dea2d67ceb 
					 
					
						
						
							
							internal/outpost: fix incorrect usage of golang SHA API ( #14981 )  
						
						... 
						
						
						
						Signed-off-by: Jens Langhammer <jens@goauthentik.io > 
						
						
					 
					
						2025-06-09 20:57:36 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						a306cecb73 
					 
					
						
						
							
							providers/proxy: add option to override host header with property mappings ( #14927 )  
						
						
						
						
					 
					
						2025-06-06 14:54:59 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						65517f3b7f 
					 
					
						
						
							
							enterprise/stages: Add MTLS stage ( #14296 )  
						
						... 
						
						
						
						* prepare client auth with inbuilt server
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* introduce better IPC auth
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* init
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* start stage
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* only allow trusted proxies to set MTLS headers
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* more stage progress
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* dont fail if ipc_key doesn't exist
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* actually install app
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add some tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update API
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix unquote
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix int serial number not jsonable
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* init ui
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add UI
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* unrelated: fix git pull in makefile
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix parse helper
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add test for outpost
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* more tests and improvements
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* improve labels
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add support for multiple CAs on brand
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add support for multiple CAs to MTLS stage
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* dont log ipcuser secret views
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix go mod
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io > 
						
						
					 
					
						2025-05-19 22:48:17 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						84b5992e55 
					 
					
						
						
							
							ci: bump golangci/golangci-lint-action from 6 to 7 ( #13661 )  
						
						... 
						
						
						
						* ci: bump golangci/golangci-lint-action from 6 to 7
Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action ) from 6 to 7.
- [Release notes](https://github.com/golangci/golangci-lint-action/releases )
- [Commits](https://github.com/golangci/golangci-lint-action/compare/v6...v7 )
---
updated-dependencies:
- dependency-name: golangci/golangci-lint-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
* fix lint
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix v2
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix v3
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: dependabot[bot] <support@github.com >
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io > 
						
						
					 
					
						2025-03-26 18:03:20 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						94eff50306 
					 
					
						
						
							
							root: redis, make sure tlscacert isn't an empty string ( #12407 )  
						
						... 
						
						
						
						* root: redis, make sure tlscacert isn't an empty string
* make TLSCaCert a string instead of pointer
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Jens Langhammer <jens@goauthentik.io > 
						
						
					 
					
						2025-01-13 20:14:26 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						40a7135c0c 
					 
					
						
						
							
							core: app entitlements ( #12090 )  
						
						... 
						
						
						
						* core: initial app entitlements
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* base off of pbm
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add tests and oauth2
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add to proxy
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* rewrite to use bindings
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make policy bindings form and list more customizable
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* double fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* refine permissions
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add missing rbac modal to app entitlements
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* separate scope for app entitlements
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* include entitlements mapping in proxy
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add API validation to prevent policies from being bound to entitlements
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make preview
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add initial docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* remove duplicate docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io > 
						
						
					 
					
						2024-12-18 14:32:44 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						a892d4afd8 
					 
					
						
						
							
							providers/proxy: fix Issuer when AUTHENTIK_HOST_BROWSER is set ( #11968 )  
						
						... 
						
						
						
						correctly use host_browser's hostname as host header for token requests to ensure Issuer is identical 
						
						
					 
					
						2024-11-13 00:54:40 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						f482937474 
					 
					
						
						
							
							providers/proxy: fix handling of AUTHENTIK_HOST_BROWSER ( #11722 )  
						
						... 
						
						
						
						* providers/proxy: fix handling of AUTHENTIK_HOST_BROWSER (#9622/#4688/#6476)
* chore: fix tests 
						
						
					 
					
						2024-10-24 16:34:45 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						ad3820c11c 
					 
					
						
						
							
							providers/proxy: fix panic, keep session storages open ( #11439 )  
						
						... 
						
						
						
						* fix panic when redis connection fails
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* re-use session when refreshing apps
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io > 
						
						
					 
					
						2024-09-19 23:05:58 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						171d0f55cb 
					 
					
						
						
							
							providers/proxy: fix URL path getting lost when partial URL is given to rd= ( #11354 )  
						
						... 
						
						
						
						* providers/proxy: fix URL path getting lost when partial URL is given to rd=
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* better fallback + tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io > 
						
						
					 
					
						2024-09-12 18:02:08 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						b8560f2a86 
					 
					
						
						
							
							providers/proxy: bump go-oidc to v3 ( #10432 )  
						
						... 
						
