release: 2022.6.2

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

.bumpversion.cfg

@@ -1,5 +1,5 @@
 [bumpversion]
-current_version = 2022.6.1
+current_version = 2022.6.2
 tag = True
 commit = True
 parse = (?P<major>\d+)\.(?P<minor>\d+)\.(?P<patch>\d+)\-?(?P<release>.*)

.github/workflows/ci-outpost.yml

@@ -110,7 +110,7 @@ jobs:
       - uses: actions/setup-go@v3
         with:
           go-version: "^1.17"
-      - uses: actions/setup-node@v3.2.0
+      - uses: actions/setup-node@v3.3.0
         with:
           node-version: '16'
           cache: 'npm'

.github/workflows/ci-web.yml

@@ -15,7 +15,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3
-      - uses: actions/setup-node@v3.2.0
+      - uses: actions/setup-node@v3.3.0
         with:
           node-version: '16'
           cache: 'npm'
@@ -31,7 +31,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3
-      - uses: actions/setup-node@v3.2.0
+      - uses: actions/setup-node@v3.3.0
         with:
           node-version: '16'
           cache: 'npm'
@@ -47,7 +47,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3
-      - uses: actions/setup-node@v3.2.0
+      - uses: actions/setup-node@v3.3.0
         with:
           node-version: '16'
           cache: 'npm'
@@ -73,7 +73,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3
-      - uses: actions/setup-node@v3.2.0
+      - uses: actions/setup-node@v3.3.0
         with:
           node-version: '16'
           cache: 'npm'

.github/workflows/ci-website.yml

@@ -15,7 +15,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3
-      - uses: actions/setup-node@v3.2.0
+      - uses: actions/setup-node@v3.3.0
         with:
           node-version: '16'
           cache: 'npm'

.github/workflows/release-publish.yml

@@ -30,9 +30,9 @@ jobs:
         with:
           push: ${{ github.event_name == 'release' }}
           tags: |
-            beryju/authentik:2022.6.1,
+            beryju/authentik:2022.6.2,
             beryju/authentik:latest,
-            ghcr.io/goauthentik/server:2022.6.1,
+            ghcr.io/goauthentik/server:2022.6.2,
             ghcr.io/goauthentik/server:latest
           platforms: linux/amd64,linux/arm64
           context: .
@@ -69,9 +69,9 @@ jobs:
         with:
           push: ${{ github.event_name == 'release' }}
           tags: |
-            beryju/authentik-${{ matrix.type }}:2022.6.1,
+            beryju/authentik-${{ matrix.type }}:2022.6.2,
             beryju/authentik-${{ matrix.type }}:latest,
-            ghcr.io/goauthentik/${{ matrix.type }}:2022.6.1,
+            ghcr.io/goauthentik/${{ matrix.type }}:2022.6.2,
             ghcr.io/goauthentik/${{ matrix.type }}:latest
           file: ${{ matrix.type }}.Dockerfile
           platforms: linux/amd64,linux/arm64
@@ -91,7 +91,7 @@ jobs:
       - uses: actions/setup-go@v3
         with:
           go-version: "^1.17"
-      - uses: actions/setup-node@v3.2.0
+      - uses: actions/setup-node@v3.3.0
         with:
           node-version: '16'
           cache: 'npm'
@@ -152,7 +152,7 @@ jobs:
           SENTRY_PROJECT: authentik
           SENTRY_URL: https://sentry.beryju.org
         with:
-          version: authentik@2022.6.1
+          version: authentik@2022.6.2
           environment: beryjuorg-prod
           sourcemaps: './web/dist'
           url_prefix: '~/static/dist'

.github/workflows/web-api-publish.yml

@@ -11,7 +11,7 @@ jobs:
     steps:
       - uses: actions/checkout@v3
       # Setup .npmrc file to publish to npm
-      - uses: actions/setup-node@v3.2.0
+      - uses: actions/setup-node@v3.3.0
         with:
           node-version: '16'
           registry-url: 'https://registry.npmjs.org'

Makefile

@@ -103,6 +103,9 @@ run:
 ## Web
 #########################
 
+web-build: web-install
+	cd web && npm run build
+
 web: web-lint-fix web-lint web-extract
 
 web-install:

authentik/__init__.py

@@ -2,7 +2,7 @@
 from os import environ
 from typing import Optional
 
-__version__ = "2022.6.1"
+__version__ = "2022.6.2"
 ENV_GIT_HASH_KEY = "GIT_BUILD_HASH"
 
 

authentik/core/api/applications.py

@@ -63,6 +63,7 @@ class ApplicationSerializer(ModelSerializer):
             "provider",
             "provider_obj",
             "launch_url",
+            "open_in_new_tab",
             "meta_launch_url",
             "meta_icon",
             "meta_description",

authentik/core/api/sources.py

@@ -8,7 +8,7 @@ from rest_framework.decorators import action
 from rest_framework.filters import OrderingFilter, SearchFilter
 from rest_framework.request import Request
 from rest_framework.response import Response
-from rest_framework.serializers import ModelSerializer, SerializerMethodField
+from rest_framework.serializers import ModelSerializer, ReadOnlyField, SerializerMethodField
 from rest_framework.viewsets import GenericViewSet
 from structlog.stdlib import get_logger
 
@@ -26,6 +26,7 @@ LOGGER = get_logger()
 class SourceSerializer(ModelSerializer, MetaNameSerializer):
     """Source Serializer"""
 
+    managed = ReadOnlyField()
     component = SerializerMethodField()
 
     def get_component(self, obj: Source) -> str:
@@ -51,6 +52,7 @@ class SourceSerializer(ModelSerializer, MetaNameSerializer):
             "meta_model_name",
             "policy_engine_mode",
             "user_matching_mode",
+            "managed",
         ]
 
 
@@ -67,6 +69,7 @@ class SourceViewSet(
     serializer_class = SourceSerializer
     lookup_field = "slug"
     search_fields = ["slug", "name"]
+    filterset_fields = ["slug", "name", "managed"]
 
     def get_queryset(self):  # pragma: no cover
         return Source.objects.select_subclasses()

authentik/core/managed.py

@@ -12,5 +12,6 @@ class CoreManager(ObjectManager):
                 Source,
                 "goauthentik.io/sources/inbuilt",
                 name="authentik Built-in",
+                slug="authentik-built-in",
             ),
         ]

authentik/core/migrations/0020_application_open_in_new_tab.py

@@ -0,0 +1,20 @@
+# Generated by Django 4.0.5 on 2022-06-04 06:54
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("authentik_core", "0019_application_group"),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name="application",
+            name="open_in_new_tab",
+            field=models.BooleanField(
+                default=False, help_text="Open launch URL in a new browser tab or window."
+            ),
+        ),
+    ]

authentik/core/models.py

@@ -278,6 +278,11 @@ class Application(PolicyBindingModel):
     meta_launch_url = models.TextField(
         default="", blank=True, validators=[DomainlessURLValidator()]
     )
+
+    open_in_new_tab = models.BooleanField(
+        default=False, help_text=_("Open launch URL in a new browser tab or window.")
+    )
+
     # For template applications, this can be set to /static/authentik/applications/*
     meta_icon = models.FileField(
         upload_to="application-icons/",

authentik/core/tests/test_applications_api.py

@@ -29,6 +29,7 @@ class TestApplicationsAPI(APITestCase):
             name="allowed",
             slug="allowed",
             meta_launch_url="https://goauthentik.io/%(username)s",
+            open_in_new_tab=True,
             provider=self.provider,
         )
         self.denied = Application.objects.create(name="denied", slug="denied")
@@ -100,6 +101,7 @@ class TestApplicationsAPI(APITestCase):
                         },
                         "launch_url": f"https://goauthentik.io/{self.user.username}",
                         "meta_launch_url": "https://goauthentik.io/%(username)s",
+                        "open_in_new_tab": True,
                         "meta_icon": None,
                         "meta_description": "",
                         "meta_publisher": "",
@@ -148,6 +150,7 @@ class TestApplicationsAPI(APITestCase):
                         },
                         "launch_url": f"https://goauthentik.io/{self.user.username}",
                         "meta_launch_url": "https://goauthentik.io/%(username)s",
+                        "open_in_new_tab": True,
                         "meta_icon": None,
                         "meta_description": "",
                         "meta_publisher": "",
@@ -158,6 +161,7 @@ class TestApplicationsAPI(APITestCase):
                         "meta_description": "",
                         "meta_icon": None,
                         "meta_launch_url": "",
+                        "open_in_new_tab": False,
                         "meta_publisher": "",
                         "group": "",
                         "name": "denied",

authentik/events/geo.py

@@ -76,11 +76,8 @@ class GeoIPReader:
             except (GeoIP2Error, ValueError):
                 return None
 
-    def city_dict(self, ip_address: str) -> Optional[GeoIPDict]:
-        """Wrapper for self.city that returns a dict"""
-        city = self.city(ip_address)
-        if not city:
-            return None
+    def city_to_dict(self, city: City) -> GeoIPDict:
+        """Convert City to dict"""
         city_dict: GeoIPDict = {
             "continent": city.continent.code,
             "country": city.country.iso_code,
@@ -92,5 +89,12 @@ class GeoIPReader:
             city_dict["city"] = city.city.name
         return city_dict
 
+    def city_dict(self, ip_address: str) -> Optional[GeoIPDict]:
+        """Wrapper for self.city that returns a dict"""
+        city = self.city(ip_address)
+        if not city:
+            return None
+        return self.city_to_dict(city)
+
 
 GEOIP_READER = GeoIPReader()

authentik/events/utils.py

@@ -10,9 +10,11 @@ from django.db import models
 from django.db.models.base import Model
 from django.http.request import HttpRequest
 from django.views.debug import SafeExceptionReporterFilter
+from geoip2.models import City
 from guardian.utils import get_anonymous_user
 
 from authentik.core.models import User
+from authentik.events.geo import GEOIP_READER
 from authentik.policies.types import PolicyRequest
 
 # Special keys which are *not* cleaned, even when the default filter
@@ -93,6 +95,8 @@ def sanitize_dict(source: dict[Any, Any]) -> dict[Any, Any]:
             final_dict[key] = value.hex
         elif isinstance(value, (HttpRequest, WSGIRequest)):
             continue
+        elif isinstance(value, City):
+            final_dict[key] = GEOIP_READER.city_to_dict(value)
         elif isinstance(value, type):
             final_dict[key] = {
                 "type": value.__name__,

authentik/policies/process.py

@@ -88,7 +88,7 @@ class PolicyProcess(PROCESS_CLASS):
         LOGGER.debug(
             "P_ENG(proc): Running policy",
             policy=self.binding.policy,
-            user=self.request.user,
+            user=self.request.user.username,
             # this is used for filtering in access checking where logs are sent to the admin
             process="PolicyProcess",
         )
@@ -124,7 +124,7 @@ class PolicyProcess(PROCESS_CLASS):
             # this is used for filtering in access checking where logs are sent to the admin
             process="PolicyProcess",
             passing=policy_result.passing,
-            user=self.request.user,
+            user=self.request.user.username,
         )
         return policy_result
 

authentik/providers/oauth2/api/provider.py

@@ -48,6 +48,7 @@ class OAuth2ProviderSetupURLs(PassiveSerializer):
     user_info = CharField(read_only=True)
     provider_info = CharField(read_only=True)
     logout = CharField(read_only=True)
+    jwks = CharField(read_only=True)
 
 
 class OAuth2ProviderViewSet(UsedByMixin, ModelViewSet):
@@ -119,6 +120,12 @@ class OAuth2ProviderViewSet(UsedByMixin, ModelViewSet):
                     kwargs={"application_slug": provider.application.slug},
                 )
             )
+            data["jwks"] = request.build_absolute_uri(
+                reverse(
+                    "authentik_providers_oauth2:jwks",
+                    kwargs={"application_slug": provider.application.slug},
+                )
+            )
         except Provider.application.RelatedObjectDoesNotExist:  # pylint: disable=no-member
             pass
         return Response(data)

authentik/sources/oauth/clients/oauth2.py

@@ -77,10 +77,7 @@ class OAuth2Client(BaseOAuthClient):
             if self.source.type.urls_customizable and self.source.access_token_url:
                 access_token_url = self.source.access_token_url
             response = self.session.request(
-                "post",
-                access_token_url,
-                data=args,
-                headers=self._default_headers,
+                "post", access_token_url, data=args, headers=self._default_headers, **request_kwargs
             )
             response.raise_for_status()
         except RequestException as exc:

authentik/sources/oauth/types/twitter.py

@@ -1,5 +1,5 @@
 """Twitter OAuth Views"""
-from typing import Any
+from typing import Any, Optional
 
 from authentik.lib.generators import generate_id
 from authentik.sources.oauth.clients.oauth2 import SESSION_KEY_OAUTH_PKCE
@@ -9,6 +9,23 @@ from authentik.sources.oauth.views.callback import OAuthCallback
 from authentik.sources.oauth.views.redirect import OAuthRedirect
 
