website: Bump prettier from 3.3.3 to 3.4.1 in /website (#12205)

* website: Bump prettier from 3.3.3 to 3.4.1 in /website

Bumps [prettier](https://github.com/prettier/prettier) from 3.3.3 to 3.4.1.
- [Release notes](https://github.com/prettier/prettier/releases)
- [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md)
- [Commits](https://github.com/prettier/prettier/compare/3.3.3...3.4.1)

---
updated-dependencies:
- dependency-name: prettier
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* update formatting

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* sigh

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* disable flaky test

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>

website/docs/users-sources/sources/directory-sync/active-directory/index.md

@@ -8,8 +8,8 @@ title: Active Directory
 
 The following placeholders will be used:
 
--   `ad.company` is the Name of the Active Directory domain.
--   `authentik.company` is the FQDN of the authentik install.
+- `ad.company` is the Name of the Active Directory domain.
+- `authentik.company` is the FQDN of the authentik install.
 
 ## Active Directory setup
 
@@ -41,7 +41,7 @@ In authentik, create a new LDAP Source in Directory -> Federation & Social login
 
 Use these settings:
 
--   Server URI: `ldap://ad.company`
+- Server URI: `ldap://ad.company`
 
     For authentik to be able to write passwords back to Active Directory, make sure to use `ldaps://`. You can test to verify LDAPS is working using `ldp.exe`.
 
@@ -49,20 +49,20 @@ Use these settings:
 
     When using a DNS entry with multiple Records, authentik will select a random entry when first connecting.
 
--   Bind CN: `<name of your service user>@ad.company`
--   Bind Password: The password you've given the user above
--   Base DN: The base DN which you want authentik to sync
--   Property mappings: Control/Command-select all Mappings which start with "authentik default LDAP" and "authentik default Active Directory"
--   Group property mappings: Select "authentik default LDAP Mapping: Name"
+- Bind CN: `<name of your service user>@ad.company`
+- Bind Password: The password you've given the user above
+- Base DN: The base DN which you want authentik to sync
+- Property mappings: Control/Command-select all Mappings which start with "authentik default LDAP" and "authentik default Active Directory"
+- Group property mappings: Select "authentik default LDAP Mapping: Name"
 
 Additional settings that might need to be adjusted based on the setup of your domain:
 
--   Group: If enabled, all synchronized groups will be given this group as a parent.
--   Addition User/Group DN: Additional DN which is _prepended_ to your Base DN configured above to limit the scope of synchronization for Users and Groups
--   User object filter: Which objects should be considered users. For Active Directory set it to `(&(objectClass=user)(!(objectClass=computer)))` to exclude Computer accounts.
--   Group object filter: Which objects should be considered groups.
--   Group membership field: Which user field saves the group membership
--   Object uniqueness field: A user field which contains a unique Identifier
+- Group: If enabled, all synchronized groups will be given this group as a parent.
+- Addition User/Group DN: Additional DN which is _prepended_ to your Base DN configured above to limit the scope of synchronization for Users and Groups
+- User object filter: Which objects should be considered users. For Active Directory set it to `(&(objectClass=user)(!(objectClass=computer)))` to exclude Computer accounts.
+- Group object filter: Which objects should be considered groups.
+- Group membership field: Which user field saves the group membership
+- Object uniqueness field: A user field which contains a unique Identifier
 
 After you save the source, a synchronization will start in the background. When its done, you can see the summary under Dashboards -> System Tasks.
 

website/docs/users-sources/sources/directory-sync/freeipa/index.md

@@ -8,9 +8,9 @@ title: FreeIPA
 
 The following placeholders will be used:
 
--   `svc_authentik` is the name of the bind account.
--   `freeipa.company` is the Name of the domain.
--   `ipa1.freeipa.company` is the Name of the FreeIPA server.
+- `svc_authentik` is the name of the bind account.
+- `freeipa.company` is the Name of the domain.
+- `ipa1.freeipa.company` is the Name of the FreeIPA server.
 
 ## FreeIPA Setup
 
@@ -47,27 +47,27 @@ In authentik, create a new LDAP Source in Resources -> Sources.
 
 Use these settings:
 
--   Server URI: `ldaps://ipa1.freeipa.company`
+- Server URI: `ldaps://ipa1.freeipa.company`
 
     You can specify multiple servers by separating URIs with a comma, like `ldap://ipa1.freeipa.company,ldap://ipa2.freeipa.company`.
 
