import "@goauthentik/admin/applications/wizard/ak-wizard-title"; import { makeSourceSelector, oauth2SourcesProvider, } from "@goauthentik/admin/providers/oauth2/OAuth2Sources.js"; import { makeProxyPropertyMappingsSelector, proxyPropertyMappingsProvider, } from "@goauthentik/admin/providers/proxy/ProxyProviderPropertyMappings.js"; import { DEFAULT_CONFIG } from "@goauthentik/common/api/config"; import { first } from "@goauthentik/common/utils"; import "@goauthentik/components/ak-switch-input"; import "@goauthentik/components/ak-text-input"; import "@goauthentik/components/ak-textarea-input"; import "@goauthentik/components/ak-toggle-group"; import "@goauthentik/elements/ak-dual-select/ak-dual-select-dynamic-selected-provider.js"; import "@goauthentik/elements/forms/HorizontalFormElement"; import { msg } from "@lit/localize"; import { state } from "@lit/reactive-element/decorators.js"; import { TemplateResult, html, nothing } from "lit"; import { ifDefined } from "lit/directives/if-defined.js"; import { FlowsInstancesListDesignationEnum, PaginatedOAuthSourceList, PaginatedScopeMappingList, ProxyMode, ProxyProvider, SourcesApi, } from "@goauthentik/api"; import BaseProviderPanel from "../BaseProviderPanel"; type MaybeTemplateResult = TemplateResult | typeof nothing; export class AkTypeProxyApplicationWizardPage extends BaseProviderPanel { constructor() { super(); new SourcesApi(DEFAULT_CONFIG) .sourcesOauthList({ ordering: "name", hasJwks: true, }) .then((oauthSources: PaginatedOAuthSourceList) => { this.oauthSources = oauthSources; }); } propertyMappings?: PaginatedScopeMappingList; oauthSources?: PaginatedOAuthSourceList; @state() showHttpBasic = true; @state() mode: ProxyMode = ProxyMode.Proxy; get instance(): ProxyProvider | undefined { return this.wizard.provider as ProxyProvider; } renderModeDescription(): MaybeTemplateResult { return nothing; } renderProxyMode(): TemplateResult { throw new Error("Must be implemented in a child class."); } renderHttpBasic() { return html` `; } render() { const errors = this.wizard.errors.provider; return html` ${msg("Configure Proxy Provider")}

${this.renderModeDescription()}

${msg( "Flow used when a user access this provider and is not authenticated.", )}

${msg("Flow used when authorizing this provider.")}

${this.renderProxyMode()}

${msg("Advanced protocol settings")}

${msg("Additional scope mappings, which are passed to the proxy.")}

${msg( "Regular expressions for which authentication is not required. Each new line is interpreted as a new expression.", )}

${msg( "When using proxy or forward auth (single application) mode, the requested URL Path is checked against the regular expressions. When using forward auth (domain mode), the full requested URL including scheme and host is matched against the regular expressions.", )}

`} >

${msg("Authentication settings")}

{ const el = ev.target as HTMLInputElement; this.showHttpBasic = el.checked; }} label=${msg("Send HTTP-Basic Authentication")} help=${msg( "Send a custom HTTP-Basic Authentication header based on values from authentik.", )} > ${this.showHttpBasic ? this.renderHttpBasic() : html``}

${msg( "JWTs signed by certificates configured in the selected sources can be used to authenticate to this provider.", )}

`; } } export default AkTypeProxyApplicationWizardPage;