						
						
						Signed-off-by: Jens Langhammer <jens@goauthentik.io > 
						
						
					 
					
						2024-07-10 12:54:45 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						c45bb8e985 
					 
					
						
						
							
							providers/proxy: rework redirect mechanism ( #8594 )  
						
						... 
						
						
						
						* providers/proxy: rework redirect mechanism
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add session id, don't tie to state in session
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* handle state failing to parse
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* save session after creating state
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* remove debug
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* include task expiry in status
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix redirect URL detection
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io > 
						
						
					 
					
						2024-05-06 03:07:08 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						a742331484 
					 
					
						
						
							
							root: make redis settings more consistent ( #9335 )  
						
						... 
						
						
						
						* make redis settings more consistent
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add support to go
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* rewrite url
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix redis connect in wait_for_db
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* censor password when logging error
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* reword docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add redis url generation helper
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io > 
						
						
					 
					
						2024-04-18 16:49:41 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						1b81973358 
					 
					
						
						
							
							outposts/proxy: Fix invalid redirect on external hosts containing path components ( #8915 )  
						
						... 
						
						
						
						* outposts/proxy: Fix invalid redirect on external hosts containing path components
Signed-off-by: Max <github@germancoding.com >
* outposts/proxy: Fix test for changed redirect logic
Signed-off-by: Max <github@germancoding.com >
---------
Signed-off-by: Max <github@germancoding.com > 
						
						
					 
					
						2024-03-19 20:31:08 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						104e70c383 
					 
					
						
						
							
							root: support redis username ( #8935 )  
						
						
						
						
					 
					
						2024-03-18 12:44:38 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						d54b410429 
					 
					
						
						
							
							outposts/proxy: better Redis error message ( #8044 )  
						
						... 
						
						
						
						* outposts/proxy: better Redis error message
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Update internal/outpost/proxyv2/application/session.go
Co-authored-by: Jens L. <jens@goauthentik.io >
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
---------
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
Co-authored-by: Jens L. <jens@goauthentik.io > 
						
						
					 
					
						2024-01-02 20:01:53 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						1ea3dae5ac 
					 
					
						
						
							
							providers/proxy: use access token ( #8022 )  
						
						... 
						
						
						
						Signed-off-by: Jens Langhammer <jens@goauthentik.io > 
						
						
					 
					
						2023-12-30 16:36:43 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						729ef4d786 
					 
					
						
						
							
							root: bump python deps (django 5) ( #7862 )  
						
						... 
						
						
						
						* bump python deps
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* vendor pickle serializer for now
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
#7761 
* cleanup some things and re-build api scheme
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix web and go
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* actually fix go...?
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* better annotate json fields
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* use jsondictfield wherever
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* remove all virtualenvs?
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* ?
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* final version bump
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io > 
						
						
					 
					
						2023-12-18 22:07:59 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						dc7ffba8fa 
					 
					
						
						
							
							internal: remove special route for /outpost.goauthentik.io ( #7539 )  
						
						... 
						
						
						
						With this special route for outpost.goauthentik.io, misdirected requests to /outpost.goauthentik.io/auth/start will create a cookie for the domain authentik is accessed under, which will cause issues with the actual full auth flow. Requests to /outpost.goauthentik.io will still be routed to the outpost, but with this change only when the hostname matches
Signed-off-by: Jens Langhammer <jens@goauthentik.io > 
						
						
					 
					
						2023-11-13 17:39:40 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						695719540b 
					 
					
						
						
							
							providers/proxy: Fix duplicate cookies when using file system store. ( #7541 )  
						
						... 
						
						
						
						Fix duplicate cookies when using file system store. 
						
						
					 
					
						2023-11-13 15:33:49 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						4080080acd 
					 
					
						
						
							
							internal: remove deprecated metrics ( #7540 )  
						
						... 
						
						
						
						Signed-off-by: Jens Langhammer <jens@goauthentik.io > 
						
						
					 
					
						2023-11-13 14:48:37 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						dd4e9030b4 
					 
					
						
						
							
							providers/proxy: fix closed redis client ( #7385 )  
						
						... 
						
						
						
						Signed-off-by: Jens Langhammer <jens@goauthentik.io > 
						
						
					 
					
						2023-11-03 15:19:21 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						7d91842e8a 
					 
					
						
						
							
							providers/proxy: attempt to fix duplicate cookie ( #7324 )  
						
						... 
						
