Applied suggestions

Typo
Prettier fix
2025-06-26 12:00:15 +03:00 · 2025-06-26 01:05:35 +03:00 · 2025-06-25 23:59:30 +03:00 · 2025-06-25 23:50:55 +03:00 · 2025-06-25 14:45:01 -05:00 · 2025-06-25 18:00:14 +00:00
54 changed files with 646 additions and 473 deletions
--- a/.vscode/settings.json
+++ b/.vscode/settings.json
@ -6,13 +6,15 @@
        "!Context scalar",
        "!Enumerate sequence",
        "!Env scalar",
+        "!Env sequence",
        "!Find sequence",
        "!Format sequence",
        "!If sequence",
        "!Index scalar",
        "!KeyOf scalar",
        "!Value scalar",
-        "!AtIndex scalar"
+        "!AtIndex scalar",
+        "!ParseJSON scalar"
    ],
    "typescript.preferences.importModuleSpecifier": "non-relative",
    "typescript.preferences.importModuleSpecifierEnding": "index",
--- a/authentik/blueprints/tests/fixtures/tags.yaml
+++ b/authentik/blueprints/tests/fixtures/tags.yaml
@ -37,6 +37,7 @@ entries:
    - attrs:
          attributes:
              env_null: !Env [bar-baz, null]
+              json_parse: !ParseJSON '{"foo": "bar"}'
              policy_pk1:
                  !Format [
                      "%s-%s",
--- a/authentik/blueprints/tests/test_v1.py
+++ b/authentik/blueprints/tests/test_v1.py
@ -215,6 +215,7 @@ class TestBlueprintsV1(TransactionTestCase):
                    },
                    "nested_context": "context-nested-value",
                    "env_null": None,
+                    "json_parse": {"foo": "bar"},
                    "at_index_sequence": "foo",
                    "at_index_sequence_default": "non existent",
                    "at_index_mapping": 2,
--- a/authentik/blueprints/v1/common.py
+++ b/authentik/blueprints/v1/common.py
@ -6,6 +6,7 @@ from copy import copy
 from dataclasses import asdict, dataclass, field, is_dataclass
 from enum import Enum
 from functools import reduce
+from json import JSONDecodeError, loads
 from operator import ixor
 from os import getenv
 from typing import Any, Literal, Union
@ -291,6 +292,22 @@ class Context(YAMLTag):
        return value


+class ParseJSON(YAMLTag):
+    """Parse JSON from context/env/etc value"""
+
+    raw: str
+
+    def __init__(self, loader: "BlueprintLoader", node: ScalarNode) -> None:
+        super().__init__()
+        self.raw = node.value
+
+    def resolve(self, entry: BlueprintEntry, blueprint: Blueprint) -> Any:
+        try:
+            return loads(self.raw)
+        except JSONDecodeError as exc:
+            raise EntryInvalidError.from_entry(exc, entry) from exc
+
+
 class Format(YAMLTag):
    """Format a string"""

@ -666,6 +683,7 @@ class BlueprintLoader(SafeLoader):
        self.add_constructor("!Value", Value)
        self.add_constructor("!Index", Index)
        self.add_constructor("!AtIndex", AtIndex)
+        self.add_constructor("!ParseJSON", ParseJSON)


 class EntryInvalidError(SentryIgnoredException):
--- a/authentik/core/api/users.py
+++ b/authentik/core/api/users.py
@ -407,7 +407,7 @@ class UserViewSet(UsedByMixin, ModelViewSet):
            StrField(User, "path"),
            BoolField(User, "is_active", nullable=True),
            ChoiceSearchField(User, "type"),
-            JSONSearchField(User, "attributes"),
+            JSONSearchField(User, "attributes", suggest_nested=False),
        ]

    def get_queryset(self):
--- a/authentik/core/api/utils.py
+++ b/authentik/core/api/utils.py
@ -2,6 +2,7 @@

 from typing import Any

+from django.db import models
 from django.db.models import Model
 from drf_spectacular.extensions import OpenApiSerializerFieldExtension
 from drf_spectacular.plumbing import build_basic_type
@ -30,7 +31,27 @@ def is_dict(value: Any):
    raise ValidationError("Value must be a dictionary, and not have any duplicate keys.")


+class JSONDictField(JSONField):
+    """JSON Field which only allows dictionaries"""
+
+    default_validators = [is_dict]
+
+
+class JSONExtension(OpenApiSerializerFieldExtension):
+    """Generate API Schema for JSON fields as"""
+
+    target_class = "authentik.core.api.utils.JSONDictField"
+
+    def map_serializer_field(self, auto_schema, direction):
+        return build_basic_type(OpenApiTypes.OBJECT)
+
+
 class ModelSerializer(BaseModelSerializer):
+
+    # By default, JSON fields we have are used to store dictionaries
+    serializer_field_mapping = BaseModelSerializer.serializer_field_mapping.copy()
+    serializer_field_mapping[models.JSONField] = JSONDictField
+
    def create(self, validated_data):
        instance = super().create(validated_data)

@ -71,21 +92,6 @@ class ModelSerializer(BaseModelSerializer):
        return instance


-class JSONDictField(JSONField):
-    """JSON Field which only allows dictionaries"""
-
-    default_validators = [is_dict]
-
-
-class JSONExtension(OpenApiSerializerFieldExtension):
-    """Generate API Schema for JSON fields as"""
-
-    target_class = "authentik.core.api.utils.JSONDictField"
-
-    def map_serializer_field(self, auto_schema, direction):
-        return build_basic_type(OpenApiTypes.OBJECT)
-
-
 class PassiveSerializer(Serializer):
    """Base serializer class which doesn't implement create/update methods"""

--- a/authentik/events/models.py
+++ b/authentik/events/models.py
@ -193,17 +193,32 @@ class Event(SerializerModel, ExpiringModel):
            brand: Brand = request.brand
            self.brand = sanitize_dict(model_to_dict(brand))
        if hasattr(request, "user"):
-            original_user = None
-            if hasattr(request, "session"):
-                original_user = request.session.get(SESSION_KEY_IMPERSONATE_ORIGINAL_USER, None)
-            self.user = get_user(request.user, original_user)
+            self.user = get_user(request.user)
        if user:
            self.user = get_user(user)
-        # Check if we're currently impersonating, and add that user
        if hasattr(request, "session"):
+            from authentik.flows.views.executor import SESSION_KEY_PLAN
+
+            # Check if we're currently impersonating, and add that user
            if SESSION_KEY_IMPERSONATE_ORIGINAL_USER in request.session:
                self.user = get_user(request.session[SESSION_KEY_IMPERSONATE_ORIGINAL_USER])
                self.user["on_behalf_of"] = get_user(request.session[SESSION_KEY_IMPERSONATE_USER])
+            # Special case for events that happen during a flow, the user might not be authenticated
+            # yet but is a pending user instead
+            if SESSION_KEY_PLAN in request.session:
+                from authentik.flows.planner import PLAN_CONTEXT_PENDING_USER, FlowPlan
+
+                plan: FlowPlan = request.session[SESSION_KEY_PLAN]
+                pending_user = plan.context.get(PLAN_CONTEXT_PENDING_USER, None)
+                # Only save `authenticated_as` if there's a different pending user in the flow
+                # than the user that is authenticated
+                if pending_user and (
+                    (pending_user.pk and pending_user.pk != self.user.get("pk"))
+                    or (not pending_user.pk)
+                ):
+                    orig_user = self.user.copy()
+
+                    self.user = {"authenticated_as": orig_user, **get_user(pending_user)}
        # User 255.255.255.255 as fallback if IP cannot be determined
        self.client_ip = ClientIPMiddleware.get_client_ip(request)
        # Enrich event data
--- a/authentik/events/tests/test_event.py
+++ b/authentik/events/tests/test_event.py
@ -8,9 +8,11 @@ from django.views.debug import SafeExceptionReporterFilter
 from guardian.shortcuts import get_anonymous_user

 from authentik.brands.models import Brand
-from authentik.core.models import Group
+from authentik.core.models import Group, User
+from authentik.core.tests.utils import create_test_user
 from authentik.events.models import Event
-from authentik.flows.views.executor import QS_QUERY
+from authentik.flows.planner import PLAN_CONTEXT_PENDING_USER, FlowPlan
+from authentik.flows.views.executor import QS_QUERY, SESSION_KEY_PLAN
 from authentik.lib.generators import generate_id
 from authentik.policies.dummy.models import DummyPolicy

@ -116,3 +118,92 @@ class TestEvents(TestCase):
                "pk": brand.pk.hex,
            },
        )
+
+    def test_from_http_flow_pending_user(self):
+        """Test request from flow request with a pending user"""
+        user = create_test_user()
+
+        session = self.client.session
+        plan = FlowPlan(generate_id())
+        plan.context[PLAN_CONTEXT_PENDING_USER] = user
+        session[SESSION_KEY_PLAN] = plan
+        session.save()
+
+        request = self.factory.get("/")
+        request.session = session
+        request.user = user
+
+        event = Event.new("unittest").from_http(request)
+        self.assertEqual(
+            event.user,
+            {
+                "email": user.email,
+                "pk": user.pk,
+                "username": user.username,
+            },
+        )
+
+    def test_from_http_flow_pending_user_anon(self):
+        """Test request from flow request with a pending user"""
+        user = create_test_user()
+        anon = get_anonymous_user()
+
+        session = self.client.session
+        plan = FlowPlan(generate_id())
+        plan.context[PLAN_CONTEXT_PENDING_USER] = user
+        session[SESSION_KEY_PLAN] = plan
+        session.save()
+
+        request = self.factory.get("/")
+        request.session = session
+        request.user = anon
+
+        event = Event.new("unittest").from_http(request)
+        self.assertEqual(
+            event.user,
+            {
+                "authenticated_as": {
+                    "pk": anon.pk,
+                    "is_anonymous": True,
+                    "username": "AnonymousUser",
+                    "email": "",
+                },
+                "email": user.email,
+                "pk": user.pk,
+                "username": user.username,
+            },
+        )
+
+    def test_from_http_flow_pending_user_fake(self):
+        """Test request from flow request with a pending user"""
+        user = User(
+            username=generate_id(),
+            email=generate_id(),
+        )
+        anon = get_anonymous_user()
+
+        session = self.client.session
+        plan = FlowPlan(generate_id())
+        plan.context[PLAN_CONTEXT_PENDING_USER] = user
+        session[SESSION_KEY_PLAN] = plan
+        session.save()
+
+        request = self.factory.get("/")
+        request.session = session
+        request.user = anon
+
+        event = Event.new("unittest").from_http(request)
+        self.assertEqual(
+            event.user,
+            {
+                "authenticated_as": {
+                    "pk": anon.pk,
+                    "is_anonymous": True,
+                    "username": "AnonymousUser",
+                    "email": "",
+                },
+                "email": user.email,
+                "pk": user.pk,
+                "username": user.username,
+            },
+        )
--- a/authentik/events/utils.py
+++ b/authentik/events/utils.py
@ -74,8 +74,8 @@ def model_to_dict(model: Model) -> dict[str, Any]:
    }


-def get_user(user: User | AnonymousUser, original_user: User | None = None) -> dict[str, Any]:
-    """Convert user object to dictionary, optionally including the original user"""
+def get_user(user: User | AnonymousUser) -> dict[str, Any]:
+    """Convert user object to dictionary"""
    if isinstance(user, AnonymousUser):
        try:
            user = get_anonymous_user()
@ -88,10 +88,6 @@ def get_user(user: User | AnonymousUser, original_user: User | None = None) -> d
    }
    if user.username == settings.ANONYMOUS_USER_NAME:
        user_data["is_anonymous"] = True
-    if original_user:
-        original_data = get_user(original_user)
-        original_data["on_behalf_of"] = user_data
-        return original_data
    return user_data


--- a/authentik/tenants/api/settings.py
+++ b/authentik/tenants/api/settings.py
@ -1,6 +1,7 @@
 """Serializer for tenants models"""

 from django_tenants.utils import get_public_schema_name
+from rest_framework.fields import JSONField
 from rest_framework.generics import RetrieveUpdateAPIView
 from rest_framework.permissions import SAFE_METHODS

@ -12,6 +13,8 @@ from authentik.tenants.models import Tenant
 class SettingsSerializer(ModelSerializer):
    """Settings Serializer"""

+    footer_links = JSONField(required=False)
+
    class Meta:
        model = Tenant
        fields = [
--- a/go.mod
+++ b/go.mod
@ -23,13 +23,13 @@ require (
 	github.com/nmcclain/asn1-ber v0.0.0-20170104154839-2661553a0484
 	github.com/pires/go-proxyproto v0.8.1
 	github.com/prometheus/client_golang v1.22.0
-	github.com/redis/go-redis/v9 v9.10.0
+	github.com/redis/go-redis/v9 v9.11.0
 	github.com/sethvargo/go-envconfig v1.3.0
 	github.com/sirupsen/logrus v1.9.3
 	github.com/spf13/cobra v1.9.1
 	github.com/stretchr/testify v1.10.0
 	github.com/wwt/guac v1.3.2
-	goauthentik.io/api/v3 v3.2025062.4
+	goauthentik.io/api/v3 v3.2025062.5
 	golang.org/x/exp v0.0.0-20230210204819-062eb4c674ab
 	golang.org/x/oauth2 v0.30.0
 	golang.org/x/sync v0.15.0
--- a/go.sum
+++ b/go.sum
@ -251,8 +251,8 @@ github.com/prometheus/common v0.62.0 h1:xasJaQlnWAeyHdUBeGjXmutelfJHWMRr+Fg4QszZ
 github.com/prometheus/common v0.62.0/go.mod h1:vyBcEuLSvWos9B1+CyL7JZ2up+uFzXhkqml0W5zIY1I=
 github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc=
 github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk=
-github.com/redis/go-redis/v9 v9.10.0 h1:FxwK3eV8p/CQa0Ch276C7u2d0eNC9kCmAYQ7mCXCzVs=
-github.com/redis/go-redis/v9 v9.10.0/go.mod h1:huWgSWd8mW6+m0VPhJjSSQ+d6Nh1VICQ6Q5lHuCH/Iw=
+github.com/redis/go-redis/v9 v9.11.0 h1:E3S08Gl/nJNn5vkxd2i78wZxWAPNZgUNTp8WIJUAiIs=
+github.com/redis/go-redis/v9 v9.11.0/go.mod h1:huWgSWd8mW6+m0VPhJjSSQ+d6Nh1VICQ6Q5lHuCH/Iw=
 github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
 github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDNXVBh4M=
 github.com/rogpeppe/go-internal v1.11.0/go.mod h1:ddIwULY96R17DhadqLgMfk9H9tvdUzkipdSkR5nkCZA=
@ -298,8 +298,8 @@ go.opentelemetry.io/otel/trace v1.24.0 h1:CsKnnL4dUAr/0llH9FKuc698G04IrpWV0MQA/Y
 go.opentelemetry.io/otel/trace v1.24.0/go.mod h1:HPc3Xr/cOApsBI154IU0OI0HJexz+aw5uPdbs3UCjNU=
 go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=
 go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE=
-goauthentik.io/api/v3 v3.2025062.4 h1:HuyL12kKserXT2w+wCDUYNRSeyCCGX81wU9SRCPuxDo=
-goauthentik.io/api/v3 v3.2025062.4/go.mod h1:zz+mEZg8rY/7eEjkMGWJ2DnGqk+zqxuybGCGrR2O4Kw=
+goauthentik.io/api/v3 v3.2025062.5 h1:+eQe3S+9WxrO0QczbSQUhtfnCB1w2rse5wmgMkcRUio=
+goauthentik.io/api/v3 v3.2025062.5/go.mod h1:zz+mEZg8rY/7eEjkMGWJ2DnGqk+zqxuybGCGrR2O4Kw=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
--- a/locale/en/LC_MESSAGES/django.po
+++ b/locale/en/LC_MESSAGES/django.po
@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2025-06-19 00:10+0000\n"
+"POT-Creation-Date: 2025-06-25 00:10+0000\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@ -109,10 +109,6 @@ msgstr ""
 msgid "User does not have access to application."
 msgstr ""