     When using a DNS entry with multiple Records, authentik will select a random entry when first connecting.
 
--   Bind CN: `uid=svc_authentik,cn=users,cn=accounts,dc=freeipa,dc=company`
--   Bind Password: The password you've given the user above
--   Base DN: `dc=freeipa,dc=company`
--   Property mappings: Control/Command-select all Mappings which start with "authentik default LDAP" and "authentik default OpenLDAP"
--   Group property mappings: Select "authentik default OpenLDAP Mapping: cn"
+- Bind CN: `uid=svc_authentik,cn=users,cn=accounts,dc=freeipa,dc=company`
+- Bind Password: The password you've given the user above
+- Base DN: `dc=freeipa,dc=company`
+- Property mappings: Control/Command-select all Mappings which start with "authentik default LDAP" and "authentik default OpenLDAP"
+- Group property mappings: Select "authentik default OpenLDAP Mapping: cn"
 
 Additional settings:
 
--   Group: If selected, all synchronized groups will be given this group as a parent.
--   Addition User/Group DN: `cn=users,cn=accounts`
--   Addition Group DN: `cn=groups,cn=accounts`
--   User object filter: `(objectClass=person)`
--   Group object filter: `(objectClass=groupofnames)`
--   Group membership field: `member`
--   Object uniqueness field: `ipaUniqueID`
+- Group: If selected, all synchronized groups will be given this group as a parent.
+- Addition User/Group DN: `cn=users,cn=accounts`
+- Addition Group DN: `cn=groups,cn=accounts`
+- User object filter: `(objectClass=person)`
+- Group object filter: `(objectClass=groupofnames)`
+- Group membership field: `member`
+- Object uniqueness field: `ipaUniqueID`
 
     ![](./04_source_settings_1.png)
     ![](./05_source_settings_2.png)

website/docs/users-sources/sources/index.md

@@ -8,10 +8,10 @@ Sources allow you to connect authentik to an external user directory. Sources ca
 
 Sources are in the following general categories:
 
--   **Protocols** ([Kerberos](./protocols/kerberos/index.md), [LDAP](./protocols/ldap/index.md), [OAuth](./protocols/oauth/index.md), [SAML](./protocols/saml/index.md), and [SCIM](./protocols/scim/index.md))
--   [**Property mappings**](./property-mappings/index.md) or how to import data from a source
--   **Directory synchronization** (Active Directory, FreeIPA)
--   **Social logins** (Apple, Discord, Twitch, Twitter, and many others)
+- **Protocols** ([Kerberos](./protocols/kerberos/index.md), [LDAP](./protocols/ldap/index.md), [OAuth](./protocols/oauth/index.md), [SAML](./protocols/saml/index.md), and [SCIM](./protocols/scim/index.md))
+- [**Property mappings**](./property-mappings/index.md) or how to import data from a source
+- **Directory synchronization** (Active Directory, FreeIPA)
+- **Social logins** (Apple, Discord, Twitch, Twitter, and many others)
 
 For instructions to add a specific source, refer to the documentation links in the left navigation pane.
 

website/docs/users-sources/sources/property-mappings/expressions.md

@@ -6,9 +6,9 @@ The property mapping should return a value that is expected by the source. Retur
 
 ## Variables
 
--   Arbitrary arguments given by the source (this is documented by the source).
--   `properties`: A Python dictionary containing the result of the previously run property mappings, plus the initial data computed by the source.
--   `request`: The current request. This may be `None` if there is no contextual request. See ([Django documentation](https://docs.djangoproject.com/en/3.0/ref/request-response/#httprequest-objects))
+- Arbitrary arguments given by the source (this is documented by the source).
+- `properties`: A Python dictionary containing the result of the previously run property mappings, plus the initial data computed by the source.
+- `request`: The current request. This may be `None` if there is no contextual request. See ([Django documentation](https://docs.djangoproject.com/en/3.0/ref/request-response/#httprequest-objects))
 
 import Objects from "../../../expressions/\_objects.md";
 

website/docs/users-sources/sources/property-mappings/index.md

@@ -6,11 +6,11 @@ Source property mappings allow you to modify or gather extra information from so
 
 This page is an overview of how property mappings work. For information about specific protocol, please refer to each protocol page:
 
