habsi/authentik
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

providers: allow previewing mappings for other users (#8297)

Browse Source 
* rework access check to do better validation

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* providers: allow previewing mappings for other users

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix ui

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* Revert "rework access check to do better validation"

This reverts commit 81077a7e7b.

* prepare

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
This commit is contained in:
Jens L
2024-01-29 13:58:51 +01:00
committed by GitHub
parent 09873558ae
commit 0c4dee8f9f
22 changed files with 309 additions and 95 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
authentik/core/migrations/0033_alter_user_options.py Normal file
View File

@ -0,0 +1,27 @@
# Generated by Django 5.0.1 on 2024-01-29 12:50
from django.db import migrations
class Migration(migrations.Migration):
dependencies = [
("authentik_core", "0032_group_roles"),
]
operations = [
migrations.AlterModelOptions(
name="user",
options={
"permissions": [
("reset_user_password", "Reset Password"),
("impersonate", "Can impersonate other users"),
("assign_user_permissions", "Can assign permissions to users"),
("unassign_user_permissions", "Can unassign permissions from users"),
("preview_user", "Can preview user data sent to providers"),
("view_user_applications", "View applications the user has access to"),
],
"verbose_name": "User",
"verbose_name_plural": "Users",
},
),
]

2
authentik/core/models.py
View File

@ -284,6 +284,8 @@ class User(SerializerModel, GuardianUserMixin, AbstractUser):
("impersonate", _("Can impersonate other users")),
("assign_user_permissions", _("Can assign permissions to users")),
("unassign_user_permissions", _("Can unassign permissions from users")),
("preview_user", _("Can preview user data sent to providers")),
("view_user_applications", _("View applications the user has access to")),
]
authentik_signals_ignored_fields = [
# Logged by the events `password_set`

33
authentik/providers/oauth2/api/providers.py
View File

@ -1,8 +1,13 @@
"""OAuth2Provider API Views"""
from copy import copy
from django.urls import reverse
from django.utils import timezone
from drf_spectacular.utils import OpenApiResponse, extend_schema
from drf_spectacular.types import OpenApiTypes
from drf_spectacular.utils import OpenApiParameter, OpenApiResponse, extend_schema
from guardian.shortcuts import get_objects_for_user
from rest_framework.decorators import action
from rest_framework.exceptions import ValidationError
from rest_framework.fields import CharField
from rest_framework.generics import get_object_or_404
from rest_framework.request import Request
@ -141,23 +146,45 @@ class OAuth2ProviderViewSet(UsedByMixin, ModelViewSet):
200: PropertyMappingPreviewSerializer(),
400: OpenApiResponse(description="Bad request"),
},
parameters=[
OpenApiParameter(
name="for_user",
location=OpenApiParameter.QUERY,
type=OpenApiTypes.INT,
)
],
)
@action(detail=True, methods=["GET"])
def preview_user(self, request: Request, pk: int) -> Response:
"""Preview user data for provider"""
provider: OAuth2Provider = self.get_object()
for_user = request.user
if "for_user" in request.query_params:
try:
for_user = (
get_objects_for_user(request.user, "authentik_core.preview_user")
.filter(pk=request.query_params.get("for_user"))
.first()
)
if not for_user:
raise ValidationError({"for_user": "User not found"})
except ValueError:
raise ValidationError({"for_user": "input must be numerical"})
scope_names = ScopeMapping.objects.filter(provider=provider).values_list(
"scope_name", flat=True
)
new_request = copy(request._request)
new_request.user = for_user
temp_token = IDToken.new(
provider,
AccessToken(
user=request.user,
user=for_user,
provider=provider,
_scope=" ".join(scope_names),
auth_time=timezone.now(),
),
request,
new_request,
)
serializer = PropertyMappingPreviewSerializer(instance={"preview": temp_token.to_dict()})
return Response(serializer.data)

