habsi/authentik
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

providers/oauth2: remove deprecated verification_keys (#3071)

Browse Source 
remove verification_keys

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens L
2022-06-11 19:48:07 +02:00
committed by GitHub
parent 8dbb0bd2c6
commit 6821402fef
16 changed files with 35 additions and 358 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
authentik/providers/oauth2/api/provider.py
View File

@ -34,7 +34,6 @@ class OAuth2ProviderSerializer(ProviderSerializer):
"sub_mode",
"property_mappings",
"issuer_mode",
"verification_keys",
"jwks_sources",
]

17
authentik/providers/oauth2/migrations/0012_remove_oauth2provider_verification_keys.py Normal file
View File

@ -0,0 +1,17 @@
# Generated by Django 4.0.5 on 2022-06-04 21:26
from django.db import migrations
class Migration(migrations.Migration):
dependencies = [
("authentik_providers_oauth2", "0011_oauth2provider_jwks_sources_and_more"),
]
operations = [
migrations.RemoveField(
model_name="oauth2provider",
name="verification_keys",
),
]

13
authentik/providers/oauth2/models.py
View File

@ -222,19 +222,6 @@ class OAuth2Provider(Provider):
),
)
verification_keys = models.ManyToManyField(
CertificateKeyPair,
verbose_name=_("Allowed certificates for JWT-based client_credentials"),
help_text=_(
(
"DEPRECATED. JWTs created with the configured "
"certificates can authenticate with this provider."
)
),
related_name="oauth2_providers",
default=None,
blank=True,
)
jwks_sources = models.ManyToManyField(
OAuthSource,
verbose_name=_(