--   [Kerberos](../protocols/kerberos/#kerberos-source-property-mappings)
--   [LDAP](../protocols/ldap/index.md#ldap-source-property-mappings)
--   [OAuth](../protocols/oauth/index.md#oauth-source-property-mappings)
--   [SAML](../protocols/saml/index.md#saml-source-property-mappings)
--   [SCIM](../protocols/scim/index.md#scim-source-property-mappings)
+- [Kerberos](../protocols/kerberos/#kerberos-source-property-mappings)
+- [LDAP](../protocols/ldap/index.md#ldap-source-property-mappings)
+- [OAuth](../protocols/oauth/index.md#oauth-source-property-mappings)
+- [SAML](../protocols/saml/index.md#saml-source-property-mappings)
+- [SCIM](../protocols/scim/index.md#scim-source-property-mappings)
 
 ## Create a custom source property mapping
 
@@ -57,8 +57,8 @@ A user or group object is constructed as follows:
 
 1.  The source provides initial properties based on commonly used data.
 2.  Each property mapping associated with the source is run and results are merged into the previous properties.
-    -   If a property mapping throws an error, the process is aborted. If that happens inside a synchronization process, the object is skipped. If it happens during an enrollment or authentication flow, the flow is cancelled.
-    -   If a property mapping sets one attribute to `None`, that attribute is then discarded.
+    - If a property mapping throws an error, the process is aborted. If that happens inside a synchronization process, the object is skipped. If it happens during an enrollment or authentication flow, the flow is cancelled.
+    - If a property mapping sets one attribute to `None`, that attribute is then discarded.
 3.  If the `username` field is not set for user objects, or the `name` field is not set for group objects, the process is aborted.
 4.  The object is created or updated. The `attributes` property is merged with existing data if the object already exists.
 

website/docs/users-sources/sources/protocols/kerberos/index.md

@@ -13,16 +13,16 @@ This source allows users to enroll themselves with an existing Kerberos identity
 
 The following placeholders will be used:
 
--   `REALM.COMPANY` is the Kerberos realm.
--   `authentik.company` is the FQDN of the authentik install.
+- `REALM.COMPANY` is the Kerberos realm.
+- `authentik.company` is the FQDN of the authentik install.
 
 Examples are shown for an MIT Krb5 KDC system; you might need to adapt them for you Kerberos installation.
 
 There are three ways to use the Kerberos source:
 
--   As a password backend, where users can log in to authentik with their Kerberos password.
--   As a directory source, where users are synced from the KDC.
--   With SPNEGO, where users can log in to authentik with their [browser](./browser.md) and their Kerberos credentials.
+- As a password backend, where users can log in to authentik with their Kerberos password.
+- As a directory source, where users are synced from the KDC.
+- With SPNEGO, where users can log in to authentik with their [browser](./browser.md) and their Kerberos credentials.
 
 You can choose to use one or several of those methods.
 
@@ -30,13 +30,13 @@ You can choose to use one or several of those methods.
 
 In the authentik Admin interface, under **Directory** -> **Federation and Social login**, create a new source of type Kerberos with these settings:
 
--   Name: a value of your choosing. This name is shown to users if you use the SPNEGO login method.
--   Slug: `kerberos`
--   Realm: `REALM.COMPANY`
--   Kerberos 5 configuration: If you need to override the default Kerberos configuration, you can do it here. See [man krb5.conf(5)](https://web.mit.edu/kerberos/krb5-latest/doc/admin/conf_files/krb5_conf.html) for the expected format.
--   User matching mode: define how Kerberos users get matched to authentik users.
--   Group matching mode: define how Kerberos groups (specified via property mappings) get matched to authentik groups.
--   User property mappings and group property mappings: see [Source property mappings](../../property-mappings/index.md) and the section below for details.
+- Name: a value of your choosing. This name is shown to users if you use the SPNEGO login method.
+- Slug: `kerberos`
+- Realm: `REALM.COMPANY`
+- Kerberos 5 configuration: If you need to override the default Kerberos configuration, you can do it here. See [man krb5.conf(5)](https://web.mit.edu/kerberos/krb5-latest/doc/admin/conf_files/krb5_conf.html) for the expected format.
+- User matching mode: define how Kerberos users get matched to authentik users.
+- Group matching mode: define how Kerberos groups (specified via property mappings) get matched to authentik groups.
+- User property mappings and group property mappings: see [Source property mappings](../../property-mappings/index.md) and the section below for details.
 
