src/admin/stages/authenticator_validate/AuthenticatorValidateStageForm.ts
|
||||
#: src/flow/providers/oauth2/DeviceCode.ts
|
||||
#: src/flow/stages/authenticator_sms/AuthenticatorSMSStage.ts
|
||||
#: src/flow/stages/authenticator_sms/AuthenticatorSMSStage.ts
|
||||
#: src/flow/stages/authenticator_static/AuthenticatorStaticStage.ts
|
||||
|
@ -1757,6 +1764,10 @@ msgstr "Device classes"
|
|||
msgid "Device classes which can be used to authenticate."
|
||||
msgstr "Device classes which can be used to authenticate."
|
||||
|
||||
#: src/admin/tenants/TenantForm.ts
|
||||
msgid "Device code flow"
|
||||
msgstr "Device code flow"
|
||||
|
||||
#:
|
||||
#~ msgid "Device name"
|
||||
#~ msgstr "Device name"
|
||||
|
@ -1826,6 +1837,7 @@ msgstr "Disabled blueprints are never applied."
|
|||
|
||||
#: src/user/user-settings/sources/SourceSettingsOAuth.ts
|
||||
#: src/user/user-settings/sources/SourceSettingsPlex.ts
|
||||
#: src/user/user-settings/sources/SourceSettingsSAML.ts
|
||||
msgid "Disconnect"
|
||||
msgstr "Disconnect"
|
||||
|
||||
|
@ -2058,6 +2070,10 @@ msgstr "Enrollment"
|
|||
msgid "Enrollment flow"
|
||||
msgstr "Enrollment flow"
|
||||
|
||||
#: src/flow/providers/oauth2/DeviceCode.ts
|
||||
msgid "Enter the code shown on your device."
|
||||
msgstr "Enter the code shown on your device."
|
||||
|
||||
#: src/admin/providers/saml/SAMLProviderViewPage.ts
|
||||
msgid "EntityID/Issuer"
|
||||
msgstr "EntityID/Issuer"
|
||||
|
@ -2305,6 +2321,7 @@ msgstr "Failed to delete {0}: {1}"
|
|||
|
||||
#: src/user/user-settings/sources/SourceSettingsOAuth.ts
|
||||
#: src/user/user-settings/sources/SourceSettingsPlex.ts
|
||||
#: src/user/user-settings/sources/SourceSettingsSAML.ts
|
||||
msgid "Failed to disconnected source: {exc}"
|
||||
msgstr "Failed to disconnected source: {exc}"
|
||||
|
||||
|
@ -2799,6 +2816,10 @@ msgstr "If no explicit redirect URIs are specified, the first successfully used
|
|||
#~ "If password change date is more than x days in the past, invalidate the user's password\n"
|
||||
#~ "and show a notice."
|
||||
|
||||
#: src/admin/tenants/TenantForm.ts
|
||||
msgid "If set, the OAuth Device Code profile can be used, and the selected flow will be used to enter the code."
|
||||
msgstr "If set, the OAuth Device Code profile can be used, and the selected flow will be used to enter the code."
|
||||
|
||||
#: src/admin/tenants/TenantForm.ts
|
||||
msgid "If set, users are able to configure details of their profile."
|
||||
msgstr "If set, users are able to configure details of their profile."