203
authentik/providers/oauth2/tests/test_token_cc_jwt.py
View File

@ -1,203 +0,0 @@
"""Test token view"""
from datetime import datetime, timedelta
from json import loads
from django.test import RequestFactory
from django.urls import reverse
from jwt import decode
from authentik.core.models import Application, Group
from authentik.core.tests.utils import create_test_cert, create_test_flow
from authentik.lib.generators import generate_id, generate_key
from authentik.managed.manager import ObjectManager
from authentik.policies.models import PolicyBinding
from authentik.providers.oauth2.constants import (
GRANT_TYPE_CLIENT_CREDENTIALS,
SCOPE_OPENID,
SCOPE_OPENID_EMAIL,
SCOPE_OPENID_PROFILE,
)
from authentik.providers.oauth2.models import OAuth2Provider, ScopeMapping
from authentik.providers.oauth2.tests.utils import OAuthTestCase
class TestTokenClientCredentialsJWT(OAuthTestCase):
"""Test token (client_credentials, with JWT) view"""
def setUp(self) -> None:
super().setUp()
ObjectManager().run()
self.factory = RequestFactory()
self.cert = create_test_cert()
self.provider: OAuth2Provider = OAuth2Provider.objects.create(
name="test",
client_id=generate_id(),
client_secret=generate_key(),
authorization_flow=create_test_flow(),
redirect_uris="http://testserver",
signing_key=self.cert,
)
self.provider.verification_keys.set([self.cert])
self.provider.property_mappings.set(ScopeMapping.objects.all())
self.app = Application.objects.create(name="test", slug="test", provider=self.provider)
def test_invalid_type(self):
"""test invalid type"""
response = self.client.post(
reverse("authentik_providers_oauth2:token"),
{
"grant_type": GRANT_TYPE_CLIENT_CREDENTIALS,
"scope": f"{SCOPE_OPENID} {SCOPE_OPENID_EMAIL} {SCOPE_OPENID_PROFILE}",
"client_id": self.provider.client_id,
"client_assertion_type": "foo",
"client_assertion": "foo.bar",
},
)
self.assertEqual(response.status_code, 400)
body = loads(response.content.decode())
self.assertEqual(body["error"], "invalid_grant")
def test_invalid_jwt(self):
"""test invalid JWT"""
response = self.client.post(
reverse("authentik_providers_oauth2:token"),
{
"grant_type": GRANT_TYPE_CLIENT_CREDENTIALS,
"scope": f"{SCOPE_OPENID} {SCOPE_OPENID_EMAIL} {SCOPE_OPENID_PROFILE}",
"client_id": self.provider.client_id,
"client_assertion_type": "urn:ietf:params:oauth:client-assertion-type:jwt-bearer",
"client_assertion": "foo.bar",
},
)
self.assertEqual(response.status_code, 400)
body = loads(response.content.decode())
self.assertEqual(body["error"], "invalid_grant")
def test_invalid_signature(self):
"""test invalid JWT"""
token = self.provider.encode(
{
"sub": "foo",
"exp": datetime.now() + timedelta(hours=2),
}
)
response = self.client.post(
reverse("authentik_providers_oauth2:token"),
{
"grant_type": GRANT_TYPE_CLIENT_CREDENTIALS,
"scope": f"{SCOPE_OPENID} {SCOPE_OPENID_EMAIL} {SCOPE_OPENID_PROFILE}",
"client_id": self.provider.client_id,
"client_assertion_type": "urn:ietf:params:oauth:client-assertion-type:jwt-bearer",
"client_assertion": token + "foo",
},
)
self.assertEqual(response.status_code, 400)
body = loads(response.content.decode())
self.assertEqual(body["error"], "invalid_grant")
def test_invalid_expired(self):
"""test invalid JWT"""
token = self.provider.encode(
{
"sub": "foo",
"exp": datetime.now() - timedelta(hours=2),
}
)
response = self.client.post(
reverse("authentik_providers_oauth2:token"),
{
"grant_type": GRANT_TYPE_CLIENT_CREDENTIALS,
"scope": f"{SCOPE_OPENID} {SCOPE_OPENID_EMAIL} {SCOPE_OPENID_PROFILE}",
"client_id": self.provider.client_id,
"client_assertion_type": "urn:ietf:params:oauth:client-assertion-type:jwt-bearer",
"client_assertion": token,
},
)
self.assertEqual(response.status_code, 400)
body = loads(response.content.decode())
self.assertEqual(body["error"], "invalid_grant")
def test_invalid_no_app(self):
"""test invalid JWT"""
self.app.provider = None
self.app.save()
token = self.provider.encode(
{
"sub": "foo",
"exp": datetime.now() + timedelta(hours=2),
}
)
response = self.client.post(
reverse("authentik_providers_oauth2:token"),
{
"grant_type": GRANT_TYPE_CLIENT_CREDENTIALS,
"scope": f"{SCOPE_OPENID} {SCOPE_OPENID_EMAIL} {SCOPE_OPENID_PROFILE}",
"client_id": self.provider.client_id,
"client_assertion_type": "urn:ietf:params:oauth:client-assertion-type:jwt-bearer",
"client_assertion": token,
},
)
self.assertEqual(response.status_code, 400)
body = loads(response.content.decode())
self.assertEqual(body["error"], "invalid_grant")
def test_invalid_access_denied(self):
"""test invalid JWT"""
group = Group.objects.create(name="foo")
PolicyBinding.objects.create(
group=group,
target=self.app,
order=0,
)
token = self.provider.encode(
{
"sub": "foo",
"exp": datetime.now() + timedelta(hours=2),
}
)
response = self.client.post(
reverse("authentik_providers_oauth2:token"),
{
"grant_type": GRANT_TYPE_CLIENT_CREDENTIALS,
"scope": f"{SCOPE_OPENID} {SCOPE_OPENID_EMAIL} {SCOPE_OPENID_PROFILE}",
"client_id": self.provider.client_id,
"client_assertion_type": "urn:ietf:params:oauth:client-assertion-type:jwt-bearer",
"client_assertion": token,
},
)
self.assertEqual(response.status_code, 400)
body = loads(response.content.decode())
self.assertEqual(body["error"], "invalid_grant")
def test_successful(self):
"""test successful"""
token = self.provider.encode(
{
"sub": "foo",
"exp": datetime.now() + timedelta(hours=2),
}
)
response = self.client.post(
reverse("authentik_providers_oauth2:token"),
{
"grant_type": GRANT_TYPE_CLIENT_CREDENTIALS,
"scope": f"{SCOPE_OPENID} {SCOPE_OPENID_EMAIL} {SCOPE_OPENID_PROFILE}",
"client_id": self.provider.client_id,
"client_assertion_type": "urn:ietf:params:oauth:client-assertion-type:jwt-bearer",
"client_assertion": token,
},
)
self.assertEqual(response.status_code, 200)
body = loads(response.content.decode())
self.assertEqual(body["token_type"], "bearer")
_, alg = self.provider.get_jwt_key()
jwt = decode(
body["access_token"],
key=self.provider.signing_key.public_key,
algorithms=[alg],
audience=self.provider.client_id,
)
self.assertEqual(
jwt["given_name"], "Autogenerated user from application test (client credentials JWT)"
)
self.assertEqual(jwt["preferred_username"], "test-foo")

