From 0d1abb6d759907c6f31e6bc8fd8814c256bc1aec Mon Sep 17 00:00:00 2001 From: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com> Date: Tue, 2 Jun 2026 18:42:14 +0200 Subject: [PATCH 01/65] ci: explicitly exit Node lint scripts to fix CI hang (#22794) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The three Node scripts that run under `setup-node` (lint-lockfile, lint-runtime, setup-corepack) finish their main work but the Node process does not exit — the event loop is kept alive by an outstanding handle from one of the upstream libraries. In CI this causes the step to hang indefinitely until the runner timeout fires. Add an explicit `process.exit(0)` after the success path in each script. setup-corepack is restructured so `main()` returns the `$`corepack …`` promise and the success log moves into `.then()` before the exit, keeping ordering deterministic. Co-authored-by: Agent (authentik-m-split-pr-committed-every-mikado) <279763771+playpen-agent@users.noreply.github.com> --- scripts/node/lint-lockfile.mjs | 2 ++ scripts/node/lint-runtime.mjs | 1 + scripts/node/setup-corepack.mjs | 11 +++++++---- 3 files changed, 10 insertions(+), 4 deletions(-) diff --git a/scripts/node/lint-lockfile.mjs b/scripts/node/lint-lockfile.mjs index 1b48f86e12..4e8046f029 100755 --- a/scripts/node/lint-lockfile.mjs +++ b/scripts/node/lint-lockfile.mjs @@ -274,5 +274,7 @@ run() } else { logger.info("✅ Lockfile is in sync."); } + + process.exit(0); }) .catch((error) => reportAndExit(error, logger)); diff --git a/scripts/node/lint-runtime.mjs b/scripts/node/lint-runtime.mjs index 718194dd04..05f3ce3a1b 100755 --- a/scripts/node/lint-runtime.mjs +++ b/scripts/node/lint-runtime.mjs @@ -110,5 +110,6 @@ async function main() { main() .then(() => { logger.info("✅ Node.js and npm versions are in sync."); + process.exit(0); }) .catch((error) => reportAndExit(error, logger)); diff --git a/scripts/node/setup-corepack.mjs b/scripts/node/setup-corepack.mjs index 64da33852a..5dd828ebd0 100755 --- a/scripts/node/setup-corepack.mjs +++ b/scripts/node/setup-corepack.mjs @@ -102,9 +102,12 @@ async function main() { subcommand = "use"; } - await $`corepack ${subcommand} ${packageManager}`({ cwd }); - - logger.info("Corepack installed npm successfully"); + return $`corepack ${subcommand} ${packageManager}`({ cwd }); } -main().catch((error) => reportAndExit(error, logger)); +main() + .then(() => { + logger.info("Corepack setup completed successfully"); + process.exit(0); + }) + .catch((error) => reportAndExit(error, logger)); From de9d4ab810f5077bc9fd1f4c03bb3390384fec69 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 2 Jun 2026 19:07:08 +0200 Subject: [PATCH 02/65] core: bump goauthentik/fips-python from `33d1ed9` to `7a06339` in /lifecycle/container (#22676) core: bump goauthentik/fips-python in /lifecycle/container Bumps goauthentik/fips-python from `33d1ed9` to `7a06339`. --- updated-dependencies: - dependency-name: goauthentik/fips-python dependency-version: 3.14.5-slim-trixie-fips dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- lifecycle/container/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lifecycle/container/Dockerfile b/lifecycle/container/Dockerfile index ea037a9d57..52b57bbddc 100644 --- a/lifecycle/container/Dockerfile +++ b/lifecycle/container/Dockerfile @@ -118,7 +118,7 @@ RUN cat /root/.rustup/settings.toml # Stage: Download uv FROM ghcr.io/astral-sh/uv:0.11.17@sha256:03bdc89bb9798628846e60c3a9ad19006c8c3c724ccd2985a33145c039a0577b AS uv # Stage: Base python image -FROM ghcr.io/goauthentik/fips-python:3.14.5-slim-trixie-fips@sha256:33d1ed94f2766b893018c038482873aca6e678fb0d4bc053483a4008c574e3c2 AS python-base +FROM ghcr.io/goauthentik/fips-python:3.14.5-slim-trixie-fips@sha256:7a0633910cf4aba773a8b7e7ff3fda90c972e3c992894de86c771249e03398ba AS python-base ENV VENV_PATH="/ak-root/.venv" \ PATH="/lifecycle:/ak-root/.venv/bin:$PATH" \ From bd1901f4ca46c93bbd1e7fa994e0170da2f7c89b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 2 Jun 2026 19:07:38 +0200 Subject: [PATCH 03/65] core: bump axllent/mailpit from v1.30.0 to v1.30.1 in /tests/e2e (#22747) Bumps axllent/mailpit from v1.30.0 to v1.30.1. --- updated-dependencies: - dependency-name: axllent/mailpit dependency-version: v1.30.1 dependency-type: direct:production ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- tests/e2e/compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/e2e/compose.yml b/tests/e2e/compose.yml index a96dd72f75..66b557be73 100644 --- a/tests/e2e/compose.yml +++ b/tests/e2e/compose.yml @@ -13,7 +13,7 @@ services: environment: VIDEO_READY_PORT: 9912 mailpit: - image: docker.io/axllent/mailpit:v1.30.0 + image: docker.io/axllent/mailpit:v1.30.1 ports: - 1025:1025 - 8025:8025 From f47fc31b62f14907be45f0923191383ad198181d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 2 Jun 2026 19:18:43 +0200 Subject: [PATCH 04/65] core: bump openapitools/openapi-generator-cli from v7.20.0 to v7.22.0 in /packages/client-go (#22573) core: bump openapitools/openapi-generator-cli in /packages/client-go Bumps openapitools/openapi-generator-cli from v7.20.0 to v7.22.0. --- updated-dependencies: - dependency-name: openapitools/openapi-generator-cli dependency-version: v7.22.0 dependency-type: direct:production ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- packages/client-go/compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/client-go/compose.yml b/packages/client-go/compose.yml index c155090cd5..190c88b610 100644 --- a/packages/client-go/compose.yml +++ b/packages/client-go/compose.yml @@ -1,7 +1,7 @@ --- services: gen: - image: docker.io/openapitools/openapi-generator-cli:v7.20.0 + image: docker.io/openapitools/openapi-generator-cli:v7.22.0 restart: never network_mode: none volumes: From 2e271785abeceb77280b67e96b5fafeef0e8a0f6 Mon Sep 17 00:00:00 2001 From: "Jens L." Date: Tue, 2 Jun 2026 19:51:53 +0200 Subject: [PATCH 05/65] ci: update ubuntu version of ARM runners (#22798) --- .github/workflows/_reusable-docker-build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/_reusable-docker-build.yml b/.github/workflows/_reusable-docker-build.yml index 31be449956..f95c684289 100644 --- a/.github/workflows/_reusable-docker-build.yml +++ b/.github/workflows/_reusable-docker-build.yml @@ -36,7 +36,7 @@ jobs: with: image_name: ${{ inputs.image_name }} image_arch: arm64 - runs-on: ubuntu-22.04-arm + runs-on: ubuntu-24.04-arm registry_dockerhub: ${{ inputs.registry_dockerhub }} registry_ghcr: ${{ inputs.registry_ghcr }} release: ${{ inputs.release }} From b584ef5134870e996246120103a8f4f8da3fea31 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 2 Jun 2026 19:53:51 +0200 Subject: [PATCH 06/65] web: bump knip from 6.12.0 to 6.14.1 in /web (#22657) Bumps [knip](https://github.com/webpro-nl/knip/tree/HEAD/packages/knip) from 6.12.0 to 6.14.1. - [Release notes](https://github.com/webpro-nl/knip/releases) - [Commits](https://github.com/webpro-nl/knip/commits/knip@6.14.1/packages/knip) --- updated-dependencies: - dependency-name: knip dependency-version: 6.14.1 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- web/package-lock.json | 218 +++++++++++++++++++++++------------------- web/package.json | 2 +- 2 files changed, 122 insertions(+), 98 deletions(-) diff --git a/web/package-lock.json b/web/package-lock.json index f1f9ec7025..0782dafca0 100644 --- a/web/package-lock.json +++ b/web/package-lock.json @@ -80,7 +80,7 @@ "globals": "^17.6.0", "guacamole-common-js": "^1.5.0", "hastscript": "^9.0.1", - "knip": "^6.12.0", + "knip": "^6.14.1", "lex": "^2025.11.0", "lit": "^3.3.3", "lit-analyzer": "^2.0.3", @@ -2445,9 +2445,9 @@ } }, "node_modules/@oxc-parser/binding-android-arm-eabi": { - "version": "0.128.0", - "resolved": "https://registry.npmjs.org/@oxc-parser/binding-android-arm-eabi/-/binding-android-arm-eabi-0.128.0.tgz", - "integrity": "sha512-aca6ZvzmCBUGOANQRiRQRZuRKYI3ENhcit6GisnknOOmcezfQc7xJ4dxlPU7MV7mOvrC7RNR1u3LAD7xyaiCxA==", + "version": "0.130.0", + "resolved": "https://registry.npmjs.org/@oxc-parser/binding-android-arm-eabi/-/binding-android-arm-eabi-0.130.0.tgz", + "integrity": "sha512-h/xYU8/7ADWzVSf5I+YalLpj33LOy9CI/zgbJNIZ5eunRBG+Czqa3lZsvuPHHf3rOt6z1c5+UzoxjbAzAvhwVw==", "cpu": [ "arm" ], @@ -2461,9 +2461,9 @@ } }, "node_modules/@oxc-parser/binding-android-arm64": { - "version": "0.128.0", - "resolved": "https://registry.npmjs.org/@oxc-parser/binding-android-arm64/-/binding-android-arm64-0.128.0.tgz", - "integrity": "sha512-BbeDmuohoJ7Rz/it5wnkj69i/OsCPS3Z51nLEzwO/Y6YshtC4JU+15oNwhY8v4LRKRYclRc7ggOikwrsJ/eOEQ==", + "version": "0.130.0", + "resolved": "https://registry.npmjs.org/@oxc-parser/binding-android-arm64/-/binding-android-arm64-0.130.0.tgz", + "integrity": "sha512-oFWFJrsGv9siFM4HjMqKNB7IuIZD/SMmZdCXl8xyx7lDplGvPKyewpOo272rSWgMXe2Wx7bWI0Yj+gkHv4qbeg==", "cpu": [ "arm64" ], @@ -2477,9 +2477,9 @@ } }, "node_modules/@oxc-parser/binding-darwin-arm64": { - "version": "0.128.0", - "resolved": "https://registry.npmjs.org/@oxc-parser/binding-darwin-arm64/-/binding-darwin-arm64-0.128.0.tgz", - "integrity": "sha512-tRUHPt80417QmvNpoSslJT1VY8NUbWdrWR+L14Zn+RbOTcaqB8E6PYE/ZGN8jjWBzqporiA/H4MfO50ew/NCNA==", + "version": "0.130.0", + "resolved": "https://registry.npmjs.org/@oxc-parser/binding-darwin-arm64/-/binding-darwin-arm64-0.130.0.tgz", + "integrity": "sha512-sGUzupdTplK9jQg7eJZ878HfEgQjJNBc6dAYVWJ9W5aU+J8rLfRJhTVsKThiu1pNwm6Y1qKCcbC6WhNWSXR3Ig==", "cpu": [ "arm64" ], @@ -2493,9 +2493,9 @@ } }, "node_modules/@oxc-parser/binding-darwin-x64": { - "version": "0.128.0", - "resolved": "https://registry.npmjs.org/@oxc-parser/binding-darwin-x64/-/binding-darwin-x64-0.128.0.tgz", - "integrity": "sha512-rWI2Hb1Nt3U/vKsjyNvZzDC8i/l144U20DKjhzaTmwIhIiSRGeroPWWiImwypmKLqrw8GuIixbWJkpGWLbkzrQ==", + "version": "0.130.0", + "resolved": "https://registry.npmjs.org/@oxc-parser/binding-darwin-x64/-/binding-darwin-x64-0.130.0.tgz", + "integrity": "sha512-PsB4cdCISbC00Uy8eiD8bc2AkGWjZqrSrJnkBFuG2ptrrf6mZ2F5gLFSjOAVMMgZPg8B1D7OydJwLWSfyI2Plg==", "cpu": [ "x64" ], @@ -2509,9 +2509,9 @@ } }, "node_modules/@oxc-parser/binding-freebsd-x64": { - "version": "0.128.0", - "resolved": "https://registry.npmjs.org/@oxc-parser/binding-freebsd-x64/-/binding-freebsd-x64-0.128.0.tgz", - "integrity": "sha512-hhpdVMaNCLgQxjgNPeeFzSeJMmZPc5lKfv0NGSI3egZq9EdnEGqeC8JsYsQjK7PoQgbvZ17xlj0SO5ziH5Obkg==", + "version": "0.130.0", + "resolved": "https://registry.npmjs.org/@oxc-parser/binding-freebsd-x64/-/binding-freebsd-x64-0.130.0.tgz", + "integrity": "sha512-DgABp3l38hS77JbXCV4qk1+n6DPym5u8zzwuweokezm2tX194nDSJDENbDRECxVsiNbprKATLbk+Z5wlHT0OHw==", "cpu": [ "x64" ], @@ -2525,9 +2525,9 @@ } }, "node_modules/@oxc-parser/binding-linux-arm-gnueabihf": { - "version": "0.128.0", - "resolved": "https://registry.npmjs.org/@oxc-parser/binding-linux-arm-gnueabihf/-/binding-linux-arm-gnueabihf-0.128.0.tgz", - "integrity": "sha512-093zNw0zZ/e/obML+rhlSdmnzR0mVZluPcAkxunEc5E3F0yBVsFn24Y1ILfsEte11Ud041qn/gp2OJ1jxNqUng==", + "version": "0.130.0", + "resolved": "https://registry.npmjs.org/@oxc-parser/binding-linux-arm-gnueabihf/-/binding-linux-arm-gnueabihf-0.130.0.tgz", + "integrity": "sha512-4Kn3CTEmwFrzhTSC/JuUW16qovmaMdX7jeSKbL8w0pLtLww7To1a2XJi9Z5uD8QWUkfUHhqfV+VD6dVzBnWzoA==", "cpu": [ "arm" ], @@ -2541,9 +2541,9 @@ } }, "node_modules/@oxc-parser/binding-linux-arm-musleabihf": { - "version": "0.128.0", - "resolved": "https://registry.npmjs.org/@oxc-parser/binding-linux-arm-musleabihf/-/binding-linux-arm-musleabihf-0.128.0.tgz", - "integrity": "sha512-fq7DmKmfC+dvD97IXrgbph6Jzwe0EDu+PYMofmzZ6fv5X1k9vtaqLpDGMuICO9MmUnyKAQmVl+wIv2RNy4Dz8g==", + "version": "0.130.0", + "resolved": "https://registry.npmjs.org/@oxc-parser/binding-linux-arm-musleabihf/-/binding-linux-arm-musleabihf-0.130.0.tgz", + "integrity": "sha512-D35KZM3F4rRu1uAFKyBlg3Gaf/ybCjyaPR1hfgvk5ex8NtcTmRgc0JgSighEyNg96TPrFhemFba68SZuxaha8w==", "cpu": [ "arm" ], @@ -2557,12 +2557,15 @@ } }, "node_modules/@oxc-parser/binding-linux-arm64-gnu": { - "version": "0.128.0", - "resolved": "https://registry.npmjs.org/@oxc-parser/binding-linux-arm64-gnu/-/binding-linux-arm64-gnu-0.128.0.tgz", - "integrity": "sha512-Xvm48jJah8TlIrURIjNOP/gNiGe6aKvCB+r06VliflFo8Kq7VOLE8PxtgShJzZIqubrgdMdYfvuPPozn7F6MbQ==", + "version": "0.130.0", + "resolved": "https://registry.npmjs.org/@oxc-parser/binding-linux-arm64-gnu/-/binding-linux-arm64-gnu-0.130.0.tgz", + "integrity": "sha512-Q9o7oVlo955KHwS8l1u0bCzIx+JsZUA3XToLXC+MsMhye/9LeBQbt84nh120cl2XLy+TEzvugYDiHShg5yaX6Q==", "cpu": [ "arm64" ], + "libc": [ + "glibc" + ], "license": "MIT", "optional": true, "os": [ @@ -2573,12 +2576,15 @@ } }, "node_modules/@oxc-parser/binding-linux-arm64-musl": { - "version": "0.128.0", - "resolved": "https://registry.npmjs.org/@oxc-parser/binding-linux-arm64-musl/-/binding-linux-arm64-musl-0.128.0.tgz", - "integrity": "sha512-M7iwBGmYJTx+pKOYFjI0buop4gJvlmcVzFGaXPt21DKpQkbQZG1f63Yg7LloIYT/t9yLxCw0Lhfx/RFlAlMSjA==", + "version": "0.130.0", + "resolved": "https://registry.npmjs.org/@oxc-parser/binding-linux-arm64-musl/-/binding-linux-arm64-musl-0.130.0.tgz", + "integrity": "sha512-EiJ/gC0ljbcwVpycC8YWw6ggMbtsPX8XMOt0mPx0aqWeMsNR+L9m05Flbvd5T+GlivG+GkSWQL7tM9SRFpM/dw==", "cpu": [ "arm64" ], + "libc": [ + "musl" + ], "license": "MIT", "optional": true, "os": [ @@ -2589,12 +2595,15 @@ } }, "node_modules/@oxc-parser/binding-linux-ppc64-gnu": { - "version": "0.128.0", - "resolved": "https://registry.npmjs.org/@oxc-parser/binding-linux-ppc64-gnu/-/binding-linux-ppc64-gnu-0.128.0.tgz", - "integrity": "sha512-21LGNIZb1Pcfk5/EGsqabrxv4yqQOWis1407JJrClS7XpFCrbvr74YAB1V+m54cYbwvO6UWwQqS4WecxiyfCRg==", + "version": "0.130.0", + "resolved": "https://registry.npmjs.org/@oxc-parser/binding-linux-ppc64-gnu/-/binding-linux-ppc64-gnu-0.130.0.tgz", + "integrity": "sha512-b+h/lsLLurp756dMGizNs5uPaJfyEdWrTcV5t8M609jWm1DEHB1StpRXCkyvwtkJx3m+qL5BNQ0dEKan/4yGFA==", "cpu": [ "ppc64" ], + "libc": [ + "glibc" + ], "license": "MIT", "optional": true, "os": [ @@ -2605,12 +2614,15 @@ } }, "node_modules/@oxc-parser/binding-linux-riscv64-gnu": { - "version": "0.128.0", - "resolved": "https://registry.npmjs.org/@oxc-parser/binding-linux-riscv64-gnu/-/binding-linux-riscv64-gnu-0.128.0.tgz", - "integrity": "sha512-gyHjOTFpg9bTTYjxPmQirvufb89+VdZwVfcMtAUyPr6F5H8ZswvCQshK4qOW+Q+2Xyb33hduRgY/eFHJQjU/vQ==", + "version": "0.130.0", + "resolved": "https://registry.npmjs.org/@oxc-parser/binding-linux-riscv64-gnu/-/binding-linux-riscv64-gnu-0.130.0.tgz", + "integrity": "sha512-O19Cil83XAyjEFfo8WhkMwY58ALqZ7ckjGL+25mjMIuF84urWBeANH0FC8B8BsSSygWU3/1aY3ADdDbp+wlBnw==", "cpu": [ "riscv64" ], + "libc": [ + "glibc" + ], "license": "MIT", "optional": true, "os": [ @@ -2621,12 +2633,15 @@ } }, "node_modules/@oxc-parser/binding-linux-riscv64-musl": { - "version": "0.128.0", - "resolved": "https://registry.npmjs.org/@oxc-parser/binding-linux-riscv64-musl/-/binding-linux-riscv64-musl-0.128.0.tgz", - "integrity": "sha512-X6Q2oKUrP5GyDd2xniuEBLk6aFQCZ97W2+aVXGgJXdjx5t4/oFuA9ri0wLOUrBIX+qdSuK581snMBio4z910eA==", + "version": "0.130.0", + "resolved": "https://registry.npmjs.org/@oxc-parser/binding-linux-riscv64-musl/-/binding-linux-riscv64-musl-0.130.0.tgz", + "integrity": "sha512-BgXRVC0+83n3YzCscLQjj6nbyeBIVeZYPTI4fFMAE4WNm2+4RXhWp03IVizL7esIz36kgmT48aebk1iM+cs8sw==", "cpu": [ "riscv64" ], + "libc": [ + "musl" + ], "license": "MIT", "optional": true, "os": [ @@ -2637,12 +2652,15 @@ } }, "node_modules/@oxc-parser/binding-linux-s390x-gnu": { - "version": "0.128.0", - "resolved": "https://registry.npmjs.org/@oxc-parser/binding-linux-s390x-gnu/-/binding-linux-s390x-gnu-0.128.0.tgz", - "integrity": "sha512-BdzTmqxfxoYkpgokoLaSnOX6T+R3/goL42klre2tnG+kHbG2TXS0VN+P5BPofH1axdKOHy5ei4ENZrjmCOt2lA==", + "version": "0.130.0", + "resolved": "https://registry.npmjs.org/@oxc-parser/binding-linux-s390x-gnu/-/binding-linux-s390x-gnu-0.130.0.tgz", + "integrity": "sha512-6tJz0xvnGhsokE7N1WlUSBXibpYmT9xSJFS1Ce41Km/+8gQvdlW8MLhRv8PD0L7ix8vRG0FDDepp3jdOFzdVdw==", "cpu": [ "s390x" ], + "libc": [ + "glibc" + ], "license": "MIT", "optional": true, "os": [ @@ -2653,12 +2671,15 @@ } }, "node_modules/@oxc-parser/binding-linux-x64-gnu": { - "version": "0.128.0", - "resolved": "https://registry.npmjs.org/@oxc-parser/binding-linux-x64-gnu/-/binding-linux-x64-gnu-0.128.0.tgz", - "integrity": "sha512-OO1nW2Q7sSYYvJZpDHdvyFSdRaVcQqRijZSSmWVMqFxPYy8cEF45zJ9fcdIYuzIT3jYq6YRhEFm/VMWNWhE22Q==", + "version": "0.130.0", + "resolved": "https://registry.npmjs.org/@oxc-parser/binding-linux-x64-gnu/-/binding-linux-x64-gnu-0.130.0.tgz", + "integrity": "sha512-9aCWj83dp3heTQGmGnZGdIWgxjZrr/7VQ0TGFHH5PKByxJKF2Hcr4qvaSUHhhGEa3MSsDjTL1YDP8RAgdL5/Cg==", "cpu": [ "x64" ], + "libc": [ + "glibc" + ], "license": "MIT", "optional": true, "os": [ @@ -2669,12 +2690,15 @@ } }, "node_modules/@oxc-parser/binding-linux-x64-musl": { - "version": "0.128.0", - "resolved": "https://registry.npmjs.org/@oxc-parser/binding-linux-x64-musl/-/binding-linux-x64-musl-0.128.0.tgz", - "integrity": "sha512-4NehAe404MRdoZVS9DW8C5XbJwbXIc/KfVlYdpi5vE4081zc9Y0YzKVqyOYj/Puye7/Do+ohaONBFWlEHYl9hw==", + "version": "0.130.0", + "resolved": "https://registry.npmjs.org/@oxc-parser/binding-linux-x64-musl/-/binding-linux-x64-musl-0.130.0.tgz", + "integrity": "sha512-afXt87aZBqrUVli8TB/I8H1G50RDWcwirjWtXGXYqJ2ZqWEiErH7V72j3LUSDZaivmtu2OLX0KQ/mbhP81mr7A==", "cpu": [ "x64" ], + "libc": [ + "musl" + ], "license": "MIT", "optional": true, "os": [ @@ -2685,9 +2709,9 @@ } }, "node_modules/@oxc-parser/binding-openharmony-arm64": { - "version": "0.128.0", - "resolved": "https://registry.npmjs.org/@oxc-parser/binding-openharmony-arm64/-/binding-openharmony-arm64-0.128.0.tgz", - "integrity": "sha512-kVbqgW9xLL8bh8oc7aYOJilRKXE5G33+tE0jan+duo/9OriaFRpijcCwT2waWs2oqYROYq0GlE7/p3ywoshVeg==", + "version": "0.130.0", + "resolved": "https://registry.npmjs.org/@oxc-parser/binding-openharmony-arm64/-/binding-openharmony-arm64-0.130.0.tgz", + "integrity": "sha512-I0NCrZV/YZuCGWgqwNN/GO/iXlLF2z+Wgc7u+Aa9N4P51oYeIa0XT+zVBUne4csO9GqxskXgI4g8JzzWGRpfOw==", "cpu": [ "arm64" ], @@ -2701,9 +2725,9 @@ } }, "node_modules/@oxc-parser/binding-wasm32-wasi": { - "version": "0.128.0", - "resolved": "https://registry.npmjs.org/@oxc-parser/binding-wasm32-wasi/-/binding-wasm32-wasi-0.128.0.tgz", - "integrity": "sha512-L38ojghJYHmgiz6fJd7jwLB/ESDBpB02NdFxh+smqVM6P2anCEvHn0jhaSrt5eVNR1Ak8+moOeftUlofeyvniA==", + "version": "0.130.0", + "resolved": "https://registry.npmjs.org/@oxc-parser/binding-wasm32-wasi/-/binding-wasm32-wasi-0.130.0.tgz", + "integrity": "sha512-sJgQkGaBX0WJvPUDfwciex6IcTk5O5NLQ1bhEb6f3nBruh1GshKMRSMt2bxZlYrgBzjyBbJzsnO+InPG0bg+fA==", "cpu": [ "wasm32" ], @@ -2719,9 +2743,9 @@ } }, "node_modules/@oxc-parser/binding-win32-arm64-msvc": { - "version": "0.128.0", - "resolved": "https://registry.npmjs.org/@oxc-parser/binding-win32-arm64-msvc/-/binding-win32-arm64-msvc-0.128.0.tgz", - "integrity": "sha512-xgvO35GyHBtjlQ5AEpaYr7Rll1rvY7zqIhT6ty8E3ezBW2J1SFLjIDEvI/tcgDg6oaseDAqVcM+jU1HuCekgZw==", + "version": "0.130.0", + "resolved": "https://registry.npmjs.org/@oxc-parser/binding-win32-arm64-msvc/-/binding-win32-arm64-msvc-0.130.0.tgz", + "integrity": "sha512-bjcma99sQrNh6RY4mPO9yTkfxql6TDFoN3HWdK31RCKXwNhcDgJXW/l8PUtzKNiQ+9vpKJfJtQq+LklBuxSOBA==", "cpu": [ "arm64" ], @@ -2735,9 +2759,9 @@ } }, "node_modules/@oxc-parser/binding-win32-ia32-msvc": { - "version": "0.128.0", - "resolved": "https://registry.npmjs.org/@oxc-parser/binding-win32-ia32-msvc/-/binding-win32-ia32-msvc-0.128.0.tgz", - "integrity": "sha512-OY+3eM2SN72prHKRB22mPz8o5A/7dJ+f5DFLBVvggyZhEaNDAH9IB+ElMjmOkOIwf5MDCUAowCK7pAncNxzpBA==", + "version": "0.130.0", + "resolved": "https://registry.npmjs.org/@oxc-parser/binding-win32-ia32-msvc/-/binding-win32-ia32-msvc-0.130.0.tgz", + "integrity": "sha512-hRYbv6HhpSTzT4xTiIkadLI7upLQxuOdLPR/9nL1fTjwhgutBTPXrwaAPb/jTFVx6/8C7Jb5HcUKhmNwloTbFA==", "cpu": [ "ia32" ], @@ -2751,9 +2775,9 @@ } }, "node_modules/@oxc-parser/binding-win32-x64-msvc": { - "version": "0.128.0", - "resolved": "https://registry.npmjs.org/@oxc-parser/binding-win32-x64-msvc/-/binding-win32-x64-msvc-0.128.0.tgz", - "integrity": "sha512-NE9ny+cPUCCObXa0IKLfj0tCdPd7pe/dz9ZpkxpUOymB3miNeMPybdlYYTBSGJUalMWeBM85/4JcCErCNTqOXw==", + "version": "0.130.0", + "resolved": "https://registry.npmjs.org/@oxc-parser/binding-win32-x64-msvc/-/binding-win32-x64-msvc-0.130.0.tgz", + "integrity": "sha512-RBpA9TsRucJq6HNVNCFF1iKg+QeTkLdZf7hi4xaOGCPvMZWvDHjQgSOEZMUpuW4JNciHbxNhLEYmz5CVygjVGQ==", "cpu": [ "x64" ], @@ -2767,9 +2791,9 @@ } }, "node_modules/@oxc-project/types": { - "version": "0.128.0", - "resolved": "https://registry.npmjs.org/@oxc-project/types/-/types-0.128.0.tgz", - "integrity": "sha512-huv1Y/LzBJkBVHt3OlC7u0zHBW9qXf1FdD7sGmc1rXc2P1mTwHssYv7jyGx5KAACSCH+9B3Bhn6Z9luHRvf7pQ==", + "version": "0.130.0", + "resolved": "https://registry.npmjs.org/@oxc-project/types/-/types-0.130.0.tgz", + "integrity": "sha512-ibD2usx9JRu7f5pu2tMKMI4cpA4NgXJQoYRP4pQ7Pxmn1l6k/53qWtQWZayhYy3X4QZkt90Ot+mJEaeXouio6Q==", "license": "MIT", "funding": { "url": "https://github.com/sponsors/Boshen" @@ -11771,9 +11795,9 @@ } }, "node_modules/jiti": { - "version": "2.6.1", - "resolved": "https://registry.npmjs.org/jiti/-/jiti-2.6.1.tgz", - "integrity": "sha512-ekilCSN1jwRvIbgeg/57YFh8qQDNbwDb9xT/qu2DAHbFFZUicIl4ygVaAvzveMhMVr3LnpSKTNnwt8PoOfmKhQ==", + "version": "2.7.0", + "resolved": "https://registry.npmjs.org/jiti/-/jiti-2.7.0.tgz", + "integrity": "sha512-AC/7JofJvZGrrneWNaEnJeOLUx+JlGt7tNa0wZiRPT4MY1wmfKjt2+6O2p2uz2+skll8OZZmJMNqeke7kKbNgQ==", "license": "MIT", "bin": { "jiti": "lib/jiti-cli.mjs" @@ -11969,9 +11993,9 @@ } }, "node_modules/knip": { - "version": "6.12.0", - "resolved": "https://registry.npmjs.org/knip/-/knip-6.12.0.tgz", - "integrity": "sha512-nRg8+DOFcfBD6NjmNzu9+3D35QnEmMsnojJGOHQUqv+70r1aOx99wpSUXvEV7syQVOL5E6tNXXkoyG1Fuz8BWg==", + "version": "6.14.1", + "resolved": "https://registry.npmjs.org/knip/-/knip-6.14.1.tgz", + "integrity": "sha512-SN3Ly0ixzj5CQkY/rc4OPHpWrCC0XRIIjgdP76G9Cni5k72ur5jBYOyvJuF5oPTM14v8eHcMUgPbElHa+lnR0g==", "funding": [ { "type": "github", @@ -11987,16 +12011,16 @@ "fdir": "^6.5.0", "formatly": "^0.3.0", "get-tsconfig": "4.14.0", - "jiti": "^2.6.0", + "jiti": "^2.7.0", "minimist": "^1.2.8", - "oxc-parser": "^0.128.0", + "oxc-parser": "^0.130.0", "oxc-resolver": "^11.19.1", "picomatch": "^4.0.4", "smol-toml": "^1.6.1", "strip-json-comments": "5.0.3", "tinyglobby": "^0.2.16", "unbash": "^3.0.0", - "yaml": "^2.8.2", + "yaml": "^2.9.0", "zod": "^4.1.11" }, "bin": { @@ -14695,12 +14719,12 @@ } }, "node_modules/oxc-parser": { - "version": "0.128.0", - "resolved": "https://registry.npmjs.org/oxc-parser/-/oxc-parser-0.128.0.tgz", - "integrity": "sha512-XkOw3eiIxAgQ19WRew/Bq9wc5Ga/guaWIzDBzq80z1PyuDNGvWBpPby9k6YGwV8A8uMw+Nlq3xqlzuDYmUFYUw==", + "version": "0.130.0", + "resolved": "https://registry.npmjs.org/oxc-parser/-/oxc-parser-0.130.0.tgz", + "integrity": "sha512-X0PJ+NmOok8qP3vK9uaW431ngkdM9UPEK7KG466urtIL2+EYTEgbZK2yqe2MWKJKBjRlFweP/pJPx0x9muMEVw==", "license": "MIT", "dependencies": { - "@oxc-project/types": "^0.128.0" + "@oxc-project/types": "^0.130.0" }, "engines": { "node": "^20.19.0 || >=22.12.0" @@ -14709,26 +14733,26 @@ "url": "https://github.com/sponsors/Boshen" }, "optionalDependencies": { - "@oxc-parser/binding-android-arm-eabi": "0.128.0", - "@oxc-parser/binding-android-arm64": "0.128.0", - "@oxc-parser/binding-darwin-arm64": "0.128.0", - "@oxc-parser/binding-darwin-x64": "0.128.0", - "@oxc-parser/binding-freebsd-x64": "0.128.0", - "@oxc-parser/binding-linux-arm-gnueabihf": "0.128.0", - "@oxc-parser/binding-linux-arm-musleabihf": "0.128.0", - "@oxc-parser/binding-linux-arm64-gnu": "0.128.0", - "@oxc-parser/binding-linux-arm64-musl": "0.128.0", - "@oxc-parser/binding-linux-ppc64-gnu": "0.128.0", - "@oxc-parser/binding-linux-riscv64-gnu": "0.128.0", - "@oxc-parser/binding-linux-riscv64-musl": "0.128.0", - "@oxc-parser/binding-linux-s390x-gnu": "0.128.0", - "@oxc-parser/binding-linux-x64-gnu": "0.128.0", - "@oxc-parser/binding-linux-x64-musl": "0.128.0", - "@oxc-parser/binding-openharmony-arm64": "0.128.0", - "@oxc-parser/binding-wasm32-wasi": "0.128.0", - "@oxc-parser/binding-win32-arm64-msvc": "0.128.0", - "@oxc-parser/binding-win32-ia32-msvc": "0.128.0", - "@oxc-parser/binding-win32-x64-msvc": "0.128.0" + "@oxc-parser/binding-android-arm-eabi": "0.130.0", + "@oxc-parser/binding-android-arm64": "0.130.0", + "@oxc-parser/binding-darwin-arm64": "0.130.0", + "@oxc-parser/binding-darwin-x64": "0.130.0", + "@oxc-parser/binding-freebsd-x64": "0.130.0", + "@oxc-parser/binding-linux-arm-gnueabihf": "0.130.0", + "@oxc-parser/binding-linux-arm-musleabihf": "0.130.0", + "@oxc-parser/binding-linux-arm64-gnu": "0.130.0", + "@oxc-parser/binding-linux-arm64-musl": "0.130.0", + "@oxc-parser/binding-linux-ppc64-gnu": "0.130.0", + "@oxc-parser/binding-linux-riscv64-gnu": "0.130.0", + "@oxc-parser/binding-linux-riscv64-musl": "0.130.0", + "@oxc-parser/binding-linux-s390x-gnu": "0.130.0", + "@oxc-parser/binding-linux-x64-gnu": "0.130.0", + "@oxc-parser/binding-linux-x64-musl": "0.130.0", + "@oxc-parser/binding-openharmony-arm64": "0.130.0", + "@oxc-parser/binding-wasm32-wasi": "0.130.0", + "@oxc-parser/binding-win32-arm64-msvc": "0.130.0", + "@oxc-parser/binding-win32-ia32-msvc": "0.130.0", + "@oxc-parser/binding-win32-x64-msvc": "0.130.0" } }, "node_modules/oxc-resolver": { diff --git a/web/package.json b/web/package.json index 267b1b92a2..fec40adf7d 100644 --- a/web/package.json +++ b/web/package.json @@ -155,7 +155,7 @@ "globals": "^17.6.0", "guacamole-common-js": "^1.5.0", "hastscript": "^9.0.1", - "knip": "^6.12.0", + "knip": "^6.14.1", "lex": "^2025.11.0", "lit": "^3.3.3", "lit-analyzer": "^2.0.3", From 11af3f403044290dd06e28491ce791354c928cd5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 2 Jun 2026 19:54:02 +0200 Subject: [PATCH 07/65] website: bump the build group across 1 directory with 9 updates (#22669) * website: bump the build group across 1 directory with 9 updates Bumps the build group with 9 updates in the /website directory: | Package | From | To | | --- | --- | --- | | [@rspack/binding-darwin-arm64](https://github.com/web-infra-dev/rspack/tree/HEAD/packages/rspack) | `2.0.0` | `2.0.4` | | [@rspack/binding-linux-arm64-gnu](https://github.com/web-infra-dev/rspack/tree/HEAD/packages/rspack) | `2.0.0` | `2.0.4` | | [@rspack/binding-linux-x64-gnu](https://github.com/web-infra-dev/rspack/tree/HEAD/packages/rspack) | `2.0.0` | `2.0.4` | | [@swc/core-darwin-arm64](https://github.com/swc-project/swc) | `1.15.33` | `1.15.40` | | [@swc/core-linux-arm64-gnu](https://github.com/swc-project/swc) | `1.15.33` | `1.15.40` | | [@swc/core-linux-x64-gnu](https://github.com/swc-project/swc) | `1.15.33` | `1.15.40` | | [@swc/html-darwin-arm64](https://github.com/swc-project/swc) | `1.15.33` | `1.15.40` | | [@swc/html-linux-arm64-gnu](https://github.com/swc-project/swc) | `1.15.33` | `1.15.40` | | [@swc/html-linux-x64-gnu](https://github.com/swc-project/swc) | `1.15.33` | `1.15.40` | Updates `@rspack/binding-darwin-arm64` from 2.0.0 to 2.0.4 - [Release notes](https://github.com/web-infra-dev/rspack/releases) - [Commits](https://github.com/web-infra-dev/rspack/commits/v2.0.4/packages/rspack) Updates `@rspack/binding-linux-arm64-gnu` from 2.0.0 to 2.0.4 - [Release notes](https://github.com/web-infra-dev/rspack/releases) - [Commits](https://github.com/web-infra-dev/rspack/commits/v2.0.4/packages/rspack) Updates `@rspack/binding-linux-x64-gnu` from 2.0.0 to 2.0.4 - [Release notes](https://github.com/web-infra-dev/rspack/releases) - [Commits](https://github.com/web-infra-dev/rspack/commits/v2.0.4/packages/rspack) Updates `@swc/core-darwin-arm64` from 1.15.33 to 1.15.40 - [Release notes](https://github.com/swc-project/swc/releases) - [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md) - [Commits](https://github.com/swc-project/swc/compare/v1.15.33...v1.15.40) Updates `@swc/core-linux-arm64-gnu` from 1.15.33 to 1.15.40 - [Release notes](https://github.com/swc-project/swc/releases) - [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md) - [Commits](https://github.com/swc-project/swc/compare/v1.15.33...v1.15.40) Updates `@swc/core-linux-x64-gnu` from 1.15.33 to 1.15.40 - [Release notes](https://github.com/swc-project/swc/releases) - [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md) - [Commits](https://github.com/swc-project/swc/compare/v1.15.33...v1.15.40) Updates `@swc/html-darwin-arm64` from 1.15.33 to 1.15.40 - [Release notes](https://github.com/swc-project/swc/releases) - [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md) - [Commits](https://github.com/swc-project/swc/compare/v1.15.33...v1.15.40) Updates `@swc/html-linux-arm64-gnu` from 1.15.33 to 1.15.40 - [Release notes](https://github.com/swc-project/swc/releases) - [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md) - [Commits](https://github.com/swc-project/swc/compare/v1.15.33...v1.15.40) Updates `@swc/html-linux-x64-gnu` from 1.15.33 to 1.15.40 - [Release notes](https://github.com/swc-project/swc/releases) - [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md) - [Commits](https://github.com/swc-project/swc/compare/v1.15.33...v1.15.40) --- updated-dependencies: - dependency-name: "@rspack/binding-darwin-arm64" dependency-version: 2.0.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: build - dependency-name: "@rspack/binding-linux-arm64-gnu" dependency-version: 2.0.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: build - dependency-name: "@rspack/binding-linux-x64-gnu" dependency-version: 2.0.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: build - dependency-name: "@swc/core-darwin-arm64" dependency-version: 1.15.40 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: build - dependency-name: "@swc/core-linux-arm64-gnu" dependency-version: 1.15.40 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: build - dependency-name: "@swc/core-linux-x64-gnu" dependency-version: 1.15.40 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: build - dependency-name: "@swc/html-darwin-arm64" dependency-version: 1.15.40 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: build - dependency-name: "@swc/html-linux-arm64-gnu" dependency-version: 1.15.40 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: build - dependency-name: "@swc/html-linux-x64-gnu" dependency-version: 1.15.40 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: build ... Signed-off-by: dependabot[bot] * sigh Signed-off-by: Jens Langhammer --------- Signed-off-by: dependabot[bot] Signed-off-by: Jens Langhammer Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Jens Langhammer --- website/api/package.json | 18 +-- website/package-lock.json | 241 ++++++++++++++++++++++++-------------- website/package.json | 18 +-- 3 files changed, 171 insertions(+), 106 deletions(-) diff --git a/website/api/package.json b/website/api/package.json index fe6b8d419a..027e19b221 100644 --- a/website/api/package.json +++ b/website/api/package.json @@ -48,15 +48,15 @@ "typescript": "^6.0.3" }, "optionalDependencies": { - "@rspack/binding-darwin-arm64": "2.0.0", - "@rspack/binding-linux-arm64-gnu": "2.0.0", - "@rspack/binding-linux-x64-gnu": "2.0.0", - "@swc/core-darwin-arm64": "1.15.33", - "@swc/core-linux-arm64-gnu": "1.15.33", - "@swc/core-linux-x64-gnu": "1.15.33", - "@swc/html-darwin-arm64": "1.15.33", - "@swc/html-linux-arm64-gnu": "1.15.33", - "@swc/html-linux-x64-gnu": "1.15.33", + "@rspack/binding-darwin-arm64": "2.0.4", + "@rspack/binding-linux-arm64-gnu": "2.0.4", + "@rspack/binding-linux-x64-gnu": "2.0.4", + "@swc/core-darwin-arm64": "1.15.40", + "@swc/core-linux-arm64-gnu": "1.15.40", + "@swc/core-linux-x64-gnu": "1.15.40", + "@swc/html-darwin-arm64": "1.15.40", + "@swc/html-linux-arm64-gnu": "1.15.40", + "@swc/html-linux-x64-gnu": "1.15.40", "lightningcss-darwin-arm64": "1.32.0", "lightningcss-linux-arm64-gnu": "1.32.0", "lightningcss-linux-x64-gnu": "1.32.0" diff --git a/website/package-lock.json b/website/package-lock.json index 93f07eb299..e3d5eedd60 100644 --- a/website/package-lock.json +++ b/website/package-lock.json @@ -38,15 +38,15 @@ "npm": ">=11.14.1" }, "optionalDependencies": { - "@rspack/binding-darwin-arm64": "2.0.3", - "@rspack/binding-linux-arm64-gnu": "2.0.3", - "@rspack/binding-linux-x64-gnu": "2.0.3", - "@swc/core-darwin-arm64": "1.15.33", - "@swc/core-linux-arm64-gnu": "1.15.33", - "@swc/core-linux-x64-gnu": "1.15.33", - "@swc/html-darwin-arm64": "1.15.33", - "@swc/html-linux-arm64-gnu": "1.15.33", - "@swc/html-linux-x64-gnu": "1.15.33", + "@rspack/binding-darwin-arm64": "2.0.4", + "@rspack/binding-linux-arm64-gnu": "2.0.4", + "@rspack/binding-linux-x64-gnu": "2.0.4", + "@swc/core-darwin-arm64": "1.15.40", + "@swc/core-linux-arm64-gnu": "1.15.40", + "@swc/core-linux-x64-gnu": "1.15.40", + "@swc/html-darwin-arm64": "1.15.40", + "@swc/html-linux-arm64-gnu": "1.15.40", + "@swc/html-linux-x64-gnu": "1.15.40", "lightningcss-darwin-arm64": "1.32.0", "lightningcss-linux-arm64-gnu": "1.32.0", "lightningcss-linux-x64-gnu": "1.32.0" @@ -213,15 +213,15 @@ "typescript": "^6.0.3" }, "optionalDependencies": { - "@rspack/binding-darwin-arm64": "2.0.0", - "@rspack/binding-linux-arm64-gnu": "2.0.0", - "@rspack/binding-linux-x64-gnu": "2.0.0", - "@swc/core-darwin-arm64": "1.15.33", - "@swc/core-linux-arm64-gnu": "1.15.33", - "@swc/core-linux-x64-gnu": "1.15.33", - "@swc/html-darwin-arm64": "1.15.33", - "@swc/html-linux-arm64-gnu": "1.15.33", - "@swc/html-linux-x64-gnu": "1.15.33", + "@rspack/binding-darwin-arm64": "2.0.4", + "@rspack/binding-linux-arm64-gnu": "2.0.4", + "@rspack/binding-linux-x64-gnu": "2.0.4", + "@swc/core-darwin-arm64": "1.15.40", + "@swc/core-linux-arm64-gnu": "1.15.40", + "@swc/core-linux-x64-gnu": "1.15.40", + "@swc/html-darwin-arm64": "1.15.40", + "@swc/html-linux-arm64-gnu": "1.15.40", + "@swc/html-linux-x64-gnu": "1.15.40", "lightningcss-darwin-arm64": "1.32.0", "lightningcss-linux-arm64-gnu": "1.32.0", "lightningcss-linux-x64-gnu": "1.32.0" @@ -235,49 +235,6 @@ "npm": ">=11.10.1" } }, - "api/node_modules/@rspack/binding-darwin-arm64": { - "version": "2.0.0", - "cpu": [ - "arm64" - ], - "license": "MIT", - "optional": true, - "os": [ - "darwin" - ] - }, - "api/node_modules/@rspack/binding-linux-arm64-gnu": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/@rspack/binding-linux-arm64-gnu/-/binding-linux-arm64-gnu-2.0.0.tgz", - "integrity": "sha512-Ufn33gzkIV7JY69k6vJQEdOzRvBqThIgH46pwXksHSMwRZp8IbJhXfyYIAVsRWCk8fXpr9t1nAvCDvJXT2EeyA==", - "cpu": [ - "arm64" - ], - "libc": [ - "glibc" - ], - "license": "MIT", - "optional": true, - "os": [ - "linux" - ] - }, - "api/node_modules/@rspack/binding-linux-x64-gnu": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/@rspack/binding-linux-x64-gnu/-/binding-linux-x64-gnu-2.0.0.tgz", - "integrity": "sha512-dPjFGpoCvZfFpJBsWAUR+PR7mWYxpou6L026qIOpAVkz7WiTzErwKD3P1jVrpP4dM9yLb3fVE+PHHjTglhTJ4g==", - "cpu": [ - "x64" - ], - "libc": [ - "glibc" - ], - "license": "MIT", - "optional": true, - "os": [ - "linux" - ] - }, "docs": { "name": "@goauthentik/docs-topics", "version": "0.0.0", @@ -6341,9 +6298,9 @@ } }, "node_modules/@rspack/binding-darwin-arm64": { - "version": "2.0.3", - "resolved": "https://registry.npmjs.org/@rspack/binding-darwin-arm64/-/binding-darwin-arm64-2.0.3.tgz", - "integrity": "sha512-4UyCjLJwU/WxR6K1/gG4u3+jUsoaRHJ5rNu9fto/UbvrItwdlVNULChAApqZFw6mcSetMddSjSICeuj5pSB6sA==", + "version": "2.0.4", + "resolved": "https://registry.npmjs.org/@rspack/binding-darwin-arm64/-/binding-darwin-arm64-2.0.4.tgz", + "integrity": "sha512-0Q1QXFEsZfDc4opiDnb8q50KlBbC2VovViDaYlMJZBzvjAo325mh3itXPfz7YZ31M+TxRE7TUiJXH3ltiV1Hdg==", "cpu": [ "arm64" ], @@ -6367,9 +6324,9 @@ ] }, "node_modules/@rspack/binding-linux-arm64-gnu": { - "version": "2.0.3", - "resolved": "https://registry.npmjs.org/@rspack/binding-linux-arm64-gnu/-/binding-linux-arm64-gnu-2.0.3.tgz", - "integrity": "sha512-aPLDaaTtX1wqjLYAIHc2MGDQZtv1Hbjx47oaaefbWz5GbAnSA4P8jdYIeeGRyrqvQ0WqJXIWXgT0d/iXtes00A==", + "version": "2.0.4", + "resolved": "https://registry.npmjs.org/@rspack/binding-linux-arm64-gnu/-/binding-linux-arm64-gnu-2.0.4.tgz", + "integrity": "sha512-BEk6mIYBK4BihW9qXXITJORrVXecTlkRjrqhgefili4xjXtLdcUnxAm9sN/2oJ8m378n2h33qDh4gr2orPBFWQ==", "cpu": [ "arm64" ], @@ -6399,9 +6356,9 @@ ] }, "node_modules/@rspack/binding-linux-x64-gnu": { - "version": "2.0.3", - "resolved": "https://registry.npmjs.org/@rspack/binding-linux-x64-gnu/-/binding-linux-x64-gnu-2.0.3.tgz", - "integrity": "sha512-fAhiMuV5omT53YMft+f3Y9euAFgspuyBAk9ZpeW2buL2TkuUMwP07adhhvQfKdQ5gpELfzmjQaRDGqaIT8UWiA==", + "version": "2.0.4", + "resolved": "https://registry.npmjs.org/@rspack/binding-linux-x64-gnu/-/binding-linux-x64-gnu-2.0.4.tgz", + "integrity": "sha512-xHorBPBZAg0Pn9Q0k9dWZ9euowieDxcSOzQ9JhTCmhDY6wZH5M/kCBFlCs/OQeW5/NUArW3x3MwEdO/0QJHMxg==", "cpu": [ "x64" ], @@ -6915,9 +6872,9 @@ } }, "node_modules/@swc/core-darwin-arm64": { - "version": "1.15.33", - "resolved": "https://registry.npmjs.org/@swc/core-darwin-arm64/-/core-darwin-arm64-1.15.33.tgz", - "integrity": "sha512-N+L0uXhuO7FIfzqwgxmzv0zIpV0qEp8wPX3QQs2p4atjMoywup2JTeDlXPw+z9pWJGCae3JjM+tZ6myclI+2gA==", + "version": "1.15.40", + "resolved": "https://registry.npmjs.org/@swc/core-darwin-arm64/-/core-darwin-arm64-1.15.40.tgz", + "integrity": "sha512-PaYyclfmQ++77D8ityYvmmVzHv9aG8ROwt2GfG6/ccloy4Hgf80qtOnzb9VYvPsUT7Ty1uhuDRhv3XYpf62qhQ==", "cpu": [ "arm64" ], @@ -6963,9 +6920,9 @@ } }, "node_modules/@swc/core-linux-arm64-gnu": { - "version": "1.15.33", - "resolved": "https://registry.npmjs.org/@swc/core-linux-arm64-gnu/-/core-linux-arm64-gnu-1.15.33.tgz", - "integrity": "sha512-TRJfnJbX3jqpxRDRoieMzRiCBS5jOmXNb3iQXmcgjFEHKLnAgK1RZRU8Cq1MsPqO4jAJp/ld1G4O3fXuxv85uw==", + "version": "1.15.40", + "resolved": "https://registry.npmjs.org/@swc/core-linux-arm64-gnu/-/core-linux-arm64-gnu-1.15.40.tgz", + "integrity": "sha512-Q8byxJt2fh8CR3EUX6snBpy47AoBVm+In/+Z3rjDHMjC38ZvR9/gtUUNCT0tfrn4EdVsO8/QPi59nxrxvqxvBQ==", "cpu": [ "arm64" ], @@ -7039,9 +6996,9 @@ } }, "node_modules/@swc/core-linux-x64-gnu": { - "version": "1.15.33", - "resolved": "https://registry.npmjs.org/@swc/core-linux-x64-gnu/-/core-linux-x64-gnu-1.15.33.tgz", - "integrity": "sha512-mGTH0YxmUN+x6vRN/I6NOk5X0ogNktkwPnJ94IMvR7QjhRDwL0O8RXEDhyUM0YtwWrryBOqaJQBX4zruxEPRGw==", + "version": "1.15.40", + "resolved": "https://registry.npmjs.org/@swc/core-linux-x64-gnu/-/core-linux-x64-gnu-1.15.40.tgz", + "integrity": "sha512-7HOuS1iGcme/j/TuL1TfmmLGiMQrjv/GmjyZeydl00FKPtpGXEldwqfI56xgd1YzrzoB2svWjxbGGyQ0TEASxg==", "cpu": [ "x64" ], @@ -7124,6 +7081,60 @@ "node": ">=10" } }, + "node_modules/@swc/core/node_modules/@swc/core-darwin-arm64": { + "version": "1.15.33", + "resolved": "https://registry.npmjs.org/@swc/core-darwin-arm64/-/core-darwin-arm64-1.15.33.tgz", + "integrity": "sha512-N+L0uXhuO7FIfzqwgxmzv0zIpV0qEp8wPX3QQs2p4atjMoywup2JTeDlXPw+z9pWJGCae3JjM+tZ6myclI+2gA==", + "cpu": [ + "arm64" + ], + "license": "Apache-2.0 AND MIT", + "optional": true, + "os": [ + "darwin" + ], + "engines": { + "node": ">=10" + } + }, + "node_modules/@swc/core/node_modules/@swc/core-linux-arm64-gnu": { + "version": "1.15.33", + "resolved": "https://registry.npmjs.org/@swc/core-linux-arm64-gnu/-/core-linux-arm64-gnu-1.15.33.tgz", + "integrity": "sha512-TRJfnJbX3jqpxRDRoieMzRiCBS5jOmXNb3iQXmcgjFEHKLnAgK1RZRU8Cq1MsPqO4jAJp/ld1G4O3fXuxv85uw==", + "cpu": [ + "arm64" + ], + "libc": [ + "glibc" + ], + "license": "Apache-2.0 AND MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">=10" + } + }, + "node_modules/@swc/core/node_modules/@swc/core-linux-x64-gnu": { + "version": "1.15.33", + "resolved": "https://registry.npmjs.org/@swc/core-linux-x64-gnu/-/core-linux-x64-gnu-1.15.33.tgz", + "integrity": "sha512-mGTH0YxmUN+x6vRN/I6NOk5X0ogNktkwPnJ94IMvR7QjhRDwL0O8RXEDhyUM0YtwWrryBOqaJQBX4zruxEPRGw==", + "cpu": [ + "x64" + ], + "libc": [ + "glibc" + ], + "license": "Apache-2.0 AND MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">=10" + } + }, "node_modules/@swc/counter": { "version": "0.1.3", "resolved": "https://registry.npmjs.org/@swc/counter/-/counter-0.1.3.tgz", @@ -7157,9 +7168,9 @@ } }, "node_modules/@swc/html-darwin-arm64": { - "version": "1.15.33", - "resolved": "https://registry.npmjs.org/@swc/html-darwin-arm64/-/html-darwin-arm64-1.15.33.tgz", - "integrity": "sha512-zyO6uMBfLyCh55wundAxKX+8P/f98ecuyir4VX6nTmn6y7x37ndB8f01LUrd9Tiq6eEAvDXLiqEUvuGjEc7Pmg==", + "version": "1.15.40", + "resolved": "https://registry.npmjs.org/@swc/html-darwin-arm64/-/html-darwin-arm64-1.15.40.tgz", + "integrity": "sha512-A9oxSh60pMEsX/4VBpn3e6s8DfGWsHzAeG+Vd9mXgkTqt/ouX12owP6RyqfqK8v0WuEsBKkGY0+MbwLvlOG8NQ==", "cpu": [ "arm64" ], @@ -7205,9 +7216,9 @@ } }, "node_modules/@swc/html-linux-arm64-gnu": { - "version": "1.15.33", - "resolved": "https://registry.npmjs.org/@swc/html-linux-arm64-gnu/-/html-linux-arm64-gnu-1.15.33.tgz", - "integrity": "sha512-7tZ0IgmUslI9Extu/TpxJS0GjJoDx0j9zeq2cIidPdM/njSBpyRB7n4B292Q5WFVh7PcZl7WXqqqMczibQ27aA==", + "version": "1.15.40", + "resolved": "https://registry.npmjs.org/@swc/html-linux-arm64-gnu/-/html-linux-arm64-gnu-1.15.40.tgz", + "integrity": "sha512-buu4fGyCIhkwmCetI4CfWOPn7cphJHwQ9ksK685hlL0R0PUaDCNdIxo+JAz0mK2JgPhoGqnKsVEmV6gLIL5GBw==", "cpu": [ "arm64" ], @@ -7281,9 +7292,9 @@ } }, "node_modules/@swc/html-linux-x64-gnu": { - "version": "1.15.33", - "resolved": "https://registry.npmjs.org/@swc/html-linux-x64-gnu/-/html-linux-x64-gnu-1.15.33.tgz", - "integrity": "sha512-JDNb4Uq+7g+23QuOtwWnP0/EqztWIHFFdQdeBIS5zx83YBG2dYRMdPAjnHJWh2YRZxdepd8q6S9MUIxpSrouAg==", + "version": "1.15.40", + "resolved": "https://registry.npmjs.org/@swc/html-linux-x64-gnu/-/html-linux-x64-gnu-1.15.40.tgz", + "integrity": "sha512-i+/JqL5j9mTGMcVshWLMzciqyE3Np+gN5+UqMyO1D5zSmniJD5MHRlGXCtLaWx/MIKX0Q4Xkre33o56fmxp+uA==", "cpu": [ "x64" ], @@ -7366,6 +7377,60 @@ "node": ">=10" } }, + "node_modules/@swc/html/node_modules/@swc/html-darwin-arm64": { + "version": "1.15.33", + "resolved": "https://registry.npmjs.org/@swc/html-darwin-arm64/-/html-darwin-arm64-1.15.33.tgz", + "integrity": "sha512-zyO6uMBfLyCh55wundAxKX+8P/f98ecuyir4VX6nTmn6y7x37ndB8f01LUrd9Tiq6eEAvDXLiqEUvuGjEc7Pmg==", + "cpu": [ + "arm64" + ], + "license": "Apache-2.0 AND MIT", + "optional": true, + "os": [ + "darwin" + ], + "engines": { + "node": ">=10" + } + }, + "node_modules/@swc/html/node_modules/@swc/html-linux-arm64-gnu": { + "version": "1.15.33", + "resolved": "https://registry.npmjs.org/@swc/html-linux-arm64-gnu/-/html-linux-arm64-gnu-1.15.33.tgz", + "integrity": "sha512-7tZ0IgmUslI9Extu/TpxJS0GjJoDx0j9zeq2cIidPdM/njSBpyRB7n4B292Q5WFVh7PcZl7WXqqqMczibQ27aA==", + "cpu": [ + "arm64" + ], + "libc": [ + "glibc" + ], + "license": "Apache-2.0 AND MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">=10" + } + }, + "node_modules/@swc/html/node_modules/@swc/html-linux-x64-gnu": { + "version": "1.15.33", + "resolved": "https://registry.npmjs.org/@swc/html-linux-x64-gnu/-/html-linux-x64-gnu-1.15.33.tgz", + "integrity": "sha512-JDNb4Uq+7g+23QuOtwWnP0/EqztWIHFFdQdeBIS5zx83YBG2dYRMdPAjnHJWh2YRZxdepd8q6S9MUIxpSrouAg==", + "cpu": [ + "x64" + ], + "libc": [ + "glibc" + ], + "license": "Apache-2.0 AND MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">=10" + } + }, "node_modules/@swc/types": { "version": "0.1.26", "resolved": "https://registry.npmjs.org/@swc/types/-/types-0.1.26.tgz", diff --git a/website/package.json b/website/package.json index 47552ca683..b874c75b17 100644 --- a/website/package.json +++ b/website/package.json @@ -36,15 +36,15 @@ "typescript-eslint": "^8.59.3" }, "optionalDependencies": { - "@rspack/binding-darwin-arm64": "2.0.3", - "@rspack/binding-linux-arm64-gnu": "2.0.3", - "@rspack/binding-linux-x64-gnu": "2.0.3", - "@swc/core-darwin-arm64": "1.15.33", - "@swc/core-linux-arm64-gnu": "1.15.33", - "@swc/core-linux-x64-gnu": "1.15.33", - "@swc/html-darwin-arm64": "1.15.33", - "@swc/html-linux-arm64-gnu": "1.15.33", - "@swc/html-linux-x64-gnu": "1.15.33", + "@rspack/binding-darwin-arm64": "2.0.4", + "@rspack/binding-linux-arm64-gnu": "2.0.4", + "@rspack/binding-linux-x64-gnu": "2.0.4", + "@swc/core-darwin-arm64": "1.15.40", + "@swc/core-linux-arm64-gnu": "1.15.40", + "@swc/core-linux-x64-gnu": "1.15.40", + "@swc/html-darwin-arm64": "1.15.40", + "@swc/html-linux-arm64-gnu": "1.15.40", + "@swc/html-linux-x64-gnu": "1.15.40", "lightningcss-darwin-arm64": "1.32.0", "lightningcss-linux-arm64-gnu": "1.32.0", "lightningcss-linux-x64-gnu": "1.32.0" From 5c1f4359955818206d6f34b6a348b1abe9cd8039 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 2 Jun 2026 19:54:28 +0200 Subject: [PATCH 08/65] ci: bump snok/container-retention-policy from 3.0.1 to 3.1.0 (#22778) Bumps [snok/container-retention-policy](https://github.com/snok/container-retention-policy) from 3.0.1 to 3.1.0. - [Release notes](https://github.com/snok/container-retention-policy/releases) - [Commits](https://github.com/snok/container-retention-policy/compare/3b0972b2276b171b212f8c4efbca59ebba26eceb...d3bdcf5ce9b05f685154e4a16c39233b245e3d53) --- updated-dependencies: - dependency-name: snok/container-retention-policy dependency-version: 3.1.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/gh-ghcr-retention.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/gh-ghcr-retention.yml b/.github/workflows/gh-ghcr-retention.yml index accf8e68dc..fdf82118c3 100644 --- a/.github/workflows/gh-ghcr-retention.yml +++ b/.github/workflows/gh-ghcr-retention.yml @@ -21,7 +21,7 @@ jobs: app-id: ${{ secrets.GH_APP_ID }} private-key: ${{ secrets.GH_APP_PRIV_KEY }} - name: Delete 'dev' containers older than a week - uses: snok/container-retention-policy@3b0972b2276b171b212f8c4efbca59ebba26eceb # v3.0.1 + uses: snok/container-retention-policy@d3bdcf5ce9b05f685154e4a16c39233b245e3d53 # v3.1.0 with: image-names: dev-server,dev-ldap,dev-proxy image-tags: "!gh-next,!gh-main" From 6cdae9a86e4ada92b15e4fb74d3e859c9dcaa501 Mon Sep 17 00:00:00 2001 From: Connor Peshek Date: Tue, 2 Jun 2026 13:08:08 -0500 Subject: [PATCH 09/65] website/docs: add oidc issuer information (#22556) * website/docs: add oidc issuer information * Update website/docs/add-secure-apps/providers/oauth2/index.mdx Co-authored-by: Dominic R Signed-off-by: Connor Peshek * Update website/docs/add-secure-apps/providers/oauth2/index.mdx Co-authored-by: Dominic R Signed-off-by: Connor Peshek * Update website/docs/add-secure-apps/providers/oauth2/index.mdx Co-authored-by: Dominic R Signed-off-by: Connor Peshek * Apply suggestion from @dominic-r Signed-off-by: Dominic R * update warning to info * Update language throughout the doc, fix punctuation and spelling Signed-off-by: Dewi Roberts * update typos * fix wording * lint --------- Signed-off-by: Connor Peshek Signed-off-by: Dominic R Signed-off-by: Dewi Roberts Co-authored-by: Dominic R Co-authored-by: Dewi Roberts --- .../providers/oauth2/index.mdx | 43 +++++++++++++------ 1 file changed, 31 insertions(+), 12 deletions(-) diff --git a/website/docs/add-secure-apps/providers/oauth2/index.mdx b/website/docs/add-secure-apps/providers/oauth2/index.mdx index 296d00bfa6..15c514b3f3 100644 --- a/website/docs/add-secure-apps/providers/oauth2/index.mdx +++ b/website/docs/add-secure-apps/providers/oauth2/index.mdx @@ -2,28 +2,28 @@ title: OAuth 2.0 provider --- -In authentik, you can [create](./create-oauth2-provider.md) an [OAuth 2.0](https://oauth.net/2/) provider that authentik uses to authenticate the user to the associated application. This provider supports both generic OAuth2 as well as OpenID Connect (OIDC). +In authentik, you can [create](./create-oauth2-provider.md) an [OAuth 2.0](https://oauth.net/2/) provider that authentik uses to authenticate the user to the associated application. This provider supports both generic OAuth 2.0 as well as OpenID Connect (OIDC). ## authentik and OAuth 2.0 It's important to understand how authentik works with and supports the OAuth 2.0 protocol, so before taking a [closer look at OAuth 2.0 protocol](#about-oauth-20-and-oidc) itself, let's cover a bit about authentik. -authentik can act either as the OP, (OpenID Provider, with authentik as the IdP), or as the RP (Relying Party, or the application that uses OAuth 2.0 to authenticate). If you want to configure authentik as an OP, then you create a provider, then use the OAuth 2.0 provider. If you want authentik to serve as the RP, then configure a [source](../../../users-sources/sources/index.md). Of course, authentik can serve as both the RP and OP, if you want to use the authentik OAuth provider and also use sources. +authentik can act either as the OP (OpenID Provider, with authentik as the IdP), or as the RP (Relying Party, or the application that uses OAuth 2.0 to authenticate). If you want to configure authentik as an OP, create an OAuth 2.0 provider. If you want authentik to serve as the RP, then configure a [source](../../../users-sources/sources/index.md). Of course, authentik can serve as both the RP and OP, if you want to use the authentik OAuth provider and also use sources. -All standard OAuth 2.0 flows (authorization code, client_credentials, implicit, hybrid, device code) and grant types are supported in authentik, and we follow the [OIDC spec](https://openid.net/specs/openid-connect-core-1_0.html). OAuth 2.0 in authentik supports OAuth, PKCE, [GitHub compatibility](./github-compatibility.md), and the RP receives data from our scope mapping system. +authentik supports all standard OAuth 2.0 flows (authorization code, client_credentials, implicit, hybrid, device code) and grant types, and follows the [OIDC spec](https://openid.net/specs/openid-connect-core-1_0.html). OAuth 2.0 in authentik supports PKCE, [GitHub compatibility](./github-compatibility.md), and the RP receives data from our scope mapping system. -The authentik OAuth 2.0 provider comes with all the standard functionality and features of OAuth 2.0, including the OAuth 2.0 security principles such as no cleartext storage of credentials, configurable encryption, configurable short expiration times, and the configuration of automatic rotation of refresh tokens. In short, our OAuth 2.0 protocol support provides full coverage. +The authentik OAuth 2.0 provider comes with all the standard functionality and features of OAuth 2.0, including the OAuth 2.0 security principles such as no cleartext storage of credentials, configurable encryption, configurable short expiration times, and the configuration of automatic rotation of refresh tokens. In short, authentik offers comprehensive OAuth 2.0 support. ## About OAuth 2.0 and OIDC -OAuth 2.0 is an authorization protocol that allows an application (the RP) to delegate authorization to an OP. OIDC is an authentication protocol built on top of OAuth2, which provides identity credentials and other data on top of OAuth2. +OAuth 2.0 is an authorization protocol that allows an application (the RP) to delegate authorization to an OP. OIDC is an authentication protocol built on top of OAuth 2.0, which provides identity credentials and other data on top of OAuth 2.0. **OAuth 2.0** typically requires two requests (unlike the previous "three-legged" OAuth 1.0). The two "legs", or requests, for OAuth 2.0 are: 1. An authorization request is prepared by the RP and contains parameters for its implementation of OAuth and which data it requires, and then the User's browser is redirected to that URL. 2. The RP sends a request to authentik in the background to exchange the access code for an access token (and optionally a