|
||||
|
@ -3152,6 +3173,8 @@ msgstr "Load servers"
|
|||
#: src/flow/FlowExecutor.ts
|
||||
#: src/flow/FlowExecutor.ts
|
||||
#: src/flow/FlowInspector.ts
|
||||
#: src/flow/providers/oauth2/DeviceCode.ts
|
||||
#: src/flow/providers/oauth2/DeviceCodeFinish.ts
|
||||
#: src/flow/stages/FlowErrorStage.ts
|
||||
#: src/flow/stages/access_denied/AccessDeniedStage.ts
|
||||
#: src/flow/stages/authenticator_duo/AuthenticatorDuoStage.ts
|
||||
|
@ -3228,6 +3251,7 @@ msgstr "Loading"
|
|||
#: src/admin/stages/authenticator_duo/AuthenticatorDuoStageForm.ts
|
||||
#: src/admin/stages/authenticator_duo/DuoDeviceImportForm.ts
|
||||
#: src/admin/stages/authenticator_sms/AuthenticatorSMSStageForm.ts
|
||||
#: src/admin/stages/authenticator_sms/AuthenticatorSMSStageForm.ts
|
||||
#: src/admin/stages/authenticator_static/AuthenticatorStaticStageForm.ts
|
||||
#: src/admin/stages/authenticator_totp/AuthenticatorTOTPStageForm.ts
|
||||
#: src/admin/stages/authenticator_validate/AuthenticatorValidateStageForm.ts
|
||||
|
@ -3248,6 +3272,7 @@ msgstr "Loading"
|
|||
#: src/admin/tenants/TenantForm.ts
|
||||
#: src/admin/tenants/TenantForm.ts
|
||||
#: src/admin/tenants/TenantForm.ts
|
||||
#: src/admin/tenants/TenantForm.ts
|
||||
#: src/admin/tokens/TokenForm.ts
|
||||
#: src/admin/users/UserForm.ts
|
||||
#: src/admin/users/UserResetEmailForm.ts
|
||||
|
@ -3367,6 +3392,10 @@ msgstr "Manual configuration"
|
|||
msgid "Manually configure SAML"
|
||||
msgstr "Manually configure SAML"
|
||||
|
||||
#: src/admin/stages/authenticator_sms/AuthenticatorSMSStageForm.ts
|
||||
msgid "Mapping"
|
||||
msgstr "Mapping"
|
||||
|
||||
#: src/admin/stages/user_write/UserWriteStageForm.ts
|
||||
msgid "Mark newly created users as inactive."
|
||||
msgstr "Mark newly created users as inactive."
|
||||
|
@ -3471,6 +3500,10 @@ msgstr "Model updated"
|
|||
msgid "Modern applications, APIs and Single-page applications."
|
||||
msgstr "Modern applications, APIs and Single-page applications."
|
||||
|
||||
#: src/admin/stages/authenticator_sms/AuthenticatorSMSStageForm.ts
|
||||
msgid "Modify the payload sent to the custom provider."
|
||||
msgstr "Modify the payload sent to the custom provider."
|
||||
|
||||
#:
|
||||
#~ msgid "Monitor"
|
||||
#~ msgstr "Monitor"
|
||||
|
@ -3897,8 +3930,8 @@ msgid "OIDC well-known configuration URL. Can be used to automatically configure
|
|||
msgstr "OIDC well-known configuration URL. Can be used to automatically configure the URLs above."
|
||||
|
||||
#: src/admin/admin-overview/cards/SystemStatusCard.ts
|
||||
msgid "OK"
|
||||
msgstr "OK"
|
||||
#~ msgid "OK"
|
||||
#~ msgstr "OK"
|
||||
|
||||
#: src/admin/events/EventInfo.ts
|
||||
#: src/admin/events/EventInfo.ts
|
||||
|
@ -4211,6 +4244,7 @@ msgstr "Plan history"
|
|||
msgid "Please enter the code you received via SMS"
|
||||
msgstr "Please enter the code you received via SMS"
|
||||
|
||||
#: src/flow/providers/oauth2/DeviceCode.ts
|
||||
#: src/flow/stages/authenticator_validate/AuthenticatorValidateStageCode.ts
|
||||
msgid "Please enter your Code"
|
||||
msgstr "Please enter your Code"
|
||||
|
@ -4864,6 +4898,7 @@ msgstr "Scope which the client can specify to access these properties."
