Merge branch 'main' into web/use-oauth-by-jens

* main: (179 commits)
  website/integrations: add offline_access scope to DokuWiki (#10208)
  api: use custom json renderer for speed (#9977)
  core: bump github.com/sethvargo/go-envconfig from 1.0.3 to 1.1.0 (#10405)
  core: bump goauthentik.io/api/v3 from 3.2024060.5 to 3.2024060.6 (#10404)
  web: bump glob from 10.4.2 to 10.4.3 in /web (#10407)
  web: bump @swc/core from 1.6.7 to 1.6.13 in /web/sfe (#10408)
  core: bump ruff from 0.5.0 to 0.5.1 (#10390)
  web: bump @swc/cli from 0.3.14 to 0.4.0 in /web/sfe (#10394)
  core: bump certifi from 2024.2.2 to 2024.7.4 (#10398)
  web: bump @swc/core from 1.6.6 to 1.6.7 in /web/sfe (#10395)
  web: bump @sentry/browser from 8.14.0 to 8.15.0 in /web in the sentry group across 1 directory (#10388)
  website/integrations: aws: cleanup (#10355)
  web: bump API Client version (#10389)
  web/flows: Simplified flow executor (#10296)
  website/docs: sources: ldap: remove extra example (#10387)
  website/docs: add new content from old PR #9524 (#10158)
  stages/authenticator_validate: fix friendly_name being required (#10382)
  core: bump go api client (#10383)
  web: bump API Client version (#10381)
  outposts: make refresh interval configurable (#10138)
  ...

web/package.json

@@ -15,10 +15,12 @@
         "build-proxy": "run-s build-locales esbuild:build-proxy",
         "watch": "run-s build-locales esbuild:watch",
         "lint": "cross-env NODE_OPTIONS='--max_old_space_size=65536' eslint . --max-warnings 0 --fix",
+        "lint:lockfile": "lockfile-lint --path package.json --type npm --allowed-hosts npm --validate-https",
         "lint:precommit": "bun scripts/eslint-precommit.mjs",
         "lint:spelling": "node scripts/check-spelling.mjs",
         "lit-analyse": "lit-analyzer src",
-        "precommit": "npm-run-all --parallel tsc lit-analyse lint:spelling --sequential lint:precommit prettier",
+        "postinstall": "bash scripts/patch-spotlight.sh",
+        "precommit": "npm-run-all --parallel tsc lit-analyse lint:spelling lint:lockfile --sequential lint:precommit prettier",
         "prequick": "run-s tsc:execute lit-analyse lint:precommit lint:spelling",
         "prettier-check": "prettier --check .",
         "prettier": "prettier --write .",
@@ -27,7 +29,10 @@
         "tsc": "run-s build-locales tsc:execute",
         "storybook": "storybook dev -p 6006",
         "storybook:build": "cross-env NODE_OPTIONS='--max_old_space_size=8192' storybook build",
-        "storybook:build-import-map": "node scripts/build-storybook-import-maps.mjs"
+        "storybook:build-import-map": "node scripts/build-storybook-import-maps.mjs",
+        "test": "npx wdio run ./wdio.conf.ts --logLevel=warn --autoCompileOpts.tsNodeOpts.project=tsconfig.test.json",
+        "test-view": "npx wdio run ./wdio.conf.ts --autoCompileOpts.tsNodeOpts.project=tsconfig.test.json",
+        "test-watch": "npx wdio run ./wdio.conf.ts --autoCompileOpts.tsNodeOpts.project=tsconfig.test.json --watch"
     },
     "dependencies": {
         "@codemirror/lang-html": "^6.4.9",
@@ -38,7 +43,7 @@
         "@codemirror/theme-one-dark": "^6.1.2",
         "@formatjs/intl-listformat": "^7.5.7",
         "@fortawesome/fontawesome-free": "^6.5.2",
-        "@goauthentik/api": "^2024.4.2-1718378698",
+        "@goauthentik/api": "^2024.6.0-1720200294",
         "@lit/context": "^1.1.2",
         "@lit/localize": "^0.12.1",
         "@lit/reactive-element": "^2.0.4",
@@ -46,7 +51,7 @@
         "@open-wc/lit-helpers": "^0.7.0",
         "@patternfly/elements": "^3.0.2",
         "@patternfly/patternfly": "^4.224.2",
-        "@sentry/browser": "^8.9.2",
+        "@sentry/browser": "^8.15.0",
         "@webcomponents/webcomponentsjs": "^2.8.0",
         "base64-js": "^1.5.1",
         "chart.js": "^4.4.3",
@@ -82,26 +87,30 @@
         "@lit/localize-tools": "^0.7.2",
         "@rollup/plugin-replace": "^5.0.7",
         "@spotlightjs/spotlight": "^2.0.0",
-        "@storybook/addon-essentials": "^8.1.10",
-        "@storybook/addon-links": "^8.1.10",
+        "@storybook/addon-essentials": "^8.1.11",
+        "@storybook/addon-links": "^8.1.11",
         "@storybook/api": "^7.6.17",
         "@storybook/blocks": "^8.0.8",
-        "@storybook/manager-api": "^8.1.10",
-        "@storybook/web-components": "^8.1.10",
-        "@storybook/web-components-vite": "^8.1.10",
+        "@storybook/manager-api": "^8.1.11",
+        "@storybook/web-components": "^8.1.11",
+        "@storybook/web-components-vite": "^8.1.11",
         "@trivago/prettier-plugin-sort-imports": "^4.3.0",
         "@types/chart.js": "^2.9.41",
         "@types/codemirror": "5.60.15",
         "@types/grecaptcha": "^3.0.9",
         "@types/guacamole-common-js": "1.5.2",
         "@types/showdown": "^2.0.6",
-        "@typescript-eslint/eslint-plugin": "^7.5.0",
-        "@typescript-eslint/parser": "^7.5.0",
+        "@typescript-eslint/eslint-plugin": "^7.14.0",
+        "@typescript-eslint/parser": "^7.14.0",
+        "@wdio/browser-runner": "^8.39.1",
+        "@wdio/cli": "^8.39.1",
+        "@wdio/mocha-framework": "^8.36.1",
+        "@wdio/spec-reporter": "^8.36.1",
         "babel-plugin-macros": "^3.1.0",
         "babel-plugin-tsconfig-paths": "^1.0.3",
         "chokidar": "^3.6.0",
         "cross-env": "^7.0.3",
-        "esbuild": "^0.21.5",
+        "esbuild": "^0.23.0",
         "eslint": "^8.57.0",
         "eslint-config-google": "^0.14.0",
         "eslint-plugin-custom-elements": "0.0.8",
@@ -109,8 +118,9 @@
         "eslint-plugin-sonarjs": "^0.25.1",
         "eslint-plugin-storybook": "^0.8.0",
         "github-slugger": "^2.0.0",
-        "glob": "^10.4.1",
+        "glob": "^10.4.3",
         "lit-analyzer": "^2.0.3",
+        "lockfile-lint": "^4.14.0",
         "npm-run-all": "^4.1.5",
         "prettier": "^3.3.2",
         "pseudolocale": "^2.0.0",
@@ -118,18 +128,20 @@
         "react-dom": "^18.3.1",
         "rollup-plugin-modify": "^3.0.0",
         "rollup-plugin-postcss-lit": "^2.1.0",
-        "storybook": "^8.1.10",
+        "storybook": "^8.1.11",
         "storybook-addon-mock": "^5.0.0",
         "ts-lit-plugin": "^2.0.2",
+        "ts-node": "^10.9.2",
         "tslib": "^2.6.3",
         "turnstile-types": "^1.2.1",
-        "typescript": "^5.4.5",
-        "vite-tsconfig-paths": "^4.3.2"
+        "typescript": "^5.5.3",
+        "vite-tsconfig-paths": "^4.3.2",
+        "wdio-wait-for": "^3.0.11"
     },
     "optionalDependencies": {
-        "@esbuild/darwin-arm64": "^0.21.4",
+        "@esbuild/darwin-arm64": "^0.23.0",
         "@esbuild/linux-amd64": "^0.18.11",
-        "@esbuild/linux-arm64": "^0.21.4",
+        "@esbuild/linux-arm64": "^0.23.0",
         "@rollup/rollup-darwin-arm64": "4.18.0",
         "@rollup/rollup-linux-arm64-gnu": "4.18.0",
         "@rollup/rollup-linux-x64-gnu": "4.18.0"

web/scripts/patch-spotlight.sh

@@ -0,0 +1,26 @@
+#!/usr/bin/env bash
+
+TARGET=$(find "./node_modules/@spotlightjs/overlay/dist/" -name "index-[0-9a-f]*.js");
+
+if ! grep -GL 'QX2 = ' "$TARGET" > /dev/null ; then
+patch --forward --no-backup-if-mismatch -p0 "$TARGET" <<EOF
+--- a/index-5682ce90.js	2024-06-13 16:19:28
++++ b/index-5682ce90.js	2024-06-13 16:20:23
+@@ -4958,11 +4958,10 @@
+     }
+   );
+ }
+-const q2 = w.lazy(() => import("./main-3257b7fc.js").then((n) => n.m));
++const q2 = w.lazy(() => import("./main-3257b7fc.js").then((n) => n.m)), QX2 = () => {};
+ function Gp({
+   data: n,
+-  onUpdateData: a = () => {
+-  },
++  onUpdateData: a = QX2,
+   editingEnabled: s = !1,
+   clipboardEnabled: o = !1,
+   displayDataTypes: c = !1,
+EOF
+else
+    echo "spotlight overlay.js patch already applied"
+fi