 ## Password backend
 
@@ -61,9 +61,9 @@ $ rm /tmp/authentik.keytab
 
 In authentik, configure these extra options:
 
--   Sync users: enable it
--   Sync principal: `authentik/admin@REALM.COMPANY`
--   Sync keytab: the base64-encoded keytab created above.
+- Sync users: enable it
+- Sync principal: `authentik/admin@REALM.COMPANY`
+- Sync keytab: the base64-encoded keytab created above.
 
 If you do not wish to use a keytab, you can also configure authentik to authenticate using a password, or an existing credentials cache.
 
@@ -82,7 +82,7 @@ $ rm /tmp/authentik.keytab
 
 In authentik, configure these extra options:
 
--   SPNEGO keytab: the base64-encoded keytab created above.
+- SPNEGO keytab: the base64-encoded keytab created above.
 
 If you do not wish to use a keytab, you can also configure authentik to use an existing credentials cache.
 
@@ -100,8 +100,8 @@ If not specified, the server name defaults to trying out all entries in the keyt
 
 There are some extra settings you can configure:
 
--   Update internal password on login: when a user logs in to authentik using the Kerberos source as a password backend, their internal authentik password will be updated to match the one from Kerberos.
--   Use password writeback: when a user changes their password in authentik, their Kerberos password is automatically updated to match the one from authentik. This is only available if synchronization is configured.
+- Update internal password on login: when a user logs in to authentik using the Kerberos source as a password backend, their internal authentik password will be updated to match the one from Kerberos.
+- Use password writeback: when a user changes their password in authentik, their Kerberos password is automatically updated to match the one from authentik. This is only available if synchronization is configured.
 
 ## Kerberos source property mappings
 
@@ -113,14 +113,14 @@ By default, authentik ships with [pre-configured mappings](#built-in-property-ma
 
 Kerberos property mappings are used when you define a Kerberos source. These mappings define which Kerberos property maps to which authentik property. By default, the following mappings are created:
 
--   authentik default Kerberos User Mapping: Add realm as group
-    The realm of the user will be added as a group for that user.
--   authentik default Kerberos User Mapping: Ignore other realms
-    Realms other than the one configured on the source are ignored, and log in is not allowed.
--   authentik default Kerberos User Mapping: Ignore system principals
-    System principals such as `K/M` or `kadmin/admin` are ignored.
--   authentik default Kerberos User Mapping: Multipart principals as service accounts
-    Multipart principals (for example: `HTTP/authentik.company`) have their user type set to **service account**.
+- authentik default Kerberos User Mapping: Add realm as group
+  The realm of the user will be added as a group for that user.
+- authentik default Kerberos User Mapping: Ignore other realms
+  Realms other than the one configured on the source are ignored, and log in is not allowed.
+- authentik default Kerberos User Mapping: Ignore system principals
+  System principals such as `K/M` or `kadmin/admin` are ignored.
+- authentik default Kerberos User Mapping: Multipart principals as service accounts
+  Multipart principals (for example: `HTTP/authentik.company`) have their user type set to **service account**.
 
 These property mappings are configured with the most common Kerberos setups.
 
@@ -128,7 +128,7 @@ These property mappings are configured with the most common Kerberos setups.
 
 The following variable is available to Kerberos source property mappings:
 
--   `principal`: a Python string containing the Kerberos principal. For example `alice@REALM.COMPANY` or `HTTP/authentik.company@REALM.COMPANY`.
+- `principal`: a Python string containing the Kerberos principal. For example `alice@REALM.COMPANY` or `HTTP/authentik.company@REALM.COMPANY`.
 
 ## Troubleshooting
 

website/docs/users-sources/sources/protocols/ldap/index.md

@@ -14,38 +14,38 @@ For FreeIPA, follow the [FreeIPA Integration](../../directory-sync/freeipa/index
 
 To create or edit a source in authentik, open the Admin interface and navigate to **Directory -> Ferderation and Social login**. There you can create a new LDAP source, or edit an existing one, using the following settings.
 
--   **Enabled**: Toggle this option on to allow authentik to use the defined LDAP source.
+- **Enabled**: Toggle this option on to allow authentik to use the defined LDAP source.
 