27
authentik/providers/saml/api/providers.py
View File

@ -1,4 +1,5 @@
"""SAMLProvider API Views"""
from copy import copy
from xml.etree.ElementTree import ParseError # nosec
from defusedxml.ElementTree import fromstring
@ -9,6 +10,7 @@ from django.urls import reverse
from django.utils.translation import gettext_lazy as _
from drf_spectacular.types import OpenApiTypes
from drf_spectacular.utils import OpenApiParameter, OpenApiResponse, extend_schema
from guardian.shortcuts import get_objects_for_user
from rest_framework.decorators import action
from rest_framework.fields import CharField, FileField, SerializerMethodField
from rest_framework.parsers import MultiPartParser
@ -277,12 +279,35 @@ class SAMLProviderViewSet(UsedByMixin, ModelViewSet):
200: PropertyMappingPreviewSerializer(),
400: OpenApiResponse(description="Bad request"),
},
parameters=[
OpenApiParameter(
name="for_user",
location=OpenApiParameter.QUERY,
type=OpenApiTypes.INT,
)
],
)
@action(detail=True, methods=["GET"])
def preview_user(self, request: Request, pk: int) -> Response:
"""Preview user data for provider"""
provider: SAMLProvider = self.get_object()
processor = AssertionProcessor(provider, request._request, AuthNRequest())
for_user = request.user
if "for_user" in request.query_params:
try:
for_user = (
get_objects_for_user(request.user, "authentik_core.preview_user")
.filter(pk=request.query_params.get("for_user"))
.first()
)
if not for_user:
raise ValidationError({"for_user": "User not found"})
except ValueError:
raise ValidationError({"for_user": "input must be numerical"})
new_request = copy(request._request)
new_request.user = for_user
processor = AssertionProcessor(provider, new_request, AuthNRequest())
attributes = processor.get_attributes()
name_id = processor.get_name_id()
data = []

16
schema.yml
View File

@ -2931,14 +2931,8 @@ paths:
schema:
$ref: '#/components/schemas/PolicyTestResult'
description: ''
'404':
description: for_user user not found
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
description: Bad request
'403':
content:
application/json:
@ -16042,6 +16036,10 @@ paths:
operationId: providers_oauth2_preview_user_retrieve
description: Preview user data for provider
parameters:
- in: query
name: for_user
schema:
type: integer
- in: path
name: id
schema:
@ -17409,6 +17407,10 @@ paths:
operationId: providers_saml_preview_user_retrieve
description: Preview user data for provider
parameters:
- in: query
name: for_user
schema:
type: integer
- in: path
name: id
schema:

68
web/src/admin/providers/oauth2/OAuth2ProviderViewPage.ts
View File

@ -1,5 +1,6 @@
import "@goauthentik/admin/providers/RelatedApplicationButton";
import "@goauthentik/admin/providers/oauth2/OAuth2ProviderForm";
import renderDescriptionList from "@goauthentik/app/components/DescriptionList";
import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
import { EVENT_REFRESH } from "@goauthentik/common/constants";
import { convertToTitle } from "@goauthentik/common/utils";
@ -30,11 +31,14 @@ import PFGrid from "@patternfly/patternfly/layouts/Grid/grid.css";
import PFBase from "@patternfly/patternfly/patternfly-base.css";
import {
CoreApi,
CoreUsersListRequest,
OAuth2Provider,
OAuth2ProviderSetupURLs,
PropertyMappingPreview,
ProvidersApi,
RbacPermissionsAssignedByUsersListModelEnum,
User,
} from "@goauthentik/api";
@customElement("ak-provider-oauth2-view")
@ -59,6 +63,9 @@ export class OAuth2ProviderViewPage extends AKElement {
@state()
preview?: PropertyMappingPreview;
@state()
previewUser?: User;
static get styles(): CSSResult[] {
return [
PFBase,
@ -83,6 +90,15 @@ export class OAuth2ProviderViewPage extends AKElement {
});
}
fetchPreview(): void {
new ProvidersApi(DEFAULT_CONFIG)
.providersOauth2PreviewUserRetrieve({
id: this.provider?.pk || 0,
forUser: this.previewUser?.pk,
})
.then((preview) => (this.preview = preview));
}
render(): TemplateResult {
if (!this.provider) {
return html``;
@ -107,11 +123,7 @@ export class OAuth2ProviderViewPage extends AKElement {
slot="page-preview"
data-tab-title="${msg("Preview")}"
@activate=${() => {
new ProvidersApi(DEFAULT_CONFIG)
.providersOauth2PreviewUserRetrieve({
id: this.provider?.pk || 0,
})
.then((preview) => (this.preview = preview));
this.fetchPreview();
}}
>
${this.renderTabPreview()}
@ -354,8 +366,50 @@ export class OAuth2ProviderViewPage extends AKElement {
class="pf-c-page__main-section pf-m-no-padding-mobile pf-l-grid pf-m-gutter"
>
<div class="pf-c-card">
<div class="pf-c-card__title">
${msg("Example JWT payload (for currently authenticated user)")}
<div class="pf-c-card__title">${msg("JWT payload")}</div>
<div class="pf-c-card__body">
${renderDescriptionList(
[
[
msg("Preview for user"),
html`
<ak-search-select
.fetchObjects=${async (query?: string): Promise<User[]> => {
const args: CoreUsersListRequest = {
ordering: "username",
};
if (query !== undefined) {
args.search = query;
}
const users = await new CoreApi(
DEFAULT_CONFIG,
).coreUsersList(args);
return users.results;
}}
.renderElement=${(user: User): string => {
return user.username;
}}
.renderDescription=${(user: User): TemplateResult => {
return html`${user.name}`;
}}
.value=${(user: User | undefined): number | undefined => {
return user?.pk;
}}
.selected=${(user: User): boolean => {
return user.pk === this.previewUser?.pk;
}}
?blankable=${true}
@ak-change=${(ev: CustomEvent) => {
this.previewUser = ev.detail.value;
this.fetchPreview();
}}
>
</ak-search-select>
`,
],
],
{ horizontal: true },
)}
</div>
<div class="pf-c-card__body">
${this.preview

