release: 2021.2.6-stable

web: fix colourstyles not being included in common_styles
# Conflicts: # authentik/events/geo.py # web/src/elements/buttons/TokenCopyButton.ts
2021-02-27 18:16:46 +01:00 · 2021-02-27 18:16:32 +01:00 · 2021-02-27 17:36:07 +01:00 · 2021-02-27 17:19:43 +01:00 · 2021-02-27 17:04:16 +01:00 · 2021-02-27 17:04:16 +01:00
115 changed files with 1720 additions and 688 deletions
--- a/.bumpversion.cfg
+++ b/.bumpversion.cfg
@ -1,5 +1,5 @@
 [bumpversion]
-current_version = 2021.2.1-stable
+current_version = 2021.2.6-stable
 tag = True
 commit = True
 parse = (?P<major>\d+)\.(?P<minor>\d+)\.(?P<patch>\d+)\-(?P<release>.*)
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@ -18,11 +18,11 @@ jobs:
      - name: Building Docker Image
        run: docker build
          --no-cache
-          -t beryju/authentik:2021.2.1-stable
+          -t beryju/authentik:2021.2.6-stable
          -t beryju/authentik:latest
          -f Dockerfile .
      - name: Push Docker Container to Registry (versioned)
-        run: docker push beryju/authentik:2021.2.1-stable
+        run: docker push beryju/authentik:2021.2.6-stable
      - name: Push Docker Container to Registry (latest)
        run: docker push beryju/authentik:latest
  build-proxy:
@ -48,11 +48,11 @@ jobs:
          cd outpost/
          docker build \
          --no-cache \
-          -t beryju/authentik-proxy:2021.2.1-stable \
+          -t beryju/authentik-proxy:2021.2.6-stable \
          -t beryju/authentik-proxy:latest \
          -f proxy.Dockerfile .
      - name: Push Docker Container to Registry (versioned)
-        run: docker push beryju/authentik-proxy:2021.2.1-stable
+        run: docker push beryju/authentik-proxy:2021.2.6-stable
      - name: Push Docker Container to Registry (latest)
        run: docker push beryju/authentik-proxy:latest
  build-static:
@ -69,11 +69,11 @@ jobs:
          cd web/
          docker build \
          --no-cache \
-          -t beryju/authentik-static:2021.2.1-stable \
+          -t beryju/authentik-static:2021.2.6-stable \
          -t beryju/authentik-static:latest \
          -f Dockerfile .
      - name: Push Docker Container to Registry (versioned)
-        run: docker push beryju/authentik-static:2021.2.1-stable
+        run: docker push beryju/authentik-static:2021.2.6-stable
      - name: Push Docker Container to Registry (latest)
        run: docker push beryju/authentik-static:latest
  test-release:
@ -107,5 +107,5 @@ jobs:
          SENTRY_PROJECT: authentik
          SENTRY_URL: https://sentry.beryju.org
        with:
-          tagName: 2021.2.1-stable
+          tagName: 2021.2.6-stable
          environment: beryjuorg-prod
--- a/Pipfile.lock
+++ b/Pipfile.lock
@ -74,18 +74,17 @@
        },
        "boto3": {
            "hashes": [
-                "sha256:92041aa7589c886020cabd80eb58b89ace2f0094571792fccae24b9a8b3b97d7",
-                "sha256:9f132c34e20110dea019293c89cede49b0a56be615b3e1debf98390ed9f1f7b9"
+                "sha256:d6aafb804fca2b67c65dda78ad8b4afed901e004071208b84c804d345ad9ebba"
            ],
            "index": "pypi",
-            "version": "==1.17.3"
+            "version": "==1.17.5"
        },
        "botocore": {
            "hashes": [
-                "sha256:1dae84c68b109f596f58cc2e9fa87704ccd40dcbc12144a89205f85efa7f9135",
-                "sha256:a0fdded1c9636899ab273f50bf123f79b91439a8c282b5face8b5f4a48b493cb"
+                "sha256:04a1df759681f5f171accb354d863bfed0774d64a4e8ee35ff49835755660a4e",
+                "sha256:3c55f0db5e08920727f4fa24a87aed60060643f4b0b5665c62ec762f79e82d6b"
            ],
-            "version": "==1.20.3"
+            "version": "==1.20.5"
        },
        "cachetools": {
            "hashes": [
@ -224,22 +223,15 @@
        },
        "cryptography": {
            "hashes": [
-                "sha256:0003a52a123602e1acee177dc90dd201f9bb1e73f24a070db7d36c588e8f5c7d",
-                "sha256:0e85aaae861d0485eb5a79d33226dd6248d2a9f133b81532c8f5aae37de10ff7",
-                "sha256:594a1db4511bc4d960571536abe21b4e5c3003e8750ab8365fafce71c5d86901",
-                "sha256:69e836c9e5ff4373ce6d3ab311c1a2eed274793083858d3cd4c7d12ce20d5f9c",
-                "sha256:788a3c9942df5e4371c199d10383f44a105d67d401fb4304178020142f020244",
-                "sha256:7e177e4bea2de937a584b13645cab32f25e3d96fc0bc4a4cf99c27dc77682be6",
-                "sha256:83d9d2dfec70364a74f4e7c70ad04d3ca2e6a08b703606993407bf46b97868c5",
-                "sha256:84ef7a0c10c24a7773163f917f1cb6b4444597efd505a8aed0a22e8c4780f27e",
-                "sha256:9e21301f7a1e7c03dbea73e8602905a4ebba641547a462b26dd03451e5769e7c",
-                "sha256:9f6b0492d111b43de5f70052e24c1f0951cb9e6022188ebcb1cc3a3d301469b0",
-                "sha256:a69bd3c68b98298f490e84519b954335154917eaab52cf582fa2c5c7efc6e812",
-                "sha256:b4890d5fb9b7a23e3bf8abf5a8a7da8e228f1e97dc96b30b95685df840b6914a",
-                "sha256:c366df0401d1ec4e548bebe8f91d55ebcc0ec3137900d214dd7aac8427ef3030",
-                "sha256:dc42f645f8f3a489c3dd416730a514e7a91a59510ddaadc09d04224c098d3302"
+                "sha256:287032b6a7d86abc98e8e977b20138c53fea40e5b24e29090d5a675a973dcd10",
+                "sha256:288c65eea20bd89b11102c47b118bc1e0749386b0a0dfebba414076c5d4c8188",
+                "sha256:7eed937ad9b53280a5f53570d3a7dc93cb4412b6a3d58d4c6bb78cc26319c729",
+                "sha256:dab437c2e84628703e3358f0f06555a6259bc5039209d51aa3b05af667ff4fd0",
+                "sha256:ee5e19f0856b6fbbdbab15c2787ca65d203801d2d65d0b8de6218f424206c848",
+                "sha256:f21be9ec6b44c223b2024bbe59d394fadc7be320d18a8d595419afadb6cd5620",
+                "sha256:f6ea140d2736b7e1f0de4f988c43f76b0b3f3d365080e091715429ba218dce28"
            ],
-            "version": "==3.3.1"
+            "version": "==3.4.4"
        },
        "dacite": {
            "hashes": [
@ -791,84 +783,74 @@
        },
        "pycryptodome": {
            "hashes": [
-                "sha256:19cb674df6c74a14b8b408aa30ba8a89bd1c01e23505100fb45f930fbf0ed0d9",
-                "sha256:1cfdb92dca388e27e732caa72a1cc624520fe93752a665c3b6cd8f1a91b34916",
-                "sha256:27397aee992af69d07502126561d851ba3845aa808f0e55c71ad0efa264dd7d4",
-                "sha256:28f75e58d02019a7edc7d4135203d2501dfc47256d175c72c9798f9a129a49a7",
-                "sha256:2a68df525b387201a43b27b879ce8c08948a430e883a756d6c9e3acdaa7d7bd8",
-                "sha256:411745c6dce4eff918906eebcde78771d44795d747e194462abb120d2e537cd9",
-                "sha256:46e96aeb8a9ca8b1edf9b1fd0af4bf6afcf3f1ca7fa35529f5d60b98f3e4e959",
-                "sha256:4ed27951b0a17afd287299e2206a339b5b6d12de9321e1a1575261ef9c4a851b",
-                "sha256:50826b49fbca348a61529693b0031cdb782c39060fb9dca5ac5dff858159dc5a",
-                "sha256:5598dc6c9dbfe882904e54584322893eff185b98960bbe2cdaaa20e8a437b6e5",
-                "sha256:5c3c4865730dfb0263f822b966d6d58429d8b1e560d1ddae37685fd9e7c63161",
-                "sha256:5f19e6ef750f677d924d9c7141f54bade3cd56695bbfd8a9ef15d0378557dfe4",
-                "sha256:60febcf5baf70c566d9d9351c47fbd8321da9a4edf2eff45c4c31c86164ca794",
-                "sha256:62c488a21c253dadc9f731a32f0ac61e4e436d81a1ea6f7d1d9146ed4d20d6bd",
-                "sha256:6d3baaf82681cfb1a842f1c8f77beac791ceedd99af911e4f5fabec32bae2259",
-                "sha256:6e4227849e4231a3f5b35ea5bdedf9a82b3883500e5624f00a19156e9a9ef861",
-                "sha256:6e89bb3826e6f84501e8e3b205c22595d0c5492c2f271cbb9ee1c48eb1866645",
-                "sha256:70d807d11d508433daf96244ec1c64e55039e8a35931fc5ea9eee94dbe3cb6b5",
-                "sha256:76b1a34d74bb2c91bce460cdc74d1347592045627a955e9a252554481c17c52f",
-                "sha256:7798e73225a699651888489fbb1dbc565e03a509942a8ce6194bbe6fb582a41f",
-                "sha256:834b790bbb6bd18956f625af4004d9c15eed12d5186d8e57851454ae76d52215",
-                "sha256:843e5f10ecdf9d307032b8b91afe9da1d6ed5bb89d0bbec5c8dcb4ba44008e11",
-                "sha256:8f9f84059039b672a5a705b3c5aa21747867bacc30a72e28bf0d147cc8ef85ed",
-                "sha256:9000877383e2189dafd1b2fc68c6c726eca9a3cfb6d68148fbb72ccf651959b6",
-                "sha256:910e202a557e1131b1c1b3f17a63914d57aac55cf9fb9b51644962841c3995c4",
-                "sha256:946399d15eccebafc8ce0257fc4caffe383c75e6b0633509bd011e357368306c",
-                "sha256:a199e9ca46fc6e999e5f47fce342af4b56c7de85fae893c69ab6aa17531fb1e1",
-                "sha256:a3d8a9efa213be8232c59cdc6b65600276508e375e0a119d710826248fd18d37",
-                "sha256:a4599c0ca0fc027c780c1c45ed996d5bef03e571470b7b1c7171ec1e1a90914c",
-                "sha256:b4e6b269a8ddaede774e5c3adbef6bf452ee144e6db8a716d23694953348cd86",
-                "sha256:b68794fba45bdb367eeb71249c26d23e61167510a1d0c3d6cf0f2f14636e62ee",
-                "sha256:d7ec2bd8f57c559dd24e71891c51c25266a8deb66fc5f02cc97c7fb593d1780a",
-                "sha256:e15bde67ccb7d4417f627dd16ffe2f5a4c2941ce5278444e884cb26d73ecbc61",
-                "sha256:eb01f9997e4d6a8ec8a1ad1f676ba5a362781ff64e8189fe2985258ba9cb9706",
-                "sha256:faa682c404c218e8788c3126c9a4b8fbcc54dc245b5b6e8ea5b46f3b63bd0c84"
+                "sha256:09c1555a3fa450e7eaca41ea11cd00afe7c91fef52353488e65663777d8524e0",
+                "sha256:12222a5edc9ca4a29de15fbd5339099c4c26c56e13c2ceddf0b920794f26165d",
+                "sha256:1723ebee5561628ce96748501cdaa7afaa67329d753933296321f0be55358dce",
+                "sha256:1c5e1ca507de2ad93474be5cfe2bfa76b7cf039a1a32fc196f40935944871a06",
+                "sha256:2603c98ae04aac675fefcf71a6c87dc4bb74a75e9071ae3923bbc91a59f08d35",
+                "sha256:2dea65df54349cdfa43d6b2e8edb83f5f8d6861e5cf7b1fbc3e34c5694c85e27",
+                "sha256:31c1df17b3dc5f39600a4057d7db53ac372f492c955b9b75dd439f5d8b460129",
+                "sha256:38661348ecb71476037f1e1f553159b80d256c00f6c0b00502acac891f7116d9",
+                "sha256:3e2e3a06580c5f190df843cdb90ea28d61099cf4924334d5297a995de68e4673",
+                "sha256:3f840c49d38986f6e17dbc0673d37947c88bc9d2d9dba1c01b979b36f8447db1",
+                "sha256:501ab36aae360e31d0ec370cf5ce8ace6cb4112060d099b993bc02b36ac83fb6",
+                "sha256:60386d1d4cfaad299803b45a5bc2089696eaf6cdd56f9fc17479a6f89595cfc8",
+                "sha256:6260e24d41149268122dd39d4ebd5941e9d107f49463f7e071fd397e29923b0c",
+                "sha256:6bbf7fee7b7948b29d7e71fcacf48bac0c57fb41332007061a933f2d996f9713",
+                "sha256:6d2df5223b12437e644ce0a3be7809471ffa71de44ccd28b02180401982594a6",
+                "sha256:758949ca62690b1540dfb24ad773c6da9cd0e425189e83e39c038bbd52b8e438",
+                "sha256:77997519d8eb8a4adcd9a47b9cec18f9b323e296986528186c0e9a7a15d6a07e",
+                "sha256:7fd519b89585abf57bf47d90166903ec7b43af4fe23c92273ea09e6336af5c07",
+                "sha256:98213ac2b18dc1969a47bc65a79a8fca02a414249d0c8635abb081c7f38c91b6",
+                "sha256:99b2f3fc51d308286071d0953f92055504a6ffe829a832a9fc7a04318a7683dd",
+                "sha256:9b6f711b25e01931f1c61ce0115245a23cdc8b80bf8539ac0363bdcf27d649b6",
+                "sha256:a3105a0eb63eacf98c2ecb0eb4aa03f77f40fbac2bdde22020bb8a536b226bb8",
+                "sha256:a8eb8b6ea09ec1c2535bf39914377bc8abcab2c7d30fa9225eb4fe412024e427",
+                "sha256:a92d5c414e8ee1249e850789052608f582416e82422502dc0ac8c577808a9067",
+                "sha256:d3d6958d53ad307df5e8469cc44474a75393a434addf20ecd451f38a72fe29b8",
+                "sha256:e0a4d5933a88a2c98bbe19c0c722f5483dc628d7a38338ac2cb64a7dbd34064b",
+                "sha256:e3bf558c6aeb49afa9f0c06cee7fb5947ee5a1ff3bd794b653d39926b49077fa",
+                "sha256:e61e363d9a5d7916f3a4ce984a929514c0df3daf3b1b2eb5e6edbb131ee771cf",
+                "sha256:f977cdf725b20f6b8229b0c87acb98c7717e742ef9f46b113985303ae12a99da",
+                "sha256:fc7489a50323a0df02378bc2fff86eb69d94cc5639914346c736be981c6a02e7"
            ],
            "index": "pypi",
-            "version": "==3.9.9"
+            "version": "==3.10.1"
        },
        "pycryptodomex": {
            "hashes": [
-                "sha256:15c03ffdac17731b126880622823d30d0a3cc7203cd219e6b9814140a44e7fab",
-                "sha256:20fb7f4efc494016eab1bc2f555bc0a12dd5ca61f35c95df8061818ffb2c20a3",
-                "sha256:28ee3bcb4d609aea3040cad995a8e2c9c6dc57c12183dadd69e53880c35333b9",
-                "sha256:305e3c46f20d019cd57543c255e7ba49e432e275d7c0de8913b6dbe57a851bc8",
-                "sha256:3547b87b16aad6afb28c9b3a9cd870e11b5e7b5ac649b74265258d96d8de1130",
-                "sha256:3642252d7bfc4403a42050e18ba748bedebd5a998a8cba89665a4f42aea4c380",
-                "sha256:404faa3e518f8bea516aae2aac47d4d960397199a15b4bd6f66cad97825469a0",
-                "sha256:42669638e4f7937b7141044a2fbd1019caca62bd2cdd8b535f731426ab07bde1",
-                "sha256:4632d55a140b28e20be3cd7a3057af52fb747298ff0fd3290d4e9f245b5004ba",
-                "sha256:4a88c9383d273bdce3afc216020282c9c5c39ec0bd9462b1a206af6afa377cf0",
-                "sha256:4ce1fc1e6d2fd2d6dc197607153327989a128c093e0e94dca63408f506622c3e",
-                "sha256:55cf4e99b3ba0122dee570dc7661b97bf35c16aab3e2ccb5070709d282a1c7ab",
-                "sha256:5e486cab2dfcfaec934dd4f5d5837f4a9428b690f4d92a3b020fd31d1497ca64",
-                "sha256:65ec88c8271448d2ea109d35c1f297b09b872c57214ab7e832e413090d3469a9",
-                "sha256:6c95a3361ce70068cf69526a58751f73ddac5ba27a3c2379b057efa2f5338c8c",
-                "sha256:73240335f4a1baf12880ebac6df66ab4d3a9212db9f3efe809c36a27280d16f8",
-                "sha256:7651211e15109ac0058a49159265d9f6e6423c8a81c65434d3c56d708417a05b",
-                "sha256:7b5b7c5896f8172ea0beb283f7f9428e0ab88ec248ce0a5b8c98d73e26267d51",
-                "sha256:836fe39282e75311ce4c38468be148f7fac0df3d461c5de58c5ff1ddb8966bac",
-                "sha256:871852044f55295449fbf225538c2c4118525093c32f0a6c43c91bed0452d7e3",
-                "sha256:892e93f3e7e10c751d6c17fa0dc422f7984cfd5eb6690011f9264dc73e2775fc",
-                "sha256:934e460c5058346c6f1d62fdf3db5680fbdfbfd212722d24d8277bf47cd9ebdc",
-                "sha256:9736f3f3e1761024200637a080a4f922f5298ad5d780e10dbb5634fe8c65b34c",
-                "sha256:a1d38a96da57e6103423a446079ead600b450cf0f8ebf56a231895abf77e7ffc",
-                "sha256:a385fceaa0cdb97f0098f1c1e9ec0b46cc09186ddf60ec23538e871b1dddb6dc",
-                "sha256:a7cf1c14e47027d9fb9d26aa62e5d603994227bd635e58a8df4b1d2d1b6a8ed7",
-                "sha256:a9aac1a30b00b5038d3d8e48248f3b58ea15c827b67325c0d18a447552e30fc8",
-                "sha256:b696876ee583d15310be57311e90e153a84b7913ac93e6b99675c0c9867926d0",
-                "sha256:bef9e9d39393dc7baec39ba4bac6c73826a4db02114cdeade2552a9d6afa16e2",
-                "sha256:c885fe4d5f26ce8ca20c97d02e88f5fdd92c01e1cc771ad0951b21e1641faf6d",
-                "sha256:d2d1388595cb5d27d9220d5cbaff4f37c6ec696a25882eb06d224d241e6e93fb",
-                "sha256:d2e853e0f9535e693fade97768cf7293f3febabecc5feb1e9b2ffdfe1044ab96",
-                "sha256:d62fbab185a6b01c5469eda9f0795f3d1a5bba24f5a5813f362e4b73a3c4dc70",
-                "sha256:f20a62397e09704049ce9007bea4f6bad965ba9336a760c6f4ef1b4192e12d6d",
-                "sha256:f81f7311250d9480e36dec819127897ae772e7e8de07abfabe931b8566770b8e"
+                "sha256:00a584ee52bf5e27d540129ca9bf7c4a7e7447f24ff4a220faa1304ad0c09bcd",
+                "sha256:04265a7a84ae002001249bd1de2823bcf46832bd4b58f6965567cb8a07cf4f00",
+                "sha256:0bd35af6a18b724c689e56f2dbbdd8e409288be71952d271ba3d9614b31d188c",
+                "sha256:20c45a30f3389148f94edb77f3b216c677a277942f62a2b81a1cc0b6b2dde7fc",
+                "sha256:2959304d1ce31ab303d9fb5db2b294814278b35154d9b30bf7facc52d6088d0a",
+                "sha256:36dab7f506948056ceba2d57c1ade74e898401960de697cefc02f3519bd26c1b",
+                "sha256:37ec1b407ec032c7a0c1fdd2da12813f560bad38ae61ad9c7ce3c0573b3e5e30",
+                "sha256:3b8eb85b3cc7f083d87978c264d10ff9de3b4bfc46f1c6fdc2792e7d7ebc87bb",
+                "sha256:3dfce70c4e425607ae87b8eae67c9c7dbba59a33b62d70f79417aef0bc5c735b",
+                "sha256:418f51c61eab52d9920f4ef468d22c89dab1be5ac796f71cf3802f6a6e667df0",
+                "sha256:4195604f75cdc1db9bccdb9e44d783add3c817319c30aaff011670c9ed167690",
+                "sha256:4344ab16faf6c2d9df2b6772995623698fb2d5f114dace4ab2ff335550cf71d5",
+                "sha256:541cd3e3e252fb19a7b48f420b798b53483302b7fe4d9954c947605d0a263d62",
+                "sha256:564063e3782474c92cbb333effd06e6eb718471783c6e67f28c63f0fc3ac7b23",
+                "sha256:72f44b5be46faef2a1bf2a85902511b31f4dd7b01ce0c3978e92edb2cc812a82",
+                "sha256:8a98e02cbf8f624add45deff444539bf26345b479fc04fa0937b23cd84078d91",
+                "sha256:940db96449d7b2ebb2c7bf190be1514f3d67914bd37e54e8d30a182bd375a1a9",
+                "sha256:961333e7ee896651f02d4692242aa36b787b8e8e0baa2256717b2b9d55ae0a3c",
+                "sha256:9f713ffb4e27b5575bd917c70bbc3f7b348241a351015dbbc514c01b7061ff7e",
+                "sha256:a6584ae58001d17bb4dc0faa8a426919c2c028ef4d90ceb4191802ca6edb8204",
+                "sha256:c2b680987f418858e89dbb4f09c8c919ece62811780a27051ace72b2f69fb1be",
+                "sha256:d8fae5ba3d34c868ae43614e0bd6fb61114b2687ac3255798791ce075d95aece",
+                "sha256:dbd2c361db939a4252589baa94da4404d45e3fc70da1a31e541644cdf354336e",
+                "sha256:e090a8609e2095aa86978559b140cf8968af99ee54b8791b29ff804838f29f10",
+                "sha256:e4a1245e7b846e88ba63e7543483bda61b9acbaee61eadbead5a1ce479d94740",
+                "sha256:ec9901d19cadb80d9235ee41cc58983f18660314a0eb3fc7b11b0522ac3b6c4a",
+                "sha256:f2abeb4c4ce7584912f4d637b2c57f23720d35dd2892bfeb1b2c84b6fb7a8c88",
+                "sha256:f3bb267df679f70a9f40f17d62d22fe12e8b75e490f41807e7560de4d3e6bf9f",
+                "sha256:f933ecf4cb736c7af60a6a533db2bf569717f2318b265f92907acff1db43bc34",
+                "sha256:fc9c55dc1ed57db76595f2d19a479fc1c3a1be2c9da8de798a93d286c5f65f38"
            ],
-            "version": "==3.9.9"
+            "version": "==3.10.1"
        },
        "pyhamcrest": {
            "hashes": [
@ -1446,10 +1428,10 @@
        },
        "gitpython": {
            "hashes": [
-                "sha256:42dbefd8d9e2576c496ed0059f3103dcef7125b9ce16f9d5f9c834aed44a1dac",
-                "sha256:867ec3dfb126aac0f8296b19fb63b8c4a399f32b4b6fafe84c4b10af5fa9f7b5"
+                "sha256:8621a7e777e276a5ec838b59280ba5272dd144a18169c36c903d8b38b99f750a",
+                "sha256:c5347c81d232d9b8e7f47b68a83e5dc92e7952127133c5f2df9133f2c75a1b29"
            ],
-            "version": "==3.1.12"
+            "version": "==3.1.13"
        },
        "iniconfig": {
            "hashes": [
--- a/authentik/init.py
+++ b/authentik/init.py
@ -1,2 +1,2 @@
 """authentik"""
-__version__ = "2021.2.1-stable"
+__version__ = "2021.2.6-stable"
--- a/authentik/admin/templates/administration/policy/list.html
+++ b/authentik/admin/templates/administration/policy/list.html
@ -41,6 +41,9 @@
                            {% endfor %}
                        </ul>
                    </ak-dropdown>
+                    <button role="ak-refresh" class="pf-c-button pf-m-primary">
+                        {% trans 'Refresh' %}
+                    </button>
                </div>
                {% include 'partials/pagination.html' %}
            </div>
--- a/authentik/admin/urls.py
+++ b/authentik/admin/urls.py
@ -61,7 +61,6 @@ urlpatterns = [
        name="token-delete",
    ),
    # Sources
-    path("sources/", sources.SourceListView.as_view(), name="sources"),
    path("sources/create/", sources.SourceCreateView.as_view(), name="source-create"),
    path(
        "sources/<uuid:pk>/update/",
--- a/authentik/admin/views/applications.py
+++ b/authentik/admin/views/applications.py
@ -4,7 +4,6 @@ from django.contrib.auth.mixins import (
    PermissionRequiredMixin as DjangoPermissionRequiredMixin,
 )
 from django.contrib.messages.views import SuccessMessageMixin
-from django.urls import reverse_lazy
 from django.utils.translation import gettext as _
 from django.views.generic import UpdateView
 from guardian.mixins import PermissionRequiredMixin
@ -28,8 +27,8 @@ class ApplicationCreateView(
    form_class = ApplicationForm
    permission_required = "authentik_core.add_application"

+    success_url = "/"
    template_name = "generic/create.html"
-    success_url = reverse_lazy("authentik_core:shell")
    success_message = _("Successfully created Application")


