format

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

authentik/providers/oauth2/errors.py

@@ -15,7 +15,6 @@ class OAuth2Error(SentryIgnoredException):
 
     error: str
     description: str
-    cause: str | None = None
 
     def create_dict(self):
         """Return error as dict for JSON Rendering"""
@@ -35,10 +34,6 @@ class OAuth2Error(SentryIgnoredException):
             **kwargs,
         )
 
-    def with_cause(self, cause: str):
-        self.cause = cause
-        return self
-
 
 class RedirectUriError(OAuth2Error):
     """The request fails due to a missing, invalid, or mismatching

authentik/providers/oauth2/tests/test_authorize.py

@@ -12,7 +12,7 @@ from authentik.core.tests.utils import create_test_admin_user, create_test_flow
 from authentik.events.models import Event, EventAction
 from authentik.lib.generators import generate_id
 from authentik.lib.utils.time import timedelta_from_string
-from authentik.providers.oauth2.constants import SCOPE_OFFLINE_ACCESS, SCOPE_OPENID, TOKEN_TYPE
+from authentik.providers.oauth2.constants import TOKEN_TYPE
 from authentik.providers.oauth2.errors import AuthorizeError, ClientIdError, RedirectUriError
 from authentik.providers.oauth2.models import (
     AccessToken,
@@ -43,7 +43,7 @@ class TestAuthorize(OAuthTestCase):
             authorization_flow=create_test_flow(),
             redirect_uris=[RedirectURI(RedirectURIMatchingMode.STRICT, "http://local.invalid/Foo")],
         )
-        with self.assertRaises(AuthorizeError) as cm:
+        with self.assertRaises(AuthorizeError):
             request = self.factory.get(
                 "/",
                 data={
@@ -53,7 +53,6 @@ class TestAuthorize(OAuthTestCase):
                 },
             )
             OAuthAuthorizationParams.from_request(request)
-        self.assertEqual(cm.exception.error, "unsupported_response_type")
 
     def test_invalid_client_id(self):
         """Test invalid client ID"""
@@ -69,7 +68,7 @@ class TestAuthorize(OAuthTestCase):
             authorization_flow=create_test_flow(),
             redirect_uris=[RedirectURI(RedirectURIMatchingMode.STRICT, "http://local.invalid/Foo")],
         )
-        with self.assertRaises(AuthorizeError) as cm:
+        with self.assertRaises(AuthorizeError):
             request = self.factory.get(
                 "/",
                 data={
@@ -80,30 +79,19 @@ class TestAuthorize(OAuthTestCase):
                 },
             )
             OAuthAuthorizationParams.from_request(request)
-        self.assertEqual(cm.exception.error, "request_not_supported")
-
-    def test_invalid_redirect_uri_missing(self):
-        """test missing redirect URI"""
-        OAuth2Provider.objects.create(
-            name=generate_id(),
-            client_id="test",
-            authorization_flow=create_test_flow(),
-            redirect_uris=[RedirectURI(RedirectURIMatchingMode.STRICT, "http://local.invalid")],
-        )
-        with self.assertRaises(RedirectUriError) as cm:
-            request = self.factory.get("/", data={"response_type": "code", "client_id": "test"})
-            OAuthAuthorizationParams.from_request(request)
-        self.assertEqual(cm.exception.cause, "redirect_uri_missing")
 
     def test_invalid_redirect_uri(self):
-        """test invalid redirect URI"""
+        """test missing/invalid redirect URI"""
         OAuth2Provider.objects.create(
             name=generate_id(),
             client_id="test",
             authorization_flow=create_test_flow(),
             redirect_uris=[RedirectURI(RedirectURIMatchingMode.STRICT, "http://local.invalid")],
         )
-        with self.assertRaises(RedirectUriError) as cm:
+        with self.assertRaises(RedirectUriError):
+            request = self.factory.get("/", data={"response_type": "code", "client_id": "test"})
+            OAuthAuthorizationParams.from_request(request)
+        with self.assertRaises(RedirectUriError):
             request = self.factory.get(
                 "/",
                 data={
@@ -113,7 +101,6 @@ class TestAuthorize(OAuthTestCase):
                 },
             )
             OAuthAuthorizationParams.from_request(request)
-        self.assertEqual(cm.exception.cause, "redirect_uri_no_match")
 
     def test_blocked_redirect_uri(self):
         """test missing/invalid redirect URI"""
@@ -121,9 +108,9 @@ class TestAuthorize(OAuthTestCase):
             name=generate_id(),
             client_id="test",
             authorization_flow=create_test_flow(),
-            redirect_uris=[RedirectURI(RedirectURIMatchingMode.STRICT, "data:localhost")],
+            redirect_uris=[RedirectURI(RedirectURIMatchingMode.STRICT, "data:local.invalid")],
         )
-        with self.assertRaises(RedirectUriError) as cm:
+        with self.assertRaises(RedirectUriError):
             request = self.factory.get(
                 "/",
                 data={
@@ -133,7 +120,6 @@ class TestAuthorize(OAuthTestCase):
                 },
             )
             OAuthAuthorizationParams.from_request(request)
-        self.assertEqual(cm.exception.cause, "redirect_uri_forbidden_scheme")
 
     def test_invalid_redirect_uri_empty(self):
         """test missing/invalid redirect URI"""
@@ -143,6 +129,9 @@ class TestAuthorize(OAuthTestCase):
             authorization_flow=create_test_flow(),
             redirect_uris=[],
         )
+        with self.assertRaises(RedirectUriError):
+            request = self.factory.get("/", data={"response_type": "code", "client_id": "test"})
+            OAuthAuthorizationParams.from_request(request)
         request = self.factory.get(
             "/",
             data={
@@ -161,9 +150,12 @@ class TestAuthorize(OAuthTestCase):
             name=generate_id(),
             client_id="test",
             authorization_flow=create_test_flow(),
-            redirect_uris=[RedirectURI(RedirectURIMatchingMode.REGEX, "http://local.invalid?")],
+            redirect_uris=[RedirectURI(RedirectURIMatchingMode.STRICT, "http://local.invalid?")],
         )
-        with self.assertRaises(RedirectUriError) as cm:
+        with self.assertRaises(RedirectUriError):
+            request = self.factory.get("/", data={"response_type": "code", "client_id": "test"})
+            OAuthAuthorizationParams.from_request(request)
+        with self.assertRaises(RedirectUriError):
             request = self.factory.get(
                 "/",
                 data={
@@ -173,7 +165,6 @@ class TestAuthorize(OAuthTestCase):
                 },
             )
             OAuthAuthorizationParams.from_request(request)
-        self.assertEqual(cm.exception.cause, "redirect_uri_no_match")
 
     def test_redirect_uri_invalid_regex(self):
         """test missing/invalid redirect URI (invalid regex)"""
@@ -181,9 +172,12 @@ class TestAuthorize(OAuthTestCase):
             name=generate_id(),
             client_id="test",
             authorization_flow=create_test_flow(),
-            redirect_uris=[RedirectURI(RedirectURIMatchingMode.REGEX, "+")],
+            redirect_uris=[RedirectURI(RedirectURIMatchingMode.STRICT, "+")],
         )
-        with self.assertRaises(RedirectUriError) as cm:
+        with self.assertRaises(RedirectUriError):
+            request = self.factory.get("/", data={"response_type": "code", "client_id": "test"})
+            OAuthAuthorizationParams.from_request(request)
+        with self.assertRaises(RedirectUriError):
             request = self.factory.get(
                 "/",
                 data={
@@ -193,22 +187,23 @@ class TestAuthorize(OAuthTestCase):
                 },
             )
             OAuthAuthorizationParams.from_request(request)
-        self.assertEqual(cm.exception.cause, "redirect_uri_no_match")
 
-    def test_redirect_uri_regex(self):
-        """test valid redirect URI (regex)"""
+    def test_empty_redirect_uri(self):
+        """test empty redirect URI (configure in provider)"""
         OAuth2Provider.objects.create(
             name=generate_id(),
             client_id="test",
             authorization_flow=create_test_flow(),
-            redirect_uris=[RedirectURI(RedirectURIMatchingMode.REGEX, ".+")],
         )
+        with self.assertRaises(RedirectUriError):
+            request = self.factory.get("/", data={"response_type": "code", "client_id": "test"})
+            OAuthAuthorizationParams.from_request(request)
         request = self.factory.get(
             "/",
             data={
                 "response_type": "code",
                 "client_id": "test",
-                "redirect_uri": "http://foo.bar.baz",
+                "redirect_uri": "http://localhost",
             },
         )
         OAuthAuthorizationParams.from_request(request)
@@ -263,7 +258,7 @@ class TestAuthorize(OAuthTestCase):
             GrantTypes.IMPLICIT,
         )
         # Implicit without openid scope
-        with self.assertRaises(AuthorizeError) as cm:
+        with self.assertRaises(AuthorizeError):
             request = self.factory.get(
                 "/",
                 data={
@@ -290,7 +285,7 @@ class TestAuthorize(OAuthTestCase):
         self.assertEqual(
             OAuthAuthorizationParams.from_request(request).grant_type, GrantTypes.HYBRID
         )
-        with self.assertRaises(AuthorizeError) as cm:
+        with self.assertRaises(AuthorizeError):
             request = self.factory.get(
                 "/",
                 data={
@@ -300,7 +295,6 @@ class TestAuthorize(OAuthTestCase):
                 },
             )
             OAuthAuthorizationParams.from_request(request)
-        self.assertEqual(cm.exception.error, "unsupported_response_type")
 
     def test_full_code(self):
         """Test full authorization"""
@@ -621,54 +615,3 @@ class TestAuthorize(OAuthTestCase):
                 },
             },
         )
-
-    def test_openid_missing_invalid(self):
-        """test request requiring an OpenID scope to be set"""
-        OAuth2Provider.objects.create(
-            name=generate_id(),
-            client_id="test",
-            authorization_flow=create_test_flow(),
-            redirect_uris=[RedirectURI(RedirectURIMatchingMode.STRICT, "http://localhost")],
-        )
-        request = self.factory.get(
-            "/",
-            data={
-                "response_type": "id_token",
-                "client_id": "test",
-                "redirect_uri": "http://localhost",
-                "scope": "",
-            },
-        )
-        with self.assertRaises(AuthorizeError) as cm:
-            OAuthAuthorizationParams.from_request(request)
-        self.assertEqual(cm.exception.cause, "scope_openid_missing")
-
-    @apply_blueprint("system/providers-oauth2.yaml")
-    def test_offline_access_invalid(self):
-        """test request for offline_access with invalid response type"""
-        provider = OAuth2Provider.objects.create(
-            name=generate_id(),
-            client_id="test",
-            authorization_flow=create_test_flow(),
-            redirect_uris=[RedirectURI(RedirectURIMatchingMode.STRICT, "http://localhost")],
-        )
-        provider.property_mappings.set(
-            ScopeMapping.objects.filter(
-                managed__in=[
-                    "goauthentik.io/providers/oauth2/scope-openid",
-                    "goauthentik.io/providers/oauth2/scope-offline_access",
-                ]
-            )
-        )
-        request = self.factory.get(
-            "/",
-            data={
-                "response_type": "id_token",
-                "client_id": "test",
-                "redirect_uri": "http://localhost",
-                "scope": f"{SCOPE_OPENID} {SCOPE_OFFLINE_ACCESS}",
-                "nonce": generate_id(),
-            },
-        )
-        parsed = OAuthAuthorizationParams.from_request(request)
-        self.assertNotIn(SCOPE_OFFLINE_ACCESS, parsed.scope)

authentik/providers/oauth2/views/authorize.py

@@ -190,7 +190,7 @@ class OAuthAuthorizationParams:
         allowed_redirect_urls = self.provider.redirect_uris
         if not self.redirect_uri:
             LOGGER.warning("Missing redirect uri.")
-            raise RedirectUriError("", allowed_redirect_urls).with_cause("redirect_uri_missing")
+            raise RedirectUriError("", allowed_redirect_urls)
 
         if len(allowed_redirect_urls) < 1:
             LOGGER.info("Setting redirect for blank redirect_uris", redirect=self.redirect_uri)
@@ -219,14 +219,10 @@ class OAuthAuthorizationParams:
                         provider=self.provider,
                     )
         if not match_found:
-            raise RedirectUriError(self.redirect_uri, allowed_redirect_urls).with_cause(
-                "redirect_uri_no_match"
-            )
+            raise RedirectUriError(self.redirect_uri, allowed_redirect_urls)
         # Check against forbidden schemes
         if urlparse(self.redirect_uri).scheme in FORBIDDEN_URI_SCHEMES:
-            raise RedirectUriError(self.redirect_uri, allowed_redirect_urls).with_cause(
-                "redirect_uri_forbidden_scheme"
-            )
+            raise RedirectUriError(self.redirect_uri, allowed_redirect_urls)
 
     def check_scope(self, github_compat=False):
         """Ensure openid scope is set in Hybrid flows, or when requesting an id_token"""
@@ -255,9 +251,7 @@ class OAuthAuthorizationParams:
             or self.response_type in [ResponseTypes.ID_TOKEN, ResponseTypes.ID_TOKEN_TOKEN]
         ):
             LOGGER.warning("Missing 'openid' scope.")
-            raise AuthorizeError(
-                self.redirect_uri, "invalid_scope", self.grant_type, self.state
-            ).with_cause("scope_openid_missing")
+            raise AuthorizeError(self.redirect_uri, "invalid_scope", self.grant_type, self.state)
         if SCOPE_OFFLINE_ACCESS in self.scope:
             # https://openid.net/specs/openid-connect-core-1_0.html#OfflineAccess
             # Don't explicitly request consent with offline_access, as the spec allows for
@@ -292,9 +286,7 @@ class OAuthAuthorizationParams:
             return
         if not self.nonce:
             LOGGER.warning("Missing nonce for OpenID Request")
-            raise AuthorizeError(
-                self.redirect_uri, "invalid_request", self.grant_type, self.state
-            ).with_cause("none_missing")
+            raise AuthorizeError(self.redirect_uri, "invalid_request", self.grant_type, self.state)
 
     def check_code_challenge(self):
         """PKCE validation of the transformation method."""
@@ -353,10 +345,10 @@ class AuthorizationFlowInitView(PolicyAccessView):
                 self.request, github_compat=self.github_compat
             )
         except AuthorizeError as error:
-            LOGGER.warning(error.description, redirect_uri=error.redirect_uri, cause=error.cause)
+            LOGGER.warning(error.description, redirect_uri=error.redirect_uri)
             raise RequestValidationError(error.get_response(self.request)) from None
         except OAuth2Error as error:
-            LOGGER.warning(error.description, cause=error.cause)
+            LOGGER.warning(error.description)
             raise RequestValidationError(
                 bad_request_message(self.request, error.description, title=error.error)
             ) from None

packages/eslint-config/package-lock.json

@@ -17,7 +17,7 @@
                 "eslint-plugin-wc": "^3.0.1"
             },
             "devDependencies": {
-                "@goauthentik/prettier-config": "^1.0.1",
+                "@goauthentik/prettier-config": "^2.0.0",
                 "@goauthentik/tsconfig": "^1.0.1",
                 "@types/eslint": "^9.6.1",
                 "typescript": "^5.8.3",
@@ -308,9 +308,9 @@
             }
         },
         "node_modules/@goauthentik/prettier-config": {
-            "version": "1.0.5",
-            "resolved": "https://registry.npmjs.org/@goauthentik/prettier-config/-/prettier-config-1.0.5.tgz",
-            "integrity": "sha512-3W1uJvhzBPerDao53hSXhNzB7Ev8DbGYh+gVkuku1FaUZGBpiwD/6U3ah4sny8NoRiObGQ1geF4dhNLtlRbC/Q==",
+            "version": "2.0.0",
+            "resolved": "https://registry.npmjs.org/@goauthentik/prettier-config/-/prettier-config-2.0.0.tgz",
+            "integrity": "sha512-W+PAea+pH511lC4omoyeNGkFS+/AytrCMdtN7dIUJhaufMppYHLagyvurhyb5mUCg/j4DphCcunguj6dkiRVRw==",
             "dev": true,
             "license": "MIT",
             "engines": {

packages/eslint-config/package.json

@@ -35,7 +35,7 @@
         "eslint-plugin-wc": "^3.0.1"
     },
     "devDependencies": {
-        "@goauthentik/prettier-config": "^1.0.1",
+        "@goauthentik/prettier-config": "^2.0.0",
         "@goauthentik/tsconfig": "^1.0.1",
         "@types/eslint": "^9.6.1",
         "typescript": "^5.8.3",

web/.storybook/manager.js

@@ -4,6 +4,7 @@
  * @import { ThemeVarsPartial } from "storybook/internal/theming";
  */
 import { createUIThemeEffect, resolveUITheme } from "@goauthentik/web/common/theme.ts";
+
 import { addons } from "@storybook/manager-api";
 import { create } from "@storybook/theming/create";
 

web/bundler/mdx-plugin/node.js

@@ -11,6 +11,7 @@
  * } from "esbuild"
  */
 import { MonoRepoRoot } from "@goauthentik/core/paths/node";
+
 import * as fs from "node:fs/promises";
 import * as path from "node:path";
 

web/eslint.config.mjs

@@ -1,4 +1,5 @@
 import { createESLintPackageConfig } from "@goauthentik/eslint-config";
+
 import tseslint from "typescript-eslint";
 
