509b502d3c
providers/oauth2: offline access ( #8026 )
...
* improve scope check (log when application requests non-configured scopes)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add offline_access special scope
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* ensure scope is set
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* update tests for refresh tokens
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* special handling of scopes for github compat
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix spec
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* attempt to fix oidc tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* remove hardcoded slug
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* check scope from authorization code instead of request
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix injection for consent stage checking incorrectly
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2024-01-04 19:57:11 +01:00
240cf6dd94
enterprise/providers: Add RAC [AUTH-15] ( #7291 )
...
* add basic guacamole
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* make everything mostly work
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add rac build to CI
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix resize, fix web lint, sendSize correctly
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* pre-send connection from client, format
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* improve throughput
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* cleanup
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* rework TokenOutpostConsumer into middleware
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix some layout issues
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add outpost controllers
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* start testing audio things
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix a bunch of things
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add deps
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix to work with outpost group
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add simple loadbalancing
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add simple reconnect
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* show reconnecting text
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix error when checking ports
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* move to providers
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add flow check to interface
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix go lint
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix rac app label
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix audio
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add logging
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* cleanup
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* allow overriding all settings
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix duplicate keyboard, debug high DPI
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* re-add deps
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix lint
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix missing __init__.py breaking model loading
I love python
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* bump successful ws connection to info
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* hide cursor since guac draws that
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add clipboard support (bidirectional)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* make codespell not want to break the code
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* run pr comment in separate task
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* start endpoint and property mapping stuff
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* more endpoint things
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* unrelated: fix event model_pk filtering with ints
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* unrelated: improve event display for changelog
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* rebuild endpoint stuff again
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* idk special url
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* more stuff, connect token with session
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add disconnect
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* rework disconnect
cleanly disconnect from guacd instead of just letting the connection timeout
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* clear cache when creating outpost
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* support host:port and fix protocol
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* center smaller viewport
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* rework connection to wait more and stop after some time
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add policy control to endpoints
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* remove provider protocol
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* don't switch to different outpost connection when already chosen
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* start using property mappings, add static settings
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add some RAC mapping settings
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix lint
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* start adding tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add tests for event changes
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add tests and fix issues found by said tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add preview banner, move endpoints to main page
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add locale
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* auto-select endpoint if only one is available
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* backport https://github.com/goauthentik/authentik/pull/7831 to rac
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* dont select property mappings on endpoints
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* make table modal only load when opened
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* only auto-redirect when open
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix web deps
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* check for token expiry and terminate session
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* re-add endpoint name to title
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* disconnect connection when token is manually deleted
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add initial RAC docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add connection expiry setting to provider
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix flaky tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-12-30 21:33:14 +01:00
d535a82372
core: fix PropertyMapping context not being available in request context
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-12-23 02:55:49 +01:00
9a261c52d1
providers/oauth2: remember session_id from initial token ( #7976 )
...
* providers/oauth2: remember session_id original token was created with for future access/refresh tokens
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* providers/proxy: use hashed session as `sid`
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-12-23 00:53:05 +01:00
ba174d810b
providers/scim: change familyName default ( #7904 )
...
* Update providers-scim.yaml
Signed-off-by: Antoine <antoine+github@jiveoff.fr>
* fix: add formatted to match the givenName & familyName
Signed-off-by: Antoine <antoine+github@jiveoff.fr>
* fix, update tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Antoine <antoine+github@jiveoff.fr>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Antoine <antoine+github@jiveoff.fr>
2023-12-18 16:52:34 +01:00
261879022d
security: fix oobe-flow reuse when akadmin is deleted ( #7361 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-10-28 21:24:06 +02:00
4db365c947
providers/proxy: improve SLO by backchannel logging out sessions ( #7099 )
...
* outposts: add support for provider-specific websocket messages
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* providers/proxy: add custom signal on logout to logout in provider
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-10-09 01:06:52 +02:00
90aa5409cd
sources/ldap: add default property mapping to mirror directory structure ( #6990 )
...
* sources/ldap: add default property mapping to mirror directory structure
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* adjust name
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-09-26 18:55:33 +02:00
42c21da8b6
blueprints: fix blueprint importer logging potentially sensitive data ( #6567 )
2023-08-18 00:33:26 +01:00
10b0c84d97
root: migrate bootstrap to blueprints ( #6433 )
...
* remove old bootstrap
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add meta model to set user password
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* ensure KeyOf works with objects in the state of created that already exist
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* migrate
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add support for shorter form !If tag
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* allow !Context to resolve other yaml tags
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* don't require serializer to be valid for deleting an object
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix check if a model is being created
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* remove duplicate way to set password
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* migrate token
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* only change what is required with migrations
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add description
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix admin status
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* expand tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* don't require bootstrap in events to fix ci?
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-07-31 19:34:46 +02:00
f4b0d6e85c
providers/scim: default to None for fields instead of empty list ( #5642 )
...
* providers/scim: default to None for fields instead of empty list
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* make name of delete_none_keys clearer
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-05-17 00:25:28 +02:00
1d2725825c
providers/scim: add missing default fields ( #5108 )
...
* providers/scim: add missing default fields
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
#4554
* update tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-03-28 14:42:52 +02:00
28ddeb124f
providers: SCIM ( #4835 )
...
* basic user sync
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add group sync and some refactor
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* start API
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* allow null authorization flow
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add UI
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* make task monitored
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add missing dependency
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* make authorization_flow required for most providers via API
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* more UI
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* make task result better readable, exclude anonymous user
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add task UI
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add scheduled task for all sync
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* make scim errors more readable
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add mappings, migrate to mappings
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add mapping UI and more
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add scim docs to web
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* start implementing membership
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* migrate signals to tasks
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* migrate fully to tasks
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* strip none keys, fix lint errors
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix things
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* start adding tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix saml
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add scim schemas and validate against it
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* improve error handling
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add group put support, add group tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* send correct application/scim+json headers
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* stop sync if no mappings are confiugred
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add test for task sync
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add membership tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* use decorator for tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* make tests better
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-03-06 19:39:08 +01:00
80f4fccd35
providers/oauth2: OpenID conformance ( #4758 )
...
* don't open inspector by default when debug is enabled
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* encode error in fragment when using hybrid grant_type
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* require nonce for all response_types that get an id_token from the authorization endpoint
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* don't set empty family_name
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* only set at_hash when response has token
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* cleaner way to get login time
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* remove authentication requirement from authentication flow
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* use wrapper
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix auth_time not being handled correctly
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* minor cleanup
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add test files
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* remove USER_LOGIN_AUTHENTICATED
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* rework prompt=login handling
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* also set last login uid for max_age check to prevent double login when max_age and prompt=login is set
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-23 15:26:41 +01:00
fb08e1db2b
web/flows: only show permission ids if we have to, hide them if permission list has permissions with description
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-15 16:42:54 +02:00
a520a60c82
blueprints: lowercase system blueprints' models
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-08 20:38:42 +02:00
d1004e3798
blueprints: webui ( #3356 )
2022-08-03 00:05:49 +02:00
a023eee9bf
blueprints: migrate from managed ( #3338 )
...
* test all bundled blueprints
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix empty title
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix default blueprints
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add script to generate dev config
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* migrate managed to blueprints
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add more to blueprint instance
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* migrated away from ObjectManager
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix lint errors
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* migrate things
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* migrate tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix some tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix a bit more
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix more tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* whops
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix missing name
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* *sigh*
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix more tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add tasks
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* scheduled
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* run discovery on start
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* oops this test should stay
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-01 23:05:58 +02:00
Jens L
Jens L