-#: authentik/core/api/devices.py
-msgid "Extra description not available"
-msgstr ""
-
 #: authentik/core/api/groups.py
 msgid "Cannot set group as parent of itself."
 msgstr ""
--- a/locale/es/LC_MESSAGES/django.mo
+++ b/locale/es/LC_MESSAGES/django.mo
--- a/pyproject.toml
+++ b/pyproject.toml
@ -57,7 +57,7 @@ dependencies = [
    "pyyaml==6.0.2",
    "requests-oauthlib==2.0.0",
    "scim2-filter-parser==0.7.0",
-    "sentry-sdk==2.30.0",
+    "sentry-sdk==2.31.0",
    "service-identity==24.2.0",
    "setproctitle==1.3.6",
    "structlog==25.4.0",
--- a/schema.yml
+++ b/schema.yml
@ -41338,7 +41338,9 @@ components:
        app:
          type: string
          format: uuid
-        attributes: {}
+        attributes:
+          type: object
+          additionalProperties: {}
      required:
      - app
      - name
@ -41353,7 +41355,9 @@ components:
        app:
          type: string
          format: uuid
-        attributes: {}
+        attributes:
+          type: object
+          additionalProperties: {}
      required:
      - app
      - name
@ -41942,7 +41946,9 @@ components:
        friendly_name:
          type: string
          nullable: true
-        credentials: {}
+        credentials:
+          type: object
+          additionalProperties: {}
      required:
      - component
      - credentials
@ -41972,7 +41978,9 @@ components:
          type: string
          nullable: true
          minLength: 1
-        credentials: {}
+        credentials:
+          type: object
+          additionalProperties: {}
      required:
      - credentials
      - name
@ -42777,7 +42785,9 @@ components:
        path:
          type: string
          default: ''
-        context: {}
+        context:
+          type: object
+          additionalProperties: {}
        last_applied:
          type: string
          format: date-time
@ -42797,6 +42807,8 @@ components:
            type: string
          readOnly: true
        metadata:
+          type: object
+          additionalProperties: {}
          readOnly: true
        content:
          type: string
@ -42818,7 +42830,9 @@ components:
        path:
          type: string
          default: ''
-        context: {}
+        context:
+          type: object
+          additionalProperties: {}
        enabled:
          type: boolean
        content:
@ -42898,7 +42912,9 @@ components:
            type: string
            format: uuid
          description: Certificates used for client authentication.
-        attributes: {}
+        attributes:
+          type: object
+          additionalProperties: {}
      required:
      - brand_uuid
      - domain
@ -42968,7 +42984,9 @@ components:
            type: string
            format: uuid
          description: Certificates used for client authentication.
-        attributes: {}
+        attributes:
+          type: object
+          additionalProperties: {}
      required:
      - domain
    Cache:
@ -44609,7 +44627,9 @@ components:
          $ref: '#/components/schemas/ProtocolEnum'
        host:
          type: string
-        settings: {}
+        settings:
+          type: object
+          additionalProperties: {}
        property_mappings:
          type: array
          items:
@ -44680,7 +44700,9 @@ components:
        host:
          type: string
          minLength: 1
-        settings: {}
+        settings:
+          type: object
+          additionalProperties: {}
        property_mappings:
          type: array
          items:
@ -44744,12 +44766,16 @@ components:
          format: uuid
          readOnly: true
          title: Event uuid
-        user: {}
+        user:
+          type: object
+          additionalProperties: {}
        action:
          $ref: '#/components/schemas/EventActions'
        app:
          type: string
-        context: {}
+        context:
+          type: object
+          additionalProperties: {}
        client_ip:
          type: string
          nullable: true
@ -44760,7 +44786,9 @@ components:
        expires:
          type: string
          format: date-time
-        brand: {}
+        brand:
+          type: object
+          additionalProperties: {}
      required:
      - action
      - app
@ -44905,13 +44933,17 @@ components:
      type: object
      description: Event Serializer
      properties:
-        user: {}
+        user:
+          type: object
+          additionalProperties: {}
        action:
          $ref: '#/components/schemas/EventActions'
        app:
          type: string
          minLength: 1
-        context: {}
+        context:
+          type: object
+          additionalProperties: {}
        client_ip:
          type: string
          nullable: true
@ -44919,7 +44951,9 @@ components:
        expires:
          type: string
          format: date-time
-        brand: {}
+        brand:
+          type: object
+          additionalProperties: {}
      required:
      - action
      - app
@ -45894,7 +45928,9 @@ components:
          type: string
          format: email
          maxLength: 254
-        credentials: {}
+        credentials:
+          type: object
+          additionalProperties: {}
        scopes:
          type: string
        exclude_users_service_account:
@ -45945,6 +45981,8 @@ components:
        provider:
          type: integer
        attributes:
+          type: object
+          additionalProperties: {}
          readOnly: true
      required:
      - attributes
@ -46059,7 +46097,9 @@ components:
          format: email
          minLength: 1
          maxLength: 254
-        credentials: {}
+        credentials:
+          type: object
+          additionalProperties: {}
        scopes:
          type: string
          minLength: 1
@ -46104,6 +46144,8 @@ components:
        provider:
          type: integer
        attributes:
+          type: object
+          additionalProperties: {}
          readOnly: true
      required:
      - attributes
@ -47432,6 +47474,8 @@ components:
          description: Return internal model name
          readOnly: true
        kubeconfig:
+          type: object
+          additionalProperties: {}
          description: Paste your kubeconfig here. authentik will automatically use
            the currently selected context.
        verify_ssl:
@ -47456,6 +47500,8 @@ components:
          description: If enabled, use the local connection. Required Docker socket/Kubernetes
            Integration
        kubeconfig:
+          type: object
+          additionalProperties: {}
          description: Paste your kubeconfig here. authentik will automatically use
            the currently selected context.
        verify_ssl:
@ -48392,6 +48438,8 @@ components:
        provider:
          type: integer
        attributes:
+          type: object
+          additionalProperties: {}
          readOnly: true
      required:
      - attributes
@ -48548,6 +48596,8 @@ components:
        provider:
          type: integer
        attributes:
+          type: object
+          additionalProperties: {}
          readOnly: true
      required:
      - attributes
@ -49460,7 +49510,9 @@ components:
          type: string
        oidc_jwks_url:
          type: string
-        oidc_jwks: {}
+        oidc_jwks:
+          type: object
+          additionalProperties: {}
        authorization_code_auth_method:
          allOf:
          - $ref: '#/components/schemas/AuthorizationCodeAuthMethodEnum'
@ -49634,7 +49686,9 @@ components:
          type: string
        oidc_jwks_url:
          type: string
-        oidc_jwks: {}
+        oidc_jwks:
+          type: object
+          additionalProperties: {}
        authorization_code_auth_method:
          allOf:
          - $ref: '#/components/schemas/AuthorizationCodeAuthMethodEnum'
@ -52319,7 +52373,9 @@ components:
        app:
          type: string
          format: uuid
-        attributes: {}
+        attributes:
+          type: object
+          additionalProperties: {}
    PatchedApplicationRequest:
      type: object
      description: Application Serializer
@ -52471,7 +52527,9 @@ components:
          type: string
          nullable: true
          minLength: 1
-        credentials: {}
+        credentials:
+          type: object
+          additionalProperties: {}
    PatchedAuthenticatorSMSStageRequest:
      type: object
      description: AuthenticatorSMSStage Serializer
@ -52658,7 +52716,9 @@ components:
        path:
          type: string
          default: ''
-        context: {}
+        context:
+          type: object
+          additionalProperties: {}
        enabled:
          type: boolean
        content:
@ -52729,7 +52789,9 @@ components:
            type: string
            format: uuid
          description: Certificates used for client authentication.
-        attributes: {}
+        attributes:
+          type: object
+          additionalProperties: {}
    PatchedCaptchaStageRequest:
      type: object
      description: CaptchaStage Serializer
@ -53005,7 +53067,9 @@ components:
        host:
          type: string
          minLength: 1
-        settings: {}
+        settings:
+          type: object
+          additionalProperties: {}
        property_mappings:
          type: array
          items:
@ -53057,13 +53121,17 @@ components:
      type: object
      description: Event Serializer
      properties:
-        user: {}
+        user:
+          type: object
+          additionalProperties: {}
        action:
          $ref: '#/components/schemas/EventActions'
        app:
          type: string
          minLength: 1
-        context: {}
+        context:
+          type: object
+          additionalProperties: {}
        client_ip:
          type: string
          nullable: true
@ -53071,7 +53139,9 @@ components:
        expires:
          type: string
          format: date-time
-        brand: {}
+        brand:
+          type: object
+          additionalProperties: {}
    PatchedExpressionPolicyRequest:
      type: object
      description: Group Membership Policy Serializer
@ -53254,7 +53324,9 @@ components:
          format: email
          minLength: 1
          maxLength: 254
-        credentials: {}
+        credentials:
+          type: object
+          additionalProperties: {}
        scopes:
          type: string
          minLength: 1
@ -53638,6 +53710,8 @@ components:
          description: If enabled, use the local connection. Required Docker socket/Kubernetes
            Integration
        kubeconfig:
+          type: object
+          additionalProperties: {}
          description: Paste your kubeconfig here. authentik will automatically use
            the currently selected context.
        verify_ssl:
@ -54221,7 +54295,9 @@ components:
          type: string
        oidc_jwks_url:
          type: string
-        oidc_jwks: {}
+        oidc_jwks:
+          type: object
+          additionalProperties: {}
        authorization_code_auth_method:
          allOf:
          - $ref: '#/components/schemas/AuthorizationCodeAuthMethodEnum'
@ -54700,7 +54776,9 @@ components:
          items:
            type: string
            format: uuid
-        settings: {}
+        settings:
+          type: object
+          additionalProperties: {}
        connection_expiry:
          type: string
          minLength: 1
@ -55157,7 +55235,9 @@ components:
        source:
          type: string
          format: uuid
-        attributes: {}
+        attributes:
+          type: object
+          additionalProperties: {}
    PatchedSCIMSourcePropertyMappingRequest:
      type: object
      description: SCIMSourcePropertyMapping Serializer
@ -55218,7 +55298,9 @@ components:
        source:
          type: string
          format: uuid
-        attributes: {}
+        attributes:
+          type: object
+          additionalProperties: {}
    PatchedSMSDeviceRequest:
      type: object
      description: Serializer for sms authenticator devices
@ -55305,9 +55387,7 @@ components:
          minimum: 0
          description: Reputation cannot increase higher than this value. Zero or
            positive.
-        footer_links:
-          description: The option configures the footer links on the flow executor
-            pages.
+        footer_links: {}
        gdpr_compliance:
          type: boolean
          description: When enabled, all the events caused by a user will be deleted
@ -57119,7 +57199,9 @@ components:
          type: string
          description: Return internal model name
          readOnly: true
-        settings: {}
+        settings:
+          type: object
+          additionalProperties: {}
        outpost_set:
          type: array
          items:
@ -57167,7 +57249,9 @@ components:
          items:
            type: string
            format: uuid
-        settings: {}
+        settings:
+          type: object
+          additionalProperties: {}
        connection_expiry:
          type: string
          minLength: 1
@ -57577,8 +57661,12 @@ components:
          type: string
        ip:
          type: string
-        ip_geo_data: {}
-        ip_asn_data: {}
+        ip_geo_data:
+          type: object
+          additionalProperties: {}
+        ip_asn_data:
+          type: object
+          additionalProperties: {}
        score:
          type: integer
          maximum: 9223372036854775807
@ -58651,6 +58739,8 @@ components:
        provider:
          type: integer
        attributes:
+          type: object
+          additionalProperties: {}
          readOnly: true
      required:
      - attributes
@ -58741,6 +58831,8 @@ components:
        provider:
          type: integer
        attributes:
+          type: object
+          additionalProperties: {}
          readOnly: true
      required:
      - attributes
@ -58855,7 +58947,9 @@ components:
        source:
          type: string
          format: uuid
-        attributes: {}
+        attributes:
+          type: object
+          additionalProperties: {}
      required:
      - group
      - group_obj
@ -58874,7 +58968,9 @@ components:
        source:
          type: string
          format: uuid
-        attributes: {}
+        attributes:
+          type: object
+          additionalProperties: {}
      required:
      - group
      - id
@ -58993,7 +59089,9 @@ components:
        source:
          type: string
          format: uuid
-        attributes: {}
+        attributes:
+          type: object
+          additionalProperties: {}
      required:
      - id
      - source
@ -59011,7 +59109,9 @@ components:
        source:
          type: string
          format: uuid
-        attributes: {}
+        attributes:
+          type: object
+          additionalProperties: {}
      required:
      - id
      - source
@ -59404,9 +59504,7 @@ components:
          minimum: 0
          description: Reputation cannot increase higher than this value. Zero or
            positive.
-        footer_links:
-          description: The option configures the footer links on the flow executor
-            pages.
+        footer_links: {}
        gdpr_compliance:
          type: boolean
          description: When enabled, all the events caused by a user will be deleted
@ -59458,9 +59556,7 @@ components:
          minimum: 0
          description: Reputation cannot increase higher than this value. Zero or
            positive.
-        footer_links:
-          description: The option configures the footer links on the flow executor
-            pages.
+        footer_links: {}
        gdpr_compliance:
          type: boolean
          description: When enabled, all the events caused by a user will be deleted
--- a/uv.lock
+++ b/uv.lock
@ -319,7 +319,7 @@ requires-dist = [
    { name = "pyyaml", specifier = "==6.0.2" },
    { name = "requests-oauthlib", specifier = "==2.0.0" },
    { name = "scim2-filter-parser", specifier = "==0.7.0" },
-    { name = "sentry-sdk", specifier = "==2.30.0" },
+    { name = "sentry-sdk", specifier = "==2.31.0" },
    { name = "service-identity", specifier = "==24.2.0" },
    { name = "setproctitle", specifier = "==1.3.6" },
    { name = "structlog", specifier = "==25.4.0" },
@ -574,30 +574,30 @@ wheels = [

 [[package]]
 name = "boto3"
-version = "1.38.38"
+version = "1.38.43"
 source = { registry = "https://pypi.org/simple" }
 dependencies = [
    { name = "botocore" },
    { name = "jmespath" },
    { name = "s3transfer" },
 ]
-sdist = { url = "https://files.pythonhosted.org/packages/98/a1/f2b68cba5d1907e004f4d88a028eda35a4f619c1e81d764e5cf58491eb46/boto3-1.38.38.tar.gz", hash = "sha256:0fe6b7d1974851588ec1edd39c66d9525d539133e02c7f985f9ebec5e222c0db", size = 111847, upload-time = "2025-06-17T19:33:03.097Z" }
+sdist = { url = "https://files.pythonhosted.org/packages/90/96/c99c9dac902faae3896558809d130b1bf02df8abb6e4553ad87d018910f9/boto3-1.38.43.tar.gz", hash = "sha256:9b0ff0b34c9cf7328546c532c20b081f09055ff485f4d57c19146c36877048c5", size = 111845, upload-time = "2025-06-24T19:29:02.978Z" }
 wheels = [
-    { url = "https://files.pythonhosted.org/packages/e4/dc/43d4ab839b84876bdf7baeba0a3ffcef4c3d52d81f3ce1979b4195c0e213/boto3-1.38.38-py3-none-any.whl", hash = "sha256:6f4163cd9e030afd1059e8a6daa178835165b79eb0b5325a8cd447020b895921", size = 139934, upload-time = "2025-06-17T19:33:00.621Z" },
+    { url = "https://files.pythonhosted.org/packages/de/67/42355b452a5aa622205c321217cba61a85746f0d93984788116a43120821/boto3-1.38.43-py3-none-any.whl", hash = "sha256:2e3411bb43285caad1c8e1a3186d025ba65a6342e26bad493f6b8feb3d1a1680", size = 139922, upload-time = "2025-06-24T19:29:01.545Z" },
 ]

 [[package]]
 name = "botocore"
-version = "1.38.38"
+version = "1.38.43"
 source = { registry = "https://pypi.org/simple" }
 dependencies = [
    { name = "jmespath" },
    { name = "python-dateutil" },
    { name = "urllib3" },
 ]
-sdist = { url = "https://files.pythonhosted.org/packages/22/f5/d05258ac4ae68769a956779192bfbd322e571ef9fc17a27f02d35c026b4b/botocore-1.38.38.tar.gz", hash = "sha256:acf9ae5b2d99c1f416f94fa5b4f8c044ecb76ffcb7fb1b1daec583f36892a8e2", size = 14009715, upload-time = "2025-06-17T19:32:52.705Z" }
+sdist = { url = "https://files.pythonhosted.org/packages/1d/ff/8ace3f46fa1a32c09ee994b5401c7853613a283e134449fdc136bb753b40/botocore-1.38.43.tar.gz", hash = "sha256:c453c5c16c157c5427058bb3cc2c5ad35ee2e43336f0ccbfcc6092c5635505c6", size = 14044468, upload-time = "2025-06-24T19:28:52.803Z" }
 wheels = [
-    { url = "https://files.pythonhosted.org/packages/7b/c6/74f27ffe941dc1438b7fef620b402b982a9f9ab90a04ee47bd0314a02384/botocore-1.38.38-py3-none-any.whl", hash = "sha256:aa5cc63bf885819d862852edb647d6276fe423c60113e8db375bb7ad8d88a5d9", size = 13669107, upload-time = "2025-06-17T19:32:47.503Z" },
+    { url = "https://files.pythonhosted.org/packages/15/12/0ebcfb91738d0cf9560220ee4e0db351acab14026fac74bbce9ab3881fd9/botocore-1.38.43-py3-none-any.whl", hash = "sha256:2ee60ac0b08e80e9be2aa2841d42e438d5bc4f82549560a682837655097a3db7", size = 13706448, upload-time = "2025-06-24T19:28:47.877Z" },
 ]

 [[package]]
@ -777,14 +777,14 @@ wheels = [

 [[package]]
 name = "click-plugins"
-version = "1.1.1"
+version = "1.1.1.2"
 source = { registry = "https://pypi.org/simple" }
 dependencies = [
    { name = "click" },
 ]
-sdist = { url = "https://files.pythonhosted.org/packages/5f/1d/45434f64ed749540af821fd7e42b8e4d23ac04b1eda7c26613288d6cd8a8/click-plugins-1.1.1.tar.gz", hash = "sha256:46ab999744a9d831159c3411bb0c79346d94a444df9a3a3742e9ed63645f264b", size = 8164, upload-time = "2019-04-04T04:27:04.82Z" }
+sdist = { url = "https://files.pythonhosted.org/packages/c3/a4/34847b59150da33690a36da3681d6bbc2ec14ee9a846bc30a6746e5984e4/click_plugins-1.1.1.2.tar.gz", hash = "sha256:d7af3984a99d243c131aa1a828331e7630f4a88a9741fd05c927b204bcf92261", size = 8343, upload-time = "2025-06-25T00:47:37.555Z" }
 wheels = [
-    { url = "https://files.pythonhosted.org/packages/e9/da/824b92d9942f4e472702488857914bdd50f73021efea15b4cad9aca8ecef/click_plugins-1.1.1-py2.py3-none-any.whl", hash = "sha256:5d262006d3222f5057fd81e1623d4443e41dcda5dc815c06b442aa3c02889fc8", size = 7497, upload-time = "2019-04-04T04:27:03.36Z" },
+    { url = "https://files.pythonhosted.org/packages/3d/9a/2abecb28ae875e39c8cad711eb1186d8d14eab564705325e77e4e6ab9ae5/click_plugins-1.1.1.2-py2.py3-none-any.whl", hash = "sha256:008d65743833ffc1f5417bf0e78e8d2c23aab04d9745ba817bd3e71b0feb6aa6", size = 11051, upload-time = "2025-06-25T00:47:36.731Z" },
 ]