73
web/src/admin/providers/saml/SAMLProviderViewPage.ts
View File

@ -1,5 +1,6 @@
import "@goauthentik/admin/providers/RelatedApplicationButton";
import "@goauthentik/admin/providers/saml/SAMLProviderForm";
import renderDescriptionList from "@goauthentik/app/components/DescriptionList";
import "@goauthentik/app/elements/rbac/ObjectPermissionsPage";
import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
import { EVENT_REFRESH } from "@goauthentik/common/constants";
@ -34,11 +35,14 @@ import PFBase from "@patternfly/patternfly/patternfly-base.css";
import {
CertificateKeyPair,
CoreApi,
CoreUsersListRequest,
CryptoApi,
ProvidersApi,
RbacPermissionsAssignedByUsersListModelEnum,
SAMLMetadata,
SAMLProvider,
User,
} from "@goauthentik/api";
interface SAMLPreviewAttribute {
@ -96,6 +100,9 @@ export class SAMLProviderViewPage extends AKElement {
@state()
verifier?: CertificateKeyPair;
@state()
previewUser?: User;
static get styles(): CSSResult[] {
return [
PFBase,
@ -120,6 +127,17 @@ export class SAMLProviderViewPage extends AKElement {
});
}
fetchPreview(): void {
new ProvidersApi(DEFAULT_CONFIG)
.providersSamlPreviewUserRetrieve({
id: this.provider?.pk || 0,
forUser: this.previewUser?.pk,
})
.then((preview) => {
this.preview = preview.preview as SAMLPreviewAttribute;
});
}
renderRelatedObjects(): TemplateResult {
const relatedObjects = [];
if (this.provider?.assignedApplicationName) {
@ -203,13 +221,7 @@ export class SAMLProviderViewPage extends AKElement {
slot="page-preview"
data-tab-title="${msg("Preview")}"
@activate=${() => {
new ProvidersApi(DEFAULT_CONFIG)
.providersSamlPreviewUserRetrieve({
id: this.provider?.pk || 0,
})
.then((preview) => {
this.preview = preview.preview as SAMLPreviewAttribute;
});
this.fetchPreview();
}}
>
${this.renderTabPreview()}
@ -494,6 +506,47 @@ export class SAMLProviderViewPage extends AKElement {
>
<div class="pf-c-card">
<div class="pf-c-card__title">${msg("Example SAML attributes")}</div>
<div class="pf-c-card__body">
${renderDescriptionList([
[
"Preview for user",
html`
<ak-search-select
.fetchObjects=${async (query?: string): Promise<User[]> => {
const args: CoreUsersListRequest = {
ordering: "username",
};
if (query !== undefined) {
args.search = query;
}
const users = await new CoreApi(
DEFAULT_CONFIG,
).coreUsersList(args);
return users.results;
}}
.renderElement=${(user: User): string => {
return user.username;
}}
.renderDescription=${(user: User): TemplateResult => {
return html`${user.name}`;
}}
.value=${(user: User | undefined): number | undefined => {
return user?.pk;
}}
.selected=${(user: User): boolean => {
return user.pk === this.previewUser?.pk;
}}
?blankable=${true}
@ak-change=${(ev: CustomEvent) => {
this.previewUser = ev.detail.value;
this.fetchPreview();
}}
>
</ak-search-select>
`,
],
])}
</div>
<div class="pf-c-card__body">
<dl class="pf-c-description-list pf-m-2-col-on-lg">
<div class="pf-c-description-list__group">
@ -519,11 +572,7 @@ export class SAMLProviderViewPage extends AKElement {
</dt>
<dd class="pf-c-description-list__description">
<div class="pf-c-description-list__text">
<ul class="pf-c-list">
${attr.Value.map((value) => {
return html` <li><pre>${value}</pre></li> `;
})}
</ul>
<ul class="pf-c-list"></ul>
</div>
</dd>
</div>`;