--   **Update internal password on login**: When the user logs in to authentik using the LDAP password backend, the password is stored as a hashed value in authentik. Toggle off (default setting) if you do not want to store the hashed passwords in authentik.
+- **Update internal password on login**: When the user logs in to authentik using the LDAP password backend, the password is stored as a hashed value in authentik. Toggle off (default setting) if you do not want to store the hashed passwords in authentik.
 
--   **Sync users**: Enable or disable user synchronization between authentik and the LDAP source.
+- **Sync users**: Enable or disable user synchronization between authentik and the LDAP source.
 
--   **User password writeback**: Enable this option if you want to write password changes that are made in authentik back to LDAP.
+- **User password writeback**: Enable this option if you want to write password changes that are made in authentik back to LDAP.
 
--   **Sync groups**: Enable/disable group synchronization. Groups are synced in the background every 5 minutes.
+- **Sync groups**: Enable/disable group synchronization. Groups are synced in the background every 5 minutes.
 
--   **Parent group**: Optionally set this group as the parent group for all synced groups. An example use case of this would be to import Active Directory groups under a root `imported-from-ad` group.
+- **Parent group**: Optionally set this group as the parent group for all synced groups. An example use case of this would be to import Active Directory groups under a root `imported-from-ad` group.
 
 #### Connection settings
 
--   **Server URI**: URI to your LDAP server/Domain Controller. You can specify multiple servers by separating URIs with a comma, like `ldap://ldap1.company,ldap://ldap2.company`. When using a DNS entry with multiple Records, authentik will select a random entry when first connecting.
+- **Server URI**: URI to your LDAP server/Domain Controller. You can specify multiple servers by separating URIs with a comma, like `ldap://ldap1.company,ldap://ldap2.company`. When using a DNS entry with multiple Records, authentik will select a random entry when first connecting.
 
-    -   **Enable StartTLS**: Enables StartTLS functionality. To use LDAPS instead, use port `636`.
-    -   **Use Server URI for SNI verification**: this setting is required for servers using TLS 1.3+
+    - **Enable StartTLS**: Enables StartTLS functionality. To use LDAPS instead, use port `636`.
+    - **Use Server URI for SNI verification**: this setting is required for servers using TLS 1.3+
 
--   **TLS Verification Certificate**: Specify a keypair to validate the remote certificate.
+- **TLS Verification Certificate**: Specify a keypair to validate the remote certificate.
 
--   **TLS Client authentication**: Client certificate keypair to authenticate against the LDAP Server's Certificate.
+- **TLS Client authentication**: Client certificate keypair to authenticate against the LDAP Server's Certificate.
 
--   **Bind CN**: CN of the bind user. This can also be a UPN in the format of `user@domain.tld`.
+- **Bind CN**: CN of the bind user. This can also be a UPN in the format of `user@domain.tld`.
 
--   **Bind password**: Password used during the bind process.
+- **Bind password**: Password used during the bind process.
 
--   **Base DN**: Base DN (distinguished name) used for all LDAP queries.
+- **Base DN**: Base DN (distinguished name) used for all LDAP queries.
 
 #### LDAP Attribute mapping
 
--   **User Property Mappings** and **Group Property Mappings**: Define which LDAP properties map to which authentik properties. The default set of property mappings is generated for Active Directory. See also our documentation on [property mappings](#ldap-source-property-mappings).
+- **User Property Mappings** and **Group Property Mappings**: Define which LDAP properties map to which authentik properties. The default set of property mappings is generated for Active Directory. See also our documentation on [property mappings](#ldap-source-property-mappings).
 
     :::warning
     When the **Sync users** and or the **Sync groups** options are enabled, their respective property mapping options must have at least one mapping selected, otherwise the sync will not start.
@@ -53,21 +53,21 @@ To create or edit a source in authentik, open the Admin interface and navigate t
 
 #### Additional Settings
 
--   **Group**: Parent group for all the groups imported from LDAP.
+- **Group**: Parent group for all the groups imported from LDAP.
 
--   **User path**: Path template for all new users created.
+- **User path**: Path template for all new users created.
 
--   **Addition User DN**: Prepended to the base DN for user queries.
+- **Addition User DN**: Prepended to the base DN for user queries.
 
--   **Addition Group DN**: Prepended to the base DN for group queries.
+- **Addition Group DN**: Prepended to the base DN for group queries.
 