refresh token). -In detail, with OAuth2 when a user accesses the application (the RP) via their browser, the RP then prepares a URL with parameters for the OpenID Provider (OP), which the user's browser is redirected to. The OP authenticates the user and generates an authorization code. The OP then redirects the client (the user's browser) back to the RP, along with that authorization code. In the background, the RP then sends that same authorization code in a request authenticated by the `client_id` and `client_secret` to the OP. Finally, the OP responds by sending an Access Token saying this user has been authorized (the RP is recommended to validate this token using cryptography) and optionally a Refresh Token. +In detail, with OAuth 2.0 when a user accesses the application (the RP) via their browser, the RP then prepares a URL with parameters for the OpenID Provider (OP), which the user's browser is redirected to. The OP authenticates the user and generates an authorization code. The OP then redirects the client (the user's browser) back to the RP, along with that authorization code. In the background, the RP then sends that same authorization code in a request authenticated by the `client_id` and `client_secret` to the OP. Finally, the OP responds by sending an Access Token saying this user has been authorized (the RP is recommended to validate this token using cryptography) and optionally a Refresh Token. The image below shows a typical authorization code flow. @@ -48,7 +48,7 @@ sequenceDiagram rp->>user: User is logged in ``` -## OAuth2 endpoints and bindings +## OAuth 2.0 endpoints and bindings | Endpoint | URL | | -------------------- | -------------------------------------------------------------------- | @@ -63,12 +63,12 @@ sequenceDiagram | OpenID Configuration | `/application/o//.well-known/openid-configuration` | :::caution Reserved application slugs -Due to how the OAuth2 provider endpoints are structured, you cannot create applications that use the slugs `authorize`, `token`, `device`, `userinfo`, `introspect`, or `revoke` as these would conflict with the global OAuth2 endpoints. +Due to how the OAuth2 provider endpoints are structured, you cannot create applications that use the slugs `authorize`, `token`, `device`, `userinfo`, `introspect`, or `revoke` as these would conflict with the global OAuth 2.0 endpoints. ::: ### Cross-provider token introspection and revocation -The token introspection and revocation endpoints are global OAuth2 endpoints, but access to tokens is still scoped by provider. A client can introspect or revoke tokens issued by the same OAuth2 provider that authenticated the request. +The token introspection and revocation endpoints are global OAuth 2.0 endpoints, but access to tokens is still scoped by provider. A client can introspect or revoke tokens issued by the same OAuth2 provider that authenticated the request. For cross-provider introspection or revocation, authenticate the request with a confidential provider. Then, on the provider that issues the token, select the authenticating provider under **Federated OAuth2/OpenID Providers**. This allows the authenticating provider to introspect and revoke tokens issued by the federated provider. @@ -86,6 +86,25 @@ Using back-channel logout (a server-to-server notification mechanism) allows an For more information, see our [OAuth2/OpenID Connect front-channel and back-channel logout](./frontchannel_and_backchannel_logout.mdx) documentation. +## Issuer mode + +The **Issuer mode** setting (under **Advanced protocol settings**) controls the value that authentik uses for the `iss` (issuer) claim in the tokens it signs, and for the `issuer` field in the provider's [OpenID Connect discovery document](#oauth-20-endpoints-and-bindings). + +| Mode (UI label) | `iss` value | +| --------------------------------------------------------------------------------- | ------------------------------------------------------------- | +| **Each provider has a different issuer, based on the application slug** (default) | `https://authentik.company/application/o//` | +| **Same identifier is used for all providers** | `https://authentik.company/` | + +By default, authentik uses per-provider mode: every provider has a unique issuer derived from its application slug. This is the recommended setting, and matches how the discovery and JWKS endpoints are structured, since both are served under the per-application `/application/o//` path. + +### Global issuer mode + +Setting the issuer mode to **Same identifier is used for all providers** (referred to internally as **global** mode) makes every OAuth 2.0 provider configured with this mode share the same issuer: the root URL of the instance (`https://authentik.company/`). + +:::info Well-known location +Global issuer mode still serves the discovery document at `https://authentik.company/application/o//.well-known/openid-configuration`, not at the root issuer URL. +::: + ## OAuth 2.0 flows and grant types There are three general flows of OAuth 2.0: @@ -108,7 +127,7 @@ The flows and grant types used in this case are those used for a typical authori #### Authorization code -The authorization code is for environments with both a Client and an application server, where the back and forth happens between the client and an app server (the logic lives on app server). The RP needs to authorize itself to the OP. Client ID (public, identifies which app is talking to it) and client secret (the password) that the RP uses to authenticate. +The authorization code is for environments with both a client and an application server, where the back and forth happens between the client and an app server (the logic lives on app server). The RP needs to authorize itself to the OP. Client ID (public, identifies which app is talking to it) and client secret (the password) that the RP uses to authenticate. If you configure authentik to use "Offline access" then during the initial auth the OP sends two tokens, an access token (short-lived, hours, can be customized) and a refresh token (typically longer validity, days or infinite). The RP (the app) saves both tokens. When the access token is about to expire, the RP sends the saved refresh token back to the OP, and requests a new access token. When the refresh token itself is about to expire, the RP can also ask for a new refresh token. This can all happen without user interaction if you configured the offline access. @@ -124,11 +143,11 @@ The authorization code grant type is used to convert an authorization code to an The OAuth 2.0 [Security Best Current Practice document](https://tools.ietf.org/html/draft-ietf-oauth-security-topics) recommends against using the Implicit flow entirely, and OAuth 2.0 for Browser-Based Apps describes the technique of using the authorization code flow with PKCE instead. ([source](https://oauth.net/2/grant-types/implicit/)) ::: -This flow is for more modern single page-applications, or ones you download, that are all client-side (all JS, no backend logic, etc) and have no server to make tokens. Because the secret cannot be stored on the client machine, the implicit flow is required in these architectures. With the implicit flow, the flow skips the second part of the two requests seen in the authorization flow; after the initial author request, the implicit flow receives a token, and then with cryptocracy and with PKCE, it can validate that it is the correct client, and that is safe to send a token. The RP (still called that with this implicit flow) can use cryptography to validate the token. +This flow is intended for modern single‑page applications or downloaded apps that run entirely on the client side (all JavaScript, no backend logic) and have no server that can safely store secrets or exchange tokens. Because the client secret cannot be kept secure on the user’s device, the implicit flow is required in these architectures. With the implicit flow, the application skips the second request in the authorization code flow: after the initial authorization request, the client receives a token directly. Using cryptographic checks such as PKCE, the client can verify that it is the intended recipient and that it is safe to use the token. The RP can then use cryptography to validate the token. #### Hybrid -The Hybrid Flow is an OpenID Connect flow that incorporates traits of both the Implicit flow and the Authorization Code flow. It provides an application instant access to an ID token while ensuring secure and safe retrieval of access tokens and refresh tokens. This can be useful in situations where the application needs to quickly access information about the user, while in the background doing further processing to get additional tokens before gaining access to additional resources. +The Hybrid flow is an OpenID Connect flow that incorporates traits of both the Implicit flow and the Authorization Code flow. It provides an application instant access to an ID token while ensuring secure and safe retrieval of access tokens and refresh tokens. This can be useful in situations where the application needs to quickly access information about the user, while in the background doing further processing to get additional tokens before gaining access to additional resources. ### 2. Client credentials From e8a7dc532150aa88e9a179f710181f763173730b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 2 Jun 2026 20:46:56 +0200 Subject: [PATCH 10/65] web: bump the storybook group across 1 directory with 5 updates (#22653) Bumps the storybook group with 4 updates in the /web directory: [@storybook/addon-docs](https://github.com/storybookjs/storybook/tree/HEAD/code/addons/docs), [@storybook/addon-links](https://github.com/storybookjs/storybook/tree/HEAD/code/addons/links), [@storybook/web-components](https://github.com/storybookjs/storybook/tree/HEAD/code/renderers/web-components) and [@storybook/web-components-vite](https://github.com/storybookjs/storybook/tree/HEAD/code/frameworks/web-components-vite). Updates `@storybook/addon-docs` from 10.3.6 to 10.4.0 - [Release notes](https://github.com/storybookjs/storybook/releases) - [Changelog](https://github.com/storybookjs/storybook/blob/next/CHANGELOG.md) - [Commits](https://github.com/storybookjs/storybook/commits/v10.4.0/code/addons/docs) Updates `@storybook/addon-links` from 10.3.6 to 10.4.0 - [Release notes](https://github.com/storybookjs/storybook/releases) - [Changelog](https://github.com/storybookjs/storybook/blob/next/CHANGELOG.md) - [Commits](https://github.com/storybookjs/storybook/commits/v10.4.0/code/addons/links) Updates `@storybook/web-components` from 10.3.6 to 10.4.0 - [Release notes](https://github.com/storybookjs/storybook/releases) - [Changelog](https://github.com/storybookjs/storybook/blob/next/CHANGELOG.md) - [Commits](https://github.com/storybookjs/storybook/commits/v10.4.0/code/renderers/web-components) Updates `@storybook/web-components-vite` from 10.3.6 to 10.4.0 - [Release notes](https://github.com/storybookjs/storybook/releases) - [Changelog](https://github.com/storybookjs/storybook/blob/next/CHANGELOG.md) - [Commits](https://github.com/storybookjs/storybook/commits/v10.4.0/code/frameworks/web-components-vite) Updates `storybook` from 10.3.6 to 10.4.1 - [Release notes](https://github.com/storybookjs/storybook/releases) - [Changelog](https://github.com/storybookjs/storybook/blob/next/CHANGELOG.md) - [Commits](https://github.com/storybookjs/storybook/commits/v10.4.1/code/core) --- updated-dependencies: - dependency-name: "@storybook/addon-docs" dependency-version: 10.4.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: storybook - dependency-name: "@storybook/addon-links" dependency-version: 10.4.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: storybook - dependency-name: "@storybook/web-components" dependency-version: 10.4.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: storybook - dependency-name: "@storybook/web-components-vite" dependency-version: 10.4.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: storybook - dependency-name: storybook dependency-version: 10.4.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: storybook ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- web/package-lock.json | 530 ++++++++++++++++++++++++++++++++++++++---- web/package.json | 8 +- 2 files changed, 489 insertions(+), 49 deletions(-) diff --git a/web/package-lock.json b/web/package-lock.json index 0782dafca0..befd537e5e 100644 --- a/web/package-lock.json +++ b/web/package-lock.json @@ -45,10 +45,10 @@ "@patternfly/patternfly": "^4.224.2", "@playwright/test": "^1.59.1", "@sentry/browser": "^10.53.1", - "@storybook/addon-docs": "^10.3.6", - "@storybook/addon-links": "^10.3.6", - "@storybook/web-components": "^10.3.6", - "@storybook/web-components-vite": "^10.3.6", + "@storybook/addon-docs": "^10.4.0", + "@storybook/addon-links": "^10.4.0", + "@storybook/web-components": "^10.4.0", + "@storybook/web-components-vite": "^10.4.0", "@types/codemirror": "^5.60.17", "@types/grecaptcha": "^3.0.9", "@types/guacamole-common-js": "^1.5.5", @@ -3973,15 +3973,15 @@ "license": "MIT" }, "node_modules/@storybook/addon-docs": { - "version": "10.3.6", - "resolved": "https://registry.npmjs.org/@storybook/addon-docs/-/addon-docs-10.3.6.tgz", - "integrity": "sha512-TvIdADVPtauxW0LzXIpIv7X6GxwetorhyNh+6+7MHC27XSBCWVxxRUwL63YeLlHTuXsIk0quG3b1xgwVRzWOJA==", + "version": "10.4.0", + "resolved": "https://registry.npmjs.org/@storybook/addon-docs/-/addon-docs-10.4.0.tgz", + "integrity": "sha512-HJNvYGx/c3jjVwibnmbDgCZMYPI6xGUDjJSRi5CG0G9tpeoeijPo318f5N84RyYWK8LheHUrDN3Jv2UfVv8zwQ==", "license": "MIT", "dependencies": { "@mdx-js/react": "^3.0.0", - "@storybook/csf-plugin": "10.3.6", - "@storybook/icons": "^2.0.1", - "@storybook/react-dom-shim": "10.3.6", + "@storybook/csf-plugin": "10.4.0", + "@storybook/icons": "^2.0.2", + "@storybook/react-dom-shim": "10.4.0", "react": "^16.8.0 || ^17.0.0 || ^18.0.0 || ^19.0.0", "react-dom": "^16.8.0 || ^17.0.0 || ^18.0.0 || ^19.0.0", "ts-dedent": "^2.0.0" @@ -3991,13 +3991,19 @@ "url": "https://opencollective.com/storybook" }, "peerDependencies": { - "storybook": "^10.3.6" + "@types/react": "^16.8.0 || ^17.0.0 || ^18.0.0 || ^19.0.0", + "storybook": "^10.4.0" + }, + "peerDependenciesMeta": { + "@types/react": { + "optional": true + } } }, "node_modules/@storybook/addon-links": { - "version": "10.3.6", - "resolved": "https://registry.npmjs.org/@storybook/addon-links/-/addon-links-10.3.6.tgz", - "integrity": "sha512-tv9Xd68qRGBAvEubaxNo3FuFq4GwuMiBriD+gLGuFK0+/u3cnkuA264aoR1v6YCH3sT3er3+MBimuyKM3jLDxg==", + "version": "10.4.0", + "resolved": "https://registry.npmjs.org/@storybook/addon-links/-/addon-links-10.4.0.tgz", + "integrity": "sha512-+NE1NGDoZD7U5XBEuIJvmh/fxjaVxfTxAYMWHcpwb6Qqx9Ew7gYVou5pKpiweW1wjbh+xScIVg0nPw+WyBCsyg==", "license": "MIT", "dependencies": { "@storybook/global": "^5.0.0" @@ -4007,22 +4013,26 @@ "url": "https://opencollective.com/storybook" }, "peerDependencies": { + "@types/react": "^16.8.0 || ^17.0.0 || ^18.0.0 || ^19.0.0", "react": "^16.8.0 || ^17.0.0 || ^18.0.0 || ^19.0.0", - "storybook": "^10.3.6" + "storybook": "^10.4.0" }, "peerDependenciesMeta": { + "@types/react": { + "optional": true + }, "react": { "optional": true } } }, "node_modules/@storybook/builder-vite": { - "version": "10.3.6", - "resolved": "https://registry.npmjs.org/@storybook/builder-vite/-/builder-vite-10.3.6.tgz", - "integrity": "sha512-gpvR/sE4BcrFtmQZ+Ker7zD23oQzoVeqD9nF6cK6yzY+Q0svJXyX2EPmFG4y+EwygD5/vNzDpP84gGMut8VRwg==", + "version": "10.4.0", + "resolved": "https://registry.npmjs.org/@storybook/builder-vite/-/builder-vite-10.4.0.tgz", + "integrity": "sha512-RCq8uzvTc0vhK2aN0y2Z48DJ9Q7oKXh8A5pdU3YAmkgMcX/+Vi3Ju1nmueLrGIO+tKwYGpYS/ccUtscNt92rCw==", "license": "MIT", "dependencies": { - "@storybook/csf-plugin": "10.3.6", + "@storybook/csf-plugin": "10.4.0", "ts-dedent": "^2.0.0" }, "funding": { @@ -4030,14 +4040,14 @@ "url": "https://opencollective.com/storybook" }, "peerDependencies": { - "storybook": "^10.3.6", + "storybook": "^10.4.0", "vite": "^5.0.0 || ^6.0.0 || ^7.0.0 || ^8.0.0" } }, "node_modules/@storybook/csf-plugin": { - "version": "10.3.6", - "resolved": "https://registry.npmjs.org/@storybook/csf-plugin/-/csf-plugin-10.3.6.tgz", - "integrity": "sha512-9kBf7VRdRqTSIYo+rPtVn5yjYYyK8kP2QhEYx3oiXvfwy4RexmbJnhk/tXa/lNiTqukA1TqaWQ2+5MqF4fu6YQ==", + "version": "10.4.0", + "resolved": "https://registry.npmjs.org/@storybook/csf-plugin/-/csf-plugin-10.4.0.tgz", + "integrity": "sha512-iSmrhMyEi2ohCWKu49ZUUf8l+k0OIStbWI1BTWt2FvKySlnqY/aHenus7839SgNL3aUNG5P0y9zlyN6/HlwlEQ==", "license": "MIT", "dependencies": { "unplugin": "^2.3.5" @@ -4049,7 +4059,7 @@ "peerDependencies": { "esbuild": "*", "rollup": "*", - "storybook": "^10.3.6", + "storybook": "^10.4.0", "vite": "*", "webpack": "*" }, @@ -4075,9 +4085,9 @@ "license": "MIT" }, "node_modules/@storybook/icons": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/@storybook/icons/-/icons-2.0.1.tgz", - "integrity": "sha512-/smVjw88yK3CKsiuR71vNgWQ9+NuY2L+e8X7IMrFjexjm6ZR8ULrV2DRkTA61aV6ryefslzHEGDInGpnNeIocg==", + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/@storybook/icons/-/icons-2.0.2.tgz", + "integrity": "sha512-KZBCpXsshAIjczYNXR/rlxEtCUX/eAbpFNwKi8bcOomrLA4t/SyPz5RF+lVPO2oZBUE4sAkt43mfJUevQDSEEw==", "license": "MIT", "peerDependencies": { "react": "^16.8.0 || ^17.0.0 || ^18.0.0 || ^19.0.0", @@ -4085,24 +4095,34 @@ } }, "node_modules/@storybook/react-dom-shim": { - "version": "10.3.6", - "resolved": "https://registry.npmjs.org/@storybook/react-dom-shim/-/react-dom-shim-10.3.6.tgz", - "integrity": "sha512-/Tu1gPu+Fw+zOnAGmxRmOD30FX3a04LxcTAKflEtdpmtIMVR5bA3qpjy+f5YhoyDCecbXyKmL1OeIU2FIIZHqQ==", + "version": "10.4.0", + "resolved": "https://registry.npmjs.org/@storybook/react-dom-shim/-/react-dom-shim-10.4.0.tgz", + "integrity": "sha512-dcYWzdPaJEHVlyOyyz0/0v3QJXmcnK2sjw4YiFwU9IVJhoJrBlE9lMtmbO3QqIbq4qA0hElYtGkKO7tMLSKDGw==", "license": "MIT", "funding": { "type": "opencollective", "url": "https://opencollective.com/storybook" }, "peerDependencies": { + "@types/react": "^16.8.0 || ^17.0.0 || ^18.0.0 || ^19.0.0", + "@types/react-dom": "^16.8.0 || ^17.0.0 || ^18.0.0 || ^19.0.0", "react": "^16.8.0 || ^17.0.0 || ^18.0.0 || ^19.0.0", "react-dom": "^16.8.0 || ^17.0.0 || ^18.0.0 || ^19.0.0", - "storybook": "^10.3.6" + "storybook": "^10.4.0" + }, + "peerDependenciesMeta": { + "@types/react": { + "optional": true + }, + "@types/react-dom": { + "optional": true + } } }, "node_modules/@storybook/web-components": { - "version": "10.3.6", - "resolved": "https://registry.npmjs.org/@storybook/web-components/-/web-components-10.3.6.tgz", - "integrity": "sha512-femDZGYBGQDckL7F6ZCl2S+dNNBjvd9lp6rQrwBdbNprjctLd6d3EB4HyNM502QxtdEo7laq8y1goDu8KwIV3A==", + "version": "10.4.0", + "resolved": "https://registry.npmjs.org/@storybook/web-components/-/web-components-10.4.0.tgz", + "integrity": "sha512-Sq3PuLO6A2Jd26Pjq9Abd7QaHgeEvN3J2T4YkQyBANacumUqe98bqxp9W8bEnVW4yYNt7Trjimu3IBYdeVZ/7w==", "license": "MIT", "dependencies": { "@storybook/global": "^5.0.0", @@ -4115,24 +4135,25 @@ }, "peerDependencies": { "lit": "^2.0.0 || ^3.0.0", - "storybook": "^10.3.6" + "storybook": "^10.4.0" } }, "node_modules/@storybook/web-components-vite": { - "version": "10.3.6", - "resolved": "https://registry.npmjs.org/@storybook/web-components-vite/-/web-components-vite-10.3.6.tgz", - "integrity": "sha512-VeDEAJuOOQV6VAqEF0pilXucS6kp+1ILJVkI+ets6Ku2D+RKeu167YrQAzh1NwzRTv0e5H0anDDNke+sWvg2dg==", + "version": "10.4.0", + "resolved": "https://registry.npmjs.org/@storybook/web-components-vite/-/web-components-vite-10.4.0.tgz", + "integrity": "sha512-dExmamVJnfBxB3tiPDJoCXLXGHuMrPQtGrlL5ROklVxYF2LbqtrRXW/CUaehXLDDND0h4usieIrcdPPTLDPiuw==", "license": "MIT", "dependencies": { - "@storybook/builder-vite": "10.3.6", - "@storybook/web-components": "10.3.6" + "@storybook/builder-vite": "10.4.0", + "@storybook/web-components": "10.4.0" }, "funding": { "type": "opencollective", "url": "https://opencollective.com/storybook" }, "peerDependencies": { - "storybook": "^10.3.6" + "storybook": "^10.4.0", + "vite": "^5.0.0 || ^6.0.0 || ^7.0.0 || ^8.0.0" } }, "node_modules/@swagger-api/apidom-ast": { @@ -17030,13 +17051,13 @@ } }, "node_modules/storybook": { - "version": "10.3.6", - "resolved": "https://registry.npmjs.org/storybook/-/storybook-10.3.6.tgz", - "integrity": "sha512-vbSz7g/1rGMC1uAULqMZjALkIuLu2QABqfhRYhyr/11kzyesi+vAmwyJLukZP1FfecxGOgMwOh6GS0YsGpHAvQ==", + "version": "10.4.1", + "resolved": "https://registry.npmjs.org/storybook/-/storybook-10.4.1.tgz", + "integrity": "sha512-V1Zd2e+gBFufqAQVZ1JR8KLqALsEZ3JYSBnWwQbKa6zCfWWanR6AFMyuOkLt2gZOgGp3h2Riuz88pGNVTQSG0A==", "license": "MIT", "dependencies": { "@storybook/global": "^5.0.0", - "@storybook/icons": "^2.0.1", + "@storybook/icons": "^2.0.2", "@testing-library/jest-dom": "^6.9.1", "@testing-library/user-event": "^14.6.1", "@vitest/expect": "3.2.4", @@ -17044,6 +17065,8 @@ "@webcontainer/env": "^1.1.1", "esbuild": "^0.18.0 || ^0.19.0 || ^0.20.0 || ^0.21.0 || ^0.22.0 || ^0.23.0 || ^0.24.0 || ^0.25.0 || ^0.26.0 || ^0.27.0", "open": "^10.2.0", + "oxc-parser": "^0.127.0", + "oxc-resolver": "^11.19.1", "recast": "^0.23.5", "semver": "^7.7.3", "use-sync-external-store": "^1.5.0", @@ -17057,10 +17080,14 @@ "url": "https://opencollective.com/storybook" }, "peerDependencies": { + "@types/react": "^16.8.0 || ^17.0.0 || ^18.0.0 || ^19.0.0", "prettier": "^2 || ^3", "vite-plus": "^0.1.15" }, "peerDependenciesMeta": { + "@types/react": { + "optional": true + }, "prettier": { "optional": true }, @@ -17069,6 +17096,27 @@ } } }, + "node_modules/storybook/node_modules/@emnapi/core": { + "version": "1.9.2", + "resolved": "https://registry.npmjs.org/@emnapi/core/-/core-1.9.2.tgz", + "integrity": "sha512-UC+ZhH3XtczQYfOlu3lNEkdW/p4dsJ1r/bP7H8+rhao3TTTMO1ATq/4DdIi23XuGoFY+Cz0JmCbdVl0hz9jZcA==", + "license": "MIT", + "optional": true, + "dependencies": { + "@emnapi/wasi-threads": "1.2.1", + "tslib": "^2.4.0" + } + }, + "node_modules/storybook/node_modules/@emnapi/runtime": { + "version": "1.9.2", + "resolved": "https://registry.npmjs.org/@emnapi/runtime/-/runtime-1.9.2.tgz", + "integrity": "sha512-3U4+MIWHImeyu1wnmVygh5WlgfYDtyf0k8AbLhMFxOipihf6nrWC4syIm/SwEeec0mNSafiiNnMJwbza/Is6Lw==", + "license": "MIT", + "optional": true, + "dependencies": { + "tslib": "^2.4.0" + } + }, "node_modules/storybook/node_modules/@esbuild/aix-ppc64": { "version": "0.27.7", "resolved": "https://registry.npmjs.org/@esbuild/aix-ppc64/-/aix-ppc64-0.27.7.tgz", @@ -17485,6 +17533,361 @@ "node": ">=18" } }, + "node_modules/storybook/node_modules/@oxc-parser/binding-android-arm-eabi": { + "version": "0.127.0", + "resolved": "https://registry.npmjs.org/@oxc-parser/binding-android-arm-eabi/-/binding-android-arm-eabi-0.127.0.tgz", + "integrity": "sha512-0LC7ye4hvqbIKxAzThzvswgHLFu2AURKzYLeSVvLdu2TBOYWQDmHnTqPLeA597BcUCxiLqLsS4CJ5uoI5WYWCQ==", + "cpu": [ + "arm" + ], + "license": "MIT", + "optional": true, + "os": [ + "android" + ], + "engines": { + "node": "^20.19.0 || >=22.12.0" + } + }, + "node_modules/storybook/node_modules/@oxc-parser/binding-android-arm64": { + "version": "0.127.0", + "resolved": "https://registry.npmjs.org/@oxc-parser/binding-android-arm64/-/binding-android-arm64-0.127.0.tgz", + "integrity": "sha512-b5jtVTH6AU5CJXHNdj7Jj9IEiR9yVjjnwHzPJhGyHGPdcsZSzBCkS9GBbV33niRMvKthDwQRFRJfI4a+k4PvYg==", + "cpu": [ + "arm64" + ], + "license": "MIT", + "optional": true, + "os": [ + "android" + ], + "engines": { + "node": "^20.19.0 || >=22.12.0" + } + }, + "node_modules/storybook/node_modules/@oxc-parser/binding-darwin-arm64": { + "version": "0.127.0", + "resolved": "https://registry.npmjs.org/@oxc-parser/binding-darwin-arm64/-/binding-darwin-arm64-0.127.0.tgz", + "integrity": "sha512-obCE8B7ISKkJidjlhv9xRGJPOSDG2Yu6PRga9Ruaz35uintHxbp1Ki/Yc71wx4rj3Edrm0a1kzG1TAwit0wFpg==", + "cpu": [ + "arm64" + ], + "license": "MIT", + "optional": true, + "os": [ + "darwin" + ], + "engines": { + "node": "^20.19.0 || >=22.12.0" + } + }, + "node_modules/storybook/node_modules/@oxc-parser/binding-darwin-x64": { + "version": "0.127.0", + "resolved": "https://registry.npmjs.org/@oxc-parser/binding-darwin-x64/-/binding-darwin-x64-0.127.0.tgz", + "integrity": "sha512-JL6Xb5IwPQT8rUzlpsX7E+AgfcdNklXNPFp8pjCQQ5MQOQo5rtEB2ui+3Hgg9Sn7Y9Egj6YOLLiHhLpdAe12Aw==", + "cpu": [ + "x64" + ], + "license": "MIT", + "optional": true, + "os": [ + "darwin" + ], + "engines": { + "node": "^20.19.0 || >=22.12.0" + } + }, + "node_modules/storybook/node_modules/@oxc-parser/binding-freebsd-x64": { + "version": "0.127.0", + "resolved": "https://registry.npmjs.org/@oxc-parser/binding-freebsd-x64/-/binding-freebsd-x64-0.127.0.tgz", + "integrity": "sha512-SDQ/3MQFw58fqQz3Z1PhSKFF3JoCF4gmlNjziDm8X02tTahCw0qJbd7FGPDKw1i4VTBZene9JPyC3mHtSvi+wA==", + "cpu": [ + "x64" + ], + "license": "MIT", + "optional": true, + "os": [ + "freebsd" + ], + "engines": { + "node": "^20.19.0 || >=22.12.0" + } + }, + "node_modules/storybook/node_modules/@oxc-parser/binding-linux-arm-gnueabihf": { + "version": "0.127.0", + "resolved": "https://registry.npmjs.org/@oxc-parser/binding-linux-arm-gnueabihf/-/binding-linux-arm-gnueabihf-0.127.0.tgz", + "integrity": "sha512-Av+D1MIqzV0YMGPT9we2SIZaMKD7Cxs4CvXSx/yxaWHewZjYEjScpOf5igc8IILASViw4WTnjlwUdI1KzVtDHQ==", + "cpu": [ + "arm" + ], + "license": "MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": "^20.19.0 || >=22.12.0" + } + }, + "node_modules/storybook/node_modules/@oxc-parser/binding-linux-arm-musleabihf": { + "version": "0.127.0", + "resolved": "https://registry.npmjs.org/@oxc-parser/binding-linux-arm-musleabihf/-/binding-linux-arm-musleabihf-0.127.0.tgz", + "integrity": "sha512-Cs2fdJ8cPpFdeebj6p4dag8A4+56hPvZ0AhQQzlaLswGz1tz7bXt1nETLeorrM9+AMcWFFkqxcXwDGfTVidY8g==", + "cpu": [ + "arm" + ], + "license": "MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": "^20.19.0 || >=22.12.0" + } + }, + "node_modules/storybook/node_modules/@oxc-parser/binding-linux-arm64-gnu": { + "version": "0.127.0", + "resolved": "https://registry.npmjs.org/@oxc-parser/binding-linux-arm64-gnu/-/binding-linux-arm64-gnu-0.127.0.tgz", + "integrity": "sha512-qdOfTcT6SY8gsJrrV92uyEUyjqMGPpIB5JZUG6QN5dukYd+7/j0kX6MwK1DgQj39jtUYixxPiaRUiEN1+0CXgQ==", + "cpu": [ + "arm64" + ], + "libc": [ + "glibc" + ], + "license": "MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": "^20.19.0 || >=22.12.0" + } + }, + "node_modules/storybook/node_modules/@oxc-parser/binding-linux-arm64-musl": { + "version": "0.127.0", + "resolved": "https://registry.npmjs.org/@oxc-parser/binding-linux-arm64-musl/-/binding-linux-arm64-musl-0.127.0.tgz", + "integrity": "sha512-EoTCZneNFU/P2qrpEM+RHmQwt+CvDkyGESG6qhr7KaegXLZwePfbrkCDfAk8/rhxbDUVGsZILX+2tqPzFtoFWA==", + "cpu": [ + "arm64" + ], + "libc": [ + "musl" + ], + "license": "MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": "^20.19.0 || >=22.12.0" + } + }, + "node_modules/storybook/node_modules/@oxc-parser/binding-linux-ppc64-gnu": { + "version": "0.127.0", + "resolved": "https://registry.npmjs.org/@oxc-parser/binding-linux-ppc64-gnu/-/binding-linux-ppc64-gnu-0.127.0.tgz", + "integrity": "sha512-zALjmZYgxFLHjXeudcDF0xFGNydTAtkAeXAr2EuC17ywCyFxcmQra4w0BMde0Yi/re4Bi4iwEoEXtYN7l6eBLQ==", + "cpu": [ + "ppc64" + ], + "libc": [ + "glibc" + ], + "license": "MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": "^20.19.0 || >=22.12.0" + } + }, + "node_modules/storybook/node_modules/@oxc-parser/binding-linux-riscv64-gnu": { + "version": "0.127.0", + "resolved": "https://registry.npmjs.org/@oxc-parser/binding-linux-riscv64-gnu/-/binding-linux-riscv64-gnu-0.127.0.tgz", + "integrity": "sha512-fPP8M6zQLS7Jz7o9d5ArUSuAuSK3e+WCYVrCpdzeCOejidtZExJ9tjhDrAd3HEPqARBCPmdpqxESPFqy44vkBQ==", + "cpu": [ + "riscv64" + ], + "libc": [ + "glibc" + ], + "license": "MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": "^20.19.0 || >=22.12.0" + } + }, + "node_modules/storybook/node_modules/@oxc-parser/binding-linux-riscv64-musl": { + "version": "0.127.0", + "resolved": "https://registry.npmjs.org/@oxc-parser/binding-linux-riscv64-musl/-/binding-linux-riscv64-musl-0.127.0.tgz", + "integrity": "sha512-7IcC4Ao02oGpfnjt+X/oF4U2mllo2qoSkw5xxiXNKL9MCTsTiAC6616beOuehdxGcnz1bRoPC1RQ2f1GQDdN+g==", + "cpu": [ + "riscv64" + ], + "libc": [ + "musl" + ], + "license": "MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": "^20.19.0 || >=22.12.0" + } + }, + "node_modules/storybook/node_modules/@oxc-parser/binding-linux-s390x-gnu": { + "version": "0.127.0", + "resolved": "https://registry.npmjs.org/@oxc-parser/binding-linux-s390x-gnu/-/binding-linux-s390x-gnu-0.127.0.tgz", + "integrity": "sha512-pbXIhiNFHoqWeqDNLiJ9JkpHz1IM9k4DXa66x+1GTWMG7iLxtkXgE53iiuKSXwmk3zIYmaPVfBvgcAhS583K4Q==", + "cpu": [ + "s390x" + ], + "libc": [ + "glibc" + ], + "license": "MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": "^20.19.0 || >=22.12.0" + } + }, + "node_modules/storybook/node_modules/@oxc-parser/binding-linux-x64-gnu": { + "version": "0.127.0", + "resolved": "https://registry.npmjs.org/@oxc-parser/binding-linux-x64-gnu/-/binding-linux-x64-gnu-0.127.0.tgz", + "integrity": "sha512-MYCguB9RvBvlSd6gbuNI7QwiLoCCAlGnlRJFPrzLI6U1/9wkC/WK6LtBAUln55H1Ctqw45PWmqrobKoMhsYQzQ==", + "cpu": [ + "x64" + ], + "libc": [ + "glibc" + ], + "license": "MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": "^20.19.0 || >=22.12.0" + } + }, + "node_modules/storybook/node_modules/@oxc-parser/binding-linux-x64-musl": { + "version": "0.127.0", + "resolved": "https://registry.npmjs.org/@oxc-parser/binding-linux-x64-musl/-/binding-linux-x64-musl-0.127.0.tgz", + "integrity": "sha512-5eY0B/bxf1xIUxb4NOTvOI3KWtBQfPWYyKAzgcrCt0mDibSZygVpO1Pz8bkeiSZ5Jj9+M09dkggG3H8I5d0Uyg==", + "cpu": [ + "x64" + ], + "libc": [ + "musl" + ], + "license": "MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": "^20.19.0 || >=22.12.0" + } + }, + "node_modules/storybook/node_modules/@oxc-parser/binding-openharmony-arm64": { + "version": "0.127.0", + "resolved": "https://registry.npmjs.org/@oxc-parser/binding-openharmony-arm64/-/binding-openharmony-arm64-0.127.0.tgz", + "integrity": "sha512-Gld0ajrFTUXNtdw20fVBuTQx66FA75nIVg+//pPfR3sXkuABB4mTBhl3r9JNzrJpgW//qiwxf0nWXUWGJSL3UQ==", + "cpu": [ + "arm64" + ], + "license": "MIT", + "optional": true, + "os": [ + "openharmony" + ], + "engines": { + "node": "^20.19.0 || >=22.12.0" + } + }, + "node_modules/storybook/node_modules/@oxc-parser/binding-wasm32-wasi": { + "version": "0.127.0", + "resolved": "https://registry.npmjs.org/@oxc-parser/binding-wasm32-wasi/-/binding-wasm32-wasi-0.127.0.tgz", + "integrity": "sha512-T6KVD7rhLzFlwGRXMnxUFfkCZD8FHnb968wVXW1mXzgRFc5RNXOBY2mPPDZ77x5Ln76ltLMgtPg0cOkU1NSrEQ==", + "cpu": [ + "wasm32" + ], + "license": "MIT", + "optional": true, + "dependencies": { + "@emnapi/core": "1.9.2", + "@emnapi/runtime": "1.9.2", + "@napi-rs/wasm-runtime": "^1.1.4" + }, + "engines": { + "node": "^20.19.0 || >=22.12.0" + } + }, + "node_modules/storybook/node_modules/@oxc-parser/binding-win32-arm64-msvc": { + "version": "0.127.0", + "resolved": "https://registry.npmjs.org/@oxc-parser/binding-win32-arm64-msvc/-/binding-win32-arm64-msvc-0.127.0.tgz", + "integrity": "sha512-Ujvw4X+LD1CCGULcsQcvb4YNVoBGqt+JHgNNzGGaCImELiZLk477ifUH53gIbE7EKd933NdTi25JWEr9K2HwXw==", + "cpu": [ + "arm64" + ], + "license": "MIT", + "optional": true, + "os": [ + "win32" + ], + "engines": { + "node": "^20.19.0 || >=22.12.0" + } + }, + "node_modules/storybook/node_modules/@oxc-parser/binding-win32-ia32-msvc": { + "version": "0.127.0", + "resolved": "https://registry.npmjs.org/@oxc-parser/binding-win32-ia32-msvc/-/binding-win32-ia32-msvc-0.127.0.tgz", + "integrity": "sha512-0cwxKO7KHQQQfo4Uf4B2SQrhgm+cJaP9OvFFhx52Tkg4bezsacu83GB2/In5bC415Ueeym+kXdnge/57rbSfTw==", + "cpu": [ + "ia32" + ], + "license": "MIT", + "optional": true, + "os": [ + "win32" + ], + "engines": { + "node": "^20.19.0 || >=22.12.0" + } + }, + "node_modules/storybook/node_modules/@oxc-parser/binding-win32-x64-msvc": { + "version": "0.127.0", + "resolved": "https://registry.npmjs.org/@oxc-parser/binding-win32-x64-msvc/-/binding-win32-x64-msvc-0.127.0.tgz", + "integrity": "sha512-rOrnSQSCbhI2kowr9XxE7m9a8oQXnBHjnS6j95LxxAnEZ0+Fz20WlRXG4ondQb+ejjt2KOsa65sE6++L6kUd+w==", + "cpu": [ + "x64" + ], + "license": "MIT", + "optional": true, + "os": [ + "win32" + ], + "engines": { + "node": "^20.19.0 || >=22.12.0" + } + }, + "node_modules/storybook/node_modules/@oxc-project/types": { + "version": "0.127.0", + "resolved": "https://registry.npmjs.org/@oxc-project/types/-/types-0.127.0.tgz", + "integrity": "sha512-aIYXQBo4lCbO4z0R3FHeucQHpF46l2LbMdxRvqvuRuW2OxdnSkcng5B8+K12spgLDj93rtN3+J2Vac/TIO+ciQ==", + "license": "MIT", + "funding": { + "url": "https://github.com/sponsors/Boshen" + } + }, "node_modules/storybook/node_modules/@vitest/spy": { "version": "3.2.4", "resolved": "https://registry.npmjs.org/@vitest/spy/-/spy-3.2.4.tgz", @@ -17538,6 +17941,43 @@ "@esbuild/win32-x64": "0.27.7" } }, + "node_modules/storybook/node_modules/oxc-parser": { + "version": "0.127.0", + "resolved": "https://registry.npmjs.org/oxc-parser/-/oxc-parser-0.127.0.tgz", + "integrity": "sha512-bkgD4qHlN7WxLdX8bLXdaU54TtQtAIg/ZBAfm0aje/mo3MRDo3P0hZSgr4U7O3xfX+fQmR5AP04JS/TGcZLcFA==", + "license": "MIT", + "dependencies": { + "@oxc-project/types": "^0.127.0" + }, + "engines": { + "node": "^20.19.0 || >=22.12.0" + }, + "funding": { + "url": "https://github.com/sponsors/Boshen" + }, + "optionalDependencies": { + "@oxc-parser/binding-android-arm-eabi": "0.127.0", + "@oxc-parser/binding-android-arm64": "0.127.0", + "@oxc-parser/binding-darwin-arm64": "0.127.0", + "@oxc-parser/binding-darwin-x64": "0.127.0", + "@oxc-parser/binding-freebsd-x64": "0.127.0", + "@oxc-parser/binding-linux-arm-gnueabihf": "0.127.0", + "@oxc-parser/binding-linux-arm-musleabihf": "0.127.0", + "@oxc-parser/binding-linux-arm64-gnu": "0.127.0", + "@oxc-parser/binding-linux-arm64-musl": "0.127.0", + "@oxc-parser/binding-linux-ppc64-gnu": "0.127.0", + "@oxc-parser/binding-linux-riscv64-gnu": "0.127.0", + "@oxc-parser/binding-linux-riscv64-musl": "0.127.0", + "@oxc-parser/binding-linux-s390x-gnu": "0.127.0", + "@oxc-parser/binding-linux-x64-gnu": "0.127.0", + "@oxc-parser/binding-linux-x64-musl": "0.127.0", + "@oxc-parser/binding-openharmony-arm64": "0.127.0", + "@oxc-parser/binding-wasm32-wasi": "0.127.0", + "@oxc-parser/binding-win32-arm64-msvc": "0.127.0", + "@oxc-parser/binding-win32-ia32-msvc": "0.127.0", + "@oxc-parser/binding-win32-x64-msvc": "0.127.0" + } + }, "node_modules/storybook/node_modules/semver": { "version": "7.7.4", "resolved": "https://registry.npmjs.org/semver/-/semver-7.7.4.tgz", diff --git a/web/package.json b/web/package.json index fec40adf7d..8b0846dba2 100644 --- a/web/package.json +++ b/web/package.json @@ -120,10 +120,10 @@ "@patternfly/patternfly": "^4.224.2", "@playwright/test": "^1.59.1", "@sentry/browser": "^10.53.1", - "@storybook/addon-docs": "^10.3.6", - "@storybook/addon-links": "^10.3.6", - "@storybook/web-components": "^10.3.6", - "@storybook/web-components-vite": "^10.3.6", + "@storybook/addon-docs": "^10.4.0", + "@storybook/addon-links": "^10.4.0", + "@storybook/web-components": "^10.4.0", + "@storybook/web-components-vite": "^10.4.0", "@types/codemirror": "^5.60.17", "@types/grecaptcha": "^3.0.9", "@types/guacamole-common-js": "^1.5.5", From 5770f186b238e1323299b256888985762cbd4141 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 2 Jun 2026 20:47:07 +0200 Subject: [PATCH 11/65] web: bump @playwright/test from 1.59.1 to 1.60.0 in /web (#22476) Bumps [@playwright/test](https://github.com/microsoft/playwright) from 1.59.1 to 1.60.0. - [Release notes](https://github.com/microsoft/playwright/releases) - [Commits](https://github.com/microsoft/playwright/compare/v1.59.1...v1.60.0) --- updated-dependencies: - dependency-name: "@playwright/test" dependency-version: 1.60.