|
|||
|
||||
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/admin/providers/proxy/ProxyProviderForm.ts
|
||||
#: src/admin/sources/oauth/OAuthSourceForm.ts
|
||||
#: src/elements/oauth/UserRefreshList.ts
|
||||
msgid "Scopes"
|
||||
msgstr "Scopes"
|
||||
|
@ -5589,6 +5624,7 @@ msgstr "Successfully deleted {0} {1}"
|
|||
|
||||
#: src/user/user-settings/sources/SourceSettingsOAuth.ts
|
||||
#: src/user/user-settings/sources/SourceSettingsPlex.ts
|
||||
#: src/user/user-settings/sources/SourceSettingsSAML.ts
|
||||
msgid "Successfully disconnected source"
|
||||
msgstr "Successfully disconnected source"
|
||||
|
||||
|
@ -5831,7 +5867,7 @@ msgstr "System"
|
|||
msgid "System Tasks"
|
||||
msgstr "System Tasks"
|
||||
|
||||
#: src/admin/admin-overview/AdminOverviewPage.ts
|
||||
#: src/admin/admin-overview/cards/SystemStatusCard.ts
|
||||
msgid "System status"
|
||||
msgstr "System status"
|
||||
|
||||
|
@ -6701,6 +6737,7 @@ msgstr "User mappings can only be checked if a user is already logged in when tr
|
|||
|
||||
#: src/admin/sources/oauth/OAuthSourceForm.ts
|
||||
#: src/admin/sources/plex/PlexSourceForm.ts
|
||||
#: src/admin/sources/saml/SAMLSourceForm.ts
|
||||
msgid "User matching mode"
|
||||
msgstr "User matching mode"
|
||||
|
||||
|
@ -6882,7 +6919,7 @@ msgstr "Verification Certificate"
|
|||
msgid "Verify the user's email address by sending them a one-time-link. Can also be used for recovery to verify the user's authenticity."
|
||||
msgstr "Verify the user's email address by sending them a one-time-link. Can also be used for recovery to verify the user's authenticity."
|
||||
|
||||
#: src/admin/admin-overview/AdminOverviewPage.ts
|
||||
#: src/admin/admin-overview/cards/VersionStatusCard.ts
|
||||
msgid "Version"
|
||||
msgstr "Version"
|
||||
|
||||
|
@ -7083,7 +7120,7 @@ msgstr "Whoops!"
|
|||
msgid "Windows"
|
||||
msgstr "Windows"
|
||||
|
||||
#: src/admin/admin-overview/AdminOverviewPage.ts
|
||||
#: src/admin/admin-overview/cards/WorkerStatusCard.ts
|
||||
msgid "Workers"
|
||||
msgstr "Workers"
|
||||
|
||||
|
@ -7127,6 +7164,10 @@ msgstr "Yes"
|
|||
msgid "Yes ({0})"
|
||||
msgstr "Yes ({0})"
|
||||
|
||||
#: src/flow/providers/oauth2/DeviceCodeFinish.ts
|
||||
msgid "You can close this tab now."
|
||||
msgstr "You can close this tab now."
|
||||
|
||||
#: src/admin/outposts/OutpostForm.ts
|
||||
msgid "You can only select providers that match the type of the outpost."
|
||||
msgstr "You can only select providers that match the type of the outpost."
|
||||
|
@ -7139,6 +7180,10 @@ msgstr "You're about to be redirect to the following URL."
|
|||
msgid "You're currently impersonating {0}. Click to stop."
|
||||
msgstr "You're currently impersonating {0}. Click to stop."
|
||||
|
||||
#: src/flow/providers/oauth2/DeviceCodeFinish.ts
|
||||
msgid "You've successfully authenticated your device."
|
||||
msgstr "You've successfully authenticated your device."
|
||||
|
||||
#: src/admin/providers/proxy/ProxyProviderForm.ts
|
||||
msgid "app1 running on app1.example.com"
|
||||
msgstr "app1 running on app1.example.com"
|
||||
|
|
File diff suppressed because it is too large
Load diff
File diff suppressed because it is too large
Load diff
File diff suppressed because it is too large
Load diff
|
@ -258,8 +258,8 @@ msgid "Addition User DN"
|
|||
msgstr ""
|
||||
|
||||
#: src/admin/sources/oauth/OAuthSourceForm.ts
|
||||
msgid "Additional Scope"
|
||||
msgstr ""
|
||||
#~ msgid "Additional Scope"
|
||||
#~ msgstr ""
|
||||
|
||||
#: src/admin/applications/wizard/InitialApplicationWizardPage.ts
|
||||
msgid "Additional UI settings"
|
||||
|
@ -274,7 +274,11 @@ msgid "Additional scope mappings, which are passed to the proxy."
|
|||
msgstr ""
|
||||
|
||||
#: src/admin/sources/oauth/OAuthSourceForm.ts
|
||||
msgid "Additional scopes to be passed to the OAuth Provider, separated by space."
