web/components: improve error handling in ak-search-select (#8228)

* unrelated: remove deprecated sentry tracing package since its in the main package no of course this does not fix the circular import, sigh Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix syntax error in group view page Signed-off-by: Jens Langhammer <jens@goauthentik.io> * improve error handling in search-select Signed-off-by: Jens Langhammer <jens@goauthentik.io> * remove requiredness from flow input for invitation Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix dark theme for date and datetime input fields' picker button Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update locale Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2024-01-18 23:24:52 +01:00
parent 02791e765f
commit 5be9d1fc6a
22 changed files with 402 additions and 241 deletions
--- a/10
+++ b/10
@ -67,16 +67,18 @@ lint: ## Lint the python and golang sources
 	pylint $(PY_SOURCES)
 	golangci-lint run -v
 core-install:
 	poetry install
 migrate: ## Run the Authentik Django server's migrations
 	python -m lifecycle.migrate
-i18n-extract: i18n-extract-core web-i18n-extract  ## Extract strings that require translation into files to send to a translation service
+i18n-extract: core-i18n-extract web-i18n-extract  ## Extract strings that require translation into files to send to a translation service
-i18n-extract-core:
+core-i18n-extract:
 	ak makemessages --ignore web --ignore internal --ignore web --ignore web-api --ignore website -l en
-install: web-install website-install  ## Install all requires dependencies for `web`, `website` and `core`
+install: web-install website-install core-install  ## Install all requires dependencies for `web`, `website` and `core`
 	poetry install
 dev-drop-db:
 	dropdb -U ${pg_user} -h ${pg_host} ${pg_name}
--- a/locale/en/LC_MESSAGES/django.po
+++ b/locale/en/LC_MESSAGES/django.po
@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2023-12-06 16:55+0000\n"
+"POT-Creation-Date: 2024-01-18 22:07+0000\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@ -69,183 +69,183 @@ msgstr ""
 msgid "authentik Export - %(date)s"
 msgstr ""
-#: authentik/blueprints/v1/tasks.py:150 authentik/crypto/tasks.py:93
+#: authentik/blueprints/v1/tasks.py:145 authentik/crypto/tasks.py:93
 #, python-format
 msgid "Successfully imported %(count)d files."
 msgstr ""
-#: authentik/core/api/providers.py:120
+#: authentik/core/api/providers.py:122
 msgid "SAML Provider from Metadata"
 msgstr ""
-#: authentik/core/api/providers.py:121
+#: authentik/core/api/providers.py:123
 msgid "Create a SAML Provider by importing its Metadata."
 msgstr ""
-#: authentik/core/api/users.py:156
+#: authentik/core/api/users.py:150
 msgid "No leading or trailing slashes allowed."
 msgstr ""
-#: authentik/core/api/users.py:159
+#: authentik/core/api/users.py:153
 msgid "No empty segments in user path allowed."
 msgstr ""
-#: authentik/core/models.py:86
+#: authentik/core/models.py:85
 msgid "name"
 msgstr ""
-#: authentik/core/models.py:88
+#: authentik/core/models.py:87
 msgid "Users added to this group will be superusers."
 msgstr ""
-#: authentik/core/models.py:162
+#: authentik/core/models.py:161
 msgid "Group"
 msgstr ""
-#: authentik/core/models.py:163
+#: authentik/core/models.py:162
 msgid "Groups"
 msgstr ""
-#: authentik/core/models.py:178
+#: authentik/core/models.py:177
 msgid "User's display name."
 msgstr ""
-#: authentik/core/models.py:274 authentik/providers/oauth2/models.py:295
+#: authentik/core/models.py:273 authentik/providers/oauth2/models.py:295
 msgid "User"
 msgstr ""
-#: authentik/core/models.py:275
+#: authentik/core/models.py:274
 msgid "Users"
 msgstr ""
-#: authentik/core/models.py:277
+#: authentik/core/models.py:276
 #: authentik/stages/email/templates/email/password_reset.html:28
 msgid "Reset Password"
 msgstr ""
-#: authentik/core/models.py:278
+#: authentik/core/models.py:277
 msgid "Can impersonate other users"
 msgstr ""
-#: authentik/core/models.py:279 authentik/rbac/models.py:54
+#: authentik/core/models.py:278 authentik/rbac/models.py:54
 msgid "Can assign permissions to users"
 msgstr ""
-#: authentik/core/models.py:280 authentik/rbac/models.py:55
+#: authentik/core/models.py:279 authentik/rbac/models.py:55
 msgid "Can unassign permissions from users"
 msgstr ""
-#: authentik/core/models.py:294
+#: authentik/core/models.py:293
 msgid ""
 "Flow used for authentication when the associated application is accessed by "
 "an un-authenticated user."
 msgstr ""
-#: authentik/core/models.py:304
+#: authentik/core/models.py:303
 msgid "Flow used when authorizing this provider."
 msgstr ""
-#: authentik/core/models.py:316
+#: authentik/core/models.py:315
 msgid ""
 "Accessed from applications; optional backchannel providers for protocols "
 "like LDAP and SCIM."
 msgstr ""
-#: authentik/core/models.py:371
+#: authentik/core/models.py:370
 msgid "Application's display Name."
 msgstr ""
-#: authentik/core/models.py:372
+#: authentik/core/models.py:371
 msgid "Internal application name, used in URLs."
 msgstr ""
-#: authentik/core/models.py:384
+#: authentik/core/models.py:383
 msgid "Open launch URL in a new browser tab or window."
 msgstr ""
-#: authentik/core/models.py:448
+#: authentik/core/models.py:447
 msgid "Application"
 msgstr ""
-#: authentik/core/models.py:449
+#: authentik/core/models.py:448
 msgid "Applications"
 msgstr ""
-#: authentik/core/models.py:455
+#: authentik/core/models.py:454
 msgid "Use the source-specific identifier"
 msgstr ""
-#: authentik/core/models.py:457
+#: authentik/core/models.py:456
 msgid ""
 "Link to a user with identical email address. Can have security implications "
 "when a source doesn't validate email addresses."
 msgstr ""
-#: authentik/core/models.py:461
+#: authentik/core/models.py:460
 msgid ""
 "Use the user's email address, but deny enrollment when the email address "
 "already exists."
 msgstr ""
-#: authentik/core/models.py:464
+#: authentik/core/models.py:463
 msgid ""
 "Link to a user with identical username. Can have security implications when "
 "a username is used with another source."
 msgstr ""
-#: authentik/core/models.py:468
+#: authentik/core/models.py:467
 msgid ""
 "Use the user's username, but deny enrollment when the username already "
 "exists."
 msgstr ""
-#: authentik/core/models.py:475
+#: authentik/core/models.py:474
 msgid "Source's display Name."
 msgstr ""
-#: authentik/core/models.py:476
+#: authentik/core/models.py:475
 msgid "Internal source name, used in URLs."
 msgstr ""
-#: authentik/core/models.py:495
+#: authentik/core/models.py:494
 msgid "Flow to use when authenticating existing users."
 msgstr ""
-#: authentik/core/models.py:504
+#: authentik/core/models.py:503
 msgid "Flow to use when enrolling new users."
 msgstr ""
-#: authentik/core/models.py:512
+#: authentik/core/models.py:511
 msgid ""
 "How the source determines if an existing user should be authenticated or a "
 "new user enrolled."
 msgstr ""
-#: authentik/core/models.py:684
+#: authentik/core/models.py:683
 msgid "Token"
 msgstr ""
-#: authentik/core/models.py:685
+#: authentik/core/models.py:684
 msgid "Tokens"
 msgstr ""
-#: authentik/core/models.py:690
+#: authentik/core/models.py:689
 msgid "View token's key"
 msgstr ""
-#: authentik/core/models.py:726
+#: authentik/core/models.py:725
 msgid "Property Mapping"
 msgstr ""
-#: authentik/core/models.py:727
+#: authentik/core/models.py:726
 msgid "Property Mappings"
 msgstr ""
-#: authentik/core/models.py:762
+#: authentik/core/models.py:763
 msgid "Authenticated Session"
 msgstr ""
-#: authentik/core/models.py:763
+#: authentik/core/models.py:764
 msgid "Authenticated Sessions"
 msgstr ""
@ -320,12 +320,12 @@ msgstr ""
 msgid "Go home"
 msgstr ""
-#: authentik/core/templates/login/base_full.html:89
+#: authentik/core/templates/login/base_full.html:75
 msgid "Powered by authentik"
 msgstr ""
 #: authentik/core/views/apps.py:53
-#: authentik/providers/oauth2/views/authorize.py:393
+#: authentik/providers/oauth2/views/authorize.py:434
 #: authentik/providers/oauth2/views/device_init.py:70
 #: authentik/providers/saml/views/sso.py:70
 #, python-format
@ -354,6 +354,10 @@ msgstr ""
 msgid "Certificate-Key Pairs"
 msgstr ""
 #: authentik/enterprise/api.py:33
 msgid "Enterprise is required to create/update this object."