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- web/package-lock.json | 40 +++++----------------------------------- web/package.json | 2 +- 2 files changed, 6 insertions(+), 36 deletions(-) diff --git a/web/package-lock.json b/web/package-lock.json index befd537e5e..efb133241a 100644 --- a/web/package-lock.json +++ b/web/package-lock.json @@ -43,7 +43,7 @@ "@openlayers-elements/maps": "^0.4.0", "@patternfly/elements": "^4.4.0", "@patternfly/patternfly": "^4.224.2", - "@playwright/test": "^1.59.1", + "@playwright/test": "^1.60.0", "@sentry/browser": "^10.53.1", "@storybook/addon-docs": "^10.4.0", "@storybook/addon-links": "^10.4.0", @@ -3119,12 +3119,12 @@ "license": "MIT" }, "node_modules/@playwright/test": { - "version": "1.59.1", - "resolved": "https://registry.npmjs.org/@playwright/test/-/test-1.59.1.tgz", - "integrity": "sha512-PG6q63nQg5c9rIi4/Z5lR5IVF7yU5MqmKaPOe0HSc0O2cX1fPi96sUQu5j7eo4gKCkB2AnNGoWt7y4/Xx3Kcqg==", + "version": "1.60.0", + "resolved": "https://registry.npmjs.org/@playwright/test/-/test-1.60.0.tgz", + "integrity": "sha512-O71yZIbAh/PxDMNGns37GHBIfrVkEVyn+AXyIa5dOTfb4/xNvRWV+Vv/NMbNCtODB/pO7vLlF2OTmMVLhmr7Ag==", "license": "Apache-2.0", "dependencies": { - "playwright": "1.59.1" + "playwright": "1.60.0" }, "bin": { "playwright": "cli.js" @@ -3133,36 +3133,6 @@ "node": ">=18" } }, - "node_modules/@playwright/test/node_modules/playwright": { - "version": "1.59.1", - "resolved": "https://registry.npmjs.org/playwright/-/playwright-1.59.1.tgz", - "integrity": "sha512-C8oWjPR3F81yljW9o5OxcWzfh6avkVwDD2VYdwIGqTkl+OGFISgypqzfu7dOe4QNLL2aqcWBmI3PMtLIK233lw==", - "license": "Apache-2.0", - "dependencies": { - "playwright-core": "1.59.1" - }, - "bin": { - "playwright": "cli.js" - }, - "engines": { - "node": ">=18" - }, - "optionalDependencies": { - "fsevents": "2.3.2" - } - }, - "node_modules/@playwright/test/node_modules/playwright-core": { - "version": "1.59.1", - "resolved": "https://registry.npmjs.org/playwright-core/-/playwright-core-1.59.1.tgz", - "integrity": "sha512-HBV/RJg81z5BiiZ9yPzIiClYV/QMsDCKUyogwH9p3MCP6IYjUFu/MActgYAvK0oWyV9NlwM3GLBjADyWgydVyg==", - "license": "Apache-2.0", - "bin": { - "playwright-core": "cli.js" - }, - "engines": { - "node": ">=18" - } - }, "node_modules/@polka/url": { "version": "1.0.0-next.29", "resolved": "https://registry.npmjs.org/@polka/url/-/url-1.0.0-next.29.tgz", diff --git a/web/package.json b/web/package.json index 8b0846dba2..c43c69a631 100644 --- a/web/package.json +++ b/web/package.json @@ -118,7 +118,7 @@ "@openlayers-elements/maps": "^0.4.0", "@patternfly/elements": "^4.4.0", "@patternfly/patternfly": "^4.224.2", - "@playwright/test": "^1.59.1", + "@playwright/test": "^1.60.0", "@sentry/browser": "^10.53.1", "@storybook/addon-docs": "^10.4.0", "@storybook/addon-links": "^10.4.0", From 4a267b3ead93a25beb6108c152da1e4091c3ab58 Mon Sep 17 00:00:00 2001 From: "Jens L." Date: Tue, 2 Jun 2026 20:50:08 +0200 Subject: [PATCH 12/65] ci: replace deprecated app-id with client-id for actions/create-github-app-token (#22799) --- .github/workflows/gen-image-compress.yml | 2 +- .github/workflows/gen-update-webauthn-mds.yml | 2 +- .github/workflows/gh-cherry-pick.yml | 2 +- .github/workflows/release-branch-off.yml | 4 ++-- .github/workflows/release-tag.yml | 6 +++--- .github/workflows/repo-stale.yml | 2 +- .github/workflows/translation-extract-compile.yml | 2 +- 7 files changed, 10 insertions(+), 10 deletions(-) diff --git a/.github/workflows/gen-image-compress.yml b/.github/workflows/gen-image-compress.yml index ca7a549767..1edaeb7705 100644 --- a/.github/workflows/gen-image-compress.yml +++ b/.github/workflows/gen-image-compress.yml @@ -31,7 +31,7 @@ jobs: - id: generate_token uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v2 with: - app-id: ${{ secrets.GH_APP_ID }} + client-id: ${{ secrets.GH_APP_ID }} private-key: ${{ secrets.GH_APP_PRIV_KEY }} - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v5 with: diff --git a/.github/workflows/gen-update-webauthn-mds.yml b/.github/workflows/gen-update-webauthn-mds.yml index a0574eff6c..dac6e9e3ab 100644 --- a/.github/workflows/gen-update-webauthn-mds.yml +++ b/.github/workflows/gen-update-webauthn-mds.yml @@ -18,7 +18,7 @@ jobs: - id: generate_token uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v2 with: - app-id: ${{ secrets.GH_APP_ID }} + client-id: ${{ secrets.GH_APP_ID }} private-key: ${{ secrets.GH_APP_PRIV_KEY }} - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v5 with: diff --git a/.github/workflows/gh-cherry-pick.yml b/.github/workflows/gh-cherry-pick.yml index e71165e50d..bc068081b7 100644 --- a/.github/workflows/gh-cherry-pick.yml +++ b/.github/workflows/gh-cherry-pick.yml @@ -13,7 +13,7 @@ jobs: uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v2 if: ${{ env.GH_APP_ID != '' }} with: - app-id: ${{ secrets.GH_APP_ID }} + client-id: ${{ secrets.GH_APP_ID }} private-key: ${{ secrets.GH_APP_PRIV_KEY }} env: GH_APP_ID: ${{ secrets.GH_APP_ID }} diff --git a/.github/workflows/release-branch-off.yml b/.github/workflows/release-branch-off.yml index 822b4944d9..4063d41460 100644 --- a/.github/workflows/release-branch-off.yml +++ b/.github/workflows/release-branch-off.yml @@ -31,7 +31,7 @@ jobs: name: Generate app token uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v2 with: - app-id: ${{ secrets.GH_APP_ID }} + client-id: ${{ secrets.GH_APP_ID }} private-key: ${{ secrets.GH_APP_PRIV_KEY }} - name: Checkout main uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v5 @@ -59,7 +59,7 @@ jobs: - id: generate_token uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v2 with: - app-id: ${{ secrets.GH_APP_ID }} + client-id: ${{ secrets.GH_APP_ID }} private-key: ${{ secrets.GH_APP_PRIV_KEY }} - name: Checkout main uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v5 diff --git a/.github/workflows/release-tag.yml b/.github/workflows/release-tag.yml index 032a6685fb..ef1e583bdc 100644 --- a/.github/workflows/release-tag.yml +++ b/.github/workflows/release-tag.yml @@ -69,7 +69,7 @@ jobs: name: Generate app token uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v2 with: - app-id: ${{ secrets.GH_APP_ID }} + client-id: ${{ secrets.GH_APP_ID }} private-key: ${{ secrets.GH_APP_PRIV_KEY }} - id: get-user-id name: Get GitHub app user ID @@ -121,7 +121,7 @@ jobs: name: Generate app token uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v2 with: - app-id: ${{ secrets.GH_APP_ID }} + client-id: ${{ secrets.GH_APP_ID }} private-key: ${{ secrets.GH_APP_PRIV_KEY }} repositories: helm - id: get-user-id @@ -163,7 +163,7 @@ jobs: name: Generate app token uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v2 with: - app-id: ${{ secrets.GH_APP_ID }} + client-id: ${{ secrets.GH_APP_ID }} private-key: ${{ secrets.GH_APP_PRIV_KEY }} repositories: version - id: get-user-id diff --git a/.github/workflows/repo-stale.yml b/.github/workflows/repo-stale.yml index 062c123199..68fd675ed8 100644 --- a/.github/workflows/repo-stale.yml +++ b/.github/workflows/repo-stale.yml @@ -17,7 +17,7 @@ jobs: - id: generate_token uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v2 with: - app-id: ${{ secrets.GH_APP_ID }} + client-id: ${{ secrets.GH_APP_ID }} private-key: ${{ secrets.GH_APP_PRIV_KEY }} - uses: actions/stale@eb5cf3af3ac0a1aa4c9c45633dd1ae542a27a899 # v10 with: diff --git a/.github/workflows/translation-extract-compile.yml b/.github/workflows/translation-extract-compile.yml index df90b86218..4791ff674e 100644 --- a/.github/workflows/translation-extract-compile.yml +++ b/.github/workflows/translation-extract-compile.yml @@ -23,7 +23,7 @@ jobs: if: ${{ github.event_name != 'pull_request' }} uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v2 with: - app-id: ${{ secrets.GH_APP_ID }} + client-id: ${{ secrets.GH_APP_ID }} private-key: ${{ secrets.GH_APP_PRIV_KEY }} - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v5 if: ${{ github.event_name != 'pull_request' }} From 3cbf5dac9597464569c5910296c40a6874d9ed47 Mon Sep 17 00:00:00 2001 From: "transifex-integration[bot]" <43880903+transifex-integration[bot]@users.noreply.github.com> Date: Wed, 3 Jun 2026 09:39:22 +0000 Subject: [PATCH 13/65] translate: Updates for project authentik and language fr_FR (#22687) --- locale/fr_FR/LC_MESSAGES/django.po | 33 +++++++++++++++++++++++------- 1 file changed, 26 insertions(+), 7 deletions(-) diff --git a/locale/fr_FR/LC_MESSAGES/django.po b/locale/fr_FR/LC_MESSAGES/django.po index 206cb85cb6..feb36304fe 100644 --- a/locale/fr_FR/LC_MESSAGES/django.po +++ b/locale/fr_FR/LC_MESSAGES/django.po @@ -15,7 +15,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2026-05-06 00:27+0000\n" +"POT-Creation-Date: 2026-05-22 00:36+0000\n" "PO-Revision-Date: 2025-12-01 19:09+0000\n" "Last-Translator: Sp P, 2026\n" "Language-Team: French (France) (https://app.transifex.com/authentik/teams/119923/fr_FR/)\n" @@ -118,11 +118,11 @@ msgstr "Le fichier de plan n'existe pas" #: authentik/blueprints/api.py msgid "Context must be valid JSON" -msgstr "" +msgstr "Le contexte doit être un JSON valide" #: authentik/blueprints/api.py msgid "Context must be a JSON object" -msgstr "" +msgstr "Le contexte doit être un objet JSON" #: authentik/blueprints/api.py msgid "Failed to validate blueprint" @@ -261,6 +261,11 @@ msgstr "" "Le slug '{slug}' est réservé et ne peut pas être utilisé pour les " "applications." +#: authentik/core/api/groups.py +msgid "User does not have permission to add members to this group." +msgstr "" +"L'utilisateur n'a pas la permission d'ajouter des membres à ce groupe." + #: authentik/core/api/providers.py msgid "" "When not set all providers are returned. When set to true, only backchannel " @@ -303,6 +308,16 @@ msgid "Setting a user to internal service account is not allowed." msgstr "" "Définir un utilisateur comme compte de service interne n'est pas autorisé." +#: authentik/core/api/users.py +msgid "User does not have permission to add members to a superuser group." +msgstr "" +"L'utilisateur n'a pas la permission d'ajouter des membres à un groupe de " +"super-utilisateurs." + +#: authentik/core/api/users.py +msgid "User does not have permission to assign roles." +msgstr "L'utilisateur n'a pas la permission d'assigner des rôles." + #: authentik/core/api/users.py msgid "Can't modify internal service account users" msgstr "Impossible de modifier les utilisateurs du compte de service interne" @@ -1549,11 +1564,11 @@ msgstr "" #: authentik/events/models.py msgid "" -"When set, the selected ceritifcate is used to validate the certificate of " +"When set, the selected certificate is used to validate the certificate of " "the webhook server." msgstr "" "Quand défini, le certificat sélectionné est utilisé pour valider le " -"certificat du serveur de Webhook." +"certificat du serveur de Webhook" #: authentik/events/models.py msgid "" @@ -3123,8 +3138,12 @@ msgid "SAML Sessions" msgstr "Sessions SAML" #: authentik/providers/scim/models.py -msgid "OAuth" -msgstr "OAuth" +msgid "OAuth (Silent)" +msgstr "OAuth (silencieux)" + +#: authentik/providers/scim/models.py +msgid "OAuth (interactive)" +msgstr "OAuth (en interactif)" #: authentik/providers/scim/models.py msgid "Default" From 5681abafa40ed7edc341d3cd8d3413d4b246d51a Mon Sep 17 00:00:00 2001 From: Vlad Kamerdinerov <61966975+v-kamerdinerov@users.noreply.github.com> Date: Wed, 3 Jun 2026 16:22:13 +0500 Subject: [PATCH 14/65] sources/oauth: Fallback to `id` field when `sub` is missing in OIDC callback (#22672) fix/oidc-callback-fallback-id-to-sub Signed-off-by: Vlad Kamerdinerov <61966975+v-kamerdinerov@users.noreply.github.com> Co-authored-by: Jens Langhammer --- authentik/sources/oauth/types/oidc.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/authentik/sources/oauth/types/oidc.py b/authentik/sources/oauth/types/oidc.py index b6794fae87..97cfb43d49 100644 --- a/authentik/sources/oauth/types/oidc.py +++ b/authentik/sources/oauth/types/oidc.py @@ -67,7 +67,7 @@ class OpenIDConnectOAuth2Callback(OAuthCallback): client_class = OpenIDConnectClient def get_user_id(self, info: dict[str, str]) -> str: - return info.get("sub", None) + return str(info.get("sub") or info.get("id")) @registry.register() From e6acfa0d1dae13552d16b74a7ec588d36a013dab Mon Sep 17 00:00:00 2001 From: Connor Peshek Date: Wed, 3 Jun 2026 06:30:58 -0500 Subject: [PATCH 15/65] root: gitignore release generation artifacts (#22549) --- .gitignore | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.gitignore b/.gitignore index c5fd77ff39..e5dba4c8a8 100644 --- a/.gitignore +++ b/.gitignore @@ -20,6 +20,10 @@ corepack.tgz .cspellcache cspell-report.* +# Release generation artifacts +/changelog.md +/diff.md + # If your build process includes running collectstatic, then you probably don't need or want to include staticfiles/ # in your Git repository. Update and uncomment the following line accordingly. # /staticfiles/ From d639c0372eed15f5357ca1862b8dc2a3f9325f2b Mon Sep 17 00:00:00 2001 From: Connor Peshek Date: Wed, 3 Jun 2026 07:04:11 -0500 Subject: [PATCH 16/65] root: update gen-changelog to filter unnecessary commits (#22550) * root: update gen-changelog to filter unnecessary commits * remove filtering bump commits --------- Co-authored-by: Jens L. --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index a32d889a82..b524eb84b2 100644 --- a/Makefile +++ b/Makefile @@ -186,7 +186,7 @@ gen-changelog: ## (Release) generate the changelog based from the commits since git log --pretty=format:"- %s" $(shell git merge-base ${last_version} ${current_commit})...${current_commit} > merged_to_current git log --pretty=format:"- %s" $(shell git merge-base ${last_version} ${current_commit})...${last_version} > merged_to_last grep -Eo 'cherry-pick (#\d+)' merged_to_last | cut -d ' ' -f 2 | sed 's/.*/(&)$$/' > cherry_picked_to_last - grep -vf cherry_picked_to_last merged_to_current | sort > changelog.md + grep -vf cherry_picked_to_last merged_to_current | grep -vE '^- (ci:|website)' | sort > changelog.md rm merged_to_current rm merged_to_last rm cherry_picked_to_last From 5a3b447452b51e0018dce189ed94cf6652997696 Mon Sep 17 00:00:00 2001 From: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com> Date: Wed, 3 Jun 2026 17:18:10 +0200 Subject: [PATCH 17/65] web: Flesh out frontend, E2E, agent instructions. (#22388) * Flesh out agent instructions. * Update heading, localization. * Add tooling ignores. --- web/.gitignore | 21 ++++++ web/AGENTS.md | 148 ++++++++++++++++++++++++++++++++++++ web/CLAUDE.md | 1 + web/test/AGENTS.md | 50 +++++++++++++ web/test/CLAUDE.md | 1 + web/test/browser/AGENTS.md | 150 +++++++++++++++++++++++++++++++++++++ web/test/browser/CLAUDE.md | 1 + web/test/unit/AGENTS.md | 95 +++++++++++++++++++++++ web/test/unit/CLAUDE.md | 1 + 9 files changed, 468 insertions(+) create mode 100644 web/AGENTS.md create mode 100644 web/CLAUDE.md create mode 100644 web/test/AGENTS.md create mode 100644 web/test/CLAUDE.md create mode 100644 web/test/browser/AGENTS.md create mode 100644 web/test/browser/CLAUDE.md create mode 100644 web/test/unit/AGENTS.md create mode 100644 web/test/unit/CLAUDE.md diff --git a/web/.gitignore b/web/.gitignore index c10c9b24b6..d3d5c1738f 100644 --- a/web/.gitignore +++ b/web/.gitignore @@ -123,3 +123,24 @@ storybook-static/ .wireit custom-elements.json + +### Agents ### + +AGENT.local.md +AGENTS.local.md +CLAUDE.local.md + +.agents/*.local.json +.agents/scheduled_tasks.* +.agents/worktree + +## Claude + +.claude/*.local.json +.claude/scheduled_tasks.