web/sfe/index.ts

@@ -0,0 +1,529 @@
+import { fromByteArray } from "base64-js";
+import "formdata-polyfill";
+import $ from "jquery";
+import "weakmap-polyfill";
+
+import {
+    type AuthenticatorValidationChallenge,
+    type AutosubmitChallenge,
+    type ChallengeTypes,
+    ChallengeTypesFromJSON,
+    type ContextualFlowInfo,
+    type DeviceChallenge,
+    type ErrorDetail,
+    type IdentificationChallenge,
+    type PasswordChallenge,
+    type RedirectChallenge,
+} from "@goauthentik/api";
+
+interface GlobalAuthentik {
+    brand: {
+        branding_logo: string;
+    };
+}
+
+function ak(): GlobalAuthentik {
+    return (
+        window as unknown as {
+            authentik: GlobalAuthentik;
+        }
+    ).authentik;
+}
+
+class SimpleFlowExecutor {
+    challenge?: ChallengeTypes;
+    flowSlug: string;
+    container: HTMLDivElement;
+
+    constructor(container: HTMLDivElement) {
+        this.flowSlug = window.location.pathname.split("/")[3];
+        this.container = container;
+    }
+
+    get apiURL() {
+        return `/api/v3/flows/executor/${this.flowSlug}/?query=${encodeURIComponent(window.location.search.substring(1))}`;
+    }
+
+    start() {
+        $.ajax({
+            type: "GET",
+            url: this.apiURL,
+            success: (data) => {
+                this.challenge = ChallengeTypesFromJSON(data);
+                this.renderChallenge();
+            },
+        });
+    }
+
+    submit(data: { [key: string]: unknown } | FormData) {
+        $("button[type=submit]").addClass("disabled")
+            .html(`<span class="spinner-border spinner-border-sm" aria-hidden="true"></span>
+                <span role="status">Loading...</span>`);
+        let finalData: { [key: string]: unknown } = {};
+        if (data instanceof FormData) {
+            finalData = {};
+            data.forEach((value, key) => {
+                finalData[key] = value;
+            });
+        } else {
+            finalData = data;
+        }
+        $.ajax({
+            type: "POST",
+            url: this.apiURL,
+            data: JSON.stringify(finalData),
+            success: (data) => {
+                this.challenge = ChallengeTypesFromJSON(data);
+                this.renderChallenge();
+            },
+            contentType: "application/json",
+            dataType: "json",
+        });
+    }
+
+    renderChallenge() {
+        switch (this.challenge?.component) {
+            case "ak-stage-identification":
+                new IdentificationStage(this, this.challenge).render();
+                return;
+            case "ak-stage-password":
+                new PasswordStage(this, this.challenge).render();
+                return;
+            case "xak-flow-redirect":
+                new RedirectStage(this, this.challenge).render();
+                return;
+            case "ak-stage-autosubmit":
+                new AutosubmitStage(this, this.challenge).render();
+                return;
+            case "ak-stage-authenticator-validate":
+                new AuthenticatorValidateStage(this, this.challenge).render();
+                return;
+            default:
+                this.container.innerText = "Unsupported stage: " + this.challenge?.component;
+                return;
+        }
+    }
+}
+
+export interface FlowInfoChallenge {
+    flowInfo?: ContextualFlowInfo;
+    responseErrors?: {
+        [key: string]: Array<ErrorDetail>;
+    };
+}
+
+class Stage<T extends FlowInfoChallenge> {
+    constructor(
+        public executor: SimpleFlowExecutor,
+        public challenge: T,
+    ) {}
+
+    error(fieldName: string) {
+        if (!this.challenge.responseErrors) {
+            return [];
+        }
+        return this.challenge.responseErrors[fieldName] || [];
+    }
+
+    renderInputError(fieldName: string) {
+        return `${this.error(fieldName)
+            .map((error) => {
+                return `<div class="invalid-feedback">
+                    ${error.string}
+                </div>`;
+            })
+            .join("")}`;
+    }
+
+    renderNonFieldErrors() {
+        return `${this.error("non_field_errors")
+            .map((error) => {
+                return `<div class="alert alert-danger" role="alert">
+                    ${error.string}
+                </div>`;
+            })
+            .join("")}`;
+    }
+
+    html(html: string) {
+        this.executor.container.innerHTML = html;
+    }
+
+    render() {
+        throw new Error("Abstract method");
+    }
+}
+
+class IdentificationStage extends Stage<IdentificationChallenge> {
+    render() {
+        this.html(`
+            <form id="ident-form">
+                <img class="mb-4 brand-icon" src="${ak().brand.branding_logo}" alt="">
+                <h1 class="h3 mb-3 fw-normal text-center">${this.challenge?.flowInfo?.title}</h1>
+                ${
+                    this.challenge.applicationPre
+                        ? `<p>
+                              Login to continue to ${this.challenge.applicationPre}.
+                          </p>`
+                        : ""
+                }
+                <div class="form-label-group my-3 has-validation">
+                    <input type="text" autofocus class="form-control" name="uid_field" placeholder="Email / Username">
+                </div>
+                ${
+                    this.challenge.passwordFields
+                        ? `<div class="form-label-group my-3 has-validation">
+                                <input type="password" class="form-control ${this.error("password").length > 0 ? "is-invalid" : ""}" name="password" placeholder="Password">
+                                ${this.renderInputError("password")}
+                        </div>`
+                        : ""
+                }
+                ${this.renderNonFieldErrors()}
+                <button class="btn btn-primary w-100 py-2" type="submit">${this.challenge.primaryAction}</button>
+            </form>`);
+        $("#ident-form input[name=uid_field]").trigger("focus");
+        $("#ident-form").on("submit", (ev) => {
+            ev.preventDefault();
+            const data = new FormData(ev.target as HTMLFormElement);
+            this.executor.submit(data);
+        });
+    }
+}
+
+class PasswordStage extends Stage<PasswordChallenge> {
+    render() {
+        this.html(`
+            <form id="password-form">
+                <img class="mb-4 brand-icon" src="${ak().brand.branding_logo}" alt="">
+                <h1 class="h3 mb-3 fw-normal text-center">${this.challenge?.flowInfo?.title}</h1>
+                <div class="form-label-group my-3 has-validation">
+                    <input type="password" autofocus class="form-control ${this.error("password").length > 0 ? "is-invalid" : ""}" name="password" placeholder="Password">
+                    ${this.renderInputError("password")}
+                </div>
+                <button class="btn btn-primary w-100 py-2" type="submit">Continue</button>
+            </form>`);
+        $("#password-form input").trigger("focus");
+        $("#password-form").on("submit", (ev) => {
+            ev.preventDefault();
+            const data = new FormData(ev.target as HTMLFormElement);
+            this.executor.submit(data);
+        });
+    }
+}
+
+class RedirectStage extends Stage<RedirectChallenge> {
+    render() {
+        window.location.assign(this.challenge.to);
+    }
+}
+
+class AutosubmitStage extends Stage<AutosubmitChallenge> {
+    render() {
+        this.html(`
+            <form id="autosubmit-form" action="${this.challenge.url}" method="POST">
+                <img class="mb-4 brand-icon" src="${ak().brand.branding_logo}" alt="">
+                <h1 class="h3 mb-3 fw-normal text-center">${this.challenge?.flowInfo?.title}</h1>
+                ${Object.entries(this.challenge.attrs).map(([key, value]) => {
+                    return `<input
+                            type="hidden"
+                            name="${key}"
+                            value="${value}"
+                        />`;
+                })}
+                <div class="d-flex justify-content-center">
+                    <div class="spinner-border" role="status">
+                        <span class="sr-only">Loading...</span>
+                    </div>
+                </div>
+            </form>`);
+        $("#autosubmit-form").submit();
+    }
+}
+
+export interface Assertion {
+    id: string;
+    rawId: string;
+    type: string;
+    registrationClientExtensions: string;
+    response: {
+        clientDataJSON: string;
+        attestationObject: string;
+    };
+}
+
+export interface AuthAssertion {
+    id: string;
+    rawId: string;
+    type: string;
+    assertionClientExtensions: string;
+    response: {
+        clientDataJSON: string;
+        authenticatorData: string;
+        signature: string;
+        userHandle: string | null;
+    };
+}
+
+class AuthenticatorValidateStage extends Stage<AuthenticatorValidationChallenge> {
+    deviceChallenge?: DeviceChallenge;
+
+    b64enc(buf: Uint8Array): string {
+        return fromByteArray(buf).replace(/\+/g, "-").replace(/\//g, "_").replace(/=/g, "");
+    }
+
+    b64RawEnc(buf: Uint8Array): string {
+        return fromByteArray(buf).replace(/\+/g, "-").replace(/\//g, "_");
+    }
+
+    u8arr(input: string): Uint8Array {
+        return Uint8Array.from(atob(input.replace(/_/g, "/").replace(/-/g, "+")), (c) =>
+            c.charCodeAt(0),
+        );
+    }
+
+    checkWebAuthnSupport(): boolean {
+        if ("credentials" in navigator) {
+            return true;
+        }
+        if (window.location.protocol === "http:" && window.location.hostname !== "localhost") {
+            console.warn("WebAuthn requires this page to be accessed via HTTPS.");
+            return false;
+        }
+        console.warn("WebAuthn not supported by browser.");
+        return false;
+    }
+
+    /**
+     * Transforms items in the credentialCreateOptions generated on the server
+     * into byte arrays expected by the navigator.credentials.create() call
+     */
+    transformCredentialCreateOptions(
+        credentialCreateOptions: PublicKeyCredentialCreationOptions,
+        userId: string,
+    ): PublicKeyCredentialCreationOptions {
+        const user = credentialCreateOptions.user;
+        // Because json can't contain raw bytes, the server base64-encodes the User ID
+        // So to get the base64 encoded byte array, we first need to convert it to a regular
+        // string, then a byte array, re-encode it and wrap that in an array.
+        const stringId = decodeURIComponent(window.atob(userId));
+        user.id = this.u8arr(this.b64enc(this.u8arr(stringId)));
+        const challenge = this.u8arr(credentialCreateOptions.challenge.toString());
+
+        const transformedCredentialCreateOptions = Object.assign({}, credentialCreateOptions, {
+            challenge,
+            user,
+        });
+
+        return transformedCredentialCreateOptions;
+    }
+
+    /**
+     * Transforms the binary data in the credential into base64 strings
+     * for posting to the server.
+     * @param {PublicKeyCredential} newAssertion
+     */
+    transformNewAssertionForServer(newAssertion: PublicKeyCredential): Assertion {
+        const attObj = new Uint8Array(
+            (newAssertion.response as AuthenticatorAttestationResponse).attestationObject,
+        );
+        const clientDataJSON = new Uint8Array(newAssertion.response.clientDataJSON);
+        const rawId = new Uint8Array(newAssertion.rawId);
+
+        const registrationClientExtensions = newAssertion.getClientExtensionResults();
+        return {
+            id: newAssertion.id,
+            rawId: this.b64enc(rawId),
+            type: newAssertion.type,
+            registrationClientExtensions: JSON.stringify(registrationClientExtensions),
+            response: {
+                clientDataJSON: this.b64enc(clientDataJSON),
+                attestationObject: this.b64enc(attObj),
+            },
+        };
+    }
+
+    transformCredentialRequestOptions(
+        credentialRequestOptions: PublicKeyCredentialRequestOptions,
+    ): PublicKeyCredentialRequestOptions {
+        const challenge = this.u8arr(credentialRequestOptions.challenge.toString());
+
+        const allowCredentials = (credentialRequestOptions.allowCredentials || []).map(
+            (credentialDescriptor) => {
+                const id = this.u8arr(credentialDescriptor.id.toString());
+                return Object.assign({}, credentialDescriptor, { id });
+            },
+        );
+
+        const transformedCredentialRequestOptions = Object.assign({}, credentialRequestOptions, {
+            challenge,
+            allowCredentials,
+        });
+
+        return transformedCredentialRequestOptions;
+    }
+
+    /**
+     * Encodes the binary data in the assertion into strings for posting to the server.
+     * @param {PublicKeyCredential} newAssertion
+     */
+    transformAssertionForServer(newAssertion: PublicKeyCredential): AuthAssertion {
+        const response = newAssertion.response as AuthenticatorAssertionResponse;
+        const authData = new Uint8Array(response.authenticatorData);
+        const clientDataJSON = new Uint8Array(response.clientDataJSON);
+        const rawId = new Uint8Array(newAssertion.rawId);
+        const sig = new Uint8Array(response.signature);
+        const assertionClientExtensions = newAssertion.getClientExtensionResults();
+
+        return {
+            id: newAssertion.id,
+            rawId: this.b64enc(rawId),
+            type: newAssertion.type,
+            assertionClientExtensions: JSON.stringify(assertionClientExtensions),
+
+            response: {
+                clientDataJSON: this.b64RawEnc(clientDataJSON),
+                signature: this.b64RawEnc(sig),
+                authenticatorData: this.b64RawEnc(authData),
+                userHandle: null,
+            },
+        };
+    }
+
+    render() {
+        if (!this.deviceChallenge) {
+            return this.renderChallengePicker();
+        }
+        switch (this.deviceChallenge.deviceClass) {
+            case "static":
+            case "totp":
+                this.renderCodeInput();
+                break;
+            case "webauthn":
+                this.renderWebauthn();
+                break;
+            default:
+                break;
+        }
+    }
+
+    renderChallengePicker() {
+        const challenges = this.challenge.deviceChallenges.filter((challenge) => {
+            if (challenge.deviceClass === "webauthn") {
+                if (!this.checkWebAuthnSupport()) {
+                    return undefined;
+                }
+            }
+            return challenge;
+        });
+        this.html(`<form id="picker-form">
+                <img class="mb-4 brand-icon" src="${ak().brand.branding_logo}" alt="">
+                <h1 class="h3 mb-3 fw-normal text-center">${this.challenge?.flowInfo?.title}</h1>
+                ${
+                    challenges.length > 0
+                        ? "<p>Select an authentication method.</p>"
+                        : `
+                    <p>No compatible authentication method available</p>
+                    `
+                }
+                ${challenges
+                    .map((challenge) => {
+                        let label = undefined;
+                        switch (challenge.deviceClass) {
+                            case "static":
+                                label = "Recovery keys";
+                                break;
+                            case "totp":
+                                label = "Traditional authenticator";
+                                break;
+                            case "webauthn":
+                                label = "Security key";
+                                break;
+                        }
+                        if (!label) {
+                            return "";
+                        }
+                        return `<div class="form-label-group my-3 has-validation">
+                            <button id="${challenge.deviceClass}-${challenge.deviceUid}" class="btn btn-secondary w-100 py-2" type="button">
+                                ${label}
+                            </button>
+                        </div>`;
+                    })
+                    .join("")}
+            </form>`);
+        this.challenge.deviceChallenges.forEach((challenge) => {
+            $(`#picker-form button#${challenge.deviceClass}-${challenge.deviceUid}`).on(
+                "click",
+                () => {
+                    this.deviceChallenge = challenge;
+                    this.render();
+                },
+            );
+        });
+    }
+
+    renderCodeInput() {
+        this.html(`
+            <form id="totp-form">
+                <img class="mb-4 brand-icon" src="${ak().brand.branding_logo}" alt="">
+                <h1 class="h3 mb-3 fw-normal text-center">${this.challenge?.flowInfo?.title}</h1>
+                <div class="form-label-group my-3 has-validation">
+                    <input type="text" autofocus class="form-control ${this.error("code").length > 0 ? "is-invalid" : ""}" name="code" placeholder="Please enter your code" autocomplete="one-time-code">
+                    ${this.renderInputError("code")}
+                </div>
+                <button class="btn btn-primary w-100 py-2" type="submit">Continue</button>
+            </form>`);
+        $("#totp-form input").trigger("focus");
+        $("#totp-form").on("submit", (ev) => {
+            ev.preventDefault();
+            const data = new FormData(ev.target as HTMLFormElement);
+            this.executor.submit(data);
+        });
+    }
+
+    renderWebauthn() {
+        this.html(`
+            <form id="totp-form">
+                <img class="mb-4 brand-icon" src="${ak().brand.branding_logo}" alt="">
+                <h1 class="h3 mb-3 fw-normal text-center">${this.challenge?.flowInfo?.title}</h1>
+                <div class="d-flex justify-content-center">
+                    <div class="spinner-border" role="status">
+                        <span class="sr-only">Loading...</span>
+                    </div>
+                </div>
+            </form>
+            `);
+        navigator.credentials
+            .get({
+                publicKey: this.transformCredentialRequestOptions(
+                    this.deviceChallenge?.challenge as PublicKeyCredentialRequestOptions,
+                ),
+            })
+            .then((assertion) => {
+                if (!assertion) {
+                    throw new Error("No assertion");
+                }
+                try {
+                    // we now have an authentication assertion! encode the byte arrays contained
+                    // in the assertion data as strings for posting to the server
+                    const transformedAssertionForServer = this.transformAssertionForServer(
+                        assertion as PublicKeyCredential,
+                    );
+
+                    // post the assertion to the server for verification.
+                    this.executor.submit({
+                        webauthn: transformedAssertionForServer,
+                    });
+                } catch (err) {
+                    throw new Error(`Error when validating assertion on server: ${err}`);
+                }
+            })
+            .catch((error) => {
+                console.warn(error);
+                this.deviceChallenge = undefined;
+                this.render();
+            });
+    }
+}
+
+const sfe = new SimpleFlowExecutor($("#flow-sfe-container")[0] as HTMLDivElement);
+sfe.start();

web/sfe/package.json

@@ -0,0 +1,28 @@
+{
+    "name": "@goauthentik/web-sfe",
+    "version": "0.0.0",
+    "private": true,
+    "license": "MIT",
+    "dependencies": {
+        "@goauthentik/api": "^2024.6.0-1719577139",
+        "base64-js": "^1.5.1",
+        "bootstrap": "^4.6.1",
+        "formdata-polyfill": "^4.0.10",
+        "jquery": "^3.7.1",
+        "weakmap-polyfill": "^2.0.4"
+    },
+    "scripts": {
+        "build": "rollup -c rollup.config.js --bundleConfigAsCjs",
+        "watch": "rollup -w -c rollup.config.js --bundleConfigAsCjs"
+    },
+    "devDependencies": {
+        "@rollup/plugin-commonjs": "^26.0.1",
+        "@rollup/plugin-node-resolve": "^15.2.3",
+        "@rollup/plugin-swc": "^0.3.1",
+        "@swc/cli": "^0.4.0",
+        "@swc/core": "^1.6.13",
+        "@types/jquery": "^3.5.30",
+        "rollup": "^4.18.0",
+        "rollup-plugin-copy": "^3.5.0"
+    }
+}

web/sfe/rollup.config.js

@@ -0,0 +1,40 @@
+import commonjs from "@rollup/plugin-commonjs";
+import resolve from "@rollup/plugin-node-resolve";
+import swc from "@rollup/plugin-swc";
+import copy from "rollup-plugin-copy";
+
+export default {
+    input: "index.ts",
+    output: {
+        dir: "../dist/sfe",
+        format: "cjs",
+    },
+    context: "window",
+    plugins: [
+        copy({
+            targets: [
+                { src: "node_modules/bootstrap/dist/css/bootstrap.min.css", dest: "../dist/sfe" },
+            ],
+        }),
+        resolve({ browser: true }),
+        commonjs(),
+        swc({
+            swc: {
+                jsc: {
+                    loose: false,
+                    externalHelpers: false,
+                    // Requires v1.2.50 or upper and requires target to be es2016 or upper.
+                    keepClassNames: false,
+                },
+                minify: false,
+                env: {
+                    targets: {
+                        edge: "17",
+                        ie: "11",
+                    },
+                    mode: "entry",
+                },
+            },
+        }),
+    ],
+};

web/sfe/tsconfig.json

@@ -0,0 +1,7 @@
+{
+    "compilerOptions": {
+        "types": ["jquery"],
+        "esModuleInterop": true,
+        "lib": ["DOM", "ES2015", "ES2017"]
+    },
+}

web/src/admin/admin-overview/AdminOverviewPage.ts

@@ -208,7 +208,14 @@ export class AdminOverviewPage extends AdminOverviewBase {
 
             return html`<li>
                 ${ex(
-                    () => html`<a href="${url}" class="pf-u-mb-xl" target="_blank">${content}</a>`,
+                    () =>
+                        html`<a
+                            href="${url}"
+                            class="pf-u-mb-xl"
+                            rel="noopener noreferrer"
+                            target="_blank"
+                            >${content}</a
+                        >`,
                     () => html`<a href="${url}" class="pf-u-mb-xl" )>${content}</a>`,
                 )}
             </li>`;

web/src/admin/admin-overview/cards/RecentEventsCard.ts

@@ -27,12 +27,10 @@ export class RecentEventsCard extends Table<Event> {
     @property({ type: Number })
     pageSize = 10;
 
-    async apiEndpoint(page: number): Promise<PaginatedResponse<Event>> {
+    async apiEndpoint(): Promise<PaginatedResponse<Event>> {
         return new EventsApi(DEFAULT_CONFIG).eventsEventsList({
-            ordering: this.order,
-            page: page,
+            ...(await this.defaultEndpointConfig()),
             pageSize: this.pageSize,
-            search: this.search || "",
         });
     }
 

web/src/admin/admin-overview/cards/VersionStatusCard.ts

@@ -56,6 +56,6 @@ export class VersionStatusCard extends AdminStatusCard<Version> {
             text = this.value.buildHash?.substring(0, 7);
             link = `https://github.com/goauthentik/authentik/commit/${this.value.buildHash}`;
         }
-        return html`<a href=${link} target="_blank">${text}</a>`;
+        return html`<a rel="noopener noreferrer" href=${link} target="_blank">${text}</a>`;
     }
 }

web/src/admin/applications/ApplicationListPage.ts

@@ -1,7 +1,6 @@
 import "@goauthentik/admin/applications/ApplicationForm";
 import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
 import { PFSize } from "@goauthentik/common/enums.js";
-import { uiConfig } from "@goauthentik/common/ui/config";
 import "@goauthentik/components/ak-app-icon";
 import MDApplication from "@goauthentik/docs/applications/index.md";
 import "@goauthentik/elements/Markdown";
@@ -63,12 +62,9 @@ export class ApplicationListPage extends TablePage<Application> {
     @property()
     order = "name";
 