 msgstr ""
 #: authentik/enterprise/models.py:183
 msgid "License"
 msgstr ""
@ -370,105 +374,152 @@ msgstr ""
 msgid "License Usage Records"
 msgstr ""
-#: authentik/events/models.py:291
+#: authentik/enterprise/policy.py:18
 msgid "Enterprise required to access this feature."
 msgstr ""
 #: authentik/enterprise/policy.py:20
 msgid "Feature only accessible for internal users."
 msgstr ""
 #: authentik/enterprise/providers/rac/models.py:48
 #: authentik/stages/user_login/models.py:39
 msgid ""
 "Determines how long a session lasts. Default of 0 means that the sessions "
 "lasts until the browser is closed. (Format: hours=-1;minutes=-2;seconds=-3)"
 msgstr ""
 #: authentik/enterprise/providers/rac/models.py:71
 msgid "RAC Provider"
 msgstr ""
 #: authentik/enterprise/providers/rac/models.py:72
 msgid "RAC Providers"
 msgstr ""
 #: authentik/enterprise/providers/rac/models.py:100
 msgid "RAC Endpoint"
 msgstr ""
 #: authentik/enterprise/providers/rac/models.py:101
 msgid "RAC Endpoints"
 msgstr ""
 #: authentik/enterprise/providers/rac/models.py:122
 msgid "RAC Property Mapping"
 msgstr ""
 #: authentik/enterprise/providers/rac/models.py:123
 msgid "RAC Property Mappings"
 msgstr ""
 #: authentik/enterprise/providers/rac/views.py:108
 msgid "Maximum connection limit reached."
 msgstr ""
 #: authentik/enterprise/providers/rac/views.py:112
 msgid "(You are already connected in another tab/window)"
 msgstr ""
 #: authentik/events/models.py:286
 msgid "Event"
 msgstr ""
-#: authentik/events/models.py:292
+#: authentik/events/models.py:287
 msgid "Events"
 msgstr ""
-#: authentik/events/models.py:298
+#: authentik/events/models.py:293
 msgid "authentik inbuilt notifications"
 msgstr ""
-#: authentik/events/models.py:299
+#: authentik/events/models.py:294
 msgid "Generic Webhook"
 msgstr ""
-#: authentik/events/models.py:300
+#: authentik/events/models.py:295
 msgid "Slack Webhook (Slack/Discord)"
 msgstr ""
-#: authentik/events/models.py:301
+#: authentik/events/models.py:296
 msgid "Email"
 msgstr ""
-#: authentik/events/models.py:319
+#: authentik/events/models.py:314
 msgid ""
 "Only send notification once, for example when sending a webhook into a chat "
 "channel."
 msgstr ""
-#: authentik/events/models.py:384
+#: authentik/events/models.py:379
 msgid "Severity"
 msgstr ""
-#: authentik/events/models.py:389
+#: authentik/events/models.py:384
 msgid "Dispatched for user"
 msgstr ""
-#: authentik/events/models.py:398
+#: authentik/events/models.py:393
 msgid "Event user"
 msgstr ""
-#: authentik/events/models.py:492
+#: authentik/events/models.py:487
 msgid "Notification Transport"
 msgstr ""
-#: authentik/events/models.py:493
+#: authentik/events/models.py:488
 msgid "Notification Transports"
 msgstr ""
-#: authentik/events/models.py:499
+#: authentik/events/models.py:494
 msgid "Notice"
 msgstr ""
-#: authentik/events/models.py:500
+#: authentik/events/models.py:495
 msgid "Warning"
 msgstr ""
-#: authentik/events/models.py:501
+#: authentik/events/models.py:496
 msgid "Alert"
 msgstr ""
-#: authentik/events/models.py:526
+#: authentik/events/models.py:521
 msgid "Notification"
 msgstr ""
-#: authentik/events/models.py:527
+#: authentik/events/models.py:522
 msgid "Notifications"
 msgstr ""
-#: authentik/events/models.py:537
+#: authentik/events/models.py:532
 msgid ""
 "Select which transports should be used to notify the user. If none are "
 "selected, the notification will only be shown in the authentik UI."
 msgstr ""
-#: authentik/events/models.py:545
+#: authentik/events/models.py:540
 msgid "Controls which severity level the created notifications will have."
 msgstr ""
-#: authentik/events/models.py:550
+#: authentik/events/models.py:545
 msgid ""
 "Define which group of users this notification should be sent and shown to. "
 "If left empty, Notification won't ben sent."
 msgstr ""
-#: authentik/events/models.py:568
+#: authentik/events/models.py:563
 msgid "Notification Rule"
 msgstr ""
-#: authentik/events/models.py:569
+#: authentik/events/models.py:564
 msgid "Notification Rules"
 msgstr ""
-#: authentik/events/models.py:589
+#: authentik/events/models.py:584
 msgid "Webhook Mapping"
 msgstr ""
-#: authentik/events/models.py:590
+#: authentik/events/models.py:585
 msgid "Webhook Mappings"
 msgstr ""
@ -529,7 +580,7 @@ msgstr ""
 msgid "Pre-flow policies"
 msgstr ""
-#: authentik/flows/api/flows_diagram.py:214 authentik/flows/models.py:193
+#: authentik/flows/api/flows_diagram.py:214 authentik/flows/models.py:194
 msgid "Flow"
 msgstr ""
@ -537,72 +588,72 @@ msgstr ""
 msgid "Flow does not apply to current user."
 msgstr ""
-#: authentik/flows/models.py:114
+#: authentik/flows/models.py:115
 #, python-format
 msgid "Dynamic In-memory stage: %(doc)s"
 msgstr ""
-#: authentik/flows/models.py:129
+#: authentik/flows/models.py:130
 msgid "Visible in the URL."
 msgstr ""
-#: authentik/flows/models.py:131
+#: authentik/flows/models.py:132
 msgid "Shown as the Title in Flow pages."
 msgstr ""
-#: authentik/flows/models.py:138
+#: authentik/flows/models.py:139
 msgid ""
 "Decides what this Flow is used for. For example, the Authentication flow is "
 "redirect to when an un-authenticated user visits authentik."
 msgstr ""
-#: authentik/flows/models.py:147
+#: authentik/flows/models.py:148
 msgid "Background shown during execution"
 msgstr ""
-#: authentik/flows/models.py:154
+#: authentik/flows/models.py:155
 msgid ""
 "Enable compatibility mode, increases compatibility with password managers on "
 "mobile devices."
 msgstr ""
-#: authentik/flows/models.py:162
+#: authentik/flows/models.py:163
 msgid "Configure what should happen when a flow denies access to a user."
 msgstr ""
-#: authentik/flows/models.py:168
+#: authentik/flows/models.py:169
 msgid "Required level of authentication and authorization to access a flow."
 msgstr ""
-#: authentik/flows/models.py:194
+#: authentik/flows/models.py:195
 msgid "Flows"
 msgstr ""
-#: authentik/flows/models.py:197
+#: authentik/flows/models.py:198
 msgid "Can export a Flow"
 msgstr ""
-#: authentik/flows/models.py:198
+#: authentik/flows/models.py:199
 msgid "Can inspect a Flow's execution"
 msgstr ""
-#: authentik/flows/models.py:199
+#: authentik/flows/models.py:200
 msgid "View Flow's cache metrics"
 msgstr ""
-#: authentik/flows/models.py:200
+#: authentik/flows/models.py:201
 msgid "Clear Flow's cache metrics"
 msgstr ""
-#: authentik/flows/models.py:216
+#: authentik/flows/models.py:217
 msgid "Evaluate policies during the Flow planning process."
 msgstr ""
-#: authentik/flows/models.py:220
+#: authentik/flows/models.py:221
 msgid "Evaluate policies when the Stage is present to the user."
 msgstr ""
-#: authentik/flows/models.py:227
+#: authentik/flows/models.py:228
 msgid ""
 "Configure how the flow executor should handle an invalid response to a "
 "challenge. RETRY returns the error message and a similar challenge to the "
@ -610,25 +661,25 @@ msgid ""
 "RESTART_WITH_CONTEXT restarts the flow while keeping the current context."
 msgstr ""
-#: authentik/flows/models.py:250
+#: authentik/flows/models.py:251
 msgid "Flow Stage Binding"
 msgstr ""
-#: authentik/flows/models.py:251
+#: authentik/flows/models.py:252
 msgid "Flow Stage Bindings"
 msgstr ""
-#: authentik/flows/models.py:266
+#: authentik/flows/models.py:267
 msgid ""
 "Flow used by an authenticated user to configure this Stage. If empty, user "
 "will not be able to configure this stage."