--   **User object filter**: Consider objects matching this filter to be users.
+- **User object filter**: Consider objects matching this filter to be users.
 
--   **Group object filter**: Consider objects matching this filter to be groups.
+- **Group object filter**: Consider objects matching this filter to be groups.
 
--   **Group membership field**: This field contains the user's group memberships.
+- **Group membership field**: This field contains the user's group memberships.
 
--   **Object uniqueness field**: This field contains a unique identifier.
+- **Object uniqueness field**: This field contains a unique identifier.
 
 ## LDAP source property mappings
 
@@ -90,14 +90,14 @@ return {
 
 LDAP property mappings are used when you define a LDAP source. These mappings define which LDAP property maps to which authentik property. By default, the following mappings are created:
 
--   authentik default Active Directory Mapping: givenName
--   authentik default Active Directory Mapping: sAMAccountName
--   authentik default Active Directory Mapping: sn
--   authentik default Active Directory Mapping: userPrincipalName
--   authentik default LDAP Mapping: mail
--   authentik default LDAP Mapping: Name
--   authentik default OpenLDAP Mapping: cn
--   authentik default OpenLDAP Mapping: uid
+- authentik default Active Directory Mapping: givenName
+- authentik default Active Directory Mapping: sAMAccountName
+- authentik default Active Directory Mapping: sn
+- authentik default Active Directory Mapping: userPrincipalName
+- authentik default LDAP Mapping: mail
+- authentik default LDAP Mapping: Name
+- authentik default OpenLDAP Mapping: cn
+- authentik default OpenLDAP Mapping: uid
 
 These are configured with most common LDAP setups.
 
@@ -105,8 +105,8 @@ These are configured with most common LDAP setups.
 
 The following variables are available to LDAP source property mappings:
 
--   `ldap`: A Python dictionary containing data from LDAP.
--   `dn`: The object DN.
+- `ldap`: A Python dictionary containing data from LDAP.
+- `dn`: The object DN.
 
 ### Additional expression semantics
 
@@ -127,9 +127,9 @@ Sources created prior to the 2024.2 release have this setting turned on by defau
 
 Be aware of the following security considerations when turning on this functionality:
 
--   Updating the LDAP password does not invalidate the password stored in authentik; however for LDAP Servers like FreeIPA and Active Directory, authentik will lock its internal password during the next LDAP sync. For other LDAP servers, the old passwords will still be valid indefinitely.
--   Logging in via LDAP credentials overwrites the password stored in authentik if users have different passwords in LDAP and authentik.
--   Custom security measures that are used to secure the password in LDAP may differ from the ones used in authentik. Depending on threat model and security requirements this could lead to unknowingly being non-compliant.
+- Updating the LDAP password does not invalidate the password stored in authentik; however for LDAP Servers like FreeIPA and Active Directory, authentik will lock its internal password during the next LDAP sync. For other LDAP servers, the old passwords will still be valid indefinitely.
+- Logging in via LDAP credentials overwrites the password stored in authentik if users have different passwords in LDAP and authentik.
+- Custom security measures that are used to secure the password in LDAP may differ from the ones used in authentik. Depending on threat model and security requirements this could lead to unknowingly being non-compliant.
 
 ## Troubleshooting
 

website/docs/users-sources/sources/protocols/oauth/index.md

@@ -4,13 +4,13 @@ title: OAuth Source
 
 This source allows users to enroll themselves with an external OAuth-based Identity Provider. The generic provider expects the endpoint to return OpenID-Connect compatible information. Vendor-specific implementations have their own OAuth Source.
 
--   Policies: Allow/Forbid users from linking their accounts with this provider.
--   Request Token URL: This field is used for OAuth v1 implementations and will be provided by the provider.
--   Authorization URL: This value will be provided by the provider.
--   Access Token URL: This value will be provided by the provider.
--   Profile URL: This URL is called by authentik to retrieve user information upon successful authentication.
--   Consumer key/Consumer secret: These values will be provided by the provider.
--   Scopes: Configure additional scopes to send to the provider.
+- Policies: Allow/Forbid users from linking their accounts with this provider.
+- Request Token URL: This field is used for OAuth v1 implementations and will be provided by the provider.
+- Authorization URL: This value will be provided by the provider.
+- Access Token URL: This value will be provided by the provider.
+- Profile URL: This URL is called by authentik to retrieve user information upon successful authentication.
+- Consumer key/Consumer secret: These values will be provided by the provider.
+- Scopes: Configure additional scopes to send to the provider.
 