-    async apiEndpoint(page: number): Promise<PaginatedResponse<Application>> {
+    async apiEndpoint(): Promise<PaginatedResponse<Application>> {
         return new CoreApi(DEFAULT_CONFIG).coreApplicationsList({
-            ordering: this.order,
-            page: page,
-            pageSize: (await uiConfig()).pagination.perPage,
-            search: this.search || "",
+            ...(await this.defaultEndpointConfig()),
             superuserFullList: true,
         });
     }

web/src/admin/applications/ApplicationViewPage.ts

@@ -2,6 +2,7 @@ import "@goauthentik/admin/applications/ApplicationAuthorizeChart";
 import "@goauthentik/admin/applications/ApplicationCheckAccessForm";
 import "@goauthentik/admin/applications/ApplicationForm";
 import "@goauthentik/admin/policies/BoundPoliciesList";
+import "@goauthentik/admin/rbac/ObjectPermissionsPage";
 import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
 import { PFSize } from "@goauthentik/common/enums.js";
 import "@goauthentik/components/ak-app-icon";
@@ -11,7 +12,6 @@ import "@goauthentik/elements/EmptyState";
 import "@goauthentik/elements/PageHeader";
 import "@goauthentik/elements/Tabs";
 import "@goauthentik/elements/buttons/SpinnerButton";
-import "@goauthentik/elements/rbac/ObjectPermissionsPage";
 
 import { msg } from "@lit/localize";
 import { CSSResult, PropertyValues, TemplateResult, html } from "lit";

web/src/admin/applications/ApplicationWizardHint.ts

@@ -85,7 +85,7 @@ export class AkApplicationWizardHint extends AKElement implements ShowHintContro
                     </span>
                     <button
                         aria-disabled="false"
-                        aria-label="Restore Application Wizard Hint "
+                        aria-label=${msg("Restore Application Wizard Hint")}
                         class="pf-c-button pf-m-plain"
                         type="button"
                         data-ouia-safe="true"

web/src/admin/applications/ProviderSelectModal.ts

@@ -1,5 +1,4 @@
 import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
-import { uiConfig } from "@goauthentik/common/ui/config";
 import "@goauthentik/elements/buttons/SpinnerButton";
 import { PaginatedResponse } from "@goauthentik/elements/table/Table";
 import { TableColumn } from "@goauthentik/elements/table/Table";
@@ -28,12 +27,9 @@ export class ProviderSelectModal extends TableModal<Provider> {
 
     order = "name";
 
-    async apiEndpoint(page: number): Promise<PaginatedResponse<Provider>> {
+    async apiEndpoint(): Promise<PaginatedResponse<Provider>> {
         return new ProvidersApi(DEFAULT_CONFIG).providersAllList({
-            ordering: this.order,
-            page: page,
-            pageSize: (await uiConfig()).pagination.perPage,
-            search: this.search || "",
+            ...(await this.defaultEndpointConfig()),
             backchannel: this.backchannel,
         });
     }

web/src/admin/applications/wizard/application/ak-application-wizard-application-details.ts

@@ -67,7 +67,7 @@ export class ApplicationWizardApplicationDetails extends BasePanel {
                 .value=${this.wizard.app?.policyEngineMode}
                 .errorMessages=${this.wizard.errors.app?.policyEngineMode ?? []}
             ></ak-radio-input>
-            <ak-form-group aria-label="UI Settings">
+            <ak-form-group aria-label=${msg("UI Settings")}>
                 <span slot="header"> ${msg("UI Settings")} </span>
                 <div slot="body" class="pf-c-form">
                     <ak-text-input

web/src/admin/applications/wizard/steps.ts

@@ -7,6 +7,7 @@ import {
     SubmitStep,
 } from "@goauthentik/components/ak-wizard-main/commonWizardButtons";
 
+import { msg } from "@lit/localize";
 import { html } from "lit";
 
 import "./application/ak-application-wizard-application-details";
@@ -23,7 +24,7 @@ import { ApplicationStep as ApplicationStepType } from "./types";
 
 class ApplicationStep implements ApplicationStepType {
     id = "application";
-    label = "Application Details";
+    label = msg("Application Details");
     disabled = false;
     valid = false;
     get buttons() {
@@ -36,7 +37,7 @@ class ApplicationStep implements ApplicationStepType {
 
 class ProviderMethodStep implements ApplicationStepType {
     id = "provider-method";
-    label = "Provider Type";
+    label = msg("Provider Type");
     disabled = false;
     valid = false;
 
@@ -53,7 +54,7 @@ class ProviderMethodStep implements ApplicationStepType {
 
 class ProviderStepDetails implements ApplicationStepType {
     id = "provider-details";
-    label = "Provider Configuration";
+    label = msg("Provider Configuration");
     disabled = true;
     valid = false;
     get buttons() {
@@ -67,7 +68,7 @@ class ProviderStepDetails implements ApplicationStepType {
 
 class SubmitApplicationStep implements ApplicationStepType {
     id = "submit";
-    label = "Submit Application";
+    label = msg("Submit Application");
     disabled = true;
     valid = false;
 

web/src/admin/blueprints/BlueprintForm.ts

@@ -157,6 +157,7 @@ export class BlueprintForm extends ModelForm<BlueprintInstance, string> {
                                   ${msg("See more about OCI support here:")}&nbsp;
                                   <a
                                       target="_blank"
+                                      rel="noopener noreferrer"
                                       href="${docLink(
                                           "/developer-docs/blueprints/?utm_source=authentik#storage---oci",
                                       )}"

web/src/admin/blueprints/BlueprintListPage.ts

@@ -1,14 +1,13 @@
 import "@goauthentik/admin/blueprints/BlueprintForm";
+import "@goauthentik/admin/rbac/ObjectPermissionModal";
 import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
 import { EVENT_REFRESH } from "@goauthentik/common/constants";
-import { uiConfig } from "@goauthentik/common/ui/config";
 import { getRelativeTime } from "@goauthentik/common/utils";
 import "@goauthentik/components/ak-status-label";
 import "@goauthentik/elements/buttons/ActionButton";
 import "@goauthentik/elements/buttons/SpinnerButton";
 import "@goauthentik/elements/forms/DeleteBulkForm";
 import "@goauthentik/elements/forms/ModalForm";
-import "@goauthentik/elements/rbac/ObjectPermissionModal";
 import { PaginatedResponse } from "@goauthentik/elements/table/Table";
 import { TableColumn } from "@goauthentik/elements/table/Table";
 import { TablePage } from "@goauthentik/elements/table/TablePage";
@@ -68,13 +67,10 @@ export class BlueprintListPage extends TablePage<BlueprintInstance> {
         return super.styles.concat(PFDescriptionList);
     }
 
-    async apiEndpoint(page: number): Promise<PaginatedResponse<BlueprintInstance>> {
-        return new ManagedApi(DEFAULT_CONFIG).managedBlueprintsList({
-            ordering: this.order,
-            page: page,
-            pageSize: (await uiConfig()).pagination.perPage,
-            search: this.search || "",
-        });
+    async apiEndpoint(): Promise<PaginatedResponse<BlueprintInstance>> {
+        return new ManagedApi(DEFAULT_CONFIG).managedBlueprintsList(
+            await this.defaultEndpointConfig(),
+        );
     }
 
     columns(): TableColumn[] {

web/src/admin/brands/BrandListPage.ts

@@ -1,12 +1,11 @@
 import "@goauthentik/admin/brands/BrandForm";
+import "@goauthentik/admin/rbac/ObjectPermissionModal";
 import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
-import { uiConfig } from "@goauthentik/common/ui/config";
 import "@goauthentik/components/ak-status-label";
 import "@goauthentik/components/ak-status-label";
 import "@goauthentik/elements/buttons/SpinnerButton";
 import "@goauthentik/elements/forms/DeleteBulkForm";
 import "@goauthentik/elements/forms/ModalForm";
-import "@goauthentik/elements/rbac/ObjectPermissionModal";
 import { PaginatedResponse } from "@goauthentik/elements/table/Table";
 import { TableColumn } from "@goauthentik/elements/table/Table";
 import { TablePage } from "@goauthentik/elements/table/TablePage";
@@ -39,13 +38,8 @@ export class BrandListPage extends TablePage<Brand> {
     @property()
     order = "domain";
 
-    async apiEndpoint(page: number): Promise<PaginatedResponse<Brand>> {
-        return new CoreApi(DEFAULT_CONFIG).coreBrandsList({
-            ordering: this.order,
-            page: page,
-            pageSize: (await uiConfig()).pagination.perPage,
-            search: this.search || "",
-        });
+    async apiEndpoint(): Promise<PaginatedResponse<Brand>> {
+        return new CoreApi(DEFAULT_CONFIG).coreBrandsList(await this.defaultEndpointConfig());
     }
 
     columns(): TableColumn[] {

web/src/admin/crypto/CertificateKeyPairListPage.ts

@@ -1,13 +1,12 @@
 import "@goauthentik/admin/crypto/CertificateGenerateForm";
 import "@goauthentik/admin/crypto/CertificateKeyPairForm";
+import "@goauthentik/admin/rbac/ObjectPermissionModal";
 import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
-import { uiConfig } from "@goauthentik/common/ui/config";
 import "@goauthentik/components/ak-status-label";
 import { PFColor } from "@goauthentik/elements/Label";
 import "@goauthentik/elements/buttons/SpinnerButton";
 import "@goauthentik/elements/forms/DeleteBulkForm";
 import "@goauthentik/elements/forms/ModalForm";
-import "@goauthentik/elements/rbac/ObjectPermissionModal";
 import { PaginatedResponse } from "@goauthentik/elements/table/Table";
 import { TableColumn } from "@goauthentik/elements/table/Table";
 import { TablePage } from "@goauthentik/elements/table/TablePage";
@@ -53,13 +52,10 @@ export class CertificateKeyPairListPage extends TablePage<CertificateKeyPair> {
         return super.styles.concat(PFDescriptionList);
     }
 
-    async apiEndpoint(page: number): Promise<PaginatedResponse<CertificateKeyPair>> {
-        return new CryptoApi(DEFAULT_CONFIG).cryptoCertificatekeypairsList({
-            ordering: this.order,
-            page: page,
-            pageSize: (await uiConfig()).pagination.perPage,
-            search: this.search || "",
-        });
+    async apiEndpoint(): Promise<PaginatedResponse<CertificateKeyPair>> {
+        return new CryptoApi(DEFAULT_CONFIG).cryptoCertificatekeypairsList(
+            await this.defaultEndpointConfig(),
+        );
     }
 
     columns(): TableColumn[] {

web/src/admin/enterprise/EnterpriseLicenseListPage.ts

@@ -1,6 +1,6 @@
 import "@goauthentik/admin/enterprise/EnterpriseLicenseForm";
+import "@goauthentik/admin/rbac/ObjectPermissionModal";
 import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
-import { uiConfig } from "@goauthentik/common/ui/config";
 import { getRelativeTime } from "@goauthentik/common/utils";
 import { PFColor } from "@goauthentik/elements/Label";
 import "@goauthentik/elements/Spinner";
@@ -8,7 +8,6 @@ import "@goauthentik/elements/buttons/SpinnerButton";
 import "@goauthentik/elements/cards/AggregateCard";
 import "@goauthentik/elements/forms/DeleteBulkForm";
 import "@goauthentik/elements/forms/ModalForm";
-import "@goauthentik/elements/rbac/ObjectPermissionModal";
 import { PaginatedResponse } from "@goauthentik/elements/table/Table";
 import { TableColumn } from "@goauthentik/elements/table/Table";
 import { TablePage } from "@goauthentik/elements/table/TablePage";
@@ -82,18 +81,15 @@ export class EnterpriseLicenseListPage extends TablePage<License> {
         );
     }
 
-    async apiEndpoint(page: number): Promise<PaginatedResponse<License>> {
+    async apiEndpoint(): Promise<PaginatedResponse<License>> {
         this.forecast = await new EnterpriseApi(DEFAULT_CONFIG).enterpriseLicenseForecastRetrieve();
         this.summary = await new EnterpriseApi(DEFAULT_CONFIG).enterpriseLicenseSummaryRetrieve();
         this.installID = (
             await new EnterpriseApi(DEFAULT_CONFIG).enterpriseLicenseGetInstallIdRetrieve()
         ).installId;
-        return new EnterpriseApi(DEFAULT_CONFIG).enterpriseLicenseList({
-            ordering: this.order,
-            page: page,
-            pageSize: (await uiConfig()).pagination.perPage,
-            search: this.search || "",
-        });
+        return new EnterpriseApi(DEFAULT_CONFIG).enterpriseLicenseList(
+            await this.defaultEndpointConfig(),
+        );
     }
 
     columns(): TableColumn[] {

web/src/admin/events/EventListPage.ts

@@ -3,7 +3,6 @@ import { EventGeo, EventUser } from "@goauthentik/admin/events/utils";
 import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
 import { EventWithContext } from "@goauthentik/common/events";
 import { actionToLabel } from "@goauthentik/common/labels";
-import { uiConfig } from "@goauthentik/common/ui/config";
 import { getRelativeTime } from "@goauthentik/common/utils";
 import "@goauthentik/components/ak-event-info";
 import { PaginatedResponse } from "@goauthentik/elements/table/Table";
@@ -45,13 +44,8 @@ export class EventListPage extends TablePage<Event> {
         `);
     }
 
-    async apiEndpoint(page: number): Promise<PaginatedResponse<Event>> {
-        return new EventsApi(DEFAULT_CONFIG).eventsEventsList({
-            ordering: this.order,
-            page: page,
-            pageSize: (await uiConfig()).pagination.perPage,
-            search: this.search || "",
-        });
+    async apiEndpoint(): Promise<PaginatedResponse<Event>> {
+        return new EventsApi(DEFAULT_CONFIG).eventsEventsList(await this.defaultEndpointConfig());
     }
 
     columns(): TableColumn[] {

web/src/admin/events/RuleListPage.ts

@@ -1,13 +1,11 @@
 import "@goauthentik/admin/events/RuleForm";
 import "@goauthentik/admin/policies/BoundPoliciesList";
+import "@goauthentik/admin/rbac/ObjectPermissionModal";
 import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
 import { severityToLabel } from "@goauthentik/common/labels";
-import { uiConfig } from "@goauthentik/common/ui/config";
 import "@goauthentik/elements/buttons/SpinnerButton";
 import "@goauthentik/elements/forms/DeleteBulkForm";
 import "@goauthentik/elements/forms/ModalForm";
-import "@goauthentik/elements/rbac/ObjectPermissionModal";
-import "@goauthentik/elements/rbac/ObjectPermissionModal";
 import { PaginatedResponse } from "@goauthentik/elements/table/Table";
 import { TableColumn } from "@goauthentik/elements/table/Table";
 import { TablePage } from "@goauthentik/elements/table/TablePage";
@@ -47,13 +45,8 @@ export class RuleListPage extends TablePage<NotificationRule> {
     @property()
     order = "name";
 
-    async apiEndpoint(page: number): Promise<PaginatedResponse<NotificationRule>> {
-        return new EventsApi(DEFAULT_CONFIG).eventsRulesList({
-            ordering: this.order,
-            page: page,
-            pageSize: (await uiConfig()).pagination.perPage,
-            search: this.search || "",
-        });
+    async apiEndpoint(): Promise<PaginatedResponse<NotificationRule>> {
+        return new EventsApi(DEFAULT_CONFIG).eventsRulesList(await this.defaultEndpointConfig());
     }
 
     columns(): TableColumn[] {

web/src/admin/events/TransportListPage.ts

@@ -1,12 +1,10 @@
 import "@goauthentik/admin/events/TransportForm";
+import "@goauthentik/admin/rbac/ObjectPermissionModal";
 import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
-import { uiConfig } from "@goauthentik/common/ui/config";
 import "@goauthentik/elements/buttons/ActionButton";
 import "@goauthentik/elements/buttons/SpinnerButton";
 import "@goauthentik/elements/forms/DeleteBulkForm";
 import "@goauthentik/elements/forms/ModalForm";
-import "@goauthentik/elements/rbac/ObjectPermissionModal";
-import "@goauthentik/elements/rbac/ObjectPermissionModal";
 import { PaginatedResponse } from "@goauthentik/elements/table/Table";
 import { TableColumn } from "@goauthentik/elements/table/Table";
 import { TablePage } from "@goauthentik/elements/table/TablePage";
@@ -43,13 +41,10 @@ export class TransportListPage extends TablePage<NotificationTransport> {
     @property()
     order = "name";
 
-    async apiEndpoint(page: number): Promise<PaginatedResponse<NotificationTransport>> {
-        return new EventsApi(DEFAULT_CONFIG).eventsTransportsList({
-            ordering: this.order,
-            page: page,
-            pageSize: (await uiConfig()).pagination.perPage,
-            search: this.search || "",
-        });
+    async apiEndpoint(): Promise<PaginatedResponse<NotificationTransport>> {
+        return new EventsApi(DEFAULT_CONFIG).eventsTransportsList(
+            await this.defaultEndpointConfig(),
+        );
     }
 
     columns(): TableColumn[] {

web/src/admin/flows/BoundStagesList.ts

@@ -2,7 +2,6 @@ import "@goauthentik/admin/flows/StageBindingForm";
 import "@goauthentik/admin/policies/BoundPoliciesList";
 import "@goauthentik/admin/stages/StageWizard";
 import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
-import { uiConfig } from "@goauthentik/common/ui/config";
 import "@goauthentik/elements/Tabs";
 import "@goauthentik/elements/forms/DeleteBulkForm";
 import "@goauthentik/elements/forms/ModalForm";
@@ -28,12 +27,10 @@ export class BoundStagesList extends Table<FlowStageBinding> {
     @property()
     target?: string;
 