 msgstr ""
-#: authentik/flows/models.py:306
+#: authentik/flows/models.py:307
 msgid "Flow Token"
 msgstr ""
-#: authentik/flows/models.py:307
+#: authentik/flows/models.py:308
 msgid "Flow Tokens"
 msgstr ""
@ -651,75 +702,75 @@ msgstr ""
 msgid "Invalid kubeconfig"
 msgstr ""
-#: authentik/outposts/models.py:122
+#: authentik/outposts/models.py:123
 msgid ""
 "If enabled, use the local connection. Required Docker socket/Kubernetes "
 "Integration"
 msgstr ""
-#: authentik/outposts/models.py:152
+#: authentik/outposts/models.py:153
 msgid "Outpost Service-Connection"
 msgstr ""
-#: authentik/outposts/models.py:153
+#: authentik/outposts/models.py:154
 msgid "Outpost Service-Connections"
 msgstr ""
-#: authentik/outposts/models.py:161
+#: authentik/outposts/models.py:162
 msgid ""
 "Can be in the format of 'unix://<path>' when connecting to a local docker "
 "daemon, or 'https://<hostname>:2376' when connecting to a remote system."
 msgstr ""
-#: authentik/outposts/models.py:173
+#: authentik/outposts/models.py:174
 msgid ""
 "CA which the endpoint's Certificate is verified against. Can be left empty "
 "for no validation."
 msgstr ""
-#: authentik/outposts/models.py:185
+#: authentik/outposts/models.py:186
 msgid ""
 "Certificate/Key used for authentication. Can be left empty for no "
 "authentication."
 msgstr ""
-#: authentik/outposts/models.py:203
+#: authentik/outposts/models.py:204
 msgid "Docker Service-Connection"
 msgstr ""
-#: authentik/outposts/models.py:204
+#: authentik/outposts/models.py:205
 msgid "Docker Service-Connections"
 msgstr ""
-#: authentik/outposts/models.py:212
+#: authentik/outposts/models.py:213
 msgid ""
 "Paste your kubeconfig here. authentik will automatically use the currently "
 "selected context."
 msgstr ""
-#: authentik/outposts/models.py:218
+#: authentik/outposts/models.py:219
 msgid "Verify SSL Certificates of the Kubernetes API endpoint"
 msgstr ""
-#: authentik/outposts/models.py:235
+#: authentik/outposts/models.py:236
 msgid "Kubernetes Service-Connection"
 msgstr ""
-#: authentik/outposts/models.py:236
+#: authentik/outposts/models.py:237
 msgid "Kubernetes Service-Connections"
 msgstr ""
-#: authentik/outposts/models.py:252
+#: authentik/outposts/models.py:253
 msgid ""
 "Select Service-Connection authentik should use to manage this outpost. Leave "
 "empty if authentik should not handle the deployment."
 msgstr ""
-#: authentik/outposts/models.py:419
+#: authentik/outposts/models.py:420
 msgid "Outpost"
 msgstr ""
-#: authentik/outposts/models.py:420
+#: authentik/outposts/models.py:421
 msgid "Outposts"
 msgstr ""
@ -902,11 +953,11 @@ msgstr ""
 msgid "Reputation Policies"
 msgstr ""
-#: authentik/policies/reputation/models.py:95
+#: authentik/policies/reputation/models.py:96
 msgid "Reputation Score"
 msgstr ""
-#: authentik/policies/reputation/models.py:96
+#: authentik/policies/reputation/models.py:97
 msgid "Reputation Scores"
 msgstr ""
@ -1169,63 +1220,63 @@ msgid "OAuth2/OpenID Providers"
 msgstr ""
 #: authentik/providers/oauth2/models.py:297
-#: authentik/providers/oauth2/models.py:429
+#: authentik/providers/oauth2/models.py:430
 msgid "Scopes"
 msgstr ""
-#: authentik/providers/oauth2/models.py:316
+#: authentik/providers/oauth2/models.py:317
 msgid "Code"
 msgstr ""
-#: authentik/providers/oauth2/models.py:317
+#: authentik/providers/oauth2/models.py:318
 msgid "Nonce"
 msgstr ""
-#: authentik/providers/oauth2/models.py:318
+#: authentik/providers/oauth2/models.py:319
 msgid "Code Challenge"
 msgstr ""
-#: authentik/providers/oauth2/models.py:320
+#: authentik/providers/oauth2/models.py:321
 msgid "Code Challenge Method"
 msgstr ""
-#: authentik/providers/oauth2/models.py:340
+#: authentik/providers/oauth2/models.py:341
 msgid "Authorization Code"
 msgstr ""
-#: authentik/providers/oauth2/models.py:341
+#: authentik/providers/oauth2/models.py:342
 msgid "Authorization Codes"
 msgstr ""
-#: authentik/providers/oauth2/models.py:383
+#: authentik/providers/oauth2/models.py:384
 msgid "OAuth2 Access Token"
 msgstr ""
-#: authentik/providers/oauth2/models.py:384
+#: authentik/providers/oauth2/models.py:385
 msgid "OAuth2 Access Tokens"
 msgstr ""
-#: authentik/providers/oauth2/models.py:394
+#: authentik/providers/oauth2/models.py:395
 msgid "ID Token"
 msgstr ""
-#: authentik/providers/oauth2/models.py:413
+#: authentik/providers/oauth2/models.py:414
 msgid "OAuth2 Refresh Token"
 msgstr ""
-#: authentik/providers/oauth2/models.py:414
+#: authentik/providers/oauth2/models.py:415
 msgid "OAuth2 Refresh Tokens"
 msgstr ""
-#: authentik/providers/oauth2/models.py:441
+#: authentik/providers/oauth2/models.py:442
 msgid "Device Token"
 msgstr ""
-#: authentik/providers/oauth2/models.py:442
+#: authentik/providers/oauth2/models.py:443
 msgid "Device Tokens"
 msgstr ""
-#: authentik/providers/oauth2/views/authorize.py:448
+#: authentik/providers/oauth2/views/authorize.py:489
 #: authentik/providers/saml/views/flows.py:87
 #, python-format
 msgid "Redirecting to %(app)s..."
@ -1476,59 +1527,59 @@ msgstr ""
 msgid "SAML Property Mappings"
 msgstr ""
-#: authentik/providers/scim/models.py:20
+#: authentik/providers/scim/models.py:23
 msgid "Base URL to SCIM requests, usually ends in /v2"
 msgstr ""
-#: authentik/providers/scim/models.py:21
+#: authentik/providers/scim/models.py:24
 msgid "Authentication token"
 msgstr ""
-#: authentik/providers/scim/models.py:27 authentik/sources/ldap/models.py:98
+#: authentik/providers/scim/models.py:30 authentik/sources/ldap/models.py:98
 msgid "Property mappings used for group creation/updating."
 msgstr ""
-#: authentik/providers/scim/models.py:60
+#: authentik/providers/scim/models.py:72
 msgid "SCIM Provider"
 msgstr ""
-#: authentik/providers/scim/models.py:61
+#: authentik/providers/scim/models.py:73
 msgid "SCIM Providers"
 msgstr ""
-#: authentik/providers/scim/models.py:81
+#: authentik/providers/scim/models.py:93
 msgid "SCIM Mapping"
 msgstr ""
-#: authentik/providers/scim/models.py:82
+#: authentik/providers/scim/models.py:94
 msgid "SCIM Mappings"
 msgstr ""
-#: authentik/providers/scim/tasks.py:52
+#: authentik/providers/scim/tasks.py:56
 msgid "Starting full SCIM sync"
 msgstr ""
-#: authentik/providers/scim/tasks.py:59
+#: authentik/providers/scim/tasks.py:66
 #, python-format
 msgid "Syncing page %(page)d of users"
 msgstr ""
-#: authentik/providers/scim/tasks.py:63
+#: authentik/providers/scim/tasks.py:70
 #, python-format
 msgid "Syncing page %(page)d of groups"
 msgstr ""
-#: authentik/providers/scim/tasks.py:92
+#: authentik/providers/scim/tasks.py:102
 #, python-format
 msgid "Failed to sync user %(user_name)s due to remote error: %(error)s"
 msgstr ""
-#: authentik/providers/scim/tasks.py:103 authentik/providers/scim/tasks.py:144
+#: authentik/providers/scim/tasks.py:113 authentik/providers/scim/tasks.py:154
 #, python-format
 msgid "Stopping sync due to error: %(error)s"
 msgstr ""
-#: authentik/providers/scim/tasks.py:133
+#: authentik/providers/scim/tasks.py:143
 #, python-format
 msgid "Failed to sync group %(group_name)s due to remote error: %(error)s"
 msgstr ""
@ -2054,7 +2105,7 @@ msgstr ""
 msgid "TOTP Devices"
 msgstr ""
-#: authentik/stages/authenticator_validate/challenge.py:131
+#: authentik/stages/authenticator_validate/challenge.py:123
 msgid "Invalid Token"
 msgstr ""
@ -2227,6 +2278,7 @@ msgid "Email Successfully sent."