* +.claude/worktree + +## Pi + +.pi +.deps-stamp diff --git a/web/AGENTS.md b/web/AGENTS.md new file mode 100644 index 0000000000..bbf51a2619 --- /dev/null +++ b/web/AGENTS.md @@ -0,0 +1,148 @@ +## Project Overview + +This is the **authentik WebUI** — the default web interface for the authentik identity server. It is a TypeScript monorepo using Lit web components and PatternFly 4 design system. + +There are three distinct UI applications, each with its own base URL and router: + +- **Flow** (`/if/flow/`) — Form orchestration for login, signup, password reset, etc. +- **User** (`/if/user/`) — End-user portal for applications and profile settings +- **Admin** (`/if/admin/`) — Server administration and configuration + +All three share three core context objects: + +- **Config** — Server configuration and user permissions +- **CurrentTenant/Brand** — Theme, logos, favicon, default flows +- **SessionUser** — Logged-in user with impersonation support + +## Commands + +### Development + +```bash +npm run watch # Build + watch locales and bundler (main dev workflow) +npm run storybook # Storybook dev server on port 6006 +``` + +### Build + +```bash +npm run build # Production build to dist/ +npm run build-locales # Compile i18n translations +``` + +### Testing + +```bash +npm test # Vitest: unit tests (Node) + browser tests (Chromium/Playwright) +npm run test:e2e # Playwright E2E tests against a running authentik instance +``` + +To run a single test file: + +```bash +npx vitest run path/to/file.test.ts +``` + +### Linting & Formatting + +```bash +npm run lint # ESLint with --fix +npm run lint-check # ESLint, no fixes (CI mode, max-warnings: 0) +npm run lint:types # TypeScript type checking (tsc --noEmit) +npm run prettier # Format all files +npm run format # Combined prettier + lint +npm run precommit # Full pre-commit check (format, lint, types, etc.) +``` + +## Architecture + +### Directory Structure + +``` +src/ + admin/ # Admin interface application + user/ # User portal application + flow/ # Flow execution interface + FlowExecutor + components/ # UI components that use context (depend on app state) + elements/ # Reusable UI elements without context (portable) + common/ # Non-UI shared libraries (API helpers, global state, utils) + styles/ # Global CSS (PatternFly, authentik tokens, locales) + standalone/ # Third-party apps (loading screen, API browser) + rac/ # Remote Access Components (Guacamole-based) + locales/ # Auto-generated i18n (do not edit manually) + +packages/ + core/ # Monorepo utilities (paths, environment, version) + sfe/ # Standalone Frontend Engine (Rollup-based) + +test/ + unit/ # Node.js unit tests (*.test.ts) + browser/ # Playwright browser tests (*.browser.test.ts) + lit/ # Lit test helpers (renderLit, setup.js) + +e2e/ # E2E test fixtures, selectors, auth utilities +bundler/ # Custom ESBuild/Vite plugins +scripts/ # Build scripts (esbuild config, localization) +``` + +### Key Files + +- `src/elements/Base.ts` — `AKElement`: base class for all components +- `src/elements/Interface.ts` — Base interface class with context management +- `src/common/global.ts` — Global authentik config and state +- `src/flow/FlowExecutor.ts` — Flow execution engine +- `scripts/build-web.mjs` — Main ESBuild configuration + +### Conventions + +- **Custom element prefix**: `ak-` (e.g., ``) +- **Context**: Lit Context API via `ContextControllerRegistry` +- **`components/`** depends on app context; **`elements/`** must not +- **Import aliases**: `#elements/*`, `#components/*`, `#common/*`, `#admin/*`, `#user/*`, `#flow/*`, etc. (mapped in `package.json`) + +NEVER call the authentik API in a different way than using the `@goauthentik/api` package. +In no case are you to use Fetch, Axios, or other methods. + +## Tech Stack + +| Concern | Library | +| ------------------ | ----------------------------------------- | +| UI components | Lit 3.x + Web Components | +| Design system | PatternFly 4 | +| Build | ESBuild + Vite 7 | +| Tests | Vitest 4 + Playwright | +| i18n | Lit Localize (runtime mode, 18 languages) | +| API client | `@goauthentik/api` (generated) | +| Linting | ESLint 9 + `@goauthentik/eslint-config` | +| Task orchestration | Wireit | + +## TypeScript Notes + +- `tsconfig.json` uses `"useDefineForClassFields": false` — required for Lit decorators and Storybook; do not change. +- `"moduleResolution": "bundler"` — path aliases resolved at build time via `package.json#imports`. +- Decorators are enabled with `"experimentalDecorators": true`. +- Use `unknown` instead of `any` where possible, and prefer more specific types to both. Avoid `as any` casts. +- When importing a module, prefer an import alias as defined in `package.json` (`#flow/…`, `#elements/…`, `#common/…`) over relative paths into `src/`. This ensures the import will work from any location, including tests. + +## i18n + +Translatable strings use `msg()` from `@lit/localize`. To add new strings, use `msg()` and run: + +```bash +npm run extract-locales # Extract new strings to XLIFF files +npm run pseudolocalize # Generate pseudo-locales for layout testing +``` + +Never edit files in `src/locales/` directly — they are auto-generated. + +### Message ID conventions + +Always provide an explicit `id` to `msg()`; do not rely on auto-generated hashes. IDs follow `..[.]` with kebab-case in every segment. + +- **Feature-first, not component-first.** Use `captcha.*`, `command-palette.*`, `used-by.*` — not `ak-secret-text-input.*` or other element/class names. IDs must survive component renames. +- **Kebab-case in every segment.** No camelCase (`usedBy`, `ariaLabel`, `emailInAngleBrackets`), no snake_case. `used-by.count.one`, `wizard.aria-label.default`, `user.display.email-in-angle-brackets`. +- **Trailing segment is the semantic role**, not the surface wording: `.label`, `.placeholder`, `.description`, `.tooltip`, `.aria-label`, `.alt-text`, `.error`, `.success`. This lets translators filter by role. +- **CLDR plural suffixes** for counts: `.zero`, `.one`, `.two`, `.few`, `.many`, `.other`. +- **Composable fragments** that get concatenated go under `.prefix.*` / `.suffix.*` (see `command-palette.prefix.*`). +- **Shared strings** go under a top-level namespace like `common.actions.*` or `forms.validation.*` rather than being duplicated per feature. +- **No flat kebab IDs** like `command-palette-placeholder` or `drawer-toggle-button-notifications` for new strings. Use the dotted hierarchy: `command-palette.placeholder`, `drawer.toggle-button.notifications`. Migrate legacy flat IDs opportunistically when touching surrounding code; do not do bulk renames. diff --git a/web/CLAUDE.md b/web/CLAUDE.md new file mode 100644 index 0000000000..43c994c2d3 --- /dev/null +++ b/web/CLAUDE.md @@ -0,0 +1 @@ +@AGENTS.md diff --git a/web/test/AGENTS.md b/web/test/AGENTS.md new file mode 100644 index 0000000000..7f063034cb --- /dev/null +++ b/web/test/AGENTS.md @@ -0,0 +1,50 @@ +# Test Directory Router + +This directory holds three flavors of automated tests for the authentik WebUI. Each has its own conventions doc — **read the relevant one before writing or modifying tests there.** + +| Directory | What lives here | Runner / environment | Conventions | +| ------------------ | ------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------- | --------------------------------------------- | +| `test/unit/` | Pure-Node tests for functions, classes, and modules with no DOM dependency. | Vitest, Node environment. | [`test/unit/AGENTS.md`](unit/AGENTS.md) | +| `test/browser/` | End-to-end tests that drive the admin and user UIs in Chromium against a running authentik instance. | Vitest browser provider (Playwright) + `#e2e` fixtures. | [`test/browser/AGENTS.md`](browser/AGENTS.md) | +| `test/lit/` | Shared Lit render helpers (`renderLit`, `LitViteContext`) for component-level browser tests. No tests live here directly. | — | — | +| `test/blueprints/` | YAML blueprints (e.g. `test-admin-user.yaml`) seeded into authentik for browser tests to authenticate against. | — | — | + +## Picking the right flavor + +Walk this list top-to-bottom and stop at the first match: + +1. **Pure function, no DOM, no network?** → `test/unit/`. Cheap, fast, branch-heavy coverage. See [`unit/AGENTS.md`](unit/AGENTS.md). +2. **A feature flow the user actually clicks through** (wizard, dialog, navigation, list table, login)? → `test/browser/`. Drive the real UI; do not write a unit test with a `@goauthentik/api` client to fake it. See [`browser/AGENTS.md`](browser/AGENTS.md). +3. **Regression for a specific bug?** Find the feature suite in `test/browser/` it belongs to and add another `test(...)` there. Do **not** create a new file scoped to the bug. If the bug is in a pure function, add an `it(...)` to the matching `test/unit/` file instead. +4. **Lit component behavior in isolation** (a component's lifecycle, slots, events, reactive updates, with no whole-app context)? Colocate as `Component.browser.test.ts` next to the source — the Vitest config picks up `**/*.browser.test.ts`, and `test/lit/setup.js` exposes `page.renderLit(...)` for mounting. No consumers exist yet, so check with the team before adding the first one. + +If you're tempted to do something that doesn't fit cleanly into one bucket — a unit test that imports a Lit component, a browser test that calls the REST API to seed data — that's a strong signal you've chosen the wrong bucket. Re-read the conventions doc for the bucket you actually want. + +## Cross-cutting rules + +These apply everywhere in `test/`: + +- **No bespoke API clients.** Never build a `fetch`-based admin client inside a test file. Unit tests don't need one; browser tests must drive the UI; if a real seeding gap exists, extend a fixture or blueprint instead. +- **No hard-coded credentials beyond what's already in fixtures.** Browser tests authenticate via `session.login()` using the bootstrap admin from `test/blueprints/test-admin-user.yaml`. Don't read `process.env.AK_TEST_BOOTSTRAP_TOKEN` from a test. +- **Deterministic naming for entities.** When a browser test creates data, use `IDGenerator.randomID(...)` for uniqueness — see browser conventions. Unit tests should never need this. +- **One file per feature / symbol.** Resist creating one-off files named after a bug, a ticket, or a date. +- **Test names are full sentences.** `"returns null once the input is exhausted"`, `"Create application with existing provider"`. Not `"works"`, not `"#22383"`. + +## Running + +```bash +npm test # Both projects (unit + browser) +npx vitest run test/unit # Just unit tests +npx vitest run test/browser # Just browser tests +npx vitest run path/to/single.test.ts # One file +npm run test:e2e # Playwright e2e CLI path (same test/browser sources) +``` + +Browser tests require a running authentik instance reachable at `AK_TEST_RUNNER_PAGE_URL` (defaults to `http://localhost:9000`). The `prerequisites.setup.ts` health check will fail loudly if it isn't up. + +## Where things live + +- Playwright fixtures (`session`, `navigator`, `form`, `pointer`) and the `#e2e` entry point: `e2e/`. +- Lit render helper for component tests: `test/lit/`. +- Seed blueprints (test admin user, etc.): `test/blueprints/`. +- Generators (`IDGenerator`, `randomName`) used by browser tests: `e2e/utils/generators.ts` and `@goauthentik/core/id`. diff --git a/web/test/CLAUDE.md b/web/test/CLAUDE.md new file mode 100644 index 0000000000..43c994c2d3 --- /dev/null +++ b/web/test/CLAUDE.md @@ -0,0 +1 @@ +@AGENTS.md diff --git a/web/test/browser/AGENTS.md b/web/test/browser/AGENTS.md new file mode 100644 index 0000000000..cf1d0cf77e --- /dev/null +++ b/web/test/browser/AGENTS.md @@ -0,0 +1,150 @@ +# Browser Test Conventions + +These are Playwright tests run under Vitest's browser runner (Chromium). They exercise the **admin and user UIs end-to-end** against a running authentik instance. Tests live in `test/browser/*.test.ts`; supporting fixtures and helpers live in `e2e/`. + +## Philosophy + +**Drive the UI, not the API.** A test for a feature should exercise the same path a user takes — click "New Provider", fill the form, click "Create", verify it appears. We don't seed entities through the REST API and then click one button to verify a single side effect. If the UI flow breaks, the test must break with it; if we shortcut through the API, regressions in the wizards, modals, navigation, and form bindings go undetected. + +**Cover features, not bugs.** A test file is named after the feature it exercises (`providers.test.ts`, `applications.test.ts`), not the bug it was written for. Regression tests for specific defects belong inside the feature's existing suite as an additional `test(...)` case — not as a one-off file with bespoke API plumbing. + +**No bespoke HTTP clients.** If you find yourself writing a `makeAPIClient` helper inside a test, stop. Either drive the UI to create the prerequisite state, or — if the prerequisite is truly out of scope for the feature under test — extend a fixture so the pattern is reusable. + +**No explicit cleanup.** Entity names are seeded with `IDGenerator.randomID(...)` so each run produces unique slugs. Stale entities from prior runs don't collide and are expected to accumulate in dev environments. Don't add `try/finally` cleanup blocks — they obscure the assertion at the end of the test and tend to swallow the real failure when the UI flow breaks. + +## Imports + +Tests import from the `#e2e` alias, never from `@playwright/test` directly: + +```ts +import { expect, test } from "#e2e"; +import { randomName } from "#e2e/utils/generators"; + +import { IDGenerator } from "@goauthentik/core/id"; +import { series } from "@goauthentik/core/promises"; +``` + +The `#e2e` entry (`e2e/index.ts`) re-exports `expect` from Playwright and exports a `test` that has been extended with our fixtures. + +## Fixtures + +Destructure what you need from the test callback. All are constructed per-test: + +| Fixture | Purpose | +| ----------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| `session` | `login({ to, username?, password?, rememberMe? })`, `toLoginPage()`, `checkAuthenticated()`. Defaults to `test-admin@goauthentik.io` / `test-runner`. | +| `navigator` | `navigate(to)` and `waitForPathname(to)` — use these over `page.goto` so URL waits are consistent. | +| `form` | `fill(label, value, ctx?)`, `search(query, ctx?)`, `selectSearchValue(label, pattern, ctx?)`, `setInputCheck(label, bool, ctx?)`, `setRadio(group, name, ctx?)`, `setFormGroup(pattern, open, ctx?)`. Knows about `ak-switch-input`, `ak-form-group`, and search-select dropdowns. | +| `pointer` | `click(name, role?, ctx?)` — high-level click by accessible name; defaults to buttons/links. | +| `page` | Raw Playwright `Page` for anything the fixtures don't cover. Shadow DOM is pierced automatically. | +| `baseURL` | The instance URL, from `AK_TEST_RUNNER_PAGE_URL` (defaults to `http://localhost:9000`). | + +Most steps in most tests should go through `form` and `pointer`. Reach for `page.locator(...)` only when there isn't a fixture method that fits. + +## Shape of a test + +```ts +test.describe("Feature name", () => { + const names = new Map(); + + test.beforeEach("Seed names", async ({ page: _page }, { testId }) => { + const seed = IDGenerator.randomID(6); + names.set(testId, `${randomName(seed)} (${seed})`); + }); + + test("Do the thing", async ({ session, navigator, form, pointer, page }, testInfo) => { + const name = names.get(testInfo.testId)!; + const { fill, search, selectSearchValue } = form; + const { click } = pointer; + + await test.step("Authenticate", async () => { + await session.login({ to: "/if/admin/#/core/providers" }); + }); + + const dialog = page.getByRole("dialog", { name: "New Provider Wizard" }); + + await test.step("Open wizard", async () => { + await expect(dialog, "Wizard is initially closed").toBeHidden(); + await click("New Provider"); + await expect(dialog, "Wizard opens").toBeVisible(); + }); + + await test.step("Fill form", async () => { + await series( + [click, "OAuth2/OpenID", "option"], + [fill, "Provider Name", name], + [ + selectSearchValue, + "Authorization Flow", + /default-provider-authorization-explicit-consent/, + ], + [click, "Create"], + ); + }); + + await test.step("Verify created", async () => { + await expect(await search(name), "Provider is visible").toBeVisible(); + }); + }); +}); +``` + +Conventions baked in above: + +- **`test.describe` per feature**, plain imperative names per test. +- **`test.step(...)` for every meaningful phase** — these show up in traces and HTML reports and make failures self-locating. +- **Names keyed by `testId`** in a module-scoped `Map`, populated in `beforeEach`. +- **`series([fn, ...args], ...)`** for ordered form-fill sequences. Reads top-to-bottom as a script of user actions. +- **Dialog locator captured once**, then passed as the `ctx?