 
+class TwitterClient(AzureADClient):
+    """Twitter has similar quirks to Azure AD, and additionally requires Basic auth on
+    the access token endpoint for some reason."""
+
+    # Twitter has the same quirk as azure and throws an error if the access token
+    # is set via query parameter, so we re-use the azure client
+    # see https://github.com/goauthentik/authentik/issues/1910
+
+    def get_access_token(self, **request_kwargs) -> Optional[dict[str, Any]]:
+        return super().get_access_token(
+            auth=(
+                self.source.consumer_key,
+                self.source.consumer_secret,
+            )
+        )
+
+
 class TwitterOAuthRedirect(OAuthRedirect):
     """Twitter OAuth2 Redirect"""
 
@@ -24,10 +41,7 @@ class TwitterOAuthRedirect(OAuthRedirect):
 class TwitterOAuthCallback(OAuthCallback):
     """Twitter OAuth2 Callback"""
 
-    # Twitter has the same quirk as azure and throws an error if the access token
-    # is set via query parameter, so we re-use the azure client
-    # see https://github.com/goauthentik/authentik/issues/1910
-    client_class = AzureADClient
+    client_class = TwitterClient
 
     def get_user_id(self, info: dict[str, str]) -> str:
         return info.get("data", {}).get("id", "")

authentik/stages/authenticator_validate/stage.py

@@ -374,9 +374,9 @@ class AuthenticatorValidateStageView(ChallengeStageView):
         # All validation is done by the serializer
         user = self.executor.plan.context.get(PLAN_CONTEXT_PENDING_USER)
         if not user:
-            webauthn_device: WebAuthnDevice = response.data.get("webauthn", None)
-            if not webauthn_device:
-                return self.executor.stage_ok()
+            if "webauthn" not in response.data:
+                return self.executor.stage_invalid()
+            webauthn_device: WebAuthnDevice = response.device
             self.logger.debug("Set user from user-less flow", user=webauthn_device.user)
             self.executor.plan.context[PLAN_CONTEXT_PENDING_USER] = webauthn_device.user
             self.executor.plan.context[PLAN_CONTEXT_METHOD] = "auth_webauthn_pwl"

authentik/stages/identification/stage.py

@@ -162,10 +162,10 @@ class IdentificationStageView(ChallengeStageView):
         if not query:
             self.logger.debug("Empty user query", query=query)
             return None
-        users = User.objects.filter(query, is_active=True)
-        if users.exists():
-            self.logger.debug("Found user", user=users.first(), query=query)
-            return users.first()
+        user = User.objects.filter(query, is_active=True).first()
+        if user:
+            self.logger.debug("Found user", user=user.username, query=query)
+            return user
         return None
 
     def get_challenge(self) -> Challenge:

authentik/stages/password/stage.py

@@ -56,7 +56,7 @@ def authenticate(
             continue
         # Annotate the user object with the path of the backend.
         user.backend = backend_path
-        LOGGER.debug("Successful authentication", user=user, backend=backend_path)
+        LOGGER.debug("Successful authentication", user=user.username, backend=backend_path)
         return user
 
     # The credentials supplied are invalid to all backends, fire signal

authentik/stages/user_login/stage.py

@@ -47,7 +47,7 @@ class UserLoginStageView(StageView):
         self.logger.debug(
             "Logged in",
             backend=backend,
-            user=user,
+            user=user.username,
             flow_slug=self.executor.flow.slug,
             session_duration=self.executor.current_stage.session_duration,
         )

docker-compose.yml

@@ -29,7 +29,7 @@ services:
       retries: 5
       timeout: 3s
   server:
-    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2022.6.1}
+    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2022.6.2}
     restart: unless-stopped
     command: server
     environment:
@@ -50,7 +50,7 @@ services:
       - "0.0.0.0:${AUTHENTIK_PORT_HTTP:-9000}:9000"
       - "0.0.0.0:${AUTHENTIK_PORT_HTTPS:-9443}:9443"
   worker:
-    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2022.6.1}
+    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2022.6.2}
     restart: unless-stopped
     command: worker
     environment:

go.mod

@@ -25,8 +25,8 @@ require (
 	github.com/prometheus/client_golang v1.12.2
 	github.com/quasoft/memstore v0.0.0-20191010062613-2bce066d2b0b
 	github.com/sirupsen/logrus v1.8.1
-	github.com/stretchr/testify v1.7.1
-	goauthentik.io/api/v3 v3.2022053.4
+	github.com/stretchr/testify v1.7.2
+	goauthentik.io/api/v3 v3.2022061.3
 	golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b
 	golang.org/x/sync v0.0.0-20210220032951-036812b2e83c
 	gopkg.in/boj/redistore.v1 v1.0.0-20160128113310-fc113767cd6b
@@ -73,5 +73,5 @@ require (
 	google.golang.org/appengine v1.6.7 // indirect
 	google.golang.org/protobuf v1.27.1 // indirect
 	gopkg.in/square/go-jose.v2 v2.5.1 // indirect
-	gopkg.in/yaml.v3 v3.0.0 // indirect
+	gopkg.in/yaml.v3 v3.0.1 // indirect
 )

go.sum

@@ -337,8 +337,8 @@ github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UV
 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
 github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/stretchr/testify v1.7.1 h1:5TQK59W5E3v0r2duFAb7P95B6hEeOyEnHRa8MjYSMTY=
-github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.7.2 h1:4jaiDzPyXQvSd7D0EjG45355tLlV3VOECpq10pLC+8s=
+github.com/stretchr/testify v1.7.2/go.mod h1:R6va5+xMeoiuVRoj+gSkQ7d3FALtqAAGI1FQKckRals=
 github.com/tidwall/pretty v1.0.0 h1:HsD+QiTn7sK6flMKIvNmpqz1qrpP3Ps6jOKIKMooyg4=
 github.com/tidwall/pretty v1.0.0/go.mod h1:XNkn88O1ChpSDQmQeStsy+sBenx6DDtFZJxhVysOjyk=
 github.com/xdg-go/pbkdf2 v1.0.0/go.mod h1:jrpuAogTd400dnrH08LKmI/xc1MbPOebTwRqcT5RDeI=
@@ -358,8 +358,8 @@ go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
 go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
 go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
 go.uber.org/goleak v1.1.10 h1:z+mqJhf6ss6BSfSM671tgKyZBFPTTJM+HLxnhPC3wu0=
-goauthentik.io/api/v3 v3.2022053.4 h1:MzWwr6YXpnJhCnjf74/vpC5QlEQ71WAGsAPrJMFnLwo=
-goauthentik.io/api/v3 v3.2022053.4/go.mod h1:QM9J32HgYE4gL71lWAfAoXSPdSmLVLW08itfLI3Mo10=
+goauthentik.io/api/v3 v3.2022061.3 h1:1vW4j8sk6pOqPPYquGcYWBA3zfa8pmCdceMNbKRBJiA=
+goauthentik.io/api/v3 v3.2022061.3/go.mod h1:QM9J32HgYE4gL71lWAfAoXSPdSmLVLW08itfLI3Mo10=
 golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20190422162423-af44ce270edf/go.mod h1:WFFai1msRO1wXaEeE5yQxYXgSfI8pQAWXbQop6sCtWE=
@@ -668,8 +668,9 @@ gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C
 gopkg.in/yaml.v3 v3.0.0-20200605160147-a5ece683394c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-gopkg.in/yaml.v3 v3.0.0 h1:hjy8E9ON/egN1tAYqKb61G10WtihqetD4sz2H+8nIeA=
 gopkg.in/yaml.v3 v3.0.0/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
+gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=

internal/constants/constants.go

@@ -25,4 +25,4 @@ func OutpostUserAgent() string {
 	return fmt.Sprintf("goauthentik.io/outpost/%s", FullVersion())
 }
 
-const VERSION = "2022.6.1"
+const VERSION = "2022.6.2"

internal/outpost/ldap/refresh.go

@@ -10,6 +10,7 @@ import (
 	"github.com/go-openapi/strfmt"
 	log "github.com/sirupsen/logrus"
 	"goauthentik.io/api/v3"
+	"goauthentik.io/internal/outpost/ldap/bind"
 	directbind "goauthentik.io/internal/outpost/ldap/bind/direct"
 	memorybind "goauthentik.io/internal/outpost/ldap/bind/memory"
 	"goauthentik.io/internal/outpost/ldap/constants"
@@ -83,7 +84,11 @@ func (ls *LDAPServer) Refresh() error {
 			providers[idx].searcher = directsearch.NewDirectSearcher(providers[idx])
 		}
 		if *provider.BindMode.Ptr() == api.LDAPAPIACCESSMODE_CACHED {
-			providers[idx].binder = memorybind.NewSessionBinder(providers[idx], providers[idx].binder)
+			var oldBinder bind.Binder
+			if existing != nil {
+				oldBinder = existing.binder
+			}
+			providers[idx].binder = memorybind.NewSessionBinder(providers[idx], oldBinder)
 		} else if *provider.BindMode.Ptr() == api.LDAPAPIACCESSMODE_DIRECT {
 			providers[idx].binder = directbind.NewDirectBinder(providers[idx])
 		}

internal/outpost/proxyv2/application/mode_forward.go

@@ -12,19 +12,14 @@ import (
 )
 
 const (
-	envoyPrefix = "/outpost.goauthentik.io/auth/envoy"
+	envoyPrefix   = "/outpost.goauthentik.io/auth/envoy"
+	traefikPrefix = "/outpost.goauthentik.io/auth/traefik"
+	nginxPrefix   = "/outpost.goauthentik.io/auth/nginx"
 )
 
 func (a *Application) configureForward() error {
-	a.mux.HandleFunc("/outpost.goauthentik.io/auth", func(rw http.ResponseWriter, r *http.Request) {
-		if _, ok := r.URL.Query()["traefik"]; ok {
-			a.forwardHandleTraefik(rw, r)
-			return
-		}
-		a.forwardHandleNginx(rw, r)
-	})
-	a.mux.HandleFunc("/outpost.goauthentik.io/auth/traefik", a.forwardHandleTraefik)
-	a.mux.HandleFunc("/outpost.goauthentik.io/auth/nginx", a.forwardHandleNginx)
+	a.mux.HandleFunc(traefikPrefix, a.forwardHandleTraefik)
+	a.mux.HandleFunc(nginxPrefix, a.forwardHandleNginx)
 	a.mux.PathPrefix(envoyPrefix).HandlerFunc(a.forwardHandleEnvoy)
 	return nil
 }
@@ -59,7 +54,6 @@ func (a *Application) forwardHandleTraefik(rw http.ResponseWriter, r *http.Reque
 		return
 	}
 	host := ""
-	s, _ := a.sessions.Get(r, constants.SessionName)
 	// Optional suffix, which is appended to the URL
 	if *a.proxyConfig.Mode.Get() == api.PROXYMODE_FORWARD_SINGLE {
 		host = web.GetHost(r)
@@ -75,10 +69,13 @@ func (a *Application) forwardHandleTraefik(rw http.ResponseWriter, r *http.Reque
 	// to a (possibly) different domain, but we want to be redirected back
 	// to the application
 	// X-Forwarded-Uri is only the path, so we need to build the entire URL
-	s.Values[constants.SessionRedirect] = fwd.String()
-	err = s.Save(r, rw)
-	if err != nil {
-		a.log.WithError(err).Warning("failed to save session before redirect")
+	s, _ := a.sessions.Get(r, constants.SessionName)
+	if _, redirectSet := s.Values[constants.SessionRedirect]; !redirectSet {
+		s.Values[constants.SessionRedirect] = fwd.String()
+		err = s.Save(r, rw)
+		if err != nil {
+			a.log.WithError(err).Warning("failed to save session before redirect")
+		}
 	}
 
 	proto := r.Header.Get("X-Forwarded-Proto")
@@ -117,10 +114,12 @@ func (a *Application) forwardHandleNginx(rw http.ResponseWriter, r *http.Request
 	}
 
 	s, _ := a.sessions.Get(r, constants.SessionName)
-	s.Values[constants.SessionRedirect] = fwd.String()
-	err = s.Save(r, rw)
-	if err != nil {
-		a.log.WithError(err).Warning("failed to save session before redirect")
+	if _, redirectSet := s.Values[constants.SessionRedirect]; !redirectSet {
+		s.Values[constants.SessionRedirect] = fwd.String()
+		err = s.Save(r, rw)
+		if err != nil {
+			a.log.WithError(err).Warning("failed to save session before redirect")
+		}
 	}
 
 	if fwd.String() != r.URL.String() {
@@ -152,7 +151,6 @@ func (a *Application) forwardHandleEnvoy(rw http.ResponseWriter, r *http.Request
 		return
 	}
 	host := ""
-	s, _ := a.sessions.Get(r, constants.SessionName)
 	// Optional suffix, which is appended to the URL
 	if *a.proxyConfig.Mode.Get() == api.PROXYMODE_FORWARD_SINGLE {
 		host = web.GetHost(r)
@@ -168,6 +166,7 @@ func (a *Application) forwardHandleEnvoy(rw http.ResponseWriter, r *http.Request
 	// to a (possibly) different domain, but we want to be redirected back
 	// to the application
 	// X-Forwarded-Uri is only the path, so we need to build the entire URL
+	s, _ := a.sessions.Get(r, constants.SessionName)
 	if _, redirectSet := s.Values[constants.SessionRedirect]; !redirectSet {
 		s.Values[constants.SessionRedirect] = fwd.String()
 		err = s.Save(r, rw)

internal/outpost/proxyv2/application/utils.go

@@ -36,10 +36,12 @@ func (a *Application) redirectToStart(rw http.ResponseWriter, r *http.Request) {
 			redirectUrl = a.proxyConfig.ExternalHost
 		}
 	}
-	s.Values[constants.SessionRedirect] = redirectUrl
-	err = s.Save(r, rw)
-	if err != nil {
-		a.log.WithError(err).Warning("failed to save session before redirect")
+	if _, redirectSet := s.Values[constants.SessionRedirect]; !redirectSet {
+		s.Values[constants.SessionRedirect] = redirectUrl
+		err = s.Save(r, rw)
+		if err != nil {
+			a.log.WithError(err).Warning("failed to save session before redirect")
+		}
 	}
 
 	urlArgs := url.Values{

poetry.lock

@@ -1322,7 +1322,7 @@ tests = ["pytest (>=6.0.0,<7.0.0)", "coverage[toml] (==5.0.4)"]
 