@ -46,8 +45,8 @@ class ApplicationUpdateView(
    form_class = ApplicationForm
    permission_required = "authentik_core.change_application"

+    success_url = "/"
    template_name = "generic/update.html"
-    success_url = reverse_lazy("authentik_core:shell")
    success_message = _("Successfully updated Application")


@ -59,6 +58,6 @@ class ApplicationDeleteView(
    model = Application
    permission_required = "authentik_core.delete_application"

+    success_url = "/"
    template_name = "generic/delete.html"
-    success_url = reverse_lazy("authentik_core:shell")
    success_message = _("Successfully deleted Application")
--- a/authentik/admin/views/events_notifications_rules.py
+++ b/authentik/admin/views/events_notifications_rules.py
@ -4,7 +4,6 @@ from django.contrib.auth.mixins import (
    PermissionRequiredMixin as DjangoPermissionRequiredMixin,
 )
 from django.contrib.messages.views import SuccessMessageMixin
-from django.urls import reverse_lazy
 from django.utils.translation import gettext as _
 from django.views.generic import UpdateView
 from guardian.mixins import PermissionRequiredMixin
@ -28,8 +27,8 @@ class NotificationRuleCreateView(
    form_class = NotificationRuleForm
    permission_required = "authentik_events.add_NotificationRule"

+    success_url = "/"
    template_name = "generic/create.html"
-    success_url = reverse_lazy("authentik_core:shell")
    success_message = _("Successfully created Notification Rule")


@ -46,8 +45,8 @@ class NotificationRuleUpdateView(
    form_class = NotificationRuleForm
    permission_required = "authentik_events.change_NotificationRule"

+    success_url = "/"
    template_name = "generic/update.html"
-    success_url = reverse_lazy("authentik_core:shell")
    success_message = _("Successfully updated Notification Rule")


@ -59,6 +58,6 @@ class NotificationRuleDeleteView(
    model = NotificationRule
    permission_required = "authentik_events.delete_NotificationRule"

+    success_url = "/"
    template_name = "generic/delete.html"
-    success_url = reverse_lazy("authentik_core:shell")
    success_message = _("Successfully deleted Notification Rule")
--- a/authentik/admin/views/events_notifications_transports.py
+++ b/authentik/admin/views/events_notifications_transports.py
@ -4,7 +4,6 @@ from django.contrib.auth.mixins import (
    PermissionRequiredMixin as DjangoPermissionRequiredMixin,
 )
 from django.contrib.messages.views import SuccessMessageMixin
-from django.urls import reverse_lazy
 from django.utils.translation import gettext as _
 from django.views.generic import UpdateView
 from guardian.mixins import PermissionRequiredMixin
@ -27,9 +26,8 @@ class NotificationTransportCreateView(
    model = NotificationTransport
    form_class = NotificationTransportForm
    permission_required = "authentik_events.add_notificationtransport"
-
+    success_url = "/"
    template_name = "generic/create.html"
-    success_url = reverse_lazy("authentik_core:shell")
    success_message = _("Successfully created Notification Transport")


@ -45,9 +43,8 @@ class NotificationTransportUpdateView(
    model = NotificationTransport
    form_class = NotificationTransportForm
    permission_required = "authentik_events.change_notificationtransport"
-
+    success_url = "/"
    template_name = "generic/update.html"
-    success_url = reverse_lazy("authentik_core:shell")
    success_message = _("Successfully updated Notification Transport")


@ -58,7 +55,6 @@ class NotificationTransportDeleteView(

    model = NotificationTransport
    permission_required = "authentik_events.delete_notificationtransport"
-
+    success_url = "/"
    template_name = "generic/delete.html"
-    success_url = reverse_lazy("authentik_core:shell")
    success_message = _("Successfully deleted Notification Transport")
--- a/authentik/admin/views/outposts.py
+++ b/authentik/admin/views/outposts.py
@ -7,7 +7,6 @@ from django.contrib.auth.mixins import (
    PermissionRequiredMixin as DjangoPermissionRequiredMixin,
 )
 from django.contrib.messages.views import SuccessMessageMixin
-from django.urls import reverse_lazy
 from django.utils.translation import gettext as _
 from django.views.generic import UpdateView
 from guardian.mixins import PermissionRequiredMixin
@ -30,9 +29,8 @@ class OutpostCreateView(
    model = Outpost
    form_class = OutpostForm
    permission_required = "authentik_outposts.add_outpost"
-
+    success_url = "/"
    template_name = "generic/create.html"
-    success_url = reverse_lazy("authentik_core:shell")
    success_message = _("Successfully created Outpost")

    def get_initial(self) -> Dict[str, Any]:
@ -55,9 +53,8 @@ class OutpostUpdateView(
    model = Outpost
    form_class = OutpostForm
    permission_required = "authentik_outposts.change_outpost"
-
+    success_url = "/"
    template_name = "generic/update.html"
-    success_url = reverse_lazy("authentik_core:shell")
    success_message = _("Successfully updated Outpost")


@ -66,7 +63,6 @@ class OutpostDeleteView(LoginRequiredMixin, PermissionRequiredMixin, DeleteMessa

    model = Outpost
    permission_required = "authentik_outposts.delete_outpost"
-
+    success_url = "/"
    template_name = "generic/delete.html"
-    success_url = reverse_lazy("authentik_core:shell")
    success_message = _("Successfully deleted Outpost")
--- a/authentik/admin/views/overview.py
+++ b/authentik/admin/views/overview.py
@ -3,7 +3,6 @@ from django.contrib.messages.views import SuccessMessageMixin
 from django.core.cache import cache
 from django.http.request import HttpRequest
 from django.http.response import HttpResponse
-from django.urls.base import reverse_lazy
 from django.utils.translation import gettext as _
 from django.views.generic import FormView
 from structlog.stdlib import get_logger
@ -19,9 +18,8 @@ class PolicyCacheClearView(AdminRequiredMixin, SuccessMessageMixin, FormView):
    """View to clear Policy cache"""

    form_class = PolicyCacheClearForm
-
+    success_url = "/"
    template_name = "generic/form_non_model.html"
-    success_url = reverse_lazy("authentik_core:shell")
    success_message = _("Successfully cleared Policy cache")

    def post(self, request: HttpRequest, *args, **kwargs) -> HttpResponse:
@ -38,9 +36,8 @@ class FlowCacheClearView(AdminRequiredMixin, SuccessMessageMixin, FormView):
    """View to clear Flow cache"""

    form_class = FlowCacheClearForm
-
+    success_url = "/"
    template_name = "generic/form_non_model.html"
-    success_url = reverse_lazy("authentik_core:shell")
    success_message = _("Successfully cleared Flow cache")

    def post(self, request: HttpRequest, *args, **kwargs) -> HttpResponse:
--- a/authentik/admin/views/property_mappings.py
+++ b/authentik/admin/views/property_mappings.py
@ -8,7 +8,6 @@ from django.contrib.auth.mixins import (
 )
 from django.contrib.messages.views import SuccessMessageMixin
 from django.http import HttpResponse
-from django.urls import reverse_lazy
 from django.utils.translation import gettext as _
 from django.views.generic import FormView
 from django.views.generic.detail import DetailView
@ -35,9 +34,8 @@ class PropertyMappingCreateView(

    model = PropertyMapping
    permission_required = "authentik_core.add_propertymapping"
-
+    success_url = "/"
    template_name = "generic/create.html"
-    success_url = reverse_lazy("authentik_core:shell")
    success_message = _("Successfully created Property Mapping")


@ -52,9 +50,8 @@ class PropertyMappingUpdateView(

    model = PropertyMapping
    permission_required = "authentik_core.change_propertymapping"
-
+    success_url = "/"
    template_name = "generic/update.html"
-    success_url = reverse_lazy("authentik_core:shell")
    success_message = _("Successfully updated Property Mapping")


@ -65,9 +62,8 @@ class PropertyMappingDeleteView(

    model = PropertyMapping
    permission_required = "authentik_core.delete_propertymapping"
-
+    success_url = "/"
    template_name = "generic/delete.html"
-    success_url = reverse_lazy("authentik_core:shell")
    success_message = _("Successfully deleted Property Mapping")


--- a/authentik/admin/views/providers.py
+++ b/authentik/admin/views/providers.py
@ -4,7 +4,6 @@ from django.contrib.auth.mixins import (
    PermissionRequiredMixin as DjangoPermissionRequiredMixin,
 )
 from django.contrib.messages.views import SuccessMessageMixin
-from django.urls import reverse_lazy
 from django.utils.translation import gettext as _
 from guardian.mixins import PermissionRequiredMixin

@ -28,9 +27,8 @@ class ProviderCreateView(

    model = Provider
    permission_required = "authentik_core.add_provider"
-
+    success_url = "/"
    template_name = "generic/create.html"
-    success_url = reverse_lazy("authentik_admin:providers")
    success_message = _("Successfully created Provider")


@ -45,9 +43,8 @@ class ProviderUpdateView(

    model = Provider
    permission_required = "authentik_core.change_provider"
-
+    success_url = "/"
    template_name = "generic/update.html"
-    success_url = reverse_lazy("authentik_admin:providers")
    success_message = _("Successfully updated Provider")


@ -58,7 +55,6 @@ class ProviderDeleteView(

    model = Provider
    permission_required = "authentik_core.delete_provider"
-
+    success_url = "/"
    template_name = "generic/delete.html"
-    success_url = reverse_lazy("authentik_admin:providers")
    success_message = _("Successfully deleted Provider")
--- a/authentik/admin/views/sources.py
+++ b/authentik/admin/views/sources.py
@ -4,38 +4,18 @@ from django.contrib.auth.mixins import (
    PermissionRequiredMixin as DjangoPermissionRequiredMixin,
 )
 from django.contrib.messages.views import SuccessMessageMixin
-from django.urls import reverse_lazy
 from django.utils.translation import gettext as _
-from guardian.mixins import PermissionListMixin, PermissionRequiredMixin
+from guardian.mixins import PermissionRequiredMixin

 from authentik.admin.views.utils import (
    BackSuccessUrlMixin,
    DeleteMessageView,
    InheritanceCreateView,
-    InheritanceListView,
    InheritanceUpdateView,
-    SearchListMixin,
-    UserPaginateListMixin,
 )
 from authentik.core.models import Source


-class SourceListView(
-    LoginRequiredMixin,
-    PermissionListMixin,
-    UserPaginateListMixin,
-    SearchListMixin,
-    InheritanceListView,
-):
-    """Show list of all sources"""
-
-    model = Source
-    permission_required = "authentik_core.view_source"
-    ordering = "name"
-    template_name = "administration/source/list.html"
-    search_fields = ["name", "slug"]
-
-
 class SourceCreateView(
    SuccessMessageMixin,
    BackSuccessUrlMixin,
@ -48,8 +28,8 @@ class SourceCreateView(
    model = Source
    permission_required = "authentik_core.add_source"

+    success_url = "/"
    template_name = "generic/create.html"
-    success_url = reverse_lazy("authentik_admin:sources")
    success_message = _("Successfully created Source")


@ -65,8 +45,8 @@ class SourceUpdateView(
    model = Source
    permission_required = "authentik_core.change_source"

+    success_url = "/"
    template_name = "generic/update.html"
-    success_url = reverse_lazy("authentik_admin:sources")
    success_message = _("Successfully updated Source")


@ -76,6 +56,6 @@ class SourceDeleteView(LoginRequiredMixin, PermissionRequiredMixin, DeleteMessag
    model = Source
    permission_required = "authentik_core.delete_source"

+    success_url = "/"
    template_name = "generic/delete.html"
-    success_url = reverse_lazy("authentik_admin:sources")
    success_message = _("Successfully deleted Source")
--- a/authentik/core/api/providers.py
+++ b/authentik/core/api/providers.py
@ -1,10 +1,18 @@
 """Provider API Views"""
+from django.shortcuts import reverse
+from django.utils.translation import gettext_lazy as _
+from drf_yasg2.utils import swagger_auto_schema
+from rest_framework.decorators import action
 from rest_framework.fields import ReadOnlyField
+from rest_framework.request import Request
+from rest_framework.response import Response
 from rest_framework.serializers import ModelSerializer, SerializerMethodField
 from rest_framework.viewsets import ModelViewSet

-from authentik.core.api.utils import MetaNameSerializer
+from authentik.core.api.utils import MetaNameSerializer, TypeCreateSerializer
 from authentik.core.models import Provider
+from authentik.lib.templatetags.authentik_utils import verbose_name
+from authentik.lib.utils.reflection import all_subclasses


 class ProviderSerializer(ModelSerializer, MetaNameSerializer):
@ -51,3 +59,26 @@ class ProviderViewSet(ModelViewSet):

    def get_queryset(self):
        return Provider.objects.select_subclasses()
+
+    @swagger_auto_schema(responses={200: TypeCreateSerializer(many=True)})
+    @action(detail=False)
+    def types(self, request: Request) -> Response:
+        """Get all creatable provider types"""
+        data = []
+        for subclass in all_subclasses(self.queryset.model):
+            data.append(
+                {
+                    "name": verbose_name(subclass),
+                    "description": subclass.__doc__,
+                    "link": reverse("authentik_admin:provider-create")
+                    + f"?type={subclass.__name__}",
+                }
+            )
+        data.append(
+            {
+                "name": _("SAML Provider from Metadata"),
+                "description": _("Create a SAML Provider by importing its Metadata."),
+                "link": reverse("authentik_admin:provider-saml-from-metadata"),
+            }
+        )
+        return Response(TypeCreateSerializer(data, many=True).data)
--- a/authentik/core/api/sources.py
+++ b/authentik/core/api/sources.py
@ -1,9 +1,16 @@
 """Source API Views"""
+from django.shortcuts import reverse
+from drf_yasg2.utils import swagger_auto_schema
+from rest_framework.decorators import action
+from rest_framework.request import Request
+from rest_framework.response import Response
 from rest_framework.serializers import ModelSerializer, SerializerMethodField
 from rest_framework.viewsets import ReadOnlyModelViewSet

-from authentik.core.api.utils import MetaNameSerializer
+from authentik.core.api.utils import MetaNameSerializer, TypeCreateSerializer
 from authentik.core.models import Source
+from authentik.lib.templatetags.authentik_utils import verbose_name
+from authentik.lib.utils.reflection import all_subclasses


 class SourceSerializer(ModelSerializer, MetaNameSerializer):
@ -13,7 +20,7 @@ class SourceSerializer(ModelSerializer, MetaNameSerializer):

    def get_object_type(self, obj):
        """Get object type so that we know which API Endpoint to use to get the full object"""
-        return obj._meta.object_name.lower().replace("provider", "")
+        return obj._meta.object_name.lower().replace("source", "")

    class Meta:

@ -40,3 +47,19 @@ class SourceViewSet(ReadOnlyModelViewSet):

    def get_queryset(self):
        return Source.objects.select_subclasses()
+
+    @swagger_auto_schema(responses={200: TypeCreateSerializer(many=True)})
+    @action(detail=False)
+    def types(self, request: Request) -> Response:
+        """Get all creatable source types"""
+        data = []
+        for subclass in all_subclasses(self.queryset.model):
+            data.append(
+                {
+                    "name": verbose_name(subclass),
+                    "description": subclass.__doc__,
+                    "link": reverse("authentik_admin:source-create")
+                    + f"?type={subclass.__name__}",
+                }
+            )
+        return Response(TypeCreateSerializer(data, many=True).data)
--- a/authentik/core/api/tokens.py
+++ b/authentik/core/api/tokens.py
@ -1,9 +1,12 @@
 """Tokens API Viewset"""
+from django.db.models.base import Model
 from django.http.response import Http404
+from drf_yasg2.utils import swagger_auto_schema
 from rest_framework.decorators import action
+from rest_framework.fields import CharField
 from rest_framework.request import Request
 from rest_framework.response import Response
-from rest_framework.serializers import ModelSerializer
+from rest_framework.serializers import ModelSerializer, Serializer
 from rest_framework.viewsets import ModelViewSet

 from authentik.core.models import Token
@ -19,6 +22,18 @@ class TokenSerializer(ModelSerializer):
        fields = ["pk", "identifier", "intent", "user", "description"]


+class TokenViewSerializer(Serializer):
+    """Show token's current key"""
+
+    key = CharField(read_only=True)
+
+    def create(self, validated_data: dict) -> Model:
+        raise NotImplementedError
+
+    def update(self, instance: Model, validated_data: dict) -> Model:
+        raise NotImplementedError
+
+
 class TokenViewSet(ModelViewSet):
    """Token Viewset"""

@ -26,12 +41,15 @@ class TokenViewSet(ModelViewSet):
    queryset = Token.filter_not_expired()
    serializer_class = TokenSerializer

+    @swagger_auto_schema(responses={200: TokenViewSerializer(many=False)})
    @action(detail=True)
+    # pylint: disable=unused-argument
    def view_key(self, request: Request, identifier: str) -> Response:
        """Return token key and log access"""
-        tokens = Token.filter_not_expired(identifier=identifier)
-        if not tokens.exists():
+        token: Token = self.get_object()
+        if token.is_expired:
            raise Http404
-        token = tokens.first()
-        Event.new(EventAction.TOKEN_VIEW, token=token).from_http(request)
-        return Response({"key": token.key})
+        Event.new(EventAction.SECRET_VIEW, secret=token).from_http(  # noqa # nosec
+            request
+        )
+        return Response(TokenViewSerializer({"key": token.key}).data)
--- a/authentik/core/api/utils.py
+++ b/authentik/core/api/utils.py
@ -1,5 +1,6 @@
 """API Utilities"""
 from django.db.models import Model
+from rest_framework.fields import CharField
 from rest_framework.serializers import Serializer, SerializerMethodField


@ -22,3 +23,17 @@ class MetaNameSerializer(Serializer):
    def get_verbose_name_plural(self, obj: Model) -> str:
        """Return object's plural verbose_name"""
        return obj._meta.verbose_name_plural
+
+
+class TypeCreateSerializer(Serializer):
+    """Types of an object that can be created"""
+
+    name = CharField(read_only=True)
+    description = CharField(read_only=True)
+    link = CharField(read_only=True)
+
+    def create(self, validated_data: dict) -> Model:
+        raise NotImplementedError
+
+    def update(self, instance: Model, validated_data: dict) -> Model:
+        raise NotImplementedError
--- a/authentik/core/middleware.py
+++ b/authentik/core/middleware.py
@ -9,6 +9,7 @@ from django.http import HttpRequest, HttpResponse
 SESSION_IMPERSONATE_USER = "authentik_impersonate_user"
 SESSION_IMPERSONATE_ORIGINAL_USER = "authentik_impersonate_original_user"
 LOCAL = local()
+RESPONSE_HEADER_ID = "X-authentik-id"


 class ImpersonateMiddleware:
@ -43,7 +44,7 @@ class RequestIDMiddleware:
            setattr(request, "request_id", request_id)
            LOCAL.authentik = {"request_id": request_id}
        response = self.get_response(request)
-        response["X-authentik-id"] = request.request_id
+        response[RESPONSE_HEADER_ID] = request.request_id
        del LOCAL.authentik["request_id"]
        return response

--- a/authentik/core/templates/user/settings.html
+++ b/authentik/core/templates/user/settings.html
@ -41,8 +41,8 @@
            </section>
            {% endfor %}
            {% user_sources as user_sources_loc %}
-            {% for source, source_link in user_sources_loc.item %}
-            <section slot="page-{{ source.pk }}" data-tab-title="{{ source|verbose_name }}" class="pf-c-page__main-section pf-m-no-padding-mobile">
+            {% for source, source_link in user_sources_loc.items %}
+            <section slot="page-{{ source.pk }}" data-tab-title="{{ source.name }}" class="pf-c-page__main-section pf-m-no-padding-mobile">
                <div class="pf-u-display-flex pf-u-justify-content-center">
                    <div class="pf-u-w-75">
                        <ak-site-shell url="{{ source_link }}">
--- a/authentik/crypto/api.py
+++ b/authentik/crypto/api.py
@ -2,15 +2,29 @@
 from cryptography.hazmat.backends import default_backend
 from cryptography.hazmat.primitives.serialization import load_pem_private_key
 from cryptography.x509 import load_pem_x509_certificate
-from rest_framework.serializers import ModelSerializer, ValidationError
+from django.db.models import Model
+from drf_yasg2.utils import swagger_auto_schema
+from rest_framework.decorators import action
+from rest_framework.fields import CharField, DateTimeField, SerializerMethodField
+from rest_framework.request import Request
+from rest_framework.response import Response
+from rest_framework.serializers import ModelSerializer, Serializer, ValidationError
 from rest_framework.viewsets import ModelViewSet

 from authentik.crypto.models import CertificateKeyPair
+from authentik.events.models import Event, EventAction


 class CertificateKeyPairSerializer(ModelSerializer):
    """CertificateKeyPair Serializer"""

+    cert_expiry = DateTimeField(source="certificate.not_valid_after", read_only=True)
+    cert_subject = SerializerMethodField()
+
+    def get_cert_subject(self, instance: CertificateKeyPair) -> str:
+        """Get certificate subject as full rfc4514"""
+        return instance.certificate.subject.rfc4514_string()
+
    def validate_certificate_data(self, value):
        """Verify that input is a valid PEM x509 Certificate"""
        try:
@ -36,7 +50,31 @@ class CertificateKeyPairSerializer(ModelSerializer):
    class Meta:

        model = CertificateKeyPair
-        fields = ["pk", "name", "certificate_data", "key_data"]
+        fields = [
+            "pk",
+            "name",
+            "fingerprint",
+            "certificate_data",
+            "key_data",
+            "cert_expiry",
+            "cert_subject",
+        ]
+        extra_kwargs = {
+            "key_data": {"write_only": True},
+            "certificate_data": {"write_only": True},
+        }
+
+
+class CertificateDataSerializer(Serializer):
+    """Get CertificateKeyPair's data"""
+
+    data = CharField(read_only=True)
+
+    def create(self, validated_data: dict) -> Model:
+        raise NotImplementedError
+
+    def update(self, instance: Model, validated_data: dict) -> Model:
+        raise NotImplementedError


 class CertificateKeyPairViewSet(ModelViewSet):
@ -44,3 +82,31 @@ class CertificateKeyPairViewSet(ModelViewSet):

    queryset = CertificateKeyPair.objects.all()
    serializer_class = CertificateKeyPairSerializer
+
+    @swagger_auto_schema(responses={200: CertificateDataSerializer(many=False)})
+    @action(detail=True)
+    # pylint: disable=invalid-name, unused-argument
+    def view_certificate(self, request: Request, pk: str) -> Response:
+        """Return certificate-key pairs certificate and log access"""
+        certificate: CertificateKeyPair = self.get_object()
+        Event.new(  # noqa # nosec
+            EventAction.SECRET_VIEW,
+            secret=certificate,
+            type="certificate",
+        ).from_http(request)
+        return Response(
+            CertificateDataSerializer({"data": certificate.certificate_data}).data
+        )
+
+    @swagger_auto_schema(responses={200: CertificateDataSerializer(many=False)})
+    @action(detail=True)
+    # pylint: disable=invalid-name, unused-argument
+    def view_private_key(self, request: Request, pk: str) -> Response:
+        """Return certificate-key pairs private key and log access"""
+        certificate: CertificateKeyPair = self.get_object()
+        Event.new(  # noqa # nosec
+            EventAction.SECRET_VIEW,
+            secret=certificate,
+            type="private_key",
+        ).from_http(request)
+        return Response(CertificateDataSerializer({"data": certificate.key_data}).data)
--- a/authentik/events/migrations/0013_auto_20210209_1657.py
+++ b/authentik/events/migrations/0013_auto_20210209_1657.py
@ -0,0 +1,61 @@
+# Generated by Django 3.1.6 on 2021-02-09 16:57
+from django.apps.registry import Apps
+from django.db import migrations, models
+from django.db.backends.base.schema import BaseDatabaseSchemaEditor
+
+
+def token_view_to_secret_view(apps: Apps, schema_editor: BaseDatabaseSchemaEditor):
+    from authentik.events.models import EventAction
+
+    db_alias = schema_editor.connection.alias
+    Event = apps.get_model("authentik_events", "Event")
+
+    events = Event.objects.using(db_alias).filter(action="token_view")
+
+    for event in events:
+        event.context["secret"] = event.context.pop("token")
+        event.action = EventAction.SECRET_VIEW
+
+    Event.objects.using(db_alias).bulk_update(events, ["context", "action"])
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("authentik_events", "0012_auto_20210202_1821"),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name="event",
+            name="action",
+            field=models.TextField(
+                choices=[
+                    ("login", "Login"),
+                    ("login_failed", "Login Failed"),
+                    ("logout", "Logout"),
+                    ("user_write", "User Write"),
+                    ("suspicious_request", "Suspicious Request"),
+                    ("password_set", "Password Set"),
+                    ("secret_view", "Secret View"),
+                    ("invitation_used", "Invite Used"),
+                    ("authorize_application", "Authorize Application"),
+                    ("source_linked", "Source Linked"),
+                    ("impersonation_started", "Impersonation Started"),
+                    ("impersonation_ended", "Impersonation Ended"),
+                    ("policy_execution", "Policy Execution"),
+                    ("policy_exception", "Policy Exception"),
+                    ("property_mapping_exception", "Property Mapping Exception"),
+                    ("system_task_execution", "System Task Execution"),
+                    ("system_task_exception", "System Task Exception"),
+                    ("configuration_error", "Configuration Error"),
+                    ("model_created", "Model Created"),
+                    ("model_updated", "Model Updated"),
+                    ("model_deleted", "Model Deleted"),
+                    ("update_available", "Update Available"),
+                    ("custom_", "Custom Prefix"),
+                ]
+            ),
+        ),
+        migrations.RunPython(token_view_to_secret_view),
+    ]
--- a/authentik/events/models.py
+++ b/authentik/events/models.py
@ -42,7 +42,7 @@ class EventAction(models.TextChoices):
    SUSPICIOUS_REQUEST = "suspicious_request"
    PASSWORD_SET = "password_set"  # noqa # nosec

-    TOKEN_VIEW = "token_view"  # nosec
+    SECRET_VIEW = "secret_view"  # noqa # nosec

