|
|
cdbf448769
|
providers/oauth2: audit_ignore last_login change for generated service account (#11085)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
|
2024-08-27 14:23:55 +02:00 |
|
|
|
322ae4c4ed
|
website/docs: add source property mappings, rework provider property mappings (#10652)
|
2024-08-07 19:30:29 +00:00 |
|
|
|
53f8699deb
|
website/docs: 2024.4 release notes (#9267)
* website/docs: 2024.4 release notes WIP
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix .next
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* reword
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add python api client
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix consistency
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* expand scim docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add release notes to sidebar
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* update release notes and add disclaimer
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add disclaimer to template
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add list of API Clients to developer docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add performance improvements
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix build
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
|
2024-04-19 15:32:48 +02:00 |
|
|
|
c3fb84397a
|
providers/oauth2: improve conformance with client_credentials standard (#8471)
* allow using username:password base64 encoded as client_secret
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* support standard method by generating a user
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* update docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix warning
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
|
2024-02-19 16:11:20 +01:00 |
|
|
|
a3bfb3d25c
|
website/docs: 2024.2 release notes (#8468)
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Co-authored-by: Jens L. <jens@goauthentik.io>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
|
2024-02-14 20:52:56 +01:00 |
|
|
|
abc0c2d2a2
|
root: Multi-tenancy (#7590)
* tenants -> brands, init new tenant model, migrate some config to tenants
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* setup logging for tenants
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* configure celery and cache
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* small fixes, runs
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* task fixes, creation of tenant now works by cloning a template schema, some other small stuff
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* fix-tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* upstream fixes
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* fix-pylint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* fix tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* fix avatar tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* migrate config reputation_expiry as well
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* fix web rebase
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* fix migrations for template schema
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* fix migrations for template schema
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* fix migrations for template schema 3
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* revert reputation expiry migration
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* fix type
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* fix some more tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* website: tenants -> brands
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* try fixing e2e tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* start frontend :help:
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* add ability to disable tenants api
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* delete embedded outpost if it is disabled
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* make sure embedded outpost is disabled when tenants are enabled
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* management commands: add --schema option where relevant
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* store files per-tenant
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* fix embedded outpost deletion
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* fix files migration
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* add tenant api tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* add domain tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* add settings tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* make --schema-name default to public in mgmt commands
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* sources/ldap: make sure lock is per-tenant
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* fix stuff I broke
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* fix remaining failing tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* try fixing e2e tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* much better frontend, but save does not refresh form properly
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* update django-tenants with latest fixes
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* i18n-extract
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* review comments
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* move event_retention from brands to tenants
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* wip
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* root: add support for storing media files in S3
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* use permissions for settings api
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* blueprints: disable tenants management
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* fix tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* fix embedded outpost create/delete logic
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* make gen
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* make sure prometheus metrics are correctly served
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* makefile: don't delete the go api client when not regenerating it
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* tenants api: add recovery group and token creation endpoints
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* fix startup
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* fix prometheus metrics
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* fix tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* fix web stuff
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix migrations from stable
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* fix oauth source type import
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* Revert "fix oauth source type import"
This reverts commit d015fd0244.
* try with setting_changed signal
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* try with connection_created signal
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* fix scim tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* fix web after merge
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* fix enterprise settings
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* Revert "try with connection_created signal"
This reverts commit 764a999db8.
* Revert "try with setting_changed signal"
This reverts commit 32b40a3bbb.
* lib/expression: refactor expression compilation
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* fix django version
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* fix web after merge
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* relock poetry
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* fix reconcile
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* try running tenant save in a transaction
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* black
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* test: export postgres logs for debugging and use failfast
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* test: fix container name for logs
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* do not copy tenant data
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* Revert "try running tenant save in a transaction"
This reverts commit da6dec5a61.
* Revert "do not copy tenant data"
This reverts commit d07ae9423672f068b0bd8be409ff9b58452a80f2.