 [[package]]
@ -2088,47 +2088,43 @@ wheels = [

 [[package]]
 name = "multidict"
-version = "6.5.0"
+version = "6.5.1"
 source = { registry = "https://pypi.org/simple" }
-sdist = { url = "https://files.pythonhosted.org/packages/46/b5/59f27b4ce9951a4bce56b88ba5ff5159486797ab18863f2b4c1c5e8465bd/multidict-6.5.0.tar.gz", hash = "sha256:942bd8002492ba819426a8d7aefde3189c1b87099cdf18aaaefefcf7f3f7b6d2", size = 98512, upload-time = "2025-06-17T14:15:56.556Z" }
+sdist = { url = "https://files.pythonhosted.org/packages/5c/43/2d90c414d9efc4587d6e7cebae9f2c2d8001bcb4f89ed514ae837e9dcbe6/multidict-6.5.1.tar.gz", hash = "sha256:a835ea8103f4723915d7d621529c80ef48db48ae0c818afcabe0f95aa1febc3a", size = 98690, upload-time = "2025-06-24T22:16:05.117Z" }
 wheels = [
-    { url = "https://files.pythonhosted.org/packages/1a/c9/092c4e9402b6d16de761cff88cb842a5c8cc50ccecaf9c4481ba53264b9e/multidict-6.5.0-cp313-cp313-macosx_10_13_universal2.whl", hash = "sha256:53d92df1752df67a928fa7f884aa51edae6f1cf00eeb38cbcf318cf841c17456", size = 73486, upload-time = "2025-06-17T14:14:37.238Z" },
-    { url = "https://files.pythonhosted.org/packages/08/f9/6f7ddb8213f5fdf4db48d1d640b78e8aef89b63a5de8a2313286db709250/multidict-6.5.0-cp313-cp313-macosx_10_13_x86_64.whl", hash = "sha256:680210de2c38eef17ce46b8df8bf2c1ece489261a14a6e43c997d49843a27c99", size = 43745, upload-time = "2025-06-17T14:14:38.32Z" },
-    { url = "https://files.pythonhosted.org/packages/f3/a7/b9be0163bfeee3bb08a77a1705e24eb7e651d594ea554107fac8a1ca6a4d/multidict-6.5.0-cp313-cp313-macosx_11_0_arm64.whl", hash = "sha256:e279259bcb936732bfa1a8eec82b5d2352b3df69d2fa90d25808cfc403cee90a", size = 42135, upload-time = "2025-06-17T14:14:39.897Z" },
-    { url = "https://files.pythonhosted.org/packages/8e/30/93c8203f943a417bda3c573a34d5db0cf733afdfffb0ca78545c7716dbd8/multidict-6.5.0-cp313-cp313-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:d1c185fc1069781e3fc8b622c4331fb3b433979850392daa5efbb97f7f9959bb", size = 238585, upload-time = "2025-06-17T14:14:41.332Z" },
-    { url = "https://files.pythonhosted.org/packages/9d/fe/2582b56a1807604774f566eeef183b0d6b148f4b89d1612cd077567b2e1e/multidict-6.5.0-cp313-cp313-manylinux_2_17_armv7l.manylinux2014_armv7l.manylinux_2_31_armv7l.whl", hash = "sha256:6bb5f65ff91daf19ce97f48f63585e51595539a8a523258b34f7cef2ec7e0617", size = 236174, upload-time = "2025-06-17T14:14:42.602Z" },
-    { url = "https://files.pythonhosted.org/packages/9b/c4/d8b66d42d385bd4f974cbd1eaa8b265e6b8d297249009f312081d5ded5c7/multidict-6.5.0-cp313-cp313-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:d8646b4259450c59b9286db280dd57745897897284f6308edbdf437166d93855", size = 250145, upload-time = "2025-06-17T14:14:43.944Z" },
-    { url = "https://files.pythonhosted.org/packages/bc/64/62feda5093ee852426aae3df86fab079f8bf1cdbe403e1078c94672ad3ec/multidict-6.5.0-cp313-cp313-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:d245973d4ecc04eea0a8e5ebec7882cf515480036e1b48e65dffcfbdf86d00be", size = 243470, upload-time = "2025-06-17T14:14:45.343Z" },
-    { url = "https://files.pythonhosted.org/packages/67/dc/9f6fa6e854625cf289c0e9f4464b40212a01f76b2f3edfe89b6779b4fb93/multidict-6.5.0-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:a133e7ddc9bc7fb053733d0ff697ce78c7bf39b5aec4ac12857b6116324c8d75", size = 236968, upload-time = "2025-06-17T14:14:46.609Z" },
-    { url = "https://files.pythonhosted.org/packages/46/ae/4b81c6e3745faee81a156f3f87402315bdccf04236f75c03e37be19c94ff/multidict-6.5.0-cp313-cp313-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:80d696fa38d738fcebfd53eec4d2e3aeb86a67679fd5e53c325756682f152826", size = 236575, upload-time = "2025-06-17T14:14:47.929Z" },
-    { url = "https://files.pythonhosted.org/packages/8a/fa/4089d7642ea344226e1bfab60dd588761d4791754f8072e911836a39bedf/multidict-6.5.0-cp313-cp313-musllinux_1_2_aarch64.whl", hash = "sha256:20d30c9410ac3908abbaa52ee5967a754c62142043cf2ba091e39681bd51d21a", size = 247632, upload-time = "2025-06-17T14:14:49.525Z" },
-    { url = "https://files.pythonhosted.org/packages/16/ee/a353dac797de0f28fb7f078cc181c5f2eefe8dd16aa11a7100cbdc234037/multidict-6.5.0-cp313-cp313-musllinux_1_2_armv7l.whl", hash = "sha256:6c65068cc026f217e815fa519d8e959a7188e94ec163ffa029c94ca3ef9d4a73", size = 243520, upload-time = "2025-06-17T14:14:50.83Z" },
-    { url = "https://files.pythonhosted.org/packages/50/ec/560deb3d2d95822d6eb1bcb1f1cb728f8f0197ec25be7c936d5d6a5d133c/multidict-6.5.0-cp313-cp313-musllinux_1_2_i686.whl", hash = "sha256:e355ac668a8c3e49c2ca8daa4c92f0ad5b705d26da3d5af6f7d971e46c096da7", size = 248551, upload-time = "2025-06-17T14:14:52.229Z" },
-    { url = "https://files.pythonhosted.org/packages/10/85/ddf277e67c78205f6695f2a7639be459bca9cc353b962fd8085a492a262f/multidict-6.5.0-cp313-cp313-musllinux_1_2_ppc64le.whl", hash = "sha256:08db204213d0375a91a381cae0677ab95dd8c67a465eb370549daf6dbbf8ba10", size = 258362, upload-time = "2025-06-17T14:14:53.934Z" },
-    { url = "https://files.pythonhosted.org/packages/02/fc/d64ee1df9b87c5210f2d4c419cab07f28589c81b4e5711eda05a122d0614/multidict-6.5.0-cp313-cp313-musllinux_1_2_s390x.whl", hash = "sha256:ffa58e3e215af8f6536dc837a990e456129857bb6fd546b3991be470abd9597a", size = 253862, upload-time = "2025-06-17T14:14:55.323Z" },
-    { url = "https://files.pythonhosted.org/packages/c9/7c/a2743c00d9e25f4826d3a77cc13d4746398872cf21c843eef96bb9945665/multidict-6.5.0-cp313-cp313-musllinux_1_2_x86_64.whl", hash = "sha256:3e86eb90015c6f21658dbd257bb8e6aa18bdb365b92dd1fba27ec04e58cdc31b", size = 247391, upload-time = "2025-06-17T14:14:57.293Z" },
-    { url = "https://files.pythonhosted.org/packages/9b/03/7773518db74c442904dbd349074f1e7f2a854cee4d9529fc59e623d3949e/multidict-6.5.0-cp313-cp313-win32.whl", hash = "sha256:f34a90fbd9959d0f857323bd3c52b3e6011ed48f78d7d7b9e04980b8a41da3af", size = 41115, upload-time = "2025-06-17T14:14:59.33Z" },
-    { url = "https://files.pythonhosted.org/packages/eb/9a/6fc51b1dc11a7baa944bc101a92167d8b0f5929d376a8c65168fc0d35917/multidict-6.5.0-cp313-cp313-win_amd64.whl", hash = "sha256:fcb2aa79ac6aef8d5b709bbfc2fdb1d75210ba43038d70fbb595b35af470ce06", size = 44768, upload-time = "2025-06-17T14:15:00.427Z" },
-    { url = "https://files.pythonhosted.org/packages/82/2d/0d010be24b663b3c16e3d3307bbba2de5ae8eec496f6027d5c0515b371a8/multidict-6.5.0-cp313-cp313-win_arm64.whl", hash = "sha256:6dcee5e7e92060b4bb9bb6f01efcbb78c13d0e17d9bc6eec71660dd71dc7b0c2", size = 41770, upload-time = "2025-06-17T14:15:01.854Z" },
-    { url = "https://files.pythonhosted.org/packages/aa/d1/a71711a5f32f84b7b036e82182e3250b949a0ce70d51a2c6a4079e665449/multidict-6.5.0-cp313-cp313t-macosx_10_13_universal2.whl", hash = "sha256:cbbc88abea2388fde41dd574159dec2cda005cb61aa84950828610cb5010f21a", size = 80450, upload-time = "2025-06-17T14:15:02.968Z" },
-    { url = "https://files.pythonhosted.org/packages/0f/a2/953a9eede63a98fcec2c1a2c1a0d88de120056219931013b871884f51b43/multidict-6.5.0-cp313-cp313t-macosx_10_13_x86_64.whl", hash = "sha256:70b599f70ae6536e5976364d3c3cf36f40334708bd6cebdd1e2438395d5e7676", size = 46971, upload-time = "2025-06-17T14:15:04.149Z" },
-    { url = "https://files.pythonhosted.org/packages/44/61/60250212953459edda2c729e1d85130912f23c67bd4f585546fe4bdb1578/multidict-6.5.0-cp313-cp313t-macosx_11_0_arm64.whl", hash = "sha256:828bab777aa8d29d59700018178061854e3a47727e0611cb9bec579d3882de3b", size = 45548, upload-time = "2025-06-17T14:15:05.666Z" },
-    { url = "https://files.pythonhosted.org/packages/11/b6/e78ee82e96c495bc2582b303f68bed176b481c8d81a441fec07404fce2ca/multidict-6.5.0-cp313-cp313t-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:a9695fc1462f17b131c111cf0856a22ff154b0480f86f539d24b2778571ff94d", size = 238545, upload-time = "2025-06-17T14:15:06.88Z" },
-    { url = "https://files.pythonhosted.org/packages/5a/0f/6132ca06670c8d7b374c3a4fd1ba896fc37fbb66b0de903f61db7d1020ec/multidict-6.5.0-cp313-cp313t-manylinux_2_17_armv7l.manylinux2014_armv7l.manylinux_2_31_armv7l.whl", hash = "sha256:0b5ac6ebaf5d9814b15f399337ebc6d3a7f4ce9331edd404e76c49a01620b68d", size = 229931, upload-time = "2025-06-17T14:15:08.24Z" },
-    { url = "https://files.pythonhosted.org/packages/c0/63/d9957c506e6df6b3e7a194f0eea62955c12875e454b978f18262a65d017b/multidict-6.5.0-cp313-cp313t-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:84a51e3baa77ded07be4766a9e41d977987b97e49884d4c94f6d30ab6acaee14", size = 248181, upload-time = "2025-06-17T14:15:09.907Z" },
-    { url = "https://files.pythonhosted.org/packages/43/3f/7d5490579640db5999a948e2c41d4a0efd91a75989bda3e0a03a79c92be2/multidict-6.5.0-cp313-cp313t-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:8de67f79314d24179e9b1869ed15e88d6ba5452a73fc9891ac142e0ee018b5d6", size = 241846, upload-time = "2025-06-17T14:15:11.596Z" },
-    { url = "https://files.pythonhosted.org/packages/e1/f7/252b1ce949ece52bba4c0de7aa2e3a3d5964e800bce71fb778c2e6c66f7c/multidict-6.5.0-cp313-cp313t-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:17f78a52c214481d30550ec18208e287dfc4736f0c0148208334b105fd9e0887", size = 232893, upload-time = "2025-06-17T14:15:12.946Z" },
-    { url = "https://files.pythonhosted.org/packages/45/7e/0070bfd48c16afc26e056f2acce49e853c0d604a69c7124bc0bbdb1bcc0a/multidict-6.5.0-cp313-cp313t-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:2966d0099cb2e2039f9b0e73e7fd5eb9c85805681aa2a7f867f9d95b35356921", size = 228567, upload-time = "2025-06-17T14:15:14.267Z" },
-    { url = "https://files.pythonhosted.org/packages/2a/31/90551c75322113ebf5fd9c5422e8641d6952f6edaf6b6c07fdc49b1bebdd/multidict-6.5.0-cp313-cp313t-musllinux_1_2_aarch64.whl", hash = "sha256:86fb42ed5ed1971c642cc52acc82491af97567534a8e381a8d50c02169c4e684", size = 246188, upload-time = "2025-06-17T14:15:15.985Z" },
-    { url = "https://files.pythonhosted.org/packages/cc/e2/aa4b02a55e7767ff292871023817fe4db83668d514dab7ccbce25eaf7659/multidict-6.5.0-cp313-cp313t-musllinux_1_2_armv7l.whl", hash = "sha256:4e990cbcb6382f9eae4ec720bcac6a1351509e6fc4a5bb70e4984b27973934e6", size = 235178, upload-time = "2025-06-17T14:15:17.395Z" },
-    { url = "https://files.pythonhosted.org/packages/7d/5c/f67e726717c4b138b166be1700e2b56e06fbbcb84643d15f9a9d7335ff41/multidict-6.5.0-cp313-cp313t-musllinux_1_2_i686.whl", hash = "sha256:d99a59d64bb1f7f2117bec837d9e534c5aeb5dcedf4c2b16b9753ed28fdc20a3", size = 243422, upload-time = "2025-06-17T14:15:18.939Z" },
-    { url = "https://files.pythonhosted.org/packages/e5/1c/15fa318285e26a50aa3fa979bbcffb90f9b4d5ec58882d0590eda067d0da/multidict-6.5.0-cp313-cp313t-musllinux_1_2_ppc64le.whl", hash = "sha256:e8ef15cc97c9890212e1caf90f0d63f6560e1e101cf83aeaf63a57556689fb34", size = 254898, upload-time = "2025-06-17T14:15:20.31Z" },
-    { url = "https://files.pythonhosted.org/packages/ad/3d/d6c6d1c2e9b61ca80313912d30bb90d4179335405e421ef0a164eac2c0f9/multidict-6.5.0-cp313-cp313t-musllinux_1_2_s390x.whl", hash = "sha256:b8a09aec921b34bd8b9f842f0bcfd76c6a8c033dc5773511e15f2d517e7e1068", size = 247129, upload-time = "2025-06-17T14:15:21.665Z" },
-    { url = "https://files.pythonhosted.org/packages/29/15/1568258cf0090bfa78d44be66247cfdb16e27dfd935c8136a1e8632d3057/multidict-6.5.0-cp313-cp313t-musllinux_1_2_x86_64.whl", hash = "sha256:ff07b504c23b67f2044533244c230808a1258b3493aaf3ea2a0785f70b7be461", size = 243841, upload-time = "2025-06-17T14:15:23.38Z" },
-    { url = "https://files.pythonhosted.org/packages/65/57/64af5dbcfd61427056e840c8e520b502879d480f9632fbe210929fd87393/multidict-6.5.0-cp313-cp313t-win32.whl", hash = "sha256:9232a117341e7e979d210e41c04e18f1dc3a1d251268df6c818f5334301274e1", size = 46761, upload-time = "2025-06-17T14:15:24.733Z" },
-    { url = "https://files.pythonhosted.org/packages/26/a8/cac7f7d61e188ff44f28e46cb98f9cc21762e671c96e031f06c84a60556e/multidict-6.5.0-cp313-cp313t-win_amd64.whl", hash = "sha256:44cb5c53fb2d4cbcee70a768d796052b75d89b827643788a75ea68189f0980a1", size = 52112, upload-time = "2025-06-17T14:15:25.906Z" },
-    { url = "https://files.pythonhosted.org/packages/51/9f/076533feb1b5488d22936da98b9c217205cfbf9f56f7174e8c5c86d86fe6/multidict-6.5.0-cp313-cp313t-win_arm64.whl", hash = "sha256:51d33fafa82640c0217391d4ce895d32b7e84a832b8aee0dcc1b04d8981ec7f4", size = 44358, upload-time = "2025-06-17T14:15:27.117Z" },
-    { url = "https://files.pythonhosted.org/packages/44/d8/45e8fc9892a7386d074941429e033adb4640e59ff0780d96a8cf46fe788e/multidict-6.5.0-py3-none-any.whl", hash = "sha256:5634b35f225977605385f56153bd95a7133faffc0ffe12ad26e10517537e8dfc", size = 12181, upload-time = "2025-06-17T14:15:55.156Z" },
+    { url = "https://files.pythonhosted.org/packages/19/3f/c2e07031111d2513d260157933a8697ad52a935d8a2a2b8b7b317ddd9a96/multidict-6.5.1-cp313-cp313-macosx_10_13_universal2.whl", hash = "sha256:98011312f36d1e496f15454a95578d1212bc2ffc25650a8484752b06d304fd9b", size = 73588, upload-time = "2025-06-24T22:14:54.332Z" },
+    { url = "https://files.pythonhosted.org/packages/95/bb/f47aa21827202a9f889fd66de9a1db33d0e4bbaaa2567156e4efb3cc0e5e/multidict-6.5.1-cp313-cp313-macosx_10_13_x86_64.whl", hash = "sha256:bae589fb902b47bd94e6f539b34eefe55a1736099f616f614ec1544a43f95b05", size = 43756, upload-time = "2025-06-24T22:14:55.748Z" },
+    { url = "https://files.pythonhosted.org/packages/9f/ec/24549de092c9b0bc3167e0beb31a11be58e8595dbcfed2b7821795bb3923/multidict-6.5.1-cp313-cp313-macosx_11_0_arm64.whl", hash = "sha256:6eb3bf26cd94eb306e4bc776d0964cc67a7967e4ad9299309f0ff5beec3c62be", size = 42222, upload-time = "2025-06-24T22:14:57.418Z" },
+    { url = "https://files.pythonhosted.org/packages/13/45/54452027ebc0ba660667aab67ae11afb9aaba91f4b5d63cddef045279d94/multidict-6.5.1-cp313-cp313-manylinux2014_aarch64.manylinux_2_17_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:e5e1a5a99c72d1531501406fcc06b6bf699ebd079dacd6807bb43fc0ff260e5c", size = 253014, upload-time = "2025-06-24T22:14:58.738Z" },
+    { url = "https://files.pythonhosted.org/packages/97/3c/76e7b4c0ce3a8bb43efca679674fba421333fbc8429134072db80e13dcb8/multidict-6.5.1-cp313-cp313-manylinux2014_armv7l.manylinux_2_17_armv7l.manylinux_2_31_armv7l.whl", hash = "sha256:38755bcba18720cb2338bea23a5afcff234445ee75fa11518f6130e22f2ab970", size = 235939, upload-time = "2025-06-24T22:15:00.138Z" },
+    { url = "https://files.pythonhosted.org/packages/86/ce/48e3123a9af61ff2f60e3764b0b15cf4fca22b1299aac281252ac3a590d6/multidict-6.5.1-cp313-cp313-manylinux2014_ppc64le.manylinux_2_17_ppc64le.manylinux_2_28_ppc64le.whl", hash = "sha256:f42fef9bcba3c32fd4e4a23c5757fc807d218b249573aaffa8634879f95feb73", size = 262940, upload-time = "2025-06-24T22:15:01.52Z" },
+    { url = "https://files.pythonhosted.org/packages/b3/ab/bccd739faf87051b55df619a0967c8545b4d4a4b90258c5f564ab1752f15/multidict-6.5.1-cp313-cp313-manylinux2014_s390x.manylinux_2_17_s390x.manylinux_2_28_s390x.whl", hash = "sha256:071b962f4cc87469cda90c7cc1c077b76496878b39851d7417a3d994e27fe2c6", size = 260652, upload-time = "2025-06-24T22:15:02.988Z" },
+    { url = "https://files.pythonhosted.org/packages/9a/9c/01f654aad28a5d0d74f2678c1541ae15e711f99603fd84c780078205966e/multidict-6.5.1-cp313-cp313-manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:627ba4b7ce7c0115981f0fd91921f5d101dfb9972622178aeef84ccce1c2bbf3", size = 250011, upload-time = "2025-06-24T22:15:04.317Z" },
+    { url = "https://files.pythonhosted.org/packages/5c/bc/edf08906e1db7385c6bf36e4179957307f50c44a889493e9b251255be79c/multidict-6.5.1-cp313-cp313-musllinux_1_2_aarch64.whl", hash = "sha256:05dcaed3e5e54f0d0f99a39762b0195274b75016cbf246f600900305581cf1a2", size = 248242, upload-time = "2025-06-24T22:15:06.035Z" },
+    { url = "https://files.pythonhosted.org/packages/b7/c3/1ad054b88b889fda8b62ea9634ac7082567e8dc42b9b794a2c565ef102ab/multidict-6.5.1-cp313-cp313-musllinux_1_2_armv7l.whl", hash = "sha256:11f5ecf3e741a18c578d118ad257c5588ca33cc7c46d51c0487d7ae76f072c32", size = 244683, upload-time = "2025-06-24T22:15:07.731Z" },
+    { url = "https://files.pythonhosted.org/packages/57/63/119a76b2095e1bb765816175cafeac7b520f564691abef2572fb80f4f246/multidict-6.5.1-cp313-cp313-musllinux_1_2_ppc64le.whl", hash = "sha256:b948eb625411c20b15088fca862c51a39140b9cf7875b5fb47a72bb249fa2f42", size = 257626, upload-time = "2025-06-24T22:15:09.013Z" },
+    { url = "https://files.pythonhosted.org/packages/26/a9/b91a76af5ff49bd088ee76d11eb6134227f5ea50bcd5f6738443b2fe8e05/multidict-6.5.1-cp313-cp313-musllinux_1_2_s390x.whl", hash = "sha256:fc993a96dfc8300befd03d03df46efdb1d8d5a46911b014e956a4443035f470d", size = 251077, upload-time = "2025-06-24T22:15:10.366Z" },
+    { url = "https://files.pythonhosted.org/packages/2a/fe/b1dc57aaa4de9f5a27543e28bd1f8bff00a316888b7344b5d33258b14b0a/multidict-6.5.1-cp313-cp313-musllinux_1_2_x86_64.whl", hash = "sha256:ee2d333380f22d35a56c6461f4579cfe186e143cd0b010b9524ac027de2a34cd", size = 244715, upload-time = "2025-06-24T22:15:11.76Z" },
+    { url = "https://files.pythonhosted.org/packages/51/55/47a82690f71d0141eea49a623bbcc00a4d28770efc7cba8ead75602c9b90/multidict-6.5.1-cp313-cp313-win32.whl", hash = "sha256:5891e3327e6a426ddd443c87339b967c84feb8c022dd425e0c025fa0fcd71e68", size = 41156, upload-time = "2025-06-24T22:15:13.139Z" },
+    { url = "https://files.pythonhosted.org/packages/25/b3/43306e4d7d3a9898574d1dc156b9607540dad581b1d767c992030751b82d/multidict-6.5.1-cp313-cp313-win_amd64.whl", hash = "sha256:fcdaa72261bff25fad93e7cb9bd7112bd4bac209148e698e380426489d8ed8a9", size = 44933, upload-time = "2025-06-24T22:15:14.639Z" },
+    { url = "https://files.pythonhosted.org/packages/30/e2/34cb83c8a4e01b28e2abf30dc90178aa63c9db042be22fa02472cb744b86/multidict-6.5.1-cp313-cp313-win_arm64.whl", hash = "sha256:84292145303f354a35558e601c665cdf87059d87b12777417e2e57ba3eb98903", size = 41967, upload-time = "2025-06-24T22:15:15.856Z" },
+    { url = "https://files.pythonhosted.org/packages/64/08/17d2de9cf749ea9589ecfb7532ab4988e8b113b7624826dba6b7527a58f3/multidict-6.5.1-cp313-cp313t-macosx_10_13_universal2.whl", hash = "sha256:f8316e58db799a1972afbc46770dfaaf20b0847003ab80de6fcb9861194faa3f", size = 80513, upload-time = "2025-06-24T22:15:16.946Z" },
+    { url = "https://files.pythonhosted.org/packages/3e/b9/c9392465a21f7dff164633348b4cf66eef55c4ee48bdcdc00f0a71792779/multidict-6.5.1-cp313-cp313t-macosx_10_13_x86_64.whl", hash = "sha256:d3468f0db187aca59eb56e0aa9f7c8c5427bcb844ad1c86557b4886aeb4484d8", size = 46854, upload-time = "2025-06-24T22:15:18.116Z" },
+    { url = "https://files.pythonhosted.org/packages/2e/24/d79cbed5d0573304bc907dff0e5ad8788a4de891eec832809812b319930e/multidict-6.5.1-cp313-cp313t-macosx_11_0_arm64.whl", hash = "sha256:228533a5f99f1248cd79f6470779c424d63bc3e10d47c82511c65cc294458445", size = 45724, upload-time = "2025-06-24T22:15:19.241Z" },
+    { url = "https://files.pythonhosted.org/packages/ec/22/232be6c077183719c78131f0e3c3d7134eb2d839e6e50e1c1e69e5ef5965/multidict-6.5.1-cp313-cp313t-manylinux2014_aarch64.manylinux_2_17_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:527076fdf5854901b1246c589af9a8a18b4a308375acb0020b585f696a10c794", size = 251895, upload-time = "2025-06-24T22:15:20.564Z" },
+    { url = "https://files.pythonhosted.org/packages/57/80/85985e1441864b946e79538355b7b47f36206bf6bbaa2fa6d74d8232f2ab/multidict-6.5.1-cp313-cp313t-manylinux2014_armv7l.manylinux_2_17_armv7l.manylinux_2_31_armv7l.whl", hash = "sha256:9a17a17bad5c22f43e6a6b285dd9c16b1e8f8428202cd9bc22adaac68d0bbfed", size = 229357, upload-time = "2025-06-24T22:15:21.949Z" },
+    { url = "https://files.pythonhosted.org/packages/b1/14/0024d1428b05aedaeea211da232aa6b6ad5c556a8a38b0942df1e54e1fa5/multidict-6.5.1-cp313-cp313t-manylinux2014_ppc64le.manylinux_2_17_ppc64le.manylinux_2_28_ppc64le.whl", hash = "sha256:efd1951edab4a6cb65108d411867811f2b283f4b972337fb4269e40142f7f6a6", size = 259262, upload-time = "2025-06-24T22:15:23.455Z" },
+    { url = "https://files.pythonhosted.org/packages/b1/cc/3fe63d61ffc9a48d62f36249e228e330144d990ac01f61169b615a3be471/multidict-6.5.1-cp313-cp313t-manylinux2014_s390x.manylinux_2_17_s390x.manylinux_2_28_s390x.whl", hash = "sha256:c07d5f38b39acb4f8f61a7aa4166d140ed628245ff0441630df15340532e3b3c", size = 257998, upload-time = "2025-06-24T22:15:24.907Z" },
+    { url = "https://files.pythonhosted.org/packages/e8/e4/46b38b9a565ccc5d86f55787090670582d51ab0a0d37cfeaf4313b053f7b/multidict-6.5.1-cp313-cp313t-manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:8a6605dc74cd333be279e1fcb568ea24f7bdf1cf09f83a77360ce4dd32d67f14", size = 247951, upload-time = "2025-06-24T22:15:26.274Z" },
+    { url = "https://files.pythonhosted.org/packages/af/78/58a9bc0674401f1f26418cd58a5ebf35ce91ead76a22b578908acfe0f4e2/multidict-6.5.1-cp313-cp313t-musllinux_1_2_aarch64.whl", hash = "sha256:8d64e30ae9ba66ce303a567548a06d64455d97c5dff7052fe428d154274d7174", size = 246786, upload-time = "2025-06-24T22:15:27.695Z" },
+    { url = "https://files.pythonhosted.org/packages/66/24/51142ccee295992e22881cccc54b291308423bbcc836fcf4d2edef1a88d0/multidict-6.5.1-cp313-cp313t-musllinux_1_2_armv7l.whl", hash = "sha256:2fb5dde79a7f6d98ac5e26a4c9de77ccd2c5224a7ce89aeac6d99df7bbe06464", size = 235030, upload-time = "2025-06-24T22:15:29.391Z" },
+    { url = "https://files.pythonhosted.org/packages/4b/9a/a6f7b75460d3e35b16bf7745c9e3ebb3293324a4295e586563bf50d361f4/multidict-6.5.1-cp313-cp313t-musllinux_1_2_ppc64le.whl", hash = "sha256:8a0d22e8b07cf620e9aeb1582340d00f0031e6a1f3e39d9c2dcbefa8691443b4", size = 253964, upload-time = "2025-06-24T22:15:31.689Z" },
+    { url = "https://files.pythonhosted.org/packages/3d/f8/0b690674bf8f78604eb0a2b0a85d1380ff3003f270440d40def2a3de8cf4/multidict-6.5.1-cp313-cp313t-musllinux_1_2_s390x.whl", hash = "sha256:0120ed5cff2082c7a0ed62a8f80f4f6ac266010c722381816462f279bfa19487", size = 247370, upload-time = "2025-06-24T22:15:33.114Z" },
+    { url = "https://files.pythonhosted.org/packages/7f/7d/ca55049d1041c517f294c1755c786539cb7a8dc5033361f20ce3a3d817be/multidict-6.5.1-cp313-cp313t-musllinux_1_2_x86_64.whl", hash = "sha256:3dea06ba27401c4b54317aa04791182dc9295e7aa623732dd459071a0e0f65db", size = 242920, upload-time = "2025-06-24T22:15:34.669Z" },
+    { url = "https://files.pythonhosted.org/packages/1e/65/f4afa14f0921751864bb3ef80267f15ecae423483e8da9bc5d3757632bfa/multidict-6.5.1-cp313-cp313t-win32.whl", hash = "sha256:93b21be44f3cfee3be68ed5cd8848a3c0420d76dbd12d74f7776bde6b29e5f33", size = 46968, upload-time = "2025-06-24T22:15:36.023Z" },
+    { url = "https://files.pythonhosted.org/packages/00/0a/13d08be1ca1523df515fb4efd3cf10f153e62d533f55c53f543cd73041e8/multidict-6.5.1-cp313-cp313t-win_amd64.whl", hash = "sha256:c5c18f8646a520cc34d00f65f9f6f77782b8a8c59fd8de10713e0de7f470b5d0", size = 52353, upload-time = "2025-06-24T22:15:37.247Z" },
+    { url = "https://files.pythonhosted.org/packages/4b/dd/84aaf725b236677597a9570d8c1c99af0ba03712149852347969e014d826/multidict-6.5.1-cp313-cp313t-win_arm64.whl", hash = "sha256:eb27128141474a1d545f0531b496c7c2f1c4beff50cb5a828f36eb62fef16c67", size = 44500, upload-time = "2025-06-24T22:15:38.445Z" },
+    { url = "https://files.pythonhosted.org/packages/07/9f/d4719ce55a1d8bf6619e8bb92f1e2e7399026ea85ae0c324ec77ee06c050/multidict-6.5.1-py3-none-any.whl", hash = "sha256:895354f4a38f53a1df2cc3fa2223fa714cff2b079a9f018a76cad35e7f0f044c", size = 12185, upload-time = "2025-06-24T22:16:03.816Z" },
 ]

