website/docs: add duo docs

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

web/src/flows/FlowExecutor.ts

@@ -26,7 +26,7 @@ import "./stages/password/PasswordStage";
 import "./stages/prompt/PromptStage";
 import "./sources/plex/PlexLoginInit";
 import { StageHost } from "./stages/base";
-import { ChallengeChoices, ChallengeResponseRequest, Config, FlowsApi, RedirectChallenge, ShellChallenge } from "authentik-api";
+import { ChallengeChoices, Config, FlowsApi, RedirectChallenge, ShellChallenge } from "authentik-api";
 import { config, DEFAULT_CONFIG } from "../api/Config";
 import { ifDefined } from "lit-html/directives/if-defined";
 import { until } from "lit-html/directives/until";
@@ -97,7 +97,7 @@ export class FlowExecutor extends LitElement implements StageHost {
         });
     }
 
-    submit(payload: ChallengeResponseRequest): Promise<void> {
+    submit(payload: FlowChallengeResponseRequest): Promise<void> {
         // @ts-ignore
         payload.component = this.challenge?.component;
         console.log(payload);

web/src/locales/en.po

@@ -584,7 +584,6 @@ msgstr "Click to copy token"
 #: src/pages/providers/oauth2/OAuth2ProviderForm.ts
 #: src/pages/providers/oauth2/OAuth2ProviderViewPage.ts
 #: src/pages/sources/plex/PlexSourceForm.ts
-#: src/pages/stages/authenticator_duo/AuthenticatorDuoStageForm.ts
 msgid "Client ID"
 msgstr "Client ID"
 
@@ -596,7 +595,6 @@ msgid "Client IP"
 msgstr "Client IP"
 
 #: src/pages/providers/oauth2/OAuth2ProviderForm.ts
-#: src/pages/stages/authenticator_duo/AuthenticatorDuoStageForm.ts
 msgid "Client Secret"
 msgstr "Client Secret"
 
@@ -1703,6 +1701,10 @@ msgstr "Include User claims from scopes in the id_token, for applications that d
 msgid "Include claims in id_token"
 msgstr "Include claims in id_token"
 
+#: src/pages/stages/authenticator_duo/AuthenticatorDuoStageForm.ts
+msgid "Integration key"
+msgstr "Integration key"
+
 #: src/pages/providers/proxy/ProxyProviderViewPage.ts
 msgid "Internal Host"
 msgstr "Internal Host"
@@ -2854,6 +2856,10 @@ msgstr "Scopes"
 msgid "Search..."
 msgstr "Search..."
 
+#: src/pages/stages/authenticator_duo/AuthenticatorDuoStageForm.ts
+msgid "Secret key"
+msgstr "Secret key"
+
 #: src/pages/events/EventInfo.ts
 msgid "Secret:"
 msgstr "Secret:"

web/src/locales/pseudo-LOCALE.po

@@ -578,7 +578,6 @@ msgstr ""
 #: 
 #: 
 #: 
-#: 
 msgid "Client ID"
 msgstr ""
 
@@ -589,7 +588,6 @@ msgstr ""
 msgid "Client IP"
 msgstr ""
 
-#: 
 #: 
 msgid "Client Secret"
 msgstr ""
@@ -1695,6 +1693,10 @@ msgstr ""
 msgid "Include claims in id_token"
 msgstr ""
 
+#: 
+msgid "Integration key"
+msgstr ""
+
 #: 
 msgid "Internal Host"
 msgstr ""
@@ -2846,6 +2848,10 @@ msgstr ""
 msgid "Search..."
 msgstr ""
 
+#: 
+msgid "Secret key"
+msgstr ""
+
 #: 
 msgid "Secret:"
 msgstr ""

web/src/pages/stages/authenticator_duo/AuthenticatorDuoStageForm.ts

@@ -57,13 +57,13 @@ export class AuthenticatorDuoStageForm extends ModelForm<AuthenticatorDuoStage,
                 </span>
                 <div slot="body" class="pf-c-form">
                     <ak-form-element-horizontal
-                        label=${t`Client ID`}
+                        label=${t`Integration key`}
                         ?required=${true}
                         name="clientId">
                         <input type="text" value="${first(this.instance?.clientId, "")}" class="pf-c-form-control" required>
                     </ak-form-element-horizontal>
                     <ak-form-element-horizontal
-                        label=${t`Client Secret`}
+                        label=${t`Secret key`}
                         ?required=${true}
                         ?writeOnly=${this.instance !== undefined}
                         name="clientSecret">

website/docs/flow/stages/authenticator_duo/index.md

@@ -0,0 +1,11 @@
+---
+title: Duo Authentication Setup stage
+---
+
+This stage configures a Duo authenticator. To get the API Credentials for this stage, open your Duo Admin dashboard.
+
+Go to Applications, click on Protect an Application and search for "Auth API". Click on Protect.
+
+Copy all of the integration key, secret key and API hostname, and paste them in the Stage form.
+
+Devices created reference the stage they were created with, since the API credentials are needed to authenticate. This also means when the stage is deleted, all devices are removed.

website/sidebars.js

@@ -50,6 +50,7 @@ module.exports = {
             type: "category",
             label: "Stages",
             items: [
+                "flow/stages/authenticator_duo/index",
                 "flow/stages/authenticator_static/index",
                 "flow/stages/authenticator_totp/index",
                 "flow/stages/authenticator_validate/index",