trustchain-oc1-orchestral/authentik
Archived
10
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

providers/oauth2: add user UUID as subject option (#5556)

Browse source 
* providers/oauth2: add user UUID as subject option

* Added translations for new OAuth2 subject option
This commit is contained in:
Michael OBrien 2023-05-10 08:50:13 -07:00 committed by GitHub
parent 1c04dc0986
commit eb071d4d90
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
15 changed files with 830 additions and 1026 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
authentik/providers/oauth2/id_token.py
View file

@ -26,6 +26,7 @@ class SubModes(models.TextChoices):
HASHED_USER_ID = "hashed_user_id", _("Based on the Hashed User ID") HASHED_USER_ID = "hashed_user_id", _("Based on the Hashed User ID")
USER_ID = "user_id", _("Based on user ID") USER_ID = "user_id", _("Based on user ID")
USER_UUID = "user_uuid", _("Based on user UUID")
USER_USERNAME = "user_username", _("Based on the username") USER_USERNAME = "user_username", _("Based on the username")
USER_EMAIL = ( USER_EMAIL = (
"user_email", "user_email",
@ -96,6 +97,8 @@ class IDToken:
id_token.sub = token.user.uid id_token.sub = token.user.uid
elif provider.sub_mode == SubModes.USER_ID: elif provider.sub_mode == SubModes.USER_ID:
id_token.sub = str(token.user.pk) id_token.sub = str(token.user.pk)
elif provider.sub_mode == SubModes.USER_UUID:
id_token.sub = str(token.user.uuid)
elif provider.sub_mode == SubModes.USER_EMAIL: elif provider.sub_mode == SubModes.USER_EMAIL:
id_token.sub = token.user.email id_token.sub = token.user.email
elif provider.sub_mode == SubModes.USER_USERNAME: elif provider.sub_mode == SubModes.USER_USERNAME:

4
blueprints/schema.json
View file

@ -3653,6 +3653,7 @@
"enum": [ "enum": [
"hashed_user_id", "hashed_user_id",
"user_id", "user_id",
"user_uuid",
"user_username", "user_username",
"user_email", "user_email",
"user_upn" "user_upn"
@ -3766,6 +3767,7 @@
"enum": [ "enum": [
"hashed_user_id", "hashed_user_id",
"user_id", "user_id",
"user_uuid",
"user_username", "user_username",
"user_email", "user_email",
"user_upn" "user_upn"
@ -3957,6 +3959,7 @@
"enum": [ "enum": [
"hashed_user_id", "hashed_user_id",
"user_id", "user_id",
"user_uuid",
"user_username", "user_username",
"user_email", "user_email",
"user_upn" "user_upn"
@ -4152,6 +4155,7 @@
"enum": [ "enum": [
"hashed_user_id", "hashed_user_id",
"user_id", "user_id",
"user_uuid",
"user_username", "user_username",
"user_email", "user_email",
"user_upn" "user_upn"

10
locale/en/LC_MESSAGES/django.po
View file

@ -8,7 +8,7 @@ msgid ""
msgstr "" msgstr ""
"Project-Id-Version: PACKAGE VERSION\n" "Project-Id-Version: PACKAGE VERSION\n"
"Report-Msgid-Bugs-To: \n" "Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2023-05-08 14:23+0000\n" "POT-Creation-Date: 2023-05-09 18:53+0000\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n" "Language-Team: LANGUAGE <LL@li.org>\n"
@ -880,14 +880,18 @@ msgid "Based on user ID"
msgstr "" msgstr ""
#: authentik/providers/oauth2/id_token.py:29 #: authentik/providers/oauth2/id_token.py:29
msgid "Based on user UUID"
msgstr ""
#: authentik/providers/oauth2/id_token.py:30
msgid "Based on the username" msgid "Based on the username"
msgstr "" msgstr ""
#: authentik/providers/oauth2/id_token.py:32 #: authentik/providers/oauth2/id_token.py:33
msgid "Based on the User's Email. This is recommended over the UPN method." msgid "Based on the User's Email. This is recommended over the UPN method."
msgstr "" msgstr ""
#: authentik/providers/oauth2/id_token.py:37 #: authentik/providers/oauth2/id_token.py:38
msgid "" msgid ""
"Based on the User's UPN, only works if user has a 'upn' attribute set. Use " "Based on the User's UPN, only works if user has a 'upn' attribute set. Use "
"this method only if you have different UPN and Mail domains." "this method only if you have different UPN and Mail domains."