 [[package]]
@ -2151,11 +2147,11 @@ wheels = [

 [[package]]
 name = "oauthlib"
-version = "3.3.0"
+version = "3.3.1"
 source = { registry = "https://pypi.org/simple" }
-sdist = { url = "https://files.pythonhosted.org/packages/98/8a/6ea75ff7acf89f43afb157604429af4661a9840b1f2cece602b6a13c1893/oauthlib-3.3.0.tar.gz", hash = "sha256:4e707cf88d7dfc22a8cce22ca736a2eef9967c1dd3845efc0703fc922353eeb2", size = 190292, upload-time = "2025-06-17T23:19:18.309Z" }
+sdist = { url = "https://files.pythonhosted.org/packages/0b/5f/19930f824ffeb0ad4372da4812c50edbd1434f678c90c2733e1188edfc63/oauthlib-3.3.1.tar.gz", hash = "sha256:0f0f8aa759826a193cf66c12ea1af1637f87b9b4622d46e866952bb022e538c9", size = 185918, upload-time = "2025-06-19T22:48:08.269Z" }
 wheels = [
-    { url = "https://files.pythonhosted.org/packages/e1/3d/760b1456010ed11ce87c0109007f0166078dfdada7597f0091ae76eb7305/oauthlib-3.3.0-py3-none-any.whl", hash = "sha256:a2b3a0a2a4ec2feb4b9110f56674a39b2cc2f23e14713f4ed20441dfba14e934", size = 165155, upload-time = "2025-06-17T23:19:16.771Z" },
+    { url = "https://files.pythonhosted.org/packages/be/9c/92789c596b8df838baa98fa71844d84283302f7604ed565dafe5a6b5041a/oauthlib-3.3.1-py3-none-any.whl", hash = "sha256:88119c938d2b8fb88561af5f6ee0eec8cc8d552b7bb1f712743136eb7523b7a1", size = 160065, upload-time = "2025-06-19T22:48:06.508Z" },
 ]

 [[package]]
@ -2550,11 +2546,11 @@ wheels = [

 [[package]]
 name = "pygments"
-version = "2.19.1"
+version = "2.19.2"
 source = { registry = "https://pypi.org/simple" }
-sdist = { url = "https://files.pythonhosted.org/packages/7c/2d/c3338d48ea6cc0feb8446d8e6937e1408088a72a39937982cc6111d17f84/pygments-2.19.1.tar.gz", hash = "sha256:61c16d2a8576dc0649d9f39e089b5f02bcd27fba10d8fb4dcc28173f7a45151f", size = 4968581, upload-time = "2025-01-06T17:26:30.443Z" }
+sdist = { url = "https://files.pythonhosted.org/packages/b0/77/a5b8c569bf593b0140bde72ea885a803b82086995367bf2037de0159d924/pygments-2.19.2.tar.gz", hash = "sha256:636cb2477cec7f8952536970bc533bc43743542f70392ae026374600add5b887", size = 4968631, upload-time = "2025-06-21T13:39:12.283Z" }
 wheels = [
-    { url = "https://files.pythonhosted.org/packages/8a/0b/9fcc47d19c48b59121088dd6da2488a49d5f72dacf8262e2790a1d2c7d15/pygments-2.19.1-py3-none-any.whl", hash = "sha256:9ea1544ad55cecf4b8242fab6dd35a93bbce657034b0611ee383099054ab6d8c", size = 1225293, upload-time = "2025-01-06T17:26:25.553Z" },
+    { url = "https://files.pythonhosted.org/packages/c7/21/705964c7812476f378728bdf590ca4b771ec72385c533964653c68e86bdc/pygments-2.19.2-py3-none-any.whl", hash = "sha256:86540386c03d588bb81d44bc3928634ff26449851e99741617ecb9037ee5ec0b", size = 1225217, upload-time = "2025-06-21T13:39:07.939Z" },
 ]

 [[package]]
@ -2711,11 +2707,11 @@ wheels = [

 [[package]]
 name = "python-dotenv"
-version = "1.1.0"
+version = "1.1.1"
 source = { registry = "https://pypi.org/simple" }
-sdist = { url = "https://files.pythonhosted.org/packages/88/2c/7bb1416c5620485aa793f2de31d3df393d3686aa8a8506d11e10e13c5baf/python_dotenv-1.1.0.tar.gz", hash = "sha256:41f90bc6f5f177fb41f53e87666db362025010eb28f60a01c9143bfa33a2b2d5", size = 39920, upload-time = "2025-03-25T10:14:56.835Z" }
+sdist = { url = "https://files.pythonhosted.org/packages/f6/b0/4bc07ccd3572a2f9df7e6782f52b0c6c90dcbb803ac4a167702d7d0dfe1e/python_dotenv-1.1.1.tar.gz", hash = "sha256:a8a6399716257f45be6a007360200409fce5cda2661e3dec71d23dc15f6189ab", size = 41978, upload-time = "2025-06-24T04:21:07.341Z" }
 wheels = [
-    { url = "https://files.pythonhosted.org/packages/1e/18/98a99ad95133c6a6e2005fe89faedf294a748bd5dc803008059409ac9b1e/python_dotenv-1.1.0-py3-none-any.whl", hash = "sha256:d7c01d9e2293916c18baf562d95698754b0dbbb5e74d457c45d4f6561fb9d55d", size = 20256, upload-time = "2025-03-25T10:14:55.034Z" },
+    { url = "https://files.pythonhosted.org/packages/5f/ed/539768cf28c661b5b068d66d96a2f155c4971a5d55684a514c1a0e0dec2f/python_dotenv-1.1.1-py3-none-any.whl", hash = "sha256:31f23644fe2602f88ff55e1f5c79ba497e01224ee7737937930c448e4d0e24dc", size = 20556, upload-time = "2025-06-24T04:21:06.073Z" },
 ]

 [[package]]
@ -2964,15 +2960,15 @@ wheels = [

 [[package]]
 name = "sentry-sdk"
-version = "2.30.0"
+version = "2.31.0"
 source = { registry = "https://pypi.org/simple" }
 dependencies = [
    { name = "certifi" },
    { name = "urllib3" },
 ]
-sdist = { url = "https://files.pythonhosted.org/packages/04/4c/af31e0201b48469786ddeb1bf6fd3dfa3a291cc613a0fe6a60163a7535f9/sentry_sdk-2.30.0.tar.gz", hash = "sha256:436369b02afef7430efb10300a344fb61a11fe6db41c2b11f41ee037d2dd7f45", size = 326767, upload-time = "2025-06-12T10:34:34.733Z" }
+sdist = { url = "https://files.pythonhosted.org/packages/d0/45/c7ef7e12d8434fda8b61cdab432d8af64fb832480c93cdaf4bdcab7f5597/sentry_sdk-2.31.0.tar.gz", hash = "sha256:fed6d847f15105849cdf5dfdc64dcec356f936d41abb8c9d66adae45e60959ec", size = 334167, upload-time = "2025-06-24T16:36:26.066Z" }
 wheels = [
-    { url = "https://files.pythonhosted.org/packages/5a/99/31ac6faaae33ea698086692638f58d14f121162a8db0039e68e94135e7f1/sentry_sdk-2.30.0-py2.py3-none-any.whl", hash = "sha256:59391db1550662f746ea09b483806a631c3ae38d6340804a1a4c0605044f6877", size = 343149, upload-time = "2025-06-12T10:34:32.896Z" },
+    { url = "https://files.pythonhosted.org/packages/7d/a2/9b6d8cc59f03251c583b3fec9d2f075dc09c0f6e030e0e0a3b223c6e64b2/sentry_sdk-2.31.0-py2.py3-none-any.whl", hash = "sha256:e953f5ab083e6599bab255b75d6829b33b3ddf9931a27ca00b4ab0081287e84f", size = 355638, upload-time = "2025-06-24T16:36:24.306Z" },
 ]