-    async apiEndpoint(page: number): Promise<PaginatedResponse<FlowStageBinding>> {
+    async apiEndpoint(): Promise<PaginatedResponse<FlowStageBinding>> {
         return new FlowsApi(DEFAULT_CONFIG).flowsBindingsList({
+            ...(await this.defaultEndpointConfig()),
             target: this.target || "",
-            ordering: this.order,
-            page: page,
-            pageSize: (await uiConfig()).pagination.perPage,
         });
     }
 

web/src/admin/flows/FlowListPage.ts

@@ -2,7 +2,6 @@ import "@goauthentik/admin/flows/FlowForm";
 import "@goauthentik/admin/flows/FlowImportForm";
 import { DesignationToLabel } from "@goauthentik/admin/flows/utils";
 import { AndNext, DEFAULT_CONFIG } from "@goauthentik/common/api/config";
-import { uiConfig } from "@goauthentik/common/ui/config";
 import { groupBy } from "@goauthentik/common/utils";
 import "@goauthentik/elements/buttons/SpinnerButton";
 import "@goauthentik/elements/forms/ConfirmationForm";
@@ -42,13 +41,8 @@ export class FlowListPage extends TablePage<Flow> {
     @property()
     order = "slug";
 
-    async apiEndpoint(page: number): Promise<PaginatedResponse<Flow>> {
-        return new FlowsApi(DEFAULT_CONFIG).flowsInstancesList({
-            ordering: this.order,
-            page: page,
-            pageSize: (await uiConfig()).pagination.perPage,
-            search: this.search || "",
-        });
+    async apiEndpoint(): Promise<PaginatedResponse<Flow>> {
+        return new FlowsApi(DEFAULT_CONFIG).flowsInstancesList(await this.defaultEndpointConfig());
     }
 
     groupBy(items: Flow[]): [string, Flow[]][] {

web/src/admin/flows/FlowViewPage.ts

@@ -3,13 +3,13 @@ import "@goauthentik/admin/flows/FlowDiagram";
 import "@goauthentik/admin/flows/FlowForm";
 import { DesignationToLabel } from "@goauthentik/admin/flows/utils";
 import "@goauthentik/admin/policies/BoundPoliciesList";
+import "@goauthentik/admin/rbac/ObjectPermissionsPage";
 import { AndNext, DEFAULT_CONFIG } from "@goauthentik/common/api/config";
 import "@goauthentik/components/events/ObjectChangelog";
 import { AKElement } from "@goauthentik/elements/Base";
 import "@goauthentik/elements/PageHeader";
 import "@goauthentik/elements/Tabs";
 import "@goauthentik/elements/buttons/SpinnerButton";
-import "@goauthentik/elements/rbac/ObjectPermissionsPage";
 
 import { msg } from "@lit/localize";
 import { CSSResult, PropertyValues, TemplateResult, css, html } from "lit";

web/src/admin/groups/GroupListPage.ts

@@ -1,6 +1,5 @@
 import "@goauthentik/admin/groups/GroupForm";
 import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
-import { uiConfig } from "@goauthentik/common/ui/config";
 import "@goauthentik/components/ak-status-label";
 import "@goauthentik/elements/buttons/SpinnerButton";
 import "@goauthentik/elements/forms/DeleteBulkForm";
@@ -36,12 +35,9 @@ export class GroupListPage extends TablePage<Group> {
     @property()
     order = "name";
 
-    async apiEndpoint(page: number): Promise<PaginatedResponse<Group>> {
+    async apiEndpoint(): Promise<PaginatedResponse<Group>> {
         return new CoreApi(DEFAULT_CONFIG).coreGroupsList({
-            ordering: this.order,
-            page: page,
-            pageSize: (await uiConfig()).pagination.perPage,
-            search: this.search || "",
+            ...(await this.defaultEndpointConfig()),
             includeUsers: false,
         });
     }

web/src/admin/groups/GroupViewPage.ts

@@ -1,5 +1,6 @@
 import "@goauthentik/admin/groups/GroupForm";
 import "@goauthentik/admin/groups/RelatedUserList";
+import "@goauthentik/admin/rbac/ObjectPermissionsPage";
 import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
 import { EVENT_REFRESH } from "@goauthentik/common/constants";
 import "@goauthentik/components/ak-status-label";
@@ -11,7 +12,6 @@ import "@goauthentik/elements/Tabs";
 import "@goauthentik/elements/buttons/ActionButton";
 import "@goauthentik/elements/buttons/SpinnerButton";
 import "@goauthentik/elements/forms/ModalForm";
-import "@goauthentik/elements/rbac/ObjectPermissionsPage";
 
 import { msg, str } from "@lit/localize";
 import { CSSResult, TemplateResult, html } from "lit";

web/src/admin/groups/MemberSelectModal.ts

@@ -1,5 +1,4 @@
 import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
-import { uiConfig } from "@goauthentik/common/ui/config";
 import { getRelativeTime } from "@goauthentik/common/utils";
 import "@goauthentik/components/ak-status-label";
 import "@goauthentik/elements/buttons/SpinnerButton";
@@ -27,12 +26,9 @@ export class MemberSelectTable extends TableModal<User> {
 
     order = "username";
 
-    async apiEndpoint(page: number): Promise<PaginatedResponse<User>> {
+    async apiEndpoint(): Promise<PaginatedResponse<User>> {
         return new CoreApi(DEFAULT_CONFIG).coreUsersList({
-            ordering: this.order,
-            page: page,
-            pageSize: (await uiConfig()).pagination.perPage,
-            search: this.search || "",
+            ...(await this.defaultEndpointConfig()),
             includeGroups: false,
         });
     }

web/src/admin/groups/RelatedGroupList.ts

@@ -2,7 +2,6 @@ import "@goauthentik/admin/groups/GroupForm";
 import "@goauthentik/admin/groups/GroupForm";
 import "@goauthentik/admin/users/GroupSelectModal";
 import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
-import { uiConfig } from "@goauthentik/common/ui/config";
 import "@goauthentik/components/ak-status-label";
 import "@goauthentik/elements/buttons/SpinnerButton";
 import "@goauthentik/elements/forms/DeleteBulkForm";
@@ -98,12 +97,9 @@ export class RelatedGroupList extends Table<Group> {
     @property({ attribute: false })
     targetUser?: User;
 
-    async apiEndpoint(page: number): Promise<PaginatedResponse<Group>> {
+    async apiEndpoint(): Promise<PaginatedResponse<Group>> {
         return new CoreApi(DEFAULT_CONFIG).coreGroupsList({
-            ordering: this.order,
-            page: page,
-            pageSize: (await uiConfig()).pagination.perPage,
-            search: this.search || "",
+            ...(await this.defaultEndpointConfig()),
             membersByPk: this.targetUser ? [this.targetUser.pk] : [],
             includeUsers: false,
         });

web/src/admin/groups/RelatedUserList.ts

@@ -5,7 +5,6 @@ import "@goauthentik/admin/users/UserPasswordForm";
 import "@goauthentik/admin/users/UserResetEmailForm";
 import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
 import { MessageLevel } from "@goauthentik/common/messages";
-import { uiConfig } from "@goauthentik/common/ui/config";
 import { me } from "@goauthentik/common/users";
 import { getRelativeTime } from "@goauthentik/common/utils";
 import "@goauthentik/components/ak-status-label";
@@ -135,12 +134,9 @@ export class RelatedUserList extends WithBrandConfig(WithCapabilitiesConfig(Tabl
         return super.styles.concat(PFDescriptionList, PFAlert, PFBanner);
     }
 
-    async apiEndpoint(page: number): Promise<PaginatedResponse<User>> {
+    async apiEndpoint(): Promise<PaginatedResponse<User>> {
         const users = await new CoreApi(DEFAULT_CONFIG).coreUsersList({
-            ordering: this.order,
-            page: page,
-            pageSize: (await uiConfig()).pagination.perPage,
-            search: this.search || "",
+            ...(await this.defaultEndpointConfig()),
             groupsByPk: this.targetGroup ? [this.targetGroup.pk] : [],
             type: this.hideServiceAccounts
                 ? [CoreUsersListTypeEnum.External, CoreUsersListTypeEnum.Internal]

web/src/admin/outposts/OutpostDeploymentModal.ts

@@ -23,6 +23,7 @@ export class OutpostDeploymentModal extends ModalButton {
                     <a
                         target="_blank"
                         href="${docLink("/docs/outposts?utm_source=authentik#deploy")}"
+                        rel="noopener noreferrer"
                         >${msg("View deployment documentation")}</a
                     >
                 </p>

web/src/admin/outposts/OutpostForm.ts

@@ -210,9 +210,11 @@ export class OutpostForm extends ModelForm<Outpost, string> {
                     )}
                 </p>
                 <p class="pf-c-form__helper-text">
-                    See
-                    <a target="_blank" href="${docLink("/docs/outposts?utm_source=authentik")}"
-                        >documentation</a
+                    <a
+                        target="_blank"
+                        rel="noopener noreferrer"
+                        href="${docLink("/docs/outposts?utm_source=authentik")}"
+                        >${msg("See documentation")}</a
                     >.
                 </p>
             </ak-form-element-horizontal>
@@ -228,7 +230,7 @@ export class OutpostForm extends ModelForm<Outpost, string> {
                     selected-label="${msg("Selected Applications")}"
                 ></ak-dual-select-provider>
             </ak-form-element-horizontal>
-            <ak-form-group aria-label="Advanced settings">
+            <ak-form-group aria-label=${msg("Advanced settings")}>
                 <span slot="header"> ${msg("Advanced settings")} </span>
                 <div slot="body" class="pf-c-form">
                     <ak-form-element-horizontal label=${msg("Configuration")} name="config">
@@ -245,6 +247,7 @@ export class OutpostForm extends ModelForm<Outpost, string> {
                             ${msg("See more here:")}&nbsp;
                             <a
                                 target="_blank"
+                                rel="noopener noreferrer"
                                 href="${docLink(
                                     "/docs/outposts?utm_source=authentik#configuration",
                                 )}"

web/src/admin/outposts/OutpostListPage.ts

@@ -3,14 +3,13 @@ import "@goauthentik/admin/outposts/OutpostDeploymentModal";
 import "@goauthentik/admin/outposts/OutpostForm";
 import "@goauthentik/admin/outposts/OutpostHealth";
 import "@goauthentik/admin/outposts/OutpostHealthSimple";
+import "@goauthentik/admin/rbac/ObjectPermissionModal";
 import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
 import { PFSize } from "@goauthentik/common/enums.js";
-import { uiConfig } from "@goauthentik/common/ui/config";
 import { PFColor } from "@goauthentik/elements/Label";
 import "@goauthentik/elements/buttons/SpinnerButton";
 import "@goauthentik/elements/forms/DeleteBulkForm";
 import "@goauthentik/elements/forms/ModalForm";
-import "@goauthentik/elements/rbac/ObjectPermissionModal";
 import { PaginatedResponse } from "@goauthentik/elements/table/Table";
 import { TableColumn } from "@goauthentik/elements/table/Table";
 import { TablePage } from "@goauthentik/elements/table/TablePage";
@@ -67,13 +66,10 @@ export class OutpostListPage extends TablePage<Outpost> {
         return true;
     }
 
-    async apiEndpoint(page: number): Promise<PaginatedResponse<Outpost>> {
-        const outposts = await new OutpostsApi(DEFAULT_CONFIG).outpostsInstancesList({
-            ordering: this.order,
-            page: page,
-            pageSize: (await uiConfig()).pagination.perPage,
-            search: this.search || "",
-        });
+    async apiEndpoint(): Promise<PaginatedResponse<Outpost>> {
+        const outposts = await new OutpostsApi(DEFAULT_CONFIG).outpostsInstancesList(
+            await this.defaultEndpointConfig(),
+        );
         Promise.all(
             outposts.results.map((outpost) => {
                 return new OutpostsApi(DEFAULT_CONFIG)

web/src/admin/outposts/ServiceConnectionListPage.ts

@@ -2,15 +2,14 @@ import "@goauthentik/admin/outposts/OutpostHealth";
 import "@goauthentik/admin/outposts/ServiceConnectionDockerForm";
 import "@goauthentik/admin/outposts/ServiceConnectionKubernetesForm";
 import "@goauthentik/admin/outposts/ServiceConnectionWizard";
+import "@goauthentik/admin/rbac/ObjectPermissionModal";
 import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
-import { uiConfig } from "@goauthentik/common/ui/config";
 import "@goauthentik/components/ak-status-label";
 import { PFColor } from "@goauthentik/elements/Label";
 import "@goauthentik/elements/buttons/SpinnerButton";
 import "@goauthentik/elements/forms/DeleteBulkForm";
 import "@goauthentik/elements/forms/ModalForm";
 import "@goauthentik/elements/forms/ProxyForm";
-import "@goauthentik/elements/rbac/ObjectPermissionModal";
 import { PaginatedResponse } from "@goauthentik/elements/table/Table";
 import { TableColumn } from "@goauthentik/elements/table/Table";
 import { TablePage } from "@goauthentik/elements/table/TablePage";
@@ -26,10 +25,12 @@ import { OutpostsApi, ServiceConnection, ServiceConnectionState } from "@goauthe
 @customElement("ak-outpost-service-connection-list")
 export class OutpostServiceConnectionListPage extends TablePage<ServiceConnection> {
     pageTitle(): string {
-        return "Outpost integrations";
+        return msg("Outpost integrations");
     }
     pageDescription(): string | undefined {
-        return "Outpost integrations define how authentik connects to external platforms to manage and deploy Outposts.";
+        return msg(
+            "Outpost integrations define how authentik connects to external platforms to manage and deploy Outposts.",
+        );
     }
     pageIcon(): string {
         return "pf-icon pf-icon-integration";
@@ -41,14 +42,9 @@ export class OutpostServiceConnectionListPage extends TablePage<ServiceConnectio
     checkbox = true;
     clearOnRefresh = true;
 
-    async apiEndpoint(page: number): Promise<PaginatedResponse<ServiceConnection>> {
+    async apiEndpoint(): Promise<PaginatedResponse<ServiceConnection>> {
         const connections = await new OutpostsApi(DEFAULT_CONFIG).outpostsServiceConnectionsAllList(
-            {
-                ordering: this.order,
-                page: page,
-                pageSize: (await uiConfig()).pagination.perPage,
-                search: this.search || "",
-            },
+            await this.defaultEndpointConfig(),
         );
         Promise.all(
             connections.results.map((connection) => {

web/src/admin/policies/BoundPoliciesList.ts

@@ -4,7 +4,6 @@ import "@goauthentik/admin/policies/PolicyWizard";
 import "@goauthentik/admin/users/UserForm";
 import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
 import { PFSize } from "@goauthentik/common/enums.js";
-import { uiConfig } from "@goauthentik/common/ui/config";
 import "@goauthentik/components/ak-status-label";
 import "@goauthentik/elements/Tabs";
 import "@goauthentik/elements/forms/DeleteBulkForm";
@@ -33,12 +32,10 @@ export class BoundPoliciesList extends Table<PolicyBinding> {
 
     order = "order";
 
-    async apiEndpoint(page: number): Promise<PaginatedResponse<PolicyBinding>> {
+    async apiEndpoint(): Promise<PaginatedResponse<PolicyBinding>> {
         return new PoliciesApi(DEFAULT_CONFIG).policiesBindingsList({
+            ...(await this.defaultEndpointConfig()),
             target: this.target || "",
-            ordering: this.order,
-            page: page,
-            pageSize: (await uiConfig()).pagination.perPage,
         });
     }
 

web/src/admin/policies/PolicyListPage.ts

@@ -6,14 +6,13 @@ import "@goauthentik/admin/policies/expiry/ExpiryPolicyForm";
 import "@goauthentik/admin/policies/expression/ExpressionPolicyForm";
 import "@goauthentik/admin/policies/password/PasswordPolicyForm";
 import "@goauthentik/admin/policies/reputation/ReputationPolicyForm";
+import "@goauthentik/admin/rbac/ObjectPermissionModal";
 import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
-import { uiConfig } from "@goauthentik/common/ui/config";
 import { PFColor } from "@goauthentik/elements/Label";
 import "@goauthentik/elements/forms/ConfirmationForm";
 import "@goauthentik/elements/forms/DeleteBulkForm";
 import "@goauthentik/elements/forms/ModalForm";
 import "@goauthentik/elements/forms/ProxyForm";
-import "@goauthentik/elements/rbac/ObjectPermissionModal";
 import { PaginatedResponse } from "@goauthentik/elements/table/Table";
 import { TableColumn } from "@goauthentik/elements/table/Table";
 import { TablePage } from "@goauthentik/elements/table/TablePage";
@@ -49,13 +48,8 @@ export class PolicyListPage extends TablePage<Policy> {
     @property()
     order = "name";
 