    INVITE_USED = "invitation_used"

--- a/authentik/events/tasks.py
+++ b/authentik/events/tasks.py
@ -2,6 +2,7 @@
 from guardian.shortcuts import get_anonymous_user
 from structlog import get_logger

+from authentik.core.models import User
 from authentik.events.models import (
    Event,
    Notification,
@ -29,7 +30,11 @@ def event_notification_handler(event_uuid: str):
@CELERY_APP.task()
 def event_trigger_handler(event_uuid: str, trigger_name: str):
    """Check if policies attached to NotificationRule match event"""
-    event: Event = Event.objects.get(event_uuid=event_uuid)
+    events = Event.objects.filter(event_uuid=event_uuid)
+    if not events.exists():
+        LOGGER.warning("event doesn't exist yet or anymore", event_uuid=event_uuid)
+        return
+    event: Event = events.first()
    trigger: NotificationRule = NotificationRule.objects.get(name=trigger_name)

    if "policy_uuid" in event.context:
@ -53,7 +58,8 @@ def event_trigger_handler(event_uuid: str, trigger_name: str):
        return

    LOGGER.debug("e(trigger): checking if trigger applies", trigger=trigger)
-    policy_engine = PolicyEngine(trigger, get_anonymous_user())
+    user = User.objects.filter(pk=event.user.get("pk")).first() or get_anonymous_user()
+    policy_engine = PolicyEngine(trigger, user)
    policy_engine.mode = PolicyEngineMode.MODE_OR
    policy_engine.empty_result = False
    policy_engine.use_cache = False
--- a/authentik/flows/tests/test_transfer_docs.py
+++ b/authentik/flows/tests/test_transfer_docs.py
@ -24,6 +24,6 @@ def pbflow_tester(file_name: str) -> Callable:
    return tester


-for flow_file in glob("website/static/flows/*.pbflow"):
+for flow_file in glob("website/static/flows/*.akflow"):
    method_name = Path(flow_file).stem.replace("-", "_").replace(".", "_")
    setattr(TestTransferDocs, f"test_flow_{method_name}", pbflow_tester(flow_file))
--- a/authentik/flows/transfer/importer.py
+++ b/authentik/flows/transfer/importer.py
@ -152,7 +152,13 @@ class FlowImporter:
        entries = deepcopy(self.__import.entries)
        for entry in entries:
            model_app_label, model_name = entry.model.split(".")
-            model: SerializerModel = apps.get_model(model_app_label, model_name)
+            try:
+                model: SerializerModel = apps.get_model(model_app_label, model_name)
+            except LookupError:
+                self.logger.error(
+                    "app or model does not exist", app=model_app_label, model=model_name
+                )
+                return False
            # Validate each single entry
            try:
                serializer = self._validate_single(entry)
--- a/authentik/lib/expression/evaluator.py
+++ b/authentik/lib/expression/evaluator.py
@ -98,6 +98,10 @@ class BaseEvaluator:
                exec(ast_obj, self._globals, _locals)  # nosec # noqa
                result = _locals["result"]
            except Exception as exc:
+                # So, this is a bit questionable. Essentially, we are edit the stacktrace
+                # so the user only sees information relevant to them
+                # and none of our surrounding error handling
+                exc.__traceback__ = exc.__traceback__.tb_next
                self.handle_error(exc, expression_source)
                raise exc
            return result
--- a/authentik/outposts/signals.py
+++ b/authentik/outposts/signals.py
@ -20,6 +20,7 @@ UPDATE_TRIGGERING_MODELS = (


@receiver(post_save)
+# pylint: disable=unused-argument
 def post_save_update(sender, instance: Model, **_):
    """If an Outpost is saved, Ensure that token is created/updated

@ -29,7 +30,7 @@ def post_save_update(sender, instance: Model, **_):
        return
    if instance.__module__ == "__fake__":
        return
-    if sender not in UPDATE_TRIGGERING_MODELS:
+    if not isinstance(instance, UPDATE_TRIGGERING_MODELS):
        return
    outpost_post_save.delay(class_to_path(instance.__class__), instance.pk)

--- a/authentik/policies/event_matcher/migrations/0007_auto_20210209_1657.py
+++ b/authentik/policies/event_matcher/migrations/0007_auto_20210209_1657.py
@ -0,0 +1,46 @@
+# Generated by Django 3.1.6 on 2021-02-09 16:57
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("authentik_policies_event_matcher", "0006_auto_20210203_1134"),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name="eventmatcherpolicy",
+            name="action",
+            field=models.TextField(
+                blank=True,
+                choices=[
+                    ("login", "Login"),
+                    ("login_failed", "Login Failed"),
+                    ("logout", "Logout"),
+                    ("user_write", "User Write"),
+                    ("suspicious_request", "Suspicious Request"),
+                    ("password_set", "Password Set"),
+                    ("secret_view", "Secret View"),
+                    ("invitation_used", "Invite Used"),
+                    ("authorize_application", "Authorize Application"),
+                    ("source_linked", "Source Linked"),
+                    ("impersonation_started", "Impersonation Started"),
+                    ("impersonation_ended", "Impersonation Ended"),
+                    ("policy_execution", "Policy Execution"),
+                    ("policy_exception", "Policy Exception"),
+                    ("property_mapping_exception", "Property Mapping Exception"),
+                    ("system_task_execution", "System Task Execution"),
+                    ("system_task_exception", "System Task Exception"),
+                    ("configuration_error", "Configuration Error"),
+                    ("model_created", "Model Created"),
+                    ("model_updated", "Model Updated"),
+                    ("model_deleted", "Model Deleted"),
+                    ("update_available", "Update Available"),
+                    ("custom_", "Custom Prefix"),
+                ],
+                help_text="Match created events with this action type. When left empty, all action types will be matched.",
+            ),
+        ),
+    ]
--- a/authentik/policies/expression/evaluator.py
+++ b/authentik/policies/expression/evaluator.py
@ -55,10 +55,6 @@ class PolicyEvaluator(BaseEvaluator):

    def handle_error(self, exc: Exception, expression_source: str):
        """Exception Handler"""
-        # So, this is a bit questionable. Essentially, we are edit the stacktrace
-        # so the user only sees information relevant to them
-        # and none of our surrounding error handling
-        exc.__traceback__ = exc.__traceback__.tb_next
        raise PolicyException(exc)

    def evaluate(self, expression_source: str) -> PolicyResult:
--- a/authentik/policies/group_membership/forms.py
+++ b/authentik/policies/group_membership/forms.py
@ -2,6 +2,7 @@

 from django import forms

+from authentik.core.models import Group
 from authentik.policies.forms import GENERAL_FIELDS
 from authentik.policies.group_membership.models import GroupMembershipPolicy

@ -9,6 +10,8 @@ from authentik.policies.group_membership.models import GroupMembershipPolicy
 class GroupMembershipPolicyForm(forms.ModelForm):
    """GroupMembershipPolicy Form"""

+    group = forms.ModelChoiceField(queryset=Group.objects.all().order_by("name"))
+
    class Meta:

        model = GroupMembershipPolicy
--- a/authentik/policies/process.py
+++ b/authentik/policies/process.py
@ -103,8 +103,9 @@ class PolicyProcess(PROCESS_CLASS):
        # Invert result if policy.negate is set
        if self.binding.negate:
            policy_result.passing = not policy_result.passing
-        key = cache_key(self.binding, self.request)
-        cache.set(key, policy_result)
+        if not self.request.debug:
+            key = cache_key(self.binding, self.request)
+            cache.set(key, policy_result)
        LOGGER.debug(
            "P_ENG(proc): finished and cached ",
            policy=self.binding.policy,
--- a/authentik/providers/oauth2/models.py
+++ b/authentik/providers/oauth2/models.py
@ -4,6 +4,7 @@ import binascii
 import json
 import time
 from dataclasses import asdict, dataclass, field
+from datetime import datetime
 from hashlib import sha256
 from typing import Any, Dict, List, Optional, Type
 from urllib.parse import urlparse
@ -480,10 +481,14 @@ class RefreshToken(ExpiringModel, BaseGrantModel):
            now + timedelta_from_string(self.provider.token_validity).seconds
        )
        # We use the timestamp of the user's last successful login (EventAction.LOGIN) for auth_time
-        auth_event = Event.objects.filter(
+        auth_events = Event.objects.filter(
            action=EventAction.LOGIN, user=get_user(user)
-        ).latest("created")
-        auth_time = int(dateformat.format(auth_event.created, "U"))
+        ).order_by("-created")
+        # Fallback in case we can't find any login events
+        auth_time = datetime.now()
+        if auth_events.exists():
+            auth_time = auth_events.first().created
+        auth_time = int(dateformat.format(auth_time, "U"))

        token = IDToken(
            iss=self.provider.get_issuer(request),
--- a/authentik/providers/proxy/forms.py
+++ b/authentik/providers/proxy/forms.py
@ -18,7 +18,7 @@ class ProxyProviderForm(forms.ModelForm):
        )
        self.fields["certificate"].queryset = CertificateKeyPair.objects.filter(
            key_data__isnull=False
-        )
+        ).exclude(key_data="")

    def save(self, *args, **kwargs):
        actual_save = super().save(*args, **kwargs)
--- a/authentik/root/asgi.py
+++ b/authentik/root/asgi.py
@ -18,6 +18,8 @@ from django.core.asgi import get_asgi_application
 from sentry_sdk.integrations.asgi import SentryAsgiMiddleware
 from structlog.stdlib import get_logger

+from authentik.core.middleware import RESPONSE_HEADER_ID
+
 # DJANGO_SETTINGS_MODULE is set in gunicorn.conf.py

 defuse_stdlib()
@ -67,6 +69,7 @@ class ASGILogger:
    status_code: int
    start: float
    content_length: int
+    request_id: str

    def __init__(self, app: ASGIApp):
        self.app = app
@ -75,23 +78,29 @@ class ASGILogger:
        self.scope = scope
        self.content_length = 0
        self.headers = dict(scope.get("headers", []))
+        self.request_id = ""

        async def send_hooked(message: Message) -> None:
            """Hooked send method, which records status code and content-length, and for the final
            requests logs it"""
            headers = dict(message.get("headers", []))
-
            if "status" in message:
                self.status_code = message["status"]

            if b"Content-Length" in headers:
                self.content_length += int(headers.get(b"Content-Length", b"0"))

+            if message["type"] == "http.response.start":
+                response_headers = dict(message["headers"])
+                self.request_id = response_headers.get(
+                    RESPONSE_HEADER_ID.encode(), b""
+                ).decode()
+
            if message["type"] == "http.response.body" and not message.get(
-                "more_body", None
+                "more_body", True
            ):
-                runtime = int((time() - self.start) * 10 ** 6)
-                self.log(runtime)
+                runtime = int((time() - self.start) * 1000)
+                self.log(runtime, request_id=self.request_id)
            await send(message)

        self.start = time()
@ -111,7 +120,7 @@ class ASGILogger:
        # Check if header has multiple values, and use the first one
        return client_ip.split(", ")[0]

-    def log(self, runtime: float):
+    def log(self, runtime: float, **kwargs):
        """Outpot access logs in a structured format"""
        host = self._get_ip()
        query_string = ""
@ -125,6 +134,7 @@ class ASGILogger:
            status=self.status_code,
            size=self.content_length / 1000 if self.content_length > 0 else 0,
            runtime=runtime,
+            **kwargs,
        )


--- a/authentik/sources/ldap/api.py
+++ b/authentik/sources/ldap/api.py
@ -1,5 +1,15 @@
 """Source API Views"""
-from rest_framework.serializers import ModelSerializer
+from datetime import datetime
+from time import time
+
+from django.core.cache import cache
+from django.db.models.base import Model
+from drf_yasg2.utils import swagger_auto_schema
+from rest_framework.decorators import action
+from rest_framework.fields import DateTimeField
+from rest_framework.request import Request
+from rest_framework.response import Response
+from rest_framework.serializers import ModelSerializer, Serializer
 from rest_framework.viewsets import ModelViewSet

 from authentik.core.api.sources import SourceSerializer
@ -34,6 +44,39 @@ class LDAPSourceSerializer(SourceSerializer):
        extra_kwargs = {"bind_password": {"write_only": True}}


+class LDAPSourceSyncStatusSerializer(Serializer):
+    """LDAP Sync status"""
+
+    last_sync = DateTimeField(read_only=True)
+
+    def create(self, validated_data: dict) -> Model:
+        raise NotImplementedError
+
+    def update(self, instance: Model, validated_data: dict) -> Model:
+        raise NotImplementedError
+
+
+class LDAPSourceViewSet(ModelViewSet):
+    """LDAP Source Viewset"""
+
+    queryset = LDAPSource.objects.all()
+    serializer_class = LDAPSourceSerializer
+    lookup_field = "slug"
+
+    @swagger_auto_schema(responses={200: LDAPSourceSyncStatusSerializer(many=False)})
+    @action(methods=["GET"], detail=True)
+    # pylint: disable=unused-argument
+    def sync_status(self, request: Request, slug: str) -> Response:
+        """Get source's sync status"""
+        source = self.get_object()
+        last_sync = cache.get(source.state_cache_prefix("last_sync"), time())
+        return Response(
+            LDAPSourceSyncStatusSerializer(
+                {"last_sync": datetime.fromtimestamp(last_sync)}
+            ).data
+        )
+
+
 class LDAPPropertyMappingSerializer(ModelSerializer, MetaNameSerializer):
    """LDAP PropertyMapping Serializer"""

@ -49,13 +92,6 @@ class LDAPPropertyMappingSerializer(ModelSerializer, MetaNameSerializer):
        ]


-class LDAPSourceViewSet(ModelViewSet):
-    """LDAP Source Viewset"""
-
-    queryset = LDAPSource.objects.all()
-    serializer_class = LDAPSourceSerializer
-
-
 class LDAPPropertyMappingViewSet(ModelViewSet):
    """LDAP PropertyMapping Viewset"""

--- a/authentik/sources/ldap/models.py
+++ b/authentik/sources/ldap/models.py
@ -1,8 +1,6 @@
 """authentik LDAP Models"""
-from datetime import datetime
 from typing import Optional, Type

-from django.core.cache import cache
 from django.db import models
 from django.forms import ModelForm
 from django.utils.translation import gettext_lazy as _
@ -11,7 +9,6 @@ from rest_framework.serializers import Serializer

 from authentik.core.models import Group, PropertyMapping, Source
 from authentik.lib.models import DomainlessURLValidator
-from authentik.lib.utils.template import render_to_string


 class LDAPSource(Source):
@ -91,16 +88,6 @@ class LDAPSource(Source):
        """Key by which the ldap source status is saved"""
        return f"source_ldap_{self.pk}_state_{suffix}"

-    @property
-    def ui_additional_info(self) -> str:
-        last_sync = cache.get(self.state_cache_prefix("last_sync"), None)
-        if last_sync:
-            last_sync = datetime.fromtimestamp(last_sync)
-
-        return render_to_string(
-            "ldap/source_list_status.html", {"source": self, "last_sync": last_sync}
-        )
-
    _connection: Optional[Connection] = None

    @property
--- a/authentik/sources/ldap/password.py
+++ b/authentik/sources/ldap/password.py
@ -77,7 +77,8 @@ class LDAPPasswordChanger:
        """Change user's password"""
        user_dn = user.attributes.get(LDAP_DISTINGUISHED_NAME, None)
        if not user_dn:
-            raise AttributeError(f"User has no {LDAP_DISTINGUISHED_NAME} set.")
+            LOGGER.info(f"User has no {LDAP_DISTINGUISHED_NAME} set.")
+            return
        self._source.connection.extend.microsoft.modify_password(user_dn, password)

    def _ad_check_password_existing(self, password: str, user_dn: str) -> bool:
--- a/authentik/sources/ldap/tasks.py
+++ b/authentik/sources/ldap/tasks.py
@ -4,6 +4,7 @@ from time import time
 from django.core.cache import cache
 from django.utils.text import slugify
 from ldap3.core.exceptions import LDAPException
+from structlog.stdlib import get_logger

 from authentik.events.monitored_tasks import MonitoredTask, TaskResult, TaskResultStatus
 from authentik.root.celery import CELERY_APP
@ -12,6 +13,8 @@ from authentik.sources.ldap.sync.groups import GroupLDAPSynchronizer
 from authentik.sources.ldap.sync.membership import MembershipLDAPSynchronizer
 from authentik.sources.ldap.sync.users import UserLDAPSynchronizer

+LOGGER = get_logger()
+

@CELERY_APP.task()
 def ldap_sync_all():
@ -21,7 +24,7 @@ def ldap_sync_all():


@CELERY_APP.task(bind=True, base=MonitoredTask)
-def ldap_sync(self: MonitoredTask, source_pk: int):
+def ldap_sync(self: MonitoredTask, source_pk: str):
    """Synchronization of an LDAP Source"""
    try:
        source: LDAPSource = LDAPSource.objects.get(pk=source_pk)
@ -49,4 +52,5 @@ def ldap_sync(self: MonitoredTask, source_pk: int):
            )
        )
    except LDAPException as exc:
+        LOGGER.debug(exc)
        self.set_status(TaskResult(TaskResultStatus.ERROR).with_error(exc))
--- a/authentik/sources/ldap/templates/ldap/source_list_status.html
+++ b/authentik/sources/ldap/templates/ldap/source_list_status.html
@ -1,8 +0,0 @@
-{% load humanize %}
-{% load i18n %}
-
-{% if last_sync %}
-<i class="fas fa-check pf-m-success"></i> {% blocktrans with last_sync=last_sync|naturaltime %}Synced {{ last_sync }}.{% endblocktrans %}
-{% else %}
-<i class="fas fa-times pf-m-danger"></i> Not synced yet/Sync in Progress
-{% endif %}
--- a/authentik/sources/oauth/api.py
+++ b/authentik/sources/oauth/api.py
@ -1,4 +1,6 @@
 """OAuth Source Serializer"""
+from django.urls.base import reverse_lazy
+from rest_framework.fields import SerializerMethodField
 from rest_framework.viewsets import ModelViewSet

 from authentik.core.api.sources import SourceSerializer
@ -8,6 +10,18 @@ from authentik.sources.oauth.models import OAuthSource
 class OAuthSourceSerializer(SourceSerializer):
    """OAuth Source Serializer"""

+    callback_url = SerializerMethodField()
+
+    def get_callback_url(self, instance: OAuthSource) -> str:
+        """Get OAuth Callback URL"""
+        relative_url = reverse_lazy(
+            "authentik_sources_oauth:oauth-client-callback",
+            kwargs={"source_slug": instance.slug},
+        )
+        if "request" not in self.context:
+            return relative_url
+        return self.context["request"].build_absolute_uri(relative_url)
+
    class Meta:
        model = OAuthSource
        fields = SourceSerializer.Meta.fields + [
@ -18,7 +32,9 @@ class OAuthSourceSerializer(SourceSerializer):
            "profile_url",
            "consumer_key",
            "consumer_secret",
+            "callback_url",
        ]
+        extra_kwargs = {"consumer_secret": {"write_only": True}}


 class OAuthSourceViewSet(ModelViewSet):
@ -26,3 +42,4 @@ class OAuthSourceViewSet(ModelViewSet):

    queryset = OAuthSource.objects.all()
    serializer_class = OAuthSourceSerializer
+    lookup_field = "slug"
--- a/authentik/sources/oauth/models.py
+++ b/authentik/sources/oauth/models.py
@ -64,14 +64,6 @@ class OAuthSource(Source):
            name=self.name,
        )

-    @property
-    def ui_additional_info(self) -> str:
-        url = reverse_lazy(
-            "authentik_sources_oauth:oauth-client-callback",
-            kwargs={"source_slug": self.slug},
-        )
-        return f"Callback URL: <pre>{url}</pre>"
-
    @property
    def ui_user_settings(self) -> Optional[str]:
        view_name = "authentik_sources_oauth:oauth-client-user"
--- a/authentik/sources/oauth/templates/oauth_client/user.html
+++ b/authentik/sources/oauth/templates/oauth_client/user.html
@ -9,13 +9,13 @@
    <div class="pf-c-card__body">
        {% if connections.exists %}
        <p>{% trans 'Connected.' %}</p>
-        <a class="pf-c-button pf-m-danger"
+        <a class="pf-c-button pf-m-danger ak-root-link"
            href="{% url 'authentik_sources_oauth:oauth-client-disconnect' source_slug=source.slug %}">
            {% trans 'Disconnect' %}
        </a>
        {% else %}
        <p>Not connected.</p>
-        <a class="pf-c-button pf-m-primary"
+        <a class="pf-c-button pf-m-primary ak-root-link"
            href="{% url 'authentik_sources_oauth:oauth-client-login' source_slug=source.slug %}">
            {% trans 'Connect' %}
        </a>
--- a/authentik/sources/saml/api.py
+++ b/authentik/sources/saml/api.py
@ -30,3 +30,4 @@ class SAMLSourceViewSet(ModelViewSet):

    queryset = SAMLSource.objects.all()
    serializer_class = SAMLSourceSerializer
+    lookup_field = "slug"
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -19,7 +19,7 @@ services:
    networks:
      - internal
  server:
-    image: beryju/authentik:${AUTHENTIK_TAG:-2021.2.1-stable}
+    image: beryju/authentik:${AUTHENTIK_TAG:-2021.2.6-stable}
    command: server
    environment:
      AUTHENTIK_REDIS__HOST: redis
@ -45,7 +45,7 @@ services:
    env_file:
      - .env
  worker:
-    image: beryju/authentik:${AUTHENTIK_TAG:-2021.2.1-stable}
+    image: beryju/authentik:${AUTHENTIK_TAG:-2021.2.6-stable}
    command: worker
    networks:
      - internal
@ -62,7 +62,7 @@ services:
    env_file:
      - .env
  static:
-    image: beryju/authentik-static:${AUTHENTIK_TAG:-2021.2.1-stable}
+    image: beryju/authentik-static:${AUTHENTIK_TAG:-2021.2.6-stable}
    networks:
      - internal
    labels:
--- a/helm/Chart.yaml
+++ b/helm/Chart.yaml
@ -4,7 +4,7 @@ name: authentik
 home: https://goauthentik.io
 sources:
  - https://github.com/BeryJu/authentik
-version: "2021.2.1-stable"
+version: "2021.2.6-stable"
 icon: https://raw.githubusercontent.com/BeryJu/authentik/master/web/icons/icon.svg
 dependencies:
  - name: postgresql
--- a/helm/README.md
+++ b/helm/README.md
@ -4,7 +4,7 @@
 |-----------------------------------|-------------------------|-------------|
 | image.name                        | beryju/authentik        | Image used to run the authentik server and worker |
 | image.name_static                 | beryju/authentik-static | Image used to run the authentik static server (CSS and JS Files) |
-| image.tag                         | 2021.2.1-stable           | Image tag |
+| image.tag                         | 2021.2.6-stable           | Image tag |
 | image.pullPolicy                  | IfNotPresent            | Image Pull Policy used for all deployments |
 | serverReplicas                    | 1                       | Replicas for the Server deployment |
 | workerReplicas                    | 1                       | Replicas for the Worker deployment |
--- a/helm/templates/web-deployment.yaml
+++ b/helm/templates/web-deployment.yaml
@ -99,10 +99,12 @@ spec:
            httpGet:
              path: /-/health/live/
              port: http
+              initialDelaySeconds: 15
          readinessProbe:
            httpGet:
              path: /-/health/ready/
              port: http
+              initialDelaySeconds: 15
          resources:
            requests:
              cpu: 100m
--- a/helm/values.yaml
+++ b/helm/values.yaml
@ -5,7 +5,7 @@ image:
  name: beryju/authentik
  name_static: beryju/authentik-static
  name_outposts: beryju/authentik # Prefix used for Outpost deployments, Outpost type and version is appended
-  tag: 2021.2.1-stable
+  tag: 2021.2.6-stable
  pullPolicy: IfNotPresent

 serverReplicas: 1
--- a/outpost/go.mod
+++ b/outpost/go.mod
@ -3,27 +3,26 @@ module goauthentik.io/outpost
 go 1.14