     Starting with authentik 2022.10, the default scopes can be replaced by prefix the value for scopes with `*`.
 
@@ -36,7 +36,7 @@ See the [overview](../../property-mappings/index.md) for information on how prop
 
 The following variables are available to OAuth source property mappings:
 
--   `info`: A Python dictionary containing OAuth claims. For example (values might differ depending on the source):
+- `info`: A Python dictionary containing OAuth claims. For example (values might differ depending on the source):
     ```python
     {
         "iss": "https://source.company",
@@ -51,5 +51,5 @@ The following variables are available to OAuth source property mappings:
         "nickname": "user",
     }
     ```
--   `client`: An OAuth client object to make requests to the Source with authentication built-in.
--   `token`: A Python dictionary containing OAuth tokens.
+- `client`: An OAuth client object to make requests to the Source with authentication built-in.
+- `token`: A Python dictionary containing OAuth tokens.

website/docs/users-sources/sources/protocols/saml/index.md

@@ -35,9 +35,9 @@ If you have the provider metadata, you should be able to extract all values you
 
 This will depend heavily on what software you are using for your IDP. On the Metadata tab in the SAML Federation Source you can download the metadata for the service provider, this should enable you to import this into most IDPs. If this does not work, the important parts are:
 
--   Entity ID: Taken from the Issuer/Entity ID field above
--   Return URL/ACS URL: `https://authentik.company/source/saml/<source-slug>/acs/`
--   Certificate: If you have chosen to sign your outgoing requests, use the public side of the certificate that you specified in the settings
+- Entity ID: Taken from the Issuer/Entity ID field above
+- Return URL/ACS URL: `https://authentik.company/source/saml/<source-slug>/acs/`
+- Certificate: If you have chosen to sign your outgoing requests, use the public side of the certificate that you specified in the settings
 
 ## Example IDP metadata
 
@@ -89,5 +89,5 @@ See the [overview](../../property-mappings/index.md) for information on how prop
 
 The following variables are available to SAML source property mappings:
 
--   `root`: An XML `ETree` object containing data from the source.
--   `name_id`: An XML `Element` object identifying the user.
+- `root`: An XML `ETree` object containing data from the source.
+- `name_id`: An XML `Element` object identifying the user.

website/docs/users-sources/sources/protocols/scim/index.md

@@ -64,12 +64,12 @@ Each top level SCIM attribute is available as a variable in the expression. For
 
 The following variables are available in the expression:
 
--   `schemas` as a list of strings
--   `userName` as a string
--   `name` as a dictionary
--   `emails` as a dictionary
--   `title` as a string
--   `urn_scim_schemas_extension_enterprise_2_0` as a dictionary
+- `schemas` as a list of strings
+- `userName` as a string
+- `name` as a dictionary
+- `emails` as a dictionary
+- `title` as a string
+- `urn_scim_schemas_extension_enterprise_2_0` as a dictionary
 
     :::info
     Top-level keys which include symbols not allowed in python syntax are converted to `_`.

website/docs/users-sources/sources/social-logins/apple/index.md

@@ -18,7 +18,7 @@ Apple mandates the use of a [registered TLD](https://en.wikipedia.org/wiki/List_
 
 The following placeholders will be used:
 
--   `authentik.company` is the FQDN of the authentik install.
+- `authentik.company` is the FQDN of the authentik install.
 
 ## Apple
 

website/docs/users-sources/sources/social-logins/azure-ad/index.md

@@ -8,7 +8,7 @@ title: Azure AD
 
 The following placeholders will be used:
 
--   `authentik.company` is the FQDN of the authentik install.
+- `authentik.company` is the FQDN of the authentik install.
 
 ## Azure setup
 
@@ -33,14 +33,14 @@ In authentik, create a new _Azure AD OAuth Source_ in Resources -> Sources.
 