 [[package]]
 name = "pylint"
-version = "2.14.0"
+version = "2.14.1"
 description = "python code static checker"
 category = "dev"
 optional = false
@@ -3237,8 +3237,8 @@ pyjwt = [
     {file = "PyJWT-2.4.0.tar.gz", hash = "sha256:d42908208c699b3b973cbeb01a969ba6a96c821eefb1c5bfe4c390c01d67abba"},
 ]
 pylint = [
-    {file = "pylint-2.14.0-py3-none-any.whl", hash = "sha256:ef64ce5d4c17b8906caeaf2c2914ef3036a3a1b7f4a86f5fbf6caff9067c5f63"},
-    {file = "pylint-2.14.0.tar.gz", hash = "sha256:10d291ea5133645f73fc1b51ca137ad6531223c1461a5632a1db029a9bc033b5"},
+    {file = "pylint-2.14.1-py3-none-any.whl", hash = "sha256:bb71e6d169506de585edea997e48d9ff20c0dc0e2fbc1d166bad6b640120326b"},
+    {file = "pylint-2.14.1.tar.gz", hash = "sha256:549261e0762c3466cc001024c4419c08252cb8c8d40f5c2c6966fea690e7fe2a"},
 ]
 pylint-django = [
     {file = "pylint-django-2.5.3.tar.gz", hash = "sha256:0ac090d106c62fe33782a1d01bda1610b761bb1c9bf5035ced9d5f23a13d8591"},

pyproject.toml

@@ -90,7 +90,7 @@ addopts = "-p no:celery --junitxml=unittest.xml"
 
 [tool.poetry]
 name = "authentik"
-version = "2022.6.1"
+version = "2022.6.2"
 description = ""
 authors = ["authentik Team <hello@goauthentik.io>"]
 

schema.yml

@@ -1,7 +1,7 @@
 openapi: 3.0.3
 info:
   title: authentik
-  version: 2022.6.1
+  version: 2022.6.2
   description: Making authentication simple.
   contact:
     email: hello@goauthentik.io
@@ -11862,6 +11862,14 @@ paths:
       operationId: sources_all_list
       description: Source Viewset
       parameters:
+      - in: query
+        name: managed
+        schema:
+          type: string
+      - in: query
+        name: name
+        schema:
+          type: string
       - name: ordering
         required: false
         in: query
@@ -11886,6 +11894,10 @@ paths:
         description: A search term.
         schema:
           type: string
+      - in: query
+        name: slug
+        schema:
+          type: string
       tags:
       - sources
       security:
@@ -19151,6 +19163,9 @@ components:
           type: string
           nullable: true
           readOnly: true
+        open_in_new_tab:
+          type: boolean
+          description: Open launch URL in a new browser tab or window.
         meta_launch_url:
           type: string
           format: uri
@@ -19190,6 +19205,9 @@ components:
         provider:
           type: integer
           nullable: true
+        open_in_new_tab:
+          type: boolean
+          description: Open launch URL in a new browser tab or window.
         meta_launch_url:
           type: string
           format: uri
@@ -22678,6 +22696,15 @@ components:
           - $ref: '#/components/schemas/UserMatchingModeEnum'
           description: How the source determines if an existing user should be authenticated
             or a new user enrolled.
+        managed:
+          type: string
+          nullable: true
+          title: Managed by authentik
+          description: Objects which are managed by authentik. These objects are created
+            and updated automatically. This is flag only indicates that an object
+            can be overwritten by migrations. You can still modify the objects via
+            the API, but expect changes to be overwritten in a later update.
+          readOnly: true
         server_uri:
           type: string
           format: uri
@@ -22740,6 +22767,7 @@ components:
       required:
       - base_dn
       - component
+      - managed
       - meta_model_name
       - name
       - pk
@@ -23339,9 +23367,13 @@ components:
         logout:
           type: string
           readOnly: true
+        jwks:
+          type: string
+          readOnly: true
       required:
       - authorize
       - issuer
+      - jwks
       - logout
       - provider_info
       - token
@@ -23394,6 +23426,15 @@ components:
           - $ref: '#/components/schemas/UserMatchingModeEnum'
           description: How the source determines if an existing user should be authenticated
             or a new user enrolled.
+        managed:
+          type: string
+          nullable: true
+          title: Managed by authentik
+          description: Objects which are managed by authentik. These objects are created
+            and updated automatically. This is flag only indicates that an object
+            can be overwritten by migrations. You can still modify the objects via
+            the API, but expect changes to be overwritten in a later update.
+          readOnly: true
         provider_type:
           $ref: '#/components/schemas/ProviderTypeEnum'
         request_token_url:
@@ -23439,6 +23480,7 @@ components:
       - callback_url
       - component
       - consumer_key
+      - managed
       - meta_model_name
       - name
       - pk
@@ -26721,6 +26763,9 @@ components:
         provider:
           type: integer
           nullable: true
+        open_in_new_tab:
+          type: boolean
+          description: Open launch URL in a new browser tab or window.
         meta_launch_url:
           type: string
           format: uri
@@ -28620,6 +28665,15 @@ components:
           - $ref: '#/components/schemas/UserMatchingModeEnum'
           description: How the source determines if an existing user should be authenticated
             or a new user enrolled.
+        managed:
+          type: string
+          nullable: true
+          title: Managed by authentik
+          description: Objects which are managed by authentik. These objects are created
+            and updated automatically. This is flag only indicates that an object
+            can be overwritten by migrations. You can still modify the objects via
+            the API, but expect changes to be overwritten in a later update.
+          readOnly: true
         client_id:
           type: string
           description: Client identifier used to talk to Plex.
@@ -28637,6 +28691,7 @@ components:
           description: Plex token used to check friends
       required:
       - component
+      - managed
       - meta_model_name
       - name
       - pk
@@ -30011,6 +30066,15 @@ components:
           - $ref: '#/components/schemas/UserMatchingModeEnum'
           description: How the source determines if an existing user should be authenticated
             or a new user enrolled.
+        managed:
+          type: string
+          nullable: true
+          title: Managed by authentik
+          description: Objects which are managed by authentik. These objects are created
+            and updated automatically. This is flag only indicates that an object
+            can be overwritten by migrations. You can still modify the objects via
+            the API, but expect changes to be overwritten in a later update.
+          readOnly: true
         pre_authentication_flow:
           type: string
           format: uuid
@@ -30059,6 +30123,7 @@ components:
             doesn''t log out manually. (Format: hours=1;minutes=2;seconds=3).'
       required:
       - component
+      - managed
       - meta_model_name
       - name
       - pk
@@ -30437,8 +30502,18 @@ components:
           - $ref: '#/components/schemas/UserMatchingModeEnum'
           description: How the source determines if an existing user should be authenticated
             or a new user enrolled.
+        managed:
+          type: string
+          nullable: true
+          title: Managed by authentik
+          description: Objects which are managed by authentik. These objects are created
+            and updated automatically. This is flag only indicates that an object
+            can be overwritten by migrations. You can still modify the objects via
+            the API, but expect changes to be overwritten in a later update.
+          readOnly: true
       required:
       - component
+      - managed
       - meta_model_name
       - name
       - pk