 require (
-	cloud.google.com/go v0.64.0 // indirect
 	github.com/coreos/go-oidc v2.2.1+incompatible
 	github.com/getsentry/sentry-go v0.9.0
-	github.com/go-openapi/errors v0.19.9
-	github.com/go-openapi/runtime v0.19.24
-	github.com/go-openapi/strfmt v0.19.12
-	github.com/go-openapi/swag v0.19.12
-	github.com/go-openapi/validate v0.20.1
+	github.com/go-openapi/errors v0.20.0
+	github.com/go-openapi/runtime v0.19.26
+	github.com/go-openapi/strfmt v0.20.0
+	github.com/go-openapi/swag v0.19.14
+	github.com/go-openapi/validate v0.20.2
 	github.com/go-redis/redis/v7 v7.4.0 // indirect
-	github.com/go-swagger/go-swagger v0.25.0 // indirect
-	github.com/gorilla/handlers v1.5.1 // indirect
+	github.com/go-swagger/go-swagger v0.26.1 // indirect
+	github.com/golang/protobuf v1.4.3 // indirect
 	github.com/gorilla/websocket v1.4.2
 	github.com/jinzhu/copier v0.0.0-20190924061706-b57f9002281a
 	github.com/justinas/alice v1.2.0
 	github.com/kr/pretty v0.2.1 // indirect
 	github.com/magiconair/properties v1.8.4 // indirect
-	github.com/mitchellh/mapstructure v1.4.1 // indirect
+	github.com/mailru/easyjson v0.7.7 // indirect
 	github.com/oauth2-proxy/oauth2-proxy v0.0.0-20200831161845-e4e5580852dc
 	github.com/pelletier/go-toml v1.8.1 // indirect
 	github.com/pkg/errors v0.9.1
-	github.com/pquerna/cachecontrol v0.0.0-20200819021114-67c6ae64274f // indirect
+	github.com/pquerna/cachecontrol v0.0.0-20200921180117-858c6e7e6b7e // indirect
 	github.com/recws-org/recws v1.2.1
 	github.com/sirupsen/logrus v1.7.0
 	github.com/spf13/afero v1.5.1 // indirect
@ -31,12 +30,12 @@ require (
 	github.com/spf13/jwalterweatherman v1.1.0 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
 	github.com/spf13/viper v1.7.1 // indirect
-	golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de // indirect
+	golang.org/x/crypto v0.0.0-20201124201722-c8d3bf9c5392 // indirect
 	golang.org/x/mod v0.4.1 // indirect
-	golang.org/x/net v0.0.0-20201224014010-6772e930b67b // indirect
-	golang.org/x/sys v0.0.0-20210113181707-4bcb84eeeb78 // indirect
-	golang.org/x/text v0.3.5 // indirect
-	golang.org/x/tools v0.0.0-20210115202250-e0d201561e39 // indirect
+	golang.org/x/oauth2 v0.0.0-20201109201403-9fd604954f58 // indirect
+	golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c // indirect
+	golang.org/x/tools v0.1.0 // indirect
+	google.golang.org/appengine v1.6.7 // indirect
 	gopkg.in/ini.v1 v1.62.0 // indirect
 	gopkg.in/square/go-jose.v2 v2.5.1 // indirect
 )
--- a/outpost/go.sum
+++ b/outpost/go.sum
@ -13,8 +13,8 @@ cloud.google.com/go v0.54.0/go.mod h1:1rq2OEkV3YMf6n/9ZvGWI3GWw0VoqH/1x2nd8Is/bP
 cloud.google.com/go v0.56.0/go.mod h1:jr7tqZxxKOVYizybht9+26Z/gUq7tiRzu+ACVAMbKVk=
 cloud.google.com/go v0.57.0/go.mod h1:oXiQ6Rzq3RAkkY7N6t3TcE6jE+CIBBbA36lwQ1JyzZs=
 cloud.google.com/go v0.62.0/go.mod h1:jmCYTdRCQuc1PHIIJ/maLInMho30T/Y0M4hTdTShOYc=
-cloud.google.com/go v0.64.0 h1:xVP3LPvMjGT4J0a55y02Gw5y/dkY/rxGz58sfK1jqIo=
-cloud.google.com/go v0.64.0/go.mod h1:xfORb36jGvE+6EexW71nMEtL025s3x6xvuYUKM4JLv4=
+cloud.google.com/go v0.65.0 h1:Dg9iHVQfrhq82rUNu9ZxUDrJLaxFUe/HlCVaLyRruq8=
+cloud.google.com/go v0.65.0/go.mod h1:O5N8zS7uWy9vkA9vayVHs65eM1ubvY4h553ofrNHObY=
 cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o=
 cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE=
 cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc=
@ -35,11 +35,6 @@ cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RX
 cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0=
 dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
 github.com/AndreasBriese/bbloom v0.0.0-20190306092124-e2d15f34fcf9/go.mod h1:bOvUY6CB00SOBii9/FifXqc0awNKxLFCL/+pkDPuyl8=
-github.com/BeryJu/authentik v0.0.0-20210108085217-fd6d99f4f999 h1:ymxzvnxKNUomJIRG1VP3I6ls5mWn8r1xWD82bHASEk0=
-github.com/BeryJu/authentik v0.0.0-20210116180903-8acb9dde5f2f h1:pLOJgn8bIzavtn0h874lys3gs7uk1RnMqMWIttOWY8Y=
-github.com/BeryJu/authentik/proxy v0.0.0-20210108085217-fd6d99f4f999 h1:XYHeaZx7fm4JNx77MHMO6ek/Gdp+sZa2jIJyjC294Gw=
-github.com/BeryJu/authentik/proxy v0.0.0-20210116180903-8acb9dde5f2f h1:bp617AbteaVcZBXMtr4/A+FSSVGKqRWlTo5chcirq8k=
-github.com/BeryJu/authentik/proxy v0.0.0-20210116180903-8acb9dde5f2f/go.mod h1:6/VeRMuLHUE3Ywr1uIpjxnmOJJsAfld7OOOi+uocxQw=
 github.com/Bose/minisentinel v0.0.0-20200130220412-917c5a9223bb h1:ZVN4Iat3runWOFLaBCDVU5a9X/XikSRBosye++6gojw=
 github.com/Bose/minisentinel v0.0.0-20200130220412-917c5a9223bb/go.mod h1:WsAABbY4HQBgd3mGuG4KMNTbHJCPvx9IVBHzysbknss=
 github.com/BurntSushi/toml v0.3.1 h1:WXkYYl6Yr3qBf1K79EBnL4mak0OimBfB0XUf9Vl28OQ=
@ -167,6 +162,8 @@ github.com/go-openapi/analysis v0.19.10 h1:5BHISBAXOc/aJK25irLZnx2D3s6WyYaY9D4gm
 github.com/go-openapi/analysis v0.19.10/go.mod h1:qmhS3VNFxBlquFJ0RGoDtylO9y4pgTAUNE9AEEMdlJQ=
 github.com/go-openapi/analysis v0.19.16 h1:Ub9e++M8sDwtHD+S587TYi+6ANBG1NRYGZDihqk0SaY=
 github.com/go-openapi/analysis v0.19.16/go.mod h1:GLInF007N83Ad3m8a/CbQ5TPzdnGT7workfHwuVjNVk=
+github.com/go-openapi/analysis v0.20.0 h1:UN09o0kNhleunxW7LR+KnltD0YrJ8FF03pSqvAN3Vro=
+github.com/go-openapi/analysis v0.20.0/go.mod h1:BMchjvaHDykmRMsK40iPtvyOfFdMMxlOmQr9FBZk+Og=
 github.com/go-openapi/errors v0.17.0/go.mod h1:LcZQpmvG4wyF5j4IhA73wkLFQg+QJXOQHVjmcZxhka0=
 github.com/go-openapi/errors v0.18.0/go.mod h1:LcZQpmvG4wyF5j4IhA73wkLFQg+QJXOQHVjmcZxhka0=
 github.com/go-openapi/errors v0.19.2/go.mod h1:qX0BLWsyaKfvhluLejVpVNwNRdXZhEbTA4kxxpKBC94=
@ -179,6 +176,8 @@ github.com/go-openapi/errors v0.19.8 h1:doM+tQdZbUm9gydV9yR+iQNmztbjj7I3sW4sIcAw
 github.com/go-openapi/errors v0.19.8/go.mod h1:cM//ZKUKyO06HSwqAelJ5NsEMMcpa6VpXe8DOa1Mi1M=
 github.com/go-openapi/errors v0.19.9 h1:9SnKdGhiPZHF3ttwFMiCBEb8jQ4IDdrK+5+a0oTygA4=
 github.com/go-openapi/errors v0.19.9/go.mod h1:cM//ZKUKyO06HSwqAelJ5NsEMMcpa6VpXe8DOa1Mi1M=
+github.com/go-openapi/errors v0.20.0 h1:Sxpo9PjEHDzhs3FbnGNonvDgWcMW2U7wGTcDDSFSceM=
+github.com/go-openapi/errors v0.20.0/go.mod h1:cM//ZKUKyO06HSwqAelJ5NsEMMcpa6VpXe8DOa1Mi1M=
 github.com/go-openapi/inflect v0.19.0 h1:9jCH9scKIbHeV9m12SmPilScz6krDxKRasNNSNPXu/4=
 github.com/go-openapi/inflect v0.19.0/go.mod h1:lHpZVlpIQqLyKwJ4N+YSc9hchQy/i12fJykb83CRBH4=
 github.com/go-openapi/jsonpointer v0.17.0/go.mod h1:cOnomiV+CVVwFLk0A/MExoFMjwdsUdVpsRhURCKh+3M=
@ -193,7 +192,6 @@ github.com/go-openapi/jsonreference v0.18.0/go.mod h1:g4xxGn04lDIRh0GJb5QlpE3Hfo
 github.com/go-openapi/jsonreference v0.19.2/go.mod h1:jMjeRr2HHw6nAVajTXJ4eiUwohSTlpa0o73RUL1owJc=
 github.com/go-openapi/jsonreference v0.19.3 h1:5cxNfTy0UVC3X8JL5ymxzyoUZmo8iZb+jeTWn7tUa8o=
 github.com/go-openapi/jsonreference v0.19.3/go.mod h1:rjx6GuL8TTa9VaixXglHmQmIL98+wF9xc8zWvFonSJ8=
-github.com/go-openapi/jsonreference v0.19.4/go.mod h1:RdybgQwPxbL4UEjuAruzK1x3nE69AqPYEJeo/TWfEeg=
 github.com/go-openapi/jsonreference v0.19.5 h1:1WJP/wi4OjB4iV8KVbH73rQaoialJrqv8gitZLxGLtM=
 github.com/go-openapi/jsonreference v0.19.5/go.mod h1:RdybgQwPxbL4UEjuAruzK1x3nE69AqPYEJeo/TWfEeg=
 github.com/go-openapi/loads v0.17.0/go.mod h1:72tmFy5wsWx89uEVddd0RjRWPZm92WRLhf7AC+0+OOU=
@ -209,14 +207,18 @@ github.com/go-openapi/loads v0.19.7 h1:6cALLpCAq4tYhaic7TMbEzjv8vq/wg+0AFivNy/Bm
 github.com/go-openapi/loads v0.19.7/go.mod h1:brCsvE6j8mnbmGBh103PT/QLHfbyDxA4hsKvYBNEGVc=
 github.com/go-openapi/loads v0.20.0 h1:Pymw1O8zDmWeNv4kVsHd0W3cvgdp8juRa4U/U/8D/Pk=
 github.com/go-openapi/loads v0.20.0/go.mod h1:2LhKquiE513rN5xC6Aan6lYOSddlL8Mp20AW9kpviM4=
+github.com/go-openapi/loads v0.20.1/go.mod h1:/6LfFL8fDvTSX8ypmYXIq3U9Q7nfniSOStW22m864WM=
+github.com/go-openapi/loads v0.20.2 h1:z5p5Xf5wujMxS1y8aP+vxwW5qYT2zdJBbXKmQUG3lcc=
+github.com/go-openapi/loads v0.20.2/go.mod h1:hTVUotJ+UonAMMZsvakEgmWKgtulweO9vYP2bQYKA/o=
 github.com/go-openapi/runtime v0.0.0-20180920151709-4f900dc2ade9/go.mod h1:6v9a6LTXWQCdL8k1AO3cvqx5OtZY/Y9wKTgaoP6YRfA=
 github.com/go-openapi/runtime v0.19.0/go.mod h1:OwNfisksmmaZse4+gpV3Ne9AyMOlP1lt4sK4FXt0O64=
 github.com/go-openapi/runtime v0.19.4/go.mod h1:X277bwSUBxVlCYR3r7xgZZGKVvBd/29gLDlFGtJ8NL4=
 github.com/go-openapi/runtime v0.19.15/go.mod h1:dhGWCTKRXlAfGnQG0ONViOZpjfg0m2gUt9nTQPQZuoo=
 github.com/go-openapi/runtime v0.19.16/go.mod h1:5P9104EJgYcizotuXhEuUrzVc+j1RiSjahULvYmlv98=
-github.com/go-openapi/runtime v0.19.20/go.mod h1:Lm9YGCeecBnUUkFTxPC4s1+lwrkJ0pthx8YvyjCfkgk=
 github.com/go-openapi/runtime v0.19.24 h1:TqagMVlRAOTwllE/7hNKx6rQ10O6T8ZzeJdMjSTKaD4=
 github.com/go-openapi/runtime v0.19.24/go.mod h1:Lm9YGCeecBnUUkFTxPC4s1+lwrkJ0pthx8YvyjCfkgk=
+github.com/go-openapi/runtime v0.19.26 h1:K/6PoVNj5WJXUnMk+VEbELeXjtBkCS1UxTDa04tdXE0=
+github.com/go-openapi/runtime v0.19.26/go.mod h1:BvrQtn6iVb2QmiVXRsFAm6ZCAZBpbVKFfN6QWCp582M=
 github.com/go-openapi/spec v0.17.0/go.mod h1:XkF/MOi14NmjsfZ8VtAKf8pIlbZzyoTvZsdfssdxcBI=
 github.com/go-openapi/spec v0.18.0/go.mod h1:XkF/MOi14NmjsfZ8VtAKf8pIlbZzyoTvZsdfssdxcBI=
 github.com/go-openapi/spec v0.19.2/go.mod h1:sCxk3jxKgioEJikev4fgkNmwS+3kuYdJtcsZsD5zxMY=
@ -228,6 +230,10 @@ github.com/go-openapi/spec v0.19.15 h1:uxh8miNJEfMm8l8ekpY7i39LcORm1xSRtoipEGl1J
 github.com/go-openapi/spec v0.19.15/go.mod h1:+81FIL1JwC5P3/Iuuozq3pPE9dXdIEGxFutcFKaVbmU=
 github.com/go-openapi/spec v0.20.0 h1:HGLc8AJ7ynOxwv0Lq4TsnwLsWMawHAYiJIFzbcML86I=
 github.com/go-openapi/spec v0.20.0/go.mod h1:+81FIL1JwC5P3/Iuuozq3pPE9dXdIEGxFutcFKaVbmU=
+github.com/go-openapi/spec v0.20.1/go.mod h1:93x7oh+d+FQsmsieroS4cmR3u0p/ywH649a3qwC9OsQ=
+github.com/go-openapi/spec v0.20.2/go.mod h1:RW6Xcbs6LOyWLU/mXGdzn2Qc+3aj+ASfI7rvSZh1Vls=
+github.com/go-openapi/spec v0.20.3 h1:uH9RQ6vdyPSs2pSy9fL8QPspDF2AMIMPtmK5coSSjtQ=
+github.com/go-openapi/spec v0.20.3/go.mod h1:gG4F8wdEDN+YPBMVnzE85Rbhf+Th2DTvA9nFPQ5AYEg=
 github.com/go-openapi/strfmt v0.17.0/go.mod h1:P82hnJI0CXkErkXi8IKjPbNBM6lV6+5pLP5l494TcyU=
 github.com/go-openapi/strfmt v0.18.0/go.mod h1:P82hnJI0CXkErkXi8IKjPbNBM6lV6+5pLP5l494TcyU=
 github.com/go-openapi/strfmt v0.19.0/go.mod h1:+uW+93UVvGGq2qGaZxdDeJqSAqBqBdl+ZPMF/cC8nDY=
@ -238,8 +244,8 @@ github.com/go-openapi/strfmt v0.19.5 h1:0utjKrw+BAh8s57XE9Xz8DUBsVvPmRUB6styvl9w
 github.com/go-openapi/strfmt v0.19.5/go.mod h1:eftuHTlB/dI8Uq8JJOyRlieZf+WkkxUuk0dgdHXr2Qk=
 github.com/go-openapi/strfmt v0.19.11 h1:0+YvbNh05rmBkgztd6zHp4OCFn7Mtu30bn46NQo2ZRw=
 github.com/go-openapi/strfmt v0.19.11/go.mod h1:UukAYgTaQfqJuAFlNxxMWNvMYiwiXtLsF2VwmoFtbtc=
-github.com/go-openapi/strfmt v0.19.12 h1:GcJYVoo6b2fsAzIxHTL6bTIcGo7vCJTfty+mdyj5VXo=
-github.com/go-openapi/strfmt v0.19.12/go.mod h1:UukAYgTaQfqJuAFlNxxMWNvMYiwiXtLsF2VwmoFtbtc=
+github.com/go-openapi/strfmt v0.20.0 h1:l2omNtmNbMc39IGptl9BuXBEKcZfS8zjrTsPKTiJiDM=
+github.com/go-openapi/strfmt v0.20.0/go.mod h1:UukAYgTaQfqJuAFlNxxMWNvMYiwiXtLsF2VwmoFtbtc=
 github.com/go-openapi/swag v0.17.0/go.mod h1:AByQ+nYG6gQg71GINrmuDXCPWdL640yX49/kXLo40Tg=
 github.com/go-openapi/swag v0.18.0/go.mod h1:AByQ+nYG6gQg71GINrmuDXCPWdL640yX49/kXLo40Tg=
 github.com/go-openapi/swag v0.19.2/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk=
@ -249,6 +255,10 @@ github.com/go-openapi/swag v0.19.9 h1:1IxuqvBUU3S2Bi4YC7tlP9SJF1gVpCvqN0T2Qof4az
 github.com/go-openapi/swag v0.19.9/go.mod h1:ao+8BpOPyKdpQz3AOJfbeEVpLmWAvlT1IfTe5McPyhY=
 github.com/go-openapi/swag v0.19.12 h1:Bc0bnY2c3AoF7Gc+IMIAQQsD8fLHjHpc19wXvYuayQI=
 github.com/go-openapi/swag v0.19.12/go.mod h1:eFdyEBkTdoAf/9RXBvj4cr1nH7GD8Kzo5HTt47gr72M=
+github.com/go-openapi/swag v0.19.13 h1:233UVgMy1DlmCYYfOiFpta6e2urloh+sEs5id6lyzog=
+github.com/go-openapi/swag v0.19.13/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ=
+github.com/go-openapi/swag v0.19.14 h1:gm3vOOXfiuw5i9p5N9xJvfjvuofpyvLA9Wr6QfK5Fng=
+github.com/go-openapi/swag v0.19.14/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ=
 github.com/go-openapi/validate v0.18.0/go.mod h1:Uh4HdOzKt19xGIGm1qHf/ofbX1YQ4Y+MYsct2VUrAJ4=
 github.com/go-openapi/validate v0.19.2/go.mod h1:1tRCw7m3jtI8eNWEEliiAqUIcBztB2KDnRCRMUi7GTA=
 github.com/go-openapi/validate v0.19.3/go.mod h1:90Vh6jjkTn+OT1Eefm0ZixWNFjhtOH7vS9k0lo6zwJo=
@ -258,10 +268,10 @@ github.com/go-openapi/validate v0.19.12 h1:mPLM/bfbd00PGOCJlU0yJL7IulkZ+q9VjPv7U
 github.com/go-openapi/validate v0.19.12/go.mod h1:Rzou8hA/CBw8donlS6WNEUQupNvUZ0waH08tGe6kAQ4=
 github.com/go-openapi/validate v0.19.15 h1:oUHZO8jD7p5oRLANlXF0U8ic9ePBUkDQyRZdN0EhL6M=
 github.com/go-openapi/validate v0.19.15/go.mod h1:tbn/fdOwYHgrhPBzidZfJC2MIVvs9GA7monOmWBbeCI=
-github.com/go-openapi/validate v0.20.0 h1:pzutNCCBZGZlE+u8HD3JZyWdc/TVbtVwlWUp8/vgUKk=
-github.com/go-openapi/validate v0.20.0/go.mod h1:b60iJT+xNNLfaQJUqLI7946tYiFEOuE9E4k54HpKcJ0=
 github.com/go-openapi/validate v0.20.1 h1:QGQ5CvK74E28t3DkegGweKR+auemUi5IdpMc4x3UW6s=
 github.com/go-openapi/validate v0.20.1/go.mod h1:b60iJT+xNNLfaQJUqLI7946tYiFEOuE9E4k54HpKcJ0=
+github.com/go-openapi/validate v0.20.2 h1:AhqDegYV3J3iQkMPJSXkvzymHKMTw0BST3RK3hTT4ts=
+github.com/go-openapi/validate v0.20.2/go.mod h1:e7OJoKNgd0twXZwIn0A43tHbvIcr/rZIVCbJBpTUoY0=
 github.com/go-redis/redis/v7 v7.2.0 h1:CrCexy/jYWZjW0AyVoHlcJUeZN19VWlbepTh1Vq6dJs=
 github.com/go-redis/redis/v7 v7.2.0/go.mod h1:JDNMw23GTyLNC4GZu9njt15ctBQVn7xjRfnwdHj/Dcg=
 github.com/go-redis/redis/v7 v7.4.0 h1:7obg6wUoj05T0EpY0o8B59S9w5yeMWql7sw2kwNW1x4=
@ -269,8 +279,8 @@ github.com/go-redis/redis/v7 v7.4.0/go.mod h1:JDNMw23GTyLNC4GZu9njt15ctBQVn7xjRf
 github.com/go-sql-driver/mysql v1.5.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg=
 github.com/go-stack/stack v1.8.0 h1:5SgMzNM5HxrEjV0ww2lTmX6E2Izsfxas4+YHWRs3Lsk=
 github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
-github.com/go-swagger/go-swagger v0.25.0 h1:FxhyrWWV8V/A9P6GtI5szWordAdbb6Y0nqdY/y9So2w=
-github.com/go-swagger/go-swagger v0.25.0/go.mod h1:9639ioXrPX9E6BbnbaDklGXjNz7upAXoNBwL4Ok11Vk=
+github.com/go-swagger/go-swagger v0.26.1 h1:1XUWLnH6hKxHzeKjJfA2gHkSqcT1Zgi4q/PZp2hDdN8=
+github.com/go-swagger/go-swagger v0.26.1/go.mod h1:zlf/LHplZpdtU2mYXg9Ajd3+9TgHYltv5f/pEM6LjnI=
 github.com/go-swagger/scan-repo-boundary v0.0.0-20180623220736-973b3573c013/go.mod h1:b65mBPzqzZWxOZGxSWrqs4GInLIn+u99Q9q7p+GKni0=
 github.com/gobuffalo/attrs v0.0.0-20190224210810-a9411de4debd/go.mod h1:4duuawTqi2wkkpB4ePgWMaai6/Kc6WEz83bhFwpHzj0=
 github.com/gobuffalo/depgen v0.0.0-20190329151759-d478694a28d3/go.mod h1:3STtPUQYuzV0gBVOY3vy6CfMm/ljR4pABfrTeHNLHUY=
@ -331,6 +341,8 @@ github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvq
 github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8=
 github.com/golang/protobuf v1.4.2 h1:+Z5KGCizgyZCbGh1KZqA0fcLLkwbsjIzS4aV2v7wJX0=
 github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
+github.com/golang/protobuf v1.4.3 h1:JjCZWpVbqXDqFVmTfYWEVTMIYrL/NPdPSCHPJ0T/raM=
+github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
 github.com/golang/snappy v0.0.1/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
 github.com/gomodule/redigo v1.7.1-0.20190322064113-39e2c31b7ca3 h1:6amM4HsNPOvMLVc2ZnyqrjeQ92YAVWn7T4WBKK87inY=
 github.com/gomodule/redigo v1.7.1-0.20190322064113-39e2c31b7ca3/go.mod h1:B4C85qUVwatsJoIUNIfCRsp7qO0iAmpGFZ4EELWSbC4=
@ -371,8 +383,6 @@ github.com/googleapis/gax-go/v2 v2.0.5 h1:sjZBwGj9Jlw33ImPtvFviGYvseOtDM7hkSKB7+
 github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
 github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1 h1:EGx4pi6eqNxGaHF6qqu48+N2wcFQ5qg5FXgOdqsJ5d8=
 github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
-github.com/gorilla/handlers v1.4.2 h1:0QniY0USkHQ1RGCLfKxeNHK9bkDHGRYGNDFBCS+YARg=
-github.com/gorilla/handlers v1.4.2/go.mod h1:Qkdc/uu4tH4g6mTK6auzZ766c4CA0Ng8+o/OAirnOIQ=
 github.com/gorilla/handlers v1.5.1 h1:9lRY6j8DEeeBT10CvO9hGW0gmky0BprnvDI5vfhUHH4=
 github.com/gorilla/handlers v1.5.1/go.mod h1:t8XrUpc4KVXb7HGyJ4/cEnwQiaxrX/hz1Zv/4g96P1Q=
 github.com/gorilla/websocket v1.4.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ=
@ -415,7 +425,6 @@ github.com/iris-contrib/go.uuid v2.0.0+incompatible/go.mod h1:iz2lgM/1UnEf1kP0L/
 github.com/iris-contrib/jade v1.1.3/go.mod h1:H/geBymxJhShH5kecoiOCSssPX7QWYH7UaeZTSWddIk=
 github.com/iris-contrib/pongo2 v0.0.1/go.mod h1:Ssh+00+3GAZqSQb30AvBRNxBx7rf0GqwkjqxNd0u65g=
 github.com/iris-contrib/schema v0.0.1/go.mod h1:urYA3uvUNG1TIIjOSCzHr9/LmbQo8LrOcOqfqxa4hXw=
-github.com/jessevdk/go-flags v1.4.0 h1:4IU2WS7AumrZ/40jfhf4QVDMsQwqA7VEHozFRrGARJA=
 github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI=
 github.com/jinzhu/copier v0.0.0-20190924061706-b57f9002281a h1:zPPuIq2jAWWPTrGt70eK/BSch+gFAGrNzecsoENgu2o=
 github.com/jinzhu/copier v0.0.0-20190924061706-b57f9002281a/go.mod h1:yL958EeXv8Ylng6IfnvG4oflryUi3vgA3xPs9hmII1s=
@ -483,6 +492,8 @@ github.com/mailru/easyjson v0.7.1 h1:mdxE1MF9o53iCb2Ghj1VfWvh7ZOwHpnVG/xwXrV90U8
 github.com/mailru/easyjson v0.7.1/go.mod h1:KAzv3t3aY1NaHWoQz1+4F1ccyAH66Jk7yos7ldAVICs=
 github.com/mailru/easyjson v0.7.6 h1:8yTIVnZgCoiM1TgqoeTl+LfU5Jg6/xL3QhGQnimLYnA=
 github.com/mailru/easyjson v0.7.6/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
+github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0=
+github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
 github.com/markbates/oncer v0.0.0-20181203154359-bf2de49a0be2/go.mod h1:Ld9puTsIW75CHf65OeIOkyKbteujpZVXDpWK6YGZbxE=
 github.com/markbates/safe v1.0.1/go.mod h1:nAqgmRi7cY2nqMc92/bSEeQA+R4OheNU2T1kNSCBdG0=
 github.com/matryer/is v1.2.0 h1:92UTHpy8CDwaJ08GqLDzhhuixiBUUD1p3AU6PHddz4A=
@ -544,13 +555,14 @@ github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1Cpa
 github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY=
 github.com/onsi/gomega v1.10.1 h1:o0+MgICZLuZ7xjH7Vx6zS/zcu93/BEp1VwkIW1mEXCE=
 github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo=
+github.com/opentracing/opentracing-go v1.2.0 h1:uEJPy/1a5RIPAJ0Ov+OIO8OxWu77jEv+1B0VhjKrZUs=
+github.com/opentracing/opentracing-go v1.2.0/go.mod h1:GxEUsuufX4nBwe+T+Wl9TAgYrxe9dPLANfrWvHYVTgc=
 github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
 github.com/pborman/uuid v1.2.0/go.mod h1:X/NO0urCmaxf9VXbdlT7C2Yzkj2IKimNn4k+gtPdI/k=
 github.com/pelletier/go-toml v1.2.0 h1:T5zMGML61Wp+FlcbWjRDT7yAxhJNAiPPLOFECq181zc=
 github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic=
 github.com/pelletier/go-toml v1.4.0/go.mod h1:PN7xzY2wHTK0K9p34ErDQMlFxa51Fk0OUruD3k1mMwo=
 github.com/pelletier/go-toml v1.7.0/go.mod h1:vwGMzjaWMwyfHwgIBhI2YUM4fB6nL6lVAvS1LBMMhTE=
-github.com/pelletier/go-toml v1.8.0/go.mod h1:D6yutnOGMveHEPV7VQOuvI/gXY61bv+9bAOTRnLElKs=
 github.com/pelletier/go-toml v1.8.1 h1:1Nf83orprkJyknT6h7zbuEGUEjcyVlCxSUGTENmNCRM=
 github.com/pelletier/go-toml v1.8.1/go.mod h1:T2/BmBdy8dvIRq1a/8aqjN41wvWlN4lrapLU/GW4pbc=
 github.com/pierrec/lz4 v2.5.2+incompatible h1:WCjObylUIOlKy/+7Abdn34TLIkXiA4UWUMhxq9m9ZXI=
@ -568,8 +580,8 @@ github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZN
 github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI=
 github.com/pquerna/cachecontrol v0.0.0-20180517163645-1555304b9b35 h1:J9b7z+QKAmPf4YLrFg6oQUotqHQeUNWwkvo7jZp1GLU=
 github.com/pquerna/cachecontrol v0.0.0-20180517163645-1555304b9b35/go.mod h1:prYjPmNq4d1NPVmpShWobRqXY3q7Vp+80DqgxxUrUIA=
-github.com/pquerna/cachecontrol v0.0.0-20200819021114-67c6ae64274f h1:JDEmUDtyiLMyMlFwiaDOv2hxUp35497fkwePcLeV7j4=
-github.com/pquerna/cachecontrol v0.0.0-20200819021114-67c6ae64274f/go.mod h1:hoLfEwdY11HjRfKFH6KqnPsfxlo3BP6bJehpDv8t6sQ=
+github.com/pquerna/cachecontrol v0.0.0-20200921180117-858c6e7e6b7e h1:BLqxdwZ6j771IpSCRx7s/GJjXHUE00Hmu7/YegCGdzA=
+github.com/pquerna/cachecontrol v0.0.0-20200921180117-858c6e7e6b7e/go.mod h1:hoLfEwdY11HjRfKFH6KqnPsfxlo3BP6bJehpDv8t6sQ=
 github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
 github.com/prometheus/client_golang v0.9.3/go.mod h1:/TN21ttK/J9q6uSwhBd54HahCDft0ttaMvbicHlPoso=
 github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
@ -580,8 +592,8 @@ github.com/prometheus/common v0.4.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y8
 github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
 github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
 github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU=
-github.com/recws-org/recws v1.2.2 h1:TkyyCEgMjsr1D2fnutY/DPhGnUKCLpJeXDAGy6rLmGE=
-github.com/recws-org/recws v1.2.2/go.mod h1:SxTgwQU/jqYSzEgUh4ifDxq/7enApS150f8nZ5Sczk8=
+github.com/recws-org/recws v1.2.1 h1:bYocRkAsS71hlQ9AMCVS+hYXHEgEyQsAbYKXf394gZ8=
+github.com/recws-org/recws v1.2.1/go.mod h1:SxTgwQU/jqYSzEgUh4ifDxq/7enApS150f8nZ5Sczk8=
 github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg=
 github.com/rogpeppe/go-internal v1.1.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
 github.com/rogpeppe/go-internal v1.2.2/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
@ -608,8 +620,6 @@ github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4k
 github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA=
 github.com/spf13/afero v1.1.2 h1:m8/z1t7/fwjysjQRYbP0RD+bUIF/8tJwPdEZsI83ACI=
 github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ=
-github.com/spf13/afero v1.3.2/go.mod h1:5KUK8ByomD5Ti5Artl0RtHeI5pTF7MIDuXL3yY520V4=
-github.com/spf13/afero v1.4.1 h1:asw9sl74539yqavKaglDM5hFpdJVK0Y5Dr/JOgQ89nQ=
 github.com/spf13/afero v1.4.1/go.mod h1:Ai8FlHk4v/PARR026UzYexafAt9roJ7LcLMAmO6Z93I=
 github.com/spf13/afero v1.5.1 h1:VHu76Lk0LSP1x254maIu2bplkWpfBWI+B+6fdoZprcg=
 github.com/spf13/afero v1.5.1/go.mod h1:Ai8FlHk4v/PARR026UzYexafAt9roJ7LcLMAmO6Z93I=
@ -630,7 +640,6 @@ github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An
 github.com/spf13/viper v1.3.2/go.mod h1:ZiWeW+zYFKm7srdB9IoDzzZXaJaI5eL9QjNiN/DMA2s=
 github.com/spf13/viper v1.6.3 h1:pDDu1OyEDTKzpJwdq4TiuLyMsUgRa/BT5cn5O62NoHs=
 github.com/spf13/viper v1.6.3/go.mod h1:jUMtyi0/lB5yZH/FjyGAoH7IMNrIhlBf6pXZmbMDvzw=
-github.com/spf13/viper v1.7.0/go.mod h1:8WkrPz2fc9jxqZNCJI/76HCieCp4Q8HaLFoCha5qpdg=
 github.com/spf13/viper v1.7.1 h1:pM5oEahlgWv/WnHXpgbKz7iLIxRf65tye2Ci+XFK5sk=
 github.com/spf13/viper v1.7.1/go.mod h1:8WkrPz2fc9jxqZNCJI/76HCieCp4Q8HaLFoCha5qpdg=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
@ -643,6 +652,8 @@ github.com/stretchr/testify v1.5.1 h1:nOGnQDM7FYENwehXlg/kFVnos3rEvtKTjRvOWSzb6H
 github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
 github.com/stretchr/testify v1.6.1 h1:hDPOHmpOpP40lSULcqw7IrRb/u7w6RpDC9399XyoNd0=
 github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY=
+github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/subosito/gotenv v1.2.0 h1:Slr1R9HxAlEKefgq5jn9U+DnETlIUa6HfgEzj0g5d7s=
 github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw=
 github.com/tidwall/pretty v1.0.0 h1:HsD+QiTn7sK6flMKIvNmpqz1qrpP3Ps6jOKIKMooyg4=
@ -691,11 +702,13 @@ go.mongodb.org/mongo-driver v1.1.1/go.mod h1:u7ryQJ+DOzQmeO7zB6MHyr8jkEQvC8vH7qL
 go.mongodb.org/mongo-driver v1.3.0/go.mod h1:MSWZXKOynuguX+JSvwP8i+58jYCXxbia8HS3gZBapIE=
 go.mongodb.org/mongo-driver v1.3.4 h1:zs/dKNwX0gYUtzwrN9lLiR15hCO0nDwQj5xXx+vjCdE=
 go.mongodb.org/mongo-driver v1.3.4/go.mod h1:MSWZXKOynuguX+JSvwP8i+58jYCXxbia8HS3gZBapIE=
-go.mongodb.org/mongo-driver v1.3.5/go.mod h1:Ual6Gkco7ZGQw8wE1t4tLnvBsf6yVSM60qW6TgOeJ5c=
 go.mongodb.org/mongo-driver v1.4.3 h1:moga+uhicpVshTyaqY9L23E6QqwcHRUv1sqyOsoyOO8=
 go.mongodb.org/mongo-driver v1.4.3/go.mod h1:WcMNYLx/IlOxLe6JRJiv2uXuCz6zBLndR4SoGjYphSc=
 go.mongodb.org/mongo-driver v1.4.4 h1:bsPHfODES+/yx2PCWzUYMH8xj6PVniPI8DQrsJuSXSs=
 go.mongodb.org/mongo-driver v1.4.4/go.mod h1:WcMNYLx/IlOxLe6JRJiv2uXuCz6zBLndR4SoGjYphSc=
+go.mongodb.org/mongo-driver v1.4.5/go.mod h1:WcMNYLx/IlOxLe6JRJiv2uXuCz6zBLndR4SoGjYphSc=
+go.mongodb.org/mongo-driver v1.4.6 h1:rh7GdYmDrb8AQSkF8yteAus8qYOgOASWDOv1BWqBXkU=
+go.mongodb.org/mongo-driver v1.4.6/go.mod h1:WcMNYLx/IlOxLe6JRJiv2uXuCz6zBLndR4SoGjYphSc=
 go.opencensus.io v0.21.0 h1:mU6zScU4U1YAFPHEHYk+3JC4SY7JxgkqS10ZOSyksNg=
 go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
 go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
@ -706,7 +719,6 @@ go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
 go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
 go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0=
 go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q=
-goauthentik.io/outpost v0.0.0-20210108085217-fd6d99f4f999 h1:XYHeaZx7fm4JNx77MHMO6ek/Gdp+sZa2jIJyjC294Gw=
 golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20181029021203-45a5f77698d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
@ -724,9 +736,8 @@ golang.org/x/crypto v0.0.0-20190820162420-60c769a6c586/go.mod h1:yigFU9vqHzYiE8U
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20191227163750-53104e6ec876/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.0.0-20200709230013-948cd5f35899/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de h1:ikNHVSjEfnvz6sxdSPCaPt572qowuyMDMJLLm3Db3ig=
-golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.0.0-20201124201722-c8d3bf9c5392 h1:xYJJ3S178yv++9zXV/hnr29plCAGO9vAFG9dorqaFQc=
+golang.org/x/crypto v0.0.0-20201124201722-c8d3bf9c5392/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
@ -759,8 +770,6 @@ golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzB
 golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.3.0 h1:RM4zey1++hCTbCVQfnWeKs9/IEsaBLA8vTkd0WVtmH4=
 golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/mod v0.4.0 h1:8pl+sMODzuvGJkmj2W4kZihvVb5mKm8pB/X44PIQHv8=
-golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.1 h1:Kvvh58BN8Y9/lBi7hTekvtMpm07eUZ0ck5pRHpsMWrY=
 golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@ -806,14 +815,15 @@ golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2/go.mod h1:qpuaurCH72eLCgpAm/
 golang.org/x/net v0.0.0-20200602114024-627f9648deb9/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
 golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
 golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
-golang.org/x/net v0.0.0-20200813134508-3edf25e44fcc h1:zK/HqS5bZxDptfPJNq8v7vJfXtkU7r9TLIoSr1bXaP4=
-golang.org/x/net v0.0.0-20200813134508-3edf25e44fcc/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
+golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
 golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.0.0-20201110031124-69a78807bb2b h1:uwuIcX0g4Yl1NC5XAz37xsr2lTtcqevgzYNVt49waME=
 golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.0.0-20201202161906-c7110b5ffcbb/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.0.0-20201224014010-6772e930b67b h1:iFwSg7t5GZmB/Q5TjiEAsdoLDrdJRC1RiF2WhuV29Qw=
 golang.org/x/net v0.0.0-20201224014010-6772e930b67b/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
+golang.org/x/net v0.0.0-20210119194325-5f4716e94777 h1:003p0dJM77cxMSyCPFphvZf/Y5/NXf5fzg6ufd1/Oew=
+golang.org/x/net v0.0.0-20210119194325-5f4716e94777/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45 h1:SVwTIAaPC2U/AvvLNZ2a7OVsmBpC8L5BlwK1whH3hm0=
@ -821,6 +831,8 @@ golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4Iltr
 golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d h1:TzXSXBo42m9gQenoE3b9BGiEpg5IG2JkU5FkPIawgtw=
 golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
+golang.org/x/oauth2 v0.0.0-20201109201403-9fd604954f58 h1:Mj83v+wSRNEar42a/MQgxk9X42TdEmrOl9i+y8WbxLo=
+golang.org/x/oauth2 v0.0.0-20201109201403-9fd604954f58/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@ -881,18 +893,14 @@ golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20200519105757-fe76b779f299 h1:DYfZAGf2WMFjMxbgTjaC+2HC7NkNAQs+6Q8b9WEB/F4=
 golang.org/x/sys v0.0.0-20200519105757-fe76b779f299/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200625212154-ddb9806d33ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20201126233918-771906719818 h1:f1CIuDlJhwANEC2MM87MBEVMr3jl5bifgsfj90XAF9c=
 golang.org/x/sys v0.0.0-20201126233918-771906719818/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20201223074533-0d417f636930 h1:vRgIt+nup/B/BwIS0g2oC0haq0iqbV3ZA+u6+0TlNCo=
-golang.org/x/sys v0.0.0-20201223074533-0d417f636930/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210108172913-0df2131ae363 h1:wHn06sgWHMO1VsQ8F+KzDJx/JzqfsNLnc+oEi07qD7s=
-golang.org/x/sys v0.0.0-20210108172913-0df2131ae363/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210113181707-4bcb84eeeb78 h1:nVuTkr9L6Bq62qpUqKo/RnZCFfzDBL0bYo6w9OJUqZY=
-golang.org/x/sys v0.0.0-20210113181707-4bcb84eeeb78/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c h1:VwygUrnw9jn88c4u8GD3rZQbqrP/tgas88tPUbBxQrk=
+golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@ -959,17 +967,13 @@ golang.org/x/tools v0.0.0-20200501065659-ab2804fb9c9d/go.mod h1:EkVYQZoAsY45+roY
 golang.org/x/tools v0.0.0-20200512131952-2bc93b1c0c88/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20200515010526-7d3b6ebf133d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20200618134242-20370b0cb4b2/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
-golang.org/x/tools v0.0.0-20200717024301-6ddee64345a6/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
 golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
 golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
-golang.org/x/tools v0.0.0-20200817023811-d00afeaade8f h1:33yHANSyO/TeglgY9rBhUpX43wtonTXoFOsMRtNB6qE=
-golang.org/x/tools v0.0.0-20200817023811-d00afeaade8f/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
-golang.org/x/tools v0.0.0-20201226215659-b1c90890d22a h1:pdfjQ7VswBeGam3EpuEJ4e8EAb7JgaubV570LO/SIQM=
-golang.org/x/tools v0.0.0-20201226215659-b1c90890d22a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
-golang.org/x/tools v0.0.0-20210108195828-e2f9c7f1fc8e h1:Z2uDrs8MyXUWJbwGc4V+nGjV4Ygo+oubBbWSVQw21/I=
-golang.org/x/tools v0.0.0-20210108195828-e2f9c7f1fc8e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
-golang.org/x/tools v0.0.0-20210115202250-e0d201561e39 h1:BTs2GMGSMWpgtCpv1CE7vkJTv7XcHdcLLnAMu7UbgTY=
-golang.org/x/tools v0.0.0-20210115202250-e0d201561e39/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
+golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
+golang.org/x/tools v0.0.0-20201125231158-b5590deeca9b h1:Lq5JUTFhiybGVf28jB6QRpqd13/JPOaCnET17PVzYJE=
+golang.org/x/tools v0.0.0-20201125231158-b5590deeca9b/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
+golang.org/x/tools v0.1.0 h1:po9/4sTYwZU9lPhi1tOrb4hCv3qrhiQ77LZfGa2OjwY=
+golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7 h1:9zdDQZ7Thm29KFXgAX/+yaf3eVbP7djjWp/dXAppNCc=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
@ -1004,6 +1008,8 @@ google.golang.org/appengine v1.6.5 h1:tycE03LOZYQNhDpS27tcQdAzLCVMaj7QT2SXxebnpC
 google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
 google.golang.org/appengine v1.6.6 h1:lMO5rYAqUxkmaj76jAkRUvt5JZgFymx/+Q5Mzfivuhc=
 google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
+google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c=
+google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
 google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
 google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
 google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
@ -1033,8 +1039,8 @@ google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEY
 google.golang.org/genproto v0.0.0-20200618031413-b414f8b61790/go.mod h1:jDfRM7FcilCzHH/e9qn6dsT145K34l5v+OpcnNgKAAA=
 google.golang.org/genproto v0.0.0-20200729003335-053ba62fc06f/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20200815001618-f69a88009b70 h1:wboULUXGF3c5qdUnKp+6gLAccE6PRpa/czkYvQ4UXv8=
-google.golang.org/genproto v0.0.0-20200815001618-f69a88009b70/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20200825200019-8632dd797987 h1:PDIOdWxZ8eRizhKa1AAvY53xsvLB1cWorMjslvY3VA8=
+google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
 google.golang.org/grpc v1.21.0/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
@ -1078,7 +1084,6 @@ gopkg.in/go-playground/validator.v8 v8.18.2/go.mod h1:RX2a/7Ha8BgOhfk7j780h4/u/R
 gopkg.in/ini.v1 v1.51.0 h1:AQvPpx3LzTDM0AjnIRlVFwFFGC+npRopjZxLJj6gdno=
 gopkg.in/ini.v1 v1.51.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
 gopkg.in/ini.v1 v1.51.1/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
-gopkg.in/ini.v1 v1.57.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
 gopkg.in/ini.v1 v1.62.0 h1:duBzk771uxoUuOlyRLkHsygud9+5lrlGjdFBb4mSKDU=
 gopkg.in/ini.v1 v1.62.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
 gopkg.in/mgo.v2 v2.0.0-20180705113604-9856a29383ce/go.mod h1:yeKp02qBN3iKW1OzL3MGk2IdtZzaj7SFntXj72NppTA=
@ -1108,6 +1113,8 @@ gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C
 gopkg.in/yaml.v3 v3.0.0-20200605160147-a5ece683394c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776 h1:tQIYjPdBoyREyB9XMu+nnTclpTYkz2zFM+lzLJFO4gQ=
 gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b h1:h8qDotaEPuJATrMmW04NCwg7v22aHH28wwpauUhK9Oo=
+gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
--- a/outpost/pkg/ak/api.go
+++ b/outpost/pkg/ak/api.go
@ -49,12 +49,14 @@ func NewAPIController(pbURL url.URL, token string) *APIController {
 	// create the API client, with the transport
 	apiClient := client.New(transport, strfmt.Default)