|
||||
#~ msgid "Additional scopes to be passed to the OAuth Provider, separated by space."
|
||||
#~ msgstr ""
|
||||
|
||||
#: src/admin/sources/oauth/OAuthSourceForm.ts
|
||||
msgid "Additional scopes to be passed to the OAuth Provider, separated by space. To replace existing scopes, prefix with *."
|
||||
msgstr ""
|
||||
|
||||
#: src/admin/blueprints/BlueprintForm.ts
|
||||
|
@ -1069,6 +1073,7 @@ msgstr ""
|
|||
msgid "Close"
|
||||
msgstr ""
|
||||
|
||||
#: src/flow/providers/oauth2/DeviceCode.ts
|
||||
#: src/flow/stages/authenticator_sms/AuthenticatorSMSStage.ts
|
||||
#: src/flow/stages/authenticator_totp/AuthenticatorTOTPStage.ts
|
||||
#: src/flow/stages/authenticator_validate/AuthenticatorValidateStageCode.ts
|
||||
|
@ -1183,6 +1188,7 @@ msgstr ""
|
|||
|
||||
#: src/user/user-settings/sources/SourceSettingsOAuth.ts
|
||||
#: src/user/user-settings/sources/SourceSettingsPlex.ts
|
||||
#: src/user/user-settings/sources/SourceSettingsSAML.ts
|
||||
msgid "Connect"
|
||||
msgstr ""
|
||||
|
||||
|
@ -1266,6 +1272,7 @@ msgid "Context"
|
|||
msgstr ""
|
||||
|
||||
#: src/admin/stages/authenticator_validate/AuthenticatorValidateStageForm.ts
|
||||
#: src/flow/providers/oauth2/DeviceCode.ts
|
||||
#: src/flow/stages/authenticator_sms/AuthenticatorSMSStage.ts
|
||||
#: src/flow/stages/authenticator_sms/AuthenticatorSMSStage.ts
|
||||
#: src/flow/stages/authenticator_static/AuthenticatorStaticStage.ts
|
||||
|
@ -1743,6 +1750,10 @@ msgstr ""
|
|||
msgid "Device classes which can be used to authenticate."
|
||||
msgstr ""
|
||||
|
||||
#: src/admin/tenants/TenantForm.ts
|
||||
msgid "Device code flow"
|
||||
msgstr ""
|
||||
|
||||
#:
|
||||
#~ msgid "Device name"
|
||||
#~ msgstr ""
|
||||
|
@ -1812,6 +1823,7 @@ msgstr ""
|
|||
|
||||
#: src/user/user-settings/sources/SourceSettingsOAuth.ts
|
||||
#: src/user/user-settings/sources/SourceSettingsPlex.ts
|
||||
#: src/user/user-settings/sources/SourceSettingsSAML.ts
|
||||
msgid "Disconnect"
|
||||
msgstr ""
|
||||
|
||||
|
@ -2044,6 +2056,10 @@ msgstr ""
|
|||
msgid "Enrollment flow"
|
||||
msgstr ""
|
||||
|
||||
#: src/flow/providers/oauth2/DeviceCode.ts
|
||||
msgid "Enter the code shown on your device."
|
||||
msgstr ""
|
||||
|
||||
#: src/admin/providers/saml/SAMLProviderViewPage.ts
|
||||
msgid "EntityID/Issuer"
|
||||
msgstr ""
|
||||
|
@ -2291,6 +2307,7 @@ msgstr ""
|
|||
|
||||
#: src/user/user-settings/sources/SourceSettingsOAuth.ts
|
||||
#: src/user/user-settings/sources/SourceSettingsPlex.ts
|
||||
#: src/user/user-settings/sources/SourceSettingsSAML.ts
|
||||
msgid "Failed to disconnected source: {exc}"
|
||||
msgstr ""
|
||||
|
||||
|
@ -2783,6 +2800,10 @@ msgstr ""
|
|||
#~ "and show a notice."
|
||||
#~ msgstr ""
|
||||
|
||||
#: src/admin/tenants/TenantForm.ts
|
||||
msgid "If set, the OAuth Device Code profile can be used, and the selected flow will be used to enter the code."
|
||||
msgstr ""
|
||||
|
||||
#: src/admin/tenants/TenantForm.ts
|
||||
msgid "If set, users are able to configure details of their profile."