18
web/src/components/DescriptionList.ts
View File

@ -1,3 +1,5 @@
import { first } from "@goauthentik/app/common/utils";
import { TemplateResult, html, nothing } from "lit";
import { classMap } from "lit/directives/class-map.js";
import { map } from "lit/directives/map.js";
@ -7,10 +9,10 @@ export type DescriptionPair = [string, DescriptionDesc];
export type DescriptionRecord = { term: string; desc: DescriptionDesc };
interface DescriptionConfig {
horizontal: boolean;
compact: boolean;
twocolumn: boolean;
threecolumn: boolean;
horizontal?: boolean;
compact?: boolean;
twocolumn?: boolean;
threecolumn?: boolean;
}
const isDescriptionRecordCollection = (v: Array<unknown>): v is DescriptionRecord[] =>
@ -78,10 +80,10 @@ export function renderDescriptionList(
) {
const checkedTerms = alignTermType(terms);
const classes = classMap({
"pf-m-horizontal": config.horizontal,
"pf-m-compact": config.compact,
"pf-m-2-col-on-lg": config.twocolumn,
"pf-m-3-col-on-lg": config.threecolumn,
"pf-m-horizontal": first(config.horizontal, false),
"pf-m-compact": first(config.compact, false),
"pf-m-2-col-on-lg": first(config.twocolumn, false),
"pf-m-3-col-on-lg": first(config.threecolumn, false),
});
return html`

1
web/src/elements/charts/Chart.ts
View File

@ -168,6 +168,7 @@ export abstract class AKChart<T> extends AKElement {
getOptions(): ChartOptions {
return {
maintainAspectRatio: false,
responsive: true,
scales: {
x: {
type: "time",

9
web/xliff/de.xlf
View File

@ -1544,9 +1544,6 @@
<source>JWKS URL</source>
<target>JWKS URL</target>
</trans-unit>
<trans-unit id="s453b0c150a7ca58e">
<source>Example JWT payload (for currently authenticated user)</source>
</trans-unit>
<trans-unit id="sc6e8a34361c7c272">
<source>Forward auth (domain-level)</source>
<target>Authentifizierung weiterleiten (Domänenebene)</target>
@ -6387,6 +6384,12 @@ Bindings to groups/users are checked against the user of the event.</source>
</trans-unit>
<trans-unit id="s17032e57ba222d2f">
<source>Permissions assigned to this role which affect all object instances of a given type.</source>
</trans-unit>
<trans-unit id="sb9b51124d1b3dca0">
<source>JWT payload</source>
</trans-unit>
<trans-unit id="sbd065743a0c599e3">
<source>Preview for user</source>
</trans-unit>
</body>
</file>