 [[package]]
--- a/web/package-lock.json
+++ b/web/package-lock.json
@ -22,7 +22,7 @@
                "@floating-ui/dom": "^1.6.11",
                "@formatjs/intl-listformat": "^7.7.11",
                "@fortawesome/fontawesome-free": "^6.7.2",
-                "@goauthentik/api": "^2025.6.2-1750801939",
+                "@goauthentik/api": "^2025.6.2-1750856752",
                "@lit/context": "^1.1.2",
                "@lit/localize": "^0.12.2",
                "@lit/reactive-element": "^2.0.4",
@ -1731,9 +1731,9 @@
            }
        },
        "node_modules/@goauthentik/api": {
-            "version": "2025.6.2-1750801939",
-            "resolved": "https://registry.npmjs.org/@goauthentik/api/-/api-2025.6.2-1750801939.tgz",
-            "integrity": "sha512-3s0pE6enhLEWVMD+zClORktBhUAw1vO/lCG0ATqm6xqbTfqGxPYWj5XMzYuX7+a2axxn1BFE134afWmdzDhThw=="
+            "version": "2025.6.2-1750856752",
+            "resolved": "https://registry.npmjs.org/@goauthentik/api/-/api-2025.6.2-1750856752.tgz",
+            "integrity": "sha512-Zf/1wa5Q1CBbfc4EyJYc/JieTnMS9V0k4wGlK3ojC+kTDJhGjYdHPWpOGiAV9GJXQWHXfHLpA9bqPtBx/0ww7A=="
        },
        "node_modules/@goauthentik/core": {
            "resolved": "packages/core",
--- a/web/package.json
+++ b/web/package.json
@ -93,7 +93,7 @@
        "@floating-ui/dom": "^1.6.11",
        "@formatjs/intl-listformat": "^7.7.11",
        "@fortawesome/fontawesome-free": "^6.7.2",
-        "@goauthentik/api": "^2025.6.2-1750801939",
+        "@goauthentik/api": "^2025.6.2-1750856752",
        "@lit/context": "^1.1.2",
        "@lit/localize": "^0.12.2",
        "@lit/reactive-element": "^2.0.4",
--- a/web/src/admin/admin-overview/cards/RecentEventsCard.ts
+++ b/web/src/admin/admin-overview/cards/RecentEventsCard.ts
@ -1,4 +1,4 @@
-import { EventGeo, EventUser } from "@goauthentik/admin/events/utils";
+import { EventGeo, renderEventUser } from "@goauthentik/admin/events/utils";
 import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
 import { EventWithContext } from "@goauthentik/common/events";
 import { actionToLabel } from "@goauthentik/common/labels";
@ -73,7 +73,7 @@ export class RecentEventsCard extends Table<Event> {
        return [
            html`<div><a href="${`#/events/log/${item.pk}`}">${actionToLabel(item.action)}</a></div>
                <small>${item.app}</small>`,
-            EventUser(item),
+            renderEventUser(item),
            html`<div>${formatElapsedTime(item.created)}</div>
                <small>${item.created.toLocaleString()}</small>`,
            html` <div>${item.clientIp || msg("-")}</div>
--- a/web/src/admin/events/EventListPage.ts
+++ b/web/src/admin/events/EventListPage.ts
@ -3,7 +3,7 @@ import { WithLicenseSummary } from "#elements/mixins/license";
 import { updateURLParams } from "#elements/router/RouteMatch";
 import "@goauthentik/admin/events/EventMap";
 import "@goauthentik/admin/events/EventVolumeChart";
-import { EventGeo, EventUser } from "@goauthentik/admin/events/utils";
+import { EventGeo, renderEventUser } from "@goauthentik/admin/events/utils";
 import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
 import { EventWithContext } from "@goauthentik/common/events";
 import { actionToLabel } from "@goauthentik/common/labels";
@ -113,7 +113,7 @@ export class EventListPage extends WithLicenseSummary(TablePage<Event>) {
        return [
            html`<div>${actionToLabel(item.action)}</div>
                <small>${item.app}</small>`,
-            EventUser(item),
+            renderEventUser(item),
            html`<div>${formatElapsedTime(item.created)}</div>
                <small>${item.created.toLocaleString()}</small>`,
            html`<div>${item.clientIp || msg("-")}</div>
--- a/web/src/admin/events/EventMap.ts
+++ b/web/src/admin/events/EventMap.ts
@ -8,6 +8,7 @@ import OlMap from "@openlayers-elements/core/ol-map";
 import "@openlayers-elements/maps/ol-layer-openstreetmap";
 import "@openlayers-elements/maps/ol-select";
 import Feature from "ol/Feature";
+import { isEmpty } from "ol/extent";
 import { Point } from "ol/geom";
 import { fromLonLat } from "ol/proj";
 import Icon from "ol/style/Icon";
@ -92,7 +93,7 @@ export class EventMap extends AKElement {
        // Re-add them
        this.events?.results
            .filter((event) => {
-                if (!Object.hasOwn(event.context, "geo")) {
+                if (!Object.hasOwn(event.context || {}, "geo")) {
                    return false;
                }
                const geo = (event as EventWithContext).context.geo;
@ -124,6 +125,9 @@ export class EventMap extends AKElement {
                this.vectorLayer?.source?.addFeature(feature);
            });
        // Zoom to show points better
+        if (isEmpty(this.vectorLayer.source.getExtent())) {
+            return;
+        }
        this.map.map.getView().fit(this.vectorLayer.source.getExtent(), {
            padding: [
                this.zoomPaddingPx,
--- a/web/src/admin/events/EventViewPage.ts
+++ b/web/src/admin/events/EventViewPage.ts
@ -1,4 +1,4 @@
-import { EventGeo, EventUser } from "#admin/events/utils";
+import { EventGeo, renderEventUser } from "#admin/events/utils";
 import { DEFAULT_CONFIG } from "#common/api/config";
 import { EventWithContext } from "#common/events";
 import { actionToLabel } from "#common/labels";
@ -92,7 +92,7 @@ export class EventViewPage extends AKElement {
                                    </dt>
                                    <dd class="pf-c-description-list__description">
                                        <div class="pf-c-description-list__text">
-                                            ${EventUser(this.event)}
+                                            ${renderEventUser(this.event)}
                                        </div>
                                    </dd>
                                </div>
--- a/web/src/admin/events/utils.ts
+++ b/web/src/admin/events/utils.ts
@ -1,9 +1,9 @@
-import { EventWithContext } from "@goauthentik/common/events";
+import { EventUser, EventWithContext } from "@goauthentik/common/events";
 import { truncate } from "@goauthentik/common/utils";
 import { SlottedTemplateResult } from "@goauthentik/elements/types";

 import { msg, str } from "@lit/localize";
-import { html, nothing } from "lit";
+import { TemplateResult, html, nothing } from "lit";

 /**
 * Given event with a geographical context, format it into a string for display.
@ -18,31 +18,48 @@ export function EventGeo(event: EventWithContext): SlottedTemplateResult {
    return html`${parts.join(", ")}`;
 }

-export function EventUser(
+export function renderEventUser(
    event: EventWithContext,
    truncateUsername?: number,
 ): SlottedTemplateResult {
    if (!event.user.username) return html`-`;

-    let body: SlottedTemplateResult = nothing;
+    const linkOrSpan = (inner: TemplateResult, evu: EventUser) => {
+        return html`${evu.pk && !evu.is_anonymous
+            ? html`<a href="#/identity/users/${evu.pk}">${inner}</a>`
+            : html`<span>${inner}</span>`}`;
+    };

-    if (event.user.is_anonymous) {
-        body = html`<div>${msg("Anonymous user")}</div>`;
-    } else {
-        body = html`<div>
-            <a href="#/identity/users/${event.user.pk}"
-                >${truncateUsername
-                    ? truncate(event.user?.username, truncateUsername)
-                    : event.user?.username}</a
-            >
-        </div>`;
-    }
+    const renderUsername = (evu: EventUser) => {
+        let username = evu.username;
+        if (evu.is_anonymous) {
+            username = msg("Anonymous user");
+        }
+        if (truncateUsername) {
+            return truncate(username, truncateUsername);
+        }
+        return username;
+    };
+
+    let body: SlottedTemplateResult = nothing;
+    body = html`<div>${linkOrSpan(html`${renderUsername(event.user)}`, event.user)}</div>`;

    if (event.user.on_behalf_of) {
        return html`${body}<small>
-                <a href="#/identity/users/${event.user.on_behalf_of.pk}"
-                    >${msg(str`On behalf of ${event.user.on_behalf_of.username}`)}</a
-                >
+                ${linkOrSpan(
+                    html`${msg(str`On behalf of ${renderUsername(event.user.on_behalf_of)}`)}`,
+                    event.user.on_behalf_of,
+                )}
+            </small>`;
+    }
+    if (event.user.authenticated_as) {
+        return html`${body}<small>
+                ${linkOrSpan(
+                    html`${msg(
+                        str`Authenticated as ${renderUsername(event.user.authenticated_as)}`,
+                    )}`,
+                    event.user.authenticated_as,
+                )}
            </small>`;
    }

--- a/web/src/common/events.ts
+++ b/web/src/common/events.ts
@ -4,8 +4,9 @@ export interface EventUser {
    pk: number;
    email?: string;
    username: string;
-    on_behalf_of?: EventUser;
    is_anonymous?: boolean;
+    on_behalf_of?: EventUser;
+    authenticated_as?: EventUser;
 }

 export interface EventGeo {
--- a/web/src/components/events/ObjectChangelog.ts
+++ b/web/src/components/events/ObjectChangelog.ts
@ -1,4 +1,4 @@
-import { EventGeo, EventUser } from "@goauthentik/admin/events/utils";
+import { EventGeo, renderEventUser } from "@goauthentik/admin/events/utils";
 import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
 import { EventWithContext } from "@goauthentik/common/events";
 import { actionToLabel } from "@goauthentik/common/labels";
@ -72,7 +72,7 @@ export class ObjectChangelog extends Table<Event> {
    row(item: EventWithContext): SlottedTemplateResult[] {
        return [
            html`${actionToLabel(item.action)}`,
-            EventUser(item),
+            renderEventUser(item),
            html`<div>${formatElapsedTime(item.created)}</div>
                <small>${item.created.toLocaleString()}</small>`,
            html`<div>${item.clientIp || msg("-")}</div>
--- a/web/src/components/events/UserEvents.ts
+++ b/web/src/components/events/UserEvents.ts
@ -1,4 +1,4 @@
-import { EventUser } from "@goauthentik/admin/events/utils";
+import { renderEventUser } from "@goauthentik/admin/events/utils";
 import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
 import { EventWithContext } from "@goauthentik/common/events";
 import { actionToLabel } from "@goauthentik/common/labels";
@ -46,7 +46,7 @@ export class UserEvents extends Table<Event> {
    row(item: EventWithContext): SlottedTemplateResult[] {
        return [
            html`${actionToLabel(item.action)}`,
-            EventUser(item),
+            renderEventUser(item),
            html`<div>${formatElapsedTime(item.created)}</div>
                <small>${item.created.toLocaleString()}</small>`,
            html`<span>${item.clientIp || msg("-")}</span>`,
--- a/web/xliff/de.xlf
+++ b/web/xliff/de.xlf
@ -8751,9 +8751,6 @@ Bindings to groups/users are checked against the user of the event.</source>
 <trans-unit id="s05849efeac672dc7">
  <source>No app entitlements created.</source>
 </trans-unit>
-<trans-unit id="sdc8a8f29af6aa411">
-  <source>This application does currently not have any application entitlement defined.</source>
-</trans-unit>
 <trans-unit id="sf0bd204ce3fea1de">
  <source>Create Entitlement</source>
 </trans-unit>
@ -9256,6 +9253,9 @@ Bindings to groups/users are checked against the user of the event.</source>
 </trans-unit>
 <trans-unit id="s8495753cb15e8d8e">
  <source>Maximum allowed registration attempts. When set to 0 attempts, attempts are not limited.</source>
+</trans-unit>
+<trans-unit id="sab4db6a3bd6abc1e">
+  <source>This application does currently not have any application entitlements defined.</source>
 </trans-unit>
    </body>
  </file>
--- a/web/xliff/en.xlf
+++ b/web/xliff/en.xlf
@ -7263,9 +7263,6 @@ Bindings to groups/users are checked against the user of the event.</source>
 <trans-unit id="s05849efeac672dc7">
  <source>No app entitlements created.</source>
 </trans-unit>
-<trans-unit id="sdc8a8f29af6aa411">
-  <source>This application does currently not have any application entitlement defined.</source>
-</trans-unit>
 <trans-unit id="sf0bd204ce3fea1de">
  <source>Create Entitlement</source>
 </trans-unit>
@ -7766,6 +7763,9 @@ Bindings to groups/users are checked against the user of the event.</source>
 </trans-unit>
 <trans-unit id="s8495753cb15e8d8e">
  <source>Maximum allowed registration attempts. When set to 0 attempts, attempts are not limited.</source>
+</trans-unit>
+<trans-unit id="sab4db6a3bd6abc1e">
+  <source>This application does currently not have any application entitlements defined.</source>
 </trans-unit>
    </body>
  </file>
--- a/web/xliff/es.xlf
+++ b/web/xliff/es.xlf
@ -8814,9 +8814,6 @@ Las vinculaciones a grupos o usuarios se comparan con el usuario del evento.</ta
 <trans-unit id="s05849efeac672dc7">
  <source>No app entitlements created.</source>
 </trans-unit>
-<trans-unit id="sdc8a8f29af6aa411">
-  <source>This application does currently not have any application entitlement defined.</source>
-</trans-unit>
 <trans-unit id="sf0bd204ce3fea1de">
  <source>Create Entitlement</source>
 </trans-unit>
@ -9317,6 +9314,9 @@ Las vinculaciones a grupos o usuarios se comparan con el usuario del evento.</ta
 </trans-unit>
 <trans-unit id="s8495753cb15e8d8e">
  <source>Maximum allowed registration attempts. When set to 0 attempts, attempts are not limited.</source>
+</trans-unit>
+<trans-unit id="sab4db6a3bd6abc1e">
+  <source>This application does currently not have any application entitlements defined.</source>
 </trans-unit>
    </body>
  </file>
--- a/web/xliff/fr.xlf
+++ b/web/xliff/fr.xlf
@ -9231,10 +9231,6 @@ Les liaisons avec les groupes/utilisateurs sont vérifiées par rapport à l'uti
  <source>No app entitlements created.</source>
  <target>Aucun droit applicatif créé.</target>
 </trans-unit>
-<trans-unit id="sdc8a8f29af6aa411">
-  <source>This application does currently not have any application entitlement defined.</source>
-  <target>Cette application n'a actuellement pas de droit applicatif défini.</target>
-</trans-unit>
 <trans-unit id="sf0bd204ce3fea1de">
  <source>Create Entitlement</source>
  <target>Créer un droit</target>
@ -9885,6 +9881,9 @@ Les liaisons avec les groupes/utilisateurs sont vérifiées par rapport à l'uti
 </trans-unit>
 <trans-unit id="s8495753cb15e8d8e">
  <source>Maximum allowed registration attempts. When set to 0 attempts, attempts are not limited.</source>
+</trans-unit>
+<trans-unit id="sab4db6a3bd6abc1e">
+  <source>This application does currently not have any application entitlements defined.</source>
 </trans-unit>
    </body>
  </file>
--- a/web/xliff/it.xlf
+++ b/web/xliff/it.xlf
@ -1,4 +1,4 @@
-<?xml version="1.0" ?><xliff xmlns="urn:oasis:names:tc:xliff:document:1.2" version="1.2">
+<?xml version="1.0"?><xliff xmlns="urn:oasis:names:tc:xliff:document:1.2" version="1.2">
  <file target-language="it" source-language="en" original="lit-localize-inputs" datatype="plaintext">
    <body>
      <trans-unit id="s4caed5b7a7e5d89b">
@ -596,9 +596,9 @@
        
      </trans-unit>
      <trans-unit id="saa0e2675da69651b">
-        <source>The URL &quot;<x id="0" equiv-text="${this.url}"/>&quot; was not found.</source>
-        <target>La URL &quot;
-        <x id="0" equiv-text="${this.url}"/>&quot; non è stata trovata.</target>
+        <source>The URL "<x id="0" equiv-text="${this.url}"/>" was not found.</source>
+        <target>La URL "
+        <x id="0" equiv-text="${this.url}"/>" non è stata trovata.</target>
        
      </trans-unit>
      <trans-unit id="s58cd9c2fe836d9c6">
@ -1100,7 +1100,7 @@
      </trans-unit>
      <trans-unit id="sde949d0ef44572eb">
        <source>Requires the user to have a 'upn' attribute set, and falls back to hashed user ID. Use this mode only if you have different UPN and Mail domains.</source>
-        <target>Richiede che l'utente abbia un attributo &quot;upn&quot; impostato e ricorre all'ID utente con hash. Utilizza questa modalità solo se disponi di domini UPN e di posta diversi.</target>
+        <target>Richiede che l'utente abbia un attributo "upn" impostato e ricorre all'ID utente con hash. Utilizza questa modalità solo se disponi di domini UPN e di posta diversi.</target>
        
      </trans-unit>
      <trans-unit id="s9f23ed1799b4d49a">
@ -1260,7 +1260,7 @@
      </trans-unit>
      <trans-unit id="s211b75e868072162">
        <source>Set this to the domain you wish the authentication to be valid for. Must be a parent domain of the URL above. If you're running applications as app1.domain.tld, app2.domain.tld, set this to 'domain.tld'.</source>
-        <target>Impostalo sul dominio per il quale desideri che l'autenticazione sia valida. Deve essere un dominio principale dell'URL riportato sopra. Se esegui applicazioni come app1.domain.tld, app2.domain.tld, impostalo su &quot;domain.tld&quot;.</target>
+        <target>Impostalo sul dominio per il quale desideri che l'autenticazione sia valida. Deve essere un dominio principale dell'URL riportato sopra. Se esegui applicazioni come app1.domain.tld, app2.domain.tld, impostalo su "domain.tld".</target>
        
      </trans-unit>
      <trans-unit id="s2345170f7e272668">
@ -1709,8 +1709,8 @@
        
      </trans-unit>
      <trans-unit id="sa90b7809586c35ce">
-        <source>Either input a full URL, a relative path, or use 'fa://fa-test' to use the Font Awesome icon &quot;fa-test&quot;.</source>
-        <target>Inserisci un URL completo, un percorso relativo oppure utilizza &quot;fa://fa-test&quot; per utilizzare l'icona &quot;fa-test&quot; di Font Awesome.</target>
+        <source>Either input a full URL, a relative path, or use 'fa://fa-test' to use the Font Awesome icon "fa-test".</source>
+        <target>Inserisci un URL completo, un percorso relativo oppure utilizza "fa://fa-test" per utilizzare l'icona "fa-test" di Font Awesome.</target>
        
      </trans-unit>
      <trans-unit id="s0410779cb47de312">
@ -3134,7 +3134,7 @@ doesn't pass when either or both of the selected options are equal or above the
      </trans-unit>
      <trans-unit id="s3198c384c2f68b08">
        <source>Time offset when temporary users should be deleted. This only applies if your IDP uses the NameID Format 'transient', and the user doesn't log out manually.</source>
-        <target>Tempo da attendere quando gli utenti temporanei devono essere eliminati. Questo vale solo se l'IDP utilizza il formato NameID &quot;Transient&quot; e l'utente non si disconnette manualmente.</target>
+        <target>Tempo da attendere quando gli utenti temporanei devono essere eliminati. Questo vale solo se l'IDP utilizza il formato NameID "Transient" e l'utente non si disconnette manualmente.</target>
        
