80f4fccd35
* don't open inspector by default when debug is enabled Signed-off-by: Jens Langhammer <jens@goauthentik.io> * encode error in fragment when using hybrid grant_type Signed-off-by: Jens Langhammer <jens@goauthentik.io> * require nonce for all response_types that get an id_token from the authorization endpoint Signed-off-by: Jens Langhammer <jens@goauthentik.io> * don't set empty family_name Signed-off-by: Jens Langhammer <jens@goauthentik.io> * only set at_hash when response has token Signed-off-by: Jens Langhammer <jens@goauthentik.io> * cleaner way to get login time Signed-off-by: Jens Langhammer <jens@goauthentik.io> * remove authentication requirement from authentication flow Signed-off-by: Jens Langhammer <jens@goauthentik.io> * use wrapper Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix auth_time not being handled correctly Signed-off-by: Jens Langhammer <jens@goauthentik.io> * minor cleanup Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add test files Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * remove USER_LOGIN_AUTHENTICATED Signed-off-by: Jens Langhammer <jens@goauthentik.io> * rework prompt=login handling Signed-off-by: Jens Langhammer <jens@goauthentik.io> * also set last login uid for max_age check to prevent double login when max_age and prompt=login is set Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>
65 lines
1.9 KiB
YAML
65 lines
1.9 KiB
YAML
version: 1
|
|
metadata:
|
|
name: Default - Authentication flow
|
|
entries:
|
|
- model: authentik_blueprints.metaapplyblueprint
|
|
attrs:
|
|
identifiers:
|
|
name: Default - Password change flow
|
|
required: false
|
|
- attrs:
|
|
designation: authentication
|
|
name: Welcome to authentik!
|
|
title: Welcome to authentik!
|
|
authentication: none
|
|
identifiers:
|
|
slug: default-authentication-flow
|
|
model: authentik_flows.flow
|
|
id: flow
|
|
- attrs:
|
|
backends:
|
|
- authentik.core.auth.InbuiltBackend
|
|
- authentik.sources.ldap.auth.LDAPBackend
|
|
- authentik.core.auth.TokenBackend
|
|
configure_flow: !Find [authentik_flows.flow, [slug, default-password-change]]
|
|
identifiers:
|
|
name: default-authentication-password
|
|
id: default-authentication-password
|
|
model: authentik_stages_password.passwordstage
|
|
- identifiers:
|
|
name: default-authentication-mfa-validation
|
|
id: default-authentication-mfa-validation
|
|
model: authentik_stages_authenticator_validate.authenticatorvalidatestage
|
|
- attrs:
|
|
user_fields:
|
|
- email
|
|
- username
|
|
identifiers:
|
|
name: default-authentication-identification
|
|
id: default-authentication-identification
|
|
model: authentik_stages_identification.identificationstage
|
|
- identifiers:
|
|
name: default-authentication-login
|
|
id: default-authentication-login
|
|
model: authentik_stages_user_login.userloginstage
|
|
- identifiers:
|
|
order: 10
|
|
stage: !KeyOf default-authentication-identification
|
|
target: !KeyOf flow
|
|
model: authentik_flows.flowstagebinding
|
|
- identifiers:
|
|
order: 20
|
|
stage: !KeyOf default-authentication-password
|
|
target: !KeyOf flow
|
|
model: authentik_flows.flowstagebinding
|
|
- identifiers:
|
|
order: 30
|
|
stage: !KeyOf default-authentication-mfa-validation
|
|
target: !KeyOf flow
|
|
model: authentik_flows.flowstagebinding
|
|
- identifiers:
|
|
order: 100
|
|
stage: !KeyOf default-authentication-login
|
|
target: !KeyOf flow
|
|
model: authentik_flows.flowstagebinding
|