7
schema.yml
View file

@ -14893,11 +14893,13 @@ paths:
- user_id - user_id
- user_upn - user_upn
- user_username - user_username
- user_uuid
description: |- description: |-
Configure what data should be used as unique User Identifier. For most cases, the default should be fine. Configure what data should be used as unique User Identifier. For most cases, the default should be fine.
* `hashed_user_id` - Based on the Hashed User ID * `hashed_user_id` - Based on the Hashed User ID
* `user_id` - Based on user ID * `user_id` - Based on user ID
* `user_uuid` - Based on user UUID
* `user_username` - Based on the username * `user_username` - Based on the username
* `user_email` - Based on the User's Email. This is recommended over the UPN method. * `user_email` - Based on the User's Email. This is recommended over the UPN method.
* `user_upn` - Based on the User's UPN, only works if user has a 'upn' attribute set. Use this method only if you have different UPN and Mail domains. * `user_upn` - Based on the User's UPN, only works if user has a 'upn' attribute set. Use this method only if you have different UPN and Mail domains.
@ -31547,6 +31549,7 @@ components:
* `hashed_user_id` - Based on the Hashed User ID * `hashed_user_id` - Based on the Hashed User ID
* `user_id` - Based on user ID * `user_id` - Based on user ID
* `user_uuid` - Based on user UUID
* `user_username` - Based on the username * `user_username` - Based on the username
* `user_email` - Based on the User's Email. This is recommended over the UPN method. * `user_email` - Based on the User's Email. This is recommended over the UPN method.
* `user_upn` - Based on the User's UPN, only works if user has a 'upn' attribute set. Use this method only if you have different UPN and Mail domains. * `user_upn` - Based on the User's UPN, only works if user has a 'upn' attribute set. Use this method only if you have different UPN and Mail domains.
@ -31651,6 +31654,7 @@ components:
* `hashed_user_id` - Based on the Hashed User ID * `hashed_user_id` - Based on the Hashed User ID
* `user_id` - Based on user ID * `user_id` - Based on user ID
* `user_uuid` - Based on user UUID
* `user_username` - Based on the username * `user_username` - Based on the username
* `user_email` - Based on the User's Email. This is recommended over the UPN method. * `user_email` - Based on the User's Email. This is recommended over the UPN method.
* `user_upn` - Based on the User's UPN, only works if user has a 'upn' attribute set. Use this method only if you have different UPN and Mail domains. * `user_upn` - Based on the User's UPN, only works if user has a 'upn' attribute set. Use this method only if you have different UPN and Mail domains.
@ -36546,6 +36550,7 @@ components:
* `hashed_user_id` - Based on the Hashed User ID * `hashed_user_id` - Based on the Hashed User ID
* `user_id` - Based on user ID * `user_id` - Based on user ID
* `user_uuid` - Based on user UUID
* `user_username` - Based on the username * `user_username` - Based on the username
* `user_email` - Based on the User's Email. This is recommended over the UPN method. * `user_email` - Based on the User's Email. This is recommended over the UPN method.
* `user_upn` - Based on the User's UPN, only works if user has a 'upn' attribute set. Use this method only if you have different UPN and Mail domains. * `user_upn` - Based on the User's UPN, only works if user has a 'upn' attribute set. Use this method only if you have different UPN and Mail domains.
@ -40466,6 +40471,7 @@ components:
enum: enum:
- hashed_user_id - hashed_user_id
- user_id - user_id
- user_uuid
- user_username - user_username
- user_email - user_email
- user_upn - user_upn
@ -40473,6 +40479,7 @@ components:
description: |- description: |-
* `hashed_user_id` - Based on the Hashed User ID * `hashed_user_id` - Based on the Hashed User ID
* `user_id` - Based on user ID * `user_id` - Based on user ID
* `user_uuid` - Based on user UUID
* `user_username` - Based on the username * `user_username` - Based on the username
* `user_email` - Based on the User's Email. This is recommended over the UPN method. * `user_email` - Based on the User's Email. This is recommended over the UPN method.
* `user_upn` - Based on the User's UPN, only works if user has a 'upn' attribute set. Use this method only if you have different UPN and Mail domains. * `user_upn` - Based on the User's UPN, only works if user has a 'upn' attribute set. Use this method only if you have different UPN and Mail domains.