|
||||
msgstr ""
|
||||
|
@ -3134,6 +3155,8 @@ msgstr ""
|
|||
#: src/flow/FlowExecutor.ts
|
||||
#: src/flow/FlowExecutor.ts
|
||||
#: src/flow/FlowInspector.ts
|
||||
#: src/flow/providers/oauth2/DeviceCode.ts
|
||||
#: src/flow/providers/oauth2/DeviceCodeFinish.ts
|
||||
#: src/flow/stages/FlowErrorStage.ts
|
||||
#: src/flow/stages/access_denied/AccessDeniedStage.ts
|
||||
#: src/flow/stages/authenticator_duo/AuthenticatorDuoStage.ts
|
||||
|
@ -3210,6 +3233,7 @@ msgstr ""
|
|||
#: src/admin/stages/authenticator_duo/AuthenticatorDuoStageForm.ts
|
||||
#: src/admin/stages/authenticator_duo/DuoDeviceImportForm.ts
|
||||
#: src/admin/stages/authenticator_sms/AuthenticatorSMSStageForm.ts
|
||||
#: src/admin/stages/authenticator_sms/AuthenticatorSMSStageForm.ts
|
||||
#: src/admin/stages/authenticator_static/AuthenticatorStaticStageForm.ts
|
||||
#: src/admin/stages/authenticator_totp/AuthenticatorTOTPStageForm.ts
|
||||
#: src/admin/stages/authenticator_validate/AuthenticatorValidateStageForm.ts
|
||||
|
@ -3230,6 +3254,7 @@ msgstr ""
|
|||
#: src/admin/tenants/TenantForm.ts
|
||||
#: src/admin/tenants/TenantForm.ts
|
||||
#: src/admin/tenants/TenantForm.ts
|
||||
#: src/admin/tenants/TenantForm.ts
|
||||
#: src/admin/tokens/TokenForm.ts
|
||||
#: src/admin/users/UserForm.ts
|
||||
#: src/admin/users/UserResetEmailForm.ts
|
||||
|
@ -3349,6 +3374,10 @@ msgstr ""
|
|||
msgid "Manually configure SAML"
|
||||
msgstr ""
|
||||
|
||||
#: src/admin/stages/authenticator_sms/AuthenticatorSMSStageForm.ts
|
||||
msgid "Mapping"
|
||||
msgstr ""
|
||||
|
||||
#: src/admin/stages/user_write/UserWriteStageForm.ts
|
||||
msgid "Mark newly created users as inactive."
|
||||
msgstr ""
|
||||
|
@ -3453,6 +3482,10 @@ msgstr ""
|
|||
msgid "Modern applications, APIs and Single-page applications."
|
||||
msgstr ""
|
||||
|
||||
#: src/admin/stages/authenticator_sms/AuthenticatorSMSStageForm.ts
|
||||
msgid "Modify the payload sent to the custom provider."
|
||||
msgstr ""
|
||||
|
||||
#:
|
||||
#~ msgid "Monitor"
|
||||
#~ msgstr ""
|
||||
|
@ -3879,8 +3912,8 @@ msgid "OIDC well-known configuration URL. Can be used to automatically configure
|
|||
msgstr ""
|
||||
|
||||
#: src/admin/admin-overview/cards/SystemStatusCard.ts
|
||||
msgid "OK"
|
||||
msgstr ""
|
||||
#~ msgid "OK"
|
||||
#~ msgstr ""
|
||||
|
||||
#: src/admin/events/EventInfo.ts
|
||||
#: src/admin/events/EventInfo.ts
|
||||
|
@ -4193,6 +4226,7 @@ msgstr ""
|
|||
msgid "Please enter the code you received via SMS"
|
||||
msgstr ""
|
||||
|
||||
#: src/flow/providers/oauth2/DeviceCode.ts
|
||||
#: src/flow/stages/authenticator_validate/AuthenticatorValidateStageCode.ts
|
||||
msgid "Please enter your Code"
|
||||
msgstr ""
|
||||
|
@ -4844,6 +4878,7 @@ msgstr ""
|
|||
|
||||
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/admin/providers/proxy/ProxyProviderForm.ts
|
||||
#: src/admin/sources/oauth/OAuthSourceForm.ts
|
||||
#: src/elements/oauth/UserRefreshList.ts
|
||||
msgid "Scopes"
|
||||
msgstr ""
|
||||
|
@ -5569,6 +5604,7 @@ msgstr ""