      </trans-unit>
      <trans-unit id="sb32e9c1faa0b8673">
@ -3276,7 +3276,7 @@ doesn't pass when either or both of the selected options are equal or above the
      </trans-unit>
      <trans-unit id="s9f8aac89fe318acc">
        <source>Optionally set the 'FriendlyName' value of the Assertion attribute.</source>
-        <target>Opzionale: imposta il valore &quot;friendlyname&quot; dell'attributo di asserzione.</target>
+        <target>Opzionale: imposta il valore "friendlyname" dell'attributo di asserzione.</target>
        
      </trans-unit>
      <trans-unit id="s851c108679653d2a">
@ -3757,10 +3757,10 @@ doesn't pass when either or both of the selected options are equal or above the
        
      </trans-unit>
      <trans-unit id="sa95a538bfbb86111">
-        <source>Are you sure you want to update <x id="0" equiv-text="${this.objectLabel}"/> &quot;<x id="1" equiv-text="${this.obj?.name}"/>&quot;?</source>
+        <source>Are you sure you want to update <x id="0" equiv-text="${this.objectLabel}"/> "<x id="1" equiv-text="${this.obj?.name}"/>"?</source>
        <target>Sei sicuro di voler aggiornare
-        <x id="0" equiv-text="${this.objectLabel}"/>&quot;
-        <x id="1" equiv-text="${this.obj?.name}"/>&quot;?</target>
+        <x id="0" equiv-text="${this.objectLabel}"/>"
+        <x id="1" equiv-text="${this.obj?.name}"/>"?</target>
        
      </trans-unit>
      <trans-unit id="sc92d7cfb6ee1fec6">
@ -4133,7 +4133,7 @@ doesn't pass when either or both of the selected options are equal or above the
      </trans-unit>
      <trans-unit id="s7520286c8419a266">
        <source>Optional data which is loaded into the flow's 'prompt_data' context variable. YAML or JSON.</source>
-        <target>Dati facoltativi che vengono caricati nella variabile di contesto &quot;prompt_data&quot; del flusso. YAML o JSON.</target>
+        <target>Dati facoltativi che vengono caricati nella variabile di contesto "prompt_data" del flusso. YAML o JSON.</target>
        
      </trans-unit>
      <trans-unit id="sb8795b799c70776a">
@ -4826,8 +4826,8 @@ doesn't pass when either or both of the selected options are equal or above the
        
      </trans-unit>
      <trans-unit id="sdf1d8edef27236f0">
-        <source>A &quot;roaming&quot; authenticator, like a YubiKey</source>
-        <target>Un autenticatore &quot;roaming&quot;, come un YubiKey</target>
+        <source>A "roaming" authenticator, like a YubiKey</source>
+        <target>Un autenticatore "roaming", come un YubiKey</target>
        
      </trans-unit>
      <trans-unit id="sfffba7b23d8fb40c">
@ -5132,7 +5132,7 @@ doesn't pass when either or both of the selected options are equal or above the
      </trans-unit>
      <trans-unit id="s5170f9ef331949c0">
        <source>Show arbitrary input fields to the user, for example during enrollment. Data is saved in the flow context under the 'prompt_data' variable.</source>
-        <target>Mostra campi di input arbitrari all'utente, ad esempio durante l'iscrizione. I dati vengono salvati nel contesto di flusso nell'ambito della variabile &quot;prompt_data&quot;.</target>
+        <target>Mostra campi di input arbitrari all'utente, ad esempio durante l'iscrizione. I dati vengono salvati nel contesto di flusso nell'ambito della variabile "prompt_data".</target>
        
      </trans-unit>
      <trans-unit id="s36cb242ac90353bc">
@ -5185,8 +5185,8 @@ doesn't pass when either or both of the selected options are equal or above the
        
      </trans-unit>
      <trans-unit id="s1608b2f94fa0dbd4">
-        <source>If set to a duration above 0, the user will have the option to choose to &quot;stay signed in&quot;, which will extend their session by the time specified here.</source>
-        <target>Se impostato su una durata superiore a 0, l'utente avrà la possibilità di scegliere di &quot;rimanere firmato&quot;, che estenderà la sessione entro il momento specificato qui.</target>
+        <source>If set to a duration above 0, the user will have the option to choose to "stay signed in", which will extend their session by the time specified here.</source>
+        <target>Se impostato su una durata superiore a 0, l'utente avrà la possibilità di scegliere di "rimanere firmato", che estenderà la sessione entro il momento specificato qui.</target>
        
      </trans-unit>
      <trans-unit id="s542a71bb8f41e057">
@ -5207,7 +5207,7 @@ doesn't pass when either or both of the selected options are equal or above the
      <trans-unit id="s927398c400970760">
        <source>Write any data from the flow's context's 'prompt_data' to the currently pending user. If no user
        is pending, a new user is created, and data is written to them.</source>
-        <target>Scrivi qualsiasi dati dal contesto del flusso &quot;prompt_data&quot; all'utente attualmente in sospeso. Se nessun utente
+        <target>Scrivi qualsiasi dati dal contesto del flusso "prompt_data" all'utente attualmente in sospeso. Se nessun utente
 è in sospeso, viene creato un nuovo utente e vengono scritti dati.</target>
      </trans-unit>
      <trans-unit id="sb379d861cbed0b47">
@ -7336,7 +7336,7 @@ Bindings to groups/users are checked against the user of the event.</source>
 </trans-unit>
 <trans-unit id="s070fdfb03034ca9b">
  <source>One hint, 'New Application Wizard', is currently hidden</source>
-  <target>Un suggerimento, &quot;New Application Wizard&quot;, è attualmente nascosto</target>
+  <target>Un suggerimento, "New Application Wizard", è attualmente nascosto</target>
 </trans-unit>
 <trans-unit id="s1cc306d8e28c4464">
  <source>Deny message</source>
@ -7451,7 +7451,7 @@ Bindings to groups/users are checked against the user of the event.</source>
  <target>Utente creato con successo e aggiunto al gruppo <x id="0" equiv-text="${this.group.name}"/></target>
 </trans-unit>
 <trans-unit id="s824e0943a7104668">
-  <source>This user will be added to the group &quot;<x id="0" equiv-text="${this.targetGroup.name}"/>&quot;.</source>
+  <source>This user will be added to the group "<x id="0" equiv-text="${this.targetGroup.name}"/>".</source>
  <target>Questo utente sarà aggiunto al gruppo &amp;quot;<x id="0" equiv-text="${this.targetGroup.name}"/>&amp;quot;.</target>
 </trans-unit>
 <trans-unit id="s62e7f6ed7d9cb3ca">
@ -8598,7 +8598,7 @@ Bindings to groups/users are checked against the user of the event.</source>
 </trans-unit>
 <trans-unit id="s9dda0789d278f5c5">
  <source>Provide users with a 'show password' button.</source>
-  <target>Fornisci agli utenti un pulsante &quot;Mostra password&quot;.</target>
+  <target>Fornisci agli utenti un pulsante "Mostra password".</target>
 </trans-unit>
 <trans-unit id="s2f7f35f6a5b733f5">
  <source>Show password</source>
@ -8733,7 +8733,7 @@ Bindings to groups/users are checked against the user of the event.</source>
  <target>Gruppo di sincronizzazione</target>
 </trans-unit>
 <trans-unit id="s2d5f69929bb7221d">
-  <source><x id="0" equiv-text="${p.name}"/> (&quot;<x id="1" equiv-text="${p.fieldKey}"/>&quot;, of type <x id="2" equiv-text="${p.type}"/>)</source>
+  <source><x id="0" equiv-text="${p.name}"/> ("<x id="1" equiv-text="${p.fieldKey}"/>", of type <x id="2" equiv-text="${p.type}"/>)</source>
  <target><x id="0" equiv-text="${p.name}"/> (&amp;quot;<x id="1" equiv-text="${p.fieldKey}"/>&amp;quot;, del tipo <x id="2" equiv-text="${p.type}"/>)</target>
 </trans-unit>
 <trans-unit id="s25bacc19d98b444e">
@ -8981,8 +8981,8 @@ Bindings to groups/users are checked against the user of the event.</source>
  <target>URI di reindirizzamento validi dopo un flusso di autorizzazione riuscito. Specificare anche eventuali origini per i flussi impliciti.</target>
 </trans-unit>
 <trans-unit id="s4c49d27de60a532b">
-  <source>To allow any redirect URI, set the mode to Regex and the value to &quot;.*&quot;. Be aware of the possible security implications this can have.</source>
-  <target>Per consentire qualsiasi URI di reindirizzamento, imposta la modalità su Regex e il valore su &quot;.*&quot;. Tieni presente le possibili implicazioni per la sicurezza.</target>
+  <source>To allow any redirect URI, set the mode to Regex and the value to ".*". Be aware of the possible security implications this can have.</source>
+  <target>Per consentire qualsiasi URI di reindirizzamento, imposta la modalità su Regex e il valore su ".*". Tieni presente le possibili implicazioni per la sicurezza.</target>
 </trans-unit>
 <trans-unit id="sa52bf79fe1ccb13e">
  <source>Federated OIDC Sources</source>
@ -9232,10 +9232,6 @@ Bindings to groups/users are checked against the user of the event.</source>
  <source>No app entitlements created.</source>
  <target>Non sono stati creati entitlements per l'app.</target>
 </trans-unit>
-<trans-unit id="sdc8a8f29af6aa411">
-  <source>This application does currently not have any application entitlement defined.</source>
-  <target>Al momento, per questa applicazione non è definito alcun entitlement applicativo.</target>
-</trans-unit>
 <trans-unit id="sf0bd204ce3fea1de">
  <source>Create Entitlement</source>
  <target>Crea Privilegio</target>
@ -9652,7 +9648,7 @@ Bindings to groups/users are checked against the user of the event.</source>
 </trans-unit>
 <trans-unit id="s17359123e1f24504">
  <source>Field which contains DNs of groups the user is a member of. This field is used to lookup groups from users, e.g. 'memberOf'. To lookup nested groups in an Active Directory environment use 'memberOf:1.2.840.113556.1.4.1941:'.</source>
-  <target>Campo che contiene i ND dei gruppi di cui l'utente è membro. Questo campo viene utilizzato per cercare i gruppi degli utenti, ad esempio &quot;memberOf&quot;. Per cercare gruppi nidificati in un ambiente Active Directory, utilizzare &quot;memberOf:1.2.840.113556.1.4.1941:&quot;.</target>
+  <target>Campo che contiene i ND dei gruppi di cui l'utente è membro. Questo campo viene utilizzato per cercare i gruppi degli utenti, ad esempio "memberOf". Per cercare gruppi nidificati in un ambiente Active Directory, utilizzare "memberOf:1.2.840.113556.1.4.1941:".</target>
 </trans-unit>
 <trans-unit id="s891cd64acabf23bf">
  <source>Initial Permissions</source>
@ -9735,8 +9731,8 @@ Bindings to groups/users are checked against the user of the event.</source>
  <target>Come eseguire l'autenticazione durante un flusso di richiesta del token authorization_code</target>
 </trans-unit>
 <trans-unit id="s844baf19a6c4a9b4">
-  <source>Enable &quot;Remember me on this device&quot;</source>
-  <target>Abilita &quot;Ricordami su questo dispositivo&quot;</target>
+  <source>Enable "Remember me on this device"</source>
+  <target>Abilita "Ricordami su questo dispositivo"</target>
 </trans-unit>
 <trans-unit id="sfa72bca733f40692">
  <source>When enabled, the user can save their username in a cookie, allowing them to skip directly to entering their password.</source>
@ -9888,7 +9884,7 @@ Bindings to groups/users are checked against the user of the event.</source>
 </trans-unit>
 <trans-unit id="se630f2ccd39bf9e6">
  <source>If no group is selected and 'Send notification to event user' is disabled the rule is disabled. </source>
-  <target>Se non viene selezionato alcun gruppo e l'opzione &quot;Invia notifica all'utente dell'evento&quot; è disabilitata, la regola è disabilitata.</target>
+  <target>Se non viene selezionato alcun gruppo e l'opzione "Invia notifica all'utente dell'evento" è disabilitata, la regola è disabilitata.</target>
 </trans-unit>
 <trans-unit id="s47966b2a708694e2">
  <source>Send notification to event user</source>
@ -9896,7 +9892,7 @@ Bindings to groups/users are checked against the user of the event.</source>
 </trans-unit>
 <trans-unit id="sd30f00ff2135589c">
  <source>When enabled, notification will be sent to the user that triggered the event in addition to any users in the group above. The event user will always be the first user, to send a notification only to the event user enabled 'Send once' in the notification transport.</source>
-  <target>Se abilitata, la notifica verrà inviata all'utente che ha attivato l'evento, oltre a tutti gli utenti del gruppo sopra indicato. L'utente dell'evento sarà sempre il primo a inviare una notifica solo all'utente dell'evento che ha abilitato &quot;Invia una volta&quot; nel trasporto delle notifiche.</target>
+  <target>Se abilitata, la notifica verrà inviata all'utente che ha attivato l'evento, oltre a tutti gli utenti del gruppo sopra indicato. L'utente dell'evento sarà sempre il primo a inviare una notifica solo all'utente dell'evento che ha abilitato "Invia una volta" nel trasporto delle notifiche.</target>
 </trans-unit>
 <trans-unit id="sbd65aeeb8a3b9bbc">
  <source>Maximum registration attempts</source>
@ -9905,7 +9901,10 @@ Bindings to groups/users are checked against the user of the event.</source>
 <trans-unit id="s8495753cb15e8d8e">
  <source>Maximum allowed registration attempts. When set to 0 attempts, attempts are not limited.</source>
  <target>Numero massimo di tentativi di registrazione consentiti. Se impostato su 0 tentativi, i tentativi non sono limitati.</target>
+</trans-unit>
+<trans-unit id="sab4db6a3bd6abc1e">
+  <source>This application does currently not have any application entitlements defined.</source>
 </trans-unit>
    </body>
  </file>
-</xliff>
+</xliff>
--- a/web/xliff/ko.xlf
+++ b/web/xliff/ko.xlf
@ -8721,9 +8721,6 @@ Bindings to groups/users are checked against the user of the event.</source>
 <trans-unit id="s05849efeac672dc7">
  <source>No app entitlements created.</source>
 </trans-unit>
-<trans-unit id="sdc8a8f29af6aa411">
-  <source>This application does currently not have any application entitlement defined.</source>
-</trans-unit>
 <trans-unit id="sf0bd204ce3fea1de">
  <source>Create Entitlement</source>
 </trans-unit>
@ -9224,6 +9221,9 @@ Bindings to groups/users are checked against the user of the event.</source>
 </trans-unit>
 <trans-unit id="s8495753cb15e8d8e">
  <source>Maximum allowed registration attempts. When set to 0 attempts, attempts are not limited.</source>
+</trans-unit>
+<trans-unit id="sab4db6a3bd6abc1e">
+  <source>This application does currently not have any application entitlements defined.</source>
 </trans-unit>
    </body>
  </file>
--- a/web/xliff/nl.xlf
+++ b/web/xliff/nl.xlf
@ -8625,9 +8625,6 @@ Bindingen naar groepen/gebruikers worden gecontroleerd tegen de gebruiker van de
 <trans-unit id="s05849efeac672dc7">
  <source>No app entitlements created.</source>
 </trans-unit>
-<trans-unit id="sdc8a8f29af6aa411">
-  <source>This application does currently not have any application entitlement defined.</source>
-</trans-unit>
 <trans-unit id="sf0bd204ce3fea1de">
  <source>Create Entitlement</source>
 </trans-unit>
@ -9128,6 +9125,9 @@ Bindingen naar groepen/gebruikers worden gecontroleerd tegen de gebruiker van de
 </trans-unit>
 <trans-unit id="s8495753cb15e8d8e">
  <source>Maximum allowed registration attempts. When set to 0 attempts, attempts are not limited.</source>
+</trans-unit>
+<trans-unit id="sab4db6a3bd6abc1e">
+  <source>This application does currently not have any application entitlements defined.</source>
 </trans-unit>
    </body>
  </file>
--- a/web/xliff/pl.xlf
+++ b/web/xliff/pl.xlf
@ -9048,9 +9048,6 @@ Powiązania z grupami/użytkownikami są sprawdzane względem użytkownika zdarz
 <trans-unit id="s05849efeac672dc7">
  <source>No app entitlements created.</source>
 </trans-unit>
-<trans-unit id="sdc8a8f29af6aa411">
-  <source>This application does currently not have any application entitlement defined.</source>
-</trans-unit>
 <trans-unit id="sf0bd204ce3fea1de">
  <source>Create Entitlement</source>
 </trans-unit>
@ -9551,6 +9548,9 @@ Powiązania z grupami/użytkownikami są sprawdzane względem użytkownika zdarz
 </trans-unit>
 <trans-unit id="s8495753cb15e8d8e">
  <source>Maximum allowed registration attempts. When set to 0 attempts, attempts are not limited.</source>
+</trans-unit>
+<trans-unit id="sab4db6a3bd6abc1e">
+  <source>This application does currently not have any application entitlements defined.</source>
 </trans-unit>
    </body>
  </file>
--- a/web/xliff/pseudo-LOCALE.xlf
+++ b/web/xliff/pseudo-LOCALE.xlf
@ -9056,9 +9056,6 @@ Bindings to groups/users are checked against the user of the event.</source>
 <trans-unit id="s05849efeac672dc7">
  <source>No app entitlements created.</source>
 </trans-unit>
-<trans-unit id="sdc8a8f29af6aa411">
-  <source>This application does currently not have any application entitlement defined.</source>
-</trans-unit>
 <trans-unit id="sf0bd204ce3fea1de">
  <source>Create Entitlement</source>
 </trans-unit>
@ -9560,4 +9557,7 @@ Bindings to groups/users are checked against the user of the event.</source>
 <trans-unit id="s8495753cb15e8d8e">
  <source>Maximum allowed registration attempts. When set to 0 attempts, attempts are not limited.</source>
 </trans-unit>
+<trans-unit id="sab4db6a3bd6abc1e">
+  <source>This application does currently not have any application entitlements defined.</source>
+</trans-unit>
 </body></file></xliff>
--- a/web/xliff/ru.xlf
+++ b/web/xliff/ru.xlf
@ -9113,9 +9113,6 @@ Bindings to groups/users are checked against the user of the event.</source>
 <trans-unit id="s05849efeac672dc7">
  <source>No app entitlements created.</source>
 </trans-unit>
-<trans-unit id="sdc8a8f29af6aa411">
-  <source>This application does currently not have any application entitlement defined.</source>
-</trans-unit>
 <trans-unit id="sf0bd204ce3fea1de">
  <source>Create Entitlement</source>
 </trans-unit>
@ -9643,6 +9640,9 @@ Bindings to groups/users are checked against the user of the event.</source>
 </trans-unit>
 <trans-unit id="s8495753cb15e8d8e">
  <source>Maximum allowed registration attempts. When set to 0 attempts, attempts are not limited.</source>
+</trans-unit>
+<trans-unit id="sab4db6a3bd6abc1e">
+  <source>This application does currently not have any application entitlements defined.</source>
 </trans-unit>
    </body>
  </file>
--- a/web/xliff/tr.xlf
+++ b/web/xliff/tr.xlf
@ -9112,9 +9112,6 @@ Gruplara/kullanıcılara yapılan bağlamalar, etkinliğin kullanıcısına kar
 <trans-unit id="s05849efeac672dc7">
  <source>No app entitlements created.</source>
 </trans-unit>
-<trans-unit id="sdc8a8f29af6aa411">
-  <source>This application does currently not have any application entitlement defined.</source>
-</trans-unit>
 <trans-unit id="sf0bd204ce3fea1de">
  <source>Create Entitlement</source>
 </trans-unit>
@ -9615,6 +9612,9 @@ Gruplara/kullanıcılara yapılan bağlamalar, etkinliğin kullanıcısına kar
 </trans-unit>
 <trans-unit id="s8495753cb15e8d8e">
  <source>Maximum allowed registration attempts. When set to 0 attempts, attempts are not limited.</source>
+</trans-unit>
+<trans-unit id="sab4db6a3bd6abc1e">
+  <source>This application does currently not have any application entitlements defined.</source>
 </trans-unit>
    </body>
  </file>
--- a/web/xliff/zh-CN.xlf
+++ b/web/xliff/zh-CN.xlf
@ -5879,9 +5879,6 @@ Bindings to groups/users are checked against the user of the event.</source>
 <trans-unit id="s05849efeac672dc7">
  <source>No app entitlements created.</source>
 </trans-unit>
-<trans-unit id="sdc8a8f29af6aa411">
-  <source>This application does currently not have any application entitlement defined.</source>
-</trans-unit>
 <trans-unit id="sf0bd204ce3fea1de">
  <source>Create Entitlement</source>
 </trans-unit>
@ -6383,6 +6380,9 @@ Bindings to groups/users are checked against the user of the event.</source>
 <trans-unit id="s8495753cb15e8d8e">
  <source>Maximum allowed registration attempts. When set to 0 attempts, attempts are not limited.</source>
 </trans-unit>
+<trans-unit id="sab4db6a3bd6abc1e">
+  <source>This application does currently not have any application entitlements defined.</source>
+</trans-unit>
 </body>
 </file>
 </xliff>
--- a/web/xliff/zh-Hans.xlf
+++ b/web/xliff/zh-Hans.xlf
@ -9232,10 +9232,6 @@ Bindings to groups/users are checked against the user of the event.</source>
  <source>No app entitlements created.</source>
  <target>未创建应用程序授权。</target>
 </trans-unit>
-<trans-unit id="sdc8a8f29af6aa411">
-  <source>This application does currently not have any application entitlement defined.</source>
-  <target>此应用程序目前没有定义任何应用程序授权。</target>
-</trans-unit>
 <trans-unit id="sf0bd204ce3fea1de">
  <source>Create Entitlement</source>
  <target>创建授权</target>
@ -9898,6 +9894,9 @@ Bindings to groups/users are checked against the user of the event.</source>
 </trans-unit>
 <trans-unit id="s8495753cb15e8d8e">
  <source>Maximum allowed registration attempts. When set to 0 attempts, attempts are not limited.</source>
+</trans-unit>
+<trans-unit id="sab4db6a3bd6abc1e">
+  <source>This application does currently not have any application entitlements defined.</source>
 </trans-unit>
    </body>
  </file>
--- a/web/xliff/zh-Hant.xlf
+++ b/web/xliff/zh-Hant.xlf
@ -6964,9 +6964,6 @@ Bindings to groups/users are checked against the user of the event.</source>
 <trans-unit id="s05849efeac672dc7">
  <source>No app entitlements created.</source>
 </trans-unit>
-<trans-unit id="sdc8a8f29af6aa411">
-  <source>This application does currently not have any application entitlement defined.</source>
-</trans-unit>
 <trans-unit id="sf0bd204ce3fea1de">
  <source>Create Entitlement</source>
 </trans-unit>
@ -7467,6 +7464,9 @@ Bindings to groups/users are checked against the user of the event.</source>
 </trans-unit>
 <trans-unit id="s8495753cb15e8d8e">
  <source>Maximum allowed registration attempts. When set to 0 attempts, attempts are not limited.</source>
+</trans-unit>
+<trans-unit id="sab4db6a3bd6abc1e">
+  <source>This application does currently not have any application entitlements defined.</source>
 </trans-unit>
    </body>
  </file>
--- a/web/xliff/zh_TW.xlf
+++ b/web/xliff/zh_TW.xlf
@ -8700,9 +8700,6 @@ Bindings to groups/users are checked against the user of the event.</source>
 <trans-unit id="s05849efeac672dc7">
  <source>No app entitlements created.</source>
 </trans-unit>
-<trans-unit id="sdc8a8f29af6aa411">
-  <source>This application does currently not have any application entitlement defined.</source>
-</trans-unit>
 <trans-unit id="sf0bd204ce3fea1de">
  <source>Create Entitlement</source>
 </trans-unit>
@ -9203,6 +9200,9 @@ Bindings to groups/users are checked against the user of the event.</source>
 </trans-unit>
 <trans-unit id="s8495753cb15e8d8e">
  <source>Maximum allowed registration attempts. When set to 0 attempts, attempts are not limited.</source>
+</trans-unit>
+<trans-unit id="sab4db6a3bd6abc1e">
+  <source>This application does currently not have any application entitlements defined.</source>
 </trans-unit>
    </body>
  </file>
--- a/website/README.md
+++ b/website/README.md
@ -1,25 +1,11 @@
-# Website
+# authentik documentation source