 // @ts-check

web/package-lock.json

@@ -34,7 +34,6 @@
                 "@sentry/browser": "^9.28.1",
                 "@spotlightjs/spotlight": "^3.0.0",
                 "@webcomponents/webcomponentsjs": "^2.8.0",
-                "base64-js": "^1.5.1",
                 "change-case": "^5.4.4",
                 "chart.js": "^4.4.9",
                 "chartjs-adapter-date-fns": "^3.0.0",
@@ -66,6 +65,7 @@
                 "trusted-types": "^2.0.0",
                 "ts-pattern": "^5.7.1",
                 "unist-util-visit": "^5.0.0",
+                "webauthn-polyfills": "^0.1.7",
                 "webcomponent-qr-code": "^1.2.0",
                 "yaml": "^2.8.0"
             },
@@ -74,7 +74,7 @@
                 "@goauthentik/core": "^1.0.0",
                 "@goauthentik/esbuild-plugin-live-reload": "^1.0.4",
                 "@goauthentik/eslint-config": "^1.0.5",
-                "@goauthentik/prettier-config": "^1.0.5",
+                "@goauthentik/prettier-config": "^2.0.0",
                 "@goauthentik/tsconfig": "^1.0.4",
                 "@hcaptcha/types": "^1.0.4",
                 "@lit/localize-tools": "^0.8.0",
@@ -1773,9 +1773,9 @@
             }
         },
         "node_modules/@goauthentik/prettier-config": {
-            "version": "1.0.5",
-            "resolved": "https://registry.npmjs.org/@goauthentik/prettier-config/-/prettier-config-1.0.5.tgz",
-            "integrity": "sha512-3W1uJvhzBPerDao53hSXhNzB7Ev8DbGYh+gVkuku1FaUZGBpiwD/6U3ah4sny8NoRiObGQ1geF4dhNLtlRbC/Q==",
+            "version": "2.0.0",
+            "resolved": "https://registry.npmjs.org/@goauthentik/prettier-config/-/prettier-config-2.0.0.tgz",
+            "integrity": "sha512-W+PAea+pH511lC4omoyeNGkFS+/AytrCMdtN7dIUJhaufMppYHLagyvurhyb5mUCg/j4DphCcunguj6dkiRVRw==",
             "dev": true,
             "license": "MIT",
             "engines": {
@@ -4685,6 +4685,12 @@
             "dev": true,
             "license": "MIT"
         },
+        "node_modules/@simplewebauthn/types": {
+            "version": "11.0.0",
+            "resolved": "https://registry.npmjs.org/@simplewebauthn/types/-/types-11.0.0.tgz",
+            "integrity": "sha512-b2o0wC5u2rWts31dTgBkAtSNKGX0cvL6h8QedNsKmj8O4QoLFQFR3DBVBUlpyVEhYKA+mXGUaXbcOc4JdQ3HzA==",
+            "license": "MIT"
+        },
         "node_modules/@sinclair/typebox": {
             "version": "0.27.8",
             "resolved": "https://registry.npmjs.org/@sinclair/typebox/-/typebox-0.27.8.tgz",
@@ -7278,6 +7284,12 @@
             "resolved": "https://registry.npmjs.org/@types/trusted-types/-/trusted-types-2.0.7.tgz",
             "integrity": "sha512-ScaPdn1dQczgbl0QFTeTOmVHFULt394XJgOQNoyVhZ6r2vLnMLJfBPd53SB52T/3G36VI1/g2MZaX0cwDuXsfw=="
         },
+        "node_modules/@types/ua-parser-js": {
+            "version": "0.7.39",
+            "resolved": "https://registry.npmjs.org/@types/ua-parser-js/-/ua-parser-js-0.7.39.tgz",
+            "integrity": "sha512-P/oDfpofrdtF5xw433SPALpdSchtJmY7nsJItf8h3KXqOslkbySh8zq4dSWXH2oTjRvJ5PczVEoCZPow6GicLg==",
+            "license": "MIT"
+        },
         "node_modules/@types/unist": {
             "version": "3.0.3",
             "resolved": "https://registry.npmjs.org/@types/unist/-/unist-3.0.3.tgz",
@@ -12193,8 +12205,7 @@
         "node_modules/compare-versions": {
             "version": "6.1.1",
             "resolved": "https://registry.npmjs.org/compare-versions/-/compare-versions-6.1.1.tgz",
-            "integrity": "sha512-4hm4VPpIecmlg59CHXnRDnqGplJFrbLG4aFEl5vl6cK1u76ws3LLvX7ikFnTDl5vo39sjWD6AaDPYodJp/NNHg==",
-            "dev": true
+            "integrity": "sha512-4hm4VPpIecmlg59CHXnRDnqGplJFrbLG4aFEl5vl6cK1u76ws3LLvX7ikFnTDl5vo39sjWD6AaDPYodJp/NNHg=="
         },
         "node_modules/compatx": {
             "version": "0.1.8",
@@ -27117,6 +27128,32 @@
                 "node": ">=8"
             }
         },
+        "node_modules/ua-parser-js": {
+            "version": "1.0.40",
+            "resolved": "https://registry.npmjs.org/ua-parser-js/-/ua-parser-js-1.0.40.tgz",
+            "integrity": "sha512-z6PJ8Lml+v3ichVojCiB8toQJBuwR42ySM4ezjXIqXK3M0HczmKQ3LF4rhU55PfD99KEEXQG6yb7iOMyvYuHew==",
+            "funding": [
+                {
+                    "type": "opencollective",
+                    "url": "https://opencollective.com/ua-parser-js"
+                },
+                {
+                    "type": "paypal",
+                    "url": "https://paypal.me/faisalman"
+                },
+                {
+                    "type": "github",
+                    "url": "https://github.com/sponsors/faisalman"
+                }
+            ],
+            "license": "MIT",
+            "bin": {
+                "ua-parser-js": "script/cli.js"
+            },
+            "engines": {
+                "node": "*"
+            }
+        },
         "node_modules/uc.micro": {
             "version": "2.1.0",
             "resolved": "https://registry.npmjs.org/uc.micro/-/uc.micro-2.1.0.tgz",
@@ -28460,6 +28497,18 @@
             "license": "MIT",
             "optional": true
         },
+        "node_modules/webauthn-polyfills": {
+            "version": "0.1.7",
+            "resolved": "https://registry.npmjs.org/webauthn-polyfills/-/webauthn-polyfills-0.1.7.tgz",
+            "integrity": "sha512-tOA5KPHhN8j8EBA9I90bYmsEc6CAKd1SbWJzmVn0hmTfvfiNJLGGzRPlSW4fKiQPm8BC6doPQC0CnaQdhxsL3Q==",
+            "license": "Apache-2.0",
+            "dependencies": {
+                "@simplewebauthn/types": "^11.0.0",
+                "@types/ua-parser-js": "^0.7.39",
+                "compare-versions": "^6.1.1",
+                "ua-parser-js": "^1.0.39"
+            }
+        },
         "node_modules/webcomponent-qr-code": {
             "version": "1.2.0",
             "resolved": "https://registry.npmjs.org/webcomponent-qr-code/-/webcomponent-qr-code-1.2.0.tgz",
@@ -29363,7 +29412,7 @@
             "version": "1.0.0",
             "license": "MIT",
             "devDependencies": {
-                "@goauthentik/prettier-config": "^1.0.5",
+                "@goauthentik/prettier-config": "^2.0.0",
                 "@goauthentik/tsconfig": "^1.0.4",
                 "@types/node": "^22.15.21",
                 "prettier": "^3.3.3",
@@ -29398,7 +29447,7 @@
                 "find-free-ports": "^3.1.1"
             },
             "devDependencies": {
-                "@goauthentik/prettier-config": "^1.0.5",
+                "@goauthentik/prettier-config": "^2.0.0",
                 "@goauthentik/tsconfig": "^1.0.4",
                 "@trivago/prettier-plugin-sort-imports": "^5.2.2",
                 "@types/node": "^22.15.21",
@@ -29455,11 +29504,11 @@
             "license": "MIT",
             "dependencies": {
                 "@goauthentik/api": "^2024.6.0-1719577139",
-                "base64-js": "^1.5.1",
                 "bootstrap": "^4.6.1",
                 "formdata-polyfill": "^4.0.10",
                 "jquery": "^3.7.1",
-                "weakmap-polyfill": "^2.0.4"
+                "weakmap-polyfill": "^2.0.4",
+                "webauthn-polyfills": "^0.1.7"
             },
             "devDependencies": {
                 "@goauthentik/core": "^1.0.0",

web/package.json

@@ -105,7 +105,6 @@
         "@sentry/browser": "^9.28.1",
         "@spotlightjs/spotlight": "^3.0.0",
         "@webcomponents/webcomponentsjs": "^2.8.0",
-        "base64-js": "^1.5.1",
         "change-case": "^5.4.4",
         "chart.js": "^4.4.9",
         "chartjs-adapter-date-fns": "^3.0.0",
@@ -137,6 +136,7 @@
         "trusted-types": "^2.0.0",
         "ts-pattern": "^5.7.1",
         "unist-util-visit": "^5.0.0",
+        "webauthn-polyfills": "^0.1.7",
         "webcomponent-qr-code": "^1.2.0",
         "yaml": "^2.8.0"
     },
@@ -145,7 +145,7 @@
         "@goauthentik/core": "^1.0.0",
         "@goauthentik/esbuild-plugin-live-reload": "^1.0.4",
         "@goauthentik/eslint-config": "^1.0.5",
-        "@goauthentik/prettier-config": "^1.0.5",
+        "@goauthentik/prettier-config": "^2.0.0",
         "@goauthentik/tsconfig": "^1.0.4",
         "@hcaptcha/types": "^1.0.4",
         "@lit/localize-tools": "^0.8.0",

web/packages/core/package.json

@@ -45,7 +45,7 @@
         }
     },
     "devDependencies": {
-        "@goauthentik/prettier-config": "^1.0.5",
+        "@goauthentik/prettier-config": "^2.0.0",
         "@goauthentik/tsconfig": "^1.0.4",
         "@types/node": "^22.15.21",
         "prettier": "^3.3.3",

web/packages/core/version/node.js

@@ -4,6 +4,7 @@
  * @runtime node
  */
 import { MonoRepoRoot } from "#paths/node";
+
 import { execSync } from "node:child_process";
 
 import PackageJSON from "../../../../package.json" with { type: "json" };