10
web/xliff/en.xlf
View File

@ -1617,10 +1617,6 @@
<source>JWKS URL</source>
<target>JWKS URL</target>
</trans-unit>
<trans-unit id="s453b0c150a7ca58e">
<source>Example JWT payload (for currently authenticated user)</source>
<target>Example JWT payload (for currently authenticated user)</target>
</trans-unit>
<trans-unit id="sc6e8a34361c7c272">
<source>Forward auth (domain-level)</source>
<target>Forward auth (domain-level)</target>
@ -6658,6 +6654,12 @@ Bindings to groups/users are checked against the user of the event.</source>
</trans-unit>
<trans-unit id="s17032e57ba222d2f">
<source>Permissions assigned to this role which affect all object instances of a given type.</source>
</trans-unit>
<trans-unit id="sb9b51124d1b3dca0">
<source>JWT payload</source>
</trans-unit>
<trans-unit id="sbd065743a0c599e3">
<source>Preview for user</source>
</trans-unit>
</body>
</file>

9
web/xliff/es.xlf
View File

@ -1516,9 +1516,6 @@
<trans-unit id="s59f5eda30a904b75">
<source>JWKS URL</source>
</trans-unit>
<trans-unit id="s453b0c150a7ca58e">
<source>Example JWT payload (for currently authenticated user)</source>
</trans-unit>
<trans-unit id="sc6e8a34361c7c272">
<source>Forward auth (domain-level)</source>
<target>Autenticación directa (nivel de dominio)</target>
@ -6303,6 +6300,12 @@ Bindings to groups/users are checked against the user of the event.</source>
</trans-unit>
<trans-unit id="s17032e57ba222d2f">
<source>Permissions assigned to this role which affect all object instances of a given type.</source>
</trans-unit>
<trans-unit id="sb9b51124d1b3dca0">
<source>JWT payload</source>
</trans-unit>
<trans-unit id="sbd065743a0c599e3">
<source>Preview for user</source>
</trans-unit>
</body>
</file>

11
web/xliff/fr.xlf
View File

@ -2014,11 +2014,6 @@
<source>JWKS URL</source>
<target>URL JWKS</target>
</trans-unit>
<trans-unit id="s453b0c150a7ca58e">
<source>Example JWT payload (for currently authenticated user)</source>
<target>Exemple de charge utile JWT (pour l'utilisateur actuellement authentifié)</target>
</trans-unit>
<trans-unit id="sc6e8a34361c7c272">
<source>Forward auth (domain-level)</source>
@ -8383,6 +8378,12 @@ Les liaisons avec les groupes/utilisateurs sont vérifiées par rapport à l'uti
</trans-unit>
<trans-unit id="s17032e57ba222d2f">
<source>Permissions assigned to this role which affect all object instances of a given type.</source>
</trans-unit>
<trans-unit id="sb9b51124d1b3dca0">
<source>JWT payload</source>
</trans-unit>
<trans-unit id="sbd065743a0c599e3">
<source>Preview for user</source>
</trans-unit>
</body>
</file>

11
web/xliff/ko.xlf
View File

@ -2008,11 +2008,6 @@
<source>JWKS URL</source>
<target>JWKS URL</target>
</trans-unit>
<trans-unit id="s453b0c150a7ca58e">
<source>Example JWT payload (for currently authenticated user)</source>
<target>JWT 페이로드 예시(현재 인가된 사용자의 경우)</target>
</trans-unit>
<trans-unit id="sc6e8a34361c7c272">
<source>Forward auth (domain-level)</source>
@ -8253,6 +8248,12 @@ Bindings to groups/users are checked against the user of the event.</source>
</trans-unit>
<trans-unit id="s17032e57ba222d2f">
<source>Permissions assigned to this role which affect all object instances of a given type.</source>
</trans-unit>
<trans-unit id="sb9b51124d1b3dca0">
<source>JWT payload</source>
</trans-unit>
<trans-unit id="sbd065743a0c599e3">
<source>Preview for user</source>
</trans-unit>
</body>
</file>

11
web/xliff/nl.xlf
View File

@ -1996,11 +1996,6 @@
<source>JWKS URL</source>
<target>JWKS-URL</target>
</trans-unit>
<trans-unit id="s453b0c150a7ca58e">
<source>Example JWT payload (for currently authenticated user)</source>
<target>Voorbeeld JWT-payload (voor momenteel geauthenticeerde gebruiker)</target>
</trans-unit>
<trans-unit id="sc6e8a34361c7c272">
<source>Forward auth (domain-level)</source>
@ -8096,6 +8091,12 @@ Bindingen naar groepen/gebruikers worden gecontroleerd tegen de gebruiker van de
</trans-unit>
<trans-unit id="s17032e57ba222d2f">
<source>Permissions assigned to this role which affect all object instances of a given type.</source>
</trans-unit>
<trans-unit id="sb9b51124d1b3dca0">
<source>JWT payload</source>
</trans-unit>
<trans-unit id="sbd065743a0c599e3">
<source>Preview for user</source>
</trans-unit>
</body>
</file>