+	log := log.WithField("logger", "authentik.outpost.ak-api-controller")
+
 	// Because we don't know the outpost UUID, we simply do a list and pick the first
 	// The service account this token belongs to should only have access to a single outpost
 	outposts, err := apiClient.Outposts.OutpostsOutpostsList(outposts.NewOutpostsOutpostsListParams(), auth)

 	if err != nil {
-		panic(err)
+		log.WithError(err).Panic("Failed to fetch configuration")
 	}
 	outpost := outposts.Payload.Results[0]
 	doGlobalSetup(outpost.Config.(map[string]interface{}))
@ -64,7 +66,7 @@ func NewAPIController(pbURL url.URL, token string) *APIController {
 		Auth:   auth,
 		token:  token,

-		logger: log.WithField("component", "ak-api-controller"),
+		logger: log,

 		reloadOffset: time.Duration(rand.Intn(10)) * time.Second,

--- a/outpost/pkg/ak/api_ws.go
+++ b/outpost/pkg/ak/api_ws.go
@ -40,7 +40,7 @@ func (ac *APIController) initWS(pbURL url.URL, outpostUUID strfmt.UUID) {
 	}
 	ws.Dial(fmt.Sprintf(pathTemplate, scheme, pbURL.Host, outpostUUID.String()), header)

-	ac.logger.WithField("component", "ak-ws").WithField("outpost", outpostUUID.String()).Debug("connecting to authentik")
+	ac.logger.WithField("logger", "authentik.outpost.ak-ws").WithField("outpost", outpostUUID.String()).Debug("connecting to authentik")

 	ac.wsConn = ws
 	// Send hello message with our version
@ -52,7 +52,7 @@ func (ac *APIController) initWS(pbURL url.URL, outpostUUID strfmt.UUID) {
 	}
 	err := ws.WriteJSON(msg)
 	if err != nil {
-		ac.logger.WithField("component", "ak-ws").WithError(err).Warning("Failed to hello to authentik")
+		ac.logger.WithField("logger", "authentik.outpost.ak-ws").WithError(err).Warning("Failed to hello to authentik")
 	}
 }

--- a/outpost/pkg/ak/global.go
+++ b/outpost/pkg/ak/global.go
@ -13,7 +13,12 @@ import (
 )

 func doGlobalSetup(config map[string]interface{}) {
-	log.SetFormatter(&log.JSONFormatter{})
+	log.SetFormatter(&log.JSONFormatter{
+		FieldMap: log.FieldMap{
+			log.FieldKeyMsg:  "event",
+			log.FieldKeyTime: "timestamp",
+		},
+	})
 	switch config[ConfigLogLevel].(string) {
 	case "debug":
 		log.SetLevel(log.DebugLevel)
--- a/outpost/pkg/proxy/api.go
+++ b/outpost/pkg/proxy/api.go
@ -31,7 +31,7 @@ func (s *Server) bundleProviders(providers []*models.ProxyOutpostConfig) []*prov
 		bundles[idx] = &providerBundle{
 			s:    s,
 			Host: externalHost.Host,
-			log:  log.WithField("component", "proxy-bundle").WithField("provider", provider.Name),
+			log:  log.WithField("logger", "authentik.outpost.proxy-bundle").WithField("provider", provider.Name),
 		}
 		bundles[idx].Build(provider)
 	}
--- a/outpost/pkg/proxy/api_bundle.go
+++ b/outpost/pkg/proxy/api_bundle.go
@ -68,7 +68,7 @@ func (pb *providerBundle) prepareOpts(provider *models.ProxyOutpostConfig) *opti

 	if provider.Certificate != nil {
 		pb.log.WithField("provider", provider.ClientID).Debug("Enabling TLS")
-		cert, err := pb.s.ak.Client.Crypto.CryptoCertificatekeypairsRead(&crypto.CryptoCertificatekeypairsReadParams{
+		cert, err := pb.s.ak.Client.Crypto.CryptoCertificatekeypairsViewCertificate(&crypto.CryptoCertificatekeypairsViewCertificateParams{
 			Context: context.Background(),
 			KpUUID:  *provider.Certificate,
 		}, pb.s.ak.Auth)
@ -76,13 +76,22 @@ func (pb *providerBundle) prepareOpts(provider *models.ProxyOutpostConfig) *opti
 			pb.log.WithField("provider", provider.ClientID).WithError(err).Warning("Failed to fetch certificate")
 			return providerOpts
 		}
-		x509cert, err := tls.X509KeyPair([]byte(*cert.Payload.CertificateData), []byte(cert.Payload.KeyData))
+		key, err := pb.s.ak.Client.Crypto.CryptoCertificatekeypairsViewPrivateKey(&crypto.CryptoCertificatekeypairsViewPrivateKeyParams{
+			Context: context.Background(),
+			KpUUID:  *provider.Certificate,
+		}, pb.s.ak.Auth)
+		if err != nil {
+			pb.log.WithField("provider", provider.ClientID).WithError(err).Warning("Failed to fetch private key")
+			return providerOpts
+		}
+
+		x509cert, err := tls.X509KeyPair([]byte(*&cert.Payload.Data), []byte(key.Payload.Data))
 		if err != nil {
 			pb.log.WithField("provider", provider.ClientID).WithError(err).Warning("Failed to parse certificate")
 			return providerOpts
 		}
 		pb.cert = &x509cert
-		pb.log.WithField("provider", provider.ClientID).WithField("certificate-key-pair", *cert.Payload.Name).Debug("Loaded certificates")
+		pb.log.WithField("provider", provider.ClientID).Debug("Loaded certificates")
 	}
 	return providerOpts
 }
@ -120,7 +129,7 @@ func (pb *providerBundle) Build(provider *models.ProxyOutpostConfig) {
 		log.Printf("%s", err)
 		os.Exit(1)
 	}
-	oauthproxy, err := NewOAuthProxy(opts)
+	oauthproxy, err := NewOAuthProxy(opts, provider)
 	if err != nil {
 		log.Errorf("ERROR: Failed to initialise OAuth2 Proxy: %v", err)
 		os.Exit(1)
--- a/outpost/pkg/proxy/middleware.go
+++ b/outpost/pkg/proxy/middleware.go
@ -95,7 +95,7 @@ type loggingHandler struct {
 func LoggingHandler(h http.Handler) http.Handler {
 	return loggingHandler{
 		handler: h,
-		logger:  log.WithField("component", "proxy-http-server"),
+		logger:  log.WithField("logger", "authentik.outpost.proxy-http-server"),
 	}
 }