-    async apiEndpoint(page: number): Promise<PaginatedResponse<Policy>> {
-        return new PoliciesApi(DEFAULT_CONFIG).policiesAllList({
-            ordering: this.order,
-            page: page,
-            pageSize: (await uiConfig()).pagination.perPage,
-            search: this.search || "",
-        });
+    async apiEndpoint(): Promise<PaginatedResponse<Policy>> {
+        return new PoliciesApi(DEFAULT_CONFIG).policiesAllList(await this.defaultEndpointConfig());
     }
 
     columns(): TableColumn[] {

web/src/admin/policies/expression/ExpressionPolicyForm.ts

@@ -85,6 +85,7 @@ export class ExpressionPolicyForm extends BasePolicyForm<ExpressionPolicy> {
                         <p class="pf-c-form__helper-text">
                             ${msg("Expression using Python.")}
                             <a
+                                rel="noopener noreferrer"
                                 target="_blank"
                                 href="${docLink("/docs/policies/expression?utm_source=authentik")}"
                             >

web/src/admin/policies/reputation/ReputationListPage.ts

@@ -1,11 +1,10 @@
+import "@goauthentik/admin/rbac/ObjectPermissionModal";
 import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
-import { uiConfig } from "@goauthentik/common/ui/config";
 import { getRelativeTime } from "@goauthentik/common/utils";
 import "@goauthentik/elements/buttons/ModalButton";
 import "@goauthentik/elements/buttons/SpinnerButton";
 import "@goauthentik/elements/forms/DeleteBulkForm";
 import "@goauthentik/elements/forms/ModalForm";
-import "@goauthentik/elements/rbac/ObjectPermissionModal";
 import { PaginatedResponse } from "@goauthentik/elements/table/Table";
 import { TableColumn } from "@goauthentik/elements/table/Table";
 import { TablePage } from "@goauthentik/elements/table/TablePage";
@@ -44,12 +43,9 @@ export class ReputationListPage extends TablePage<Reputation> {
     checkbox = true;
     clearOnRefresh = true;
 
-    async apiEndpoint(page: number): Promise<PaginatedResponse<Reputation>> {
+    async apiEndpoint(): Promise<PaginatedResponse<Reputation>> {
         return new PoliciesApi(DEFAULT_CONFIG).policiesReputationScoresList({
-            ordering: this.order,
-            page: page,
-            pageSize: (await uiConfig()).pagination.perPage,
-            search: this.search || "",
+            ...(await this.defaultEndpointConfig()),
         });
     }
 

web/src/admin/property-mappings/PropertyMappingGoogleWorkspaceForm.ts

@@ -62,6 +62,7 @@ export class PropertyMappingGoogleWorkspaceForm extends BasePropertyMappingForm<
                     ${msg("Expression using Python.")}
                     <a
                         target="_blank"
+                        rel="noopener noreferrer"
                         href="${docLink("/docs/property-mappings/expression?utm_source=authentik")}"
                     >
                         ${msg("See documentation for a list of all variables.")}

web/src/admin/property-mappings/PropertyMappingLDAPForm.ts

@@ -71,6 +71,7 @@ export class PropertyMappingLDAPForm extends BasePropertyMappingForm<LDAPPropert
                     ${msg("Expression using Python.")}
                     <a
                         target="_blank"
+                        rel="noopener noreferrer"
                         href="${docLink("/docs/property-mappings/expression?utm_source=authentik")}"
                     >
                         ${msg("See documentation for a list of all variables.")}

web/src/admin/property-mappings/PropertyMappingListPage.ts

@@ -8,12 +8,11 @@ import "@goauthentik/admin/property-mappings/PropertyMappingSCIMForm";
 import "@goauthentik/admin/property-mappings/PropertyMappingScopeForm";
 import "@goauthentik/admin/property-mappings/PropertyMappingTestForm";
 import "@goauthentik/admin/property-mappings/PropertyMappingWizard";
+import "@goauthentik/admin/rbac/ObjectPermissionModal";
 import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
-import { uiConfig } from "@goauthentik/common/ui/config";
 import "@goauthentik/elements/forms/DeleteBulkForm";
 import "@goauthentik/elements/forms/ModalForm";
 import "@goauthentik/elements/forms/ProxyForm";
-import "@goauthentik/elements/rbac/ObjectPermissionModal";
 import { getURLParam, updateURLParams } from "@goauthentik/elements/router/RouteMatch";
 import { PaginatedResponse } from "@goauthentik/elements/table/Table";
 import { TableColumn } from "@goauthentik/elements/table/Table";
@@ -51,12 +50,9 @@ export class PropertyMappingListPage extends TablePage<PropertyMapping> {
     @state()
     hideManaged = getURLParam<boolean>("hideManaged", true);
 
-    async apiEndpoint(page: number): Promise<PaginatedResponse<PropertyMapping>> {
+    async apiEndpoint(): Promise<PaginatedResponse<PropertyMapping>> {
         return new PropertymappingsApi(DEFAULT_CONFIG).propertymappingsAllList({
-            ordering: this.order,
-            page: page,
-            pageSize: (await uiConfig()).pagination.perPage,
-            search: this.search || "",
+            ...(await this.defaultEndpointConfig()),
             managedIsnull: this.hideManaged ? true : undefined,
         });
     }

web/src/admin/property-mappings/PropertyMappingMicrosoftEntraForm.ts

@@ -62,6 +62,7 @@ export class PropertyMappingMicrosoftEntraForm extends BasePropertyMappingForm<M
                     ${msg("Expression using Python.")}
                     <a
                         target="_blank"
+                        rel="noopener noreferrer"
                         href="${docLink("/docs/property-mappings/expression?utm_source=authentik")}"
                     >
                         ${msg("See documentation for a list of all variables.")}

web/src/admin/property-mappings/PropertyMappingNotification.ts

@@ -62,6 +62,7 @@ export class PropertyMappingNotification extends ModelForm<NotificationWebhookMa
                     ${msg("Expression using Python.")}
                     <a
                         target="_blank"
+                        rel="noopener noreferrer"
                         href="${docLink("/docs/property-mappings/expression?utm_source=authentik")}"
                     >
                         ${msg("See documentation for a list of all variables.")}

web/src/admin/property-mappings/PropertyMappingRACForm.ts

@@ -160,6 +160,7 @@ export class PropertyMappingLDAPForm extends ModelForm<RACPropertyMapping, strin
                             ${msg("Expression using Python.")}
                             <a
                                 target="_blank"
+                                rel="noopener noreferrer"
                                 href="${docLink(
                                     "/docs/property-mappings/expression?utm_source=authentik",
                                 )}"

web/src/admin/property-mappings/PropertyMappingSAMLForm.ts

@@ -83,6 +83,7 @@ export class PropertyMappingSAMLForm extends BasePropertyMappingForm<SAMLPropert
                     ${msg("Expression using Python.")}
                     <a
                         target="_blank"
+                        rel="noopener noreferrer"
                         href="${docLink("/docs/property-mappings/expression?utm_source=authentik")}"
                     >
                         ${msg("See documentation for a list of all variables.")}

web/src/admin/property-mappings/PropertyMappingSCIMForm.ts

@@ -56,6 +56,7 @@ export class PropertyMappingSCIMForm extends BasePropertyMappingForm<SCIMMapping
                     ${msg("Expression using Python.")}
                     <a
                         target="_blank"
+                        rel="noopener noreferrer"
                         href="${docLink("/docs/property-mappings/expression?utm_source=authentik")}"
                     >
                         ${msg("See documentation for a list of all variables.")}

web/src/admin/property-mappings/PropertyMappingScopeForm.ts

@@ -83,6 +83,7 @@ export class PropertyMappingScopeForm extends BasePropertyMappingForm<ScopeMappi
                     ${msg("Expression using Python.")}
                     <a
                         target="_blank"
+                        rel="noopener noreferrer"
                         href="${docLink("/docs/property-mappings/expression?utm_source=authentik")}"
                     >
                         ${msg("See documentation for a list of all variables.")}

web/src/admin/providers/ProviderListPage.ts

@@ -10,7 +10,6 @@ import "@goauthentik/admin/providers/radius/RadiusProviderForm";
 import "@goauthentik/admin/providers/saml/SAMLProviderForm";
 import "@goauthentik/admin/providers/scim/SCIMProviderForm";
 import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
-import { uiConfig } from "@goauthentik/common/ui/config";
 import "@goauthentik/elements/buttons/SpinnerButton";
 import "@goauthentik/elements/forms/DeleteBulkForm";
 import "@goauthentik/elements/forms/ModalForm";
@@ -47,13 +46,10 @@ export class ProviderListPage extends TablePage<Provider> {
     @property()
     order = "name";
 
-    async apiEndpoint(page: number): Promise<PaginatedResponse<Provider>> {
-        return new ProvidersApi(DEFAULT_CONFIG).providersAllList({
-            ordering: this.order,
-            page: page,
-            pageSize: (await uiConfig()).pagination.perPage,
-            search: this.search || "",
-        });
+    async apiEndpoint(): Promise<PaginatedResponse<Provider>> {
+        return new ProvidersApi(DEFAULT_CONFIG).providersAllList(
+            await this.defaultEndpointConfig(),
+        );
     }
 
     columns(): TableColumn[] {

web/src/admin/providers/google_workspace/GoogleWorkspaceProviderGroupList.ts

@@ -1,5 +1,4 @@
 import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
-import { uiConfig } from "@goauthentik/common/ui/config";
 import "@goauthentik/elements/forms/DeleteBulkForm";
 import { PaginatedResponse, Table, TableColumn } from "@goauthentik/elements/table/Table";
 
@@ -40,12 +39,9 @@ export class GoogleWorkspaceProviderGroupList extends Table<GoogleWorkspaceProvi
         </ak-forms-delete-bulk>`;
     }
 
-    async apiEndpoint(page: number): Promise<PaginatedResponse<GoogleWorkspaceProviderGroup>> {
+    async apiEndpoint(): Promise<PaginatedResponse<GoogleWorkspaceProviderGroup>> {
         return new ProvidersApi(DEFAULT_CONFIG).providersGoogleWorkspaceGroupsList({
-            page: page,
-            pageSize: (await uiConfig()).pagination.perPage,
-            ordering: this.order,
-            search: this.search || "",
+            ...(await this.defaultEndpointConfig()),
             providerId: this.providerId,
         });
     }

web/src/admin/providers/google_workspace/GoogleWorkspaceProviderUserList.ts

@@ -1,5 +1,4 @@
 import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
-import { uiConfig } from "@goauthentik/common/ui/config";
 import "@goauthentik/elements/forms/DeleteBulkForm";
 import { PaginatedResponse, Table, TableColumn } from "@goauthentik/elements/table/Table";
 
@@ -40,12 +39,9 @@ export class GoogleWorkspaceProviderUserList extends Table<GoogleWorkspaceProvid
         </ak-forms-delete-bulk>`;
     }
 
-    async apiEndpoint(page: number): Promise<PaginatedResponse<GoogleWorkspaceProviderUser>> {
+    async apiEndpoint(): Promise<PaginatedResponse<GoogleWorkspaceProviderUser>> {
         return new ProvidersApi(DEFAULT_CONFIG).providersGoogleWorkspaceUsersList({
-            page: page,
-            pageSize: (await uiConfig()).pagination.perPage,
-            ordering: this.order,
-            search: this.search || "",
+            ...(await this.defaultEndpointConfig()),
             providerId: this.providerId,
         });
     }

web/src/admin/providers/google_workspace/GoogleWorkspaceProviderViewPage.ts

@@ -1,6 +1,7 @@
 import "@goauthentik/admin/providers/google_workspace/GoogleWorkspaceProviderForm";
 import "@goauthentik/admin/providers/google_workspace/GoogleWorkspaceProviderGroupList";
 import "@goauthentik/admin/providers/google_workspace/GoogleWorkspaceProviderUserList";
+import "@goauthentik/admin/rbac/ObjectPermissionsPage";
 import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
 import { EVENT_REFRESH } from "@goauthentik/common/constants";
 import "@goauthentik/components/events/ObjectChangelog";
@@ -10,7 +11,6 @@ import "@goauthentik/elements/SyncStatusCard";
 import "@goauthentik/elements/Tabs";
 import "@goauthentik/elements/buttons/ActionButton";
 import "@goauthentik/elements/buttons/ModalButton";
-import "@goauthentik/elements/rbac/ObjectPermissionsPage";
 
 import { msg } from "@lit/localize";
 import { CSSResult, PropertyValues, TemplateResult, html } from "lit";

web/src/admin/providers/ldap/LDAPProviderViewPage.ts

@@ -1,5 +1,6 @@
 import "@goauthentik/admin/providers/RelatedApplicationButton";
 import "@goauthentik/admin/providers/ldap/LDAPProviderForm";
+import "@goauthentik/admin/rbac/ObjectPermissionsPage";
 import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
 import { EVENT_REFRESH } from "@goauthentik/common/constants";
 import { me } from "@goauthentik/common/users";
@@ -9,7 +10,6 @@ import "@goauthentik/elements/CodeMirror";
 import "@goauthentik/elements/Tabs";
 import "@goauthentik/elements/buttons/ModalButton";
 import "@goauthentik/elements/buttons/SpinnerButton";
-import "@goauthentik/elements/rbac/ObjectPermissionsPage";
 
 import { msg } from "@lit/localize";
 import { CSSResult, PropertyValues, TemplateResult, html } from "lit";
@@ -219,7 +219,7 @@ export class LDAPProviderViewPage extends AKElement {
                                     class="pf-c-form-control"
                                     readonly
                                     type="text"
-                                    value="Your authentik password"
+                                    value=${msg("Your authentik password")}
                                 />
                             </div>
                             <div class="pf-c-form__group">

web/src/admin/providers/microsoft_entra/MicrosoftEntraProviderGroupList.ts

@@ -1,5 +1,4 @@
 import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
-import { uiConfig } from "@goauthentik/common/ui/config";
 import "@goauthentik/elements/forms/DeleteBulkForm";
 import { PaginatedResponse, Table, TableColumn } from "@goauthentik/elements/table/Table";
 
@@ -37,12 +36,9 @@ export class MicrosoftEntraProviderGroupList extends Table<MicrosoftEntraProvide
         </ak-forms-delete-bulk>`;
     }
 
-    async apiEndpoint(page: number): Promise<PaginatedResponse<MicrosoftEntraProviderGroup>> {
+    async apiEndpoint(): Promise<PaginatedResponse<MicrosoftEntraProviderGroup>> {
         return new ProvidersApi(DEFAULT_CONFIG).providersMicrosoftEntraGroupsList({
-            page: page,
-            pageSize: (await uiConfig()).pagination.perPage,
-            ordering: this.order,
-            search: this.search || "",
+            ...(await this.defaultEndpointConfig()),
             providerId: this.providerId,
         });
     }

web/src/admin/providers/microsoft_entra/MicrosoftEntraProviderUserList.ts

@@ -1,5 +1,4 @@
 import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
-import { uiConfig } from "@goauthentik/common/ui/config";
 import "@goauthentik/elements/forms/DeleteBulkForm";
 import { PaginatedResponse, Table, TableColumn } from "@goauthentik/elements/table/Table";
 
@@ -40,12 +39,9 @@ export class MicrosoftEntraProviderUserList extends Table<MicrosoftEntraProvider
         </ak-forms-delete-bulk>`;
     }
 
