stages/authenticator_validate: remember (#2828)

* initial Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web: cleanup timedelta help Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add tooltip Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * assert response code in self.assertStageResponse Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add more tests, add duo Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add docs Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-10 21:05:22 +02:00
parent 4d755dc0f6
commit fd1d38f844
51 changed files with 2006 additions and 1267 deletions
--- a/website/docs/flow/stages/authenticator_validate/index.md
+++ b/website/docs/flow/stages/authenticator_validate/index.md
@ -18,6 +18,9 @@ Using the `Not configured action`, you can choose what happens when a user does
 -   Deny: Access is denied, the flow execution ends
 -   Configure: This option requires a _Configuration stage_ to be set. The validation stage will be marked as successful, and the configuration stage will be injected into the flow.

+By default, authenticator validation is required every time the flow containing this stage is executed. To only change this behavior, set _Last validation threshold_ to a non-zero value. (Requires authentik 2022.5)
+Keep in mind that when using Code-based devices (TOTP, Static and SMS), values lower than `seconds=30` cannot be used, as with the way TOTP devices are saved, there is no exact timestamp.
+
 ## Passwordless authentication

 :::info