web/package-lock.json

@@ -14,15 +14,15 @@
                 "@babel/plugin-transform-runtime": "^7.18.2",
                 "@babel/preset-env": "^7.18.2",
                 "@babel/preset-typescript": "^7.17.12",
-                "@formatjs/intl-listformat": "^7.0.1",
+                "@formatjs/intl-listformat": "^7.0.2",
                 "@fortawesome/fontawesome-free": "^6.1.1",
-                "@goauthentik/api": "^2022.5.3-1654278040",
+                "@goauthentik/api": "^2022.6.1-1654625853",
                 "@jackfranklin/rollup-plugin-markdown": "^0.3.0",
                 "@lingui/cli": "^3.13.3",
                 "@lingui/core": "^3.13.3",
                 "@lingui/detect-locale": "^3.13.3",
                 "@lingui/macro": "^3.13.3",
-                "@patternfly/patternfly": "^4.194.4",
+                "@patternfly/patternfly": "^4.196.7",
                 "@polymer/iron-form": "^3.0.1",
                 "@polymer/paper-input": "^3.2.1",
                 "@rollup/plugin-babel": "^5.3.1",
@@ -37,8 +37,8 @@
                 "@types/chart.js": "^2.9.37",
                 "@types/codemirror": "5.60.5",
                 "@types/grecaptcha": "^3.0.4",
-                "@typescript-eslint/eslint-plugin": "^5.27.0",
-                "@typescript-eslint/parser": "^5.27.0",
+                "@typescript-eslint/eslint-plugin": "^5.27.1",
+                "@typescript-eslint/parser": "^5.27.1",
                 "@webcomponents/webcomponentsjs": "^2.6.0",
                 "babel-plugin-macros": "^3.1.0",
                 "base64-js": "^1.5.1",
@@ -47,7 +47,7 @@
                 "codemirror": "^5.65.5",
                 "construct-style-sheets-polyfill": "^3.1.0",
                 "country-flag-icons": "^1.5.5",
-                "eslint": "^8.16.0",
+                "eslint": "^8.17.0",
                 "eslint-config-google": "^0.14.0",
                 "eslint-plugin-custom-elements": "0.0.6",
                 "eslint-plugin-lit": "^1.6.1",
@@ -65,7 +65,7 @@
                 "rollup-plugin-terser": "^7.0.2",
                 "ts-lit-plugin": "^1.2.1",
                 "tslib": "^2.4.0",
-                "typescript": "^4.7.2",
+                "typescript": "^4.7.3",
                 "webcomponent-qr-code": "^1.0.6",
                 "yaml": "^2.1.1"
             }
@@ -1733,28 +1733,28 @@
             }
         },
         "node_modules/@formatjs/ecma402-abstract": {
-            "version": "1.11.6",
-            "resolved": "https://registry.npmjs.org/@formatjs/ecma402-abstract/-/ecma402-abstract-1.11.6.tgz",
-            "integrity": "sha512-6TcI+IroIK+GTWXBJ643LBJklmCBsqLt1sUTGWfzdBcI5Y6b1L1iamrJB1B5OAQLnhzWveLbmzPYHYsFEZfeig==",
+            "version": "1.11.7",
+            "resolved": "https://registry.npmjs.org/@formatjs/ecma402-abstract/-/ecma402-abstract-1.11.7.tgz",
+            "integrity": "sha512-uNaok4XWMJBtPZk/veTDamFCm5HeWJUk2jwoVfH5/+wenQ60QHjH6T3UQ0GOOCz9jpKmed7vqOri7xSf//Dt7g==",
             "dependencies": {
-                "@formatjs/intl-localematcher": "0.2.27",
+                "@formatjs/intl-localematcher": "0.2.28",
                 "tslib": "2.4.0"
             }
         },
         "node_modules/@formatjs/intl-listformat": {
-            "version": "7.0.1",
-            "resolved": "https://registry.npmjs.org/@formatjs/intl-listformat/-/intl-listformat-7.0.1.tgz",
-            "integrity": "sha512-sgE4B9+mu3ZF77vhZB0tR8O3evvcPA//WbA/8UJ21XOrSzfY6RXhSbvDfSd7Y5iEeBu+2C+5YxDuAwLnvq2SnQ==",
+            "version": "7.0.2",
+            "resolved": "https://registry.npmjs.org/@formatjs/intl-listformat/-/intl-listformat-7.0.2.tgz",
+            "integrity": "sha512-K+HXrYIvEcAH/dS8XXnSHQYC/z4w0eHjPlDx43HOoDY87/xV7rpHxFVXWXTgwLYC6iAPUO72Y/AaT9iq873juw==",
             "dependencies": {
-                "@formatjs/ecma402-abstract": "1.11.6",
-                "@formatjs/intl-localematcher": "0.2.27",
+                "@formatjs/ecma402-abstract": "1.11.7",
+                "@formatjs/intl-localematcher": "0.2.28",
                 "tslib": "2.4.0"
             }
         },
         "node_modules/@formatjs/intl-localematcher": {
-            "version": "0.2.27",
-            "resolved": "https://registry.npmjs.org/@formatjs/intl-localematcher/-/intl-localematcher-0.2.27.tgz",
-            "integrity": "sha512-XHYcVas2ebDTh3VtfdluvbTjqyMUHqFHARnuJo5KYF/0MKOTmozVSK7PJGnu1IEHdmRdTWuG6TB+2RnkasaxVw==",
+            "version": "0.2.28",
+            "resolved": "https://registry.npmjs.org/@formatjs/intl-localematcher/-/intl-localematcher-0.2.28.tgz",
+            "integrity": "sha512-FLsc6Gifs1np/8HnCn/7Q+lHMmenrD5fuDhRT82yj0gi9O19kfaFwjQUw1gZsyILuRyT93GuzdifHj7TKRhBcw==",
             "dependencies": {
                 "tslib": "2.4.0"
             }
@@ -1769,9 +1769,9 @@
             }
         },
         "node_modules/@goauthentik/api": {
-            "version": "2022.5.3-1654278040",
-            "resolved": "https://registry.npmjs.org/@goauthentik/api/-/api-2022.5.3-1654278040.tgz",
-            "integrity": "sha512-cVGJJZzivBC1xHUf1QmQDVWEW6A5uxyZOm977YXhisOKnVAMRSMXz3tNQ+NVJq/Fb1Z+yD3ffGAGcOjThGGoXA=="
+            "version": "2022.6.1-1654625853",
+            "resolved": "https://registry.npmjs.org/@goauthentik/api/-/api-2022.6.1-1654625853.tgz",
+            "integrity": "sha512-VW02zziDmk92hxSDxWU/NUptVnPcZHi1iSSX5CWevNmvrf4kU+j0yBRrlXaWCE/nelgQC2oFiPbwI5FN9MypBg=="
         },
         "node_modules/@humanwhocodes/config-array": {
             "version": "0.9.2",
@@ -2235,9 +2235,9 @@
             }
         },
         "node_modules/@patternfly/patternfly": {
-            "version": "4.194.4",
-            "resolved": "https://registry.npmjs.org/@patternfly/patternfly/-/patternfly-4.194.4.tgz",
-            "integrity": "sha512-SJxr502v0xXk1N5OiPLunD9pdKvHp5XXJLXcD5lIPrimjjUcy46m48X8YONjDvnC/Y5xV92UI2KxoCVucE34eA=="
+            "version": "4.196.7",
+            "resolved": "https://registry.npmjs.org/@patternfly/patternfly/-/patternfly-4.196.7.tgz",
+            "integrity": "sha512-hA7Oww411e1p0/IXjC1I+4/1NNis9V+NVBxfUIpRwyuLbCIDHBdtMu2qAPLdKxXjuibV9EE6ZdlT7ra/kcFuJQ=="
         },
         "node_modules/@polymer/font-roboto": {
             "version": "3.0.2",
@@ -2883,13 +2883,13 @@
             "integrity": "sha512-7tFImggNeNBVMsn0vLrpn1H1uPrUBdnARPTpZoitY37ZrdJREzf7I16tMrlK3hen349gr1NYh8CmZQa7CTG6Aw=="
         },
         "node_modules/@typescript-eslint/eslint-plugin": {
-            "version": "5.27.0",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-5.27.0.tgz",
-            "integrity": "sha512-DDrIA7GXtmHXr1VCcx9HivA39eprYBIFxbQEHI6NyraRDxCGpxAFiYQAT/1Y0vh1C+o2vfBiy4IuPoXxtTZCAQ==",
+            "version": "5.27.1",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-5.27.1.tgz",
+            "integrity": "sha512-6dM5NKT57ZduNnJfpY81Phe9nc9wolnMCnknb1im6brWi1RYv84nbMS3olJa27B6+irUVV1X/Wb+Am0FjJdGFw==",
             "dependencies": {
-                "@typescript-eslint/scope-manager": "5.27.0",
-                "@typescript-eslint/type-utils": "5.27.0",
-                "@typescript-eslint/utils": "5.27.0",
+                "@typescript-eslint/scope-manager": "5.27.1",
+                "@typescript-eslint/type-utils": "5.27.1",
+                "@typescript-eslint/utils": "5.27.1",
                 "debug": "^4.3.4",
                 "functional-red-black-tree": "^1.0.1",
                 "ignore": "^5.2.0",
@@ -2929,13 +2929,13 @@
             }
         },
         "node_modules/@typescript-eslint/parser": {
-            "version": "5.27.0",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-5.27.0.tgz",
-            "integrity": "sha512-8oGjQF46c52l7fMiPPvX4It3u3V3JipssqDfHQ2hcR0AeR8Zge+OYyKUCm5b70X72N1qXt0qgHenwN6Gc2SXZA==",
+            "version": "5.27.1",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-5.27.1.tgz",
+            "integrity": "sha512-7Va2ZOkHi5NP+AZwb5ReLgNF6nWLGTeUJfxdkVUAPPSaAdbWNnFZzLZ4EGGmmiCTg+AwlbE1KyUYTBglosSLHQ==",
             "dependencies": {
-                "@typescript-eslint/scope-manager": "5.27.0",
-                "@typescript-eslint/types": "5.27.0",
-                "@typescript-eslint/typescript-estree": "5.27.0",
+                "@typescript-eslint/scope-manager": "5.27.1",
+                "@typescript-eslint/types": "5.27.1",
+                "@typescript-eslint/typescript-estree": "5.27.1",
                 "debug": "^4.3.4"
             },
             "engines": {
@@ -2955,12 +2955,12 @@
             }
         },
         "node_modules/@typescript-eslint/scope-manager": {
-            "version": "5.27.0",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-5.27.0.tgz",
-            "integrity": "sha512-VnykheBQ/sHd1Vt0LJ1JLrMH1GzHO+SzX6VTXuStISIsvRiurue/eRkTqSrG0CexHQgKG8shyJfR4o5VYioB9g==",
+            "version": "5.27.1",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-5.27.1.tgz",
+            "integrity": "sha512-fQEOSa/QroWE6fAEg+bJxtRZJTH8NTskggybogHt4H9Da8zd4cJji76gA5SBlR0MgtwF7rebxTbDKB49YUCpAg==",
             "dependencies": {
-                "@typescript-eslint/types": "5.27.0",
-                "@typescript-eslint/visitor-keys": "5.27.0"
+                "@typescript-eslint/types": "5.27.1",
+                "@typescript-eslint/visitor-keys": "5.27.1"
             },
             "engines": {
                 "node": "^12.22.0 || ^14.17.0 || >=16.0.0"
@@ -2971,11 +2971,11 @@
             }
         },
         "node_modules/@typescript-eslint/type-utils": {
-            "version": "5.27.0",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-5.27.0.tgz",
-            "integrity": "sha512-vpTvRRchaf628Hb/Xzfek+85o//zEUotr1SmexKvTfs7czXfYjXVT/a5yDbpzLBX1rhbqxjDdr1Gyo0x1Fc64g==",
+            "version": "5.27.1",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-5.27.1.tgz",
+            "integrity": "sha512-+UC1vVUWaDHRnC2cQrCJ4QtVjpjjCgjNFpg8b03nERmkHv9JV9X5M19D7UFMd+/G7T/sgFwX2pGmWK38rqyvXw==",
             "dependencies": {
-                "@typescript-eslint/utils": "5.27.0",
+                "@typescript-eslint/utils": "5.27.1",
                 "debug": "^4.3.4",
                 "tsutils": "^3.21.0"
             },
@@ -2996,9 +2996,9 @@
             }
         },
         "node_modules/@typescript-eslint/types": {
-            "version": "5.27.0",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-5.27.0.tgz",
-            "integrity": "sha512-lY6C7oGm9a/GWhmUDOs3xAVRz4ty/XKlQ2fOLr8GAIryGn0+UBOoJDWyHer3UgrHkenorwvBnphhP+zPmzmw0A==",
+            "version": "5.27.1",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-5.27.1.tgz",
+            "integrity": "sha512-LgogNVkBhCTZU/m8XgEYIWICD6m4dmEDbKXESCbqOXfKZxRKeqpiJXQIErv66sdopRKZPo5l32ymNqibYEH/xg==",
             "engines": {
                 "node": "^12.22.0 || ^14.17.0 || >=16.0.0"
             },
@@ -3008,12 +3008,12 @@
             }
         },
         "node_modules/@typescript-eslint/typescript-estree": {
-            "version": "5.27.0",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-5.27.0.tgz",
-            "integrity": "sha512-QywPMFvgZ+MHSLRofLI7BDL+UczFFHyj0vF5ibeChDAJgdTV8k4xgEwF0geFhVlPc1p8r70eYewzpo6ps+9LJQ==",
+            "version": "5.27.1",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-5.27.1.tgz",
+            "integrity": "sha512-DnZvvq3TAJ5ke+hk0LklvxwYsnXpRdqUY5gaVS0D4raKtbznPz71UJGnPTHEFo0GDxqLOLdMkkmVZjSpET1hFw==",
             "dependencies": {
-                "@typescript-eslint/types": "5.27.0",
-                "@typescript-eslint/visitor-keys": "5.27.0",
+                "@typescript-eslint/types": "5.27.1",
+                "@typescript-eslint/visitor-keys": "5.27.1",
                 "debug": "^4.3.4",
                 "globby": "^11.1.0",
                 "is-glob": "^4.0.3",
@@ -3048,14 +3048,14 @@
             }
         },
         "node_modules/@typescript-eslint/utils": {
-            "version": "5.27.0",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-5.27.0.tgz",
-            "integrity": "sha512-nZvCrkIJppym7cIbP3pOwIkAefXOmfGPnCM0LQfzNaKxJHI6VjI8NC662uoiPlaf5f6ymkTy9C3NQXev2mdXmA==",
+            "version": "5.27.1",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-5.27.1.tgz",
+            "integrity": "sha512-mZ9WEn1ZLDaVrhRaYgzbkXBkTPghPFsup8zDbbsYTxC5OmqrFE7skkKS/sraVsLP3TcT3Ki5CSyEFBRkLH/H/w==",
             "dependencies": {
                 "@types/json-schema": "^7.0.9",
-                "@typescript-eslint/scope-manager": "5.27.0",
-                "@typescript-eslint/types": "5.27.0",
-                "@typescript-eslint/typescript-estree": "5.27.0",
+                "@typescript-eslint/scope-manager": "5.27.1",
+                "@typescript-eslint/types": "5.27.1",
+                "@typescript-eslint/typescript-estree": "5.27.1",
                 "eslint-scope": "^5.1.1",
                 "eslint-utils": "^3.0.0"
             },
@@ -3071,11 +3071,11 @@
             }
         },
         "node_modules/@typescript-eslint/visitor-keys": {
-            "version": "5.27.0",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-5.27.0.tgz",
-            "integrity": "sha512-46cYrteA2MrIAjv9ai44OQDUoCZyHeGIc4lsjCUX2WT6r4C+kidz1bNiR4017wHOPUythYeH+Sc7/cFP97KEAA==",
+            "version": "5.27.1",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-5.27.1.tgz",
+            "integrity": "sha512-xYs6ffo01nhdJgPieyk7HAOpjhTsx7r/oB9LWEhwAXgwn33tkr+W8DI2ChboqhZlC4q3TC6geDYPoiX8ROqyOQ==",
             "dependencies": {
-                "@typescript-eslint/types": "5.27.0",
+                "@typescript-eslint/types": "5.27.1",
                 "eslint-visitor-keys": "^3.3.0"
             },
             "engines": {
@@ -4165,9 +4165,9 @@