@ -104,19 +104,17 @@ func (h loggingHandler) ServeHTTP(w http.ResponseWriter, req *http.Request) {
 	url := *req.URL
 	responseLogger := &responseLogger{w: w}
 	h.handler.ServeHTTP(responseLogger, req)
-	duration := float64(time.Since(t)) / float64(time.Second)
+	duration := float64(time.Since(t)) / float64(time.Millisecond)
 	h.logger.WithFields(log.Fields{
-		"Client":          req.RemoteAddr,
-		"Host":            req.Host,
-		"Protocol":        req.Proto,
-		"RequestDuration": fmt.Sprintf("%0.3f", duration),
-		"RequestMethod":   req.Method,
-		"ResponseSize":    responseLogger.Size(),
-		"StatusCode":      responseLogger.Status(),
-		"Timestamp":       t,
-		"Upstream":        responseLogger.upstream,
-		"UserAgent":       req.UserAgent(),
-		"Username":        responseLogger.authInfo,
+		"host":              req.RemoteAddr,
+		"vhost":             req.Host,
+		"request_protocol":  req.Proto,
+		"runtime":           fmt.Sprintf("%0.3f", duration),
+		"method":            req.Method,
+		"size":              responseLogger.Size(),
+		"status":            responseLogger.Status(),
+		"upstream":          responseLogger.upstream,
+		"request_useragent": req.UserAgent(),
+		"request_username":  responseLogger.authInfo,
 	}).Info(url.RequestURI())
-	// logger.PrintReq(responseLogger.authInfo, responseLogger.upstream, req, url, t, , )
 }
--- a/outpost/pkg/proxy/proxy.go
+++ b/outpost/pkg/proxy/proxy.go
@ -21,6 +21,7 @@ import (
 	"github.com/oauth2-proxy/oauth2-proxy/pkg/sessions"
 	"github.com/oauth2-proxy/oauth2-proxy/pkg/upstream"
 	"github.com/oauth2-proxy/oauth2-proxy/providers"
+	"goauthentik.io/outpost/pkg/models"

 	log "github.com/sirupsen/logrus"
 )
@ -92,8 +93,8 @@ type OAuthProxy struct {
 }

 // NewOAuthProxy creates a new instance of OAuthProxy from the options provided
-func NewOAuthProxy(opts *options.Options) (*OAuthProxy, error) {
-	logger := log.WithField("component", "proxy").WithField("client-id", opts.ClientID)
+func NewOAuthProxy(opts *options.Options, provider *models.ProxyOutpostConfig) (*OAuthProxy, error) {
+	logger := log.WithField("logger", "authentik.outpost.proxy").WithField("provider", provider.Name)
 	sessionStore, err := sessions.NewSessionStore(&opts.Session, &opts.Cookie)
 	if err != nil {
 		return nil, fmt.Errorf("error initialising session store: %v", err)
@ -434,6 +435,7 @@ func (p *OAuthProxy) addHeadersForProxying(rw http.ResponseWriter, req *http.Req
 		authVal := b64.StdEncoding.EncodeToString([]byte(username + ":" + password))
 		req.Header["Authorization"] = []string{fmt.Sprintf("Basic %s", authVal)}
 	}
+	rw.Header().Set("GAP-Auth", session.PreferredUsername)
 	// Check if user has additional headers set that we should sent
 	if additionalHeaders, ok := userAttributes["additionalHeaders"].(map[string]string); ok {
 		if additionalHeaders == nil {
--- a/outpost/pkg/proxy/server.go
+++ b/outpost/pkg/proxy/server.go
@ -6,6 +6,7 @@ import (
 	"errors"
 	"net"
 	"net/http"
+	"strings"
 	"time"

 	log "github.com/sirupsen/logrus"
@ -30,7 +31,7 @@ func NewServer(ac *ak.APIController) *Server {
 	}
 	return &Server{
 		Handlers:    make(map[string]*providerBundle),
-		logger:      log.WithField("component", "proxy-http-server"),
+		logger:      log.WithField("logger", "authentik.outpost.proxy-http-server"),
 		defaultCert: defaultCert,
 		ak:          ac,
 	}
@ -50,12 +51,15 @@ func (s *Server) handler(w http.ResponseWriter, r *http.Request) {
 				return
 			}
 		}
-		s.logger.WithField("host", r.Host).Debug("Host header does not match any we know of")
-		s.logger.Printf("%v+\n", s.Handlers)
-		w.WriteHeader(400)
+		// Get a list of all host keys we know
+		hostKeys := make([]string, 0, len(s.Handlers))
+		for k := range s.Handlers {
+			hostKeys = append(hostKeys, k)
+		}
+		s.logger.WithField("host", r.Host).WithField("known-hosts", strings.Join(hostKeys, ", ")).Debug("Host header does not match any we know of")
+		w.WriteHeader(404)
 		return
 	}
-	s.logger.WithField("host", r.Host).Debug("passing request from host head")
 	handler.ServeHTTP(w, r)
 }

--- a/outpost/pkg/version.go
+++ b/outpost/pkg/version.go
@ -1,3 +1,3 @@
 package pkg

-const VERSION = "2021.2.1-stable"
+const VERSION = "2021.2.6-stable"
--- a/swagger.yaml
+++ b/swagger.yaml
@ -565,9 +565,9 @@ paths:
      parameters: []
      responses:
        '200':
-          description: ''
+          description: Show token's current key
          schema:
-            $ref: '#/definitions/Token'
+            $ref: '#/definitions/TokenView'
      tags:
        - core
    parameters:
@ -863,6 +863,44 @@ paths:
        required: true
        type: string
        format: uuid
+  /crypto/certificatekeypairs/{kp_uuid}/view_certificate/:
+    get:
+      operationId: crypto_certificatekeypairs_view_certificate
+      description: Return certificate-key pairs certificate and log access
+      parameters: []
+      responses:
+        '200':
+          description: Get CertificateKeyPair's data
+          schema:
+            $ref: '#/definitions/CertificateData'
+      tags:
+        - crypto
+    parameters:
+      - name: kp_uuid
+        in: path
+        description: A UUID string identifying this Certificate-Key Pair.
+        required: true
+        type: string
+        format: uuid
+  /crypto/certificatekeypairs/{kp_uuid}/view_private_key/:
+    get:
+      operationId: crypto_certificatekeypairs_view_private_key
+      description: Return certificate-key pairs private key and log access
+      parameters: []
+      responses:
+        '200':
+          description: Get CertificateKeyPair's data
+          schema:
+            $ref: '#/definitions/CertificateData'
+      tags:
+        - crypto
+    parameters:
+      - name: kp_uuid
+        in: path
+        description: A UUID string identifying this Certificate-Key Pair.
+        required: true
+        type: string
+        format: uuid
  /events/events/:
    get:
      operationId: events_events_list
@ -4274,6 +4312,47 @@ paths:
      tags:
        - providers
    parameters: []
+  /providers/all/types/:
+    get:
+      operationId: providers_all_types
+      description: Get all creatable provider types
+      parameters:
+        - name: application__isnull
+          in: query
+          description: ''
+          required: false
+          type: string
+        - name: ordering
+          in: query
+          description: Which field to use when ordering the results.
+          required: false
+          type: string
+        - name: search
+          in: query
+          description: A search term.
+          required: false
+          type: string
+        - name: page
+          in: query
+          description: A page number within the paginated result set.
+          required: false
+          type: integer
+        - name: page_size
+          in: query
+          description: Number of results to return per page.
+          required: false
+          type: integer
+      responses:
+        '200':
+          description: Types of an object that can be created
+          schema:
+            description: ''
+            type: array
+            items:
+              $ref: '#/definitions/TypeCreate'
+      tags:
+        - providers
+    parameters: []
  /providers/all/{id}/:
    get:
      operationId: providers_all_read
@ -4830,6 +4909,42 @@ paths:
      tags:
        - sources
    parameters: []
+  /sources/all/types/:
+    get:
+      operationId: sources_all_types
+      description: Get all creatable source types
+      parameters:
+        - name: ordering
+          in: query
+          description: Which field to use when ordering the results.
+          required: false
+          type: string
+        - name: search
+          in: query
+          description: A search term.
+          required: false
+          type: string
+        - name: page
+          in: query
+          description: A page number within the paginated result set.
+          required: false
+          type: integer
+        - name: page_size
+          in: query
+          description: Number of results to return per page.
+          required: false
+          type: integer
+      responses:
+        '200':
+          description: Types of an object that can be created
+          schema:
+            description: ''
+            type: array
+            items:
+              $ref: '#/definitions/TypeCreate'
+      tags:
+        - sources
+    parameters: []
  /sources/all/{slug}/:
    get:
      operationId: sources_all_read
@ -4917,7 +5032,7 @@ paths:
      tags:
        - sources
    parameters: []
-  /sources/ldap/{pbm_uuid}/:
+  /sources/ldap/{slug}/:
    get:
      operationId: sources_ldap_read
      description: LDAP Source Viewset
@ -4971,12 +5086,33 @@ paths:
      tags:
        - sources
    parameters:
-      - name: pbm_uuid
+      - name: slug
        in: path
-        description: A UUID string identifying this LDAP Source.
+        description: Internal source name, used in URLs.
        required: true
        type: string
-        format: uuid
+        format: slug
+        pattern: ^[-a-zA-Z0-9_]+$
+  /sources/ldap/{slug}/sync_status/:
+    get:
+      operationId: sources_ldap_sync_status
+      description: Get source's sync status
+      parameters: []
+      responses:
+        '200':
+          description: LDAP Sync status
+          schema:
+            $ref: '#/definitions/LDAPSourceSyncStatus'
+      tags:
+        - sources
+    parameters:
+      - name: slug
+        in: path
+        description: Internal source name, used in URLs.
+        required: true
+        type: string
+        format: slug
+        pattern: ^[-a-zA-Z0-9_]+$
  /sources/oauth/:
    get:
      operationId: sources_oauth_list
@ -5044,7 +5180,7 @@ paths:
      tags:
        - sources
    parameters: []
-  /sources/oauth/{pbm_uuid}/:
+  /sources/oauth/{slug}/:
    get:
      operationId: sources_oauth_read
      description: Source Viewset
@ -5098,12 +5234,13 @@ paths:
      tags:
        - sources
    parameters:
-      - name: pbm_uuid
+      - name: slug
        in: path
-        description: A UUID string identifying this Generic OAuth Source.
+        description: Internal source name, used in URLs.
        required: true
        type: string
-        format: uuid
+        format: slug
+        pattern: ^[-a-zA-Z0-9_]+$
  /sources/saml/:
    get:
      operationId: sources_saml_list
@ -5171,7 +5308,7 @@ paths:
      tags:
        - sources
    parameters: []
-  /sources/saml/{pbm_uuid}/:
+  /sources/saml/{slug}/:
    get:
      operationId: sources_saml_read
      description: SAMLSource Viewset
@ -5225,12 +5362,13 @@ paths:
      tags:
        - sources
    parameters:
-      - name: pbm_uuid
+      - name: slug
        in: path
-        description: A UUID string identifying this SAML Source.
+        description: Internal source name, used in URLs.
        required: true
        type: string
-        format: uuid
+        format: slug
+        pattern: ^[-a-zA-Z0-9_]+$
  /stages/all/:
    get:
      operationId: stages_all_list
@ -7690,6 +7828,15 @@ definitions:
      description:
        title: Description
        type: string
+  TokenView:
+    description: Show token's current key
+    type: object
+    properties:
+      key:
+        title: Key
+        type: string
+        readOnly: true
+        minLength: 1
  User:
    description: User Serializer
    required:
@ -7743,6 +7890,10 @@ definitions:
        title: Name
        type: string
        minLength: 1
+      fingerprint:
+        title: Fingerprint
+        type: string
+        readOnly: true
      certificate_data:
        title: Certificate data
        description: PEM-encoded Certificate data
@ -7753,6 +7904,24 @@ definitions:
        description: Optional Private Key. If this is set, you can use this keypair
          for encryption.
        type: string
+      cert_expiry:
+        title: Cert expiry
+        type: string
+        format: date-time
+        readOnly: true
+      cert_subject:
+        title: Cert subject
+        type: string
+        readOnly: true
+  CertificateData:
+    description: Get CertificateKeyPair's data
+    type: object
+    properties:
+      data:
+        title: Data
+        type: string
+        readOnly: true
+        minLength: 1
  Event:
    description: Event Serializer
    required:
@ -7778,7 +7947,7 @@ definitions:
          - user_write
          - suspicious_request
          - password_set
-          - token_view
+          - secret_view
          - invitation_used
          - authorize_application
          - source_linked
@ -8549,7 +8718,7 @@ definitions:
          - user_write
          - suspicious_request
          - password_set
-          - token_view
+          - secret_view
          - invitation_used
          - authorize_application
          - source_linked
@ -8913,6 +9082,25 @@ definitions:
        title: Verbose name plural
        type: string
        readOnly: true
+  TypeCreate:
+    description: Types of an object that can be created
+    type: object
+    properties:
+      name:
+        title: Name
+        type: string
+        readOnly: true
+        minLength: 1
+      description:
+        title: Description
+        type: string
+        readOnly: true
+        minLength: 1
+      link:
+        title: Link
+        type: string
+        readOnly: true
+        minLength: 1
  OAuth2Provider:
    description: OAuth2Provider Serializer
    required:
@ -9504,6 +9692,15 @@ definitions:
          type: string
          format: uuid
        uniqueItems: true
+  LDAPSourceSyncStatus:
+    description: LDAP Sync status
+    type: object
+    properties:
+      last_sync:
+        title: Last sync
+        type: string
+        format: date-time
+        readOnly: true
  OAuthSource:
    description: OAuth Source Serializer
    required:
@ -9599,6 +9796,10 @@ definitions:
        title: Consumer secret
        type: string
        minLength: 1
+      callback_url:
+        title: Callback url
+        type: string
+        readOnly: true
  SAMLSource:
    description: SAMLSource Serializer
    required:
--- a/web/package-lock.json
+++ b/web/package-lock.json
@ -245,6 +245,24 @@
                }
            }
        },
+        "@sentry/integrations": {
+            "version": "6.2.0",
+            "resolved": "https://registry.npmjs.org/@sentry/integrations/-/integrations-6.2.0.tgz",
+            "integrity": "sha512-gvAhP61qs2fog2xCTDs94ZT8cZbWEjFZmOWfT1VXlZDIVopIporj5Qe6IgrLTiCWL61Yko5h5nFnPZ4mpjf+0w==",
+            "requires": {
+                "@sentry/types": "6.2.0",
+                "@sentry/utils": "6.2.0",
+                "localforage": "^1.8.1",
+                "tslib": "^1.9.3"
+            },
+            "dependencies": {
+                "tslib": {
+                    "version": "1.14.1",
+                    "resolved": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz",
+                    "integrity": "sha512-Xni35NKzjgMrwevysHTCArtLDpPvye8zV/0E4EyYn43P7/7qvQwPh9BGkHewbMulVntbigmcT7rdX3BNo9wRJg=="
+                }
+            }
+        },
        "@sentry/minimal": {
            "version": "6.1.0",
            "resolved": "https://registry.npmjs.org/@sentry/minimal/-/minimal-6.1.0.tgz",
@ -409,13 +427,13 @@
            }
        },
        "@typescript-eslint/eslint-plugin": {
-            "version": "4.14.2",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-4.14.2.tgz",
-            "integrity": "sha512-uMGfG7GFYK/nYutK/iqYJv6K/Xuog/vrRRZX9aEP4Zv1jsYXuvFUMDFLhUnc8WFv3D2R5QhNQL3VYKmvLS5zsQ==",
+            "version": "4.15.0",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-4.15.0.tgz",
+            "integrity": "sha512-DJgdGZW+8CFUTz5C/dnn4ONcUm2h2T0itWD85Ob5/V27Ndie8hUoX5HKyGssvR8sUMkAIlUc/AMK67Lqa3kBIQ==",
            "dev": true,
            "requires": {
-                "@typescript-eslint/experimental-utils": "4.14.2",
-                "@typescript-eslint/scope-manager": "4.14.2",
+                "@typescript-eslint/experimental-utils": "4.15.0",
+                "@typescript-eslint/scope-manager": "4.15.0",
                "debug": "^4.1.1",
                "functional-red-black-tree": "^1.0.1",
                "lodash": "^4.17.15",
@ -425,59 +443,115 @@
            }
        },
        "@typescript-eslint/experimental-utils": {
-            "version": "4.14.2",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/experimental-utils/-/experimental-utils-4.14.2.tgz",
-            "integrity": "sha512-mV9pmET4C2y2WlyHmD+Iun8SAEqkLahHGBkGqDVslHkmoj3VnxnGP4ANlwuxxfq1BsKdl/MPieDbohCEQgKrwA==",
+            "version": "4.15.0",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/experimental-utils/-/experimental-utils-4.15.0.tgz",
+            "integrity": "sha512-V4vaDWvxA2zgesg4KPgEGiomWEBpJXvY4ZX34Y3qxK8LUm5I87L+qGIOTd9tHZOARXNRt9pLbblSKiYBlGMawg==",
            "dev": true,
            "requires": {
                "@types/json-schema": "^7.0.3",
-                "@typescript-eslint/scope-manager": "4.14.2",
-                "@typescript-eslint/types": "4.14.2",
-                "@typescript-eslint/typescript-estree": "4.14.2",
+                "@typescript-eslint/scope-manager": "4.15.0",
+                "@typescript-eslint/types": "4.15.0",
+                "@typescript-eslint/typescript-estree": "4.15.0",
                "eslint-scope": "^5.0.0",
                "eslint-utils": "^2.0.0"
            }
        },
        "@typescript-eslint/parser": {
-            "version": "4.14.2",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-4.14.2.tgz",
-            "integrity": "sha512-ipqSP6EuUsMu3E10EZIApOJgWSpcNXeKZaFeNKQyzqxnQl8eQCbV+TSNsl+s2GViX2d18m1rq3CWgnpOxDPgHg==",
+            "version": "4.15.0",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-4.15.0.tgz",
+            "integrity": "sha512-L6Dtbq8Bc7g2aZwnIBETpmUa9XDKCMzKVwAArnGp5Mn7PRNFjf3mUzq8UeBjL3K8t311hvevnyqXAMSmxO8Gpg==",
            "dev": true,
            "requires": {
-                "@typescript-eslint/scope-manager": "4.14.2",
-                "@typescript-eslint/types": "4.14.2",
-                "@typescript-eslint/typescript-estree": "4.14.2",
+                "@typescript-eslint/scope-manager": "4.15.0",
+                "@typescript-eslint/types": "4.15.0",
+                "@typescript-eslint/typescript-estree": "4.15.0",
                "debug": "^4.1.1"
+            },
+            "dependencies": {
+                "@typescript-eslint/scope-manager": {
+                    "version": "4.15.0",
+                    "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-4.15.0.tgz",
+                    "integrity": "sha512-CSNBZnCC2jEA/a+pR9Ljh8Y+5TY5qgbPz7ICEk9WCpSEgT6Pi7H2RIjxfrrbUXvotd6ta+i27sssKEH8Azm75g==",
+                    "dev": true,
+                    "requires": {
+                        "@typescript-eslint/types": "4.15.0",
+                        "@typescript-eslint/visitor-keys": "4.15.0"
+                    }
+                },
+                "@typescript-eslint/types": {
+                    "version": "4.15.0",
+                    "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-4.15.0.tgz",
+                    "integrity": "sha512-su4RHkJhS+iFwyqyXHcS8EGPlUVoC+XREfy5daivjLur9JP8GhvTmDipuRpcujtGC4M+GYhUOJCPDE3rC5NJrg==",
+                    "dev": true
+                },
+                "@typescript-eslint/typescript-estree": {
+                    "version": "4.15.0",
+                    "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-4.15.0.tgz",
+                    "integrity": "sha512-jG6xTmcNbi6xzZq0SdWh7wQ9cMb2pqXaUp6bUZOMsIlu5aOlxGxgE/t6L/gPybybQGvdguajXGkZKSndZJpksA==",
+                    "dev": true,
+                    "requires": {
+                        "@typescript-eslint/types": "4.15.0",
+                        "@typescript-eslint/visitor-keys": "4.15.0",
+                        "debug": "^4.1.1",
+                        "globby": "^11.0.1",
+                        "is-glob": "^4.0.1",
+                        "semver": "^7.3.2",
+                        "tsutils": "^3.17.1"
+                    }
+                },
+                "@typescript-eslint/visitor-keys": {
+                    "version": "4.15.0",
+                    "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-4.15.0.tgz",
+                    "integrity": "sha512-RnDtJwOwFucWFAMjG3ghCG/ikImFJFEg20DI7mn4pHEx3vC48lIAoyjhffvfHmErRDboUPC7p9Z2il4CLb7qxA==",
+                    "dev": true,
+                    "requires": {
+                        "@typescript-eslint/types": "4.15.0",
+                        "eslint-visitor-keys": "^2.0.0"
+                    }
+                },
+                "globby": {
+                    "version": "11.0.2",
+                    "resolved": "https://registry.npmjs.org/globby/-/globby-11.0.2.tgz",
+                    "integrity": "sha512-2ZThXDvvV8fYFRVIxnrMQBipZQDr7MxKAmQK1vujaj9/7eF0efG7BPUKJ7jP7G5SLF37xKDXvO4S/KKLj/Z0og==",
+                    "dev": true,
+                    "requires": {
+                        "array-union": "^2.1.0",
+                        "dir-glob": "^3.0.1",
+                        "fast-glob": "^3.1.1",
+                        "ignore": "^5.1.4",
+                        "merge2": "^1.3.0",
+                        "slash": "^3.0.0"
+                    }
+                }
            }
        },
        "@typescript-eslint/scope-manager": {
-            "version": "4.14.2",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-4.14.2.tgz",
-            "integrity": "sha512-cuV9wMrzKm6yIuV48aTPfIeqErt5xceTheAgk70N1V4/2Ecj+fhl34iro/vIssJlb7XtzcaD07hWk7Jk0nKghg==",
+            "version": "4.15.0",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-4.15.0.tgz",
+            "integrity": "sha512-CSNBZnCC2jEA/a+pR9Ljh8Y+5TY5qgbPz7ICEk9WCpSEgT6Pi7H2RIjxfrrbUXvotd6ta+i27sssKEH8Azm75g==",
            "dev": true,
            "requires": {
-                "@typescript-eslint/types": "4.14.2",
-                "@typescript-eslint/visitor-keys": "4.14.2"
+                "@typescript-eslint/types": "4.15.0",
+                "@typescript-eslint/visitor-keys": "4.15.0"
            }
        },
        "@typescript-eslint/types": {
-            "version": "4.14.2",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-4.14.2.tgz",
-            "integrity": "sha512-LltxawRW6wXy4Gck6ZKlBD05tCHQUj4KLn4iR69IyRiDHX3d3NCAhO+ix5OR2Q+q9bjCrHE/HKt+riZkd1At8Q==",
+            "version": "4.15.0",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-4.15.0.tgz",
+            "integrity": "sha512-su4RHkJhS+iFwyqyXHcS8EGPlUVoC+XREfy5daivjLur9JP8GhvTmDipuRpcujtGC4M+GYhUOJCPDE3rC5NJrg==",
            "dev": true
        },
        "@typescript-eslint/typescript-estree": {
-            "version": "4.14.2",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-4.14.2.tgz",
-            "integrity": "sha512-ESiFl8afXxt1dNj8ENEZT12p+jl9PqRur+Y19m0Z/SPikGL6rqq4e7Me60SU9a2M28uz48/8yct97VQYaGl0Vg==",
+            "version": "4.15.0",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-4.15.0.tgz",
+            "integrity": "sha512-jG6xTmcNbi6xzZq0SdWh7wQ9cMb2pqXaUp6bUZOMsIlu5aOlxGxgE/t6L/gPybybQGvdguajXGkZKSndZJpksA==",
            "dev": true,
            "requires": {
-                "@typescript-eslint/types": "4.14.2",
-                "@typescript-eslint/visitor-keys": "4.14.2",
+                "@typescript-eslint/types": "4.15.0",
+                "@typescript-eslint/visitor-keys": "4.15.0",
                "debug": "^4.1.1",
                "globby": "^11.0.1",
                "is-glob": "^4.0.1",
-                "lodash": "^4.17.15",
                "semver": "^7.3.2",
                "tsutils": "^3.17.1"
            },
@ -499,12 +573,12 @@
            }
        },
        "@typescript-eslint/visitor-keys": {
-            "version": "4.14.2",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-4.14.2.tgz",
-            "integrity": "sha512-KBB+xLBxnBdTENs/rUgeUKO0UkPBRs2vD09oMRRIkj5BEN8PX1ToXV532desXfpQnZsYTyLLviS7JrPhdL154w==",
+            "version": "4.15.0",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-4.15.0.tgz",
+            "integrity": "sha512-RnDtJwOwFucWFAMjG3ghCG/ikImFJFEg20DI7mn4pHEx3vC48lIAoyjhffvfHmErRDboUPC7p9Z2il4CLb7qxA==",
            "dev": true,
            "requires": {
-                "@typescript-eslint/types": "4.14.2",
+                "@typescript-eslint/types": "4.15.0",
                "eslint-visitor-keys": "^2.0.0"
            }
        },
@ -1700,6 +1774,11 @@
            "resolved": "https://registry.npmjs.org/ignore/-/ignore-5.1.8.tgz",
            "integrity": "sha512-BMpfD7PpiETpBl/A6S498BaIJ6Y/ABT93ETbby2fP00v4EbvPBXWEoaR1UBPKs3iR53pJY7EtZk5KACI57i1Uw=="
        },
+        "immediate": {
+            "version": "3.0.6",
+            "resolved": "https://registry.npmjs.org/immediate/-/immediate-3.0.6.tgz",
+            "integrity": "sha1-nbHb0Pr43m++D13V5Wu2BigN5ps="
+        },
        "import-fresh": {
            "version": "3.3.0",
            "resolved": "https://registry.npmjs.org/import-fresh/-/import-fresh-3.3.0.tgz",
@ -1954,6 +2033,14 @@
                "type-check": "~0.4.0"
            }
        },
+        "lie": {
+            "version": "3.1.1",
+            "resolved": "https://registry.npmjs.org/lie/-/lie-3.1.1.tgz",
+            "integrity": "sha1-mkNrLMd0bKWd56QfpGmz77dr2H4=",
+            "requires": {
+                "immediate": "~3.0.5"
+            }
+        },
        "lit-analyzer": {
            "version": "1.2.1",
            "resolved": "https://registry.npmjs.org/lit-analyzer/-/lit-analyzer-1.2.1.tgz",
@ -2135,6 +2222,14 @@
            "resolved": "https://registry.npmjs.org/lit-html/-/lit-html-1.3.0.tgz",
            "integrity": "sha512-0Q1bwmaFH9O14vycPHw8C/IeHMk/uSDldVLIefu/kfbTBGIc44KGH6A8p1bDfxUfHdc8q6Ct7kQklWoHgr4t1Q=="
        },
+        "localforage": {
+            "version": "1.9.0",
+            "resolved": "https://registry.npmjs.org/localforage/-/localforage-1.9.0.tgz",
+            "integrity": "sha512-rR1oyNrKulpe+VM9cYmcFn6tsHuokyVHFaCM3+osEmxaHTbEk8oQu6eGDfS6DQLWi/N67XRmB8ECG37OES368g==",
+            "requires": {
+                "lie": "3.1.1"
+            }
+        },
        "locate-path": {
            "version": "5.0.0",
            "resolved": "https://registry.npmjs.org/locate-path/-/locate-path-5.0.0.tgz",
@ -3304,9 +3399,9 @@
            "dev": true
        },
        "typescript": {
-            "version": "4.1.3",
-            "resolved": "https://registry.npmjs.org/typescript/-/typescript-4.1.3.tgz",
-            "integrity": "sha512-B3ZIOf1IKeH2ixgHhj6la6xdwR9QrLC5d1VKeCSY4tvkqhF2eqd9O7txNlS0PO3GrBAFIdr3L1ndNwteUbZLYg==",
+            "version": "4.1.4",
+            "resolved": "https://registry.npmjs.org/typescript/-/typescript-4.1.4.tgz",
+            "integrity": "sha512-+Uru0t8qIRgjuCpiSPpfGuhHecMllk5Zsazj5LZvVsEStEjmIRRBZe+jHjGQvsgS7M1wONy2PQXd67EMyV6acg==",
            "dev": true
        },
        "uglify-js": {
--- a/web/package.json
+++ b/web/package.json
@ -14,7 +14,8 @@
        "@patternfly/patternfly": "^4.80.3",
        "@sentry/browser": "^6.1.0",
        "@sentry/tracing": "^6.1.0",
-        "@types/chart.js": "^2.9.30",
+        "@sentry/integrations": "^6.2.0",
+        "@types/chart.js": "^2.9.31",
        "@types/codemirror": "0.0.108",
        "chart.js": "^2.9.4",
        "codemirror": "^5.59.2",
@ -30,8 +31,8 @@
    },
    "devDependencies": {
        "@rollup/plugin-typescript": "^8.1.1",
-        "@typescript-eslint/eslint-plugin": "^4.14.2",
-        "@typescript-eslint/parser": "^4.14.2",
+        "@typescript-eslint/eslint-plugin": "^4.15.0",
+        "@typescript-eslint/parser": "^4.15.0",
        "eslint": "^7.19.0",
        "eslint-config-google": "^0.14.0",
        "eslint-plugin-lit": "^1.3.0",
@ -41,6 +42,6 @@
        "rollup-plugin-sourcemaps": "^0.6.3",
        "rollup-plugin-terser": "^7.0.2",
        "ts-lit-plugin": "^1.2.1",
-        "typescript": "^4.1.3"
+        "typescript": "^4.1.4"
    }
 }
--- a/web/src/api/Applications.ts
+++ b/web/src/api/Applications.ts
@ -1,4 +1,4 @@
-import { DefaultClient, PBResponse, QueryArguments } from "./Client";
+import { DefaultClient, AKResponse, QueryArguments } from "./Client";
 import { Provider } from "./Providers";

 export class Application {
@ -22,8 +22,8 @@ export class Application {
        return DefaultClient.fetch<Application>(["core", "applications", slug]);
    }