22
authentik/providers/oauth2/views/token.py
View File

@ -21,7 +21,6 @@ from authentik.core.models import (
TokenIntents,
User,
)
from authentik.crypto.models import CertificateKeyPair
from authentik.events.models import Event, EventAction
from authentik.lib.utils.time import timedelta_from_string
from authentik.policies.engine import PolicyEngine
@ -38,7 +37,6 @@ from authentik.providers.oauth2.errors import TokenError, UserAuthError
from authentik.providers.oauth2.models import (
AuthorizationCode,
ClientTypes,
JWTAlgorithms,
OAuth2Provider,
RefreshToken,
)
@ -292,26 +290,6 @@ class TokenParams:
token = None
# TODO: Remove in 2022.7, deprecated field `verification_keys``
for cert in self.provider.verification_keys.all():
LOGGER.debug("verifying jwt with key", key=cert.name)
cert: CertificateKeyPair
public_key = cert.certificate.public_key()
if cert.private_key:
public_key = cert.private_key.public_key()
try:
token = decode(
assertion,
public_key,
algorithms=[JWTAlgorithms.RS256, JWTAlgorithms.ES256],
options={
"verify_aud": False,
},
)
except (PyJWTError, ValueError, TypeError) as exc:
LOGGER.warning("failed to validate jwt", exc=exc)
# TODO: End remove block
source: Optional[OAuthSource] = None
parsed_key: Optional[PyJWK] = None
for source in self.provider.jwks_sources.all():

27
schema.yml
View File

@ -23237,15 +23237,6 @@ components:
allOf:
- $ref: '#/components/schemas/IssuerModeEnum'
description: Configure how the issuer field of the ID Token should be filled.
verification_keys:
type: array
items:
type: string
format: uuid
title: Allowed certificates for JWT-based client_credentials
title: Allowed certificates for JWT-based client_credentials
description: DEPRECATED. JWTs created with the configured certificates can
authenticate with this provider.
jwks_sources:
type: array
items:
@ -23325,15 +23316,6 @@ components:
allOf:
- $ref: '#/components/schemas/IssuerModeEnum'
description: Configure how the issuer field of the ID Token should be filled.
verification_keys:
type: array
items:
type: string
format: uuid
title: Allowed certificates for JWT-based client_credentials
title: Allowed certificates for JWT-based client_credentials
description: DEPRECATED. JWTs created with the configured certificates can
authenticate with this provider.
jwks_sources:
type: array
items:
@ -27711,15 +27693,6 @@ components:
allOf:
- $ref: '#/components/schemas/IssuerModeEnum'
description: Configure how the issuer field of the ID Token should be filled.
verification_keys:
type: array
items:
type: string
format: uuid
title: Allowed certificates for JWT-based client_credentials
title: Allowed certificates for JWT-based client_credentials
description: DEPRECATED. JWTs created with the configured certificates can
authenticate with this provider.
jwks_sources:
type: array
items:

8
web/src/locales/de.po
View File

@ -1552,7 +1552,6 @@ msgstr "{0} löschen"
msgid "Deny the user access"
msgstr "Dem Benutzer den Zugang verweigern"
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
msgid "Deprecated. Instead of using this field, configure the JWKS data/URL in Sources."
msgstr ""
@ -2471,7 +2470,6 @@ msgstr "Interne Konten ausblenden"
#: src/pages/outposts/OutpostForm.ts
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
#: src/pages/providers/proxy/ProxyProviderForm.ts
#: src/pages/providers/saml/SAMLProviderForm.ts
#: src/pages/sources/ldap/LDAPSourceForm.ts
@ -2753,7 +2751,6 @@ msgstr ""
#~ msgid "JWT Algorithm"
#~ msgstr "JWT Algorithmus"
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
msgid "JWTs signed by certificates configured here can be used to authenticate to the provider."
msgstr ""
@ -2937,7 +2934,6 @@ msgstr "Wird geladen"
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
#: src/pages/providers/proxy/ProxyProviderForm.ts
#: src/pages/providers/proxy/ProxyProviderForm.ts
#: src/pages/providers/proxy/ProxyProviderForm.ts
@ -6308,8 +6304,8 @@ msgid "Verification Certificate"
msgstr "Zertifikat zur Überprüfung"
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
msgid "Verification certificates"
msgstr ""
#~ msgid "Verification certificates"
#~ msgstr ""
#: src/pages/stages/authenticator_sms/AuthenticatorSMSStageForm.ts
#~ msgid "Verify only"

8
web/src/locales/en.po
View File

@ -1570,7 +1570,6 @@ msgstr "Delete {0}"
msgid "Deny the user access"
msgstr "Deny the user access"
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
msgid "Deprecated. Instead of using this field, configure the JWKS data/URL in Sources."
msgstr "Deprecated. Instead of using this field, configure the JWKS data/URL in Sources."
@ -2510,7 +2509,6 @@ msgstr "Hide service-accounts"
#: src/pages/outposts/OutpostForm.ts
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
#: src/pages/providers/proxy/ProxyProviderForm.ts
#: src/pages/providers/saml/SAMLProviderForm.ts
#: src/pages/sources/ldap/LDAPSourceForm.ts
@ -2803,7 +2801,6 @@ msgstr "JWKS URL"
#~ msgid "JWT Algorithm"
#~ msgstr "JWT Algorithm"
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
msgid "JWTs signed by certificates configured here can be used to authenticate to the provider."
msgstr "JWTs signed by certificates configured here can be used to authenticate to the provider."
@ -2989,7 +2986,6 @@ msgstr "Loading"
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
#: src/pages/providers/proxy/ProxyProviderForm.ts
#: src/pages/providers/proxy/ProxyProviderForm.ts
#: src/pages/providers/proxy/ProxyProviderForm.ts
@ -6434,8 +6430,8 @@ msgid "Verification Certificate"
msgstr "Verification Certificate"
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
msgid "Verification certificates"
msgstr "Verification certificates"
#~ msgid "Verification certificates"
#~ msgstr "Verification certificates"
#: src/pages/stages/authenticator_sms/AuthenticatorSMSStageForm.ts
#~ msgid "Verify only"