             }
         },
         "node_modules/eslint": {
-            "version": "8.16.0",
-            "resolved": "https://registry.npmjs.org/eslint/-/eslint-8.16.0.tgz",
-            "integrity": "sha512-MBndsoXY/PeVTDJeWsYj7kLZ5hQpJOfMYLsF6LicLHQWbRDG19lK5jOix4DPl8yY4SUFcE3txy86OzFLWT+yoA==",
+            "version": "8.17.0",
+            "resolved": "https://registry.npmjs.org/eslint/-/eslint-8.17.0.tgz",
+            "integrity": "sha512-gq0m0BTJfci60Fz4nczYxNAlED+sMcihltndR8t9t1evnU/azx53x3t2UHXC/uRjcbvRw/XctpaNygSTcQD+Iw==",
             "dependencies": {
                 "@eslint/eslintrc": "^1.3.0",
                 "@humanwhocodes/config-array": "^0.9.2",
@@ -8476,9 +8476,9 @@
             }
         },
         "node_modules/typescript": {
-            "version": "4.7.2",
-            "resolved": "https://registry.npmjs.org/typescript/-/typescript-4.7.2.tgz",
-            "integrity": "sha512-Mamb1iX2FDUpcTRzltPxgWMKy3fhg0TN378ylbktPGPK/99KbDtMQ4W1hwgsbPAsG3a0xKa1vmw4VKZQbkvz5A==",
+            "version": "4.7.3",
+            "resolved": "https://registry.npmjs.org/typescript/-/typescript-4.7.3.tgz",
+            "integrity": "sha512-WOkT3XYvrpXx4vMMqlD+8R8R37fZkjyLGlxavMc4iB8lrl8L0DeTcHbYgw/v0N/z9wAFsgBhcsF0ruoySS22mA==",
             "bin": {
                 "tsc": "bin/tsc",
                 "tsserver": "bin/tsserver"
@@ -10075,28 +10075,28 @@
             }
         },
         "@formatjs/ecma402-abstract": {
-            "version": "1.11.6",
-            "resolved": "https://registry.npmjs.org/@formatjs/ecma402-abstract/-/ecma402-abstract-1.11.6.tgz",
-            "integrity": "sha512-6TcI+IroIK+GTWXBJ643LBJklmCBsqLt1sUTGWfzdBcI5Y6b1L1iamrJB1B5OAQLnhzWveLbmzPYHYsFEZfeig==",
+            "version": "1.11.7",
+            "resolved": "https://registry.npmjs.org/@formatjs/ecma402-abstract/-/ecma402-abstract-1.11.7.tgz",
+            "integrity": "sha512-uNaok4XWMJBtPZk/veTDamFCm5HeWJUk2jwoVfH5/+wenQ60QHjH6T3UQ0GOOCz9jpKmed7vqOri7xSf//Dt7g==",
             "requires": {
-                "@formatjs/intl-localematcher": "0.2.27",
+                "@formatjs/intl-localematcher": "0.2.28",
                 "tslib": "2.4.0"
             }
         },
         "@formatjs/intl-listformat": {
-            "version": "7.0.1",
-            "resolved": "https://registry.npmjs.org/@formatjs/intl-listformat/-/intl-listformat-7.0.1.tgz",
-            "integrity": "sha512-sgE4B9+mu3ZF77vhZB0tR8O3evvcPA//WbA/8UJ21XOrSzfY6RXhSbvDfSd7Y5iEeBu+2C+5YxDuAwLnvq2SnQ==",
+            "version": "7.0.2",
+            "resolved": "https://registry.npmjs.org/@formatjs/intl-listformat/-/intl-listformat-7.0.2.tgz",
+            "integrity": "sha512-K+HXrYIvEcAH/dS8XXnSHQYC/z4w0eHjPlDx43HOoDY87/xV7rpHxFVXWXTgwLYC6iAPUO72Y/AaT9iq873juw==",
             "requires": {
-                "@formatjs/ecma402-abstract": "1.11.6",
-                "@formatjs/intl-localematcher": "0.2.27",
+                "@formatjs/ecma402-abstract": "1.11.7",
+                "@formatjs/intl-localematcher": "0.2.28",
                 "tslib": "2.4.0"
             }
         },
         "@formatjs/intl-localematcher": {
-            "version": "0.2.27",
-            "resolved": "https://registry.npmjs.org/@formatjs/intl-localematcher/-/intl-localematcher-0.2.27.tgz",
-            "integrity": "sha512-XHYcVas2ebDTh3VtfdluvbTjqyMUHqFHARnuJo5KYF/0MKOTmozVSK7PJGnu1IEHdmRdTWuG6TB+2RnkasaxVw==",
+            "version": "0.2.28",
+            "resolved": "https://registry.npmjs.org/@formatjs/intl-localematcher/-/intl-localematcher-0.2.28.tgz",
+            "integrity": "sha512-FLsc6Gifs1np/8HnCn/7Q+lHMmenrD5fuDhRT82yj0gi9O19kfaFwjQUw1gZsyILuRyT93GuzdifHj7TKRhBcw==",
             "requires": {
                 "tslib": "2.4.0"
             }
@@ -10107,9 +10107,9 @@
             "integrity": "sha512-J/3yg2AIXc9wznaVqpHVX3Wa5jwKovVF0AMYSnbmcXTiL3PpRPfF58pzWucCwEiCJBp+hCNRLWClTomD8SseKg=="
         },
         "@goauthentik/api": {
-            "version": "2022.5.3-1654278040",
-            "resolved": "https://registry.npmjs.org/@goauthentik/api/-/api-2022.5.3-1654278040.tgz",
-            "integrity": "sha512-cVGJJZzivBC1xHUf1QmQDVWEW6A5uxyZOm977YXhisOKnVAMRSMXz3tNQ+NVJq/Fb1Z+yD3ffGAGcOjThGGoXA=="
+            "version": "2022.6.1-1654625853",
+            "resolved": "https://registry.npmjs.org/@goauthentik/api/-/api-2022.6.1-1654625853.tgz",
+            "integrity": "sha512-VW02zziDmk92hxSDxWU/NUptVnPcZHi1iSSX5CWevNmvrf4kU+j0yBRrlXaWCE/nelgQC2oFiPbwI5FN9MypBg=="
         },
         "@humanwhocodes/config-array": {
             "version": "0.9.2",
@@ -10452,9 +10452,9 @@
             }
         },
         "@patternfly/patternfly": {
-            "version": "4.194.4",
-            "resolved": "https://registry.npmjs.org/@patternfly/patternfly/-/patternfly-4.194.4.tgz",
-            "integrity": "sha512-SJxr502v0xXk1N5OiPLunD9pdKvHp5XXJLXcD5lIPrimjjUcy46m48X8YONjDvnC/Y5xV92UI2KxoCVucE34eA=="
+            "version": "4.196.7",
+            "resolved": "https://registry.npmjs.org/@patternfly/patternfly/-/patternfly-4.196.7.tgz",
+            "integrity": "sha512-hA7Oww411e1p0/IXjC1I+4/1NNis9V+NVBxfUIpRwyuLbCIDHBdtMu2qAPLdKxXjuibV9EE6ZdlT7ra/kcFuJQ=="
         },
         "@polymer/font-roboto": {
             "version": "3.0.2",
@@ -11027,13 +11027,13 @@
             "integrity": "sha512-7tFImggNeNBVMsn0vLrpn1H1uPrUBdnARPTpZoitY37ZrdJREzf7I16tMrlK3hen349gr1NYh8CmZQa7CTG6Aw=="
         },
         "@typescript-eslint/eslint-plugin": {
-            "version": "5.27.0",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-5.27.0.tgz",
-            "integrity": "sha512-DDrIA7GXtmHXr1VCcx9HivA39eprYBIFxbQEHI6NyraRDxCGpxAFiYQAT/1Y0vh1C+o2vfBiy4IuPoXxtTZCAQ==",
+            "version": "5.27.1",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-5.27.1.tgz",
+            "integrity": "sha512-6dM5NKT57ZduNnJfpY81Phe9nc9wolnMCnknb1im6brWi1RYv84nbMS3olJa27B6+irUVV1X/Wb+Am0FjJdGFw==",
             "requires": {
-                "@typescript-eslint/scope-manager": "5.27.0",
-                "@typescript-eslint/type-utils": "5.27.0",
-                "@typescript-eslint/utils": "5.27.0",
+                "@typescript-eslint/scope-manager": "5.27.1",
+                "@typescript-eslint/type-utils": "5.27.1",
+                "@typescript-eslint/utils": "5.27.1",
                 "debug": "^4.3.4",
                 "functional-red-black-tree": "^1.0.1",
                 "ignore": "^5.2.0",
@@ -11053,47 +11053,47 @@
             }
         },
         "@typescript-eslint/parser": {
-            "version": "5.27.0",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-5.27.0.tgz",
-            "integrity": "sha512-8oGjQF46c52l7fMiPPvX4It3u3V3JipssqDfHQ2hcR0AeR8Zge+OYyKUCm5b70X72N1qXt0qgHenwN6Gc2SXZA==",
+            "version": "5.27.1",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-5.27.1.tgz",
+            "integrity": "sha512-7Va2ZOkHi5NP+AZwb5ReLgNF6nWLGTeUJfxdkVUAPPSaAdbWNnFZzLZ4EGGmmiCTg+AwlbE1KyUYTBglosSLHQ==",
             "requires": {
-                "@typescript-eslint/scope-manager": "5.27.0",
-                "@typescript-eslint/types": "5.27.0",
-                "@typescript-eslint/typescript-estree": "5.27.0",
+                "@typescript-eslint/scope-manager": "5.27.1",
+                "@typescript-eslint/types": "5.27.1",
+                "@typescript-eslint/typescript-estree": "5.27.1",
                 "debug": "^4.3.4"
             }
         },
         "@typescript-eslint/scope-manager": {
-            "version": "5.27.0",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-5.27.0.tgz",
-            "integrity": "sha512-VnykheBQ/sHd1Vt0LJ1JLrMH1GzHO+SzX6VTXuStISIsvRiurue/eRkTqSrG0CexHQgKG8shyJfR4o5VYioB9g==",
+            "version": "5.27.1",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-5.27.1.tgz",
+            "integrity": "sha512-fQEOSa/QroWE6fAEg+bJxtRZJTH8NTskggybogHt4H9Da8zd4cJji76gA5SBlR0MgtwF7rebxTbDKB49YUCpAg==",
             "requires": {
-                "@typescript-eslint/types": "5.27.0",
-                "@typescript-eslint/visitor-keys": "5.27.0"
+                "@typescript-eslint/types": "5.27.1",
+                "@typescript-eslint/visitor-keys": "5.27.1"
             }
         },
         "@typescript-eslint/type-utils": {
-            "version": "5.27.0",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-5.27.0.tgz",
-            "integrity": "sha512-vpTvRRchaf628Hb/Xzfek+85o//zEUotr1SmexKvTfs7czXfYjXVT/a5yDbpzLBX1rhbqxjDdr1Gyo0x1Fc64g==",
+            "version": "5.27.1",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-5.27.1.tgz",
+            "integrity": "sha512-+UC1vVUWaDHRnC2cQrCJ4QtVjpjjCgjNFpg8b03nERmkHv9JV9X5M19D7UFMd+/G7T/sgFwX2pGmWK38rqyvXw==",
             "requires": {
-                "@typescript-eslint/utils": "5.27.0",
+                "@typescript-eslint/utils": "5.27.1",
                 "debug": "^4.3.4",
                 "tsutils": "^3.21.0"
             }
         },
         "@typescript-eslint/types": {
-            "version": "5.27.0",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-5.27.0.tgz",
-            "integrity": "sha512-lY6C7oGm9a/GWhmUDOs3xAVRz4ty/XKlQ2fOLr8GAIryGn0+UBOoJDWyHer3UgrHkenorwvBnphhP+zPmzmw0A=="
+            "version": "5.27.1",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-5.27.1.tgz",
+            "integrity": "sha512-LgogNVkBhCTZU/m8XgEYIWICD6m4dmEDbKXESCbqOXfKZxRKeqpiJXQIErv66sdopRKZPo5l32ymNqibYEH/xg=="
         },
         "@typescript-eslint/typescript-estree": {
-            "version": "5.27.0",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-5.27.0.tgz",
-            "integrity": "sha512-QywPMFvgZ+MHSLRofLI7BDL+UczFFHyj0vF5ibeChDAJgdTV8k4xgEwF0geFhVlPc1p8r70eYewzpo6ps+9LJQ==",
+            "version": "5.27.1",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-5.27.1.tgz",
+            "integrity": "sha512-DnZvvq3TAJ5ke+hk0LklvxwYsnXpRdqUY5gaVS0D4raKtbznPz71UJGnPTHEFo0GDxqLOLdMkkmVZjSpET1hFw==",
             "requires": {
-                "@typescript-eslint/types": "5.27.0",
-                "@typescript-eslint/visitor-keys": "5.27.0",
+                "@typescript-eslint/types": "5.27.1",
+                "@typescript-eslint/visitor-keys": "5.27.1",
                 "debug": "^4.3.4",
                 "globby": "^11.1.0",
                 "is-glob": "^4.0.3",
@@ -11112,24 +11112,24 @@
             }
         },
         "@typescript-eslint/utils": {
-            "version": "5.27.0",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-5.27.0.tgz",
-            "integrity": "sha512-nZvCrkIJppym7cIbP3pOwIkAefXOmfGPnCM0LQfzNaKxJHI6VjI8NC662uoiPlaf5f6ymkTy9C3NQXev2mdXmA==",
+            "version": "5.27.1",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-5.27.1.tgz",
+            "integrity": "sha512-mZ9WEn1ZLDaVrhRaYgzbkXBkTPghPFsup8zDbbsYTxC5OmqrFE7skkKS/sraVsLP3TcT3Ki5CSyEFBRkLH/H/w==",
             "requires": {
                 "@types/json-schema": "^7.0.9",
-                "@typescript-eslint/scope-manager": "5.27.0",
-                "@typescript-eslint/types": "5.27.0",
-                "@typescript-eslint/typescript-estree": "5.27.0",
+                "@typescript-eslint/scope-manager": "5.27.1",
+                "@typescript-eslint/types": "5.27.1",
+                "@typescript-eslint/typescript-estree": "5.27.1",
                 "eslint-scope": "^5.1.1",
                 "eslint-utils": "^3.0.0"
             }
         },
         "@typescript-eslint/visitor-keys": {
-            "version": "5.27.0",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-5.27.0.tgz",
-            "integrity": "sha512-46cYrteA2MrIAjv9ai44OQDUoCZyHeGIc4lsjCUX2WT6r4C+kidz1bNiR4017wHOPUythYeH+Sc7/cFP97KEAA==",
+            "version": "5.27.1",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-5.27.1.tgz",
+            "integrity": "sha512-xYs6ffo01nhdJgPieyk7HAOpjhTsx7r/oB9LWEhwAXgwn33tkr+W8DI2ChboqhZlC4q3TC6geDYPoiX8ROqyOQ==",
             "requires": {
-                "@typescript-eslint/types": "5.27.0",
+                "@typescript-eslint/types": "5.27.1",
                 "eslint-visitor-keys": "^3.3.0"
             },
             "dependencies": {
@@ -11909,9 +11909,9 @@
             "integrity": "sha1-G2HAViGQqN/2rjuyzwIAyhMLhtQ="
         },
         "eslint": {
-            "version": "8.16.0",
-            "resolved": "https://registry.npmjs.org/eslint/-/eslint-8.16.0.tgz",
-            "integrity": "sha512-MBndsoXY/PeVTDJeWsYj7kLZ5hQpJOfMYLsF6LicLHQWbRDG19lK5jOix4DPl8yY4SUFcE3txy86OzFLWT+yoA==",
+            "version": "8.17.0",
+            "resolved": "https://registry.npmjs.org/eslint/-/eslint-8.17.0.tgz",
+            "integrity": "sha512-gq0m0BTJfci60Fz4nczYxNAlED+sMcihltndR8t9t1evnU/azx53x3t2UHXC/uRjcbvRw/XctpaNygSTcQD+Iw==",
             "requires": {
                 "@eslint/eslintrc": "^1.3.0",
                 "@humanwhocodes/config-array": "^0.9.2",
@@ -15155,9 +15155,9 @@
             "integrity": "sha512-t0rzBq87m3fVcduHDUFhKmyyX+9eo6WQjZvf51Ea/M0Q7+T374Jp1aUiyUl0GKxp8M/OETVHSDvmkyPgvX+X2w=="
         },
         "typescript": {
-            "version": "4.7.2",
-            "resolved": "https://registry.npmjs.org/typescript/-/typescript-4.7.2.tgz",
-            "integrity": "sha512-Mamb1iX2FDUpcTRzltPxgWMKy3fhg0TN378ylbktPGPK/99KbDtMQ4W1hwgsbPAsG3a0xKa1vmw4VKZQbkvz5A=="
+            "version": "4.7.3",
+            "resolved": "https://registry.npmjs.org/typescript/-/typescript-4.7.3.tgz",
+            "integrity": "sha512-WOkT3XYvrpXx4vMMqlD+8R8R37fZkjyLGlxavMc4iB8lrl8L0DeTcHbYgw/v0N/z9wAFsgBhcsF0ruoySS22mA=="
         },
         "uglify-js": {
             "version": "3.14.1",