-    static list(filter?: QueryArguments): Promise<PBResponse<Application>> {
-        return DefaultClient.fetch<PBResponse<Application>>(["core", "applications"], filter);
+    static list(filter?: QueryArguments): Promise<AKResponse<Application>> {
+        return DefaultClient.fetch<AKResponse<Application>>(["core", "applications"], filter);
    }

    static adminUrl(rest: string): string {
--- a/web/src/api/Client.ts
+++ b/web/src/api/Client.ts
@ -9,6 +9,8 @@ export interface QueryArguments {

 export interface BaseInheritanceModel {

+    object_type: string;
+
    verbose_name: string;
    verbose_name_plural: string;

@ -92,7 +94,7 @@ export interface PBPagination {
    end_index: number;
 }

-export interface PBResponse<T> {
+export interface AKResponse<T> {
    pagination: PBPagination;

    results: Array<T>;
--- a/web/src/api/Config.ts
+++ b/web/src/api/Config.ts
@ -3,6 +3,7 @@ import * as Sentry from "@sentry/browser";
 import { Integrations } from "@sentry/tracing";
 import { VERSION } from "../constants";
 import { SentryIgnoredError } from "../common/errors";
+import { CaptureConsole as CaptureConsoleIntegration } from "@sentry/integrations";

 export class Config {
    branding_logo: string;
@ -22,7 +23,10 @@ export class Config {
                Sentry.init({
                    dsn: "https://a579bb09306d4f8b8d8847c052d3a1d3@sentry.beryju.org/8",
                    release: `authentik@${VERSION}`,
-                    integrations: [new Integrations.BrowserTracing()],
+                    integrations: [
+                        new Integrations.BrowserTracing(),
+                        new CaptureConsoleIntegration(),
+                    ],
                    tracesSampleRate: 0.6,
                    environment: config.error_reporting_environment,
                    beforeSend(event: Sentry.Event, hint: Sentry.EventHint) {
--- a/web/src/api/EventNotification.ts
+++ b/web/src/api/EventNotification.ts
@ -1,4 +1,4 @@
-import { DefaultClient, QueryArguments, PBResponse } from "./Client";
+import { DefaultClient, QueryArguments, AKResponse } from "./Client";
 import { Event } from "./Events";

 export class Notification {
@ -17,8 +17,8 @@ export class Notification {
        return DefaultClient.fetch<Notification>(["events", "notifications", pk]);
    }

-    static list(filter?: QueryArguments): Promise<PBResponse<Notification>> {
-        return DefaultClient.fetch<PBResponse<Notification>>(["events", "notifications"], filter);
+    static list(filter?: QueryArguments): Promise<AKResponse<Notification>> {
+        return DefaultClient.fetch<AKResponse<Notification>>(["events", "notifications"], filter);
    }

    static markSeen(pk: string): Promise<{seen: boolean}> {
--- a/web/src/api/EventRules.ts
+++ b/web/src/api/EventRules.ts
@ -1,4 +1,4 @@
-import { DefaultClient, QueryArguments, PBResponse } from "./Client";
+import { DefaultClient, QueryArguments, AKResponse } from "./Client";
 import { Group } from "./Groups";

 export class Rule {
@ -16,8 +16,8 @@ export class Rule {
        return DefaultClient.fetch<Rule>(["events", "rules", pk]);
    }

-    static list(filter?: QueryArguments): Promise<PBResponse<Rule>> {
-        return DefaultClient.fetch<PBResponse<Rule>>(["events", "rules"], filter);
+    static list(filter?: QueryArguments): Promise<AKResponse<Rule>> {
+        return DefaultClient.fetch<AKResponse<Rule>>(["events", "rules"], filter);
    }

    static adminUrl(rest: string): string {
--- a/web/src/api/EventTransports.ts
+++ b/web/src/api/EventTransports.ts
@ -1,4 +1,4 @@
-import { DefaultClient, QueryArguments, PBResponse } from "./Client";
+import { DefaultClient, QueryArguments, AKResponse } from "./Client";

 export class Transport {
    pk: string;
@ -15,8 +15,8 @@ export class Transport {
        return DefaultClient.fetch<Transport>(["events", "transports", pk]);
    }

-    static list(filter?: QueryArguments): Promise<PBResponse<Transport>> {
-        return DefaultClient.fetch<PBResponse<Transport>>(["events", "transports"], filter);
+    static list(filter?: QueryArguments): Promise<AKResponse<Transport>> {
+        return DefaultClient.fetch<AKResponse<Transport>>(["events", "transports"], filter);
    }

    static adminUrl(rest: string): string {
--- a/web/src/api/Events.ts
+++ b/web/src/api/Events.ts
@ -1,4 +1,4 @@
-import { DefaultClient, PBResponse, QueryArguments } from "./Client";
+import { DefaultClient, AKResponse, QueryArguments } from "./Client";

 export interface EventUser {
    pk: number;
@ -28,8 +28,8 @@ export class Event {
        return DefaultClient.fetch<Event>(["events", "events", pk]);
    }

-    static list(filter?: QueryArguments): Promise<PBResponse<Event>> {
-        return DefaultClient.fetch<PBResponse<Event>>(["events", "events"], filter);
+    static list(filter?: QueryArguments): Promise<AKResponse<Event>> {
+        return DefaultClient.fetch<AKResponse<Event>>(["events", "events"], filter);
    }

    // events/events/top_per_user/?filter_action=authorize_application
--- a/web/src/api/Flows.ts
+++ b/web/src/api/Flows.ts
@ -1,4 +1,4 @@
-import { DefaultClient, PBResponse, QueryArguments } from "./Client";
+import { DefaultClient, AKResponse, QueryArguments } from "./Client";

 export enum FlowDesignation {
    Authentication = "authentication",
@ -34,12 +34,12 @@ export class Flow {
        return DefaultClient.fetch<{ diagram: string }>(["flows", "instances", slug, "diagram"]);
    }

-    static list(filter?: QueryArguments): Promise<PBResponse<Flow>> {
-        return DefaultClient.fetch<PBResponse<Flow>>(["flows", "instances"], filter);
+    static list(filter?: QueryArguments): Promise<AKResponse<Flow>> {
+        return DefaultClient.fetch<AKResponse<Flow>>(["flows", "instances"], filter);
    }

    static cached(): Promise<number> {
-        return DefaultClient.fetch<PBResponse<Flow>>(["flows", "cached"]).then(r => {
+        return DefaultClient.fetch<AKResponse<Flow>>(["flows", "cached"]).then(r => {
            return r.pagination.count;
        });
    }
@ -76,8 +76,8 @@ export class FlowStageBinding {
        return DefaultClient.fetch<FlowStageBinding>(["flows", "bindings", slug]);
    }

-    static list(filter?: QueryArguments): Promise<PBResponse<FlowStageBinding>> {
-        return DefaultClient.fetch<PBResponse<FlowStageBinding>>(["flows", "bindings"], filter);
+    static list(filter?: QueryArguments): Promise<AKResponse<FlowStageBinding>> {
+        return DefaultClient.fetch<AKResponse<FlowStageBinding>>(["flows", "bindings"], filter);
    }

    static adminUrl(rest: string): string {
--- a/web/src/api/Outposts.ts
+++ b/web/src/api/Outposts.ts
@ -1,4 +1,4 @@
-import { DefaultClient, PBResponse, QueryArguments } from "./Client";
+import { DefaultClient, AKResponse, QueryArguments } from "./Client";
 import { Provider } from "./Providers";

 export interface OutpostHealth {
@ -26,8 +26,8 @@ export class Outpost {
        return DefaultClient.fetch<Outpost>(["outposts", "outposts", pk]);
    }

-    static list(filter?: QueryArguments): Promise<PBResponse<Outpost>> {
-        return DefaultClient.fetch<PBResponse<Outpost>>(["outposts", "outposts"], filter);
+    static list(filter?: QueryArguments): Promise<AKResponse<Outpost>> {
+        return DefaultClient.fetch<AKResponse<Outpost>>(["outposts", "outposts"], filter);
    }

    static health(pk: string): Promise<OutpostHealth[]> {
--- a/web/src/api/Policies.ts
+++ b/web/src/api/Policies.ts
@ -1,4 +1,4 @@
-import { DefaultClient, BaseInheritanceModel, PBResponse, QueryArguments } from "./Client";
+import { DefaultClient, BaseInheritanceModel, AKResponse, QueryArguments } from "./Client";

 export class Policy implements BaseInheritanceModel {
    pk: string;
@ -7,6 +7,7 @@ export class Policy implements BaseInheritanceModel {
    constructor() {
        throw Error();
    }
+    object_type: string;
    verbose_name: string;
    verbose_name_plural: string;

@ -14,12 +15,12 @@ export class Policy implements BaseInheritanceModel {
        return DefaultClient.fetch<Policy>(["policies", "all", pk]);
    }

-    static list(filter?: QueryArguments): Promise<PBResponse<Policy>> {
-        return DefaultClient.fetch<PBResponse<Policy>>(["policies", "all"], filter);
+    static list(filter?: QueryArguments): Promise<AKResponse<Policy>> {
+        return DefaultClient.fetch<AKResponse<Policy>>(["policies", "all"], filter);
    }

    static cached(): Promise<number> {
-        return DefaultClient.fetch<PBResponse<Policy>>(["policies", "cached"]).then(r => {
+        return DefaultClient.fetch<AKResponse<Policy>>(["policies", "cached"]).then(r => {
            return r.pagination.count;
        });
    }
--- a/web/src/api/PolicyBindings.ts
+++ b/web/src/api/PolicyBindings.ts
@ -1,4 +1,4 @@
-import { DefaultClient, PBResponse, QueryArguments } from "./Client";
+import { DefaultClient, AKResponse, QueryArguments } from "./Client";
 import { Policy } from "./Policies";

 export class PolicyBinding {
@ -18,8 +18,8 @@ export class PolicyBinding {
        return DefaultClient.fetch<PolicyBinding>(["policies", "bindings", pk]);
    }

-    static list(filter?: QueryArguments): Promise<PBResponse<PolicyBinding>> {
-        return DefaultClient.fetch<PBResponse<PolicyBinding>>(["policies", "bindings"], filter);
+    static list(filter?: QueryArguments): Promise<AKResponse<PolicyBinding>> {
+        return DefaultClient.fetch<AKResponse<PolicyBinding>>(["policies", "bindings"], filter);
    }

    static adminUrl(rest: string): string {
--- a/web/src/api/PropertyMapping.ts
+++ b/web/src/api/PropertyMapping.ts
@ -1,4 +1,4 @@
-import { DefaultClient, PBResponse, QueryArguments } from "./Client";
+import { DefaultClient, AKResponse, QueryArguments } from "./Client";

 export class PropertyMapping {
    pk: string;
@ -16,8 +16,8 @@ export class PropertyMapping {
        return DefaultClient.fetch<PropertyMapping>(["propertymappings", "all", pk]);
    }

-    static list(filter?: QueryArguments): Promise<PBResponse<PropertyMapping>> {
-        return DefaultClient.fetch<PBResponse<PropertyMapping>>(["propertymappings", "all"], filter);
+    static list(filter?: QueryArguments): Promise<AKResponse<PropertyMapping>> {
+        return DefaultClient.fetch<AKResponse<PropertyMapping>>(["propertymappings", "all"], filter);
    }

    static adminUrl(rest: string): string {
--- a/web/src/api/Providers.ts
+++ b/web/src/api/Providers.ts
@ -1,4 +1,10 @@
-import { BaseInheritanceModel, DefaultClient, PBResponse, QueryArguments } from "./Client";
+import { BaseInheritanceModel, DefaultClient, AKResponse, QueryArguments } from "./Client";
+
+export interface TypeCreate {
+    name: string;
+    description: string;
+    link: string;
+}

 export class Provider implements BaseInheritanceModel {
    pk: number;
@ -20,8 +26,12 @@ export class Provider implements BaseInheritanceModel {
        return DefaultClient.fetch<Provider>(["providers", "all", id.toString()]);
    }

-    static list(filter?: QueryArguments): Promise<PBResponse<Provider>> {
-        return DefaultClient.fetch<PBResponse<Provider>>(["providers", "all"], filter);
+    static list(filter?: QueryArguments): Promise<AKResponse<Provider>> {
+        return DefaultClient.fetch<AKResponse<Provider>>(["providers", "all"], filter);
+    }
+
+    static getTypes(): Promise<TypeCreate[]> {
+        return DefaultClient.fetch<TypeCreate[]>(["providers", "all", "types"]);
    }

    static adminUrl(rest: string): string {
--- a/web/src/api/Sources.ts
+++ b/web/src/api/Sources.ts
@ -1,4 +1,5 @@
-import { BaseInheritanceModel, DefaultClient, PBResponse, QueryArguments } from "./Client";
+import { BaseInheritanceModel, DefaultClient, AKResponse, QueryArguments } from "./Client";
+import { TypeCreate } from "./Providers";

 export class Source implements BaseInheritanceModel {
    pk: string;
@ -11,6 +12,7 @@ export class Source implements BaseInheritanceModel {
    constructor() {
        throw Error();
    }
+    object_type: string;
    verbose_name: string;
    verbose_name_plural: string;

@ -18,8 +20,12 @@ export class Source implements BaseInheritanceModel {
        return DefaultClient.fetch<Source>(["sources", "all", slug]);
    }

-    static list(filter?: QueryArguments): Promise<PBResponse<Source>> {
-        return DefaultClient.fetch<PBResponse<Source>>(["sources", "all"], filter);
+    static list(filter?: QueryArguments): Promise<AKResponse<Source>> {
+        return DefaultClient.fetch<AKResponse<Source>>(["sources", "all"], filter);
+    }
+
+    static getTypes(): Promise<TypeCreate[]> {
+        return DefaultClient.fetch<TypeCreate[]>(["sources", "all", "types"]);
    }

    static adminUrl(rest: string): string {
--- a/web/src/api/Users.ts
+++ b/web/src/api/Users.ts
@ -1,4 +1,4 @@
-import { DefaultClient, PBResponse } from "./Client";
+import { DefaultClient, AKResponse } from "./Client";

 let _globalMePromise: Promise<User>;

@ -22,7 +22,7 @@ export class User {
    }

    static count(): Promise<number> {
-        return DefaultClient.fetch<PBResponse<User>>(["core", "users"], {
+        return DefaultClient.fetch<AKResponse<User>>(["core", "users"], {
            "page_size": 1
        }).then(r => {
            return r.pagination.count;
--- a/web/src/api/sources/LDAP.ts
+++ b/web/src/api/sources/LDAP.ts
@ -0,0 +1,35 @@
+import { DefaultClient } from "../Client";
+import { Source } from "../Sources";
+
+export class LDAPSource extends Source {
+    server_uri: string;
+    bind_cn: string;
+    start_tls: boolean
+    base_dn: string;
+    additional_user_dn: string;
+    additional_group_dn: string;
+    user_object_filter: string;
+    group_object_filter: string;
+    group_membership_field: string;
+    object_uniqueness_field: string;
+    sync_users: boolean;
+    sync_users_password: boolean;
+    sync_groups: boolean;
+    sync_parent_group?: string;
+    property_mappings: string[];
+    property_mappings_group: string[];
+
+    constructor() {
+        super();
+        throw Error();
+    }
+
+    static get(slug: string): Promise<LDAPSource> {
+        return DefaultClient.fetch<LDAPSource>(["sources", "ldap", slug]);
+    }
+
+    static syncStatus(slug: string): Promise<{ last_sync?: number }> {
+        return DefaultClient.fetch(["sources", "ldap", slug, "sync_status"]);
+    }
+
+}
--- a/web/src/api/sources/OAuth.ts
+++ b/web/src/api/sources/OAuth.ts
@ -0,0 +1,22 @@
+import { DefaultClient } from "../Client";
+import { Source } from "../Sources";
+
+export class OAuthSource extends Source {
+    provider_type: string;
+    request_token_url: string;
+    authorization_url: string;
+    access_token_url: string;
+    profile_url: string;
+    consumer_key: string;
+    callback_url: string;
+
+    constructor() {
+        super();
+        throw Error();
+    }
+
+    static get(slug: string): Promise<OAuthSource> {
+        return DefaultClient.fetch<OAuthSource>(["sources", "oauth", slug]);
+    }
+
+}
--- a/web/src/authentik.css
+++ b/web/src/authentik.css
@ -127,6 +127,7 @@ select[multiple] {
    .pf-c-card {
        --pf-c-card--BackgroundColor: var(--ak-dark-background-light);
    }
+    .pf-c-card__title,
    .pf-c-card__header-main,
    .pf-c-card__body {
        color: var(--ak-dark-foreground);
--- a/web/src/common/styles.ts
+++ b/web/src/common/styles.ts
@ -1,3 +1,4 @@
+import { css, CSSResult } from "lit-element";
 // @ts-ignore
 import PF from "@patternfly/patternfly/patternfly.css";
 // @ts-ignore
@ -6,10 +7,31 @@ import PFAddons from "@patternfly/patternfly/patternfly-addons.css";
 import FA from "@fortawesome/fontawesome-free/css/fontawesome.css";
 // @ts-ignore
 import AKGlobal from "../authentik.css";
-import { CSSResult } from "lit-element";
 // @ts-ignore
 import CodeMirrorStyle from "codemirror/lib/codemirror.css";
 // @ts-ignore
 import CodeMirrorTheme from "codemirror/theme/monokai.css";
-
-export const COMMON_STYLES: CSSResult[] = [PF, PFAddons, FA, AKGlobal, CodeMirrorStyle, CodeMirrorTheme];
+export const ColorStyles = css`
+    .pf-m-success {
+        color: var(--pf-global--success-color--100);
+    }
+    .pf-c-button.pf-m-success {
+        color: var(--pf-c-button--m-primary--Color);
+        background-color: var(--pf-global--success-color--100);
+    }
+    .pf-m-warning {
+        color: var(--pf-global--warning-color--100);
+    }
+    .pf-c-button.pf-m-warning {
+        color: var(--pf-c-button--m-primary--Color);
+        background-color: var(--pf-global--warning-color--100);
+    }
+    .pf-m-danger {
+        color: var(--pf-global--danger-color--100);
+    }
+    .pf-c-button.pf-m-danger {
+        color: var(--pf-c-button--m-primary--Color);
+        background-color: var(--pf-global--danger-color--100);
+    }
+`;
+export const COMMON_STYLES: CSSResult[] = [PF, PFAddons, FA, AKGlobal, CodeMirrorStyle, CodeMirrorTheme, ColorStyles];
--- a/web/src/constants.ts
+++ b/web/src/constants.ts
@ -1,31 +1,6 @@
-import { css } from "lit-element";
-
 export const PRIMARY_CLASS = "pf-m-primary";
 export const SUCCESS_CLASS = "pf-m-success";
 export const ERROR_CLASS = "pf-m-danger";
 export const PROGRESS_CLASS = "pf-m-in-progress";
 export const CURRENT_CLASS = "pf-m-current";
-export const ColorStyles = css`
-    .pf-m-success {
-        color: var(--pf-global--success-color--100);
-    }
-    .pf-c-button.pf-m-success {
-        color: var(--pf-c-button--m-primary--Color);
-        background-color: var(--pf-global--success-color--100);
-    }
-    .pf-m-warning {
-        color: var(--pf-global--warning-color--100);
-    }
-    .pf-c-button.pf-m-warning {
-        color: var(--pf-c-button--m-primary--Color);
-        background-color: var(--pf-global--warning-color--100);
-    }
-    .pf-m-danger {
-        color: var(--pf-global--danger-color--100);
-    }
-    .pf-c-button.pf-m-danger {
-        color: var(--pf-c-button--m-primary--Color);
-        background-color: var(--pf-global--danger-color--100);
-    }
-`;
-export const VERSION = "2021.2.1-stable";
+export const VERSION = "2021.2.6-stable";
--- a/web/src/elements/buttons/ActionButton.ts
+++ b/web/src/elements/buttons/ActionButton.ts
@ -9,6 +9,9 @@ export class ActionButton extends SpinnerButton {
    @property()
    url = "";

+    @property()
+    method = "POST";
+
    callAction(): void {
        if (this.isRunning === true) {
            return;
@ -19,7 +22,7 @@ export class ActionButton extends SpinnerButton {
            headers: { "X-CSRFToken": csrftoken },
        });
        fetch(request, {
-            method: "POST",
+            method: this.method,
            mode: "same-origin",
        })
            .then((r) => {
--- a/web/src/elements/buttons/ModalButton.ts
+++ b/web/src/elements/buttons/ModalButton.ts
@ -1,19 +1,11 @@
 import { css, CSSResult, customElement, html, LitElement, property, TemplateResult } from "lit-element";
-// @ts-ignore
-import ModalBoxStyle from "@patternfly/patternfly/components/ModalBox/modal-box.css";
-// @ts-ignore
-import BullseyeStyle from "@patternfly/patternfly/layouts/Bullseye/bullseye.css";
-// @ts-ignore
-import BackdropStyle from "@patternfly/patternfly/components/Backdrop/backdrop.css";
-// @ts-ignore
-import ButtonStyle from "@patternfly/patternfly/components/Button/button.css";
-// @ts-ignore
-import fa from "@fortawesome/fontawesome-free/css/solid.css";
+import { unsafeHTML } from "lit-html/directives/unsafe-html";

 import { convertToSlug } from "../../utils";
 import { SpinnerButton } from "./SpinnerButton";
 import { PRIMARY_CLASS } from "../../constants";
 import { showMessage } from "../messages/MessageContainer";
+import { COMMON_STYLES } from "../../common/styles";

@customElement("ak-modal-button")
 export class ModalButton extends LitElement {
@ -23,22 +15,23 @@ export class ModalButton extends LitElement {
    @property({type: Boolean})
    open = false;