web/packages/esbuild-plugin-live-reload/.github/README.md

@@ -12,6 +12,7 @@ yarn add -D @goauthentik/esbuild-plugin-live-reload
 
 ```js
 import { liveReloadPlugin } from "@goauthentik/esbuild-plugin-live-reload";
+
 import esbuild from "esbuild";
 
 const NodeEnvironment = process.env.NODE_ENV || "development";

web/packages/esbuild-plugin-live-reload/package-lock.json

@@ -12,11 +12,11 @@
                 "find-free-ports": "^3.1.1"
             },
             "devDependencies": {
-                "@goauthentik/prettier-config": "^1.0.5",
+                "@goauthentik/prettier-config": "^2.0.0",
                 "@goauthentik/tsconfig": "^1.0.4",
                 "@trivago/prettier-plugin-sort-imports": "^5.2.2",
                 "@types/node": "^22.15.21",
-                "esbuild": "^0.25.4",
+                "esbuild": "^0.25.5",
                 "prettier": "^3.5.3",
                 "prettier-plugin-packagejson": "^2.5.14",
                 "typedoc": "^0.28.5",
@@ -27,7 +27,7 @@
                 "node": ">=22"
             },
             "peerDependencies": {
-                "esbuild": "^0.25.4"
+                "esbuild": "^0.25.5"
             }
         },
         "node_modules/@babel/code-frame": {
@@ -586,9 +586,9 @@
             }
         },
         "node_modules/@goauthentik/prettier-config": {
-            "version": "1.0.5",
-            "resolved": "https://registry.npmjs.org/@goauthentik/prettier-config/-/prettier-config-1.0.5.tgz",
-            "integrity": "sha512-3W1uJvhzBPerDao53hSXhNzB7Ev8DbGYh+gVkuku1FaUZGBpiwD/6U3ah4sny8NoRiObGQ1geF4dhNLtlRbC/Q==",
+            "version": "2.0.0",
+            "resolved": "https://registry.npmjs.org/@goauthentik/prettier-config/-/prettier-config-2.0.0.tgz",
+            "integrity": "sha512-W+PAea+pH511lC4omoyeNGkFS+/AytrCMdtN7dIUJhaufMppYHLagyvurhyb5mUCg/j4DphCcunguj6dkiRVRw==",
             "dev": true,
             "license": "MIT",
             "engines": {

web/packages/esbuild-plugin-live-reload/package.json

@@ -31,7 +31,7 @@
         "find-free-ports": "^3.1.1"
     },
     "devDependencies": {
-        "@goauthentik/prettier-config": "^1.0.5",
+        "@goauthentik/prettier-config": "^2.0.0",
         "@goauthentik/tsconfig": "^1.0.4",
         "@trivago/prettier-plugin-sort-imports": "^5.2.2",
         "@types/node": "^22.15.21",

web/packages/sfe/package.json

@@ -11,11 +11,11 @@
     },
     "dependencies": {
         "@goauthentik/api": "^2024.6.0-1719577139",
-        "base64-js": "^1.5.1",
         "bootstrap": "^4.6.1",
         "formdata-polyfill": "^4.0.10",
         "jquery": "^3.7.1",
-        "weakmap-polyfill": "^2.0.4"
+        "weakmap-polyfill": "^2.0.4",
+        "webauthn-polyfills": "^0.1.7"
     },
     "devDependencies": {
         "@goauthentik/core": "^1.0.0",

web/packages/sfe/src/index.ts

@@ -1,7 +1,9 @@
-import { fromByteArray } from "base64-js";
 import "formdata-polyfill";
+
 import $ from "jquery";
+
 import "weakmap-polyfill";
+import "webauthn-polyfills";
 
 import {
     type AuthenticatorValidationChallenge,
@@ -257,47 +259,9 @@ class AutosubmitStage extends Stage<AutosubmitChallenge> {
     }
 }
 
-export interface Assertion {
-    id: string;
-    rawId: string;
-    type: string;
-    registrationClientExtensions: string;
-    response: {
-        clientDataJSON: string;
-        attestationObject: string;
-    };
-}
-
-export interface AuthAssertion {
-    id: string;
-    rawId: string;
-    type: string;
-    assertionClientExtensions: string;
-    response: {
-        clientDataJSON: string;
-        authenticatorData: string;
-        signature: string;
-        userHandle: string | null;
-    };
-}
-
 class AuthenticatorValidateStage extends Stage<AuthenticatorValidationChallenge> {
     deviceChallenge?: DeviceChallenge;
 
-    b64enc(buf: Uint8Array): string {
-        return fromByteArray(buf).replace(/\+/g, "-").replace(/\//g, "_").replace(/=/g, "");
-    }
-
-    b64RawEnc(buf: Uint8Array): string {
-        return fromByteArray(buf).replace(/\+/g, "-").replace(/\//g, "_");
-    }
-
-    u8arr(input: string): Uint8Array {
-        return Uint8Array.from(atob(input.replace(/_/g, "/").replace(/-/g, "+")), (c) =>
-            c.charCodeAt(0),
-        );
-    }
-
     checkWebAuthnSupport(): boolean {
         if ("credentials" in navigator) {
             return true;
@@ -310,98 +274,6 @@ class AuthenticatorValidateStage extends Stage<AuthenticatorValidationChallenge>
         return false;
     }
 
-    /**
-     * Transforms items in the credentialCreateOptions generated on the server
-     * into byte arrays expected by the navigator.credentials.create() call
-     */
-    transformCredentialCreateOptions(
-        credentialCreateOptions: PublicKeyCredentialCreationOptions,
-        userId: string,
-    ): PublicKeyCredentialCreationOptions {
-        const user = credentialCreateOptions.user;
-        // Because json can't contain raw bytes, the server base64-encodes the User ID
-        // So to get the base64 encoded byte array, we first need to convert it to a regular
-        // string, then a byte array, re-encode it and wrap that in an array.
-        const stringId = decodeURIComponent(window.atob(userId));
-        user.id = this.u8arr(this.b64enc(this.u8arr(stringId)));
-        const challenge = this.u8arr(credentialCreateOptions.challenge.toString());
-
-        return Object.assign({}, credentialCreateOptions, {
-            challenge,
-            user,
-        });
-    }
-
-    /**
-     * Transforms the binary data in the credential into base64 strings
-     * for posting to the server.
-     * @param {PublicKeyCredential} newAssertion
-     */
-    transformNewAssertionForServer(newAssertion: PublicKeyCredential): Assertion {
-        const attObj = new Uint8Array(
-            (newAssertion.response as AuthenticatorAttestationResponse).attestationObject,
-        );
-        const clientDataJSON = new Uint8Array(newAssertion.response.clientDataJSON);
-        const rawId = new Uint8Array(newAssertion.rawId);
-
-        const registrationClientExtensions = newAssertion.getClientExtensionResults();
-        return {
-            id: newAssertion.id,
-            rawId: this.b64enc(rawId),
-            type: newAssertion.type,
-            registrationClientExtensions: JSON.stringify(registrationClientExtensions),
-            response: {
-                clientDataJSON: this.b64enc(clientDataJSON),
-                attestationObject: this.b64enc(attObj),
-            },
-        };
-    }
-
-    transformCredentialRequestOptions(
-        credentialRequestOptions: PublicKeyCredentialRequestOptions,
-    ): PublicKeyCredentialRequestOptions {
-        const challenge = this.u8arr(credentialRequestOptions.challenge.toString());
-
-        const allowCredentials = (credentialRequestOptions.allowCredentials || []).map(
-            (credentialDescriptor) => {
-                const id = this.u8arr(credentialDescriptor.id.toString());
-                return Object.assign({}, credentialDescriptor, { id });
-            },
-        );
-
-        return Object.assign({}, credentialRequestOptions, {
-            challenge,
-            allowCredentials,
-        });
-    }
-
-    /**
-     * Encodes the binary data in the assertion into strings for posting to the server.
-     * @param {PublicKeyCredential} newAssertion
-     */
-    transformAssertionForServer(newAssertion: PublicKeyCredential): AuthAssertion {
-        const response = newAssertion.response as AuthenticatorAssertionResponse;
-        const authData = new Uint8Array(response.authenticatorData);
-        const clientDataJSON = new Uint8Array(response.clientDataJSON);
-        const rawId = new Uint8Array(newAssertion.rawId);
-        const sig = new Uint8Array(response.signature);
-        const assertionClientExtensions = newAssertion.getClientExtensionResults();
-
-        return {
-            id: newAssertion.id,
-            rawId: this.b64enc(rawId),
-            type: newAssertion.type,
-            assertionClientExtensions: JSON.stringify(assertionClientExtensions),
-
-            response: {
-                clientDataJSON: this.b64RawEnc(clientDataJSON),
-                signature: this.b64RawEnc(sig),
-                authenticatorData: this.b64RawEnc(authData),
-                userHandle: null,
-            },
-        };
-    }
-
     render() {
         if (this.challenge.deviceChallenges.length === 1) {
             this.deviceChallenge = this.challenge.deviceChallenges[0];
@@ -505,8 +377,8 @@ class AuthenticatorValidateStage extends Stage<AuthenticatorValidationChallenge>
             `);
         navigator.credentials
             .get({
-                publicKey: this.transformCredentialRequestOptions(
-                    this.deviceChallenge?.challenge as PublicKeyCredentialRequestOptions,
+                publicKey: PublicKeyCredential.parseRequestOptionsFromJSON(
+                    this.deviceChallenge?.challenge as PublicKeyCredentialRequestOptionsJSON,
                 ),
             })
             .then((assertion) => {
@@ -514,15 +386,9 @@ class AuthenticatorValidateStage extends Stage<AuthenticatorValidationChallenge>
                     throw new Error("No assertion");
                 }
                 try {
-                    // we now have an authentication assertion! encode the byte arrays contained
-                    // in the assertion data as strings for posting to the server
-                    const transformedAssertionForServer = this.transformAssertionForServer(
-                        assertion as PublicKeyCredential,
-                    );
-
                     // post the assertion to the server for verification.
                     this.executor.submit({
-                        webauthn: transformedAssertionForServer,
+                        webauthn: (assertion as PublicKeyCredential).toJSON(),
                     });
                 } catch (err) {
                     throw new Error(`Error when validating assertion on server: ${err}`);

web/paths/node.js

@@ -4,6 +4,7 @@
  * @runtime node
  */
 import { DistDirectoryName } from "#paths";
+
 import { dirname, resolve } from "node:path";
 import { fileURLToPath } from "node:url";
 

web/scripts/build-locales.mjs

@@ -13,6 +13,7 @@
  * @import { Stats } from "fs";
  */
 import { PackageRoot } from "#paths/node";
+
 import { spawnSync } from "node:child_process";
 import { readFileSync, statSync } from "node:fs";
 import path from "node:path";

web/scripts/build-web.mjs

@@ -7,9 +7,11 @@
 import { mdxPlugin } from "#bundler/mdx-plugin/node";
 import { createBundleDefinitions } from "#bundler/utils/node";
 import { DistDirectory, EntryPoint, PackageRoot } from "#paths/node";
+
 import { NodeEnvironment } from "@goauthentik/core/environment/node";
 import { MonoRepoRoot, resolvePackage } from "@goauthentik/core/paths/node";
 import { readBuildIdentifier } from "@goauthentik/core/version/node";
+
 import { deepmerge } from "deepmerge-ts";
 import esbuild from "esbuild";
 import copy from "esbuild-plugin-copy";

web/scripts/pseudolocalize.mjs

@@ -7,6 +7,7 @@
  * @import { Locale } from "@lit/localize-tools/src/types/locale.js"
  */
 import { PackageRoot } from "#paths/node";
+
 import { readFileSync } from "node:fs";
 import path from "node:path";
 import pseudolocale from "pseudolocale";

web/src/admin/AdminInterface/AboutModal.ts

@@ -1,10 +1,15 @@
-import { WithBrandConfig } from "#elements/mixins/branding";
-import { WithLicenseSummary } from "#elements/mixins/license";
 import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
 import { globalAK } from "@goauthentik/common/global";
+
+import { WithBrandConfig } from "#elements/mixins/branding";
+import { WithLicenseSummary } from "#elements/mixins/license";
+
 import "@goauthentik/elements/EmptyState";
+
 import { ModalButton } from "@goauthentik/elements/buttons/ModalButton";
 
+import { AdminApi, CapabilitiesEnum, LicenseSummaryStatusEnum } from "@goauthentik/api";
+
 import { msg } from "@lit/localize";
 import { TemplateResult, css, html } from "lit";
 import { customElement } from "lit/decorators.js";
@@ -12,8 +17,6 @@ import { until } from "lit/directives/until.js";
 
 import PFAbout from "@patternfly/patternfly/components/AboutModalBox/about-modal-box.css";
 
-import { AdminApi, CapabilitiesEnum, LicenseSummaryStatusEnum } from "@goauthentik/api";
-
 @customElement("ak-about-modal")
 export class AboutModal extends WithLicenseSummary(WithBrandConfig(ModalButton)) {
     static get styles() {

web/src/admin/AdminInterface/AdminSidebar.ts

@@ -1,4 +1,5 @@
 import { ID_REGEX, SLUG_REGEX, UUID_REGEX } from "@goauthentik/elements/router/Route";
+
 import { spread } from "@open-wc/lit-helpers";
 
 import { msg } from "@lit/localize";

web/src/admin/AdminInterface/index.entrypoint.ts

@@ -1,12 +1,17 @@
 import "#admin/AdminInterface/AboutModal";
-import type { AboutModal } from "#admin/AdminInterface/AboutModal";
-import { ROUTES } from "#admin/Routes";
+
 import { EVENT_API_DRAWER_TOGGLE, EVENT_NOTIFICATION_DRAWER_TOGGLE } from "#common/constants";
 import { configureSentry } from "#common/sentry/index";
 import { me } from "#common/users";
 import { WebsocketClient } from "#common/ws";
-import { SidebarToggleEventDetail } from "#components/ak-page-header";
+
 import { AuthenticatedInterface } from "#elements/AuthenticatedInterface";
+
+import { SidebarToggleEventDetail } from "#components/ak-page-header";
+
+import type { AboutModal } from "#admin/AdminInterface/AboutModal";
+import { ROUTES } from "#admin/Routes";
+
 import "#elements/ak-locale-context/ak-locale-context";
 import "#elements/banner/EnterpriseStatusBanner";
 import "#elements/banner/EnterpriseStatusBanner";
@@ -14,14 +19,20 @@ import "#elements/banner/VersionBanner";
 import "#elements/banner/VersionBanner";
 import "#elements/messages/MessageContainer";
 import "#elements/messages/MessageContainer";
+
 import { WithCapabilitiesConfig } from "#elements/mixins/capabilities";
+
 import "#elements/notifications/APIDrawer";
 import "#elements/notifications/NotificationDrawer";
+
 import { getURLParam, updateURLParams } from "#elements/router/RouteMatch";
+
 import "#elements/router/RouterOutlet";
 import "#elements/sidebar/Sidebar";
 import "#elements/sidebar/SidebarItem";
 
+import { CapabilitiesEnum, SessionUser, UiThemeEnum } from "@goauthentik/api";
+
 import { CSSResult, TemplateResult, css, html, nothing } from "lit";
 import { customElement, eventOptions, property, query } from "lit/decorators.js";