-    async apiEndpoint(page: number): Promise<PaginatedResponse<MicrosoftEntraProviderUser>> {
+    async apiEndpoint(): Promise<PaginatedResponse<MicrosoftEntraProviderUser>> {
         return new ProvidersApi(DEFAULT_CONFIG).providersMicrosoftEntraUsersList({
-            page: page,
-            pageSize: (await uiConfig()).pagination.perPage,
-            ordering: this.order,
-            search: this.search || "",
+            ...(await this.defaultEndpointConfig()),
             providerId: this.providerId,
         });
     }

web/src/admin/providers/microsoft_entra/MicrosoftEntraProviderViewPage.ts

@@ -1,6 +1,7 @@
 import "@goauthentik/admin/providers/microsoft_entra/MicrosoftEntraProviderFormPage";
 import "@goauthentik/admin/providers/microsoft_entra/MicrosoftEntraProviderGroupList";
 import "@goauthentik/admin/providers/microsoft_entra/MicrosoftEntraProviderUserList";
+import "@goauthentik/admin/rbac/ObjectPermissionsPage";
 import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
 import { EVENT_REFRESH } from "@goauthentik/common/constants";
 import "@goauthentik/components/events/ObjectChangelog";
@@ -10,7 +11,6 @@ import "@goauthentik/elements/Tabs";
 import "@goauthentik/elements/buttons/ActionButton";
 import "@goauthentik/elements/buttons/ModalButton";
 import "@goauthentik/elements/events/LogViewer";
-import "@goauthentik/elements/rbac/ObjectPermissionsPage";
 
 import { msg } from "@lit/localize";
 import { CSSResult, PropertyValues, TemplateResult, html } from "lit";

web/src/admin/providers/proxy/ProxyProviderViewPage.ts

@@ -1,5 +1,6 @@
 import "@goauthentik/admin/providers/RelatedApplicationButton";
 import "@goauthentik/admin/providers/proxy/ProxyProviderForm";
+import "@goauthentik/admin/rbac/ObjectPermissionsPage";
 import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
 import { EVENT_REFRESH } from "@goauthentik/common/constants";
 import { convertToSlug } from "@goauthentik/common/utils";
@@ -21,7 +22,6 @@ import { Replacer } from "@goauthentik/elements/Markdown";
 import "@goauthentik/elements/Tabs";
 import "@goauthentik/elements/buttons/ModalButton";
 import "@goauthentik/elements/buttons/SpinnerButton";
-import "@goauthentik/elements/rbac/ObjectPermissionsPage";
 import { getURLParam } from "@goauthentik/elements/router/RouteMatch";
 
 import { msg } from "@lit/localize";

web/src/admin/providers/rac/ConnectionTokenList.ts

@@ -1,5 +1,4 @@
 import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
-import { uiConfig } from "@goauthentik/common/ui/config";
 import "@goauthentik/elements/buttons/SpinnerButton";
 import "@goauthentik/elements/forms/DeleteBulkForm";
 import "@goauthentik/elements/forms/ModalForm";
@@ -37,12 +36,9 @@ export class ConnectionTokenListPage extends Table<ConnectionToken> {
         return super.styles.concat(PFDescriptionList);
     }
 
-    async apiEndpoint(page: number): Promise<PaginatedResponse<ConnectionToken>> {
+    async apiEndpoint(): Promise<PaginatedResponse<ConnectionToken>> {
         return new RacApi(DEFAULT_CONFIG).racConnectionTokensList({
-            ordering: this.order,
-            page: page,
-            pageSize: (await uiConfig()).pagination.perPage,
-            search: this.search || "",
+            ...(await this.defaultEndpointConfig()),
             provider: this.provider?.pk,
             sessionUser: this.userId,
         });

web/src/admin/providers/rac/EndpointList.ts

@@ -1,11 +1,10 @@
 import "@goauthentik/admin/policies/BoundPoliciesList";
 import "@goauthentik/admin/providers/rac/EndpointForm";
+import "@goauthentik/admin/rbac/ObjectPermissionModal";
 import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
-import { uiConfig } from "@goauthentik/common/ui/config";
 import "@goauthentik/elements/buttons/SpinnerButton";
 import "@goauthentik/elements/forms/DeleteBulkForm";
 import "@goauthentik/elements/forms/ModalForm";
-import "@goauthentik/elements/rbac/ObjectPermissionModal";
 import { PaginatedResponse, Table } from "@goauthentik/elements/table/Table";
 import { TableColumn } from "@goauthentik/elements/table/Table";
 import "@patternfly/elements/pf-tooltip/pf-tooltip.js";
@@ -43,12 +42,9 @@ export class EndpointListPage extends Table<Endpoint> {
         return super.styles.concat(PFDescriptionList);
     }
 
-    async apiEndpoint(page: number): Promise<PaginatedResponse<Endpoint>> {
+    async apiEndpoint(): Promise<PaginatedResponse<Endpoint>> {
         return new RacApi(DEFAULT_CONFIG).racEndpointsList({
-            ordering: this.order,
-            page: page,
-            pageSize: (await uiConfig()).pagination.perPage,
-            search: this.search || "",
+            ...(await this.defaultEndpointConfig()),
             provider: this.provider?.pk,
             superuserFullList: true,
         });

web/src/admin/providers/rac/RACProviderViewPage.ts

@@ -3,6 +3,7 @@ import "@goauthentik/admin/providers/rac/ConnectionTokenList";
 import "@goauthentik/admin/providers/rac/EndpointForm";
 import "@goauthentik/admin/providers/rac/EndpointList";
 import "@goauthentik/admin/providers/rac/RACProviderForm";
+import "@goauthentik/admin/rbac/ObjectPermissionsPage";
 import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
 import { EVENT_REFRESH } from "@goauthentik/common/constants";
 import "@goauthentik/components/ak-status-label";
@@ -12,7 +13,6 @@ import "@goauthentik/elements/CodeMirror";
 import "@goauthentik/elements/Tabs";
 import "@goauthentik/elements/buttons/ModalButton";
 import "@goauthentik/elements/buttons/SpinnerButton";
-import "@goauthentik/elements/rbac/ObjectPermissionsPage";
 
 import { msg } from "@lit/localize";
 import { CSSResult, PropertyValues, TemplateResult, html } from "lit";

web/src/admin/providers/radius/RadiusProviderViewPage.ts

@@ -1,5 +1,6 @@
 import "@goauthentik/admin/providers/RelatedApplicationButton";
 import "@goauthentik/admin/providers/radius/RadiusProviderForm";
+import "@goauthentik/admin/rbac/ObjectPermissionsPage";
 import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
 import { EVENT_REFRESH } from "@goauthentik/common/constants";
 import "@goauthentik/components/events/ObjectChangelog";
@@ -8,7 +9,6 @@ import "@goauthentik/elements/CodeMirror";
 import "@goauthentik/elements/Tabs";
 import "@goauthentik/elements/buttons/ModalButton";
 import "@goauthentik/elements/buttons/SpinnerButton";
-import "@goauthentik/elements/rbac/ObjectPermissionsPage";
 
 import { msg } from "@lit/localize";
 import { CSSResult, PropertyValues, TemplateResult, html } from "lit";

web/src/admin/providers/saml/SAMLProviderViewPage.ts

@@ -1,5 +1,6 @@
 import "@goauthentik/admin/providers/RelatedApplicationButton";
 import "@goauthentik/admin/providers/saml/SAMLProviderForm";
+import "@goauthentik/admin/rbac/ObjectPermissionsPage";
 import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
 import { EVENT_REFRESH } from "@goauthentik/common/constants";
 import { MessageLevel } from "@goauthentik/common/messages";
@@ -14,7 +15,6 @@ import "@goauthentik/elements/buttons/ActionButton";
 import "@goauthentik/elements/buttons/ModalButton";
 import "@goauthentik/elements/buttons/SpinnerButton";
 import { showMessage } from "@goauthentik/elements/messages/MessageContainer";
-import "@goauthentik/elements/rbac/ObjectPermissionsPage";
 
 import { msg } from "@lit/localize";
 import { CSSResult, PropertyValues, TemplateResult, html } from "lit";
@@ -512,7 +512,7 @@ export class SAMLProviderViewPage extends AKElement {
                 <div class="pf-c-card__body">
                     ${renderDescriptionList([
                         [
-                            "Preview for user",
+                            msg("Preview for user"),
                             html`
                                 <ak-search-select
                                     .fetchObjects=${async (query?: string): Promise<User[]> => {

web/src/admin/providers/scim/SCIMProviderGroupList.ts

@@ -1,5 +1,4 @@
 import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
-import { uiConfig } from "@goauthentik/common/ui/config";
 import "@goauthentik/elements/forms/DeleteBulkForm";
 import { PaginatedResponse, Table, TableColumn } from "@goauthentik/elements/table/Table";
 
@@ -38,12 +37,9 @@ export class SCIMProviderGroupList extends Table<SCIMProviderGroup> {
         </ak-forms-delete-bulk>`;
     }
 
-    async apiEndpoint(page: number): Promise<PaginatedResponse<SCIMProviderGroup>> {
+    async apiEndpoint(): Promise<PaginatedResponse<SCIMProviderGroup>> {
         return new ProvidersApi(DEFAULT_CONFIG).providersScimGroupsList({
-            page: page,
-            pageSize: (await uiConfig()).pagination.perPage,
-            ordering: this.order,
-            search: this.search || "",
+            ...(await this.defaultEndpointConfig()),
             providerId: this.providerId,
         });
     }

web/src/admin/providers/scim/SCIMProviderUserList.ts

@@ -1,5 +1,4 @@
 import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
-import { uiConfig } from "@goauthentik/common/ui/config";
 import "@goauthentik/elements/forms/DeleteBulkForm";
 import { PaginatedResponse, Table, TableColumn } from "@goauthentik/elements/table/Table";
 
@@ -38,12 +37,9 @@ export class SCIMProviderUserList extends Table<SCIMProviderUser> {
         </ak-forms-delete-bulk>`;
     }
 
-    async apiEndpoint(page: number): Promise<PaginatedResponse<SCIMProviderUser>> {
+    async apiEndpoint(): Promise<PaginatedResponse<SCIMProviderUser>> {
         return new ProvidersApi(DEFAULT_CONFIG).providersScimUsersList({
-            page: page,
-            pageSize: (await uiConfig()).pagination.perPage,
-            ordering: this.order,
-            search: this.search || "",
+            ...(await this.defaultEndpointConfig()),
             providerId: this.providerId,
         });
     }

web/src/admin/providers/scim/SCIMProviderViewPage.ts

@@ -1,6 +1,7 @@
 import "@goauthentik/admin/providers/scim/SCIMProviderForm";
 import "@goauthentik/admin/providers/scim/SCIMProviderGroupList";
 import "@goauthentik/admin/providers/scim/SCIMProviderUserList";
+import "@goauthentik/admin/rbac/ObjectPermissionsPage";
 import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
 import { EVENT_REFRESH } from "@goauthentik/common/constants";
 import "@goauthentik/components/events/ObjectChangelog";
@@ -11,7 +12,6 @@ import "@goauthentik/elements/SyncStatusCard";
 import "@goauthentik/elements/Tabs";
 import "@goauthentik/elements/buttons/ActionButton";
 import "@goauthentik/elements/buttons/ModalButton";
-import "@goauthentik/elements/rbac/ObjectPermissionsPage";
 
 import { msg } from "@lit/localize";
 import { CSSResult, PropertyValues, TemplateResult, html } from "lit";

web/src/admin/rbac/ObjectPermissionModal.ts

@@ -1,7 +1,7 @@
+import "@goauthentik/admin/rbac/ObjectPermissionsPage";
 import { AKElement } from "@goauthentik/elements/Base";
 import "@goauthentik/elements/forms/ModalForm";
 import { ModelForm } from "@goauthentik/elements/forms/ModelForm";
-import "@goauthentik/elements/rbac/ObjectPermissionsPage";
 
 import { msg } from "@lit/localize";
 import { CSSResult, TemplateResult, html } from "lit";

web/src/admin/rbac/ObjectPermissionsPage.ts

@@ -1,11 +1,11 @@
+import "@goauthentik/admin/rbac/RoleObjectPermissionTable";
+import "@goauthentik/admin/rbac/UserObjectPermissionTable";
 import "@goauthentik/admin/roles/RoleAssignedGlobalPermissionsTable";
 import "@goauthentik/admin/roles/RoleAssignedObjectPermissionTable";
 import "@goauthentik/admin/users/UserAssignedGlobalPermissionsTable";
 import "@goauthentik/admin/users/UserAssignedObjectPermissionsTable";
 import { AKElement } from "@goauthentik/elements/Base";
 import "@goauthentik/elements/Tabs";
-import "@goauthentik/elements/rbac/RoleObjectPermissionTable";
-import "@goauthentik/elements/rbac/UserObjectPermissionTable";
 
 import { msg } from "@lit/localize";
 import { html, nothing } from "lit";

web/src/admin/rbac/PermissionSelectModal.ts

@@ -1,5 +1,4 @@
 import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
-import { uiConfig } from "@goauthentik/common/ui/config";
 import { groupBy } from "@goauthentik/common/utils";
 import "@goauthentik/elements/buttons/SpinnerButton";
 import { PaginatedResponse } from "@goauthentik/elements/table/Table";
@@ -32,13 +31,8 @@ export class PermissionSelectModal extends TableModal<Permission> {
         return super.styles.concat(PFBanner);
     }
 
-    async apiEndpoint(page: number): Promise<PaginatedResponse<Permission>> {
-        return new RbacApi(DEFAULT_CONFIG).rbacPermissionsList({
-            ordering: this.order,
-            page: page,
-            pageSize: (await uiConfig()).pagination.perPage,
-            search: this.search || "",
-        });
+    async apiEndpoint(): Promise<PaginatedResponse<Permission>> {
+        return new RbacApi(DEFAULT_CONFIG).rbacPermissionsList(await this.defaultEndpointConfig());
     }
 
     groupBy(items: Permission[]): [string, Permission[]][] {

web/src/admin/rbac/RoleObjectPermissionTable.ts

@@ -1,7 +1,7 @@
+import "@goauthentik/admin/rbac/RoleObjectPermissionForm";
 import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
 import "@goauthentik/elements/forms/DeleteBulkForm";
 import "@goauthentik/elements/forms/ModalForm";
-import "@goauthentik/elements/rbac/RoleObjectPermissionForm";
 import { PaginatedResponse, Table, TableColumn } from "@goauthentik/elements/table/Table";
 import "@patternfly/elements/pf-tooltip/pf-tooltip.js";
 
@@ -31,9 +31,9 @@ export class RoleAssignedObjectPermissionTable extends Table<RoleAssignedObjectP
     checkbox = true;
     clearOnRefresh = true;
 
-    async apiEndpoint(page: number): Promise<PaginatedResponse<RoleAssignedObjectPermission>> {
+    async apiEndpoint(): Promise<PaginatedResponse<RoleAssignedObjectPermission>> {
         const perms = await new RbacApi(DEFAULT_CONFIG).rbacPermissionsAssignedByRolesList({
-            page: page,
+            ...(await this.defaultEndpointConfig()),
             // TODO: better default
             model: this.model || RbacPermissionsAssignedByRolesListModelEnum.CoreUser,
             objectPk: this.objectPk?.toString(),
@@ -52,7 +52,7 @@ export class RoleAssignedObjectPermissionTable extends Table<RoleAssignedObjectP
     }
 
     columns(): TableColumn[] {
-        const baseColumns = [new TableColumn("User", "user")];
+        const baseColumns = [new TableColumn(msg("User"), "user")];
         // We don't check pagination since models shouldn't need to have that many permissions?
         this.modelPermissions?.results.forEach((perm) => {
             baseColumns.push(new TableColumn(perm.name, perm.codename));

web/src/admin/rbac/UserObjectPermissionTable.ts

@@ -1,7 +1,7 @@
+import "@goauthentik/admin/rbac/UserObjectPermissionForm";
 import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
 import "@goauthentik/elements/forms/DeleteBulkForm";
 import "@goauthentik/elements/forms/ModalForm";
-import "@goauthentik/elements/rbac/UserObjectPermissionForm";
 import { PaginatedResponse, Table, TableColumn } from "@goauthentik/elements/table/Table";
 import "@patternfly/elements/pf-tooltip/pf-tooltip.js";
 
@@ -31,9 +31,9 @@ export class UserAssignedObjectPermissionTable extends Table<UserAssignedObjectP
     checkbox = true;
     clearOnRefresh = true;
 
