providers/oauth2: use access_code_validity for id_tokens generated when using an implicit flow, improve wording in web ui

closes #1369 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-15 17:14:53 +02:00
parent 95efd47f65
commit 916530f0d8
5 changed files with 40 additions and 13 deletions
--- a/web/src/locales/en.po
+++ b/web/src/locales/en.po
@ -88,14 +88,18 @@ msgstr "API request failed"
 msgid "Access Key"
 msgstr "Access Key"

-#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
-msgid "Access code validity"
-msgstr "Access code validity"
+#: 
+#~ msgid "Access code validity"
+#~ msgstr "Access code validity"

 #: src/pages/sources/oauth/OAuthSourceForm.ts
 msgid "Access token URL"
 msgstr "Access token URL"

+#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
+msgid "Access token validity"
+msgstr "Access token validity"
+
 #: src/elements/events/ObjectChangelog.ts
 #: src/elements/events/UserEvents.ts
 #: src/pages/events/EventListPage.ts
@ -787,9 +791,13 @@ msgstr "Configuration stage"
 msgid "Configure WebAuthn"
 msgstr "Configure WebAuthn"

+#: 
+#~ msgid "Configure how long access codes are valid for."
+#~ msgstr "Configure how long access codes are valid for."
+
 #: src/pages/providers/oauth2/OAuth2ProviderForm.ts
-msgid "Configure how long access codes are valid for."
-msgstr "Configure how long access codes are valid for."
+msgid "Configure how long access tokens are valid for."
+msgstr "Configure how long access tokens are valid for."

 #: src/pages/providers/oauth2/OAuth2ProviderForm.ts
 msgid "Configure how long refresh tokens and their id_tokens are valid for."
@ -2057,6 +2065,10 @@ msgstr "If this flag is set, this Stage will jump to the next Stage when no Invi
 msgid "If this is selected, the token will expire. Upon expiration, the token will be rotated."
 msgstr "If this is selected, the token will expire. Upon expiration, the token will be rotated."

+#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
+msgid "If you are using an Implicit, client-side flow (where the token-endpoint isn't used), you probably want to increase this time."
+msgstr "If you are using an Implicit, client-side flow (where the token-endpoint isn't used), you probably want to increase this time."
+
 #: src/pages/outposts/OutpostDeploymentModal.ts
 msgid "If your authentik Instance is using a self-signed certificate, set this value."
 msgstr "If your authentik Instance is using a self-signed certificate, set this value."
--- a/web/src/locales/pseudo-LOCALE.po
+++ b/web/src/locales/pseudo-LOCALE.po
@ -88,14 +88,18 @@ msgstr ""
 msgid "Access Key"
 msgstr ""

-#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
-msgid "Access code validity"
-msgstr ""
+#: 
+#~ msgid "Access code validity"
+#~ msgstr ""

 #: src/pages/sources/oauth/OAuthSourceForm.ts
 msgid "Access token URL"
 msgstr ""

+#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
+msgid "Access token validity"
+msgstr ""
+
 #: src/elements/events/ObjectChangelog.ts
 #: src/elements/events/UserEvents.ts
 #: src/pages/events/EventListPage.ts
@ -781,8 +785,12 @@ msgstr ""
 msgid "Configure WebAuthn"
 msgstr ""

+#: 
+#~ msgid "Configure how long access codes are valid for."
+#~ msgstr ""
+
 #: src/pages/providers/oauth2/OAuth2ProviderForm.ts
-msgid "Configure how long access codes are valid for."
+msgid "Configure how long access tokens are valid for."
 msgstr ""

 #: src/pages/providers/oauth2/OAuth2ProviderForm.ts
@ -2049,6 +2057,10 @@ msgstr ""
 msgid "If this is selected, the token will expire. Upon expiration, the token will be rotated."
 msgstr ""

+#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
+msgid "If you are using an Implicit, client-side flow (where the token-endpoint isn't used), you probably want to increase this time."
+msgstr ""
+
 #: src/pages/outposts/OutpostDeploymentModal.ts
 msgid "If your authentik Instance is using a self-signed certificate, set this value."
 msgstr ""
--- a/web/src/pages/providers/oauth2/OAuth2ProviderForm.ts
+++ b/web/src/pages/providers/oauth2/OAuth2ProviderForm.ts
@ -179,7 +179,7 @@ ${this.instance?.redirectUris}</textarea
                <span slot="header"> ${t`Advanced protocol settings`} </span>
                <div slot="body" class="pf-c-form">
                    <ak-form-element-horizontal
-                        label=${t`Access code validity`}
+                        label=${t`Access token validity`}
                        ?required=${true}
                        name="accessCodeValidity"
                    >
@ -190,7 +190,10 @@ ${this.instance?.redirectUris}</textarea
                            required
                        />
                        <p class="pf-c-form__helper-text">
-                            ${t`Configure how long access codes are valid for.`}
+                            ${t`Configure how long access tokens are valid for.`}
+                        </p>
+                        <p class="pf-c-form__helper-text">
+                            ${t`If you are using an Implicit, client-side flow (where the token-endpoint isn't used), you probably want to increase this time.`}
                        </p>
                        <p class="pf-c-form__helper-text">
                            ${t`(Format: hours=-1;minutes=-2;seconds=-3).`}