10
web/xliff/pl.xlf
View File

@ -1561,10 +1561,6 @@
<source>JWKS URL</source>
<target>URL JWKS</target>
</trans-unit>
<trans-unit id="s453b0c150a7ca58e">
<source>Example JWT payload (for currently authenticated user)</source>
<target>Przykładowy ładunek JWT (dla aktualnie uwierzytelnionego użytkownika)</target>
</trans-unit>
<trans-unit id="sc6e8a34361c7c272">
<source>Forward auth (domain-level)</source>
<target>Forward auth (na poziomie domeny)</target>
@ -6510,6 +6506,12 @@ Bindings to groups/users are checked against the user of the event.</source>
</trans-unit>
<trans-unit id="s17032e57ba222d2f">
<source>Permissions assigned to this role which affect all object instances of a given type.</source>
</trans-unit>
<trans-unit id="sb9b51124d1b3dca0">
<source>JWT payload</source>
</trans-unit>
<trans-unit id="sbd065743a0c599e3">
<source>Preview for user</source>
</trans-unit>
</body>
</file>

11
web/xliff/pseudo-LOCALE.xlf
View File

@ -1997,11 +1997,6 @@
<source>JWKS URL</source>
<target>ĵŴĶŚ ŨŔĹ</target>
</trans-unit>
<trans-unit id="s453b0c150a7ca58e">
<source>Example JWT payload (for currently authenticated user)</source>
<target>Ēxàmƥĺē ĵŴŢ ƥàŷĺōàď (ƒōŕ ćũŕŕēńţĺŷ àũţĥēńţĩćàţēď ũśēŕ)</target>
</trans-unit>
<trans-unit id="sc6e8a34361c7c272">
<source>Forward auth (domain-level)</source>
@ -8230,4 +8225,10 @@ Bindings to groups/users are checked against the user of the event.</source>
<trans-unit id="s17032e57ba222d2f">
<source>Permissions assigned to this role which affect all object instances of a given type.</source>
</trans-unit>
<trans-unit id="sb9b51124d1b3dca0">
<source>JWT payload</source>
</trans-unit>
<trans-unit id="sbd065743a0c599e3">
<source>Preview for user</source>
</trans-unit>
</body></file></xliff>

9
web/xliff/tr.xlf
View File

@ -1515,9 +1515,6 @@
<trans-unit id="s59f5eda30a904b75">
<source>JWKS URL</source>
</trans-unit>
<trans-unit id="s453b0c150a7ca58e">
<source>Example JWT payload (for currently authenticated user)</source>
</trans-unit>
<trans-unit id="sc6e8a34361c7c272">
<source>Forward auth (domain-level)</source>
<target>İleri kimlik doğrulama (alan düzeyi)</target>
@ -6296,6 +6293,12 @@ Bindings to groups/users are checked against the user of the event.</source>
</trans-unit>
<trans-unit id="s17032e57ba222d2f">
<source>Permissions assigned to this role which affect all object instances of a given type.</source>
</trans-unit>
<trans-unit id="sb9b51124d1b3dca0">
<source>JWT payload</source>
</trans-unit>
<trans-unit id="sbd065743a0c599e3">
<source>Preview for user</source>
</trans-unit>
</body>
</file>

9
web/xliff/zh-CN.xlf
View File

@ -1483,9 +1483,6 @@
<trans-unit id="s59f5eda30a904b75">
<source>JWKS URL</source>
</trans-unit>
<trans-unit id="s453b0c150a7ca58e">
<source>Example JWT payload (for currently authenticated user)</source>
</trans-unit>
<trans-unit id="scb489a1a173ac3f0">
<source>Yes</source>
</trans-unit>
@ -5206,6 +5203,12 @@ Bindings to groups/users are checked against the user of the event.</source>
<trans-unit id="s17032e57ba222d2f">
<source>Permissions assigned to this role which affect all object instances of a given type.</source>
</trans-unit>
<trans-unit id="sb9b51124d1b3dca0">
<source>JWT payload</source>
</trans-unit>
<trans-unit id="sbd065743a0c599e3">
<source>Preview for user</source>
</trans-unit>
</body>
</file>
</xliff>

