fix offline_access tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

blueprints/testing/oidc-conformance.yaml

@@ -60,13 +60,14 @@ entries:
 
 
   - model: authentik_providers_oauth2.oauth2provider
-    id: provider
+    id: oidc-conformance-1
     identifiers:
       name: oidc-conformance-1
     attrs:
       authorization_flow: !Find [authentik_flows.flow, [slug, default-provider-authorization-implicit-consent]]
       invalidation_flow: !Find [authentik_flows.flow, [slug, default-provider-invalidation-flow]]
-      issuer_mode: per_provider
+      # Required as OIDC Conformance test requires issues to be the same across multiple clients
+      issuer_mode: global
       client_id: 4054d882aff59755f2f279968b97ce8806a926e1
       client_secret: 4c7e4933009437fb486b5389d15b173109a0555dc47e0cc0949104f1925bcc6565351cb1dffd7e6818cf074f5bd50c210b565121a7328ee8bd40107fc4bbd867
       redirect_uris:
@@ -84,10 +85,10 @@ entries:
       signing_key: !Find [authentik_crypto.certificatekeypair, [name, authentik Self-signed Certificate]]
   - model: authentik_core.application
     identifiers:
-      slug: conformance
+      slug: oidc-conformance-1
     attrs:
-      provider: !KeyOf provider
-      name: Conformance
+      provider: !KeyOf oidc-conformance-1
+      name: OIDC Conformance (1)
 
   - model: authentik_providers_oauth2.oauth2provider
     id: oidc-conformance-2
@@ -96,7 +97,8 @@ entries:
     attrs:
       authorization_flow: !Find [authentik_flows.flow, [slug, default-provider-authorization-implicit-consent]]
       invalidation_flow: !Find [authentik_flows.flow, [slug, default-provider-invalidation-flow]]
-      issuer_mode: per_provider
+      # Required as OIDC Conformance test requires issues to be the same across multiple clients
+      issuer_mode: global
       client_id: ad64aeaf1efe388ecf4d28fcc537e8de08bcae26
       client_secret: ff2e34a5b04c99acaf7241e25a950e7f6134c86936923d8c698d8f38bd57647750d661069612c0ee55045e29fe06aa101804bdae38e8360647d595e771fea789
       redirect_uris:
@@ -117,4 +119,4 @@ entries:
       slug: oidc-conformance-2
     attrs:
       provider: !KeyOf oidc-conformance-2
-      name: OIDC Conformance
+      name: OIDC Conformance (2)

tests/openid_conformance/base.py

@@ -41,7 +41,8 @@ class TestOpenIDConformance(SeleniumTestCase):
             "description": "authentik",
             "server": {
                 "discoveryUrl": self.url(
-                    "authentik_providers_oauth2:provider-info", application_slug="conformance"
+                    "authentik_providers_oauth2:provider-info",
+                    application_slug="oidc-conformance-1",
                 ),
             },
             "client": {
@@ -137,4 +138,13 @@ class TestOpenIDConformance(SeleniumTestCase):
         self.driver.get(url)
         if "if/flow/default-authentication-flow" in self.driver.current_url:
             self.login()
-            self.wait.until(ec.presence_of_element_located((By.CSS_SELECTOR, "#complete")))
+        if "prompt=consent" in url or "offline_access" in url:
+            self.wait.until(ec.presence_of_element_located((By.CSS_SELECTOR, "ak-flow-executor")))
+            sleep(1)
+            flow_executor = self.get_shadow_root("ak-flow-executor")
+            consent_stage = self.get_shadow_root("ak-stage-consent", flow_executor)
+            consent_stage.find_element(
+                By.CSS_SELECTOR,
+                "[type=submit]",
+            ).click()
+        self.wait.until(ec.presence_of_element_located((By.CSS_SELECTOR, "#complete")))