8
web/src/locales/es.po
View File

@ -1543,7 +1543,6 @@ msgstr "Eliminar {0}"
msgid "Deny the user access"
msgstr "Denegar el acceso al usuario"
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
msgid "Deprecated. Instead of using this field, configure the JWKS data/URL in Sources."
msgstr ""
@ -2462,7 +2461,6 @@ msgstr "Ocultar cuentas de servicio"
#: src/pages/outposts/OutpostForm.ts
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
#: src/pages/providers/proxy/ProxyProviderForm.ts
#: src/pages/providers/saml/SAMLProviderForm.ts
#: src/pages/sources/ldap/LDAPSourceForm.ts
@ -2746,7 +2744,6 @@ msgstr ""
#~ msgid "JWT Algorithm"
#~ msgstr "algoritmo JWT"
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
msgid "JWTs signed by certificates configured here can be used to authenticate to the provider."
msgstr ""
@ -2930,7 +2927,6 @@ msgstr "Cargando"
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
#: src/pages/providers/proxy/ProxyProviderForm.ts
#: src/pages/providers/proxy/ProxyProviderForm.ts
#: src/pages/providers/proxy/ProxyProviderForm.ts
@ -6302,8 +6298,8 @@ msgid "Verification Certificate"
msgstr "Certificado de verificación"
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
msgid "Verification certificates"
msgstr ""
#~ msgid "Verification certificates"
#~ msgstr ""
#: src/pages/stages/authenticator_sms/AuthenticatorSMSStageForm.ts
#~ msgid "Verify only"

8
web/src/locales/fr_FR.po
View File

@ -1555,7 +1555,6 @@ msgstr "Supprimer {0}"
msgid "Deny the user access"
msgstr "Refuser l'accès à l'utilisateu"
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
msgid "Deprecated. Instead of using this field, configure the JWKS data/URL in Sources."
msgstr ""
@ -2488,7 +2487,6 @@ msgstr "Cacher les comptes de service"
#: src/pages/outposts/OutpostForm.ts
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
#: src/pages/providers/proxy/ProxyProviderForm.ts
#: src/pages/providers/saml/SAMLProviderForm.ts
#: src/pages/sources/ldap/LDAPSourceForm.ts
@ -2776,7 +2774,6 @@ msgstr ""
#~ msgid "JWT Algorithm"
#~ msgstr "Algorithme JWT"
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
msgid "JWTs signed by certificates configured here can be used to authenticate to the provider."
msgstr ""
@ -2961,7 +2958,6 @@ msgstr "Chargement en cours"
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
#: src/pages/providers/proxy/ProxyProviderForm.ts
#: src/pages/providers/proxy/ProxyProviderForm.ts
#: src/pages/providers/proxy/ProxyProviderForm.ts
@ -6363,8 +6359,8 @@ msgid "Verification Certificate"
msgstr "Certificat de validation"
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
msgid "Verification certificates"
msgstr ""
#~ msgid "Verification certificates"
#~ msgstr ""
#: src/pages/stages/authenticator_sms/AuthenticatorSMSStageForm.ts
#~ msgid "Verify only"

8
web/src/locales/pl.po
View File

@ -1540,7 +1540,6 @@ msgstr "Usuń {0}"
msgid "Deny the user access"
msgstr "Odmów użytkownikowi dostępu"
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
msgid "Deprecated. Instead of using this field, configure the JWKS data/URL in Sources."
msgstr ""
@ -2459,7 +2458,6 @@ msgstr "Ukryj konta serwisowe"
#: src/pages/outposts/OutpostForm.ts
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
#: src/pages/providers/proxy/ProxyProviderForm.ts
#: src/pages/providers/saml/SAMLProviderForm.ts
#: src/pages/sources/ldap/LDAPSourceForm.ts
@ -2743,7 +2741,6 @@ msgstr ""
#~ msgid "JWT Algorithm"
#~ msgstr "Algorytm JWT"
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
msgid "JWTs signed by certificates configured here can be used to authenticate to the provider."
msgstr ""
@ -2927,7 +2924,6 @@ msgstr "Ładowanie"
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
#: src/pages/providers/proxy/ProxyProviderForm.ts
#: src/pages/providers/proxy/ProxyProviderForm.ts
#: src/pages/providers/proxy/ProxyProviderForm.ts
@ -6299,8 +6295,8 @@ msgid "Verification Certificate"
msgstr "Certyfikat weryfikacji"
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
msgid "Verification certificates"
msgstr ""
#~ msgid "Verification certificates"
#~ msgstr ""
#: src/pages/stages/authenticator_sms/AuthenticatorSMSStageForm.ts
#~ msgid "Verify only"