-    async apiEndpoint(page: number): Promise<PaginatedResponse<UserAssignedObjectPermission>> {
+    async apiEndpoint(): Promise<PaginatedResponse<UserAssignedObjectPermission>> {
         const perms = await new RbacApi(DEFAULT_CONFIG).rbacPermissionsAssignedByUsersList({
-            page: page,
+            ...(await this.defaultEndpointConfig()),
             // TODO: better default
             model: this.model || RbacPermissionsAssignedByUsersListModelEnum.CoreUser,
             objectPk: this.objectPk?.toString(),
@@ -52,7 +52,7 @@ export class UserAssignedObjectPermissionTable extends Table<UserAssignedObjectP
     }
 
     columns(): TableColumn[] {
-        const baseColumns = [new TableColumn("User", "user")];
+        const baseColumns = [new TableColumn(msg("User"), "user")];
         // We don't check pagination since models shouldn't need to have that many permissions?
         this.modelPermissions?.results.forEach((perm) => {
             baseColumns.push(new TableColumn(perm.name, perm.codename));

web/src/admin/roles/RoleAssignedGlobalPermissionsTable.ts

@@ -25,12 +25,10 @@ export class RoleAssignedGlobalPermissionsTable extends Table<Permission> {
 
     order = "content_type__app_label,content_type__model";
 
-    apiEndpoint(page: number): Promise<PaginatedResponse<Permission>> {
+    async apiEndpoint(): Promise<PaginatedResponse<Permission>> {
         return new RbacApi(DEFAULT_CONFIG).rbacPermissionsList({
+            ...(await this.defaultEndpointConfig()),
             role: this.roleUuid,
-            page: page,
-            ordering: this.order,
-            search: this.search,
         });
     }
 
@@ -42,8 +40,8 @@ export class RoleAssignedGlobalPermissionsTable extends Table<Permission> {
 
     columns(): TableColumn[] {
         return [
-            new TableColumn("Model", "model"),
-            new TableColumn("Permission", ""),
+            new TableColumn(msg("Model"), "model"),
+            new TableColumn(msg("Permission"), ""),
             new TableColumn(""),
         ];
     }

web/src/admin/roles/RoleAssignedObjectPermissionTable.ts

@@ -22,12 +22,10 @@ export class RoleAssignedObjectPermissionTable extends Table<ExtraRoleObjectPerm
     checkbox = true;
     clearOnRefresh = true;
 
-    apiEndpoint(page: number): Promise<PaginatedResponse<ExtraRoleObjectPermission>> {
+    async apiEndpoint(): Promise<PaginatedResponse<ExtraRoleObjectPermission>> {
         return new RbacApi(DEFAULT_CONFIG).rbacPermissionsRolesList({
+            ...(await this.defaultEndpointConfig()),
             uuid: this.roleUuid || "",
-            page: page,
-            ordering: this.order,
-            search: this.search,
         });
     }
 
@@ -39,9 +37,9 @@ export class RoleAssignedObjectPermissionTable extends Table<ExtraRoleObjectPerm
 
     columns(): TableColumn[] {
         return [
-            new TableColumn("Model", "model"),
-            new TableColumn("Permission", ""),
-            new TableColumn("Object", ""),
+            new TableColumn(msg("Model"), "model"),
+            new TableColumn(msg("Permission"), ""),
+            new TableColumn(msg("Object"), ""),
             new TableColumn(""),
         ];
     }

web/src/admin/roles/RoleListPage.ts

@@ -1,6 +1,5 @@
 import "@goauthentik/admin/roles/RoleForm";
 import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
-import { uiConfig } from "@goauthentik/common/ui/config";
 import "@goauthentik/elements/buttons/SpinnerButton";
 import "@goauthentik/elements/forms/DeleteBulkForm";
 import "@goauthentik/elements/forms/ModalForm";
@@ -42,13 +41,8 @@ export class RoleListPage extends TablePage<Role> {
         return [...super.styles, PFBanner];
     }
 
-    async apiEndpoint(page: number): Promise<PaginatedResponse<Role>> {
-        return new RbacApi(DEFAULT_CONFIG).rbacRolesList({
-            ordering: this.order,
-            page: page,
-            pageSize: (await uiConfig()).pagination.perPage,
-            search: this.search || "",
-        });
+    async apiEndpoint(): Promise<PaginatedResponse<Role>> {
+        return new RbacApi(DEFAULT_CONFIG).rbacRolesList(await this.defaultEndpointConfig());
     }
 
     columns(): TableColumn[] {

web/src/admin/roles/RolePermissionForm.ts

@@ -1,3 +1,4 @@
+import "@goauthentik/admin/rbac/PermissionSelectModal";
 import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
 import "@goauthentik/components/ak-toggle-group";
 import "@goauthentik/elements/chips/Chip";
@@ -6,7 +7,6 @@ import "@goauthentik/elements/forms/HorizontalFormElement";
 import { ModelForm } from "@goauthentik/elements/forms/ModelForm";
 import "@goauthentik/elements/forms/Radio";
 import "@goauthentik/elements/forms/SearchSelect";
-import "@goauthentik/elements/rbac/PermissionSelectModal";
 
 import { msg } from "@lit/localize";
 import { TemplateResult, html } from "lit";
@@ -36,7 +36,7 @@ export class RolePermissionForm extends ModelForm<RolePermissionAssign, number>
         return msg("Successfully assigned permission.");
     }
 
-    async send(data: RolePermissionAssign): Promise<unknown> {
+    async send(data: RolePermissionAssign) {
         await new RbacApi(DEFAULT_CONFIG).rbacPermissionsAssignedByRolesAssignCreate({
             uuid: this.roleUuid || "",
             permissionAssignRequest: {
@@ -44,7 +44,6 @@ export class RolePermissionForm extends ModelForm<RolePermissionAssign, number>
             },
         });
         this.permissionsToAdd = [];
-        return;
     }
 
     renderForm(): TemplateResult {

web/src/admin/roles/RoleViewPage.ts

@@ -1,4 +1,5 @@
 import "@goauthentik/admin/groups/RelatedGroupList";
+import "@goauthentik/admin/rbac/ObjectPermissionsPage";
 import "@goauthentik/admin/roles/RoleForm";
 import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
 import { EVENT_REFRESH } from "@goauthentik/common/constants";
@@ -9,7 +10,6 @@ import { AKElement } from "@goauthentik/elements/Base";
 import "@goauthentik/elements/PageHeader";
 import "@goauthentik/elements/Tabs";
 import "@goauthentik/elements/forms/ModalForm";
-import "@goauthentik/elements/rbac/ObjectPermissionsPage";
 
 import { msg, str } from "@lit/localize";
 import { css, html, nothing } from "lit";

web/src/admin/sources/SourceListPage.ts

@@ -4,7 +4,6 @@ import "@goauthentik/admin/sources/oauth/OAuthSourceForm";
 import "@goauthentik/admin/sources/plex/PlexSourceForm";
 import "@goauthentik/admin/sources/saml/SAMLSourceForm";
 import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
-import { uiConfig } from "@goauthentik/common/ui/config";
 import { PFColor } from "@goauthentik/elements/Label";
 import "@goauthentik/elements/forms/DeleteBulkForm";
 import "@goauthentik/elements/forms/ModalForm";
@@ -44,13 +43,8 @@ export class SourceListPage extends TablePage<Source> {
     @property()
     order = "name";
 
-    async apiEndpoint(page: number): Promise<PaginatedResponse<Source>> {
-        return new SourcesApi(DEFAULT_CONFIG).sourcesAllList({
-            ordering: this.order,
-            page: page,
-            pageSize: (await uiConfig()).pagination.perPage,
-            search: this.search || "",
-        });
+    async apiEndpoint(): Promise<PaginatedResponse<Source>> {
+        return new SourcesApi(DEFAULT_CONFIG).sourcesAllList(await this.defaultEndpointConfig());
     }
 
     columns(): TableColumn[] {

web/src/admin/sources/ldap/LDAPSourceViewPage.ts

@@ -1,3 +1,4 @@
+import "@goauthentik/admin/rbac/ObjectPermissionsPage";
 import "@goauthentik/admin/sources/ldap/LDAPSourceConnectivity";
 import "@goauthentik/admin/sources/ldap/LDAPSourceForm";
 import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
@@ -10,7 +11,6 @@ import "@goauthentik/elements/Tabs";
 import "@goauthentik/elements/buttons/ActionButton";
 import "@goauthentik/elements/buttons/SpinnerButton";
 import "@goauthentik/elements/forms/ModalForm";
-import "@goauthentik/elements/rbac/ObjectPermissionsPage";
 
 import { msg } from "@lit/localize";
 import { CSSResult, TemplateResult, html } from "lit";

web/src/admin/sources/oauth/OAuthSourceViewPage.ts

@@ -1,4 +1,5 @@
 import "@goauthentik/admin/policies/BoundPoliciesList";
+import "@goauthentik/admin/rbac/ObjectPermissionsPage";
 import "@goauthentik/admin/sources/oauth/OAuthSourceDiagram";
 import "@goauthentik/admin/sources/oauth/OAuthSourceForm";
 import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
@@ -9,7 +10,6 @@ import "@goauthentik/elements/CodeMirror";
 import "@goauthentik/elements/Tabs";
 import "@goauthentik/elements/buttons/SpinnerButton";
 import "@goauthentik/elements/forms/ModalForm";
-import "@goauthentik/elements/rbac/ObjectPermissionsPage";
 
 import { msg } from "@lit/localize";
 import { CSSResult, TemplateResult, html } from "lit";

web/src/admin/sources/plex/PlexSourceViewPage.ts

@@ -1,4 +1,5 @@
 import "@goauthentik/admin/policies/BoundPoliciesList";
+import "@goauthentik/admin/rbac/ObjectPermissionsPage";
 import "@goauthentik/admin/sources/plex/PlexSourceForm";
 import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
 import { EVENT_REFRESH } from "@goauthentik/common/constants";
@@ -8,7 +9,6 @@ import "@goauthentik/elements/CodeMirror";
 import "@goauthentik/elements/Tabs";
 import "@goauthentik/elements/buttons/SpinnerButton";
 import "@goauthentik/elements/forms/ModalForm";
-import "@goauthentik/elements/rbac/ObjectPermissionsPage";
 
 import { msg } from "@lit/localize";
 import { CSSResult, TemplateResult, html } from "lit";

web/src/admin/sources/saml/SAMLSourceViewPage.ts

@@ -1,4 +1,5 @@
 import "@goauthentik/admin/policies/BoundPoliciesList";
+import "@goauthentik/admin/rbac/ObjectPermissionsPage";
 import "@goauthentik/admin/sources/saml/SAMLSourceForm";
 import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
 import { EVENT_REFRESH } from "@goauthentik/common/constants";
@@ -9,7 +10,6 @@ import { CodeMirrorMode } from "@goauthentik/elements/CodeMirror";
 import "@goauthentik/elements/Tabs";
 import "@goauthentik/elements/buttons/SpinnerButton";
 import "@goauthentik/elements/forms/ModalForm";
-import "@goauthentik/elements/rbac/ObjectPermissionsPage";
 
 import { msg } from "@lit/localize";
 import { CSSResult, TemplateResult, html } from "lit";

web/src/admin/sources/scim/SCIMSourceGroups.ts

@@ -1,5 +1,4 @@
 import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
-import { uiConfig } from "@goauthentik/common/ui/config";
 import { PaginatedResponse, Table, TableColumn } from "@goauthentik/elements/table/Table";
 
 import { msg } from "@lit/localize";
@@ -18,12 +17,9 @@ export class SCIMSourceGroupList extends Table<SCIMSourceGroup> {
         return true;
     }
 
-    async apiEndpoint(page: number): Promise<PaginatedResponse<SCIMSourceGroup>> {
+    async apiEndpoint(): Promise<PaginatedResponse<SCIMSourceGroup>> {
         return new SourcesApi(DEFAULT_CONFIG).sourcesScimGroupsList({
-            page: page,
-            pageSize: (await uiConfig()).pagination.perPage,
-            ordering: this.order,
-            search: this.search || "",
+            ...(await this.defaultEndpointConfig()),
             sourceSlug: this.sourceSlug,
         });
     }

web/src/admin/sources/scim/SCIMSourceUsers.ts

@@ -1,5 +1,4 @@
 import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
-import { uiConfig } from "@goauthentik/common/ui/config";
 import { PaginatedResponse, Table, TableColumn } from "@goauthentik/elements/table/Table";
 
 import { msg } from "@lit/localize";
@@ -18,12 +17,9 @@ export class SCIMSourceUserList extends Table<SCIMSourceUser> {
         return true;
     }
 
-    async apiEndpoint(page: number): Promise<PaginatedResponse<SCIMSourceUser>> {
+    async apiEndpoint(): Promise<PaginatedResponse<SCIMSourceUser>> {
         return new SourcesApi(DEFAULT_CONFIG).sourcesScimUsersList({
-            page: page,
-            pageSize: (await uiConfig()).pagination.perPage,
-            ordering: this.order,
-            search: this.search || "",
+            ...(await this.defaultEndpointConfig()),
             sourceSlug: this.sourceSlug,
         });
     }

web/src/admin/sources/scim/SCIMSourceViewPage.ts

@@ -1,3 +1,4 @@
+import "@goauthentik/admin/rbac/ObjectPermissionsPage";
 import "@goauthentik/admin/sources/scim/SCIMSourceForm";
 import "@goauthentik/admin/sources/scim/SCIMSourceGroups";
 import "@goauthentik/admin/sources/scim/SCIMSourceUsers";
@@ -10,7 +11,6 @@ import "@goauthentik/elements/buttons/ActionButton";
 import "@goauthentik/elements/buttons/SpinnerButton";
 import "@goauthentik/elements/buttons/TokenCopyButton";
 import "@goauthentik/elements/forms/ModalForm";
-import "@goauthentik/elements/rbac/ObjectPermissionsPage";
 
 import { msg } from "@lit/localize";
 import { CSSResult, TemplateResult, html } from "lit";

web/src/admin/stages/StageListPage.ts

@@ -1,3 +1,4 @@
+import "@goauthentik/admin/rbac/ObjectPermissionModal";
 import "@goauthentik/admin/stages/StageWizard";
 import "@goauthentik/admin/stages/authenticator_duo/AuthenticatorDuoStageForm";
 import "@goauthentik/admin/stages/authenticator_duo/DuoDeviceImportForm";
@@ -21,18 +22,16 @@ import "@goauthentik/admin/stages/user_login/UserLoginStageForm";
 import "@goauthentik/admin/stages/user_logout/UserLogoutStageForm";
 import "@goauthentik/admin/stages/user_write/UserWriteStageForm";
 import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
-import { uiConfig } from "@goauthentik/common/ui/config";
 import "@goauthentik/elements/forms/DeleteBulkForm";
 import "@goauthentik/elements/forms/ModalForm";
 import "@goauthentik/elements/forms/ProxyForm";
-import "@goauthentik/elements/rbac/ObjectPermissionModal";
 import { PaginatedResponse } from "@goauthentik/elements/table/Table";
 import { TableColumn } from "@goauthentik/elements/table/Table";
 import { TablePage } from "@goauthentik/elements/table/TablePage";
 import "@patternfly/elements/pf-tooltip/pf-tooltip.js";
 
 import { msg, str } from "@lit/localize";
-import { TemplateResult, html } from "lit";
+import { TemplateResult, html, nothing } from "lit";
 import { customElement, property } from "lit/decorators.js";
 import { ifDefined } from "lit/directives/if-defined.js";
 
@@ -61,13 +60,8 @@ export class StageListPage extends TablePage<Stage> {
     @property()
     order = "name";
 
-    async apiEndpoint(page: number): Promise<PaginatedResponse<Stage>> {
-        return new StagesApi(DEFAULT_CONFIG).stagesAllList({
-            ordering: this.order,
-            page: page,
-            pageSize: (await uiConfig()).pagination.perPage,
-            search: this.search || "",
-        });
+    async apiEndpoint(): Promise<PaginatedResponse<Stage>> {
+        return new StagesApi(DEFAULT_CONFIG).stagesAllList(await this.defaultEndpointConfig());
     }
 
     columns(): TableColumn[] {
@@ -100,26 +94,23 @@ export class StageListPage extends TablePage<Stage> {
         </ak-forms-delete-bulk>`;
     }
 