 Use the following settings:
 
--   Name: `Azure AD`
--   Slug: `azure-ad` (this must match the URL being used above)
--   Consumer key: `*Application (client) ID* value from above`
--   Consumer secret: `*Value* of the secret from above`
+- Name: `Azure AD`
+- Slug: `azure-ad` (this must match the URL being used above)
+- Consumer key: `*Application (client) ID* value from above`
+- Consumer secret: `*Value* of the secret from above`
 
 If you kept the default _Supported account types_ selection of _Single tenant_, then you must change the URL below as well:
 
--   OIDC Well-known URL: `https://login.microsoftonline.com/*Directory (tenant) ID* from above/v2.0/.well-known/openid-configuration`
+- OIDC Well-known URL: `https://login.microsoftonline.com/*Directory (tenant) ID* from above/v2.0/.well-known/openid-configuration`
 
 ![](./authentik_01.png)
 

website/docs/users-sources/sources/social-logins/discord/index.md

@@ -10,7 +10,7 @@ Allows users to authenticate using their Discord credentials
 
 The following placeholders will be used:
 
--   `authentik.company` is the FQDN of the authentik install.
+- `authentik.company` is the FQDN of the authentik install.
 
 ## Discord
 

website/docs/users-sources/sources/social-logins/facebook/index.md

@@ -10,7 +10,7 @@ Adding Facebook as a source allows users to authenticate through authentik using
 
 The following placeholders are used:
 
--   `authentik.company` is the FQDN of the authentik install.
+- `authentik.company` is the FQDN of the authentik install.
 
 ## Facebook configuration
 

website/docs/users-sources/sources/social-logins/github/index.md

@@ -10,8 +10,8 @@ Allows users to authenticate using their Github credentials
 
 The following placeholders will be used:
 
--   `authentik.company` is the FQDN of the authentik install.
--   `www.my.company` Homepage URL for your site
+- `authentik.company` is the FQDN of the authentik install.
+- `www.my.company` Homepage URL for your site
 
 ## Github
 

website/docs/users-sources/sources/social-logins/google/index.md

@@ -10,7 +10,7 @@ Allows users to authenticate using their Google credentials
 
 The following placeholders will be used:
 
--   `authentik.company` is the FQDN of the authentik install.
+- `authentik.company` is the FQDN of the authentik install.
 
 ## Google
 

website/docs/users-sources/sources/social-logins/mailcow/index.md

@@ -10,8 +10,8 @@ Allows users to authenticate using their Mailcow credentials
 
 The following placeholders will be used:
 
--   `authentik.company` is the FQDN of the authentik install.
--   `mailcow.company` is the FQDN of the mailcow install.
+- `authentik.company` is the FQDN of the authentik install.
+- `mailcow.company` is the FQDN of the mailcow install.
 
 ## Mailcow
 

website/docs/users-sources/sources/social-logins/plex/index.md

@@ -14,11 +14,11 @@ None
 
 Add _Plex_ as a _source_
 
--   Name: Choose a name
--   Slug: Set a slug
--   Client ID: Set a unique Client Id or leave the generated ID
--   Press _Load Servers_ to login to plex and pick the authorized Plex Servers for "allowed users"
--   Decide if _anyone_ with a plex account can authenticate or only friends you share with
+- Name: Choose a name
+- Slug: Set a slug
+- Client ID: Set a unique Client Id or leave the generated ID
+- Press _Load Servers_ to login to plex and pick the authorized Plex Servers for "allowed users"
+- Decide if _anyone_ with a plex account can authenticate or only friends you share with
 
 Save, and you now have Plex as a source.
 
@@ -34,5 +34,5 @@ See the [overview](../../property-mappings/index.md) for information on how prop
 
 The following variables are available to OAuth source property mappings:
 
--   `info`: A Python dictionary containing Plex user data.
--   `auth_api`: A Plex client object to make requests to the Source with authentication built-in.
+- `info`: A Python dictionary containing Plex user data.
+- `auth_api`: A Plex client object to make requests to the Source with authentication built-in.

website/docs/users-sources/sources/social-logins/twitch/index.md

@@ -10,7 +10,7 @@ Allows users to authenticate using their Twitch credentials
 
 The following placeholders will be used:
 
--   `authentik.company` is the FQDN of the authentik install.
+- `authentik.company` is the FQDN of the authentik install.
 
 ## Twitch
 

website/docs/users-sources/sources/social-logins/twitter/index.md

@@ -10,7 +10,7 @@ Allows users to authenticate using their twitter credentials
 
 The following placeholders will be used:
 
--   `authentik.company` is the FQDN of the authentik install.
+- `authentik.company` is the FQDN of the authentik install.
 
 ## Twitter