8
web/src/locales/pseudo-LOCALE.po
View File

@ -1556,7 +1556,6 @@ msgstr ""
msgid "Deny the user access"
msgstr ""
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
msgid "Deprecated. Instead of using this field, configure the JWKS data/URL in Sources."
msgstr ""
@ -2496,7 +2495,6 @@ msgstr ""
#: src/pages/outposts/OutpostForm.ts
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
#: src/pages/providers/proxy/ProxyProviderForm.ts
#: src/pages/providers/saml/SAMLProviderForm.ts
#: src/pages/sources/ldap/LDAPSourceForm.ts
@ -2785,7 +2783,6 @@ msgstr ""
#~ msgid "JWT Algorithm"
#~ msgstr ""
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
msgid "JWTs signed by certificates configured here can be used to authenticate to the provider."
msgstr ""
@ -2971,7 +2968,6 @@ msgstr ""
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
#: src/pages/providers/proxy/ProxyProviderForm.ts
#: src/pages/providers/proxy/ProxyProviderForm.ts
#: src/pages/providers/proxy/ProxyProviderForm.ts
@ -6404,8 +6400,8 @@ msgid "Verification Certificate"
msgstr ""
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
msgid "Verification certificates"
msgstr ""
#~ msgid "Verification certificates"
#~ msgstr ""
#: src/pages/stages/authenticator_sms/AuthenticatorSMSStageForm.ts
#~ msgid "Verify only"

8
web/src/locales/tr.po
View File

@ -1543,7 +1543,6 @@ msgstr "{0} Sil"
msgid "Deny the user access"
msgstr "Kullanıcı erişimini engelle"
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
msgid "Deprecated. Instead of using this field, configure the JWKS data/URL in Sources."
msgstr ""
@ -2462,7 +2461,6 @@ msgstr "Hizmet hesaplarını gizle"
#: src/pages/outposts/OutpostForm.ts
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
#: src/pages/providers/proxy/ProxyProviderForm.ts
#: src/pages/providers/saml/SAMLProviderForm.ts
#: src/pages/sources/ldap/LDAPSourceForm.ts
@ -2747,7 +2745,6 @@ msgstr ""
#~ msgid "JWT Algorithm"
#~ msgstr "JWT Algoritması"
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
msgid "JWTs signed by certificates configured here can be used to authenticate to the provider."
msgstr ""
@ -2931,7 +2928,6 @@ msgstr "Yükleniyor"
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
#: src/pages/providers/proxy/ProxyProviderForm.ts
#: src/pages/providers/proxy/ProxyProviderForm.ts
#: src/pages/providers/proxy/ProxyProviderForm.ts
@ -6304,8 +6300,8 @@ msgid "Verification Certificate"
msgstr "Doğrulama Sertifikası"
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
msgid "Verification certificates"
msgstr ""
#~ msgid "Verification certificates"
#~ msgstr ""
#: src/pages/stages/authenticator_sms/AuthenticatorSMSStageForm.ts
#~ msgid "Verify only"