 msgstr ""
 #: authentik/stages/email/templates/email/account_confirmation.html:10
 #: authentik/stages/email/templates/email/account_confirmation.txt:1
 msgid "Welcome!"
 msgstr ""
@ -2249,6 +2301,12 @@ msgid ""
 "    "
 msgstr ""
 #: authentik/stages/email/templates/email/account_confirmation.txt:3
 msgid ""
 "We're excited to have you get started. First, you need to confirm your "
 "account. Just open the link below."
 msgstr ""
 #: authentik/stages/email/templates/email/event_notification.html:46
 #, python-format
 msgid ""
@ -2258,6 +2316,25 @@ msgid ""
 "    "
 msgstr ""
 #: authentik/stages/email/templates/email/event_notification.txt:1
 msgid "Dear authentik user,"
 msgstr ""
 #: authentik/stages/email/templates/email/event_notification.txt:3
 msgid "The following notification was created:"
 msgstr ""
 #: authentik/stages/email/templates/email/event_notification.txt:8
 msgid "Additional attributes:"
 msgstr ""
 #: authentik/stages/email/templates/email/event_notification.txt:13
 #, python-format
 msgid ""
 "\n"
 "This email was sent from the notification transport %(name)s.\n"
 msgstr ""
 #: authentik/stages/email/templates/email/password_reset.html:10
 #, python-format
 msgid ""
@ -2283,6 +2360,26 @@ msgid ""
 "    "
 msgstr ""
 #: authentik/stages/email/templates/email/password_reset.txt:1
 #, python-format
 msgid "Hi %(username)s,"
 msgstr ""
 #: authentik/stages/email/templates/email/password_reset.txt:3
 msgid ""
 "\n"
 "You recently requested to change your password for your authentik account. "
 "Use the link below to set a new password.\n"
 msgstr ""
 #: authentik/stages/email/templates/email/password_reset.txt:7
 #, python-format
 msgid ""
 "\n"
 "If you did not request a password change, please ignore this Email. The link "
 "above is valid for %(expires)s.\n"
 msgstr ""
 #: authentik/stages/email/templates/email/setup.html:9
 msgid "authentik Test-Email"
 msgstr ""
@ -2295,6 +2392,13 @@ msgid ""
 "                    "
 msgstr ""
 #: authentik/stages/email/templates/email/setup.txt:2
 msgid ""
 "\n"
 "This is a test email to inform you, that you've successfully configured "
 "authentik emails.\n"
 msgstr ""
 #: authentik/stages/identification/api.py:20
 msgid "When no user fields are selected, at least one source must be selected"
 msgstr ""
@ -2539,36 +2643,38 @@ msgstr ""
 msgid "No Pending User."
 msgstr ""
-#: authentik/stages/user_login/models.py:19
+#: authentik/stages/user_login/models.py:47
-msgid ""
+msgid "Bind sessions created by this stage to the configured network"
 "Determines how long a session lasts. Default of 0 means that the sessions "
 "lasts until the browser is closed. (Format: hours=-1;minutes=-2;seconds=-3)"
 msgstr ""
-#: authentik/stages/user_login/models.py:25
+#: authentik/stages/user_login/models.py:52
 msgid "Bind sessions created by this stage to the configured GeoIP location"
 msgstr ""
 #: authentik/stages/user_login/models.py:55
 msgid "Terminate all other sessions of the user logging in."
 msgstr ""
-#: authentik/stages/user_login/models.py:31
+#: authentik/stages/user_login/models.py:61
 msgid ""
 "Offset the session will be extended by when the user picks the remember me "
 "option. Default of 0 means that the remember me option will not be shown. "
 "(Format: hours=-1;minutes=-2;seconds=-3)"
 msgstr ""
-#: authentik/stages/user_login/models.py:54
+#: authentik/stages/user_login/models.py:84
 msgid "User Login Stage"
 msgstr ""
-#: authentik/stages/user_login/models.py:55
+#: authentik/stages/user_login/models.py:85
 msgid "User Login Stages"
 msgstr ""
-#: authentik/stages/user_login/stage.py:57
+#: authentik/stages/user_login/stage.py:85
 msgid "No Pending user to login."
 msgstr ""
-#: authentik/stages/user_login/stage.py:90
+#: authentik/stages/user_login/stage.py:112
 msgid "Successfully logged in!"
 msgstr ""
--- a/web/package-lock.json
+++ b/web/package-lock.json
@ -25,7 +25,6 @@
                "@patternfly/elements": "^2.4.0",
                "@patternfly/patternfly": "^4.224.2",
                "@sentry/browser": "^7.93.0",
                "@sentry/tracing": "^7.93.0",
                "@webcomponents/webcomponentsjs": "^2.8.0",
                "base64-js": "^1.5.1",
                "chart.js": "^4.4.1",
@ -4818,17 +4817,6 @@
                "node": ">=12"
            }
        },
        "node_modules/@sentry/tracing": {
            "version": "7.93.0",
            "resolved": "https://registry.npmjs.org/@sentry/tracing/-/tracing-7.93.0.tgz",
            "integrity": "sha512-n4XbAQ7e098Jzv4ZvpXAsFgM+XFfjhKci18r7s3UfDMnrB4FTCwhHZoeiygO8PZhB944mEFbNXNFhHkb8nTDbA==",
            "dependencies": {
                "@sentry-internal/tracing": "7.93.0"
            },
            "engines": {
                "node": ">=8"
            }
        },
        "node_modules/@sentry/types": {
            "version": "7.93.0",
            "resolved": "https://registry.npmjs.org/@sentry/types/-/types-7.93.0.tgz",
--- a/web/package.json
+++ b/web/package.json
@ -50,7 +50,6 @@
        "@patternfly/elements": "^2.4.0",
        "@patternfly/patternfly": "^4.224.2",
        "@sentry/browser": "^7.93.0",
        "@sentry/tracing": "^7.93.0",
        "@webcomponents/webcomponentsjs": "^2.8.0",
        "base64-js": "^1.5.1",
        "chart.js": "^4.4.1",
--- a/web/src/admin/groups/GroupViewPage.ts
+++ b/web/src/admin/groups/GroupViewPage.ts
@ -117,8 +117,8 @@ export class GroupViewPage extends AKElement {
                                    <dd class="pf-c-description-list__description">
                                        <div class="pf-c-description-list__text">
                                            <ak-status-label
-                                                type="warning"
+                                                type="info"
-                                                ?good${this.group.isSuperuser}
+                                                ?good=${this.group.isSuperuser}
                                            ></ak-status-label>
                                        </div>
                                    </dd>
--- a/web/src/admin/stages/invitation/InvitationForm.ts
+++ b/web/src/admin/stages/invitation/InvitationForm.ts
@ -65,7 +65,7 @@ export class InvitationForm extends ModelForm<Invitation, string> {
                    value="${dateTimeLocal(first(this.instance?.expires, new Date()))}"
                />
            </ak-form-element-horizontal>
-            <ak-form-element-horizontal label=${msg("Flow")} ?required=${true} name="flow">
+            <ak-form-element-horizontal label=${msg("Flow")} name="flow">
                <ak-flow-search
                    flowType=${FlowsInstancesListDesignationEnum.Enrollment}
                    .currentFlow=${this.instance?.flow}
--- a/web/src/common/sentry.ts
+++ b/web/src/common/sentry.ts
@ -3,7 +3,6 @@ import { VERSION } from "@goauthentik/common/constants";
 import { SentryIgnoredError } from "@goauthentik/common/errors";
 import { me } from "@goauthentik/common/users";
 import * as Sentry from "@sentry/browser";
 import { Integrations } from "@sentry/tracing";
 import { CapabilitiesEnum, Config, ResponseError } from "@goauthentik/api";
@ -28,8 +27,10 @@ export async function configureSentry(canDoPpi = false): Promise<Config> {
            ],
            release: `authentik@${VERSION}`,
            integrations: [
-                new Integrations.BrowserTracing({
+                new Sentry.BrowserTracing({
-                    tracingOrigins: [window.location.host, "localhost"],
+                    shouldCreateSpanForRequest: (url: string) => {
                        return url.startsWith(window.location.host);
                    },
                }),
            ],
            tracesSampleRate: cfg.errorReporting.tracesSampleRate,