19
web/xliff/zh-Hans.xlf
View File

@ -2015,11 +2015,6 @@
<source>JWKS URL</source>
<target>JWKS URL</target>
</trans-unit>
<trans-unit id="s453b0c150a7ca58e">
<source>Example JWT payload (for currently authenticated user)</source>
<target>示例 JWT 载荷(当前经过身份验证的用户)</target>
</trans-unit>
<trans-unit id="sc6e8a34361c7c272">
<source>Forward auth (domain-level)</source>
@ -8366,10 +8361,6 @@ Bindings to groups/users are checked against the user of the event.</source>
<source>Selected Applications</source>
<target>已选应用</target>
</trans-unit>
<trans-unit id="s862505f29064fc72">
<source>This option configures the footer links on the flow executor pages. It must be a valid YAML or JSON list and can be used as follows:</source>
<target>此选项配置流程执行器页面上的页脚链接。必须为有效的 YAML 或 JSON 列表,可以使用以下值:</target>
</trans-unit>
<trans-unit id="sb2275335377069aa">
<source>This feature requires an enterprise license.</source>
</trans-unit>
@ -8408,6 +8399,16 @@ Bindings to groups/users are checked against the user of the event.</source>
</trans-unit>
<trans-unit id="s17032e57ba222d2f">
<source>Permissions assigned to this role which affect all object instances of a given type.</source>
</trans-unit>
<trans-unit id="s862505f29064fc72">
<source>This option configures the footer links on the flow executor pages. It must be a valid YAML or JSON list and can be used as follows:</source>
<target>此选项配置流程执行器页面上的页脚链接。必须为有效的 YAML 或 JSON 列表,可以使用以下值:</target>
</trans-unit>
<trans-unit id="sb9b51124d1b3dca0">
<source>JWT payload</source>
</trans-unit>
<trans-unit id="sbd065743a0c599e3">
<source>Preview for user</source>
</trans-unit>
</body>
</file>

9
web/xliff/zh-Hant.xlf
View File

@ -1529,9 +1529,6 @@
<trans-unit id="s59f5eda30a904b75">
<source>JWKS URL</source>
</trans-unit>
<trans-unit id="s453b0c150a7ca58e">
<source>Example JWT payload (for currently authenticated user)</source>
</trans-unit>
<trans-unit id="sc6e8a34361c7c272">
<source>Forward auth (domain-level)</source>
<target>转发身份验证(域级)</target>
@ -6344,6 +6341,12 @@ Bindings to groups/users are checked against the user of the event.</source>
</trans-unit>
<trans-unit id="s17032e57ba222d2f">
<source>Permissions assigned to this role which affect all object instances of a given type.</source>
</trans-unit>
<trans-unit id="sb9b51124d1b3dca0">
<source>JWT payload</source>
</trans-unit>
<trans-unit id="sbd065743a0c599e3">
<source>Preview for user</source>
</trans-unit>
</body>
</file>

11
web/xliff/zh_TW.xlf
View File

@ -1998,11 +1998,6 @@
<source>JWKS URL</source>
<target>JWKS 網址</target>
</trans-unit>
<trans-unit id="s453b0c150a7ca58e">
<source>Example JWT payload (for currently authenticated user)</source>
<target>範例 JWT 酬載(給目前已認證的使用者)</target>
</trans-unit>
<trans-unit id="sc6e8a34361c7c272">
<source>Forward auth (domain-level)</source>
@ -8214,6 +8209,12 @@ Bindings to groups/users are checked against the user of the event.</source>
</trans-unit>
<trans-unit id="s17032e57ba222d2f">
<source>Permissions assigned to this role which affect all object instances of a given type.</source>
</trans-unit>
<trans-unit id="sb9b51124d1b3dca0">
<source>JWT payload</source>
</trans-unit>
<trans-unit id="sbd065743a0c599e3">
<source>Preview for user</source>
</trans-unit>
</body>
</file>