 import { classMap } from "lit/directives/class-map.js";
@@ -32,8 +43,6 @@ import PFNav from "@patternfly/patternfly/components/Nav/nav.css";
 import PFPage from "@patternfly/patternfly/components/Page/page.css";
 import PFBase from "@patternfly/patternfly/patternfly-base.css";
 
-import { CapabilitiesEnum, SessionUser, UiThemeEnum } from "@goauthentik/api";
-
 import {
     AdminSidebarEnterpriseEntries,
     AdminSidebarEntries,

web/src/admin/DebugPage.ts

@@ -1,9 +1,14 @@
 import { DEFAULT_CONFIG } from "#common/api/config";
 import { parseAPIResponseError, pluckErrorDetail } from "#common/errors/network";
 import { MessageLevel } from "#common/messages";
+
 import "#components/ak-page-header";
+
 import { AKElement } from "#elements/Base";
 import { showMessage } from "#elements/messages/MessageContainer";
+
+import { AdminApi } from "@goauthentik/api";
+
 import * as Sentry from "@sentry/browser";
 
 import { CSSResult, TemplateResult, html } from "lit";
@@ -15,8 +20,6 @@ import PFPage from "@patternfly/patternfly/components/Page/page.css";
 import PFGrid from "@patternfly/patternfly/layouts/Grid/grid.css";
 import PFBase from "@patternfly/patternfly/patternfly-base.css";
 
-import { AdminApi } from "@goauthentik/api";
-
 @customElement("ak-admin-debug-page")
 export class DebugPage extends AKElement {
     static get styles(): CSSResult[] {

web/src/admin/Routes.ts

@@ -1,4 +1,5 @@
 import "@goauthentik/admin/admin-overview/AdminOverviewPage";
+
 import { ID_REGEX, Route, SLUG_REGEX, UUID_REGEX } from "@goauthentik/elements/router/Route";
 
 import { html } from "lit";

web/src/admin/admin-overview/AdminOverviewPage.ts

@@ -8,14 +8,23 @@ import "#admin/admin-overview/cards/WorkerStatusCard";
 import "#admin/admin-overview/charts/AdminLoginAuthorizeChart";
 import "#admin/admin-overview/charts/OutpostStatusChart";
 import "#admin/admin-overview/charts/SyncStatusChart";
+
 import { me } from "#common/users";
+
 import "#components/ak-page-header";
+
 import { AKElement } from "#elements/Base";
+
 import "#elements/cards/AggregatePromiseCard";
+
 import type { QuickAction } from "#elements/cards/QuickActionsCard";
+
 import "#elements/cards/QuickActionsCard";
+
 import { WithLicenseSummary } from "#elements/mixins/license";
 import { paramURL } from "#elements/router/RouterOutlet";
+
+import { SessionUser } from "@goauthentik/api";
 import { createReleaseNotesURL } from "@goauthentik/core/version";
 
 import { msg, str } from "@lit/localize";
@@ -29,8 +38,6 @@ import PFPage from "@patternfly/patternfly/components/Page/page.css";
 import PFGrid from "@patternfly/patternfly/layouts/Grid/grid.css";
 import PFBase from "@patternfly/patternfly/patternfly-base.css";
 
-import { SessionUser } from "@goauthentik/api";
-
 const AdminOverviewBase = WithLicenseSummary(AKElement);
 
 @customElement("ak-admin-overview")

web/src/admin/admin-overview/DashboardUserPage.ts

@@ -1,8 +1,12 @@
 import "#admin/admin-overview/charts/AdminModelPerDay";
 import "#components/ak-page-header";
+
 import { AKElement } from "#elements/Base";
+
 import "#elements/cards/AggregatePromiseCard";
 
+import { EventActions, EventsEventsVolumeListRequest } from "@goauthentik/api";
+
 import { msg } from "@lit/localize";
 import { CSSResult, TemplateResult, css, html } from "lit";
 import { customElement } from "lit/decorators.js";
@@ -13,8 +17,6 @@ import PFList from "@patternfly/patternfly/components/List/list.css";
 import PFPage from "@patternfly/patternfly/components/Page/page.css";
 import PFGrid from "@patternfly/patternfly/layouts/Grid/grid.css";
 
-import { EventActions, EventsEventsVolumeListRequest } from "@goauthentik/api";
-
 @customElement("ak-admin-dashboard-users")
 export class DashboardUserPage extends AKElement {
     static get styles(): CSSResult[] {

web/src/admin/admin-overview/TopApplicationsTable.ts

@@ -1,15 +1,17 @@
 import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
+
 import { AKElement } from "@goauthentik/elements/Base";
+
 import "@goauthentik/elements/Spinner";
 
+import { EventTopPerUser, EventsApi } from "@goauthentik/api";
+
 import { msg } from "@lit/localize";
 import { CSSResult, TemplateResult, html } from "lit";
 import { customElement, property } from "lit/decorators.js";
 
 import PFTable from "@patternfly/patternfly/components/Table/table.css";
 
-import { EventTopPerUser, EventsApi } from "@goauthentik/api";
-
 @customElement("ak-top-applications-table")
 export class TopApplicationsTable extends AKElement {
     @property({ attribute: false })

web/src/admin/admin-overview/cards/AdminStatusCard.ts

@@ -5,6 +5,7 @@ import {
     parseAPIResponseError,
     pluckErrorDetail,
 } from "@goauthentik/common/errors/network";
+
 import { AggregateCard } from "@goauthentik/elements/cards/AggregateCard";
 
 import { msg } from "@lit/localize";

web/src/admin/admin-overview/cards/FipsStatusCard.ts

@@ -1,15 +1,16 @@
+import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
+
 import {
     AdminStatus,
     AdminStatusCard,
 } from "@goauthentik/admin/admin-overview/cards/AdminStatusCard";
-import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
+
+import { AdminApi, SystemInfo } from "@goauthentik/api";
 
 import { msg } from "@lit/localize";
 import { TemplateResult, html } from "lit";
 import { customElement, state } from "lit/decorators.js";
 
-import { AdminApi, SystemInfo } from "@goauthentik/api";
-
 type StatusContent = { icon: string; message: TemplateResult };
 
 @customElement("ak-admin-fips-status-system")

web/src/admin/admin-overview/cards/RecentEventsCard.ts

@@ -1,25 +1,28 @@
-import { EventGeo, EventUser } from "@goauthentik/admin/events/utils";
 import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
 import { EventWithContext } from "@goauthentik/common/events";
 import { actionToLabel } from "@goauthentik/common/labels";
 import { formatElapsedTime } from "@goauthentik/common/temporal";
+
+import { EventGeo, EventUser } from "@goauthentik/admin/events/utils";
+
 import "@goauthentik/components/ak-event-info";
 import "@goauthentik/elements/Tabs";
 import "@goauthentik/elements/buttons/Dropdown";
 import "@goauthentik/elements/buttons/ModalButton";
 import "@goauthentik/elements/buttons/SpinnerButton";
+
 import { PaginatedResponse } from "@goauthentik/elements/table/Table";
 import { Table, TableColumn } from "@goauthentik/elements/table/Table";
 import { SlottedTemplateResult } from "@goauthentik/elements/types";
 
+import { Event, EventsApi } from "@goauthentik/api";
+
 import { msg } from "@lit/localize";
 import { CSSResult, TemplateResult, css, html } from "lit";
 import { customElement, property } from "lit/decorators.js";
 
 import PFCard from "@patternfly/patternfly/components/Card/card.css";
 
-import { Event, EventsApi } from "@goauthentik/api";
-
 @customElement("ak-recent-events")
 export class RecentEventsCard extends Table<Event> {
     @property()

web/src/admin/admin-overview/cards/SystemStatusCard.ts

@@ -1,15 +1,16 @@
+import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
+
 import {
     AdminStatus,
     AdminStatusCard,
 } from "@goauthentik/admin/admin-overview/cards/AdminStatusCard";
-import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
+
+import { AdminApi, OutpostsApi, SystemInfo } from "@goauthentik/api";
 
 import { msg } from "@lit/localize";
 import { TemplateResult, html } from "lit";
 import { customElement, state } from "lit/decorators.js";
 
-import { AdminApi, OutpostsApi, SystemInfo } from "@goauthentik/api";
-
 @customElement("ak-admin-status-system")
 export class SystemStatusCard extends AdminStatusCard<SystemInfo> {
     now?: Date;

web/src/admin/admin-overview/cards/VersionStatusCard.ts

@@ -1,15 +1,16 @@
+import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
+
 import {
     AdminStatus,
     AdminStatusCard,
 } from "@goauthentik/admin/admin-overview/cards/AdminStatusCard";
-import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
+
+import { AdminApi, Version } from "@goauthentik/api";
 
 import { msg, str } from "@lit/localize";
 import { TemplateResult, html } from "lit";
 import { customElement } from "lit/decorators.js";
 
-import { AdminApi, Version } from "@goauthentik/api";
-
 @customElement("ak-admin-status-version")
 export class VersionStatusCard extends AdminStatusCard<Version> {
     icon = "pf-icon pf-icon-bundle";

web/src/admin/admin-overview/cards/WorkerStatusCard.ts

@@ -1,15 +1,16 @@
+import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
+
 import {
     AdminStatus,
     AdminStatusCard,
 } from "@goauthentik/admin/admin-overview/cards/AdminStatusCard";
-import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
+
+import { AdminApi, Worker } from "@goauthentik/api";
 
 import { msg } from "@lit/localize";
 import { TemplateResult, html } from "lit";
 import { customElement } from "lit/decorators.js";
 
-import { AdminApi, Worker } from "@goauthentik/api";
-
 @customElement("ak-admin-status-card-workers")
 export class WorkersStatusCard extends AdminStatusCard<Worker[]> {
     icon = "pf-icon pf-icon-server";

web/src/admin/admin-overview/charts/AdminLoginAuthorizeChart.ts

@@ -1,12 +1,14 @@
-import { EventChart } from "#elements/charts/EventChart";
 import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
+
+import { EventChart } from "#elements/charts/EventChart";
+
+import { EventActions, EventVolume, EventsApi } from "@goauthentik/api";
+
 import { ChartData, ChartDataset } from "chart.js";
 
 import { msg } from "@lit/localize";
 import { customElement } from "lit/decorators.js";
 
-import { EventActions, EventVolume, EventsApi } from "@goauthentik/api";
-
 @customElement("ak-charts-admin-login-authorization")
 export class AdminLoginAuthorizeChart extends EventChart {
     async apiRequest(): Promise<EventVolume[]> {

web/src/admin/admin-overview/charts/AdminModelPerDay.ts

@@ -1,9 +1,6 @@
-import { EventChart } from "#elements/charts/EventChart";
 import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
-import { ChartData } from "chart.js";
 
-import { msg } from "@lit/localize";
-import { customElement, property } from "lit/decorators.js";
+import { EventChart } from "#elements/charts/EventChart";
 
 import {
     EventActions,
@@ -12,6 +9,11 @@ import {
     EventsEventsVolumeListRequest,
 } from "@goauthentik/api";
 
+import { ChartData } from "chart.js";
+
+import { msg } from "@lit/localize";
+import { customElement, property } from "lit/decorators.js";
+
 @customElement("ak-charts-admin-model-per-day")
 export class AdminModelPerDay extends EventChart {
     @property()

web/src/admin/admin-overview/charts/OutpostStatusChart.ts

@@ -1,15 +1,19 @@
-import { actionToColor } from "#elements/charts/EventChart";
-import { SummarizedSyncStatus } from "@goauthentik/admin/admin-overview/charts/SyncStatusChart";
 import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
+
+import { actionToColor } from "#elements/charts/EventChart";
 import { AKChart } from "@goauthentik/elements/charts/Chart";
+
+import { SummarizedSyncStatus } from "@goauthentik/admin/admin-overview/charts/SyncStatusChart";
+
 import "@goauthentik/elements/forms/ConfirmationForm";
+
+import { EventActions, OutpostsApi } from "@goauthentik/api";
+
 import { ChartData, ChartOptions } from "chart.js";
 
 import { msg } from "@lit/localize";
 import { customElement } from "lit/decorators.js";
 
-import { EventActions, OutpostsApi } from "@goauthentik/api";
-
 @customElement("ak-admin-status-chart-outpost")
 export class OutpostStatusChart extends AKChart<SummarizedSyncStatus[]> {
     getChartType(): string {

web/src/admin/admin-overview/charts/SyncStatusChart.ts

@@ -1,12 +1,11 @@
-import { actionToColor } from "#elements/charts/EventChart";
 import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
-import { AKChart } from "@goauthentik/elements/charts/Chart";
-import "@goauthentik/elements/forms/ConfirmationForm";
-import { PaginatedResponse } from "@goauthentik/elements/table/Table";
-import { ChartData, ChartOptions } from "chart.js";
 
-import { msg } from "@lit/localize";
-import { customElement } from "lit/decorators.js";
+import { actionToColor } from "#elements/charts/EventChart";
+import { AKChart } from "@goauthentik/elements/charts/Chart";
+
+import "@goauthentik/elements/forms/ConfirmationForm";
+
+import { PaginatedResponse } from "@goauthentik/elements/table/Table";
 
 import {
     EventActions,
@@ -16,6 +15,11 @@ import {
     SystemTaskStatusEnum,
 } from "@goauthentik/api";
 
+import { ChartData, ChartOptions } from "chart.js";
+
+import { msg } from "@lit/localize";
+import { customElement } from "lit/decorators.js";
+
 export interface SummarizedSyncStatus {
     healthy: number;
     failed: number;

web/src/admin/admin-settings/AdminSettingsFooterLinks.ts

@@ -1,5 +1,8 @@
 import { AkControlElement } from "@goauthentik/elements/AkControlElement.js";
 import { type Spread } from "@goauthentik/elements/types";
+
+import { FooterLink } from "@goauthentik/api";
+
 import { spread } from "@open-wc/lit-helpers";
 
 import { msg } from "@lit/localize";
@@ -11,8 +14,6 @@ import PFFormControl from "@patternfly/patternfly/components/FormControl/form-co
 import PFInputGroup from "@patternfly/patternfly/components/InputGroup/input-group.css";
 import PFBase from "@patternfly/patternfly/patternfly-base.css";
 
-import { FooterLink } from "@goauthentik/api";
-
 export interface IFooterLinkInput {
     footerLink: FooterLink;
 }

web/src/admin/admin-settings/AdminSettingsForm.ts

@@ -1,15 +1,20 @@
 import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
+
 import "@goauthentik/components/ak-number-input";
 import "@goauthentik/components/ak-switch-input";
 import "@goauthentik/components/ak-text-input";
 import "@goauthentik/elements/ak-array-input.js";
+
 import { Form } from "@goauthentik/elements/forms/Form";
+
 import "@goauthentik/elements/forms/FormGroup";
 import "@goauthentik/elements/forms/HorizontalFormElement";
 import "@goauthentik/elements/forms/Radio";
 import "@goauthentik/elements/forms/SearchSelect";
 import "@goauthentik/elements/utils/TimeDeltaHelp";
 
+import { AdminApi, FooterLink, Settings, SettingsRequest } from "@goauthentik/api";
+
 import { msg } from "@lit/localize";
 import { CSSResult, TemplateResult, css, html } from "lit";
 import { customElement, property } from "lit/decorators.js";
@@ -17,9 +22,8 @@ import { ifDefined } from "lit/directives/if-defined.js";
 
 import PFList from "@patternfly/patternfly/components/List/list.css";
 