+    @property()
+    modal = "<slot name='modal'></slot>";
+
    static get styles(): CSSResult[] {
-        return [
+        return COMMON_STYLES.concat(
            css`
                :host {
                    text-align: left;
                }
-                ::slotted(*) {
+                .pf-c-modal-box.pf-m-lg {
                    overflow-y: auto;
                }
-            `,
-            ModalBoxStyle,
-            BullseyeStyle,
-            BackdropStyle,
-            ButtonStyle,
-            fa,
-        ];
+                .pf-c-modal-box > .pf-c-button + * {
+                    margin-right: 0;
+                }
+            `
+        );
    }

    constructor() {
@ -52,7 +45,7 @@ export class ModalButton extends LitElement {

    updateHandlers(): void {
        // Ensure links close the modal
-        this.querySelectorAll<HTMLAnchorElement>("[slot=modal] a").forEach((a) => {
+        this.shadowRoot?.querySelectorAll<HTMLAnchorElement>("a").forEach((a) => {
            if (a.target == "_blank") {
                return;
            }
@ -63,7 +56,7 @@ export class ModalButton extends LitElement {
            });
        });
        // Make name field update slug field
-        this.querySelectorAll<HTMLInputElement>("input[name=name]").forEach((input) => {
+        this.shadowRoot?.querySelectorAll<HTMLInputElement>("input[name=name]").forEach((input) => {
            const form = input.closest("form");
            if (form === null) {
                return;
@ -83,7 +76,7 @@ export class ModalButton extends LitElement {
            });
        });
        // Ensure forms sends in AJAX
-        this.querySelectorAll<HTMLFormElement>("[slot=modal] form").forEach((form) => {
+        this.shadowRoot?.querySelectorAll<HTMLFormElement>("form").forEach((form) => {
            form.addEventListener("submit", (e) => {
                e.preventDefault();
                const formData = new FormData(form);
@ -95,16 +88,10 @@ export class ModalButton extends LitElement {
                    .then((response) => {
                        return response.text();
                    })
-                    .then((data) => {
-                        if (data.indexOf("csrfmiddlewaretoken") !== -1) {
-                            const modalSlot = this.querySelector("[slot=modal]");
-                            if (!modalSlot) {
-                                console.debug("authentik/modalbutton: modal slot not found?");
-                                return;
-                            }
-                            modalSlot.innerHTML = data;
+                    .then((responseData) => {
+                        if (responseData.indexOf("csrfmiddlewaretoken") !== -1) {
+                            this.modal = responseData;
                            console.debug("authentik/modalbutton: re-showing form");
-                            this.updateHandlers();
                        } else {
                            this.open = false;
                            console.debug("authentik/modalbutton: successful submit");
@ -136,14 +123,9 @@ export class ModalButton extends LitElement {
            fetch(request, {
                mode: "same-origin",
            })
-                .then((r) => r.text())
-                .then((t) => {
-                    const modalSlot = this.querySelector("[slot=modal]");
-                    if (!modalSlot) {
-                        return;
-                    }
-                    modalSlot.innerHTML = t;
-                    this.updateHandlers();
+                .then((response) => response.text())
+                .then((responseData) => {
+                    this.modal = responseData;
                    this.open = true;
                    this.querySelectorAll<SpinnerButton>("ak-spinner-button").forEach((sb) => {
                        sb.setDone(PRIMARY_CLASS);
@ -177,7 +159,7 @@ export class ModalButton extends LitElement {
                    >
                        <i class="fas fa-times" aria-hidden="true"></i>
                    </button>
-                    <slot name="modal"> </slot>
+                    ${unsafeHTML(this.modal)}
                </div>
            </div>
        </div>`;
@ -187,4 +169,8 @@ export class ModalButton extends LitElement {
        return html` <slot name="trigger" @click=${() => this.onClick()}></slot>
            ${this.open ? this.renderModal() : ""}`;
    }
+
+    updated(): void {
+        this.updateHandlers();
+    }
 }
--- a/web/src/elements/buttons/SpinnerButton.ts
+++ b/web/src/elements/buttons/SpinnerButton.ts
@ -5,7 +5,8 @@ import GlobalsStyle from "@patternfly/patternfly/base/patternfly-globals.css";
 import ButtonStyle from "@patternfly/patternfly/components/Button/button.css";
 // @ts-ignore
 import SpinnerStyle from "@patternfly/patternfly/components/Spinner/spinner.css";
-import { ColorStyles, PRIMARY_CLASS, PROGRESS_CLASS } from "../../constants";
+import { PRIMARY_CLASS, PROGRESS_CLASS } from "../../constants";
+import { ColorStyles } from "../../common/styles";

@customElement("ak-spinner-button")
 export class SpinnerButton extends LitElement {
--- a/web/src/elements/buttons/TokenCopyButton.ts
+++ b/web/src/elements/buttons/TokenCopyButton.ts
@ -4,7 +4,8 @@ import GlobalsStyle from "@patternfly/patternfly/base/patternfly-globals.css";
 // @ts-ignore
 import ButtonStyle from "@patternfly/patternfly/components/Button/button.css";
 import { tokenByIdentifier } from "../../api/Tokens";
-import { ColorStyles, ERROR_CLASS, PRIMARY_CLASS, SUCCESS_CLASS } from "../../constants";
+import { ERROR_CLASS, PRIMARY_CLASS, SUCCESS_CLASS } from "../../constants";
+import { ColorStyles } from "../../common/styles";

@customElement("ak-token-copy-button")
 export class TokenCopyButton extends LitElement {
--- a/web/src/elements/cards/AggregateCard.ts
+++ b/web/src/elements/cards/AggregateCard.ts
@ -2,7 +2,6 @@ import { gettext } from "django";
 import { css, CSSResult, customElement, html, LitElement, property, TemplateResult } from "lit-element";
 import { ifDefined } from "lit-html/directives/if-defined";
 import { COMMON_STYLES } from "../../common/styles";
-import { ColorStyles } from "../../constants";

@customElement("ak-aggregate-card")
 export class AggregateCard extends LitElement {
@ -25,7 +24,7 @@ export class AggregateCard extends LitElement {
                text-align: center;
                color: var(--pf-global--Color--100);
            }
-        `, ColorStyles]);
+        `]);
    }

    renderInner(): TemplateResult {
--- a/web/src/elements/notifications/NotificationDrawer.ts
+++ b/web/src/elements/notifications/NotificationDrawer.ts
@ -1,6 +1,6 @@
 import { gettext } from "django";
 import { css, CSSResult, customElement, html, LitElement, property, TemplateResult } from "lit-element";
-import { PBResponse } from "../../api/Client";
+import { AKResponse } from "../../api/Client";
 import { Notification } from "../../api/EventNotification";
 import { COMMON_STYLES } from "../../common/styles";

@ -8,7 +8,7 @@ import { COMMON_STYLES } from "../../common/styles";
 export class NotificationDrawer extends LitElement {

    @property({attribute: false})
-    notifications?: PBResponse<Notification>;
+    notifications?: AKResponse<Notification>;

    @property({type: Number})
    unread = 0;
--- a/web/src/elements/policies/BoundPoliciesList.ts
+++ b/web/src/elements/policies/BoundPoliciesList.ts
@ -1,6 +1,6 @@
 import { gettext } from "django";
 import { customElement, html, property, TemplateResult } from "lit-element";
-import { PBResponse } from "../../api/Client";
+import { AKResponse } from "../../api/Client";
 import { Table, TableColumn } from "../../elements/table/Table";
 import { PolicyBinding } from "../../api/PolicyBindings";

@ -14,7 +14,7 @@ export class BoundPoliciesList extends Table<PolicyBinding> {
    @property()
    target?: string;

-    apiEndpoint(page: number): Promise<PBResponse<PolicyBinding>> {
+    apiEndpoint(page: number): Promise<AKResponse<PolicyBinding>> {
        return PolicyBinding.list({
            target: this.target || "",
            ordering: "order",
@ -41,13 +41,13 @@ export class BoundPoliciesList extends Table<PolicyBinding> {
            html`
            <ak-modal-button href="${PolicyBinding.adminUrl(`${item.pk}/update/`)}">
                <ak-spinner-button slot="trigger" class="pf-m-secondary">
-                    Edit
+                    ${gettext("Edit")}
                </ak-spinner-button>
                <div slot="modal"></div>
            </ak-modal-button>&nbsp;
            <ak-modal-button href="${PolicyBinding.adminUrl(`${item.pk}/delete/`)}">
                <ak-spinner-button slot="trigger" class="pf-m-danger">
-                    Delete
+                    ${gettext("Delete")}
                </ak-spinner-button>
                <div slot="modal"></div>
            </ak-modal-button>
--- a/web/src/elements/router/RouterOutlet.ts
+++ b/web/src/elements/router/RouterOutlet.ts
@ -3,7 +3,6 @@ import { css, CSSResult, customElement, html, LitElement, property, TemplateResu
 import CodeMirrorStyle from "codemirror/lib/codemirror.css";
 // @ts-ignore
 import CodeMirrorTheme from "codemirror/theme/monokai.css";
-import { ColorStyles } from "../../constants";
 import { COMMON_STYLES } from "../../common/styles";
 import { Route } from "./Route";
 import { ROUTES } from "../../routes";
@ -23,7 +22,6 @@ export class RouterOutlet extends LitElement {
        return [
            CodeMirrorStyle,
            CodeMirrorTheme,
-            ColorStyles,
            css`
                :host {
                    height: 100vh;
--- a/web/src/elements/table/Table.ts
+++ b/web/src/elements/table/Table.ts
@ -1,6 +1,6 @@
 import { gettext } from "django";
 import { CSSResult, html, LitElement, property, TemplateResult } from "lit-element";
-import { PBResponse } from "../../api/Client";
+import { AKResponse } from "../../api/Client";
 import { COMMON_STYLES } from "../../common/styles";

 import "./TablePagination";
@ -69,7 +69,7 @@ export class TableColumn {
 }

 export abstract class Table<T> extends LitElement {
-    abstract apiEndpoint(page: number): Promise<PBResponse<T>>;
+    abstract apiEndpoint(page: number): Promise<AKResponse<T>>;
    abstract columns(): TableColumn[];
    abstract row(item: T): TemplateResult[];

@ -84,7 +84,7 @@ export abstract class Table<T> extends LitElement {
    }

    @property({attribute: false})
-    data?: PBResponse<T>;
+    data?: AKResponse<T>;

    @property({type: Number})
    page = 1;
--- a/web/src/interfaces/AdminInterface.ts
+++ b/web/src/interfaces/AdminInterface.ts
@ -23,7 +23,7 @@ export const SIDEBAR_ITEMS: SidebarItem[] = [
        new SidebarItem("Applications", "/applications").activeWhen(
            `^/applications/(?<slug>${SLUG_REGEX})$`
        ),
-        new SidebarItem("Sources", "/administration/sources/").activeWhen(
+        new SidebarItem("Sources", "/sources").activeWhen(
            `^/sources/(?<slug>${SLUG_REGEX})$`,
        ),
        new SidebarItem("Providers", "/providers"),
--- a/web/src/pages/LibraryPage.ts
+++ b/web/src/pages/LibraryPage.ts
@ -2,7 +2,7 @@ import { gettext } from "django";
 import { css, CSSResult, customElement, html, LitElement, property, TemplateResult } from "lit-element";
 import { ifDefined } from "lit-html/directives/if-defined";
 import { Application } from "../api/Applications";
-import { PBResponse } from "../api/Client";
+import { AKResponse } from "../api/Client";
 import { COMMON_STYLES } from "../common/styles";
 import { loading, truncate } from "../utils";

@ -52,10 +52,15 @@ export class LibraryApplication extends LitElement {
@customElement("ak-library")
 export class LibraryPage extends LitElement {
    @property({attribute: false})
-    apps?: PBResponse<Application>;
+    apps?: AKResponse<Application>;

    static get styles(): CSSResult[] {
-        return COMMON_STYLES;
+        return COMMON_STYLES.concat(css`
+            :host,
+            main {
+                height: 100%;
+            }
+        `);
    }

    firstUpdated(): void {
--- a/web/src/pages/admin-overview/cards/WorkerStatusCard.ts
+++ b/web/src/pages/admin-overview/cards/WorkerStatusCard.ts
@ -1,13 +1,13 @@
 import { gettext } from "django";
 import { customElement } from "lit-element";
-import { DefaultClient, PBResponse } from "../../../api/Client";
+import { DefaultClient, AKResponse } from "../../../api/Client";
 import { AdminStatus, AdminStatusCard } from "./AdminStatusCard";

@customElement("ak-admin-status-card-workers")
 export class WorkersStatusCard extends AdminStatusCard<number> {

    getPrimaryValue(): Promise<number> {
-        return DefaultClient.fetch<PBResponse<number>>(["admin", "workers"]).then((r) => {
+        return DefaultClient.fetch<AKResponse<number>>(["admin", "workers"]).then((r) => {
            return r.pagination.count;
        });
    }
--- a/web/src/pages/applications/ApplicationListPage.ts
+++ b/web/src/pages/applications/ApplicationListPage.ts
@ -1,7 +1,7 @@
 import { gettext } from "django";
 import { customElement, html, property, TemplateResult } from "lit-element";
 import { Application } from "../../api/Applications";
-import { PBResponse } from "../../api/Client";
+import { AKResponse } from "../../api/Client";
 import { TablePage } from "../../elements/table/TablePage";

 import "../../elements/buttons/ModalButton";
@ -26,7 +26,7 @@ export class ApplicationListPage extends TablePage<Application> {
    @property()
    order = "name";

-    apiEndpoint(page: number): Promise<PBResponse<Application>> {
+    apiEndpoint(page: number): Promise<AKResponse<Application>> {
        return Application.list({
            ordering: this.order,
            page: page,
@ -62,13 +62,13 @@ export class ApplicationListPage extends TablePage<Application> {
            html`
            <ak-modal-button href="${Application.adminUrl(`${item.pk}/update/`)}">
                <ak-spinner-button slot="trigger" class="pf-m-secondary">
-                    Edit
+                    ${gettext("Edit")}
                </ak-spinner-button>
                <div slot="modal"></div>
            </ak-modal-button>&nbsp;
            <ak-modal-button href="${Application.adminUrl(`${item.pk}/delete/`)}">
                <ak-spinner-button slot="trigger" class="pf-m-danger">
-                    Delete
+                    ${gettext("Delete")}
                </ak-spinner-button>
                <div slot="modal"></div>
            </ak-modal-button>
--- a/web/src/pages/events/EventInfo.ts
+++ b/web/src/pages/events/EventInfo.ts
@ -89,10 +89,10 @@ export class EventInfo extends LitElement {
            return html`
                <h3>${gettext(`Attempted to log in as ${this.event.context.username}`)}</h3>
                <ak-expand>${this.defaultResponse()}</ak-expand>`;
-        case "token_view":
+        case "secret_view":
            return html`
-                <h3>${gettext("Token:")}</h3>
-                ${this.getModelInfo(this.event.context.token as EventContext)}`;
+                <h3>${gettext("Secret:")}</h3>
+                ${this.getModelInfo(this.event.context.secret as EventContext)}`;
        case "property_mapping_exception":
            return html`<div class="pf-l-flex">
                    <div class="pf-l-flex__item">
--- a/web/src/pages/events/EventListPage.ts
+++ b/web/src/pages/events/EventListPage.ts
@ -1,6 +1,6 @@
 import { gettext } from "django";
 import { customElement, html, property, TemplateResult } from "lit-element";
-import { PBResponse } from "../../api/Client";
+import { AKResponse } from "../../api/Client";
 import { Event } from "../../api/Events";
 import { TableColumn } from "../../elements/table/Table";
 import { TablePage } from "../../elements/table/TablePage";
@ -27,7 +27,7 @@ export class EventListPage extends TablePage<Event> {
    @property()
    order = "-created";

-    apiEndpoint(page: number): Promise<PBResponse<Event>> {
+    apiEndpoint(page: number): Promise<AKResponse<Event>> {
        return Event.list({
            ordering: this.order,
            page: page,
--- a/web/src/pages/events/RuleListPage.ts
+++ b/web/src/pages/events/RuleListPage.ts
@ -1,6 +1,6 @@
 import { gettext } from "django";
 import { customElement, html, property, TemplateResult } from "lit-element";
-import { PBResponse } from "../../api/Client";
+import { AKResponse } from "../../api/Client";
 import { TablePage } from "../../elements/table/TablePage";

 import "../../elements/policies/BoundPoliciesList";
@ -29,7 +29,7 @@ export class RuleListPage extends TablePage<Rule> {
    @property()
    order = "name";

-    apiEndpoint(page: number): Promise<PBResponse<Rule>> {
+    apiEndpoint(page: number): Promise<AKResponse<Rule>> {
        return Rule.list({
            ordering: this.order,
            page: page,
--- a/web/src/pages/events/TransportListPage.ts
+++ b/web/src/pages/events/TransportListPage.ts
@ -1,6 +1,6 @@
 import { gettext } from "django";
 import { customElement, html, property, TemplateResult } from "lit-element";
-import { DefaultClient, PBResponse } from "../../api/Client";
+import { DefaultClient, AKResponse } from "../../api/Client";
 import { TablePage } from "../../elements/table/TablePage";

 import "../../elements/buttons/ActionButton";
@ -27,7 +27,7 @@ export class TransportListPage extends TablePage<Transport> {
    @property()
    order = "name";

-    apiEndpoint(page: number): Promise<PBResponse<Transport>> {
+    apiEndpoint(page: number): Promise<AKResponse<Transport>> {
        return Transport.list({
            ordering: this.order,
            page: page,
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Jens Langhammer	5725e54334	release: 2021.2.6-stable	2021-02-27 18:16:46 +01:00
Jens Langhammer	c20856ca17	web: fix colourstyles not being included in common_styles # Conflicts: # authentik/events/geo.py # web/src/elements/buttons/TokenCopyButton.ts	2021-02-27 18:16:32 +01:00
Jens Langhammer	9c73e9cf4e	web: fix colourstyles not being included in common_styles # Conflicts: # authentik/events/geo.py # web/src/elements/buttons/TokenCopyButton.ts	2021-02-27 17:36:07 +01:00
Jens Langhammer	b10c3db13d	web: add sentry CaptureConsole # Conflicts: # web/package.json	2021-02-27 17:19:43 +01:00
Jens Langhammer	fe290aa214	sources/ldap: fix password setter on users which are not LDAP	2021-02-27 17:04:16 +01:00
Jens Langhammer	a2e69bd250	sources/ldap: fix API error when source has not synced yet	2021-02-27 17:04:16 +01:00
Jens Langhammer	d2a35eb8de	admin: fix missing success_url for clean views	2021-02-27 17:04:16 +01:00
Jens Langhammer	3437d8b4b0	flows: handle error when app cannot be found during import	2021-02-27 17:04:16 +01:00
Jens Langhammer	b862bf4284	providers/oauth2: fix error when no login event could be found	2021-02-27 17:04:16 +01:00
Jens Langhammer	de22a367b1	events: fix error when event can't be loaded into rule task	2021-02-27 17:04:15 +01:00
Jens Langhammer	17ab895652	flows: fix glob pattern for doc flows	2021-02-27 17:04:06 +01:00
Jens Langhammer	a4d5815e1b	policies: sort groups in groupmembership policy and binding closes #595 # Conflicts: # authentik/policies/group_membership/forms.py	2021-02-27 17:02:34 +01:00
Jens Langhammer	e81d3dad3e	release: 2021.2.5-stable	2021-02-24 09:54:06 +01:00
Jens Langhammer	5aabaebd96	root: fix request_id not being logged for actual asgi requests	2021-02-24 09:45:52 +01:00
Jens Langhammer	7b60bca297	web: fix SiteShell breaking links when handlers are updated twice	2021-02-24 09:45:08 +01:00
Jens Langhammer	a07d7456c8	web: fix outpost edit/delete buttons	2021-02-24 09:44:55 +01:00
Jens Langhammer	f33369bf0c	helm: add initial wait for healthcheck	2021-02-24 09:44:39 +01:00
Jens Langhammer	1abcff39c7	outpost: improve logging output, ensure fields match api server	2021-02-24 09:44:24 +01:00
Jens Langhammer	c1caf84d92	events: fix user QuerySet being passed	2021-02-24 09:44:05 +01:00
Jens Langhammer	86c069fe64	admin: fix policy list not having a refresh button	2021-02-24 09:43:57 +01:00
Jens Langhammer	ce0140ef67	events: pass Event's user to Notification policy engine when present	2021-02-24 09:43:50 +01:00
Jens Langhammer	bba43c5109	sources/oauth: fix buttons not being ak-root-link	2021-02-24 09:23:44 +01:00
Jens Langhammer	d99a415502	web: fix library not being full height, again	2021-02-24 09:23:40 +01:00
Jens Langhammer	bd48955f39	release: 2021.2.4-stable	2021-02-23 23:00:43 +01:00
Jens Langhammer	53adcd9157	core: fix user-settings not loading sources	2021-02-23 22:55:08 +01:00
Jens Langhammer	c5a2bb8914	admin: fix success_urls	2021-02-23 22:55:01 +01:00
Jens Langhammer	7da90ff7e4	release: 2021.2.3-stable	2021-02-10 20:47:33 +01:00
Jens Langhammer	61b5714652	docs: update release notes	2021-02-10 20:47:06 +01:00
Jens Langhammer	d2df426489	core: fix tokens using wrong lookup	2021-02-10 20:32:54 +01:00
Jens Langhammer	e6c75ed173	web: fix untranslated strings	2021-02-10 20:21:04 +01:00
Jens Langhammer	a353c6956e	web: fix missing source create button	2021-02-10 20:13:12 +01:00
Jens Langhammer	a367d8515f	core: add source endpoint	2021-02-10 20:12:07 +01:00
Jens Langhammer	2b7a22a29a	core: add providers/types endpoint	2021-02-10 20:11:54 +01:00
Jens Langhammer	e6712a50d2	docs: update changelog	2021-02-10 13:45:24 +01:00
Jens Langhammer	c621f62d92	release: 2021.2.2-stable	2021-02-10 13:33:23 +01:00
dependabot[bot]	a0648cd925	build(deps-dev): bump typescript from 4.1.3 to 4.1.4 in /web (#544 ) Bumps [typescript](https://github.com/Microsoft/TypeScript) from 4.1.3 to 4.1.4. - [Release notes](https://github.com/Microsoft/TypeScript/releases) - [Commits](https://github.com/Microsoft/TypeScript/compare/v4.1.3...v4.1.4) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2021-02-10 09:40:39 +01:00
dependabot[bot]	2650e672bb	build(deps): bump boto3 from 1.17.4 to 1.17.5 (#545 ) Bumps [boto3](https://github.com/boto/boto3) from 1.17.4 to 1.17.5. - [Release notes](https://github.com/boto/boto3/releases) - [Changelog](https://github.com/boto/boto3/blob/develop/CHANGELOG.rst) - [Commits](https://github.com/boto/boto3/compare/1.17.4...1.17.5) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2021-02-10 09:40:29 +01:00
dependabot[bot]	53b9376789	build(deps): bump pycryptodome from 3.9.9 to 3.10.1 (#546 ) Bumps [pycryptodome](https://github.com/Legrandin/pycryptodome) from 3.9.9 to 3.10.1. - [Release notes](https://github.com/Legrandin/pycryptodome/releases) - [Changelog](https://github.com/Legrandin/pycryptodome/blob/master/Changelog.rst) - [Commits](https://github.com/Legrandin/pycryptodome/compare/v3.9.9...v3.10.1) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2021-02-10 09:39:50 +01:00
Jens Langhammer	d15e50025c	root: log runtime in milliseconds	2021-02-09 23:33:25 +01:00
Jens Langhammer	0af66a26ab	crypto: move certificate and key data to separate api calls to create events	2021-02-09 21:47:00 +01:00
Jens Langhammer	bf754369d9	providers/proxy: fix certificates without key being selectable	2021-02-09 21:11:44 +01:00
Jens Langhammer	02dc112f8f	outposts: fix ProxyProvider update not triggering outpost update	2021-02-09 20:59:39 +01:00
Jens Langhammer	2d4e7ebab5	admin: remove unnecessary success_urls	2021-02-09 20:58:46 +01:00
Jens Langhammer	a7d0a50859	events: rename context.token to context.secret	2021-02-09 20:10:43 +01:00
Jens Langhammer	71c9108f89	events: rename token_view to secret_view	2021-02-09 18:20:28 +01:00
Jens Langhammer	f8bcdb26b3	web: PBResponse -> AKResponse	2021-02-09 17:04:55 +01:00
Jens Langhammer	45f1d95bf9	sources/oauth: add callback URL to api	2021-02-09 16:58:19 +01:00
Jens Langhammer	5dab198c47	web: add new sources view	2021-02-09 16:24:27 +01:00
Jens Langhammer	ad91abe9de	admin: remove old sources view	2021-02-09 16:17:48 +01:00
Jens Langhammer	fa30755241	web: make ActionButton's method configurable	2021-02-09 16:14:51 +01:00
Jens Langhammer	552f8c6a9a	sources/*: switch API to use slug in URL	2021-02-09 16:08:30 +01:00
Jens Langhammer	101f916247	web: add source list page	2021-02-09 10:22:49 +01:00
Jens Langhammer	2acdcf74e1	sources/ldap: add API for sync status	2021-02-09 10:21:59 +01:00
Jens Langhammer	ddb8610032	web: fix modalbutton for non-fetched sites	2021-02-09 10:00:33 +01:00
Jens Langhammer	22ad850e6c	web: fix overflow on modalbutton	2021-02-09 09:57:59 +01:00
dependabot[bot]	57925ed60a	build(deps-dev): bump @typescript-eslint/eslint-plugin in /web (#543 ) Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 4.14.2 to 4.15.0. - [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases) - [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/master/packages/eslint-plugin/CHANGELOG.md) - [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v4.15.0/packages/eslint-plugin) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2021-02-09 09:57:06 +01:00
dependabot[bot]	48cc2f17c1	build(deps-dev): bump @typescript-eslint/parser in /web (#542 ) Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 4.14.2 to 4.15.0. - [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases) - [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/master/packages/parser/CHANGELOG.md) - [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v4.15.0/packages/parser) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2021-02-09 09:30:41 +01:00
dependabot[bot]	448108fca0	build(deps): bump boto3 from 1.17.3 to 1.17.4 (#541 ) Bumps [boto3](https://github.com/boto/boto3) from 1.17.3 to 1.17.4. - [Release notes](https://github.com/boto/boto3/releases) - [Changelog](https://github.com/boto/boto3/blob/develop/CHANGELOG.rst) - [Commits](https://github.com/boto/boto3/compare/1.17.3...1.17.4) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2021-02-09 09:30:30 +01:00
Jens Langhammer	c1254f6212	web: update SiteShell to not use innerHTML	2021-02-08 23:16:20 +01:00
Jens Langhammer	c8120c0d3e	web: fix ModalButton working in global scope, causing issues on 2nd use	2021-02-08 23:10:45 +01:00
Jens Langhammer	52016e0806	policies: skip cache on debug request	2021-02-08 22:14:23 +01:00
Jens Langhammer	e555bdd42b	lib: fix stacktrace for general expressions	2021-02-08 22:14:13 +01:00
Jens Langhammer	1a619c90de	Merge branch 'version-2021.2'	2021-02-08 21:51:59 +01:00
Jens Langhammer	18faf30b0c	docs: update release notes	2021-02-08 21:51:53 +01:00