import { CryptoApi, FlowDesignationEnum, FlowsApi, OAuth2Provider, OAuth2ProviderClientTypeEnum, OAuth2ProviderIssuerModeEnum, OAuth2ProviderJwtAlgEnum, OAuth2ProviderSubModeEnum, PropertymappingsApi, ProvidersApi } from "authentik-api"; import { t } from "@lingui/macro"; import { customElement, property } from "lit-element"; import { html, TemplateResult } from "lit-html"; import { DEFAULT_CONFIG } from "../../../api/Config"; import { ModelForm } from "../../../elements/forms/ModelForm"; import { until } from "lit-html/directives/until"; import { ifDefined } from "lit-html/directives/if-defined"; import "../../../elements/forms/HorizontalFormElement"; import "../../../elements/forms/FormGroup"; import { first, randomString } from "../../../utils"; @customElement("ak-provider-oauth2-form") export class OAuth2ProviderFormPage extends ModelForm { loadInstance(pk: number): Promise { return new ProvidersApi(DEFAULT_CONFIG).providersOauth2Read({ id: pk, }).then(provider => { this.showClientSecret = provider.clientType === OAuth2ProviderClientTypeEnum.Confidential; return provider; }); } @property({type: Boolean}) showClientSecret = true; getSuccessMessage(): string { if (this.instance) { return t`Successfully updated provider.`; } else { return t`Successfully created provider.`; } } send = (data: OAuth2Provider): Promise => { if (this.instance) { return new ProvidersApi(DEFAULT_CONFIG).providersOauth2Update({ id: this.instance.pk || 0, data: data }); } else { return new ProvidersApi(DEFAULT_CONFIG).providersOauth2Create({ data: data }); } }; renderForm(): TemplateResult { return html`

${t`Flow used when authorizing this provider.`}

 ${t`Protocol settings`}

${t`Confidential clients are capable of maintaining the confidentiality of their credentials. Public clients are incapable.`}

${t`Valid redirect URLs after a successful authorization flow. Also specify any origins here for Implicit flows.`}

${t`Advanced protocol settings`}

${t`Configure how long access codes are valid for.`}

${t`(Format: hours=-1;minutes=-2;seconds=-3).`}

${t`Configure how long refresh tokens and their id_tokens are valid for.`}

${t`(Format: hours=-1;minutes=-2;seconds=-3).`}

${t`Algorithm used to sign the JWT Tokens.`}

${t`Select which scopes can be used by the client. The client stil has to specify the scope to access the data.`}

${t`Hold control/command to select multiple items.`}

${t`Key used to sign the tokens. Only required when JWT Algorithm is set to RS256.`}

${t`Configure what data should be used as unique User Identifier. For most cases, the default should be fine.`}

${t`Include User claims from scopes in the id_token, for applications that don't access the userinfo endpoint.`}

${t`Configure how the issuer field of the ID Token should be filled.`}

`; } }