--- a/web/src/common/styles/theme-dark.css
+++ b/web/src/common/styles/theme-dark.css
@ -157,6 +157,10 @@ select[multiple] option:checked {
 .pf-c-switch__input:checked ~ .pf-c-switch__label {
    --pf-c-switch__input--checked__label--Color: var(--ak-dark-foreground);
 }
 input[type="datetime-local"]::-webkit-calendar-picker-indicator,
 input[type="date"]::-webkit-calendar-picker-indicator {
    filter: invert(1);
 }
 /* select toggle */
 .pf-c-select__toggle::before {
    --pf-c-select__toggle--before--BorderTopColor: var(--ak-dark-background-lighter);
--- a/web/src/elements/forms/SearchSelect/ak-search-select.ts
+++ b/web/src/elements/forms/SearchSelect/ak-search-select.ts
@ -1,12 +1,13 @@
 import { APIErrorTypes, parseAPIError } from "@goauthentik/app/common/errors";
 import { PreventFormSubmit } from "@goauthentik/app/elements/forms/helpers";
 import { EVENT_REFRESH } from "@goauthentik/common/constants";
 import { ascii_letters, digits, groupBy, randomString } from "@goauthentik/common/utils";
 import { AKElement } from "@goauthentik/elements/Base";
 import { CustomEmitterElement } from "@goauthentik/elements/utils/eventEmitter";
-import { msg } from "@lit/localize";
+import { msg, str } from "@lit/localize";
 import { TemplateResult, html, render } from "lit";
-import { customElement, property } from "lit/decorators.js";
+import { customElement, property, state } from "lit/decorators.js";
 import { styleMap } from "lit/directives/style-map.js";
 import PFDropdown from "@patternfly/patternfly/components/Dropdown/dropdown.css";
@ -15,6 +16,8 @@ import PFFormControl from "@patternfly/patternfly/components/FormControl/form-co
 import PFSelect from "@patternfly/patternfly/components/Select/select.css";
 import PFBase from "@patternfly/patternfly/patternfly-base.css";
 import { ResponseError } from "@goauthentik/api";
 type Group<T> = [string, T[]];
@customElement("ak-search-select")
@ -99,6 +102,9 @@ export class SearchSelect<T> extends CustomEmitterElement(AKElement) {
    isFetchingData = false;
    @state()
    error?: APIErrorTypes;
    static styles = [PFBase, PFForm, PFFormControl, PFSelect];
    constructor() {
@ -139,15 +145,23 @@ export class SearchSelect<T> extends CustomEmitterElement(AKElement) {
            return;
        }
        this.isFetchingData = true;
-        this.fetchObjects(this.query).then((objects) => {
+        this.fetchObjects(this.query)
-            objects.forEach((obj) => {
+            .then((objects) => {
-                if (this.selected && this.selected(obj, objects || [])) {
+                objects.forEach((obj) => {
-                    this.selectedObject = obj;
+                    if (this.selected && this.selected(obj, objects || [])) {
-                }
+                        this.selectedObject = obj;
                    }
                });
                this.objects = objects;
                this.isFetchingData = false;
            })
            .catch((exc: ResponseError) => {
                this.isFetchingData = false;
                this.objects = undefined;
                parseAPIError(exc).then((err) => {
                    this.error = err;
                });
            });
            this.objects = objects;
            this.isFetchingData = false;
        });
    }
    connectedCallback(): void {
@ -307,11 +321,19 @@ export class SearchSelect<T> extends CustomEmitterElement(AKElement) {
    }
    get renderedValue() {
-        // prettier-ignore
+        if (this.error) {
-        return (!this.objects) ? msg("Loading...")
+            return msg(str`Failed to fetch objects: ${this.error.detail}`);
-            : (this.selectedObject) ? this.renderElement(this.selectedObject)
+        }
-            : (this.blankable) ? this.emptyOption
+        if (!this.objects) {
-            : "";
+            return msg("Loading...");
        }
        if (this.selectedObject) {
            return this.renderElement(this.selectedObject);
        }
        if (this.blankable) {
            return this.emptyOption;
        }
        return "";
    }
    render(): TemplateResult {
--- a/web/xliff/de.xlf
+++ b/web/xliff/de.xlf
@ -6255,6 +6255,9 @@ Bindings to groups/users are checked against the user of the event.</source>
 </trans-unit>
 <trans-unit id="s95d56e58f816d211">
  <source>Dutch</source>
 </trans-unit>
 <trans-unit id="s16a15af46bc9aeef">
  <source>Failed to fetch objects: <x id="0" equiv-text="${this.error.detail}"/></source>
 </trans-unit>
    </body>
  </file>
--- a/web/xliff/en.xlf
+++ b/web/xliff/en.xlf
@ -6531,6 +6531,9 @@ Bindings to groups/users are checked against the user of the event.</source>
 </trans-unit>
 <trans-unit id="s95d56e58f816d211">
  <source>Dutch</source>
 </trans-unit>
 <trans-unit id="s16a15af46bc9aeef">
  <source>Failed to fetch objects: <x id="0" equiv-text="${this.error.detail}"/></source>
 </trans-unit>
    </body>
  </file>
--- a/web/xliff/es.xlf
+++ b/web/xliff/es.xlf
@ -6171,6 +6171,9 @@ Bindings to groups/users are checked against the user of the event.</source>
 </trans-unit>
 <trans-unit id="s95d56e58f816d211">
  <source>Dutch</source>
 </trans-unit>
 <trans-unit id="s16a15af46bc9aeef">
  <source>Failed to fetch objects: <x id="0" equiv-text="${this.error.detail}"/></source>
 </trans-unit>
    </body>
  </file>
--- a/web/xliff/fr.xlf
+++ b/web/xliff/fr.xlf
@ -1,4 +1,4 @@
-<?xml version="1.0" ?><xliff xmlns="urn:oasis:names:tc:xliff:document:1.2" version="1.2">
+<?xml version="1.0"?><xliff xmlns="urn:oasis:names:tc:xliff:document:1.2" version="1.2">
  <file target-language="fr" source-language="en" original="lit-localize-inputs" datatype="plaintext">
    <body>
      <trans-unit id="s4caed5b7a7e5d89b">
@ -613,9 +613,9 @@ Il y a <x id="0" equiv-text="${ago}"/> jour(s)</target>
      </trans-unit>
      <trans-unit id="saa0e2675da69651b">
-        <source>The URL &quot;<x id="0" equiv-text="${this.url}"/>&quot; was not found.</source>
+        <source>The URL "<x id="0" equiv-text="${this.url}"/>" was not found.</source>
-        <target>L'URL &quot; 
+        <target>L'URL " 
-        <x id="0" equiv-text="${this.url}"/>&quot; n'a pas été trouvée.</target>
+        <x id="0" equiv-text="${this.url}"/>" n'a pas été trouvée.</target>
      </trans-unit>
      <trans-unit id="s58cd9c2fe836d9c6">
@ -1057,8 +1057,8 @@ Il y a <x id="0" equiv-text="${ago}"/> jour(s)</target>
      </trans-unit>
      <trans-unit id="sa8384c9c26731f83">
-        <source>To allow any redirect URI, set this value to &quot;.*&quot;. Be aware of the possible security implications this can have.</source>
+        <source>To allow any redirect URI, set this value to ".*". Be aware of the possible security implications this can have.</source>
-        <target>Pour permettre n'importe quelle URI de redirection, définissez cette valeur sur &quot;.*&quot;. Soyez conscient des possibles implications de sécurité que cela peut avoir.</target>
+        <target>Pour permettre n'importe quelle URI de redirection, définissez cette valeur sur ".*". Soyez conscient des possibles implications de sécurité que cela peut avoir.</target>
      </trans-unit>
      <trans-unit id="s55787f4dfcdce52b">
@ -1630,7 +1630,7 @@ Il y a <x id="0" equiv-text="${ago}"/> jour(s)</target>
      </trans-unit>
      <trans-unit id="s33ed903c210a6209">
        <source>Token to authenticate with. Currently only bearer authentication is supported.</source>
-        <target>Jeton d'authentification à utiliser. Actuellement, seule l'authentification &quot;bearer authentication&quot; est prise en charge.</target>
+        <target>Jeton d'authentification à utiliser. Actuellement, seule l'authentification "bearer authentication" est prise en charge.</target>
      </trans-unit>
      <trans-unit id="sfc8bb104e2c05af8">