-import { AdminApi, FooterLink, Settings, SettingsRequest } from "@goauthentik/api";
-
 import "./AdminSettingsFooterLinks.js";
+
 import { IFooterLinkInput, akFooterLinkInput } from "./AdminSettingsFooterLinks.js";
 
 const DEFAULT_REPUTATION_LOWER_LIMIT = -5;

web/src/admin/admin-settings/AdminSettingsPage.ts

@@ -1,9 +1,14 @@
 import "#admin/admin-settings/AdminSettingsForm";
-import { AdminSettingsForm } from "#admin/admin-settings/AdminSettingsForm";
+
 import { DEFAULT_CONFIG } from "#common/api/config";
+
+import { AdminSettingsForm } from "#admin/admin-settings/AdminSettingsForm";
+
 import "#components/ak-page-header";
 import "#components/events/ObjectChangelog";
+
 import { AKElement } from "#elements/Base";
+
 import "#elements/CodeMirror";
 import "#elements/EmptyState";
 import "#elements/Tabs";
@@ -11,6 +16,8 @@ import "#elements/buttons/ModalButton";
 import "#elements/buttons/SpinnerButton/ak-spinner-button";
 import "#elements/forms/ModalForm";
 
+import { AdminApi, Settings } from "@goauthentik/api";
+
 import { msg } from "@lit/localize";
 import { html, nothing } from "lit";
 import { customElement, query, state } from "lit/decorators.js";
@@ -26,8 +33,6 @@ import PFPage from "@patternfly/patternfly/components/Page/page.css";
 import PFGrid from "@patternfly/patternfly/layouts/Grid/grid.css";
 import PFBase from "@patternfly/patternfly/patternfly-base.css";
 
-import { AdminApi, Settings } from "@goauthentik/api";
-
 @customElement("ak-admin-settings")
 export class AdminSettingsPage extends AKElement {
     static get styles() {

web/src/admin/admin-settings/stories/AdminSettingsFooterLinks.stories.ts

@@ -1,10 +1,12 @@
 import "@goauthentik/elements/messages/MessageContainer";
+
 import { Meta, StoryObj, WebComponentsRenderer } from "@storybook/web-components";
 import { DecoratorFunction } from "storybook/internal/types";
 
 import { html } from "lit";
 
 import { FooterLinkInput } from "../AdminSettingsFooterLinks.js";
+
 import "../AdminSettingsFooterLinks.js";
 
 // eslint-disable-next-line @typescript-eslint/no-explicit-any

web/src/admin/admin-settings/stories/AdminSettingsFooterLinks.test.ts

@@ -1,4 +1,5 @@
 import { render } from "@goauthentik/elements/tests/utils.js";
+
 import { $, expect } from "@wdio/globals";
 
 import { html } from "lit";

web/src/admin/applications/ApplicationAuthorizeChart.ts

@@ -1,12 +1,14 @@
-import { EventChart } from "#elements/charts/EventChart";
 import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
+
+import { EventChart } from "#elements/charts/EventChart";
+
+import { EventActions, EventVolume, EventsApi } from "@goauthentik/api";
+
 import { ChartData } from "chart.js";
 
 import { msg } from "@lit/localize";
 import { customElement, property } from "lit/decorators.js";
 
-import { EventActions, EventVolume, EventsApi } from "@goauthentik/api";
-
 @customElement("ak-charts-application-authorize")
 export class ApplicationAuthorizeChart extends EventChart {
     @property({ attribute: "application-id" })

web/src/admin/applications/ApplicationCheckAccessForm.ts

@@ -1,16 +1,13 @@
 import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
+
 import "@goauthentik/components/ak-status-label";
 import "@goauthentik/elements/events/LogViewer";
+
 import { Form } from "@goauthentik/elements/forms/Form";
+
 import "@goauthentik/elements/forms/HorizontalFormElement";
 import "@goauthentik/elements/forms/SearchSelect";
 
-import { msg } from "@lit/localize";
-import { CSSResult, TemplateResult, html } from "lit";
-import { customElement, property } from "lit/decorators.js";
-
-import PFDescriptionList from "@patternfly/patternfly/components/DescriptionList/description-list.css";
-
 import {
     Application,
     CoreApi,
@@ -19,6 +16,12 @@ import {
     User,
 } from "@goauthentik/api";
 
+import { msg } from "@lit/localize";
+import { CSSResult, TemplateResult, html } from "lit";
+import { customElement, property } from "lit/decorators.js";
+
+import PFDescriptionList from "@patternfly/patternfly/components/DescriptionList/description-list.css";
+
 @customElement("ak-application-check-access-form")
 export class ApplicationCheckAccessForm extends Form<{ forUser: number }> {
     @property({ attribute: false })

web/src/admin/applications/ApplicationForm.ts

@@ -1,8 +1,12 @@
 import { CapabilitiesEnum, WithCapabilitiesConfig } from "#elements/mixins/capabilities";
+
 import "@goauthentik/admin/applications/ProviderSelectModal";
+
+import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
+
 import { iconHelperText } from "@goauthentik/admin/helperText";
 import { policyEngineModes } from "@goauthentik/admin/policies/PolicyEngineModes";
-import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
+
 import "@goauthentik/components/ak-file-input";
 import "@goauthentik/components/ak-radio-input";
 import "@goauthentik/components/ak-switch-input";
@@ -12,19 +16,21 @@ import "@goauthentik/elements/Alert";
 import "@goauthentik/elements/forms/FormGroup";
 import "@goauthentik/elements/forms/HorizontalFormElement";
 import "@goauthentik/elements/forms/ModalForm";
+
 import { ModelForm } from "@goauthentik/elements/forms/ModelForm";
+
 import "@goauthentik/elements/forms/ProxyForm";
 import "@goauthentik/elements/forms/Radio";
 import "@goauthentik/elements/forms/SearchSelect/ak-search-select";
 import "@patternfly/elements/pf-tooltip/pf-tooltip.js";
 
+import { Application, CoreApi, Provider } from "@goauthentik/api";
+
 import { msg } from "@lit/localize";
 import { TemplateResult, html, nothing } from "lit";
 import { customElement, property, state } from "lit/decorators.js";
 import { ifDefined } from "lit/directives/if-defined.js";
 
-import { Application, CoreApi, Provider } from "@goauthentik/api";
-
 import "./components/ak-backchannel-input";
 import "./components/ak-provider-search-input";
 

web/src/admin/applications/ApplicationListPage.ts

@@ -1,16 +1,23 @@
 import "#admin/applications/ApplicationForm";
+
 import { DEFAULT_CONFIG } from "#common/api/config";
+
 import "#elements/AppIcon";
 import "#elements/ak-mdx/ak-mdx";
 import "#elements/buttons/SpinnerButton/ak-spinner-button";
 import "#elements/forms/DeleteBulkForm";
 import "#elements/forms/ModalForm";
+
 import { WithBrandConfig } from "#elements/mixins/branding";
 import { getURLParam } from "#elements/router/RouteMatch";
 import { PaginatedResponse } from "#elements/table/Table";
 import { TableColumn } from "#elements/table/Table";
 import { TablePage } from "#elements/table/TablePage";
+
 import "@patternfly/elements/pf-tooltip/pf-tooltip.js";
+
+import { Application, CoreApi, PoliciesApi } from "@goauthentik/api";
+
 import MDApplication from "~docs/add-secure-apps/applications/index.md";
 
 import { msg, str } from "@lit/localize";
@@ -20,8 +27,6 @@ import { ifDefined } from "lit/directives/if-defined.js";
 
 import PFCard from "@patternfly/patternfly/components/Card/card.css";
 
-import { Application, CoreApi, PoliciesApi } from "@goauthentik/api";
-
 import "./ApplicationWizardHint.js";
 
 export const applicationListStyle = css`

web/src/admin/applications/ApplicationViewPage.ts

@@ -4,16 +4,27 @@ import "#admin/applications/ApplicationForm";
 import "#admin/applications/entitlements/ApplicationEntitlementPage";
 import "#admin/policies/BoundPoliciesList";
 import "#admin/rbac/ObjectPermissionsPage";
+
 import { DEFAULT_CONFIG } from "#common/api/config";
 import { PFSize } from "#common/enums";
+
 import "#components/ak-page-header";
 import "#components/events/ObjectChangelog";
 import "#elements/AppIcon";
+
 import { AKElement } from "#elements/Base";
+
 import "#elements/EmptyState";
 import "#elements/Tabs";
 import "#elements/buttons/SpinnerButton/ak-spinner-button";
 
+import {
+    Application,
+    CoreApi,
+    OutpostsApi,
+    RbacPermissionsAssignedByUsersListModelEnum,
+} from "@goauthentik/api";
+
 import { msg } from "@lit/localize";
 import { CSSResult, PropertyValues, TemplateResult, html } from "lit";
 import { customElement, property, state } from "lit/decorators.js";
@@ -29,13 +40,6 @@ import PFPage from "@patternfly/patternfly/components/Page/page.css";
 import PFGrid from "@patternfly/patternfly/layouts/Grid/grid.css";
 import PFBase from "@patternfly/patternfly/patternfly-base.css";
 
-import {
-    Application,
-    CoreApi,
-    OutpostsApi,
-    RbacPermissionsAssignedByUsersListModelEnum,
-} from "@goauthentik/api";
-
 @customElement("ak-application-view")
 export class ApplicationViewPage extends AKElement {
     @property({ type: String })

web/src/admin/applications/ApplicationWizardHint.ts

@@ -1,13 +1,18 @@
 import "@goauthentik/admin/applications/wizard/ak-application-wizard";
+
 import {
     ShowHintController,
     ShowHintControllerHost,
 } from "@goauthentik/components/ak-hint/ShowHintController";
+
 import "@goauthentik/components/ak-hint/ak-hint";
 import "@goauthentik/components/ak-hint/ak-hint-body";
+
 import { AKElement } from "@goauthentik/elements/Base";
+
 import "@goauthentik/elements/Label";
 import "@goauthentik/elements/buttons/ActionButton/ak-action-button";
+
 import { getURLParam } from "@goauthentik/elements/router/RouteMatch";
 
 import { msg } from "@lit/localize";

web/src/admin/applications/ProviderSelectModal.ts

@@ -1,15 +1,17 @@
 import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
+
 import "@goauthentik/elements/buttons/SpinnerButton";
+
 import { PaginatedResponse } from "@goauthentik/elements/table/Table";
 import { TableColumn } from "@goauthentik/elements/table/Table";
 import { TableModal } from "@goauthentik/elements/table/TableModal";
 
+import { Provider, ProvidersApi } from "@goauthentik/api";
+
 import { msg } from "@lit/localize";
 import { TemplateResult, html } from "lit";
 import { customElement, property } from "lit/decorators.js";
 
-import { Provider, ProvidersApi } from "@goauthentik/api";
-
 @customElement("ak-provider-select-table")
 export class ProviderSelectModal extends TableModal<Provider> {
     checkbox = true;

web/src/admin/applications/components/ak-backchannel-input.ts

@@ -1,15 +1,17 @@
 import "@goauthentik/admin/applications/ProviderSelectModal";
+
 import { AKElement } from "@goauthentik/elements/Base";
+
 import "@goauthentik/elements/chips/Chip";
 import "@goauthentik/elements/chips/ChipGroup";
 
+import { Provider } from "@goauthentik/api";
+
 import { TemplateResult, html, nothing } from "lit";
 import { customElement, property } from "lit/decorators.js";
 import { ifDefined } from "lit/directives/if-defined.js";
 import { map } from "lit/directives/map.js";
 
-import { Provider } from "@goauthentik/api";
-
 @customElement("ak-backchannel-providers-input")
 export class AkBackchannelProvidersInput extends AKElement {
     // Render into the lightDOM. This effectively erases the shadowDOM nature of this component, but

web/src/admin/applications/components/ak-provider-search-input.ts

@@ -1,13 +1,15 @@
 import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
 import { groupBy } from "@goauthentik/common/utils";
+
 import { AKElement } from "@goauthentik/elements/Base";
+
 import "@goauthentik/elements/forms/SearchSelect";
 
+import { Provider, ProvidersAllListRequest, ProvidersApi } from "@goauthentik/api";
+
 import { html, nothing } from "lit";
 import { customElement, property } from "lit/decorators.js";
 
-import { Provider, ProvidersAllListRequest, ProvidersApi } from "@goauthentik/api";
-
 const renderElement = (item: Provider) => item.name;
 const renderValue = (item: Provider | undefined) => item?.pk;
 const doGroupBy = (items: Provider[]) => groupBy(items, (item) => item.verboseName);

web/src/admin/applications/entitlements/ApplicationEntitlementForm.ts

@@ -1,10 +1,18 @@
 import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
+
 import "@goauthentik/elements/CodeMirror";
+
 import { CodeMirrorMode } from "@goauthentik/elements/CodeMirror";
+
 import "@goauthentik/elements/forms/HorizontalFormElement";
+
 import { ModelForm } from "@goauthentik/elements/forms/ModelForm";
+
 import "@goauthentik/elements/forms/Radio";
 import "@goauthentik/elements/forms/SearchSelect";
+
+import { ApplicationEntitlement, CoreApi } from "@goauthentik/api";
+
 import YAML from "yaml";
 
 import { msg } from "@lit/localize";
@@ -14,8 +22,6 @@ import { customElement, property } from "lit/decorators.js";
 
 import PFContent from "@patternfly/patternfly/components/Content/content.css";
 
-import { ApplicationEntitlement, CoreApi } from "@goauthentik/api";
-
 @customElement("ak-application-entitlement-form")
 export class ApplicationEntitlementForm extends ModelForm<ApplicationEntitlement, string> {
     async loadInstance(pk: string): Promise<ApplicationEntitlement> {

web/src/admin/applications/entitlements/ApplicationEntitlementPage.ts

@@ -1,28 +1,33 @@
 import "@goauthentik/admin/applications/entitlements/ApplicationEntitlementForm";
 import "@goauthentik/admin/policies/BoundPoliciesList";
+
 import { PolicyBindingCheckTarget } from "@goauthentik/admin/policies/utils";
+
 import "@goauthentik/admin/rbac/ObjectPermissionModal";
+
 import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
 import { PFSize } from "@goauthentik/common/enums";
+
 import "@goauthentik/components/ak-status-label";
 import "@goauthentik/elements/Tabs";
 import "@goauthentik/elements/forms/DeleteBulkForm";
 import "@goauthentik/elements/forms/ModalForm";
 import "@goauthentik/elements/forms/ProxyForm";
+
 import { PaginatedResponse } from "@goauthentik/elements/table/Table";
 import { Table, TableColumn } from "@goauthentik/elements/table/Table";
 
-import { msg } from "@lit/localize";
-import { TemplateResult, html } from "lit";
-import { customElement, property } from "lit/decorators.js";
-import { ifDefined } from "lit/directives/if-defined.js";
-
 import {
     ApplicationEntitlement,
     CoreApi,
     RbacPermissionsAssignedByUsersListModelEnum,
 } from "@goauthentik/api";
 
+import { msg } from "@lit/localize";
+import { TemplateResult, html } from "lit";
+import { customElement, property } from "lit/decorators.js";
+import { ifDefined } from "lit/directives/if-defined.js";
+
 @customElement("ak-application-entitlements-list")
 export class ApplicationEntitlementsPage extends Table<ApplicationEntitlement> {
     @property()

web/src/admin/applications/wizard/ApplicationWizardStep.ts

@@ -1,18 +1,20 @@
-import { styles } from "@goauthentik/admin/applications/wizard/ApplicationWizardFormStepStyles.css.js";
+import { KeyUnknown, serializeForm } from "@goauthentik/elements/forms/Form";