-This website is built using [Docusaurus 2](https://docusaurus.io/), a modern static website generator.
+This directory contains the source files for the [authentik technical documentation](https://docs.goauthentik.io/docs?utm_source=github) and the [authentik integration guides](https://docs.goauthentik.io/integrations?utm_source=github).

-## Installation
+Contributions are welcome! Please refer to our [contributor guidelines](https://docs.goauthentik.io/docs/developer-docs?utm_source=github) for details about contributing code or docs.

-```console
-npm ci
-```
+For instructions to set up your local environment for building docs locally, refer to our [Docs development environment](https://docs.goauthentik.io/docs/developer-docs/setup/website-dev-environment?utm_source=github) page.

-## Local Development
+For instructions for writing the docs and then testing in your local build, plus tips on writing, links to our Style Guide and templates, see the [Writing documentation guide](https://docs.goauthentik.io/docs/developer-docs/docs/writing-documentation?utm_source=github).

-```console
-npm run watch
-```
-
-This command starts a local development server and open up a browser window. Most changes are reflected live without having to restart the server.
-
-## Build
-
-```console
-npm run build
-```
-
-This command generates static content into the `build` directory and can be served using any static contents hosting service.
+To ensure a smooth review process, we encourage you to build the documentation locally to preview and test your documentation contributions. Be sure to test locally before opening a pull request. Let us know if you have any questions or want help with any part of the process.
--- a/website/docs/enterprise/get-started.md
+++ b/website/docs/enterprise/get-started.md
@ -19,7 +19,7 @@ Access your Enterprise features by first [purchasing a license](./manage-enterpr

 To open the Customer Portal and buy a license, go to the Admin interface and in the left pane, navigate to **Enterprise -> Licenses**, and then click **Go to Customer Portal**.

-Alternatively you can open a new browser window and go directly to the [Customer Portal](https://customers.goauthentik.io/). If you do not yet have an authentik account, there is a [Sign up link](https://id.customers.goauthentik.io/signup) on the Customer Portal login page.
+Alternatively you can open a new browser window and go directly to the [Customer Portal](https://customers.goauthentik.io/). If you do not yet have an authentik account, there is a [Sign up link](https://customers.goauthentik.io/signup) on the Customer Portal login page.

 In the Customer Portal you [define your organization](./manage-enterprise.mdx#create-an-organization) and its members, manage your [licenses](./manage-enterprise.mdx#license-management) and [billing](./manage-enterprise.mdx#manage-billing), and access our [Support center](./entsupport.md).

--- a/website/docs/enterprise/manage-enterprise.mdx
+++ b/website/docs/enterprise/manage-enterprise.mdx
@ -50,7 +50,7 @@ Note that a license is associated with a specific Organization in the Customer P

 1. To get a license key, log in to your authentik account with your administrator credentials, and then click **Admin interface** in the upper right.

-2. On the **Admin interface**, navigate to **Enterprise → Licenses** in the left menu, and then click **Go to Customer Portal** under the **Get a license** section. Alternatively you can open a new browser window and go directly to the [Customer Portal](https://id.customers.goauthentik.io).
+2. On the **Admin interface**, navigate to **Enterprise → Licenses** in the left menu, and then click **Go to Customer Portal** under the **Get a license** section. Alternatively you can open a new browser window and go directly to the [Customer Portal](https://customers.goauthentik.io).

 3. Log in to the Customer Portal.

@ -138,7 +138,7 @@ Once a subscription is canceled, the associated license will still be valid unti

 Billing is based on each individual organization.

-1. To manage your billing, go to the [Customer Portal](https://id.customers.goauthentik.io) and click "My organizations" in the top menu bar.
+1. To manage your billing, go to the [Customer Portal](https://customers.goauthentik.io) and navigate to **Organizations > My organizations**.

 2. Select the organization for which you want to manage billing.

--- a/website/docs/users-sources/sources/social-logins/azure-ad/aad_01.png
+++ b/website/docs/users-sources/sources/social-logins/azure-ad/aad_01.png
--- a/website/docs/users-sources/sources/social-logins/azure-ad/authentik_01.png
+++ b/website/docs/users-sources/sources/social-logins/azure-ad/authentik_01.png
--- a/website/docs/users-sources/sources/social-logins/azure-ad/index.mdx
+++ b/website/docs/users-sources/sources/social-logins/azure-ad/index.mdx
@ -1,135 +0,0 @@
---
-title: Azure AD
-support_level: community
---
-
-## Preparation
-
-The following placeholders are used in this guide:
-
- `authentik.company` is the FQDN of the authentik install.
-
-## Azure setup
-
-1. Navigate to [portal.azure.com](https://portal.azure.com), and open the _App registration_ service
-2. Register a new application
-
-    Under _Supported account types_, select whichever account type applies to your use-case.
-
-    ![](./aad_01.png)
-
-3. Take note of the _Application (client) ID_ value.
-
-    If you selected _Single tenant_ in the _Supported account types_ prompt, also note the _Directory (tenant) ID_ value.
-
-4. Navigate to _Certificates & secrets_ in the sidebar, and to the _Client secrets_ tab.
-5. Add a new secret, with an identifier of your choice, and select any expiration. Currently the secret in authentik has to be rotated manually or via API, so it is recommended to choose at least 12 months.
-6. Note the secret's value in the _Value_ column.
-
-## authentik Setup
-
-In authentik, create a new _Azure AD OAuth Source_ in Resources -> Sources.
-
-Use the following settings:
-
- Name: `Azure AD`
- Slug: `azure-ad` (this must match the URL being used above)
- Consumer key: `*Application (client) ID* value from above`
- Consumer secret: `*Value* of the secret from above`
-
-If you kept the default _Supported account types_ selection of _Single tenant_, then you must change the URL below as well:
-
- OIDC Well-known URL: `https://login.microsoftonline.com/*Directory (tenant) ID* from above/v2.0/.well-known/openid-configuration`
-
-![](./authentik_01.png)
-
-Save, and you now have Azure AD as a source.
-
-:::note
-For more details on how-to have the new source display on the Login Page see [here](../../index.md#add-sources-to-default-login-page).
-:::
-
-### Automatic user enrollment and attribute mapping
-
-Using the following process you can auto-enroll your users without interaction, and directly control the mapping Azure attribute to authentik.
-attribute.
-
-1. Create a new _Expression Policy_ (see [here](../../../../customize/policies/index.md) for details).
-2. Use _azure-ad-mapping_ as the name.
-3. Add the following code and adjust to your needs.
-
-```python
-# save existing prompt data
-current_prompt_data = context.get('prompt_data', {})
-# make sure we are used in an oauth flow
-if 'oauth_userinfo' not in context:
-  ak_logger.warning(f"Missing expected oauth_userinfo in context. Context{context}")
-  return False
-oauth_data = context['oauth_userinfo']
-# map fields directly to user left hand are the field names provided by
-# the microsoft graph api on the right the user field names as used by authentik
-required_fields_map = {
-  'name': 'username',
-  'upn': 'email',
-  'given_name': 'name'
-}
-missing_fields = set(required_fields_map.keys()) - set(oauth_data.keys())
-if missing_fields:
-  ak_logger.warning(f"Missing expected fields. Missing fields {missing_fields}.")
-  return False
-for oauth_field, user_field in required_fields_map.items():
-  current_prompt_data[user_field] = oauth_data[oauth_field]
-# Define fields that should be mapped as extra user attributes
-attributes_map = {
-  'upn': 'upn',
-  'family_name': 'sn',
-  'name': 'name'
-}
-missing_attributes = set(attributes_map.keys()) - set(oauth_data.keys())
-if missing_attributes:
-  ak_logger.warning(f"Missing attributes: {missing_attributes}.")
-  return False
-# again make sure not to overwrite existing data
-current_attributes = current_prompt_data.get('attributes', {})
-for oauth_field, user_field in attributes_map.items():
-  current_attributes[user_field] = oauth_data[oauth_field]
-current_prompt_data['attributes'] = current_attributes
-context['prompt_data'] = current_prompt_data
-return True
-```
-
-4. Create a new enrollment flow _azure-ad-enrollment_ (see [here](../../../../add-secure-apps/flows-stages/flow/index.md) for details).
-5. Add the policy _default-source-enrollment-if-sso_ to the flow. To do so open the newly created flow.
-   Click on the tab **Policy/Group/User Bindings**. Click on **Bind existing policy** and choose _default-source-enrollment-if-sso_
-   from the list.
-6. Bind the stages _default-source-enrollment-write_ (order 0) and _default-source-enrollment-login_ (order 10) to the flow.
-7. Bind the policy _azure-ad-mapping_ to the stage _default-source-enrollment-write_. To do so open the flow _azure-ad-enrollment_
-   open the tab **Stage Bindings**, open the dropdown menu for the stage _default-source-enrollment-write_ and click on **Bind existing policy**
-   Select _azure-ad-mapping_.
-8. Open the source _azure-ad_. Click on edit.
-9. Open **Flow settings** and choose _azure-ad-enrollment_ as enrollment flow.
-
-Try to login with a **_new_** user. You should see no prompts and the user should have the correct information.
-
-### Machine-to-machine authentication:ak-version[2024.12]
-
-If using [Machine-to-Machine](../../../../add-secure-apps/providers/oauth2/client_credentials.mdx#jwt-authentication) authentication, some specific steps need to be considered.
-
-When getting the JWT token from Azure AD, set the scope to the Application ID URI, and _not_ the Graph URL; otherwise the JWT will be in an invalid format.
-
-```http
-POST /<azure-ad-tenant-id>/oauth2/v2.0/token/ HTTP/1.1
-Host: login.microsoftonline.com
-Content-Type: application/x-www-form-urlencoded
-
-grant_type=client_credentials&
-client_id=<application_client_id>&
-scope=api://<application_client_id>/.default&
-client_secret=<application_client_secret>
-```
-
-The JWT returned from the request above can be used with authentik to exchange it for an authentik JWT.
-
-:::note
-For instructions on how to display the new source on the authentik login page, refer to the [Add sources to default login page documentation](../../index.md#add-sources-to-default-login-page).
-:::
--- a/website/docs/users-sources/sources/social-logins/entra-id/index.mdx
+++ b/website/docs/users-sources/sources/social-logins/entra-id/index.mdx
@ -0,0 +1,96 @@
+---
+title: Entra ID
+support_level: community
+---
+
+## Preparation
+
+The following placeholders are used in this guide:
+
+- `authentik.company` is the FQDN of the authentik install.
+
+## Entra ID setup
+
+1. Log in to [Entra ID](https://entra.microsoft.com) using a global administrator account.
+2. Navigate to **Applications** > **App registrations**.
+3. Click **New registration** and select the following required configurations:
+    - **Name**: provide a descriptive name (e.g. `authentik`).
+    - Under **Supported account types**: select the account type that applies to your use-case (e.g. `Accounts in this organizational directory only (Default Directory only - Single tenant)`).
+    - Under **Redirect URI**:
+        - **Platform**: `Web`
+        - **URI**: `https://authentik.company/source/oauth/callback/entra-id/
+
+4. Click **Register**.
+    - The overview tab of the newly created authentik app registration opens. Take note of the `Application (client) ID`. If you selected `Accounts in this organizational directory only (Default Directory only - Single tenant)` as the **Supported account types**, also note the `Directory (tenant) ID`. These values will be required in authentik.
+5. In the sidebar, navigate to **Certificates & secrets**.
+6. Select the **Client secrets** tab and click **New Secret**. Provide the following required configurations:
+    - **Description**: provide a description for the secret (e.g. `authentik secret`.
+    - **Expires**: select an expiry duration. Currently the secret in authentik has to be rotated manually or via API, so it is recommended to choose at least 12 months.
+7. Copy the secret's value from the **Value** column.
+
+:::note
+The secret value must be copied immediately after its creation. It is not possible to view the secret value later.
+:::
+
+9. In the sidebar, navigate to **API Permissions**.
+10. Click **Add a permission** and select **Microsoft Graph** as the API.
+11. Select **Delegated permissions** as the permission type and assign the following permissions:
+    - Under **OpenID Permissions**: select `email`, `profile`, and `openid`.
+    - Under **Group Member** _(optional)_: if you need authentik to sync group membership information from Entra ID, select the `GroupMember.Read.All` permission.
+12. Click **Add permissions**.
+13. _(optional)_ If the `GroupMember.Read.All` permission has been selected, under **Configured permissions**, click **Grant admin consent for default directory**.
+
+## authentik Setup
+
+To support the integration of Entra ID with authentik, you need to create an Entra ID OAuth source in authentik.
+
+### Create Entra ID OAuth source
+
+1. Log in to authentik as an administrator, and open the authentik Admin interface.
+2. Navigate to **Directory** > **Federation and Social login**, click **Create**, and then configure the following settings:
+    - **Select type**: select **Entra ID OAuth Source** as the source type.
+    - **Create Entra ID OAuth Source**: provide a name, a slug which must match the slug used in the Entra ID `Redirect URI`, and the following required configurations:
+        - Under **Protocol Settings**:
+            - **Consumer key**: `Application (client) ID` from Entra ID.
+            - **Consumer secret**: value of the secret created in Entra ID.
+            - **Scopes**_(optional)_: if you need authentik to sync group membership information from Entra ID, add the `https://graph.microsoft.com/GroupMember.Read.All` scope.
+        - Under **URL Settings**:
+            - For **Single tenant** Entra ID applications:
+                - **Authorization URL**: `https://login.microsoftonline.com/<directory_(tenant)_id>/oauth2/v2.0/authorize`
+                - **Access token URL**: `https://login.microsoftonline.com/<directory_(tenant)_id>/oauth2/v2.0/token`
+                - **Profile URL**: `https://graph.microsoft.com/v1.0/me`
+                - **OIDC JWKS URL**: `https://login.microsoftonline.com/<directory_(tenant)_id>/discovery/v2.0/keys`
+            - For **Multi tenant** Entra ID applications:
+                - **Authorization URL**: `https://login.microsoftonline.com/common/oauth2/v2.0/authorize`
+                - **Access token URL**: `https://login.microsoftonline.com/common/oauth2/v2.0/token`
+                - **Profile URL**: `https://graph.microsoft.com/v1.0/me`
+                - **OIDC JWKS URL**: `https://login.microsoftonline.com/common/discovery/v2.0/keys`
+
+3. Click **Save**.
+
+:::note
+When group membership information is synced from Entra ID, authentik creates all groups that a user is a member of.
+:::
+
+### Machine-to-machine authentication:ak-version[2024.12]
+
+If using [Machine-to-Machine](../../../../add-secure-apps/providers/oauth2/client_credentials.mdx#jwt-authentication) authentication, some specific steps need to be considered.
+
+When getting the JWT token from Entra ID, set the scope to the **Application ID URI**, and _not_ the Graph URL; otherwise the JWT will be in an invalid format.
+
+```http
+POST /<entra_tenant_id>/oauth2/v2.0/token/ HTTP/1.1
+Host: login.microsoftonline.com
+Content-Type: application/x-www-form-urlencoded
+
+grant_type=client_credentials&
+client_id=<application_client_id>&
+scope=api://<application_client_id>/.default&
+client_secret=<application_client_secret>
+```
+
+The JWT returned from the request above can be used in authentik and exchanged for an authentik JWT.
+
+:::note
+For instructions on how to display the new source on the authentik login page, refer to the [Add sources to default login page documentation](../../index.md#add-sources-to-default-login-page).
+:::
--- a/website/integrations/services/hashicorp-vault/index.md
+++ b/website/integrations/services/hashicorp-vault/index.md
@ -96,15 +96,15 @@ vault write auth/oidc/role/reader \
      user_claim="sub" \
      policies="reader" \
      groups_claim="groups" \
-      oidc_scopes=[ "openid profile email" ]
+      oidc_scopes="openid,profile,email"
 ```

 Add a group.