@ -1798,8 +1798,8 @@ Il y a <x id="0" equiv-text="${ago}"/> jour(s)</target>
      </trans-unit>
      <trans-unit id="sa90b7809586c35ce">
-        <source>Either input a full URL, a relative path, or use 'fa://fa-test' to use the Font Awesome icon &quot;fa-test&quot;.</source>
+        <source>Either input a full URL, a relative path, or use 'fa://fa-test' to use the Font Awesome icon "fa-test".</source>
-        <target>Entrez une URL complète, un chemin relatif ou utilisez 'fa://fa-test' pour utiliser l'icône Font Awesome &quot;fa-test&quot;.</target>
+        <target>Entrez une URL complète, un chemin relatif ou utilisez 'fa://fa-test' pour utiliser l'icône Font Awesome "fa-test".</target>
      </trans-unit>
      <trans-unit id="s0410779cb47de312">
@ -2892,7 +2892,7 @@ doesn't pass when either or both of the selected options are equal or above the
      </trans-unit>
      <trans-unit id="s33683c3b1dbaf264">
        <source>To use SSL instead, use 'ldaps://' and disable this option.</source>
-        <target>Pour utiliser SSL à la base, utilisez &quot;ldaps://&quot; et désactviez cette option.</target>
+        <target>Pour utiliser SSL à la base, utilisez "ldaps://" et désactviez cette option.</target>
      </trans-unit>
      <trans-unit id="s2221fef80f4753a2">
@ -2981,8 +2981,8 @@ doesn't pass when either or both of the selected options are equal or above the
      </trans-unit>
      <trans-unit id="s76768bebabb7d543">
-        <source>Field which contains members of a group. Note that if using the &quot;memberUid&quot; field, the value is assumed to contain a relative distinguished name. e.g. 'memberUid=some-user' instead of 'memberUid=cn=some-user,ou=groups,...'</source>
+        <source>Field which contains members of a group. Note that if using the "memberUid" field, the value is assumed to contain a relative distinguished name. e.g. 'memberUid=some-user' instead of 'memberUid=cn=some-user,ou=groups,...'</source>
-        <target>Champ qui contient les membres d'un groupe. Si vous utilisez le champ &quot;memberUid&quot;, la valeur est censée contenir un nom distinctif relatif, par exemple 'memberUid=un-utilisateur' au lieu de 'memberUid=cn=un-utilisateur,ou=groups,...'</target>
+        <target>Champ qui contient les membres d'un groupe. Si vous utilisez le champ "memberUid", la valeur est censée contenir un nom distinctif relatif, par exemple 'memberUid=un-utilisateur' au lieu de 'memberUid=cn=un-utilisateur,ou=groups,...'</target>
      </trans-unit>
      <trans-unit id="s026555347e589f0e">
@ -3277,7 +3277,7 @@ doesn't pass when either or both of the selected options are equal or above the
      </trans-unit>
      <trans-unit id="s3198c384c2f68b08">
        <source>Time offset when temporary users should be deleted. This only applies if your IDP uses the NameID Format 'transient', and the user doesn't log out manually.</source>
-        <target>Moment où les utilisateurs temporaires doivent être supprimés. Cela ne s'applique que si votre IDP utilise le format NameID &quot;transient&quot; et que l'utilisateur ne se déconnecte pas manuellement.</target>
+        <target>Moment où les utilisateurs temporaires doivent être supprimés. Cela ne s'applique que si votre IDP utilise le format NameID "transient" et que l'utilisateur ne se déconnecte pas manuellement.</target>
      </trans-unit>
      <trans-unit id="sb32e9c1faa0b8673">
@ -3445,7 +3445,7 @@ doesn't pass when either or both of the selected options are equal or above the
      </trans-unit>
      <trans-unit id="s9f8aac89fe318acc">
        <source>Optionally set the 'FriendlyName' value of the Assertion attribute.</source>
-        <target>Indiquer la valeur &quot;FriendlyName&quot; de l'attribut d'assertion (optionnel)</target>
+        <target>Indiquer la valeur "FriendlyName" de l'attribut d'assertion (optionnel)</target>
      </trans-unit>
      <trans-unit id="s851c108679653d2a">
@ -3774,8 +3774,8 @@ doesn't pass when either or both of the selected options are equal or above the
      </trans-unit>
      <trans-unit id="s7b1fba26d245cb1c">
-        <source>When using an external logging solution for archiving, this can be set to &quot;minutes=5&quot;.</source>
+        <source>When using an external logging solution for archiving, this can be set to "minutes=5".</source>
-        <target>En cas d'utilisation d'une solution de journalisation externe pour l'archivage, cette valeur peut être fixée à &quot;minutes=5&quot;.</target>
+        <target>En cas d'utilisation d'une solution de journalisation externe pour l'archivage, cette valeur peut être fixée à "minutes=5".</target>
      </trans-unit>
      <trans-unit id="s44536d20bb5c8257">
@ -3784,8 +3784,8 @@ doesn't pass when either or both of the selected options are equal or above the
      </trans-unit>
      <trans-unit id="s3bb51cabb02b997e">
-        <source>Format: &quot;weeks=3;days=2;hours=3,seconds=2&quot;.</source>
+        <source>Format: "weeks=3;days=2;hours=3,seconds=2".</source>
-        <target>Format : &quot;weeks=3;days=2;hours=3,seconds=2&quot;.</target>
+        <target>Format : "weeks=3;days=2;hours=3,seconds=2".</target>
      </trans-unit>
      <trans-unit id="s04bfd02201db5ab8">
@ -3981,10 +3981,10 @@ doesn't pass when either or both of the selected options are equal or above the
      </trans-unit>
      <trans-unit id="sa95a538bfbb86111">
-        <source>Are you sure you want to update <x id="0" equiv-text="${this.objectLabel}"/> &quot;<x id="1" equiv-text="${this.obj?.name}"/>&quot;?</source>
+        <source>Are you sure you want to update <x id="0" equiv-text="${this.objectLabel}"/> "<x id="1" equiv-text="${this.obj?.name}"/>"?</source>
        <target>Êtes-vous sûr de vouloir mettre à jour 
-        <x id="0" equiv-text="${this.objectLabel}"/>&quot; 
+        <x id="0" equiv-text="${this.objectLabel}"/>" 
-        <x id="1" equiv-text="${this.obj?.name}"/>&quot; ?</target>
+        <x id="1" equiv-text="${this.obj?.name}"/>" ?</target>
      </trans-unit>
      <trans-unit id="sc92d7cfb6ee1fec6">
@ -5070,8 +5070,8 @@ doesn't pass when either or both of the selected options are equal or above the
      </trans-unit>
      <trans-unit id="sdf1d8edef27236f0">
-        <source>A &quot;roaming&quot; authenticator, like a YubiKey</source>
+        <source>A "roaming" authenticator, like a YubiKey</source>
-        <target>Un authentificateur &quot;itinérant&quot;, comme une YubiKey</target>
+        <target>Un authentificateur "itinérant", comme une YubiKey</target>
      </trans-unit>
      <trans-unit id="sfffba7b23d8fb40c">
@ -5396,7 +5396,7 @@ doesn't pass when either or both of the selected options are equal or above the
      </trans-unit>
      <trans-unit id="s5170f9ef331949c0">
        <source>Show arbitrary input fields to the user, for example during enrollment. Data is saved in the flow context under the 'prompt_data' variable.</source>
-        <target>Afficher des champs de saisie arbitraires à l'utilisateur, par exemple pendant l'inscription. Les données sont enregistrées dans le contexte du flux sous la variable &quot;prompt_data&quot;.</target>
+        <target>Afficher des champs de saisie arbitraires à l'utilisateur, par exemple pendant l'inscription. Les données sont enregistrées dans le contexte du flux sous la variable "prompt_data".</target>
      </trans-unit>
      <trans-unit id="s36cb242ac90353bc">
@ -5405,10 +5405,10 @@ doesn't pass when either or both of the selected options are equal or above the
      </trans-unit>
      <trans-unit id="s2d5f69929bb7221d">
-        <source><x id="0" equiv-text="${prompt.name}"/> (&quot;<x id="1" equiv-text="${prompt.fieldKey}"/>&quot;, of type <x id="2" equiv-text="${prompt.type}"/>)</source>
+        <source><x id="0" equiv-text="${prompt.name}"/> ("<x id="1" equiv-text="${prompt.fieldKey}"/>", of type <x id="2" equiv-text="${prompt.type}"/>)</source>