+import { HorizontalFormElement } from "@goauthentik/elements/forms/HorizontalFormElement";
+
 import { WizardStep } from "@goauthentik/components/ak-wizard/WizardStep.js";
 import {
     NavigationEventInit,
     WizardNavigationEvent,
     WizardUpdateEvent,
 } from "@goauthentik/components/ak-wizard/events";
-import { KeyUnknown, serializeForm } from "@goauthentik/elements/forms/Form";
-import { HorizontalFormElement } from "@goauthentik/elements/forms/HorizontalFormElement";
+
+import { styles } from "@goauthentik/admin/applications/wizard/ApplicationWizardFormStepStyles.css.js";
+
+import { ValidationError } from "@goauthentik/api";
 
 import { msg } from "@lit/localize";
 import { property, query } from "lit/decorators.js";
 
-import { ValidationError } from "@goauthentik/api";
-
 import {
     ApplicationTransactionValidationError,
     type ApplicationWizardState,

web/src/admin/applications/wizard/ak-application-wizard-main.ts

@@ -1,22 +1,27 @@
 import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
+
 import "@goauthentik/components/ak-wizard/ak-wizard-steps.js";
-import { WizardUpdateEvent } from "@goauthentik/components/ak-wizard/events";
+
 import { AKElement } from "@goauthentik/elements/Base.js";
 
+import { WizardUpdateEvent } from "@goauthentik/components/ak-wizard/events";
+
+import { ProvidersApi, ProxyMode } from "@goauthentik/api";
+
 import { ContextProvider } from "@lit/context";
 import { html } from "lit";
 import { customElement, state } from "lit/decorators.js";
 
-import { ProvidersApi, ProxyMode } from "@goauthentik/api";
-
 import { applicationWizardProvidersContext } from "./ContextIdentity";
 import { providerTypeRenderers } from "./steps/ProviderChoices.js";
+
 import "./steps/ak-application-wizard-application-step.js";
 import "./steps/ak-application-wizard-bindings-step.js";
 import "./steps/ak-application-wizard-edit-binding-step.js";
 import "./steps/ak-application-wizard-provider-choice-step.js";
 import "./steps/ak-application-wizard-provider-step.js";
 import "./steps/ak-application-wizard-submit-step.js";
+
 import { type ApplicationWizardState, type ApplicationWizardStateUpdate } from "./types";
 
 const freshWizardState = (): ApplicationWizardState => ({

web/src/admin/applications/wizard/ak-application-wizard.ts

@@ -1,7 +1,8 @@
-import { WizardCloseEvent } from "@goauthentik/components/ak-wizard/events.js";
 import { ModalButton } from "@goauthentik/elements/buttons/ModalButton";
 import { bound } from "@goauthentik/elements/decorators/bound.js";
 
+import { WizardCloseEvent } from "@goauthentik/components/ak-wizard/events.js";
+
 import { html } from "lit";
 import { customElement } from "lit/decorators.js";
 

web/src/admin/applications/wizard/steps/ProviderChoices.ts

@@ -1,9 +1,9 @@
 import "@goauthentik/admin/common/ak-license-notice";
 
-import { TemplateResult, html } from "lit";
-
 import type { TypeCreate } from "@goauthentik/api";
 
+import { TemplateResult, html } from "lit";
+
 type ProviderRenderer = () => TemplateResult;
 
 export type LocalTypeCreate = TypeCreate & {

web/src/admin/applications/wizard/steps/SubmitStepOverviewRenderers.ts

@@ -2,10 +2,6 @@ import {
     type DescriptionPair,
     renderDescriptionList,
 } from "@goauthentik/components/DescriptionList.js";
-import { match } from "ts-pattern";
-
-import { msg } from "@lit/localize";
-import { html } from "lit";
 
 import {
     ClientTypeEnum,
@@ -22,6 +18,11 @@ import {
     SCIMProvider,
 } from "@goauthentik/api";
 
+import { match } from "ts-pattern";
+
+import { msg } from "@lit/localize";
+import { html } from "lit";
+
 import { OneOfProvider } from "../types.js";
 
 const renderSummary = (type: string, name: string, fields: DescriptionPair[]) =>

web/src/admin/applications/wizard/steps/ak-application-wizard-application-step.ts

@@ -1,24 +1,32 @@
 import { ApplicationWizardStep } from "@goauthentik/admin/applications/wizard/ApplicationWizardStep.js";
+
 import "@goauthentik/admin/applications/wizard/ak-wizard-title.js";
-import { policyEngineModes } from "@goauthentik/admin/policies/PolicyEngineModes";
+
 import { camelToSnake } from "@goauthentik/common/utils.js";
+
+import { policyEngineModes } from "@goauthentik/admin/policies/PolicyEngineModes";
+
 import "@goauthentik/components/ak-radio-input";
 import "@goauthentik/components/ak-slug-input";
 import "@goauthentik/components/ak-switch-input";
 import "@goauthentik/components/ak-text-input";
-import { type NavigableButton, type WizardButton } from "@goauthentik/components/ak-wizard/types";
+
 import { type KeyUnknown } from "@goauthentik/elements/forms/Form";
+
+import { type NavigableButton, type WizardButton } from "@goauthentik/components/ak-wizard/types";
+
 import "@goauthentik/elements/forms/FormGroup";
 import "@goauthentik/elements/forms/HorizontalFormElement";
+
 import { isSlug } from "@goauthentik/elements/router/utils.js";
 
+import { type ApplicationRequest } from "@goauthentik/api";
+
 import { msg } from "@lit/localize";
 import { html } from "lit";
 import { customElement, query, state } from "lit/decorators.js";
 import { ifDefined } from "lit/directives/if-defined.js";
 
-import { type ApplicationRequest } from "@goauthentik/api";
-
 import { ApplicationWizardStateUpdate, ValidationRecord } from "../types";
 
 const autoTrim = (v: unknown) => (typeof v === "string" ? v.trim() : v);

web/src/admin/applications/wizard/steps/ak-application-wizard-bindings-step.ts

@@ -1,15 +1,21 @@
 import { ApplicationWizardStep } from "@goauthentik/admin/applications/wizard/ApplicationWizardStep.js";
+
 import "@goauthentik/admin/applications/wizard/ak-wizard-title.js";
 import "@goauthentik/components/ak-radio-input";
 import "@goauthentik/components/ak-slug-input";
 import "@goauthentik/components/ak-status-label";
 import "@goauthentik/components/ak-switch-input";
 import "@goauthentik/components/ak-text-input";
+
 import { type WizardButton } from "@goauthentik/components/ak-wizard/types";
+
 import "@goauthentik/elements/ak-table/ak-select-table.js";
+
 import { SelectTable } from "@goauthentik/elements/ak-table/ak-select-table.js";
+
 import "@goauthentik/elements/forms/FormGroup";
 import "@goauthentik/elements/forms/HorizontalFormElement";
+
 import { P, match } from "ts-pattern";
 
 import { msg, str } from "@lit/localize";
@@ -19,6 +25,7 @@ import { customElement, query } from "lit/decorators.js";
 import PFCard from "@patternfly/patternfly/components/Card/card.css";
 
 import { makeEditButton } from "./bindings/ak-application-wizard-bindings-edit-button.js";
+
 import "./bindings/ak-application-wizard-bindings-toolbar.js";
 
 const COLUMNS = [

web/src/admin/applications/wizard/steps/ak-application-wizard-edit-binding-step.ts

@@ -1,24 +1,31 @@
 import { ApplicationWizardStep } from "@goauthentik/admin/applications/wizard/ApplicationWizardStep.js";
+
 import "@goauthentik/admin/applications/wizard/ak-wizard-title.js";
+
 import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
 import { groupBy } from "@goauthentik/common/utils";
+
 import "@goauthentik/components/ak-radio-input";
 import "@goauthentik/components/ak-switch-input";
 import "@goauthentik/components/ak-text-input";
 import "@goauthentik/components/ak-toggle-group";
+
 import { type NavigableButton, type WizardButton } from "@goauthentik/components/ak-wizard/types";
+
 import "@goauthentik/elements/forms/FormGroup";
 import "@goauthentik/elements/forms/HorizontalFormElement";
 import "@goauthentik/elements/forms/SearchSelect";
+
 import { type SearchSelectBase } from "@goauthentik/elements/forms/SearchSelect/SearchSelect.js";
+
 import "@goauthentik/elements/forms/SearchSelect/ak-search-select-ez.js";
 
+import { CoreApi, Group, PoliciesApi, Policy, PolicyBinding, User } from "@goauthentik/api";
+
 import { msg } from "@lit/localize";
 import { html, nothing } from "lit";
 import { customElement, query, state } from "lit/decorators.js";
 
-import { CoreApi, Group, PoliciesApi, Policy, PolicyBinding, User } from "@goauthentik/api";
-
 const withQuery = <T>(search: string | undefined, args: T) => (search ? { ...args, search } : args);
 
 enum target {

web/src/admin/applications/wizard/steps/ak-application-wizard-provider-choice-step.ts

@@ -1,21 +1,29 @@
 import { WithLicenseSummary } from "#elements/mixins/license";
+
 import { ApplicationWizardStep } from "@goauthentik/admin/applications/wizard/ApplicationWizardStep.js";
+
 import "@goauthentik/admin/applications/wizard/ak-wizard-title.js";
+
 import type { NavigableButton, WizardButton } from "@goauthentik/components/ak-wizard/types";
+
 import "@goauthentik/elements/EmptyState.js";
+
 import { bound } from "@goauthentik/elements/decorators/bound.js";
+
 import "@goauthentik/elements/forms/FormGroup.js";
 import "@goauthentik/elements/forms/HorizontalFormElement.js";
+
 import { TypeCreateWizardPageLayouts } from "@goauthentik/elements/wizard/TypeCreateWizardPage.js";
+
 import "@goauthentik/elements/wizard/TypeCreateWizardPage.js";
 
+import { TypeCreate } from "@goauthentik/api";
+
 import { consume } from "@lit/context";
 import { msg } from "@lit/localize";
 import { html } from "lit";
 import { customElement, state } from "lit/decorators.js";
 
-import { TypeCreate } from "@goauthentik/api";
-
 import { applicationWizardProvidersContext } from "../ContextIdentity";
 import { type LocalTypeCreate } from "./ProviderChoices.js";
 

web/src/admin/applications/wizard/steps/ak-application-wizard-provider-step.ts

@@ -8,6 +8,7 @@ import { html, unsafeStatic } from "lit/static-html.js";
 import { ApplicationWizardStep } from "../ApplicationWizardStep.js";
 import { OneOfProvider } from "../types.js";
 import { ApplicationWizardProviderForm } from "./providers/ApplicationWizardProviderForm.js";
+
 import "./providers/ak-application-wizard-provider-for-ldap.js";
 import "./providers/ak-application-wizard-provider-for-oauth.js";
 import "./providers/ak-application-wizard-provider-for-proxy.js";

web/src/admin/applications/wizard/steps/ak-application-wizard-submit-step.ts

@@ -1,24 +1,14 @@
 import "@goauthentik/admin/applications/wizard/ak-wizard-title.js";
+
 import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
 import { EVENT_REFRESH } from "@goauthentik/common/constants";
 import { parseAPIResponseError } from "@goauthentik/common/errors/network";
-import { WizardNavigationEvent } from "@goauthentik/components/ak-wizard/events.js";
-import { type WizardButton } from "@goauthentik/components/ak-wizard/types";
+
 import { showAPIErrorMessage } from "@goauthentik/elements/messages/MessageContainer";
 import { CustomEmitterElement } from "@goauthentik/elements/utils/eventEmitter";
-import { P, match } from "ts-pattern";
 
-import { msg } from "@lit/localize";
-import { TemplateResult, css, html, nothing } from "lit";
-import { customElement, state } from "lit/decorators.js";
-import { classMap } from "lit/directives/class-map.js";
-
-// import { map } from "lit/directives/map.js";
-import PFDescriptionList from "@patternfly/patternfly/components/DescriptionList/description-list.css";
-import PFEmptyState from "@patternfly/patternfly/components/EmptyState/empty-state.css";
-import PFProgressStepper from "@patternfly/patternfly/components/ProgressStepper/progress-stepper.css";
-import PFTitle from "@patternfly/patternfly/components/Title/title.css";
-import PFBullseye from "@patternfly/patternfly/layouts/Bullseye/bullseye.css";
+import { WizardNavigationEvent } from "@goauthentik/components/ak-wizard/events.js";
+import { type WizardButton } from "@goauthentik/components/ak-wizard/types";
 
 import {
     type ApplicationRequest,
@@ -34,6 +24,20 @@ import {
     instanceOfValidationError,
 } from "@goauthentik/api";
 
+import { P, match } from "ts-pattern";
+
+import { msg } from "@lit/localize";
+import { TemplateResult, css, html, nothing } from "lit";
+import { customElement, state } from "lit/decorators.js";
+import { classMap } from "lit/directives/class-map.js";
+
+// import { map } from "lit/directives/map.js";
+import PFDescriptionList from "@patternfly/patternfly/components/DescriptionList/description-list.css";
+import PFEmptyState from "@patternfly/patternfly/components/EmptyState/empty-state.css";
+import PFProgressStepper from "@patternfly/patternfly/components/ProgressStepper/progress-stepper.css";
+import PFTitle from "@patternfly/patternfly/components/Title/title.css";
+import PFBullseye from "@patternfly/patternfly/layouts/Bullseye/bullseye.css";
+
 import { ApplicationWizardStep } from "../ApplicationWizardStep.js";
 import { OneOfProvider, isApplicationTransactionValidationError } from "../types.js";
 import { providerRenderers } from "./SubmitStepOverviewRenderers.js";

web/src/admin/applications/wizard/steps/providers/ApplicationWizardProviderForm.ts

@@ -1,12 +1,16 @@
 import { camelToSnake } from "@goauthentik/common/utils.js";
+
 import "@goauthentik/components/ak-number-input";
 import "@goauthentik/components/ak-radio-input";
 import "@goauthentik/components/ak-switch-input";
 import "@goauthentik/components/ak-text-input";
+
 import { AKElement } from "@goauthentik/elements/Base.js";
 import { KeyUnknown, serializeForm } from "@goauthentik/elements/forms/Form";
+
 import "@goauthentik/elements/forms/FormGroup";
 import "@goauthentik/elements/forms/HorizontalFormElement";
+
 import { HorizontalFormElement } from "@goauthentik/elements/forms/HorizontalFormElement";
 
 import { property, query } from "lit/decorators.js";

web/src/admin/applications/wizard/steps/providers/ak-application-wizard-provider-for-ldap.ts

@@ -1,14 +1,16 @@
 import { WithBrandConfig } from "#elements/mixins/branding";
+
 import "@goauthentik/admin/applications/wizard/ak-wizard-title.js";
+
 import { ValidationRecord } from "@goauthentik/admin/applications/wizard/types";
 import { renderForm } from "@goauthentik/admin/providers/ldap/LDAPProviderFormForm.js";
 
+import type { LDAPProvider } from "@goauthentik/api";
+
 import { msg } from "@lit/localize";
 import { html } from "lit";
 import { customElement } from "lit/decorators.js";
 
-import type { LDAPProvider } from "@goauthentik/api";
-
 import { ApplicationWizardProviderForm } from "./ApplicationWizardProviderForm.js";
 
 @customElement("ak-application-wizard-provider-for-ldap")

web/src/admin/applications/wizard/steps/providers/ak-application-wizard-provider-for-oauth.ts

@@ -1,14 +1,16 @@
 import "@goauthentik/admin/applications/wizard/ak-wizard-title.js";
-import { renderForm } from "@goauthentik/admin/providers/oauth2/OAuth2ProviderFormForm.js";