-    renderStageActions(stage: Stage): TemplateResult {
-        switch (stage.component) {
-            case "ak-stage-authenticator-duo-form":
-                return html`<ak-forms-modal>
-                    <span slot="submit">${msg("Import")}</span>
-                    <span slot="header">${msg("Import Duo device")}</span>
-                    <ak-stage-authenticator-duo-device-import-form
-                        slot="form"
-                        .instancePk=${stage.pk}
-                    >
-                    </ak-stage-authenticator-duo-device-import-form>
-                    <button slot="trigger" class="pf-c-button pf-m-plain">
-                        <pf-tooltip position="top" content=${msg("Import devices")}>
-                            <i class="fas fa-file-import" aria-hidden="true"></i>
-                        </pf-tooltip>
-                    </button>
-                </ak-forms-modal>`;
-            default:
-                return html``;
-        }
+    renderStageActions(stage: Stage) {
+        return stage.component === "ak-stage-authenticator-duo-form"
+            ? html`<ak-forms-modal>
+                  <span slot="submit">${msg("Import")}</span>
+                  <span slot="header">${msg("Import Duo device")}</span>
+                  <ak-stage-authenticator-duo-device-import-form
+                      slot="form"
+                      .instancePk=${stage.pk}
+                  >
+                  </ak-stage-authenticator-duo-device-import-form>
+                  <button slot="trigger" class="pf-c-button pf-m-plain">
+                      <pf-tooltip position="top" content=${msg("Import devices")}>
+                          <i class="fas fa-file-import" aria-hidden="true"></i>
+                      </pf-tooltip>
+                  </button>
+              </ak-forms-modal>`
+            : nothing;
     }
 
     row(item: Stage): TemplateResult[] {

web/src/admin/stages/invitation/InvitationListPage.ts

@@ -1,13 +1,12 @@
+import "@goauthentik/admin/rbac/ObjectPermissionModal";
 import "@goauthentik/admin/stages/invitation/InvitationForm";
 import "@goauthentik/admin/stages/invitation/InvitationListLink";
 import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
-import { uiConfig } from "@goauthentik/common/ui/config";
 import { PFColor } from "@goauthentik/elements/Label";
 import "@goauthentik/elements/buttons/ModalButton";
 import "@goauthentik/elements/buttons/SpinnerButton";
 import "@goauthentik/elements/forms/DeleteBulkForm";
 import "@goauthentik/elements/forms/ModalForm";
-import "@goauthentik/elements/rbac/ObjectPermissionModal";
 import { PaginatedResponse } from "@goauthentik/elements/table/Table";
 import { TableColumn } from "@goauthentik/elements/table/Table";
 import { TablePage } from "@goauthentik/elements/table/TablePage";
@@ -62,7 +61,7 @@ export class InvitationListPage extends TablePage<Invitation> {
     @state()
     multipleEnrollmentFlows = false;
 
-    async apiEndpoint(page: number): Promise<PaginatedResponse<Invitation>> {
+    async apiEndpoint(): Promise<PaginatedResponse<Invitation>> {
         try {
             // Check if any invitation stages exist
             const stages = await new StagesApi(DEFAULT_CONFIG).stagesInvitationStagesList({
@@ -82,10 +81,7 @@ export class InvitationListPage extends TablePage<Invitation> {
             // assuming we can't fetch stages, ignore the error
         }
         return new StagesApi(DEFAULT_CONFIG).stagesInvitationInvitationsList({
-            ordering: this.order,
-            page: page,
-            pageSize: (await uiConfig()).pagination.perPage,
-            search: this.search || "",
+            ...(await this.defaultEndpointConfig()),
         });
     }
 

web/src/admin/stages/prompt/PromptListPage.ts

@@ -1,11 +1,10 @@
+import "@goauthentik/admin/rbac/ObjectPermissionModal";
 import "@goauthentik/admin/stages/prompt/PromptForm";
 import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
-import { uiConfig } from "@goauthentik/common/ui/config";
 import "@goauthentik/elements/buttons/ModalButton";
 import "@goauthentik/elements/buttons/SpinnerButton";
 import "@goauthentik/elements/forms/DeleteBulkForm";
 import "@goauthentik/elements/forms/ModalForm";
-import "@goauthentik/elements/rbac/ObjectPermissionModal";
 import { PaginatedResponse } from "@goauthentik/elements/table/Table";
 import { TableColumn } from "@goauthentik/elements/table/Table";
 import { TablePage } from "@goauthentik/elements/table/TablePage";
@@ -38,13 +37,10 @@ export class PromptListPage extends TablePage<Prompt> {
     @property()
     order = "name";
 
-    async apiEndpoint(page: number): Promise<PaginatedResponse<Prompt>> {
-        return new StagesApi(DEFAULT_CONFIG).stagesPromptPromptsList({
-            ordering: this.order,
-            page: page,
-            pageSize: (await uiConfig()).pagination.perPage,
-            search: this.search || "",
-        });
+    async apiEndpoint(): Promise<PaginatedResponse<Prompt>> {
+        return new StagesApi(DEFAULT_CONFIG).stagesPromptPromptsList(
+            await this.defaultEndpointConfig(),
+        );
     }
 
     columns(): TableColumn[] {

web/src/admin/stages/user_write/UserWriteStageForm.ts

@@ -114,7 +114,7 @@ export class UserWriteStageForm extends BaseStageForm<UserWriteStage> {
                         <ak-radio
                             .options=${[
                                 {
-                                    label: "Internal",
+                                    label: msg("Internal"),
                                     value: UserTypeEnum.Internal,
                                     default: true,
                                     description: html`${msg(
@@ -122,14 +122,14 @@ export class UserWriteStageForm extends BaseStageForm<UserWriteStage> {
                                     )}`,
                                 },
                                 {
-                                    label: "External",
+                                    label: msg("External"),
                                     value: UserTypeEnum.External,
                                     description: html`${msg(
                                         "External users might be external consultants or B2C customers. These users don't get access to enterprise features.",
                                     )}`,
                                 },
                                 {
-                                    label: "Service account",
+                                    label: msg("Service account"),
                                     value: UserTypeEnum.ServiceAccount,
                                     description: html`${msg(
                                         "Service accounts should be used for machine-to-machine authentication or other automations.",

web/src/admin/system-tasks/SystemTaskListPage.ts

@@ -1,6 +1,5 @@
 import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
 import { EVENT_REFRESH } from "@goauthentik/common/constants";
-import { uiConfig } from "@goauthentik/common/ui/config";
 import { getRelativeTime } from "@goauthentik/common/utils";
 import { PFColor } from "@goauthentik/elements/Label";
 import "@goauthentik/elements/buttons/ActionButton";
@@ -44,13 +43,10 @@ export class SystemTaskListPage extends TablePage<SystemTask> {
         return super.styles.concat(PFDescriptionList);
     }
 
-    async apiEndpoint(page: number): Promise<PaginatedResponse<SystemTask>> {
-        return new EventsApi(DEFAULT_CONFIG).eventsSystemTasksList({
-            ordering: this.order,
-            page: page,
-            pageSize: (await uiConfig()).pagination.perPage,
-            search: this.search || "",
-        });
+    async apiEndpoint(): Promise<PaginatedResponse<SystemTask>> {
+        return new EventsApi(DEFAULT_CONFIG).eventsSystemTasksList(
+            await this.defaultEndpointConfig(),
+        );
     }
 
     columns(): TableColumn[] {

web/src/admin/tokens/TokenListPage.ts

@@ -1,14 +1,13 @@
+import "@goauthentik/admin/rbac/ObjectPermissionModal";
 import "@goauthentik/admin/tokens/TokenForm";
 import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
 import { intentToLabel } from "@goauthentik/common/labels";
-import { uiConfig } from "@goauthentik/common/ui/config";
 import { getRelativeTime } from "@goauthentik/common/utils";
 import "@goauthentik/components/ak-status-label";
 import "@goauthentik/elements/buttons/Dropdown";
 import "@goauthentik/elements/buttons/TokenCopyButton";
 import "@goauthentik/elements/forms/DeleteBulkForm";
 import "@goauthentik/elements/forms/ModalForm";
-import "@goauthentik/elements/rbac/ObjectPermissionModal";
 import { PaginatedResponse } from "@goauthentik/elements/table/Table";
 import { TableColumn } from "@goauthentik/elements/table/Table";
 import { TablePage } from "@goauthentik/elements/table/TablePage";
@@ -48,13 +47,8 @@ export class TokenListPage extends TablePage<Token> {
     @property()
     order = "expires";
 
-    async apiEndpoint(page: number): Promise<PaginatedResponse<Token>> {
-        return new CoreApi(DEFAULT_CONFIG).coreTokensList({
-            ordering: this.order,
-            page: page,
-            pageSize: (await uiConfig()).pagination.perPage,
-            search: this.search || "",
-        });
+    async apiEndpoint(): Promise<PaginatedResponse<Token>> {
+        return new CoreApi(DEFAULT_CONFIG).coreTokensList(await this.defaultEndpointConfig());
     }
 
     columns(): TableColumn[] {

web/src/admin/users/GroupSelectModal.ts

@@ -1,5 +1,4 @@
 import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
-import { uiConfig } from "@goauthentik/common/ui/config";
 import "@goauthentik/components/ak-status-label";
 import "@goauthentik/elements/buttons/SpinnerButton";
 import { PaginatedResponse } from "@goauthentik/elements/table/Table";
@@ -32,12 +31,9 @@ export class GroupSelectModal extends TableModal<Group> {
         return super.styles.concat(PFBanner);
     }
 
-    async apiEndpoint(page: number): Promise<PaginatedResponse<Group>> {
+    async apiEndpoint(): Promise<PaginatedResponse<Group>> {
         return new CoreApi(DEFAULT_CONFIG).coreGroupsList({
-            ordering: this.order,
-            page: page,
-            pageSize: (await uiConfig()).pagination.perPage,
-            search: this.search || "",
+            ...(await this.defaultEndpointConfig()),
             includeUsers: false,
         });
     }

web/src/admin/users/UserApplicationTable.ts

@@ -1,7 +1,6 @@
 import { applicationListStyle } from "@goauthentik/admin/applications/ApplicationListPage";
 import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
 import { PFSize } from "@goauthentik/common/enums.js";
-import { uiConfig } from "@goauthentik/common/ui/config";
 import "@goauthentik/components/ak-app-icon";
 import { PaginatedResponse, Table, TableColumn } from "@goauthentik/elements/table/Table";
 import "@patternfly/elements/pf-tooltip/pf-tooltip.js";
@@ -21,13 +20,10 @@ export class UserApplicationTable extends Table<Application> {
         return super.styles.concat(applicationListStyle);
     }
 
-    async apiEndpoint(page: number): Promise<PaginatedResponse<Application>> {
+    async apiEndpoint(): Promise<PaginatedResponse<Application>> {
         return new CoreApi(DEFAULT_CONFIG).coreApplicationsList({
+            ...(await this.defaultEndpointConfig()),
             forUser: this.user?.pk,
-            page: page,
-            pageSize: (await uiConfig()).pagination.perPage,
-            ordering: this.order,
-            search: this.search || "",
         });
     }
 

web/src/admin/users/UserAssignedGlobalPermissionsTable.ts

@@ -21,12 +21,10 @@ export class UserAssignedGlobalPermissionsTable extends Table<Permission> {
     checkbox = true;
     clearOnRefresh = true;
 
-    apiEndpoint(page: number): Promise<PaginatedResponse<Permission>> {
+    async apiEndpoint(): Promise<PaginatedResponse<Permission>> {
         return new RbacApi(DEFAULT_CONFIG).rbacPermissionsList({
+            ...(await this.defaultEndpointConfig()),
             user: this.userId || 0,
-            page: page,
-            ordering: this.order,
-            search: this.search,
         });
     }
 
@@ -38,8 +36,8 @@ export class UserAssignedGlobalPermissionsTable extends Table<Permission> {
 
     columns(): TableColumn[] {
         return [
-            new TableColumn("Model", "model"),
-            new TableColumn("Permission", ""),
+            new TableColumn(msg("Model"), "model"),
+            new TableColumn(msg("Permission"), ""),
             new TableColumn(""),
         ];
     }

web/src/admin/users/UserAssignedObjectPermissionsTable.ts

@@ -18,12 +18,10 @@ export class UserAssignedObjectPermissionsTable extends Table<ExtraUserObjectPer
     checkbox = true;
     clearOnRefresh = true;
 
-    apiEndpoint(page: number): Promise<PaginatedResponse<ExtraUserObjectPermission>> {
+    async apiEndpoint(): Promise<PaginatedResponse<ExtraUserObjectPermission>> {
         return new RbacApi(DEFAULT_CONFIG).rbacPermissionsUsersList({
+            ...(await this.defaultEndpointConfig()),
             userId: this.userId || 0,
-            page: page,
-            ordering: this.order,
-            search: this.search,
         });
     }
 
@@ -35,9 +33,9 @@ export class UserAssignedObjectPermissionsTable extends Table<ExtraUserObjectPer
 
     columns(): TableColumn[] {
         return [
-            new TableColumn("Model", "model"),
-            new TableColumn("Permission", ""),
-            new TableColumn("Object", ""),
+            new TableColumn(msg("Model"), "model"),
+            new TableColumn(msg("Permission"), ""),
+            new TableColumn(msg("Object"), ""),
             new TableColumn(""),
         ];
     }

web/src/admin/users/UserForm.ts

@@ -107,7 +107,7 @@ export class UserForm extends ModelForm<User, number> {
                 <ak-radio
                     .options=${[
                         {
-                            label: "Internal",
+                            label: msg("Internal"),
                             value: UserTypeEnum.Internal,
                             default: true,
                             description: html`${msg(
@@ -115,21 +115,21 @@ export class UserForm extends ModelForm<User, number> {
                             )}`,
                         },
                         {
-                            label: "External",
+                            label: msg("External"),
                             value: UserTypeEnum.External,
                             description: html`${msg(
                                 "External users might be external consultants or B2C customers. These users don't get access to enterprise features.",
                             )}`,
                         },
                         {
-                            label: "Service account",
+                            label: msg("Service account"),
                             value: UserTypeEnum.ServiceAccount,
                             description: html`${msg(
                                 "Service accounts should be used for machine-to-machine authentication or other automations.",
                             )}`,
                         },
                         {
-                            label: "Internal Service account",
+                            label: msg("Internal Service account"),
                             value: UserTypeEnum.InternalServiceAccount,
                             disabled: true,
                             description: html`${msg(

web/src/admin/users/UserListPage.ts

@@ -138,12 +138,9 @@ export class UserListPage extends WithBrandConfig(WithCapabilitiesConfig(TablePa
         });
     }
 
-    async apiEndpoint(page: number): Promise<PaginatedResponse<User>> {
+    async apiEndpoint(): Promise<PaginatedResponse<User>> {
         const users = await new CoreApi(DEFAULT_CONFIG).coreUsersList({
-            ordering: this.order,
-            page: page,
-            pageSize: (await uiConfig()).pagination.perPage,
-            search: this.search || "",
+            ...(await this.defaultEndpointConfig()),
             pathStartswith: getURLParam("path", ""),
             isActive: this.hideDeactivated ? true : undefined,
             includeGroups: false,

web/src/admin/users/UserPermissionForm.ts

@@ -1,3 +1,4 @@
+import "@goauthentik/admin/rbac/PermissionSelectModal";
 import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
 import "@goauthentik/components/ak-toggle-group";
 import "@goauthentik/elements/chips/Chip";
@@ -6,7 +7,6 @@ import "@goauthentik/elements/forms/HorizontalFormElement";
 import { ModelForm } from "@goauthentik/elements/forms/ModelForm";
 import "@goauthentik/elements/forms/Radio";
 import "@goauthentik/elements/forms/SearchSelect";
-import "@goauthentik/elements/rbac/PermissionSelectModal";
 
 import { msg } from "@lit/localize";
 import { TemplateResult, html } from "lit";
@@ -36,7 +36,7 @@ export class UserPermissionForm extends ModelForm<UserPermissionAssign, number>
         return msg("Successfully assigned permission.");
     }
 
-    async send(data: UserPermissionAssign): Promise<unknown> {
+    async send(data: UserPermissionAssign) {
         await new RbacApi(DEFAULT_CONFIG).rbacPermissionsAssignedByUsersAssignCreate({
             id: this.userId || 0,
             permissionAssignRequest: {
@@ -44,7 +44,6 @@ export class UserPermissionForm extends ModelForm<UserPermissionAssign, number>
             },
         });
         this.permissionsToAdd = [];
-        return;
     }
 
     renderForm(): TemplateResult {