        <target>
-        <x id="0" equiv-text="${prompt.name}"/>(&quot; 
+        <x id="0" equiv-text="${prompt.name}"/>(" 
-        <x id="1" equiv-text="${prompt.fieldKey}"/>&quot;, de type 
+        <x id="1" equiv-text="${prompt.fieldKey}"/>", de type 
        <x id="2" equiv-text="${prompt.type}"/>)</target>
      </trans-unit>
@ -5457,8 +5457,8 @@ doesn't pass when either or both of the selected options are equal or above the
      </trans-unit>
      <trans-unit id="s1608b2f94fa0dbd4">
-        <source>If set to a duration above 0, the user will have the option to choose to &quot;stay signed in&quot;, which will extend their session by the time specified here.</source>
+        <source>If set to a duration above 0, the user will have the option to choose to "stay signed in", which will extend their session by the time specified here.</source>
-        <target>Si défini à une durée supérieure à 0, l'utilisateur aura la possibilité de choisir de &quot;rester connecté&quot;, ce qui prolongera sa session jusqu'à la durée spécifiée ici.</target>
+        <target>Si défini à une durée supérieure à 0, l'utilisateur aura la possibilité de choisir de "rester connecté", ce qui prolongera sa session jusqu'à la durée spécifiée ici.</target>
      </trans-unit>
      <trans-unit id="s542a71bb8f41e057">
@ -6242,7 +6242,7 @@ Les liaisons avec les groupes/utilisateurs sont vérifiées par rapport à l'uti
      </trans-unit>
      <trans-unit id="sa7fcf026bd25f231">
        <source>Can be in the format of 'unix://' when connecting to a local docker daemon, using 'ssh://' to connect via SSH, or 'https://:2376' when connecting to a remote system.</source>
-        <target>Peut être au format &quot;unix://&quot; pour une connexion à un service docker local, &quot;ssh://&quot; pour une connexion via SSH, ou &quot;https://:2376&quot; pour une connexion à un système distant.</target>
+        <target>Peut être au format "unix://" pour une connexion à un service docker local, "ssh://" pour une connexion via SSH, ou "https://:2376" pour une connexion à un système distant.</target>
      </trans-unit>
      <trans-unit id="saf1d289e3137c2ea">
@ -7549,7 +7549,7 @@ Les liaisons avec les groupes/utilisateurs sont vérifiées par rapport à l'uti
 </trans-unit>
 <trans-unit id="sff0ac1ace2d90709">
  <source>Use this provider with nginx's auth_request or traefik's forwardAuth. Each application/domain needs its own provider. Additionally, on each domain, /outpost.goauthentik.io must be routed to the outpost (when using a managed outpost, this is done for you).</source>
-  <target>Utilisez ce fournisseur avec l'option &quot;auth_request&quot; de Nginx ou &quot;forwardAuth&quot; de Traefik. Chaque application/domaine a besoin de son propre fournisseur. De plus, sur chaque domaine, &quot;/outpost.goauthentik.io&quot; doit être routé vers le poste avancé (lorsque vous utilisez un poste avancé géré, cela est fait pour vous).</target>
+  <target>Utilisez ce fournisseur avec l'option "auth_request" de Nginx ou "forwardAuth" de Traefik. Chaque application/domaine a besoin de son propre fournisseur. De plus, sur chaque domaine, "/outpost.goauthentik.io" doit être routé vers le poste avancé (lorsque vous utilisez un poste avancé géré, cela est fait pour vous).</target>
 </trans-unit>
 <trans-unit id="scb58b8a60cad8762">
  <source>Default relay state</source>
@ -7963,7 +7963,7 @@ Les liaisons avec les groupes/utilisateurs sont vérifiées par rapport à l'uti
  <target>Utilisateur créé et ajouté au groupe <x id="0" equiv-text="${this.group.name}"/> avec succès</target>
 </trans-unit>
 <trans-unit id="s824e0943a7104668">
-  <source>This user will be added to the group &quot;<x id="0" equiv-text="${this.targetGroup.name}"/>&quot;.</source>
+  <source>This user will be added to the group "<x id="0" equiv-text="${this.targetGroup.name}"/>".</source>
  <target>Cet utilisateur sera ajouté au groupe &amp;quot;<x id="0" equiv-text="${this.targetGroup.name}"/>&amp;quot;.</target>
 </trans-unit>
 <trans-unit id="s62e7f6ed7d9cb3ca">
@ -8225,6 +8225,9 @@ Les liaisons avec les groupes/utilisateurs sont vérifiées par rapport à l'uti
 <trans-unit id="s95d56e58f816d211">
  <source>Dutch</source>
  <target>Néerlandais</target>
 </trans-unit>
 <trans-unit id="s16a15af46bc9aeef">
  <source>Failed to fetch objects: <x id="0" equiv-text="${this.error.detail}"/></source>
 </trans-unit>
    </body>
  </file>
--- a/web/xliff/ko.xlf
+++ b/web/xliff/ko.xlf
@ -8142,6 +8142,9 @@ Bindings to groups/users are checked against the user of the event.</source>
 </trans-unit>
 <trans-unit id="s31aa94a0b3c7edb2">
  <source>Select endpoint to connect to</source>
 </trans-unit>
 <trans-unit id="s16a15af46bc9aeef">
  <source>Failed to fetch objects: <x id="0" equiv-text="${this.error.detail}"/></source>
 </trans-unit>
    </body>
  </file>
--- a/web/xliff/nl.xlf
+++ b/web/xliff/nl.xlf
@ -7981,6 +7981,9 @@ Bindingen naar groepen/gebruikers worden gecontroleerd tegen de gebruiker van de
 </trans-unit>
 <trans-unit id="s31aa94a0b3c7edb2">
  <source>Select endpoint to connect to</source>
 </trans-unit>
 <trans-unit id="s16a15af46bc9aeef">
  <source>Failed to fetch objects: <x id="0" equiv-text="${this.error.detail}"/></source>
 </trans-unit>
    </body>
  </file>
--- a/web/xliff/pl.xlf
+++ b/web/xliff/pl.xlf
@ -6379,6 +6379,9 @@ Bindings to groups/users are checked against the user of the event.</source>
 </trans-unit>
 <trans-unit id="s95d56e58f816d211">
  <source>Dutch</source>
 </trans-unit>
 <trans-unit id="s16a15af46bc9aeef">
  <source>Failed to fetch objects: <x id="0" equiv-text="${this.error.detail}"/></source>
 </trans-unit>
    </body>
  </file>
--- a/web/xliff/pseudo-LOCALE.xlf
+++ b/web/xliff/pseudo-LOCALE.xlf
@ -8117,4 +8117,7 @@ Bindings to groups/users are checked against the user of the event.</source>
 <trans-unit id="s95d56e58f816d211">
  <source>Dutch</source>
 </trans-unit>
 <trans-unit id="s16a15af46bc9aeef">
  <source>Failed to fetch objects: <x id="0" equiv-text="${this.error.detail}"/></source>
 </trans-unit>
 </body></file></xliff>
--- a/web/xliff/tr.xlf
+++ b/web/xliff/tr.xlf
@ -6164,6 +6164,9 @@ Bindings to groups/users are checked against the user of the event.</source>
 </trans-unit>
 <trans-unit id="s95d56e58f816d211">
  <source>Dutch</source>
 </trans-unit>
 <trans-unit id="s16a15af46bc9aeef">
  <source>Failed to fetch objects: <x id="0" equiv-text="${this.error.detail}"/></source>
 </trans-unit>
    </body>
  </file>
--- a/web/xliff/zh-CN.xlf
+++ b/web/xliff/zh-CN.xlf
@ -5063,6 +5063,9 @@ Bindings to groups/users are checked against the user of the event.</source>
 <trans-unit id="sc54aafeea9c9bab0">
  <source>Connected services</source>
 </trans-unit>
 <trans-unit id="s16a15af46bc9aeef">
  <source>Failed to fetch objects: <x id="0" equiv-text="${this.error.detail}"/></source>
 </trans-unit>
 </body>
 </file>
 </xliff>
--- a/web/xliff/zh-Hans.xlf
+++ b/web/xliff/zh-Hans.xlf
@ -1,4 +1,4 @@
-<?xml version="1.0" ?><xliff xmlns="urn:oasis:names:tc:xliff:document:1.2" version="1.2">
+<?xml version="1.0"?><xliff xmlns="urn:oasis:names:tc:xliff:document:1.2" version="1.2">
  <file target-language="zh-Hans" source-language="en" original="lit-localize-inputs" datatype="plaintext">
    <body>
      <trans-unit id="s4caed5b7a7e5d89b">
@ -613,9 +613,9 @@
      </trans-unit>
      <trans-unit id="saa0e2675da69651b">
-        <source>The URL &quot;<x id="0" equiv-text="${this.url}"/>&quot; was not found.</source>
+        <source>The URL "<x id="0" equiv-text="${this.url}"/>" was not found.</source>
-        <target>未找到 URL &quot; 
+        <target>未找到 URL " 
-        <x id="0" equiv-text="${this.url}"/>&quot;。</target>
+        <x id="0" equiv-text="${this.url}"/>"。</target>
