stages/redirect: create redirect stage (#12275)

* create redirect stage * show "keep context" toggle in Flow mode only * fix typos * add docs Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com> * simplify property pass * simplify toggle * remove `print` statements whoops * fix typo * remove default from `RedirectStage.mode` * remove migration Signed-off-by: Jens Langhammer <jens@goauthentik.io> * oops Signed-off-by: Jens Langhammer <jens@goauthentik.io> * adjust docs Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com> Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2024-12-12 18:00:09 +01:00
parent 587f2d74ac
commit ff504a3b80
35 changed files with 1314 additions and 40 deletions
--- a/website/docs/add-secure-apps/flows-stages/flow/context/index.md
+++ b/website/docs/add-secure-apps/flows-stages/flow/context/index.md
@ -12,6 +12,8 @@ For example, in the Identification Stage (part of the default login flow), you c

 Any data can be stored in the flow context, however there are some reserved keys in the context dictionary that are used by authentik stages.

+To manage flow context on a more granular level, see [Setting flow context keys](../../../../customize/policies/expression/managing_flow_context_keys.md).
+
 ## Context dictionary and reserved keys

 This section describes the data (the context) that are used in authentik, and provides a list of keys, what they are used for and when they are set.
@ -68,11 +70,15 @@ When a flow is executed by an Outpost (for example the [LDAP](../../../providers

 #### `is_sso` (boolean)

-Set to `True` when the flow is executed from an "SSO" context. For example, this is set when a flow is used during the authentication or enrollment via an external source, and if a flow is executed to authorize access to an application.
+This key is set to `True` when the flow is executed from an "SSO" context. For example, this is set when a flow is used during the authentication or enrollment via an external source, and if a flow is executed to authorize access to an application.

 #### `is_restored` (Token object)

-Set when a flow execution is continued from a token. This happens for example when an [Email stage](../../stages/email/index.mdx) is used and the user clicks on the link within the email. The token object contains the key that was used to restore the flow execution.
+This key is set when a flow execution is continued from a token. This happens for example when an [Email stage](../../stages/email/index.mdx) is used and the user clicks on the link within the email. The token object contains the key that was used to restore the flow execution.
+
+#### `is_redirected` (Flow object)
+
+This key is set when the current flow was reached through a [Redirect stage](../../stages/redirect/index.md) in Flow mode.

 ### Stage-specific keys

@ -189,3 +195,11 @@ Optionally override the email address that the email will be sent to. If not set
 ##### `pending_user_identifier` (string)

 If _Show matched user_ is disabled, this key will be set to the user identifier entered by the user in the identification stage.
+
+#### Redirect stage
+
+##### `redirect_stage_target` (string)
+
+[Set this key](../../../../customize/policies/expression/managing_flow_context_keys.md) in an Expression Policy to override [Redirect stage](../../stages/redirect/index.md) to force it to redirect to a certain URL or flow. This is useful when a flow requires that the redirection target be decided dynamically.
+
+Use the format `ak-flow://{slug}` to use the Redirect stage in Flow mode. Any other format will result in the Redirect stage running in Static mode.
--- a/website/docs/add-secure-apps/flows-stages/flow/index.md
+++ b/website/docs/add-secure-apps/flows-stages/flow/index.md
@ -44,7 +44,7 @@ To create a flow, follow these steps:
 2. In the Admin interface, navigate to **Flows and Stages -> Flows**.
 3. Click **Create**, define the flow using the [configuration settings](#flow-configuration-options) described below, and then click **Finish**.

-After creating the flow, you can then [bind specific stages](../stages/index.md#bind-a-stage-to-a-flow) to the flow and [bind policies](../../../customize/policies/working_with_policies/working_with_policies.md) to the flow to further customize the user's log in and authentication process.
+After creating the flow, you can then [bind specific stages](../stages/index.md#bind-a-stage-to-a-flow) to the flow and [bind policies](../../../customize/policies/working_with_policies.md) to the flow to further customize the user's log in and authentication process.

 To determine which flow should be used, authentik will first check which default authentication flow is configured in the active [**Brand**](../../../customize/brands.md). If no default is configured there, the policies in all flows with the matching designation are checked, and the first flow with matching policies sorted by `slug` will be used.

@ -66,7 +66,7 @@ import Defaultflowlist from "../flow/flow_list/\_defaultflowlist.mdx";

 <Defaultflowlist />

-**Authentication**: Using this option, you can configure whether the the flow requires initial authentication or not, whether the user must be a superuser, or if the flow requires an outpost.
+**Authentication**: Using this option, you can configure whether the the flow requires initial authentication or not, whether the user must be a superuser, if the flow can only be started after being redirected by a [Redirect stage](../stages/redirect/index.md), or if the flow requires an outpost.

 **Behavior settings**:

--- a/website/docs/add-secure-apps/flows-stages/stages/index.md
+++ b/website/docs/add-secure-apps/flows-stages/stages/index.md
@ -43,7 +43,7 @@ To create a stage, follow these steps:
 2. In the Admin interface, navigate to **Flows and Stages -> Stages**.
 3. Click **Create**, define the flow using the configuration settings, and then click **Finish**.

-After creating the stage, you can then [bind the stage to a flow](#bind-a-stage-to-a-flow) or [bind a policy to the stage](../../../customize/policies/working_with_policies/working_with_policies.md) (the policy determines whether or not the stage will be implemented in the flow).
+After creating the stage, you can then [bind the stage to a flow](#bind-a-stage-to-a-flow) or [bind a policy to the stage](../../../customize/policies/working_with_policies.md) (the policy determines whether or not the stage will be implemented in the flow).

 ## Bind a stage to a flow

--- a/website/docs/add-secure-apps/flows-stages/stages/redirect/index.md
+++ b/website/docs/add-secure-apps/flows-stages/stages/redirect/index.md
@ -0,0 +1,17 @@
+---
+title: Redirect stage
+---
+
+This stage's main purpose is to redirect the user to a new Flow while keeping flow context. For convenience, it can also redirect the user to a static URL.
+
+## Redirect stage modes
+
+### Static mode
+
+When the user reaches this stage, they are redirected to a static URL.
+
+### Flow mode
+
+When the user reaches this stage, they are redirected to a specified flow, retaining all [flow context](../../flow/context).
+
+Optionally, untoggle the "Keep flow context" switch. If this is untoggled, all flow context is cleared with the exception of the [is_redirected](../../flow/context#is_redirected-flow-object) key.