						
						
						Signed-off-by: Jens Langhammer <jens@goauthentik.io > 
						
						
					 
					
						2023-10-27 00:41:13 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						dd7d3bf738 
					 
					
						
						
							
							providers/proxy: fix redis cookies missing strict path ( #7135 )  
						
						... 
						
						
						
						Signed-off-by: Jens Langhammer <jens@goauthentik.io > 
						
						
					 
					
						2023-10-10 12:17:35 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						4db365c947 
					 
					
						
						
							
							providers/proxy: improve SLO by backchannel logging out sessions ( #7099 )  
						
						... 
						
						
						
						* outposts: add support for provider-specific websocket messages
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* providers/proxy: add custom signal on logout to logout in provider
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io > 
						
						
					 
					
						2023-10-09 01:06:52 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						efb2823391 
					 
					
						
						
							
							internal: fix redis session store ( #7011 )  
						
						
						
						
					 
					
						2023-09-28 21:06:27 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						c93c6ee6f9 
					 
					
						
						
							
							root: replace boj/redistore with vendored version of rbcervilla/redisstore ( #6988 )  
						
						... 
						
						
						
						* root: replace boj/redistore with vendored version of rbcervilla/redisstore
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* setup env for go tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io > 
						
						
					 
					
						2023-09-26 18:56:37 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						1410169af1 
					 
					
						
						
							
							providers/proxy: fix JWKS url in embedded outpost ( #6644 )  
						
						... 
						
						
						
						Signed-off-by: Jens Langhammer <jens@goauthentik.io > 
						
						
					 
					
						2023-08-28 00:52:01 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						9e29789c09 
					 
					
						
						
							
							root: fix config loading for outposts ( #6640 )  
						
						... 
						
						
						
						* root: fix config loading for outposts
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix error handling
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* improve check to see if outpost is embedded or not
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* also fix oauth url fetching
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io > 
						
						
					 
					
						2023-08-26 19:40:48 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						f6b144a0fa 
					 
					
						
						
							
							providers/proxy: only intercept auth header when a value is set ( #6488 )  
						
						... 
						
						
						
						Signed-off-by: Jens Langhammer <jens@goauthentik.io > 
						
						
					 
					
						2023-08-06 01:18:20 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						0782b3b0fa 
					 
					
						
						
							
							providers/proxy: set outpost session cookie to httponly and secure wh… ( #6482 )  
						
						... 
						
						
						
						* providers/proxy: set outpost session cookie to httponly and secure when possible
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* set samesite too
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io > 
						
						
					 
					
						2023-08-05 22:09:27 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						a2714ab1f1 
					 
					
						
						
							
							outposts: make metrics compliant with Prometheus best-practices ( #6398 )  
						
						... 
						
						
						
						web/outpost: make metrics compliant with Prometheus best-practices
Today, all NewHistogramVec store values in nanoseconds without changing
the default histogram bucket, which are made for seconds, making them
a bit useless. In addition, some metrics names are not self-explanatoryand
and do not comply with Prometheus best practices.
This commit tries to fix all of this "issues".
NOTE: I kept old metrics in order to avoid breaking changes with
existing dashboards and metrics.
Signed-off-by: Alexandre NICOLAIE <xunleii@users.noreply.github.com > 
						
						
					 
					
						2023-07-27 18:51:08 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						906faf9cce 
					 
					
						
						
							
							providers/proxy: fix panic when claims in session were nil ( #5569 )  
						
						... 
						
						
						
						* providers/proxy: fix panic when claims in session were nil
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add new options
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io > 
						
						
					 
					
						2023-05-10 20:58:44 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						fd2677af1f 
					 
					
						
						
							
							root: bump api generator ( #5139 )  
						
						... 
						
						
						
						* root: bump api generator
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* bump api diff too
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* bump go api client
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* simplify go api generation
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io > 
						
						
					 
					
						2023-04-01 18:10:52 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						ef028af7d1 
					 
					
						
						
							
							providers/proxy: rework endpoints logic ( #4993 )  
						
						... 
						
						
						
						* providers/proxy: rework endpoints logic
again...this time with tests and better logic
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io > 
						
						
					 
					
						2023-03-18 18:51:20 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						f70be86ddc 
					 
					
						
						
							
							providers/proxy: strip scheme when comparing redirect URL  
						
						... 
						