|
|||
|
||||
#: src/user/user-settings/sources/SourceSettingsOAuth.ts
|
||||
#: src/user/user-settings/sources/SourceSettingsPlex.ts
|
||||
#: src/user/user-settings/sources/SourceSettingsSAML.ts
|
||||
msgid "Successfully disconnected source"
|
||||
msgstr ""
|
||||
|
||||
|
@ -5811,7 +5847,7 @@ msgstr ""
|
|||
msgid "System Tasks"
|
||||
msgstr ""
|
||||
|
||||
#: src/admin/admin-overview/AdminOverviewPage.ts
|
||||
#: src/admin/admin-overview/cards/SystemStatusCard.ts
|
||||
msgid "System status"
|
||||
msgstr ""
|
||||
|
||||
|
@ -6671,6 +6707,7 @@ msgstr ""
|
|||
|
||||
#: src/admin/sources/oauth/OAuthSourceForm.ts
|
||||
#: src/admin/sources/plex/PlexSourceForm.ts
|
||||
#: src/admin/sources/saml/SAMLSourceForm.ts
|
||||
msgid "User matching mode"
|
||||
msgstr ""
|
||||
|
||||
|
@ -6852,7 +6889,7 @@ msgstr ""
|
|||
msgid "Verify the user's email address by sending them a one-time-link. Can also be used for recovery to verify the user's authenticity."
|
||||
msgstr ""
|
||||
|
||||
#: src/admin/admin-overview/AdminOverviewPage.ts
|
||||
#: src/admin/admin-overview/cards/VersionStatusCard.ts
|
||||
msgid "Version"
|
||||
msgstr ""
|
||||
|
||||
|
@ -7049,7 +7086,7 @@ msgstr ""
|
|||
msgid "Windows"
|
||||
msgstr ""
|
||||
|
||||
#: src/admin/admin-overview/AdminOverviewPage.ts
|
||||
#: src/admin/admin-overview/cards/WorkerStatusCard.ts
|
||||
msgid "Workers"
|
||||
msgstr ""
|
||||
|
||||
|
@ -7091,6 +7128,10 @@ msgstr ""
|
|||
msgid "Yes ({0})"
|
||||
msgstr ""
|
||||
|
||||
#: src/flow/providers/oauth2/DeviceCodeFinish.ts
|
||||
msgid "You can close this tab now."
|
||||
msgstr ""
|
||||
|
||||
#: src/admin/outposts/OutpostForm.ts
|
||||
msgid "You can only select providers that match the type of the outpost."
|
||||
msgstr ""
|
||||
|
@ -7103,6 +7144,10 @@ msgstr ""
|
|||
msgid "You're currently impersonating {0}. Click to stop."
|
||||
msgstr ""
|
||||
|
||||
#: src/flow/providers/oauth2/DeviceCodeFinish.ts
|
||||
msgid "You've successfully authenticated your device."
|
||||
msgstr ""
|
||||
|
||||
#: src/admin/providers/proxy/ProxyProviderForm.ts
|
||||
msgid "app1 running on app1.example.com"
|
||||
msgstr ""
|
||||
|
|
File diff suppressed because it is too large
Load diff
File diff suppressed because it is too large
Load diff
File diff suppressed because it is too large
Load diff
File diff suppressed because it is too large
Load diff
|
@ -14,6 +14,9 @@ This source allows users to enroll themselves with an external OAuth-based Ident
|
|||
- Access Token URL: This value will be provided by the provider.
|
||||
- Profile URL: This URL is called by authentik to retrieve user information upon successful authentication.
|
||||
- Consumer key/Consumer secret: These values will be provided by the provider.
|
||||
- Scopes: Configure additional scopes to send to the provider.
|
||||
|
||||
Starting with authentik 2022.10, the default scopes can be replaced by prefix the value for scopes with `*`.
|
||||
|
||||
### OpenID Connect
|
||||
|
||||
|
|
Reference in a new issue