4
web/src/admin/providers/oauth2/OAuth2ProviderForm.ts
View file

@ -378,6 +378,10 @@ ${this.instance?.redirectUris}</textarea
label: t`Based on the User's ID`, label: t`Based on the User's ID`,
value: SubModeEnum.UserId, value: SubModeEnum.UserId,
}, },
{
label: t`Based on the User's UUID`,
value: SubModeEnum.UserUuid,
},
{ {
label: t`Based on the User's username`, label: t`Based on the User's username`,
value: SubModeEnum.UserUsername, value: SubModeEnum.UserUsername,

4
web/src/locales/de.po
View file

@ -988,6 +988,10 @@ msgstr ""
msgid "Based on the User's username" msgid "Based on the User's username"
msgstr "" msgstr ""
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
msgid "Based on the User's UUID"
msgstr ""
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts #: src/admin/providers/oauth2/OAuth2ProviderForm.ts
#~ msgid "Based on the username" #~ msgid "Based on the username"
#~ msgstr "Basierend auf dem Benutzernamen" #~ msgstr "Basierend auf dem Benutzernamen"

4
web/src/locales/en.po
View file

@ -980,6 +980,10 @@ msgstr "Based on the User's UPN"
msgid "Based on the User's username" msgid "Based on the User's username"
msgstr "Based on the User's username" msgstr "Based on the User's username"
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
msgid "Based on the User's UUID"
msgstr "Based on the User's UUID"
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts #: src/admin/providers/oauth2/OAuth2ProviderForm.ts
#~ msgid "Based on the username" #~ msgid "Based on the username"
#~ msgstr "Based on the username" #~ msgstr "Based on the username"

4
web/src/locales/es.po
View file

@ -966,6 +966,10 @@ msgstr ""
msgid "Based on the User's username" msgid "Based on the User's username"
msgstr "" msgstr ""
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
msgid "Based on the User's UUID"
msgstr ""
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts #: src/admin/providers/oauth2/OAuth2ProviderForm.ts
#~ msgid "Based on the username" #~ msgid "Based on the username"
#~ msgstr "Basado en el nombre de usuario" #~ msgstr "Basado en el nombre de usuario"

4
web/src/locales/fr_FR.po
View file

@ -971,6 +971,10 @@ msgstr ""
msgid "Based on the User's username" msgid "Based on the User's username"
msgstr "" msgstr ""
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
msgid "Based on the User's UUID"
msgstr ""
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts #: src/admin/providers/oauth2/OAuth2ProviderForm.ts
#~ msgid "Based on the username" #~ msgid "Based on the username"
#~ msgstr "Basé sur le nom d'utilisateur" #~ msgstr "Basé sur le nom d'utilisateur"

4
web/src/locales/pl.po
View file

@ -970,6 +970,10 @@ msgstr ""
msgid "Based on the User's username" msgid "Based on the User's username"
msgstr "" msgstr ""
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
msgid "Based on the User's UUID"
msgstr ""
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts #: src/admin/providers/oauth2/OAuth2ProviderForm.ts
#~ msgid "Based on the username" #~ msgid "Based on the username"
#~ msgstr "Na podstawie nazwy użytkownika" #~ msgstr "Na podstawie nazwy użytkownika"

4
web/src/locales/pseudo-LOCALE.po
View file

@ -972,6 +972,10 @@ msgstr ""
msgid "Based on the User's username" msgid "Based on the User's username"
msgstr "" msgstr ""
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
msgid "Based on the User's UUID"
msgstr ""
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts #: src/admin/providers/oauth2/OAuth2ProviderForm.ts
#~ msgid "Based on the username" #~ msgid "Based on the username"
#~ msgstr "" #~ msgstr ""

4
web/src/locales/tr.po
View file

@ -966,6 +966,10 @@ msgstr ""
msgid "Based on the User's username" msgid "Based on the User's username"
msgstr "" msgstr ""
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
msgid "Based on the User's UUID"
msgstr ""
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts #: src/admin/providers/oauth2/OAuth2ProviderForm.ts
#~ msgid "Based on the username" #~ msgid "Based on the username"
#~ msgstr "Kullanıcı adına göre" #~ msgstr "Kullanıcı adına göre"

1792
web/src/locales/zh-Hans.po
View file

File diff suppressed because it is too large Load diff

4
web/src/locales/zh-Hant.po
View file

@ -972,6 +972,10 @@ msgstr ""
msgid "Based on the User's username" msgid "Based on the User's username"
msgstr "" msgstr ""
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
msgid "Based on the User's UUID"
msgstr ""
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts #: src/admin/providers/oauth2/OAuth2ProviderForm.ts
#~ msgid "Based on the username" #~ msgid "Based on the username"
#~ msgstr "基于用户名" #~ msgstr "基于用户名"

4
web/src/locales/zh_TW.po
View file

@ -972,6 +972,10 @@ msgstr ""
msgid "Based on the User's username" msgid "Based on the User's username"
msgstr "" msgstr ""
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
msgid "Based on the User's UUID"
msgstr ""
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts #: src/admin/providers/oauth2/OAuth2ProviderForm.ts
#~ msgid "Based on the username" #~ msgid "Based on the username"
#~ msgstr "基于用户名" #~ msgstr "基于用户名"