						
						
						Signed-off-by: Jens Langhammer <jens@goauthentik.io > 
						
						
					 
					
						2023-02-20 21:22:26 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						9f431396c0 
					 
					
						
						
							
							providers/proxy: ensure issuer is correct when browser url override is set  
						
						... 
						
						
						
						Signed-off-by: Jens Langhammer <jens@goauthentik.io >
#4715  
						
						
					 
					
						2023-02-19 17:35:29 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						b6c120f555 
					 
					
						
						
							
							providers/proxy: fix client credential flows not using http interceptor  
						
						... 
						
						
						
						Signed-off-by: Jens Langhammer <jens@goauthentik.io > 
						
						
					 
					
						2023-02-15 00:22:56 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						ec42b597ab 
					 
					
						
						
							
							providers/proxy: send token request internally, with overwritten host header ( #4675 )  
						
						... 
						
						
						
						* send token request internally, with overwritten host header
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io > 
						
						
					 
					
						2023-02-13 16:34:47 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						8f70354e3c 
					 
					
						
						
							
							internal: remove debug remnant from cookie testing  
						
						... 
						
						
						
						Signed-off-by: Jens Langhammer <jens@goauthentik.io > 
						
						
					 
					
						2023-02-12 17:29:18 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						21e29744c2 
					 
					
						
						
							
							providers/proxy: different cookie name based on hashed client id ( #4666 )  
						
						
						
						
					 
					
						2023-02-12 16:34:57 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						af43330fd6 
					 
					
						
						
							
							providers/oauth2: rework OAuth2 Provider ( #4652 )  
						
						... 
						
						
						
						* always treat flow as openid flow
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* improve issuer URL generation
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* more refactoring
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update introspection
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* more refinement
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* migrate more
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix more things, update api
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* regen migrations
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix a bunch of things
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* start updating tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix implicit flow, auto set exp
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix timeozone not used correctly
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix revoke
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* more timezone shenanigans
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix userinfo tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update web
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix proxy outpost
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix api tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix missing at_hash for implicit flows
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* re-include at_hash in implicit auth flow
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* use folder context for outpost build
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io > 
						
						
					 
					
						2023-02-09 20:19:48 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						3170b2f92c 
					 
					
						
						
							
							providers/proxy: add token support for basic auth  
						
						... 
						
						
						
						Signed-off-by: Jens Langhammer <jens@goauthentik.io > 
						
						
					 
					
						2023-02-07 22:50:49 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						61b06eff06 
					 
					
						
						
							
							providers/proxy: better log outpost token errors  
						
						... 
						
						
						
						Signed-off-by: Jens Langhammer <jens@goauthentik.io > 
						
						
					 
					
						2023-02-06 20:26:43 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						388367785d 
					 
					
						
						
							
							*/saml: disable pretty_print, add signature tests  
						
						... 
						
						
						
						closes  #4536 
Signed-off-by: Jens Langhammer <jens@goauthentik.io > 
					
						2023-02-03 15:42:09 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						7d4ce41e12 
					 
					
						
						
							
							providers/proxy: outpost wide logout implementation ( #4605 )  
						
						... 
						
						
						
						* initial outpost wide logout implementation
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* handle deserialize error
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix file cleanup, add tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io > 
						
						
					 
					
						2023-02-02 21:18:59 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						43854dc828 
					 
					
						
						
							
							outposts/proxy: fix panic due to IsSet misbehaving  
						
						... 
						
						
						
						Signed-off-by: Jens Langhammer <jens@goauthentik.io > 
						
						
					 
					
						2023-01-19 18:22:55 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						c11367553e 
					 
					
						
						
							
							providers/proxy: fix issuer for embedded outpost ( #4480 )  
						
						... 
						
						
						
						fix issuer for embedded outpost
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Signed-off-by: Jens Langhammer <jens@goauthentik.io > 
						
						
					 
					
						2023-01-19 15:39:30 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						23c69c456a 
					 
					
						
						
							
							providers/proxy: add setting to intercept authorization header ( #4457 )  
						
						... 
						
						
						
						* add setting to intercept authorization header
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* rename to intercept_header_auth
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Signed-off-by: Jens Langhammer <jens@goauthentik.io > 
						
						
					 
					
						2023-01-17 18:56:48 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						19ee98b36d 
					 
					
						
						
							
							outposts/proxy: allow setting no-redirect via header or query param  
						
						... 
						
						
						
						closes  #4455 
Signed-off-by: Jens Langhammer <jens@goauthentik.io > 
					
						2023-01-17 10:56:43 +01:00