 ```
-vault write identity/group/reader \
+vault write identity/group \
    name="reader" \
-    policies=["reader"] \
+    policies="reader" \
    type="external"
 ```

--- a/website/integrations/services/sssd/index.md
+++ b/website/integrations/services/sssd/index.md
@ -10,10 +10,7 @@ support_level: community
 >
 > -- https://sssd.io/

-Note that authentik supports _only_ user and group objects. As
-a consequence, it cannot be used to provide automount or sudo
-configuration nor can it provide netgroups or services to `nss`.
-Kerberos is also not supported.
+Note that authentik supports _only_ user and group objects. As a consequence, it cannot be used to provide automount or sudo configuration, nor can it provide netgroups or services to `nss`. Kerberos is also not supported.

 ## Preparation

@ -21,15 +18,10 @@ The following placeholders are used in this guide:

 - `authentik.company` is the FQDN of the authentik LDAP outpost installation.
 - `ldap.baseDN` is the Base DN you configure in the LDAP provider.
- `ldap.domain` is (typically) an FQDN for your domain. Usually
-  it is just the components of your base DN. For example, if
-  `ldap.baseDN` is `dc=ldap,dc=goauthentik,dc=io` then the domain
-  might be `ldap.goauthentik.io`.
- `ldap.searchGroup` is the "Search Group" that can can see all
-  users and groups in authentik.
+- `ldap.domain` is typically a fully qualified domain name (FQDN) representing your domain. It’s often derived from the components of your base DN. For example, if `ldap.baseDN` is `dc=ldap,dc=goauthentik,dc=io`, then the domain would be `ldap.goauthentik.io`.
+- `ldap.searchGroup` refers to the "Search Group" that has permission to view all users and groups within authentik.
 - `sssd.serviceAccount` is a service account created in authentik
- `sssd.serviceAccountToken` is the service account token generated
-  by authentik.
+- `sssd.serviceAccountToken` is the service account token generated by authentik.

 :::note
 This documentation lists only the settings that you need to change from their default values. Be aware that any changes other than those explicitly mentioned in this guide could cause issues accessing your application.
@ -45,19 +37,13 @@ Follow [official documentation](/docs/add-secure-apps/outposts/#create-and-confi

 ## sssd configuration

-First, install the necessary sssd packages on your host. Very likely
-the package is just `sssd`.
+First, install the necessary sssd packages on your host. Very likely the package is just `sssd`.

 :::note
-This guide well help you configure the `sssd.conf` for LDAP only. You
-will likely need to perform other tasks for a usable setup
-like setting up automounted or autocreated home directories that
-are beyond the scope of this guide. See the "additional resources"
-section for some help.
+This guide will help you configure the `sssd.conf` file for LDAP only. You will likely need to perform other tasks for a usable setup like setting up auto-mounted or auto-created home directories that are beyond the scope of this guide. See the "additional resources" section for some help.
 :::

-Create a file at `/etc/sssd/sssd.conf` with contents similar to
-the following:
+Create a file at `/etc/sssd/sssd.conf` with contents similar to the following:

 ```ini
 [nss]
@ -100,29 +86,30 @@ ldap_default_bind_dn = cn=${sssd.serviceAccount},ou=users,${ldap.baseDN}
 ldap_default_authtok = ${sssd.serviceAccountToken}
 ```

-You should now be able to start sssd; however, the system may not
-yet be setup to use it. Depending on your platform, you may need to
-use `authconfig` or `pam-auth-update` to configure your system. See
-the additional resources section for details.
+You should now be able to start sssd; however, the system may not yet be set up to use it. Depending on your platform, you might need to use `authconfig` or `pam-auth-update` to configure your system. See the additional resources section for details.

 :::note
-You can store SSH authorized keys in LDAP by adding the
-`sshPublicKey` attribute to any user with their public key as
-the value.
+You can store SSH authorized keys in LDAP by adding the `sshPublicKey` attribute to any user with their public key as the value.
+
+Please note that by default, sssd returns all user accounts; active and disabled. This means that disabled user accounts can still authenticate via `sshPublicKey`. To prevent this, you can filter out disabled user accounts by adding the following lines to the LDAP section of your `sssd.conf` file:
+
+```ini
+#ldap_access_order = filter
+#ldap_access_filter = ak-active=true
+```
+
 :::

 ## Additional Resources

-The setup of sssd may vary based on Linux distribution and version,
-here are some resources that can help you get this setup:
+The setup of sssd might vary based on Linux distribution and version; here are some resources that can help you get this set up:

 :::note
-authentik is providing a simple LDAP server, not an Active Directory
-domain. Be sure you're looking at the correct sections in these guides.
+authentik is providing a simple LDAP server, not an Active Directory domain. Be sure you're looking at the correct sections in these guides.
 :::

- https://sssd.io/docs/quick-start.html#quick-start-ldap
- https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/system-level_authentication_guide/configuring_services
- https://ubuntu.com/server/docs/service-sssd
- https://manpages.debian.org/unstable/sssd-ldap/sssd-ldap.5.en.html
- https://wiki.archlinux.org/title/LDAP_authentication
+- [SSSD Docs - Quick Start LDAP](https://sssd.io/docs/quick-start.html#quick-start-ldap)
+- [RedHat Docs - Configuring System Services for SSSD](https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/system-level_authentication_guide/configuring_services)
+- [Ubuntu Docs - Introduction to network user authentication with SSSD](https://ubuntu.com/server/docs/service-sssd)
+- [Debian Manpages - SSSD LDAP provider](https://manpages.debian.org/unstable/sssd-ldap/sssd-ldap.5.en.html)
+- [Arch Linux Wiki - LDAP authentication](https://wiki.archlinux.org/title/LDAP_authentication)
--- a/website/package-lock.json
+++ b/website/package-lock.json
@ -19,7 +19,6 @@
                "@goauthentik/docusaurus-config": "^1.1.0",
                "@goauthentik/tsconfig": "^1.0.4",
                "@mdx-js/react": "^3.1.0",
-                "@swc/html-linux-x64-gnu": "1.12.6",
                "clsx": "^2.1.1",
                "docusaurus-plugin-openapi-docs": "^4.4.0",
                "docusaurus-theme-openapi-docs": "^4.4.0",
@ -42,7 +41,7 @@
                "@goauthentik/tsconfig": "^1.0.4",
                "@trivago/prettier-plugin-sort-imports": "^5.2.2",
                "@types/lodash": "^4.17.18",
-                "@types/node": "^24.0.3",
+                "@types/node": "^24.0.4",
                "@types/postman-collection": "^3.5.11",
                "@types/react": "^18.3.22",
                "@types/semver": "^7.7.0",
@ -6616,9 +6615,9 @@
            "license": "MIT"
        },
        "node_modules/@types/node": {
-            "version": "24.0.3",
-            "resolved": "https://registry.npmjs.org/@types/node/-/node-24.0.3.tgz",
-            "integrity": "sha512-R4I/kzCYAdRLzfiCabn9hxWfbuHS573x+r0dJMkkzThEa7pbrcDWK+9zu3e7aBOouf+rQAciqPFMnxwr0aWgKg==",
+            "version": "24.0.4",
+            "resolved": "https://registry.npmjs.org/@types/node/-/node-24.0.4.tgz",
+            "integrity": "sha512-ulyqAkrhnuNq9pB76DRBTkcS6YsmDALy6Ua63V8OhrOBgbcYt6IOdzpw5P1+dyRIyMerzLkeYWBeOXPpA9GMAA==",
            "license": "MIT",
            "dependencies": {
                "undici-types": "~7.8.0"
--- a/website/package.json
+++ b/website/package.json
@ -58,7 +58,7 @@
        "@goauthentik/tsconfig": "^1.0.4",
        "@trivago/prettier-plugin-sort-imports": "^5.2.2",
        "@types/lodash": "^4.17.18",
-        "@types/node": "^24.0.3",
+        "@types/node": "^24.0.4",
        "@types/postman-collection": "^3.5.11",
        "@types/react": "^18.3.22",
        "@types/semver": "^7.7.0",
--- a/website/sidebars/docs.mjs
+++ b/website/sidebars/docs.mjs
@ -555,7 +555,7 @@ const items = [
                        },
                        items: [
                            "users-sources/sources/social-logins/apple/index",
-                            "users-sources/sources/social-logins/azure-ad/index",
+                            "users-sources/sources/social-logins/entra-id/index",
                            "users-sources/sources/social-logins/discord/index",
                            "users-sources/sources/social-logins/facebook/index",
                            "users-sources/sources/social-logins/github/index",
Author	SHA1	Message	Date
Dewi Roberts	4f028e1cd4	Applied suggestions	2025-06-26 12:00:15 +03:00
Dewi Roberts	25488200b9	Typo	2025-06-26 01:05:35 +03:00
Dewi Roberts	5158958e16	Prettier fix	2025-06-25 23:59:30 +03:00
Dewi Roberts	90dc54dd4c	Completed	2025-06-25 23:50:55 +03:00
Dominic R	816d9668eb	website: add reference to "writing documentation" to readme (#15245 ) * website: add reference to "writing documentation" to readme As per: https://www.notion.so/authentiksecurity/Check-ins-17caee05b24e80a0aec6c7d508406435?source=copy_link#21daee05b24e8041adbadd3082ec7c8f * Update website/README.md Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com> Signed-off-by: Dominic R <dominic@sdko.org> * lint readme --------- Signed-off-by: Dominic R <dominic@sdko.org> Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>	2025-06-25 14:45:01 -05:00
Dominic R	371d35ec06	website: minimalistic readme (#14240 ) * website: propose minimalistic readme Introduce a minimalistic README for the website, link official website, and direct users to contribution guidelines, and finally also removes build commands from README (as source of truth is website) Signed-off-by: Dominic R <dominic@sdko.org> * Update README.md Signed-off-by: Dominic R <dominic@sdko.org> * fix md link Signed-off-by: Dominic R <dominic@sdko.org> * I suppose i'm used to appending /CONTRUBUTING(.md or not) to contrib docs Signed-off-by: Dominic R <dominic@sdko.org> * add utm source as used on the main readme Signed-off-by: Dominic R <dominic@sdko.org> * Apply suggestions from code review Signed-off-by: Dominic R <dominic@sdko.org> * Update website/README.md Signed-off-by: Dominic R <dominic@sdko.org> --------- Signed-off-by: Dominic R <dominic@sdko.org>	2025-06-25 18:00:14 +00:00
Marcelo Elizeche Landó	664d3593ca	core: bump oauthlib from 3.2.2 to v3.3.1 (#15242 )	2025-06-25 17:09:50 +00:00
Marcelo Elizeche Landó	7acd27eea8	core: bump boto3 from 1.38.29 to v1.38.43 (#15239 )	2025-06-25 16:48:52 +00:00
Marcelo Elizeche Landó	83550dc50d	core: bump multidict from 6.4.4 to v6.5.1 (#15241 )	2025-06-25 16:48:37 +00:00
Marcelo Elizeche Landó	c272dd70fd	core: bump click-plugins from 1.1.1 to v1.1.1.2 (#15240 )	2025-06-25 16:48:24 +00:00
Marcelo Elizeche Landó	ae1d82dc69	core: bump python-dotenv from 1.1.0 to v1.1.1 (#15244 )	2025-06-25 16:48:17 +00:00
Marcelo Elizeche Landó	dd42eeab62	core: bump pygments from 2.19.1 to v2.19.2 (#15243 )	2025-06-25 16:48:01 +00:00
Jens L.	680db9bae6	events: use pending_user as user when possible (#15238 ) * unrelated: dont show nested for user Signed-off-by: Jens Langhammer <jens@goauthentik.io> * unrelated: fix error when no extents in. map Signed-off-by: Jens Langhammer <jens@goauthentik.io> * events: use pending_user when possible Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix for identification stage "fake" user Signed-off-by: Jens Langhammer <jens@goauthentik.io> * better username rendering Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-06-25 18:22:51 +02:00
Jens L.	31b72751bc	blueprints: add JSON tag to parse JSON from string (#15235 )	2025-06-25 18:19:28 +02:00
Dewi Roberts	8210067479	website/integrations: add ssh active user filter to sssd integration doc (#15203 ) * Update sssd integration doc * Improve language * Update website/integrations/services/sssd/index.md Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com> Signed-off-by: Dewi Roberts <dewi@goauthentik.io> * Update website/integrations/services/sssd/index.md Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com> Signed-off-by: Dewi Roberts <dewi@goauthentik.io> * Update website/integrations/services/sssd/index.md Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com> Signed-off-by: Dewi Roberts <dewi@goauthentik.io> * Update website/integrations/services/sssd/index.md Co-authored-by: Dominic R <dominic@sdko.org> Signed-off-by: Dewi Roberts <dewi@goauthentik.io> * Update website/integrations/services/sssd/index.md Co-authored-by: Dominic R <dominic@sdko.org> Signed-off-by: Dewi Roberts <dewi@goauthentik.io> * Minor changes --------- Signed-off-by: Dewi Roberts <dewi@goauthentik.io> Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com> Co-authored-by: Dominic R <dominic@sdko.org>	2025-06-25 17:01:23 +01:00
authentik-automation[bot]	423911d974	web: bump API Client version (#15237 ) Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>	2025-06-25 13:24:56 +00:00
Jens L.	d4ca070d76	core: better API validation for JSON fields (#15236 ) * core: better API validation for JSON fields Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix web Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-06-25 15:05:32 +02:00
dependabot[bot]	db1e8b291f	website: bump @types/node from 24.0.3 to 24.0.4 in /website (#15230 ) Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 24.0.3 to 24.0.4. - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node) --- updated-dependencies: - dependency-name: "@types/node" dependency-version: 24.0.4 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-06-25 13:47:04 +02:00
dependabot[bot]	44ff6fce23	core: bump github.com/redis/go-redis/v9 from 9.10.0 to 9.11.0 (#15231 ) Bumps [github.com/redis/go-redis/v9](https://github.com/redis/go-redis) from 9.10.0 to 9.11.0. - [Release notes](https://github.com/redis/go-redis/releases) - [Changelog](https://github.com/redis/go-redis/blob/master/CHANGELOG.md) - [Commits](https://github.com/redis/go-redis/compare/v9.10.0...v9.11.0) --- updated-dependencies: - dependency-name: github.com/redis/go-redis/v9 dependency-version: 9.11.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-06-25 13:47:01 +02:00
dependabot[bot]	085c22a41a	core: bump goauthentik.io/api/v3 from 3.2025062.4 to 3.2025062.5 (#15232 ) Bumps [goauthentik.io/api/v3](https://github.com/goauthentik/client-go) from 3.2025062.4 to 3.2025062.5. - [Release notes](https://github.com/goauthentik/client-go/releases) - [Changelog](https://github.com/goauthentik/client-go/blob/main/model_version_history.go) - [Commits](https://github.com/goauthentik/client-go/compare/v3.2025062.4...v3.2025062.5) --- updated-dependencies: - dependency-name: goauthentik.io/api/v3 dependency-version: 3.2025062.5 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-06-25 13:46:58 +02:00
dependabot[bot]	fb2887fa4b	core: bump sentry-sdk from 2.30.0 to 2.31.0 (#15233 ) Bumps [sentry-sdk](https://github.com/getsentry/sentry-python) from 2.30.0 to 2.31.0. - [Release notes](https://github.com/getsentry/sentry-python/releases) - [Changelog](https://github.com/getsentry/sentry-python/blob/master/CHANGELOG.md) - [Commits](https://github.com/getsentry/sentry-python/compare/2.30.0...2.31.0) --- updated-dependencies: - dependency-name: sentry-sdk dependency-version: 2.31.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-06-25 13:46:56 +02:00
authentik-automation[bot]	ed41eb66de	core, web: update translations (#15229 ) Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>	2025-06-25 13:04:31 +02:00
Balázs Hasprai	ee8122baa7	website/docs: fix documentation for external group write commands in hashicorp-vault integrations (#15234 ) Fix external group write Signed-off-by: Balázs Hasprai <balazs.hasprai@hbalazs.com>	2025-06-25 10:01:17 +00:00
Dominic R	f0d70eef6f	website/docs: enterprise: fix link for customer portal (#15225 ) * website/docs: enterprise: fix link for customer portal * fix more Signed-off-by: Dominic R <dominic@sdko.org> * fix more Signed-off-by: Dominic R <dominic@sdko.org> * Update website/docs/enterprise/manage-enterprise.mdx Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com> --------- Signed-off-by: Dominic R <dominic@sdko.org> Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com> Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>	2025-06-24 18:14:19 -05:00