+
 import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
 
+import { renderForm } from "@goauthentik/admin/providers/oauth2/OAuth2ProviderFormForm.js";
+
+import { OAuth2ProviderRequest, SourcesApi } from "@goauthentik/api";
+import { type OAuth2Provider, type PaginatedOAuthSourceList } from "@goauthentik/api";
+
 import { msg } from "@lit/localize";
 import { html } from "lit";
 import { customElement, state } from "lit/decorators.js";
 
-import { OAuth2ProviderRequest, SourcesApi } from "@goauthentik/api";
-import { type OAuth2Provider, type PaginatedOAuthSourceList } from "@goauthentik/api";
-
 import { ApplicationTransactionValidationError } from "../../types.js";
 import { ApplicationWizardProviderForm } from "./ApplicationWizardProviderForm.js";
 

web/src/admin/applications/wizard/steps/providers/ak-application-wizard-provider-for-proxy.ts

@@ -1,4 +1,7 @@
 import "@goauthentik/admin/applications/wizard/ak-wizard-title.js";
+
+import { WizardUpdateEvent } from "@goauthentik/components/ak-wizard/events.js";
+
 import { ValidationRecord } from "@goauthentik/admin/applications/wizard/types";
 import {
     ProxyModeValue,
@@ -6,14 +9,13 @@ import {
     type SetShowHttpBasic,
     renderForm,
 } from "@goauthentik/admin/providers/proxy/ProxyProviderFormForm.js";
-import { WizardUpdateEvent } from "@goauthentik/components/ak-wizard/events.js";
+
+import { ProxyMode, ProxyProvider } from "@goauthentik/api";
 
 import { msg } from "@lit/localize";
 import { html } from "lit";
 import { customElement, state } from "lit/decorators.js";
 
-import { ProxyMode, ProxyProvider } from "@goauthentik/api";
-
 import { ApplicationWizardProviderForm } from "./ApplicationWizardProviderForm";
 
 @customElement("ak-application-wizard-provider-for-proxy")

web/src/admin/applications/wizard/steps/providers/ak-application-wizard-provider-for-rac.ts

@@ -1,21 +1,23 @@
 import "@goauthentik/admin/applications/wizard/ak-wizard-title.js";
 import "@goauthentik/admin/common/ak-crypto-certificate-search.js";
 import "@goauthentik/admin/common/ak-flow-search/ak-flow-search";
+
 import {
     propertyMappingsProvider,
     propertyMappingsSelector,
 } from "@goauthentik/admin/providers/rac/RACProviderFormHelpers.js";
+
 import "@goauthentik/components/ak-text-input";
 import "@goauthentik/elements/CodeMirror";
 import "@goauthentik/elements/ak-dual-select/ak-dual-select-dynamic-selected-provider.js";
 
+import { FlowsInstancesListDesignationEnum, type RACProvider } from "@goauthentik/api";
+
 import { msg } from "@lit/localize";
 import { html } from "lit";
 import { customElement } from "lit/decorators.js";
 import { ifDefined } from "lit/directives/if-defined.js";
 
-import { FlowsInstancesListDesignationEnum, type RACProvider } from "@goauthentik/api";
-
 import { ApplicationWizardProviderForm } from "./ApplicationWizardProviderForm.js";
 
 @customElement("ak-application-wizard-provider-for-rac")

web/src/admin/applications/wizard/steps/providers/ak-application-wizard-provider-for-radius.ts

@@ -1,14 +1,16 @@
 import { WithBrandConfig } from "#elements/mixins/branding";
+
 import "@goauthentik/admin/applications/wizard/ak-wizard-title.js";
+
 import { ValidationRecord } from "@goauthentik/admin/applications/wizard/types";
 import { renderForm } from "@goauthentik/admin/providers/radius/RadiusProviderFormForm.js";
 
+import { RadiusProvider } from "@goauthentik/api";
+
 import { msg } from "@lit/localize";
 import { customElement } from "@lit/reactive-element/decorators.js";
 import { html } from "lit";
 
-import { RadiusProvider } from "@goauthentik/api";
-
 import { ApplicationWizardProviderForm } from "./ApplicationWizardProviderForm.js";
 
 @customElement("ak-application-wizard-provider-for-radius")

web/src/admin/applications/wizard/steps/providers/ak-application-wizard-provider-for-saml.ts

@@ -1,14 +1,16 @@
 import "@goauthentik/admin/applications/wizard/ak-wizard-title.js";
+
 import { type AkCryptoCertificateSearch } from "@goauthentik/admin/common/ak-crypto-certificate-search";
 import { renderForm } from "@goauthentik/admin/providers/saml/SAMLProviderFormForm.js";
+
 import "@goauthentik/elements/forms/FormGroup";
 
+import { SAMLProvider } from "@goauthentik/api";
+
 import { msg } from "@lit/localize";
 import { customElement, state } from "@lit/reactive-element/decorators.js";
 import { html } from "lit";
 
-import { SAMLProvider } from "@goauthentik/api";
-
 import { ApplicationWizardProviderForm } from "./ApplicationWizardProviderForm";
 
 @customElement("ak-application-wizard-provider-for-saml")

web/src/admin/applications/wizard/steps/providers/ak-application-wizard-provider-for-scim.ts

@@ -1,13 +1,15 @@
 import "@goauthentik/admin/applications/wizard/ak-wizard-title.js";
+
 import { renderForm } from "@goauthentik/admin/providers/scim/SCIMProviderFormForm.js";
+
 import "@goauthentik/elements/forms/FormGroup";
 
+import { PaginatedSCIMMappingList, type SCIMProvider } from "@goauthentik/api";
+
 import { msg } from "@lit/localize";
 import { customElement, state } from "@lit/reactive-element/decorators.js";
 import { html } from "lit";
 
-import { PaginatedSCIMMappingList, type SCIMProvider } from "@goauthentik/api";
-
 import { ApplicationWizardProviderForm } from "./ApplicationWizardProviderForm";
 
 @customElement("ak-application-wizard-provider-for-scim")

web/src/admin/blueprints/BlueprintForm.ts

@@ -1,12 +1,20 @@
 import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
 import { docLink } from "@goauthentik/common/global";
+
 import "@goauthentik/components/ak-toggle-group";
 import "@goauthentik/elements/CodeMirror";
+
 import { CodeMirrorMode } from "@goauthentik/elements/CodeMirror";
+
 import "@goauthentik/elements/forms/FormGroup";
 import "@goauthentik/elements/forms/HorizontalFormElement";
+
 import { ModelForm } from "@goauthentik/elements/forms/ModelForm";
+
 import "@goauthentik/elements/forms/SearchSelect";
+
+import { BlueprintFile, BlueprintInstance, ManagedApi } from "@goauthentik/api";
+
 import YAML from "yaml";
 
 import { msg } from "@lit/localize";
@@ -16,8 +24,6 @@ import { ifDefined } from "lit/directives/if-defined.js";
 
 import PFContent from "@patternfly/patternfly/components/Content/content.css";
 
-import { BlueprintFile, BlueprintInstance, ManagedApi } from "@goauthentik/api";
-
 enum blueprintSource {
     file = "file",
     oci = "oci",

web/src/admin/blueprints/BlueprintListPage.ts

@@ -1,24 +1,22 @@
 import "@goauthentik/admin/blueprints/BlueprintForm";
 import "@goauthentik/admin/rbac/ObjectPermissionModal";
+
 import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
 import { EVENT_REFRESH } from "@goauthentik/common/constants";
 import { formatElapsedTime } from "@goauthentik/common/temporal";
+
 import "@goauthentik/components/ak-status-label";
 import "@goauthentik/elements/buttons/ActionButton";
 import "@goauthentik/elements/buttons/SpinnerButton";
 import "@goauthentik/elements/forms/DeleteBulkForm";
 import "@goauthentik/elements/forms/ModalForm";
+
 import { PaginatedResponse } from "@goauthentik/elements/table/Table";
 import { TableColumn } from "@goauthentik/elements/table/Table";
 import { TablePage } from "@goauthentik/elements/table/TablePage";
+
 import "@patternfly/elements/pf-tooltip/pf-tooltip.js";
 
-import { msg } from "@lit/localize";
-import { CSSResult, TemplateResult, html } from "lit";
-import { customElement, property } from "lit/decorators.js";
-
-import PFDescriptionList from "@patternfly/patternfly/components/DescriptionList/description-list.css";
-
 import {
     BlueprintInstance,
     BlueprintInstanceStatusEnum,
@@ -26,6 +24,12 @@ import {
     RbacPermissionsAssignedByUsersListModelEnum,
 } from "@goauthentik/api";
 
+import { msg } from "@lit/localize";
+import { CSSResult, TemplateResult, html } from "lit";
+import { customElement, property } from "lit/decorators.js";
+
+import PFDescriptionList from "@patternfly/patternfly/components/DescriptionList/description-list.css";
+
 export function BlueprintStatus(blueprint?: BlueprintInstance): string {
     if (!blueprint) return "";
     switch (blueprint.status) {

web/src/admin/brands/BrandForm.ts

@@ -1,21 +1,23 @@
 import { certificateProvider, certificateSelector } from "@goauthentik/admin/brands/Certificates";
+
 import "@goauthentik/admin/common/ak-crypto-certificate-search";
 import "@goauthentik/admin/common/ak-flow-search/ak-flow-search";
+
 import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
 import { DefaultBrand } from "@goauthentik/common/ui/config";
+
 import "@goauthentik/elements/CodeMirror";
+
 import { CodeMirrorMode } from "@goauthentik/elements/CodeMirror";
+
 import "@goauthentik/elements/ak-dual-select/ak-dual-select-dynamic-selected-provider.js";
 import "@goauthentik/elements/ak-dual-select/ak-dual-select-provider.js";
 import "@goauthentik/elements/forms/FormGroup";
 import "@goauthentik/elements/forms/HorizontalFormElement";
-import { ModelForm } from "@goauthentik/elements/forms/ModelForm";
-import "@goauthentik/elements/forms/SearchSelect";
-import YAML from "yaml";
 
-import { msg } from "@lit/localize";
-import { TemplateResult, html } from "lit";
-import { customElement } from "lit/decorators.js";
+import { ModelForm } from "@goauthentik/elements/forms/ModelForm";
+
+import "@goauthentik/elements/forms/SearchSelect";
 
 import {
     Application,
@@ -25,6 +27,12 @@ import {
     FlowsInstancesListDesignationEnum,
 } from "@goauthentik/api";
 
+import YAML from "yaml";
+
+import { msg } from "@lit/localize";
+import { TemplateResult, html } from "lit";
+import { customElement } from "lit/decorators.js";
+
 @customElement("ak-brand-form")
 export class BrandForm extends ModelForm<Brand, string> {
     loadInstance(pk: string): Promise<Brand> {

web/src/admin/brands/BrandListPage.ts

@@ -1,22 +1,26 @@
 import "@goauthentik/admin/brands/BrandForm";
 import "@goauthentik/admin/rbac/ObjectPermissionModal";
+
 import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
+
 import "@goauthentik/components/ak-status-label";
 import "@goauthentik/components/ak-status-label";
 import "@goauthentik/elements/buttons/SpinnerButton";
 import "@goauthentik/elements/forms/DeleteBulkForm";
 import "@goauthentik/elements/forms/ModalForm";
+
 import { PaginatedResponse } from "@goauthentik/elements/table/Table";
 import { TableColumn } from "@goauthentik/elements/table/Table";
 import { TablePage } from "@goauthentik/elements/table/TablePage";
+
 import "@patternfly/elements/pf-tooltip/pf-tooltip.js";
 
+import { Brand, CoreApi, RbacPermissionsAssignedByUsersListModelEnum } from "@goauthentik/api";
+
 import { msg } from "@lit/localize";
 import { TemplateResult, html } from "lit";
 import { customElement, property } from "lit/decorators.js";
 
-import { Brand, CoreApi, RbacPermissionsAssignedByUsersListModelEnum } from "@goauthentik/api";
-
 @customElement("ak-brand-list")
 export class BrandListPage extends TablePage<Brand> {
     searchEnabled(): boolean {

web/src/admin/brands/Certificates.ts

@@ -1,4 +1,5 @@
 import { DEFAULT_CONFIG } from "#common/api/config";
+
 import {
     DataProvision,
     DualSelectPair,

web/src/admin/common/ak-core-group-search.ts

@@ -1,14 +1,15 @@
 import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
+
 import { AKElement } from "@goauthentik/elements/Base";
 import { SearchSelect } from "@goauthentik/elements/forms/SearchSelect";
 import { CustomListenerElement } from "@goauthentik/elements/utils/eventEmitter";
 
+import { CoreApi, CoreGroupsListRequest, Group } from "@goauthentik/api";
+
 import { html } from "lit";
 import { customElement } from "lit/decorators.js";
 import { property, query } from "lit/decorators.js";
 
-import { CoreApi, CoreGroupsListRequest, Group } from "@goauthentik/api";
-
 async function fetchObjects(query?: string): Promise<Group[]> {
     const args: CoreGroupsListRequest = {
         ordering: "name",

web/src/admin/common/ak-crypto-certificate-search.ts

@@ -1,12 +1,11 @@
 import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
+
 import { AKElement } from "@goauthentik/elements/Base";
 import { SearchSelect } from "@goauthentik/elements/forms/SearchSelect";
-import "@goauthentik/elements/forms/SearchSelect";
-import { CustomListenerElement } from "@goauthentik/elements/utils/eventEmitter";
 
-import { html } from "lit";
-import { customElement, property, query } from "lit/decorators.js";
-import { ifDefined } from "lit/directives/if-defined.js";
+import "@goauthentik/elements/forms/SearchSelect";
+
+import { CustomListenerElement } from "@goauthentik/elements/utils/eventEmitter";
 
 import {
     CertificateKeyPair,
@@ -14,6 +13,10 @@ import {
     CryptoCertificatekeypairsListRequest,
 } from "@goauthentik/api";
 
+import { html } from "lit";
+import { customElement, property, query } from "lit/decorators.js";
+import { ifDefined } from "lit/directives/if-defined.js";
+
 const renderElement = (item: CertificateKeyPair): string => item.name;
 
 const renderValue = (item: CertificateKeyPair | undefined): string | undefined => item?.pk;

web/src/admin/common/ak-flow-search/FlowSearch.ts

@@ -1,17 +1,21 @@
-import { RenderFlowOption } from "@goauthentik/admin/flows/utils";
 import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
+
 import { AKElement } from "@goauthentik/elements/Base";
 import { SearchSelect } from "@goauthentik/elements/forms/SearchSelect";
+
+import { RenderFlowOption } from "@goauthentik/admin/flows/utils";
+
 import "@goauthentik/elements/forms/SearchSelect";
+
 import { CustomListenerElement } from "@goauthentik/elements/utils/eventEmitter";
 
+import { FlowsApi, FlowsInstancesListDesignationEnum } from "@goauthentik/api";
+import type { Flow, FlowsInstancesListRequest } from "@goauthentik/api";
+
 import { html } from "lit";
 import { property, query } from "lit/decorators.js";
 import { ifDefined } from "lit/directives/if-defined.js";
 
-import { FlowsApi, FlowsInstancesListDesignationEnum } from "@goauthentik/api";
-import type { Flow, FlowsInstancesListRequest } from "@goauthentik/api";
-
 export function renderElement(flow: Flow) {
     return RenderFlowOption(flow);
 }

web/src/admin/common/ak-flow-search/ak-branded-flow-search.ts

@@ -1,7 +1,7 @@
-import { customElement, property } from "lit/decorators.js";
-
 import type { Flow } from "@goauthentik/api";
 
+import { customElement, property } from "lit/decorators.js";
+
 import FlowSearch from "./FlowSearch";
 
 /**

web/src/admin/common/ak-flow-search/ak-flow-search-no-default.ts