8
web/src/locales/zh-Hant.po
View File

@ -1540,7 +1540,6 @@ msgstr "删除 {0}"
msgid "Deny the user access"
msgstr "拒绝用户访问"
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
msgid "Deprecated. Instead of using this field, configure the JWKS data/URL in Sources."
msgstr ""
@ -2451,7 +2450,6 @@ msgstr "隐藏服务账户"
#: src/pages/outposts/OutpostForm.ts
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
#: src/pages/providers/proxy/ProxyProviderForm.ts
#: src/pages/providers/saml/SAMLProviderForm.ts
#: src/pages/sources/ldap/LDAPSourceForm.ts
@ -2734,7 +2732,6 @@ msgstr ""
#~ msgid "JWT Algorithm"
#~ msgstr "JWT 算法"
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
msgid "JWTs signed by certificates configured here can be used to authenticate to the provider."
msgstr "此处配置的证书签名的 JWT 可以用于此提供程序的身份验证。"
@ -2917,7 +2914,6 @@ msgstr "正在加载"
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
#: src/pages/providers/proxy/ProxyProviderForm.ts
#: src/pages/providers/proxy/ProxyProviderForm.ts
#: src/pages/providers/proxy/ProxyProviderForm.ts
@ -6270,8 +6266,8 @@ msgid "Verification Certificate"
msgstr "验证证书"
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
msgid "Verification certificates"
msgstr "验证证书"
#~ msgid "Verification certificates"
#~ msgstr "验证证书"
#: src/pages/stages/authenticator_sms/AuthenticatorSMSStageForm.ts
#~ msgid "Verify only"

8
web/src/locales/zh_TW.po
View File

@ -1540,7 +1540,6 @@ msgstr "删除 {0}"
msgid "Deny the user access"
msgstr "拒绝用户访问"
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
msgid "Deprecated. Instead of using this field, configure the JWKS data/URL in Sources."
msgstr ""
@ -2451,7 +2450,6 @@ msgstr "隐藏服务账户"
#: src/pages/outposts/OutpostForm.ts
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
#: src/pages/providers/proxy/ProxyProviderForm.ts
#: src/pages/providers/saml/SAMLProviderForm.ts
#: src/pages/sources/ldap/LDAPSourceForm.ts
@ -2734,7 +2732,6 @@ msgstr ""
#~ msgid "JWT Algorithm"
#~ msgstr "JWT 算法"
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
msgid "JWTs signed by certificates configured here can be used to authenticate to the provider."
msgstr "此处配置的证书签名的 JWT 可以用于此提供程序的身份验证。"
@ -2917,7 +2914,6 @@ msgstr "正在加载"
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
#: src/pages/providers/proxy/ProxyProviderForm.ts
#: src/pages/providers/proxy/ProxyProviderForm.ts
#: src/pages/providers/proxy/ProxyProviderForm.ts
@ -6270,8 +6266,8 @@ msgid "Verification Certificate"
msgstr "验证证书"
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
msgid "Verification certificates"
msgstr "验证证书"
#~ msgid "Verification certificates"
#~ msgstr "验证证书"
#: src/pages/stages/authenticator_sms/AuthenticatorSMSStageForm.ts
#~ msgid "Verify only"

38
web/src/pages/providers/oauth2/OAuth2ProviderForm.ts
View File

@ -405,44 +405,6 @@ ${this.instance?.redirectUris}</textarea
${t`Hold control/command to select multiple items.`}
</p>
</ak-form-element-horizontal>
<ak-form-element-horizontal
label=${t`Verification certificates`}
name="verificationKeys"
>
<select class="pf-c-form-control" multiple>
${until(
new CryptoApi(DEFAULT_CONFIG)
.cryptoCertificatekeypairsList({
ordering: "name",
})
.then((keys) => {
return keys.results.map((key) => {
const selected = (
this.instance?.verificationKeys || []
).some((su) => {
return su == key.pk;
});
return html`<option
value=${key.pk}
?selected=${selected}
>
${key.name} (${key.privateKeyType?.toUpperCase()})
</option>`;
});
}),
html`<option>${t`Loading...`}</option>`,
)}
</select>
<p class="pf-c-form__helper-text">
${t`Deprecated. Instead of using this field, configure the JWKS data/URL in Sources.`}
</p>
<p class="pf-c-form__helper-text">
${t`JWTs signed by certificates configured here can be used to authenticate to the provider.`}
</p>
<p class="pf-c-form__helper-text">
${t`Hold control/command to select multiple items.`}
</p>
</ak-form-element-horizontal>
</div>
</ak-form-group>
</form>`;