web/package.json

@@ -57,15 +57,15 @@
         "@babel/plugin-transform-runtime": "^7.18.2",
         "@babel/preset-env": "^7.18.2",
         "@babel/preset-typescript": "^7.17.12",
-        "@formatjs/intl-listformat": "^7.0.1",
+        "@formatjs/intl-listformat": "^7.0.2",
         "@fortawesome/fontawesome-free": "^6.1.1",
-        "@goauthentik/api": "^2022.5.3-1654278040",
+        "@goauthentik/api": "^2022.6.1-1654625853",
         "@jackfranklin/rollup-plugin-markdown": "^0.3.0",
         "@lingui/cli": "^3.13.3",
         "@lingui/core": "^3.13.3",
         "@lingui/detect-locale": "^3.13.3",
         "@lingui/macro": "^3.13.3",
-        "@patternfly/patternfly": "^4.194.4",
+        "@patternfly/patternfly": "^4.196.7",
         "@polymer/iron-form": "^3.0.1",
         "@polymer/paper-input": "^3.2.1",
         "@rollup/plugin-babel": "^5.3.1",
@@ -80,8 +80,8 @@
         "@types/chart.js": "^2.9.37",
         "@types/codemirror": "5.60.5",
         "@types/grecaptcha": "^3.0.4",
-        "@typescript-eslint/eslint-plugin": "^5.27.0",
-        "@typescript-eslint/parser": "^5.27.0",
+        "@typescript-eslint/eslint-plugin": "^5.27.1",
+        "@typescript-eslint/parser": "^5.27.1",
         "@webcomponents/webcomponentsjs": "^2.6.0",
         "babel-plugin-macros": "^3.1.0",
         "base64-js": "^1.5.1",
@@ -90,7 +90,7 @@
         "codemirror": "^5.65.5",
         "construct-style-sheets-polyfill": "^3.1.0",
         "country-flag-icons": "^1.5.5",
-        "eslint": "^8.16.0",
+        "eslint": "^8.17.0",
         "eslint-config-google": "^0.14.0",
         "eslint-plugin-custom-elements": "0.0.6",
         "eslint-plugin-lit": "^1.6.1",
@@ -108,7 +108,7 @@
         "rollup-plugin-terser": "^7.0.2",
         "ts-lit-plugin": "^1.2.1",
         "tslib": "^2.4.0",
-        "typescript": "^4.7.2",
+        "typescript": "^4.7.3",
         "webcomponent-qr-code": "^1.0.6",
         "yaml": "^2.1.1"
     }

web/src/constants.ts

@@ -3,7 +3,7 @@ export const SUCCESS_CLASS = "pf-m-success";
 export const ERROR_CLASS = "pf-m-danger";
 export const PROGRESS_CLASS = "pf-m-in-progress";
 export const CURRENT_CLASS = "pf-m-current";
-export const VERSION = "2022.6.1";
+export const VERSION = "2022.6.2";
 export const TITLE_DEFAULT = "authentik";
 export const ROUTE_SEPARATOR = ";";
 

web/src/elements/table/Table.ts

@@ -1,7 +1,7 @@
 import { t } from "@lingui/macro";
 
 import { CSSResult, LitElement, TemplateResult, html } from "lit";
-import { property } from "lit/decorators.js";
+import { property, state } from "lit/decorators.js";
 import { ifDefined } from "lit/directives/if-defined.js";
 
 import AKGlobal from "../../authentik.css";
@@ -137,6 +137,9 @@ export abstract class Table<T> extends LitElement {
     @property({ attribute: false })
     expandedElements: T[] = [];
 
+    @state()
+    hasError?: Error;
+
     static get styles(): CSSResult[] {
         return [
             PFBase,
@@ -170,6 +173,7 @@ export abstract class Table<T> extends LitElement {
         this.isLoading = true;
         try {
             this.data = await this.apiEndpoint(this.page);
+            this.hasError = undefined;
             this.page = this.data.pagination.current;
             const newSelected: T[] = [];
             const newExpanded: T[] = [];
@@ -204,8 +208,9 @@ export abstract class Table<T> extends LitElement {
             this.isLoading = false;
             this.selectedElements = newSelected;
             this.expandedElements = newExpanded;
-        } catch {
+        } catch (ex) {
             this.isLoading = false;
+            this.hasError = ex as Error;
         }
     }
 
@@ -235,7 +240,16 @@ export abstract class Table<T> extends LitElement {
         </tbody>`;
     }
 
+    renderError(): TemplateResult {
+        return html`<ak-empty-state header="${t`Failed to fetch objects.`}" icon="fa-times">
+            <div slot="body">${this.hasError?.toString()}</div>
+        </ak-empty-state>`;
+    }
+
     private renderRows(): TemplateResult[] | undefined {
+        if (this.hasError) {
+            return [this.renderEmpty(this.renderError())];
+        }
         if (!this.data) {
             return;
         }

web/src/locales/de.po

@@ -62,6 +62,7 @@ msgstr "(Format: hours=-1;minutes=-2;seconds=-3)."
 #: src/pages/providers/oauth2/OAuth2ProviderViewPage.ts
 #: src/pages/providers/oauth2/OAuth2ProviderViewPage.ts
 #: src/pages/providers/oauth2/OAuth2ProviderViewPage.ts
+#: src/pages/providers/oauth2/OAuth2ProviderViewPage.ts
 #: src/pages/stages/invitation/InvitationListPage.ts
 #: src/pages/tokens/TokenListPage.ts
 #: src/pages/users/RelatedUserList.ts
@@ -2100,6 +2101,10 @@ msgstr "Löschen von {0} fehlgeschlagen: {1}"
 msgid "Failed to disconnected source: {exc}"
 msgstr ""
 
+#: src/elements/table/Table.ts
+msgid "Failed to fetch objects."
+msgstr ""
+
 #: src/pages/users/UserActiveForm.ts
 msgid "Failed to update {0}: {1}"
 msgstr "Aktualisieren von {0} fehlgeschlagen: {1}"
@@ -2536,6 +2541,10 @@ msgstr "Kennung"
 msgid "If any of the devices user of the types selected above have been used within this duration, this stage will be skipped."
 msgstr ""
 
+#: src/pages/applications/ApplicationForm.ts
+msgid "If checked, the launch URL will open in a new browser tab or window from the user's application library."
+msgstr ""
+
 #: src/pages/stages/authenticator_sms/AuthenticatorSMSStageForm.ts
 msgid "If enabled, only a hash of the phone number will be saved. This can be done for data-protection reasons.Devices created from a stage with this enabled cannot be used with the authenticator validation stage."
 msgstr ""
@@ -2737,6 +2746,10 @@ msgstr "Ausstellermodus"
 msgid "JSON Web Key URL. Keys from the URL will be used to validate JWTs from this source."
 msgstr ""
 
+#: src/pages/providers/oauth2/OAuth2ProviderViewPage.ts
+msgid "JWKS URL"
+msgstr ""
+
 #~ msgid "JWT Algorithm"
 #~ msgstr "JWT Algorithmus"
 
@@ -3604,6 +3617,10 @@ msgstr "API-Browser öffnen"
 #~ msgid "Open application"
 #~ msgstr "Öffne Anwendung"
 
+#: src/pages/applications/ApplicationForm.ts
+msgid "Open in new tab"
+msgstr ""
+
 #: src/pages/events/EventInfo.ts
 msgid "Open issue on GitHub..."
 msgstr "Offenes Problem auf GitHub..."

web/src/locales/en.po

@@ -46,6 +46,7 @@ msgstr "(Format: hours=1;minutes=2;seconds=3)."
 #: src/pages/providers/oauth2/OAuth2ProviderViewPage.ts
 #: src/pages/providers/oauth2/OAuth2ProviderViewPage.ts
 #: src/pages/providers/oauth2/OAuth2ProviderViewPage.ts
+#: src/pages/providers/oauth2/OAuth2ProviderViewPage.ts
 #: src/pages/stages/invitation/InvitationListPage.ts
 #: src/pages/tokens/TokenListPage.ts
 #: src/pages/users/RelatedUserList.ts
@@ -2135,6 +2136,10 @@ msgstr "Failed to delete {0}: {1}"
 msgid "Failed to disconnected source: {exc}"
 msgstr "Failed to disconnected source: {exc}"
 
+#: src/elements/table/Table.ts
+msgid "Failed to fetch objects."
+msgstr "Failed to fetch objects."
+
 #: src/pages/users/UserActiveForm.ts
 msgid "Failed to update {0}: {1}"
 msgstr "Failed to update {0}: {1}"
@@ -2578,6 +2583,10 @@ msgstr "Identifier"
 msgid "If any of the devices user of the types selected above have been used within this duration, this stage will be skipped."
 msgstr "If any of the devices user of the types selected above have been used within this duration, this stage will be skipped."
 
+#: src/pages/applications/ApplicationForm.ts
+msgid "If checked, the launch URL will open in a new browser tab or window from the user's application library."
+msgstr "If checked, the launch URL will open in a new browser tab or window from the user's application library."
+
 #: src/pages/stages/authenticator_sms/AuthenticatorSMSStageForm.ts
 msgid "If enabled, only a hash of the phone number will be saved. This can be done for data-protection reasons.Devices created from a stage with this enabled cannot be used with the authenticator validation stage."
 msgstr "If enabled, only a hash of the phone number will be saved. This can be done for data-protection reasons.Devices created from a stage with this enabled cannot be used with the authenticator validation stage."
@@ -2786,6 +2795,10 @@ msgstr "Issuer mode"
 msgid "JSON Web Key URL. Keys from the URL will be used to validate JWTs from this source."
 msgstr "JSON Web Key URL. Keys from the URL will be used to validate JWTs from this source."
 