@@ -1,10 +1,10 @@
 import "@goauthentik/elements/forms/SearchSelect";
 
+import type { Flow } from "@goauthentik/api";
+
 import { html } from "lit";
 import { customElement } from "lit/decorators.js";
 
-import type { Flow } from "@goauthentik/api";
-
 import { FlowSearch, getFlowValue, renderDescription, renderElement } from "./FlowSearch";
 
 /**

web/src/admin/common/ak-flow-search/ak-flow-search.stories.ts

@@ -1,13 +1,16 @@
 import "@goauthentik/admin/common/ak-flow-search/ak-flow-search";
+
 import { AkFlowSearch } from "@goauthentik/admin/common/ak-flow-search/ak-flow-search";
+
 import "@goauthentik/elements/forms/HorizontalFormElement";
+
+import { Flow, FlowsInstancesListDesignationEnum } from "@goauthentik/api";
+
 import { Meta } from "@storybook/web-components";
 
 import { msg } from "@lit/localize";
 import { TemplateResult, html } from "lit";
 
-import { Flow, FlowsInstancesListDesignationEnum } from "@goauthentik/api";
-
 const mockData = {
     pagination: {
         next: 0,

web/src/admin/common/ak-flow-search/ak-flow-search.ts

@@ -1,7 +1,7 @@
-import { customElement } from "lit/decorators.js";
-
 import type { Flow } from "@goauthentik/api";
 
+import { customElement } from "lit/decorators.js";
+
 import FlowSearch from "./FlowSearch";
 
 /**

web/src/admin/common/ak-flow-search/ak-source-flow-search.ts

@@ -1,8 +1,8 @@
+import type { Flow } from "@goauthentik/api";
+
 import { customElement } from "lit/decorators.js";
 import { property } from "lit/decorators.js";
 
-import type { Flow } from "@goauthentik/api";
-
 import FlowSearch from "./FlowSearch";
 
 /**

web/src/admin/common/ak-license-notice.ts

@@ -1,6 +1,9 @@
 import { $PFBase } from "#common/theme";
+
 import { WithLicenseSummary } from "#elements/mixins/license";
+
 import "@goauthentik/elements/Alert";
+
 import { AKElement } from "@goauthentik/elements/Base";
 
 import { msg } from "@lit/localize";

web/src/admin/common/stories/ak-crypto-certificate-search.stories.ts

@@ -1,10 +1,12 @@
 import "@goauthentik/elements/forms/HorizontalFormElement";
 import "@goauthentik/elements/messages/MessageContainer";
+
 import { Meta } from "@storybook/web-components";
 
 import { TemplateResult, html } from "lit";
 
 import "../ak-crypto-certificate-search";
+
 import AkCryptoCertificateSearch from "../ak-crypto-certificate-search";
 import { dummyCryptoCertsSearch } from "./samples";
 

web/src/admin/crypto/CertificateGenerateForm.ts

@@ -1,10 +1,8 @@
 import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
-import { Form } from "@goauthentik/elements/forms/Form";
-import "@goauthentik/elements/forms/HorizontalFormElement";
 
-import { msg } from "@lit/localize";
-import { TemplateResult, html } from "lit";
-import { customElement } from "lit/decorators.js";
+import { Form } from "@goauthentik/elements/forms/Form";
+
+import "@goauthentik/elements/forms/HorizontalFormElement";
 
 import {
     AlgEnum,
@@ -13,6 +11,10 @@ import {
     CryptoApi,
 } from "@goauthentik/api";
 
+import { msg } from "@lit/localize";
+import { TemplateResult, html } from "lit";
+import { customElement } from "lit/decorators.js";
+
 @customElement("ak-crypto-certificate-generate-form")
 export class CertificateKeyPairForm extends Form<CertificateGenerationRequest> {
     getSuccessMessage(): string {

web/src/admin/crypto/CertificateKeyPairForm.ts

@@ -1,16 +1,18 @@
 import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
+
 import "@goauthentik/components/ak-secret-textarea-input.js";
 import "@goauthentik/elements/CodeMirror";
 import "@goauthentik/elements/forms/HorizontalFormElement";
+
 import { ModelForm } from "@goauthentik/elements/forms/ModelForm";
 
+import { CertificateKeyPair, CertificateKeyPairRequest, CryptoApi } from "@goauthentik/api";
+
 import { msg } from "@lit/localize";
 import { TemplateResult, html } from "lit";
 import { customElement } from "lit/decorators.js";
 import { ifDefined } from "lit/directives/if-defined.js";
 
-import { CertificateKeyPair, CertificateKeyPairRequest, CryptoApi } from "@goauthentik/api";
-
 @customElement("ak-crypto-certificate-form")
 export class CertificateKeyPairForm extends ModelForm<CertificateKeyPair, string> {
     loadInstance(pk: string): Promise<CertificateKeyPair> {

web/src/admin/crypto/CertificateKeyPairListPage.ts

@@ -1,29 +1,35 @@
 import "@goauthentik/admin/crypto/CertificateGenerateForm";
 import "@goauthentik/admin/crypto/CertificateKeyPairForm";
 import "@goauthentik/admin/rbac/ObjectPermissionModal";
+
 import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
+
 import "@goauthentik/components/ak-status-label";
+
 import { PFColor } from "@goauthentik/elements/Label";
+
 import "@goauthentik/elements/buttons/SpinnerButton";
 import "@goauthentik/elements/forms/DeleteBulkForm";
 import "@goauthentik/elements/forms/ModalForm";
+
 import { PaginatedResponse } from "@goauthentik/elements/table/Table";
 import { TableColumn } from "@goauthentik/elements/table/Table";
 import { TablePage } from "@goauthentik/elements/table/TablePage";
+
 import "@patternfly/elements/pf-tooltip/pf-tooltip.js";
 
-import { msg, str } from "@lit/localize";
-import { CSSResult, TemplateResult, html } from "lit";
-import { customElement, property } from "lit/decorators.js";
-
-import PFDescriptionList from "@patternfly/patternfly/components/DescriptionList/description-list.css";
-
 import {
     CertificateKeyPair,
     CryptoApi,
     RbacPermissionsAssignedByUsersListModelEnum,
 } from "@goauthentik/api";
 
+import { msg, str } from "@lit/localize";
+import { CSSResult, TemplateResult, html } from "lit";
+import { customElement, property } from "lit/decorators.js";
+
+import PFDescriptionList from "@patternfly/patternfly/components/DescriptionList/description-list.css";
+
 @customElement("ak-crypto-certificate-list")
 export class CertificateKeyPairListPage extends TablePage<CertificateKeyPair> {
     expandable = true;

web/src/admin/enterprise/EnterpriseLicenseForm.ts

@@ -1,17 +1,19 @@
 import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
 import { EVENT_REFRESH_ENTERPRISE } from "@goauthentik/common/constants";
+
 import "@goauthentik/components/ak-secret-textarea-input.js";
 import "@goauthentik/elements/CodeMirror";
 import "@goauthentik/elements/forms/HorizontalFormElement";
+
 import { ModelForm } from "@goauthentik/elements/forms/ModelForm";
 
+import { EnterpriseApi, License } from "@goauthentik/api";
+
 import { msg } from "@lit/localize";
 import { TemplateResult, html } from "lit";
 import { customElement, state } from "lit/decorators.js";
 import { ifDefined } from "lit/directives/if-defined.js";
 
-import { EnterpriseApi, License } from "@goauthentik/api";
-
 @customElement("ak-enterprise-license-form")
 export class EnterpriseLicenseForm extends ModelForm<License, string> {
     @state()

web/src/admin/enterprise/EnterpriseLicenseListPage.ts

@@ -1,19 +1,33 @@
 import "@goauthentik/admin/enterprise/EnterpriseLicenseForm";
 import "@goauthentik/admin/enterprise/EnterpriseStatusCard";
 import "@goauthentik/admin/rbac/ObjectPermissionModal";
+
 import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
 import { formatElapsedTime } from "@goauthentik/common/temporal";
+
 import { PFColor } from "@goauthentik/elements/Label";
+
 import "@goauthentik/elements/Spinner";
 import "@goauthentik/elements/buttons/SpinnerButton";
 import "@goauthentik/elements/cards/AggregateCard";
 import "@goauthentik/elements/forms/DeleteBulkForm";
 import "@goauthentik/elements/forms/ModalForm";
+
 import { PaginatedResponse } from "@goauthentik/elements/table/Table";
 import { TableColumn } from "@goauthentik/elements/table/Table";
 import { TablePage } from "@goauthentik/elements/table/TablePage";
+
 import "@patternfly/elements/pf-tooltip/pf-tooltip.js";
 
+import {
+    EnterpriseApi,
+    License,
+    LicenseForecast,
+    LicenseSummary,
+    LicenseSummaryStatusEnum,
+    RbacPermissionsAssignedByUsersListModelEnum,
+} from "@goauthentik/api";
+
 import { msg, str } from "@lit/localize";
 import { CSSResult, TemplateResult, css, html } from "lit";
 import { customElement, property, state } from "lit/decorators.js";
@@ -24,15 +38,6 @@ import PFCard from "@patternfly/patternfly/components/Card/card.css";
 import PFFormControl from "@patternfly/patternfly/components/FormControl/form-control.css";
 import PFGrid from "@patternfly/patternfly/layouts/Grid/grid.css";
 
-import {
-    EnterpriseApi,
-    License,
-    LicenseForecast,
-    LicenseSummary,
-    LicenseSummaryStatusEnum,
-    RbacPermissionsAssignedByUsersListModelEnum,
-} from "@goauthentik/api";
-
 @customElement("ak-enterprise-license-list")
 export class EnterpriseLicenseListPage extends TablePage<License> {
     checkbox = true;

web/src/admin/enterprise/EnterpriseStatusCard.test.ts

@@ -1,11 +1,12 @@
 import { render } from "@goauthentik/elements/tests/utils.js";
+
+import { LicenseForecast, LicenseSummary, LicenseSummaryStatusEnum } from "@goauthentik/api";
+
 import { $, expect } from "@wdio/globals";
 
 import { msg } from "@lit/localize";
 import { html } from "lit";
 
-import { LicenseForecast, LicenseSummary, LicenseSummaryStatusEnum } from "@goauthentik/api";
-
 import "./EnterpriseStatusCard.js";
 
 describe("ak-enterprise-status-card", () => {

web/src/admin/enterprise/EnterpriseStatusCard.ts

@@ -1,6 +1,8 @@
 import { AKElement } from "@goauthentik/elements/Base";
 import { PFColor } from "@goauthentik/elements/Label";
 
+import { LicenseForecast, LicenseSummary, LicenseSummaryStatusEnum } from "@goauthentik/api";
+
 import { msg, str } from "@lit/localize";
 import { CSSResult, html, nothing } from "lit";
 import { customElement, state } from "lit/decorators.js";
@@ -11,8 +13,6 @@ import PFProgress from "@patternfly/patternfly/components/Progress/progress.css"
 import PFSplit from "@patternfly/patternfly/layouts/Split/split.css";
 import PFBase from "@patternfly/patternfly/patternfly-base.css";
 
-import { LicenseForecast, LicenseSummary, LicenseSummaryStatusEnum } from "@goauthentik/api";
-
 @customElement("ak-enterprise-status-card")
 export class EnterpriseStatusCard extends AKElement {
     @state()

web/src/admin/events/EventListPage.ts

@@ -1,22 +1,27 @@
 import "@goauthentik/admin/events/EventVolumeChart";
-import { EventGeo, EventUser } from "@goauthentik/admin/events/utils";
+
 import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
 import { EventWithContext } from "@goauthentik/common/events";
 import { actionToLabel } from "@goauthentik/common/labels";
 import { formatElapsedTime } from "@goauthentik/common/temporal";
+
+import { EventGeo, EventUser } from "@goauthentik/admin/events/utils";
+
 import "@goauthentik/components/ak-event-info";
+
 import { PaginatedResponse } from "@goauthentik/elements/table/Table";
 import { TableColumn } from "@goauthentik/elements/table/Table";
 import { TablePage } from "@goauthentik/elements/table/TablePage";
 import { SlottedTemplateResult } from "@goauthentik/elements/types";
+
 import "@patternfly/elements/pf-tooltip/pf-tooltip.js";
 
+import { Event, EventsApi } from "@goauthentik/api";
+
 import { msg } from "@lit/localize";
 import { CSSResult, TemplateResult, css, html } from "lit";
 import { customElement, property } from "lit/decorators.js";
 
-import { Event, EventsApi } from "@goauthentik/api";
-
 @customElement("ak-event-list")
 export class EventListPage extends TablePage<Event> {
     expandable = true;

web/src/admin/events/EventViewPage.ts

@@ -1,12 +1,17 @@
-import { EventGeo, EventUser } from "#admin/events/utils";
 import { DEFAULT_CONFIG } from "#common/api/config";
 import { EventWithContext } from "#common/events";
 import { actionToLabel } from "#common/labels";
 import { formatElapsedTime } from "#common/temporal";
+
+import { EventGeo, EventUser } from "#admin/events/utils";
+
 import "#components/ak-event-info";
 import "#components/ak-page-header";
+
 import { AKElement } from "#elements/Base";
 
+import { EventToJSON, EventsApi } from "@goauthentik/api";
+
 import { msg, str } from "@lit/localize";
 import { CSSResult, PropertyValues, TemplateResult, html } from "lit";
 import { customElement, property, state } from "lit/decorators.js";
@@ -18,8 +23,6 @@ import PFPage from "@patternfly/patternfly/components/Page/page.css";
 import PFGrid from "@patternfly/patternfly/layouts/Grid/grid.css";
 import PFBase from "@patternfly/patternfly/patternfly-base.css";
 
-import { EventToJSON, EventsApi } from "@goauthentik/api";
-
 @customElement("ak-event-view")
 export class EventViewPage extends AKElement {
     @property({ type: String })

web/src/admin/events/EventVolumeChart.ts

@@ -1,5 +1,9 @@
-import { EventChart } from "#elements/charts/EventChart";
 import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
+
+import { EventChart } from "#elements/charts/EventChart";
+
+import { EventVolume, EventsApi, EventsEventsListRequest } from "@goauthentik/api";
+
 import { ChartData } from "chart.js";
 
 import { CSSResult, TemplateResult, css, html } from "lit";
@@ -7,8 +11,6 @@ import { customElement, property } from "lit/decorators.js";
 
 import PFCard from "@patternfly/patternfly/components/Card/card.css";
 
-import { EventVolume, EventsApi, EventsEventsListRequest } from "@goauthentik/api";
-
 @customElement("ak-events-volume-chart")
 export class EventVolumeChart extends EventChart {
     _query?: EventsEventsListRequest;

web/src/admin/events/RuleForm.ts

@@ -1,16 +1,14 @@
 import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
 import { severityToLabel } from "@goauthentik/common/labels";
+
 import "@goauthentik/elements/ak-dual-select/ak-dual-select-dynamic-selected-provider.js";
 import "@goauthentik/elements/forms/HorizontalFormElement";
+
 import { ModelForm } from "@goauthentik/elements/forms/ModelForm";
+
 import "@goauthentik/elements/forms/Radio";
 import "@goauthentik/elements/forms/SearchSelect";
 
-import { msg } from "@lit/localize";
-import { TemplateResult, html } from "lit";
-import { customElement } from "lit/decorators.js";
-import { ifDefined } from "lit/directives/if-defined.js";
-
 import {
     CoreApi,
     CoreGroupsListRequest,
@@ -21,6 +19,11 @@ import {
     SeverityEnum,
 } from "@goauthentik/api";
 
+import { msg } from "@lit/localize";
+import { TemplateResult, html } from "lit";
+import { customElement } from "lit/decorators.js";
+import { ifDefined } from "lit/directives/if-defined.js";
+
 import { eventTransportsProvider, eventTransportsSelector } from "./RuleFormHelpers.js";
 
 @customElement("ak-event-rule-form")