      </trans-unit>
      <trans-unit id="s58cd9c2fe836d9c6">
@ -1057,8 +1057,8 @@
      </trans-unit>
      <trans-unit id="sa8384c9c26731f83">
-        <source>To allow any redirect URI, set this value to &quot;.*&quot;. Be aware of the possible security implications this can have.</source>
+        <source>To allow any redirect URI, set this value to ".*". Be aware of the possible security implications this can have.</source>
-        <target>要允许任何重定向 URI，请将此值设置为 &quot;.*&quot;。请注意这可能带来的安全影响。</target>
+        <target>要允许任何重定向 URI，请将此值设置为 ".*"。请注意这可能带来的安全影响。</target>
      </trans-unit>
      <trans-unit id="s55787f4dfcdce52b">
@ -1799,8 +1799,8 @@
      </trans-unit>
      <trans-unit id="sa90b7809586c35ce">
-        <source>Either input a full URL, a relative path, or use 'fa://fa-test' to use the Font Awesome icon &quot;fa-test&quot;.</source>
+        <source>Either input a full URL, a relative path, or use 'fa://fa-test' to use the Font Awesome icon "fa-test".</source>
-        <target>输入完整 URL、相对路径，或者使用 'fa://fa-test' 来使用 Font Awesome 图标 &quot;fa-test&quot;。</target>
+        <target>输入完整 URL、相对路径，或者使用 'fa://fa-test' 来使用 Font Awesome 图标 "fa-test"。</target>
      </trans-unit>
      <trans-unit id="s0410779cb47de312">
@ -2983,8 +2983,8 @@ doesn't pass when either or both of the selected options are equal or above the
      </trans-unit>
      <trans-unit id="s76768bebabb7d543">
-        <source>Field which contains members of a group. Note that if using the &quot;memberUid&quot; field, the value is assumed to contain a relative distinguished name. e.g. 'memberUid=some-user' instead of 'memberUid=cn=some-user,ou=groups,...'</source>
+        <source>Field which contains members of a group. Note that if using the "memberUid" field, the value is assumed to contain a relative distinguished name. e.g. 'memberUid=some-user' instead of 'memberUid=cn=some-user,ou=groups,...'</source>
-        <target>包含组成员的字段。请注意，如果使用 &quot;memberUid&quot; 字段，则假定该值包含相对可分辨名称。例如，'memberUid=some-user' 而不是 'memberUid=cn=some-user,ou=groups,...'</target>
+        <target>包含组成员的字段。请注意，如果使用 "memberUid" 字段，则假定该值包含相对可分辨名称。例如，'memberUid=some-user' 而不是 'memberUid=cn=some-user,ou=groups,...'</target>
      </trans-unit>
      <trans-unit id="s026555347e589f0e">
@ -3776,8 +3776,8 @@ doesn't pass when either or both of the selected options are equal or above the
      </trans-unit>
      <trans-unit id="s7b1fba26d245cb1c">
-        <source>When using an external logging solution for archiving, this can be set to &quot;minutes=5&quot;.</source>
+        <source>When using an external logging solution for archiving, this can be set to "minutes=5".</source>
-        <target>使用外部日志记录解决方案进行存档时，可以将其设置为 &quot;minutes=5&quot;。</target>
+        <target>使用外部日志记录解决方案进行存档时，可以将其设置为 "minutes=5"。</target>
      </trans-unit>
      <trans-unit id="s44536d20bb5c8257">
@ -3786,8 +3786,8 @@ doesn't pass when either or both of the selected options are equal or above the
      </trans-unit>
      <trans-unit id="s3bb51cabb02b997e">
-        <source>Format: &quot;weeks=3;days=2;hours=3,seconds=2&quot;.</source>
+        <source>Format: "weeks=3;days=2;hours=3,seconds=2".</source>
-        <target>格式：&quot;weeks=3;days=2;hours=3,seconds=2&quot;。</target>
+        <target>格式："weeks=3;days=2;hours=3,seconds=2"。</target>
      </trans-unit>
      <trans-unit id="s04bfd02201db5ab8">
@ -3983,10 +3983,10 @@ doesn't pass when either or both of the selected options are equal or above the
      </trans-unit>
      <trans-unit id="sa95a538bfbb86111">
-        <source>Are you sure you want to update <x id="0" equiv-text="${this.objectLabel}"/> &quot;<x id="1" equiv-text="${this.obj?.name}"/>&quot;?</source>
+        <source>Are you sure you want to update <x id="0" equiv-text="${this.objectLabel}"/> "<x id="1" equiv-text="${this.obj?.name}"/>"?</source>
        <target>您确定要更新 
-        <x id="0" equiv-text="${this.objectLabel}"/>&quot; 
+        <x id="0" equiv-text="${this.objectLabel}"/>" 
-        <x id="1" equiv-text="${this.obj?.name}"/>&quot; 吗？</target>
+        <x id="1" equiv-text="${this.obj?.name}"/>" 吗？</target>
      </trans-unit>
      <trans-unit id="sc92d7cfb6ee1fec6">
@ -5072,7 +5072,7 @@ doesn't pass when either or both of the selected options are equal or above the
      </trans-unit>
      <trans-unit id="sdf1d8edef27236f0">
-        <source>A &quot;roaming&quot; authenticator, like a YubiKey</source>
+        <source>A "roaming" authenticator, like a YubiKey</source>
        <target>像 YubiKey 这样的“漫游”身份验证器</target>
      </trans-unit>
@ -5407,10 +5407,10 @@ doesn't pass when either or both of the selected options are equal or above the
      </trans-unit>
      <trans-unit id="s2d5f69929bb7221d">
-        <source><x id="0" equiv-text="${prompt.name}"/> (&quot;<x id="1" equiv-text="${prompt.fieldKey}"/>&quot;, of type <x id="2" equiv-text="${prompt.type}"/>)</source>
+        <source><x id="0" equiv-text="${prompt.name}"/> ("<x id="1" equiv-text="${prompt.fieldKey}"/>", of type <x id="2" equiv-text="${prompt.type}"/>)</source>
        <target>
-        <x id="0" equiv-text="${prompt.name}"/>（&quot; 
+        <x id="0" equiv-text="${prompt.name}"/>（" 
-        <x id="1" equiv-text="${prompt.fieldKey}"/>&quot;，类型为 
+        <x id="1" equiv-text="${prompt.fieldKey}"/>"，类型为 
        <x id="2" equiv-text="${prompt.type}"/>）</target>
      </trans-unit>
@ -5459,7 +5459,7 @@ doesn't pass when either or both of the selected options are equal or above the
      </trans-unit>
      <trans-unit id="s1608b2f94fa0dbd4">
-        <source>If set to a duration above 0, the user will have the option to choose to &quot;stay signed in&quot;, which will extend their session by the time specified here.</source>
+        <source>If set to a duration above 0, the user will have the option to choose to "stay signed in", which will extend their session by the time specified here.</source>
        <target>如果设置时长大于 0，用户可以选择“保持登录”选项，这将使用户的会话延长此处设置的时间。</target>
      </trans-unit>
@ -7965,7 +7965,7 @@ Bindings to groups/users are checked against the user of the event.</source>
  <target>成功创建用户并添加到组 <x id="0" equiv-text="${this.group.name}"/></target>
 </trans-unit>
 <trans-unit id="s824e0943a7104668">
-  <source>This user will be added to the group &quot;<x id="0" equiv-text="${this.targetGroup.name}"/>&quot;.</source>
+  <source>This user will be added to the group "<x id="0" equiv-text="${this.targetGroup.name}"/>".</source>
  <target>此用户将会被添加到组 &amp;quot;<x id="0" equiv-text="${this.targetGroup.name}"/>&amp;quot;。</target>
 </trans-unit>
 <trans-unit id="s62e7f6ed7d9cb3ca">
@ -8227,6 +8227,9 @@ Bindings to groups/users are checked against the user of the event.</source>
 <trans-unit id="s95d56e58f816d211">
  <source>Dutch</source>
  <target>荷兰语</target>
 </trans-unit>
 <trans-unit id="s16a15af46bc9aeef">
  <source>Failed to fetch objects: <x id="0" equiv-text="${this.error.detail}"/></source>
 </trans-unit>
    </body>
  </file>
--- a/web/xliff/zh-Hant.xlf
+++ b/web/xliff/zh-Hant.xlf
@ -6212,6 +6212,9 @@ Bindings to groups/users are checked against the user of the event.</source>
 </trans-unit>
 <trans-unit id="s95d56e58f816d211">
  <source>Dutch</source>
 </trans-unit>
 <trans-unit id="s16a15af46bc9aeef">
  <source>Failed to fetch objects: <x id="0" equiv-text="${this.error.detail}"/></source>
 </trans-unit>
    </body>
  </file>
--- a/web/xliff/zh_TW.xlf
+++ b/web/xliff/zh_TW.xlf
@ -8101,6 +8101,9 @@ Bindings to groups/users are checked against the user of the event.</source>
 </trans-unit>
 <trans-unit id="s95d56e58f816d211">
  <source>Dutch</source>
 </trans-unit>
 <trans-unit id="s16a15af46bc9aeef">
  <source>Failed to fetch objects: <x id="0" equiv-text="${this.error.detail}"/></source>
 </trans-unit>
    </body>
  </file>