+#: src/pages/providers/oauth2/OAuth2ProviderViewPage.ts
+msgid "JWKS URL"
+msgstr "JWKS URL"
+
 #: src/pages/providers/oauth2/OAuth2ProviderForm.ts
 #~ msgid "JWT Algorithm"
 #~ msgstr "JWT Algorithm"
@@ -3663,6 +3676,10 @@ msgstr "Open API Browser"
 #~ msgid "Open application"
 #~ msgstr "Open application"
 
+#: src/pages/applications/ApplicationForm.ts
+msgid "Open in new tab"
+msgstr "Open in new tab"
+
 #: src/pages/events/EventInfo.ts
 msgid "Open issue on GitHub..."
 msgstr "Open issue on GitHub..."

web/src/locales/es.po

@@ -49,6 +49,7 @@ msgstr "(Formato: horas = 1; minutos = 2; segundos = 3)."
 #: src/pages/providers/oauth2/OAuth2ProviderViewPage.ts
 #: src/pages/providers/oauth2/OAuth2ProviderViewPage.ts
 #: src/pages/providers/oauth2/OAuth2ProviderViewPage.ts
+#: src/pages/providers/oauth2/OAuth2ProviderViewPage.ts
 #: src/pages/stages/invitation/InvitationListPage.ts
 #: src/pages/tokens/TokenListPage.ts
 #: src/pages/users/RelatedUserList.ts
@@ -2091,6 +2092,10 @@ msgstr "No se pudo eliminar {0}: {1}"
 msgid "Failed to disconnected source: {exc}"
 msgstr ""
 
+#: src/elements/table/Table.ts
+msgid "Failed to fetch objects."
+msgstr ""
+
 #: src/pages/users/UserActiveForm.ts
 msgid "Failed to update {0}: {1}"
 msgstr "No se pudo actualizar {0}: {1}"
@@ -2527,6 +2532,10 @@ msgstr "Identificador"
 msgid "If any of the devices user of the types selected above have been used within this duration, this stage will be skipped."
 msgstr ""
 
+#: src/pages/applications/ApplicationForm.ts
+msgid "If checked, the launch URL will open in a new browser tab or window from the user's application library."
+msgstr ""
+
 #: src/pages/stages/authenticator_sms/AuthenticatorSMSStageForm.ts
 msgid "If enabled, only a hash of the phone number will be saved. This can be done for data-protection reasons.Devices created from a stage with this enabled cannot be used with the authenticator validation stage."
 msgstr ""
@@ -2730,6 +2739,10 @@ msgstr "Modo emisor"
 msgid "JSON Web Key URL. Keys from the URL will be used to validate JWTs from this source."
 msgstr ""
 
+#: src/pages/providers/oauth2/OAuth2ProviderViewPage.ts
+msgid "JWKS URL"
+msgstr ""
+
 #~ msgid "JWT Algorithm"
 #~ msgstr "algoritmo JWT"
 
@@ -3597,6 +3610,10 @@ msgstr "Abrir navegador de API"
 #~ msgid "Open application"
 #~ msgstr "Solicitud abierta"
 
+#: src/pages/applications/ApplicationForm.ts
+msgid "Open in new tab"
+msgstr ""
+
 #: src/pages/events/EventInfo.ts
 msgid "Open issue on GitHub..."
 msgstr "Problema abierto en GitHub..."

web/src/locales/fr_FR.po

@@ -52,6 +52,7 @@ msgstr ""
 #: src/pages/providers/oauth2/OAuth2ProviderViewPage.ts
 #: src/pages/providers/oauth2/OAuth2ProviderViewPage.ts
 #: src/pages/providers/oauth2/OAuth2ProviderViewPage.ts
+#: src/pages/providers/oauth2/OAuth2ProviderViewPage.ts
 #: src/pages/stages/invitation/InvitationListPage.ts
 #: src/pages/tokens/TokenListPage.ts
 #: src/pages/users/RelatedUserList.ts
@@ -2116,6 +2117,10 @@ msgstr "Impossible de supprimer {0} : {1}"
 msgid "Failed to disconnected source: {exc}"
 msgstr ""
 
+#: src/elements/table/Table.ts
+msgid "Failed to fetch objects."
+msgstr ""
+
 #: src/pages/users/UserActiveForm.ts
 msgid "Failed to update {0}: {1}"
 msgstr "Impossible de mettre à jour {0} : {1}"
@@ -2556,6 +2561,10 @@ msgstr "Identifiant"
 msgid "If any of the devices user of the types selected above have been used within this duration, this stage will be skipped."
 msgstr ""
 
+#: src/pages/applications/ApplicationForm.ts
+msgid "If checked, the launch URL will open in a new browser tab or window from the user's application library."
+msgstr ""
+
 #: src/pages/stages/authenticator_sms/AuthenticatorSMSStageForm.ts
 msgid "If enabled, only a hash of the phone number will be saved. This can be done for data-protection reasons.Devices created from a stage with this enabled cannot be used with the authenticator validation stage."
 msgstr ""
@@ -2759,6 +2768,10 @@ msgstr "Mode de l'émetteur"
 msgid "JSON Web Key URL. Keys from the URL will be used to validate JWTs from this source."
 msgstr ""
 
+#: src/pages/providers/oauth2/OAuth2ProviderViewPage.ts
+msgid "JWKS URL"
+msgstr ""
+
 #: src/pages/providers/oauth2/OAuth2ProviderForm.ts
 #~ msgid "JWT Algorithm"
 #~ msgstr "Algorithme JWT"
@@ -3631,6 +3644,10 @@ msgstr ""
 #~ msgid "Open application"
 #~ msgstr "Ouvrir l'appication"
 
+#: src/pages/applications/ApplicationForm.ts
+msgid "Open in new tab"
+msgstr ""
+
 #: src/pages/events/EventInfo.ts
 msgid "Open issue on GitHub..."
 msgstr "Ouvrir un ticket sur GitHub..."

web/src/locales/pl.po

@@ -49,6 +49,7 @@ msgstr "(Format: hours=1;minutes=2;seconds=3)."
 #: src/pages/providers/oauth2/OAuth2ProviderViewPage.ts
 #: src/pages/providers/oauth2/OAuth2ProviderViewPage.ts
 #: src/pages/providers/oauth2/OAuth2ProviderViewPage.ts
+#: src/pages/providers/oauth2/OAuth2ProviderViewPage.ts
 #: src/pages/stages/invitation/InvitationListPage.ts
 #: src/pages/tokens/TokenListPage.ts
 #: src/pages/users/RelatedUserList.ts
@@ -2088,6 +2089,10 @@ msgstr "Nie udało się usunąć {0}: {1}"
 msgid "Failed to disconnected source: {exc}"
 msgstr ""
 
+#: src/elements/table/Table.ts
+msgid "Failed to fetch objects."
+msgstr ""
+
 #: src/pages/users/UserActiveForm.ts
 msgid "Failed to update {0}: {1}"
 msgstr "Nie udało się zaktualizować {0}: {1}"
@@ -2524,6 +2529,10 @@ msgstr "Identyfikator"
 msgid "If any of the devices user of the types selected above have been used within this duration, this stage will be skipped."
 msgstr ""
 
+#: src/pages/applications/ApplicationForm.ts
+msgid "If checked, the launch URL will open in a new browser tab or window from the user's application library."
+msgstr ""
+
 #: src/pages/stages/authenticator_sms/AuthenticatorSMSStageForm.ts
 msgid "If enabled, only a hash of the phone number will be saved. This can be done for data-protection reasons.Devices created from a stage with this enabled cannot be used with the authenticator validation stage."
 msgstr ""
@@ -2727,6 +2736,10 @@ msgstr "Tryb wystawcy"
 msgid "JSON Web Key URL. Keys from the URL will be used to validate JWTs from this source."
 msgstr ""
 
+#: src/pages/providers/oauth2/OAuth2ProviderViewPage.ts
+msgid "JWKS URL"
+msgstr ""
+
 #~ msgid "JWT Algorithm"
 #~ msgstr "Algorytm JWT"
 
@@ -3594,6 +3607,10 @@ msgstr "Otwórz przeglądarkę API"
 #~ msgid "Open application"
 #~ msgstr "Otwórz aplikację"
 
+#: src/pages/applications/ApplicationForm.ts
+msgid "Open in new tab"
+msgstr ""
+
 #: src/pages/events/EventInfo.ts
 msgid "Open issue on GitHub..."
 msgstr "Otwórz problem w serwisie GitHub..."

web/src/locales/pseudo-LOCALE.po

@@ -46,6 +46,7 @@ msgstr ""
 #: src/pages/providers/oauth2/OAuth2ProviderViewPage.ts
 #: src/pages/providers/oauth2/OAuth2ProviderViewPage.ts
 #: src/pages/providers/oauth2/OAuth2ProviderViewPage.ts
+#: src/pages/providers/oauth2/OAuth2ProviderViewPage.ts
 #: src/pages/stages/invitation/InvitationListPage.ts
 #: src/pages/tokens/TokenListPage.ts
 #: src/pages/users/RelatedUserList.ts
@@ -2121,6 +2122,10 @@ msgstr ""
 msgid "Failed to disconnected source: {exc}"
 msgstr ""
 
+#: src/elements/table/Table.ts
+msgid "Failed to fetch objects."
+msgstr ""
+
 #: src/pages/users/UserActiveForm.ts
 msgid "Failed to update {0}: {1}"
 msgstr ""
@@ -2564,6 +2569,10 @@ msgstr ""
 msgid "If any of the devices user of the types selected above have been used within this duration, this stage will be skipped."
 msgstr ""
 
+#: src/pages/applications/ApplicationForm.ts
+msgid "If checked, the launch URL will open in a new browser tab or window from the user's application library."
+msgstr ""
+
 #: src/pages/stages/authenticator_sms/AuthenticatorSMSStageForm.ts
 msgid "If enabled, only a hash of the phone number will be saved. This can be done for data-protection reasons.Devices created from a stage with this enabled cannot be used with the authenticator validation stage."
 msgstr ""
@@ -2768,6 +2777,10 @@ msgstr ""
 msgid "JSON Web Key URL. Keys from the URL will be used to validate JWTs from this source."
 msgstr ""
 
+#: src/pages/providers/oauth2/OAuth2ProviderViewPage.ts
+msgid "JWKS URL"
+msgstr ""
+
 #: src/pages/providers/oauth2/OAuth2ProviderForm.ts
 #~ msgid "JWT Algorithm"
 #~ msgstr ""
@@ -3645,6 +3658,10 @@ msgstr ""
 #~ msgid "Open application"
 #~ msgstr ""
 
+#: src/pages/applications/ApplicationForm.ts
+msgid "Open in new tab"
+msgstr ""
+
 #: src/pages/events/EventInfo.ts
 msgid "Open issue on GitHub..."
 msgstr ""

web/src/locales/tr.po

@@ -49,6 +49,7 @@ msgstr "(Biçim: saat=1; dakika=2; saniye= 3)."
 #: src/pages/providers/oauth2/OAuth2ProviderViewPage.ts
 #: src/pages/providers/oauth2/OAuth2ProviderViewPage.ts
 #: src/pages/providers/oauth2/OAuth2ProviderViewPage.ts
+#: src/pages/providers/oauth2/OAuth2ProviderViewPage.ts
 #: src/pages/stages/invitation/InvitationListPage.ts
 #: src/pages/tokens/TokenListPage.ts
 #: src/pages/users/RelatedUserList.ts
@@ -2091,6 +2092,10 @@ msgstr "{0} silinemedi: {1}"
 msgid "Failed to disconnected source: {exc}"
 msgstr ""
 
+#: src/elements/table/Table.ts
+msgid "Failed to fetch objects."
+msgstr ""
+
 #: src/pages/users/UserActiveForm.ts
 msgid "Failed to update {0}: {1}"
 msgstr "{0} güncellenemedi: {1}"
@@ -2527,6 +2532,10 @@ msgstr "Tanımlayıcı"
 msgid "If any of the devices user of the types selected above have been used within this duration, this stage will be skipped."
 msgstr ""
 
+#: src/pages/applications/ApplicationForm.ts
+msgid "If checked, the launch URL will open in a new browser tab or window from the user's application library."
+msgstr ""
+
 #: src/pages/stages/authenticator_sms/AuthenticatorSMSStageForm.ts
 msgid "If enabled, only a hash of the phone number will be saved. This can be done for data-protection reasons.Devices created from a stage with this enabled cannot be used with the authenticator validation stage."
 msgstr ""
@@ -2731,6 +2740,10 @@ msgstr "Yayımcı kipi"
 msgid "JSON Web Key URL. Keys from the URL will be used to validate JWTs from this source."
 msgstr ""
 
+#: src/pages/providers/oauth2/OAuth2ProviderViewPage.ts
+msgid "JWKS URL"
+msgstr ""
+
 #~ msgid "JWT Algorithm"
 #~ msgstr "JWT Algoritması"
 
@@ -3599,6 +3612,10 @@ msgstr "API Tarayıcısını aç"
 #~ msgid "Open application"
 #~ msgstr "Uygulamayı aç"
 
+#: src/pages/applications/ApplicationForm.ts
+msgid "Open in new tab"
+msgstr ""
+
 #: src/pages/events/EventInfo.ts
 msgid "Open issue on GitHub..."
 msgstr "GitHub'da açık sorun..."

