habsi/authentik
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

sources/oauth: OIDC well-known and JWKS (#2936)

Browse Source 
* add initial

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add provider

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* include source and jwk key id in event

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add more docs

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add tests for source

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix web formatting

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add provider tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix lint error

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens L
2022-05-24 21:02:50 +02:00
committed by GitHub
parent ab1840dd66
commit b4e75218f5
20 changed files with 711 additions and 82 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
website/docs/flow/executors/user-settings.md
View File

@ -3,7 +3,7 @@ title: User settings
---
:::info
Requires authentik 2022.3.1
Requires authentik 2022.3
:::
The user interface (`/if/user/`) embeds a downsized flow executor to allow the user to configure their profile using custom stages and prompts.

4
website/docs/providers/oauth2/client_credentials.md
View File

@ -31,6 +31,10 @@ Starting with authentik 2022.4, you can authenticate and get a token using an ex
To configure this, the certificate used to sign the input JWT must be created in authentik. The certificate is enough, a private key is not required. Afterwards, configure the certificate in the OAuth2 provider settings under _Verification certificates_.
:::info
Starting with authentik 2022.6, you can define a JWKS URL/raw JWKS data in OAuth Sources, and use those to verify the key instead of having to manually create a certificate in authentik for them. This method is still supported but will be removed in a later version.
:::
With this configure, any JWT issued by the configured certificates can be used to authenticate:
```

32
website/docs/releases/v2022.6.md Normal file
View File

@ -0,0 +1,32 @@
---
title: Release 2022.6
slug: "2022.6"
---
## Breaking changes
## New features
- Added well-known and JWKS URL in OAuth Source
These fields can be used to automatically configure OAuth Sources based on the [OpenID Connect Discovery Spec](https://openid.net/specs/openid-connect-discovery-1_0.html). Additionally, you can manually define a JWKS URL or raw JWKS data, and this can be used for Machine-to-machine authentication for OAuth2 Providers.
## Minor changes/fixes
## Upgrading
This release does not introduce any new requirements.
### docker-compose
Download the docker-compose file for 2022.6 from [here](https://goauthentik.io/version/2022.6/docker-compose.yml). Afterwards, simply run `docker-compose up -d`.
### Kubernetes
Update your values to use the new images:
```yaml
image:
repository: ghcr.io/goauthentik/server
tag: 2022.6.1
```