* Revert "Revert "do not copy tenant data""
This reverts commit 4bffb19704.
* fix clone with nodata
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* why not
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* remove failfast
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* remove postgres query logging
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* update reconcile logic to clearly differentiate between tenant and global
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix reconcile app decorator
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* enable django checks
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* actually nodata was unnecessary as we're cloning from template and not from public
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* pylint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* update django-tenants with sequence fix
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* actually update
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* fix e2e tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* add tests for settings api
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* add tests for recovery api
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* recovery tests: do them on a new tenant
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* web: fix system status being degraded when embedded outpost is disabled
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* fix recovery tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* fix tenants tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* lint-fix
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* lint-fix
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* update UI
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add management command to create a tenant
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add docs
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* release notes
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* more docs
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* checklist
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* self review
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* spelling
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* make web after upgrading
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* remove extra xlif file
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* prettier
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* Revert "add management command to create a tenant"
This reverts commit 39d13c0447.
* split api into smaller files, only import urls when tenants is enabled
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* rewite some things on the release notes
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* root: make sure install_id comes from public schema
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* require a license to use tenants
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* fix tenants tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* fix files migration
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* release notes: add warning about user sessions being invalidated
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* remove api disabled test, we can't test for it
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
---------
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
|
2024-01-23 14:28:06 +01:00 |
|
|
|
509b502d3c
|
providers/oauth2: offline access (#8026)
* improve scope check (log when application requests non-configured scopes)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add offline_access special scope
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* ensure scope is set
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* update tests for refresh tokens
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* special handling of scopes for github compat
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix spec
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* attempt to fix oidc tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* remove hardcoded slug
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* check scope from authorization code instead of request
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix injection for consent stage checking incorrectly
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
|
2024-01-04 19:57:11 +01:00 |
|
|
|
c68a42f63b
|
website/docs: improve docs for OAuth2 device code flow (#5570)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
|
2023-05-10 20:58:31 +02:00 |
|
|
|
8ed2f7fe9e
|
providers/oauth2: add device flow (#3334)
* start device flow
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web: fix inconsistent app filtering
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add tenant device code flow
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add throttling to device code view
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* somewhat unrelated changes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add initial device code entry flow
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add finish stage
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* it works
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add support for verification_uri_complete
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add some tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add more tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add docs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2022-10-11 12:42:10 +02:00 |
|
|
|
1c64616ebd
|
sources/ldap: add configuration for LDAP Source ciphers
closes #3110
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2022-07-01 19:53:49 +02:00 |
|
|
|
23273f53cc
|
providers/oauth2: if no scopes are sent in authorize request, select all configured scopes
closes #3112
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2022-07-01 19:45:26 +02:00 |
|
|
|
8dbb0bd2c6
|
providers/oauth2: token revoke (#3077)
|
2022-06-11 18:49:16 +02:00 |
|
|
|
4c39e08dd4
|
website/docs: fix incorrect oauth end-session URL
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2022-06-06 12:48:06 +02:00 |
|
|
|
b4e75218f5
|
sources/oauth: OIDC well-known and JWKS (#2936)
* add initial
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add provider
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* include source and jwk key id in event
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add more docs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add tests for source
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix web formatting
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add provider tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix lint error
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2022-05-24 21:02:50 +02:00 |
|
|
|
f9469e3f99
|
website: format docs with prettier (#2833)
* run prettier
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add scim to comparison
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2022-05-09 21:22:41 +02:00 |
|
|
|
4be238018b
|
providers/oauth2: pass scope and other parameters to access policy request context
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#2641
|
2022-04-01 21:39:05 +02:00 |
|
|
|
8689444954
|
providers/oauth2: add password grant support (treated as client_credentials)
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2022-03-31 18:02:17 +02:00 |
|
|
|
bb8af2f19b
|
providers/oauth2: add client_assertion_type jwt bearer support (#2618)
|
2022-03-31 00:30:55 +02:00 |
|