web/src/locales/zh-Hant.po

@@ -51,6 +51,7 @@ msgstr "(格式： hours=1;minutes=2;seconds=3)."
 #: src/pages/providers/oauth2/OAuth2ProviderViewPage.ts
 #: src/pages/providers/oauth2/OAuth2ProviderViewPage.ts
 #: src/pages/providers/oauth2/OAuth2ProviderViewPage.ts
+#: src/pages/providers/oauth2/OAuth2ProviderViewPage.ts
 #: src/pages/stages/invitation/InvitationListPage.ts
 #: src/pages/tokens/TokenListPage.ts
 #: src/pages/users/RelatedUserList.ts
@@ -2082,6 +2083,10 @@ msgstr "无法删除 {0}: {1}"
 msgid "Failed to disconnected source: {exc}"
 msgstr ""
 
+#: src/elements/table/Table.ts
+msgid "Failed to fetch objects."
+msgstr ""
+
 #: src/pages/users/UserActiveForm.ts
 msgid "Failed to update {0}: {1}"
 msgstr "更新失败 {0}：{1}"
@@ -2516,6 +2521,10 @@ msgstr "标识符"
 msgid "If any of the devices user of the types selected above have been used within this duration, this stage will be skipped."
 msgstr ""
 
+#: src/pages/applications/ApplicationForm.ts
+msgid "If checked, the launch URL will open in a new browser tab or window from the user's application library."
+msgstr ""
+
 #: src/pages/stages/authenticator_sms/AuthenticatorSMSStageForm.ts
 msgid "If enabled, only a hash of the phone number will be saved. This can be done for data-protection reasons.Devices created from a stage with this enabled cannot be used with the authenticator validation stage."
 msgstr ""
@@ -2718,6 +2727,10 @@ msgstr "Issuer mode"
 msgid "JSON Web Key URL. Keys from the URL will be used to validate JWTs from this source."
 msgstr ""
 
+#: src/pages/providers/oauth2/OAuth2ProviderViewPage.ts
+msgid "JWKS URL"
+msgstr ""
+
 #~ msgid "JWT Algorithm"
 #~ msgstr "JWT 算法"
 
@@ -3580,6 +3593,10 @@ msgstr "打开 API 浏览器"
 #~ msgid "Open application"
 #~ msgstr "打开应用程序"
 
+#: src/pages/applications/ApplicationForm.ts
+msgid "Open in new tab"
+msgstr ""
+
 #: src/pages/events/EventInfo.ts
 msgid "Open issue on GitHub..."
 msgstr "在 GitHub 上打开问题..."

web/src/locales/zh_TW.po

@@ -51,6 +51,7 @@ msgstr "(格式： hours=1;minutes=2;seconds=3)."
 #: src/pages/providers/oauth2/OAuth2ProviderViewPage.ts
 #: src/pages/providers/oauth2/OAuth2ProviderViewPage.ts
 #: src/pages/providers/oauth2/OAuth2ProviderViewPage.ts
+#: src/pages/providers/oauth2/OAuth2ProviderViewPage.ts
 #: src/pages/stages/invitation/InvitationListPage.ts
 #: src/pages/tokens/TokenListPage.ts
 #: src/pages/users/RelatedUserList.ts
@@ -2082,6 +2083,10 @@ msgstr "无法删除 {0}: {1}"
 msgid "Failed to disconnected source: {exc}"
 msgstr ""
 
+#: src/elements/table/Table.ts
+msgid "Failed to fetch objects."
+msgstr ""
+
 #: src/pages/users/UserActiveForm.ts
 msgid "Failed to update {0}: {1}"
 msgstr "更新失败 {0}：{1}"
@@ -2516,6 +2521,10 @@ msgstr "标识符"
 msgid "If any of the devices user of the types selected above have been used within this duration, this stage will be skipped."
 msgstr ""
 
+#: src/pages/applications/ApplicationForm.ts
+msgid "If checked, the launch URL will open in a new browser tab or window from the user's application library."
+msgstr ""
+
 #: src/pages/stages/authenticator_sms/AuthenticatorSMSStageForm.ts
 msgid "If enabled, only a hash of the phone number will be saved. This can be done for data-protection reasons.Devices created from a stage with this enabled cannot be used with the authenticator validation stage."
 msgstr ""
@@ -2718,6 +2727,10 @@ msgstr "Issuer mode"
 msgid "JSON Web Key URL. Keys from the URL will be used to validate JWTs from this source."
 msgstr ""
 
+#: src/pages/providers/oauth2/OAuth2ProviderViewPage.ts
+msgid "JWKS URL"
+msgstr ""
+
 #~ msgid "JWT Algorithm"
 #~ msgstr "JWT 算法"
 
@@ -3580,6 +3593,10 @@ msgstr "打开 API 浏览器"
 #~ msgid "Open application"
 #~ msgstr "打开应用程序"
 
+#: src/pages/applications/ApplicationForm.ts
+msgid "Open in new tab"
+msgstr ""
+
 #: src/pages/events/EventInfo.ts
 msgid "Open issue on GitHub..."
 msgstr "在 GitHub 上打开问题..."

web/src/pages/applications/ApplicationForm.ts

@@ -187,6 +187,12 @@ export class ApplicationForm extends ModelForm<Application, string> {
                             ${t`If left empty, authentik will try to extract the launch URL based on the selected provider.`}
                         </p>
                     </ak-form-element-horizontal>
+                    <ak-form-element-horizontal label=${t`Open in new tab`} name="openInNewTab">
+                        <input type="checkbox" ?checked=${this.instance?.openInNewTab} />
+                        <p class="pf-c-form__helper-text">
+                            ${t`If checked, the launch URL will open in a new browser tab or window from the user's application library.`}
+                        </p>
+                    </ak-form-element-horizontal>
                     ${until(
                         config().then((c) => {
                             if (c.capabilities.includes(CapabilitiesEnum.SaveMedia)) {

web/src/pages/providers/oauth2/OAuth2ProviderViewPage.ts

@@ -256,6 +256,19 @@ export class OAuth2ProviderViewPage extends LitElement {
                                                 value="${this.providerUrls?.logout || t`-`}"
                                             />
                                         </div>
+                                        <div class="pf-c-form__group">
+                                            <label class="pf-c-form__label">
+                                                <span class="pf-c-form__label-text"
+                                                    >${t`JWKS URL`}</span
+                                                >
+                                            </label>
+                                            <input
+                                                class="pf-c-form-control"
+                                                readonly
+                                                type="text"
+                                                value="${this.providerUrls?.jwks || t`-`}"
+                                            />
+                                        </div>
                                     </form>
                                 </div>
                             </div>

web/src/user/LibraryApplication.ts

@@ -88,7 +88,12 @@ export class LibraryApplication extends LitElement {
             style="background: ${this.background} !important"
         >
             <div class="pf-c-card__header">
-                <a href="${ifDefined(this.application.launchUrl ?? "")}"> ${this.renderIcon()} </a>
+                <a
+                    href="${ifDefined(this.application.launchUrl ?? "")}"
+                    target="${ifDefined(this.application.openInNewTab ? "_blank" : undefined)}"
+                >
+                    ${this.renderIcon()}
+                </a>
                 ${until(
                     uiConfig().then((config) => {
                         if (!config.enabledFeatures.applicationEdit) {
@@ -110,7 +115,9 @@ export class LibraryApplication extends LitElement {
             </div>
             <div class="pf-c-card__title">
                 <p>
-                    <a href="${ifDefined(this.application.launchUrl ?? "")}"
+                    <a
+                        href="${ifDefined(this.application.launchUrl ?? "")}"
+                        target="${ifDefined(this.application.openInNewTab ? "_blank" : undefined)}"
                         >${this.application.name}</a
                     >
                 </p>

website/developer-docs/docs/writing-documentation.md

@@ -5,7 +5,23 @@ title: Writing documentation
 Writing documentation for authentik is a great way for both new and experienced users to improve and contribute to the project. Here are a few guidelines to ensure
 the documentation is easy to read and uses similar phrasing.
 
-# General guidelines
+## Setup
+
+Requirements:
+
+-   Node 16 (or greater)
+
+The documentation site is situated in the `/website` folder of the authentik GitHub repository.
+
+The site is built using npm, below are some useful make commands:
+
+-   Install: `make website-install` (Needed for any of the other tasks)
+-   Formatting: `make website-lint-fix` or `make website` (Run this before committing)
+-   Live editing: `make website-watch` (For real time viewing of changes)
+
+Be sure to run the formatter before committing changes.
+
+## General guidelines
 
 -   authentik should always be stylized as `authentik` (with a lower-case a and ending with a k)
 -   Documentation should use American english

website/developer-docs/setup/full-dev-environment.md

@@ -2,21 +2,21 @@
 title: Full development environment
 ---
 
-## Backend
-
-To create a local development setup for authentik, you need the following:
-
-### Requirements
+## Requirements
 
 -   Python 3.10
 -   poetry, which is used to manage dependencies, and can be installed with `pip install poetry`
 -   Go 1.18
 -   PostgreSQL (any recent version will do)
 -   Redis (any recent version will do)
+-   Node 16 (or later)
 
-For PostgreSQL and Redis, you can use the docker-compose file in `scripts/`. You can also use a native install, if you prefer.
+## Services Setup
 
-### Setup
+For PostgreSQL and Redis, you can use the docker-compose file in `scripts/`.  
+You can also use a native install, if you prefer.
+
+## Backend Setup
 
 ```shell
 poetry shell # Creates a python virtualenv, and activates it in a new shell
@@ -36,8 +36,6 @@ secret_key: "A long key you can generate with `pwgen 40 1` for example"
 
 To apply database migrations, run `make migrate`. This is needed after the initial setup, and whenever you fetch new source from upstream.
 
-Afterwards, you can start authentik by running `make run`. authentik is now accessible under `localhost:9000`.
-
 Generally speaking, authentik is a Django application, ran by gunicorn, proxied by a Go application. The Go application serves static files.
 
 Most functions and classes have type-hints and docstrings, so it is recommended to install a Python Type-checking Extension in your IDE to navigate around the code.
@@ -46,18 +44,17 @@ Before committing code, run `make lint` to ensure your code is formatted well. T
 
 Run `make gen` to generate an updated OpenAPI document for any changes you made.
 
-## Frontend
+## Frontend Setup
 
-By default, no compiled bundle of the frontend is included. To build the UI, you need Node 14 or newer.
+By default, no compiled bundle of the frontend is included so this step is required even if you're not developing for the UI.
 
-To build the UI, run these commands:
+To build the UI once, run `web-build`.
 
-```
-cd web/
-npm i
-npm run build
-```
+Alternatively, if you want to live-edit the UI, you can run `make web-watch` instead.  
+This will immediately update the UI with any changes you make so you can see the results in real time without needing to rebuild.
 
-If you want to make changes to the UI, run `npm run watch` instead.
+To format the frontend code, run `make web`.
 
-To ensure the code is formatted well, run `npx eslint . --fix` and `npm run lit-analyse`.
+## Running
+
+Now that the backend and frontend have been setup and built, you can start authentik by running `make run`. authentik should now be accessible at `http://localhost:9000`.

website/docs/providers/oauth2/index.md

@@ -11,7 +11,7 @@ Scopes can be configured using Scope Mappings, a type of [Property Mappings](../
 | Authorization        | `/application/o/authorize/`                                          |
 | Token                | `/application/o/token/`                                              |
 | User Info            | `/application/o/userinfo/`                                           |
-| End Session          | `/application/o/end-session/`                                        |
+| End Session          | `/application/o/<application slug>/end-session/`                     |
 | JWKS                 | `/application/o/<application slug>/jwks/`                            |
 | OpenID Configuration | `/application/o/<application slug>/.well-known/openid-configuration` |
 

website/docs/releases/v2022.6.md

@@ -45,6 +45,20 @@ slug: "2022.6"
 -   web/user: fix static prompt fields being rendered with label
 -   web/user: improve ux for restarting user settings flow
 
+## Fixed in 2022.6.2
+
+-   \*: make user logging more consistent
+-   core: add additional filters to source viewset
+-   core: add setting to open application launch URL in a new browser tab (#3037)
+-   core: add slug to built-in source
+-   events: fix error when attempting to create event with GeoIP City in context
+-   providers/ldap: fix existing binder not being carried forward correctly
+-   providers/oauth2: add JWKS URL to OAuth2ProviderSetupURLs
+-   providers/proxy: use same redirect-save code for all modes
+-   sources/oauth: fix twitter client missing basic auth
+-   stages/authenticator_validate: fix error in passwordless webauthn
+-   web/elements: add error handler when table fails to fetch objects
+
 ## Upgrading
 
 This release does not introduce any new requirements.

website/sidebars.js

@@ -165,9 +165,9 @@ module.exports = {
             type: "category",
             label: "Release Notes",
             items: [
+                "releases/v2022.6",
                 "releases/v2022.5",
                 "releases/v2022.4",
-                "releases/v2022.3",
                 {
                     type: "category",
                     label: "Previous versions",