` argument to scope `fill`/`click`/`selectSearchValue` inside it. +- **Every `expect` has a message** as the second argument — it shows up in the failure output. Phrase it as the property being asserted ("Wizard opens", "Provider is visible"), not as a restatement of the matcher. +- **First parameter must be a destructure pattern**, even when you don't reference any fixture — write `async ({ page: _page }, { testId }) => {…}`. A bare identifier (`async (_, { testId }) => {…}`) throws `First argument must use the object destructuring pattern` at runtime because Playwright inspects the parameter pattern to decide which fixtures to inject, and an empty destructure (`async ({}, { testId }) => {…}`) trips ESLint's `no-empty-pattern`. Destructure-and-rename is the only form that satisfies both. + +## Locator preferences + +In order, prefer: + +1. **ARIA role queries** — `page.getByRole("button", { name: "Create" })`, `page.getByRole("dialog", { name: /Launch Endpoint/i })`, `page.getByLabel("Username")`. These survive style/markup changes and document intent. +2. **Web component tags** — `page.locator("ak-stage-identification")`, `page.locator("ak-form-group", { hasText: /Advanced/ })`. Stable element contracts. +3. **`data-test-id`** — `page.getByTestId("...")`. The Playwright config sets `testIdAttribute: "data-test-id"`. Only add a new test id when role/label queries can't disambiguate. +4. **CSS selectors** — last resort. + +Shadow DOM works transparently — don't write `.shadowRoot` traversals; Playwright pierces. + +## Assertions + +```ts +await expect(dialog, "Dialog is initially closed").toBeHidden(); +await expect(dialog, "Dialog opens").toBeVisible(); +await expect(row, "Endpoint row appears without manual refresh").toBeVisible({ timeout: 5_000 }); +await expect(input, "Input has expected value").toHaveValue("foo"); +await expect(checkbox, "Checkbox is checked").toBeChecked(); +``` + +- Always pass a message. +- Use explicit `{ timeout: ... }` only when the default (5s) genuinely isn't enough — generally for the first assertion after an async UI transition like a dialog mount or a navigation. +- Don't add `page.waitForTimeout` — wait for the locator condition you actually care about. + +## Anti-patterns (do not do these) + +- **Bespoke API clients in test files.** No `makeAPIClient`, no raw `fetch(`${baseURL}/api/v3/...`)` for setup. See [Philosophy](#philosophy). +- **Reading `process.env.AK_TEST_BOOTSTRAP_TOKEN`** from a test. Tests authenticate as a real user via `session.login()`. +- **One-file regression tests for a single bug.** Add a `test(...)` case to the relevant feature suite instead. +- **`try/finally` cleanup blocks.** Names are randomized; let entities accumulate. +- **`page.goto` with no wait.** Use `navigator.navigate(to)` or `session.login({ to })`. +- **Asserting against CSS selectors when a role/label exists.** If you find yourself writing `.locator('button[type="submit"]')`, check whether `getByRole("button", { name: ... })` works first. +- **Skipping `test.step`.** Long flat tests are hard to debug; wrap each phase. + +## Adding new coverage + +When extending an existing suite, follow the surrounding patterns — same fixture destructure, same `Map` style, same dialog-as-context idiom. When introducing a new suite, model the structure on `applications.test.ts` or `providers.test.ts`; those are the canonical examples. + +If you need a helper that doesn't exist yet (a new form input shape, a new common navigation), extend the fixture in `e2e/fixtures/` rather than duplicating logic in tests. + +## Running + +```bash +npm test # All Vitest (unit + browser) +npx vitest run test/browser/foo.test.ts # Single browser test file +``` + +The Playwright config (`playwright.config.js`) is also present for the `npm run test:e2e` path and configures Chromium with traces on first retry and a dark color scheme. The browser tests through Vitest use `@vitest/browser-playwright` and target the same `test/browser/` directory. diff --git a/web/test/browser/CLAUDE.md b/web/test/browser/CLAUDE.md new file mode 100644 index 0000000000..43c994c2d3 --- /dev/null +++ b/web/test/browser/CLAUDE.md @@ -0,0 +1 @@ +@AGENTS.md diff --git a/web/test/unit/AGENTS.md b/web/test/unit/AGENTS.md new file mode 100644 index 0000000000..ac1e2fc083 --- /dev/null +++ b/web/test/unit/AGENTS.md @@ -0,0 +1,95 @@ +# Unit Test Conventions + +Pure-Node, no-browser tests for individual functions, pure logic, and modules with no DOM dependencies. Runs under Vitest's Node environment — no Playwright, no Lit rendering, no live authentik instance. + +## When a unit test is the right tool + +- The thing under test is a **plain function or class** with no DOM, network, or component lifecycle. +- You want to cover **branches, edge cases, error paths, and invariants** thoroughly and fast. +- The behavior is deterministic given inputs — no timers, no external services, no `customElements.define`. + +If the answer involves rendering a Lit component, clicking something, awaiting network, or asserting against the DOM, it does not belong here. Push it to a colocated Lit component test or to `test/browser/`. + +## File layout + +- Files live in `test/unit/*.test.ts`. +- One file per module/feature under test — name it after the symbol or module (`lexer.test.ts`, `authenticator-validate-challenge-selection.test.ts`). +- The Vitest config also picks up `**/*.unit.test.ts` anywhere in the workspace, so a tightly-coupled test may be colocated next to its source as `foo.unit.test.ts` when that's clearer than a parallel `test/unit/` file. + +## Imports + +```ts +import { describe, expect, it, vi } from "vitest"; + +import { shouldResetSelectedChallenge } from "#flow/stages/authenticator_validate/challenge-selection"; +``` + +- Use `describe` / `it` / `expect` from `vitest`. Do **not** import `test`/`expect` from `#e2e` — that's for browser tests and pulls in Playwright. +- Reach into source via the package `#alias` imports (`#flow/…`, `#elements/…`, `#common/…`) — never relative paths into `src/`. +- Use `vi` for spies, mocks, and timers. Prefer real implementations; only mock at module boundaries that actually pose a problem (network, time, randomness). + +## Shape of a test + +```ts +describe("shouldResetSelectedChallenge", () => { + it("returns true when the previously selected challenge is no longer allowed", () => { + const selected = makeDeviceChallenge(DeviceClassesEnum.Email, "email-1"); + const allowed = [ + makeDeviceChallenge(DeviceClassesEnum.Totp, "totp-1"), + makeDeviceChallenge(DeviceClassesEnum.Webauthn, "webauthn-1"), + ]; + + expect(shouldResetSelectedChallenge(selected, allowed)).toBe(true); + }); + + it("returns false when the previously selected challenge is still allowed", () => { ... }); + it("returns false when there was no selected challenge", () => { ... }); +}); +``` + +Conventions: + +- **`describe(symbolName)`** at the top, optionally nested by method or behavior (`describe("addRule")`, `describe("tokenization")`, `describe("states")` — see `lexer.test.ts`). +- **`it("returns X when Y")`** — full sentences starting with the verb. State both the outcome and the precondition. Bad: `"works"`, `"handles nulls"`. Good: `"returns null once the input is exhausted"`, `"rolls back the lexer index when an action rejects"`. +- **Arrange / act / assert** with a blank line between phases where it improves scanability. Inline factories like `makeDeviceChallenge(...)` for repeated test-data shapes — keep them at the top of the file, not in shared helpers, until two files need the same one. +- **One concept per `it`.** If you reach for "and" in the name, split it. +- **No assertion messages** on `expect()` in unit tests. The test name and matcher already describe intent; Vitest's output is sufficient. + +## Assertions + +Plain Vitest matchers — `toBe`, `toEqual`, `toBeNull`, `toBeTruthy`, `toThrow(/regex/)`, `toHaveBeenCalledTimes`, etc. Use: + +- `toBe` for primitives and reference identity. +- `toEqual` for structural equality. +- `toThrow(/regex/)` for error paths — match a stable fragment of the message, not the whole thing. +- `.mock.calls[i]?.[j]` to assert on spy arguments precisely. + +## Mocking and spies + +```ts +const defunct = vi.fn((chr: string) => `?${chr}`); +expect(defunct).toHaveBeenCalledTimes(2); +expect(defunct.mock.calls[0]?.[0]).toBe("@"); +``` + +- Prefer constructing test doubles inline with `vi.fn()` over module-level `vi.mock(...)`. +- Reach for `vi.useFakeTimers()` only when the code under test reads the clock — don't preemptively fake time. +- If you need `vi.mock("module")`, hoist it to the top of the file and explain _why_ in a one-line comment if the reason isn't obvious from the import. + +## What NOT to do here + +- **Do not import from `@playwright/test` or `#e2e`.** Those are for browser tests. +- **Do not call `customElements.define` or import Lit components.** The Node environment has no DOM. Component coverage belongs in `test/browser/` (or a `.browser.test.ts` colocated with the component, once the Lit render helper has a real consumer). +- **Do not hit the network or filesystem.** Pure-function tests; if the unit needs IO, you're testing the wrong layer. +- **Do not silently pass on `try/catch`.** Use `expect(() => …).toThrow(...)` for error paths so a missing throw fails the test. +- **Do not assert against snapshots** unless the output is a stable, intentional artifact (e.g. a token stream). Snapshots rot fast when used as a substitute for thinking about the contract. + +## Running + +```bash +npx vitest run test/unit # All unit tests +npx vitest run test/unit/lexer.test.ts # One file +npx vitest test/unit/lexer.test.ts -t "tokenization" # Filter by name +``` + +The `npm test` script runs both the unit and browser projects; for fast iteration on a pure-logic change, run the single file directly. diff --git a/web/test/unit/CLAUDE.md b/web/test/unit/CLAUDE.md new file mode 100644 index 0000000000..43c994c2d3 --- /dev/null +++ b/web/test/unit/CLAUDE.md @@ -0,0 +1 @@ +@AGENTS.md From d2cc7d416c1459115eaabe343cc83252c9f4dc4a Mon Sep 17 00:00:00 2001 From: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com> Date: Wed, 3 Jun 2026 19:26:53 +0200 Subject: [PATCH 18/65] web: fix British spellings flagged by cspell (#22820) Rename the PFColor.Grey enum member to Gray and the FONT_COLOUR_*/fontColour chart identifiers to FONT_COLOR_*/fontColor (PatternFly's pf-m-grey CSS class is left as-is), plus American spellings in comments and a UI string. Part of enabling cspell's British-spelling rule; the rule itself lands in a separate PR once all areas are clean. Co-authored-by: Playpen Agent <279763771+playpen-agent@users.noreply.github.com> --- web/src/admin/admin-settings/AdminSettingsForm.ts | 2 +- web/src/admin/enterprise/EnterpriseStatusCard.ts | 2 +- web/src/admin/events/DataExportListPage.ts | 2 +- web/src/admin/lifecycle/utils.ts | 4 ++-- web/src/admin/outposts/OutpostHealthSimple.ts | 2 +- web/src/admin/sources/SourceListPage.ts | 2 +- web/src/components/ak-status-label.ts | 4 ++-- web/src/elements/Label.ts | 6 +++--- web/src/elements/charts/Chart.ts | 10 +++++----- web/src/elements/tasks/TaskStatus.ts | 4 ++-- 10 files changed, 19 insertions(+), 19 deletions(-) diff --git a/web/src/admin/admin-settings/AdminSettingsForm.ts b/web/src/admin/admin-settings/AdminSettingsForm.ts index 44d6b01fca..69dbd4e177 100644 --- a/web/src/admin/admin-settings/AdminSettingsForm.ts +++ b/web/src/admin/admin-settings/AdminSettingsForm.ts @@ -277,7 +277,7 @@ export class AdminSettingsForm extends Form {
diff --git a/web/src/admin/enterprise/EnterpriseStatusCard.ts b/web/src/admin/enterprise/EnterpriseStatusCard.ts index 2b1d32384b..4d1fb249aa 100644 --- a/web/src/admin/enterprise/EnterpriseStatusCard.ts +++ b/web/src/admin/enterprise/EnterpriseStatusCard.ts @@ -31,7 +31,7 @@ export class EnterpriseStatusCard extends AKElement { case LicenseSummaryStatusEnum.ExpirySoon: return html`${msg("Expiring soon")}`; case LicenseSummaryStatusEnum.Unlicensed: - return html`${msg("Unlicensed")}`; + return html`${msg("Unlicensed")}`; case LicenseSummaryStatusEnum.ReadOnly: return html`${msg("Read Only")}`; case LicenseSummaryStatusEnum.Valid: diff --git a/web/src/admin/events/DataExportListPage.ts b/web/src/admin/events/DataExportListPage.ts index e4ab7f69cc..1228b63bcd 100644 --- a/web/src/admin/events/DataExportListPage.ts +++ b/web/src/admin/events/DataExportListPage.ts @@ -87,7 +87,7 @@ export class DataExportListPage extends TablePage { Timestamp(item.requestedOn), html`${item.completed ? html`${msg("Finished")}` - : html`${msg("Queued")}`}`, + : html`${msg("Queued")}`}`, item.completed && item.fileUrl ? html`
diff --git a/web/src/admin/lifecycle/utils.ts b/web/src/admin/lifecycle/utils.ts index a07d987bc1..9696f63609 100644 --- a/web/src/admin/lifecycle/utils.ts +++ b/web/src/admin/lifecycle/utils.ts @@ -28,7 +28,7 @@ export const LifecycleIterationStatus: LitFC = ({ ) .with( LifecycleIterationStateEnum.Canceled, - () => html`${msg("Canceled")}`, + () => html`${msg("Canceled")}`, ) - .otherwise(() => html`${msg("Unknown")}`); + .otherwise(() => html`${msg("Unknown")}`); }; diff --git a/web/src/admin/outposts/OutpostHealthSimple.ts b/web/src/admin/outposts/OutpostHealthSimple.ts index a8a9e9867b..1e54014a1a 100644 --- a/web/src/admin/outposts/OutpostHealthSimple.ts +++ b/web/src/admin/outposts/OutpostHealthSimple.ts @@ -52,7 +52,7 @@ export class OutpostHealthSimpleElement extends AKElement { return html``; } if (!this.outpostHealths || this.outpostHealths.length === 0) { - return html`${msg("Not available")}`; + return html`${msg("Not available")}`; } const outdatedOutposts = this.outpostHealths.filter((h) => h.versionOutdated); if (outdatedOutposts.length > 0) { diff --git a/web/src/admin/sources/SourceListPage.ts b/web/src/admin/sources/SourceListPage.ts index e60d2deb79..b88e7f0feb 100644 --- a/web/src/admin/sources/SourceListPage.ts +++ b/web/src/admin/sources/SourceListPage.ts @@ -100,7 +100,7 @@ export class SourceListPage extends TablePage { return [ html`
${item.name}
- ${msg("Built-in")} + ${msg("Built-in")}
`, html`${msg("Built-in")}`, nothing, diff --git a/web/src/components/ak-status-label.ts b/web/src/components/ak-status-label.ts index 75006db700..2dd3a591a2 100644 --- a/web/src/components/ak-status-label.ts +++ b/web/src/components/ak-status-label.ts @@ -34,8 +34,8 @@ const statusToDetails = new Map([ * * - type="error" (default): A Red ✖ * - type="warning" An orange ⚠ - * - type="info" A grey ⓘ - * - type="neutral" A grey ✖ + * - type="info" A gray ⓘ + * - type="neutral" A gray ✖ * * By default, the messages for "good" and "other" are "Yes" and "No" respectively, but these can be * customized with the attributes `good-label` and `bad-label`. diff --git a/web/src/elements/Label.ts b/web/src/elements/Label.ts index c5da143dfb..320ebc7ccd 100644 --- a/web/src/elements/Label.ts +++ b/web/src/elements/Label.ts @@ -14,7 +14,7 @@ export enum PFColor { Orange = "pf-m-orange", Red = "pf-m-red", Blue = "pf-m-blue", - Grey = "", + Gray = "", } export const levelNames = ["warning", "info", "success", "danger"]; @@ -26,7 +26,7 @@ const chromeList: Chrome[] = [ ["warning", PFColor.Orange, "pf-m-orange", "fa-exclamation-triangle"], ["success", PFColor.Green, "pf-m-green", "fa-check"], ["running", PFColor.Blue, "pf-m-blue", "fa-clock"], - ["info", PFColor.Grey, "pf-m-grey", "fa-info-circle"], + ["info", PFColor.Gray, "pf-m-grey", "fa-info-circle"], ]; export interface ILabel { @@ -38,7 +38,7 @@ export interface ILabel { @customElement("ak-label") export class Label extends AKElement implements ILabel { @property() - color: PFColor = PFColor.Grey; + color: PFColor = PFColor.Gray; @property() icon?: string; diff --git a/web/src/elements/charts/Chart.ts b/web/src/elements/charts/Chart.ts index 769962f9c4..6777e4c8eb 100644 --- a/web/src/elements/charts/Chart.ts +++ b/web/src/elements/charts/Chart.ts @@ -41,8 +41,8 @@ Chart.register(LineController, BarController, DoughnutController); Chart.register(ArcElement, BarElement, PointElement, LineElement); Chart.register(TimeScale, TimeSeriesScale, LinearScale, Filler); -export const FONT_COLOUR_DARK_MODE = "#fafafa"; -export const FONT_COLOUR_LIGHT_MODE = "#151515"; +export const FONT_COLOR_DARK_MODE = "#fafafa"; +export const FONT_COLOR_LIGHT_MODE = "#151515"; export abstract class AKChart extends AKElement { public role = "figure"; @@ -59,7 +59,7 @@ export abstract class AKChart extends AKElement { @property() centerText?: string; - fontColour = FONT_COLOUR_LIGHT_MODE; + fontColor = FONT_COLOR_LIGHT_MODE; static styles: CSSResult[] = [ css` @@ -91,9 +91,9 @@ export abstract class AKChart extends AKElement { this.addEventListener(EVENT_REFRESH, this.refreshHandler); this.addEventListener(ThemeChangeEvent.eventName, ((ev: CustomEvent) => { if (ev.detail === UiThemeEnum.Light) { - this.fontColour = FONT_COLOUR_LIGHT_MODE; + this.fontColor = FONT_COLOR_LIGHT_MODE; } else { - this.fontColour = FONT_COLOUR_DARK_MODE; + this.fontColor = FONT_COLOR_DARK_MODE; } this.chart?.update(); }) as EventListener); diff --git a/web/src/elements/tasks/TaskStatus.ts b/web/src/elements/tasks/TaskStatus.ts index 5b60ec2954..cd46c04073 100644 --- a/web/src/elements/tasks/TaskStatus.ts +++ b/web/src/elements/tasks/TaskStatus.ts @@ -22,7 +22,7 @@ export class TaskStatus extends AKElement { switch (this.status) { case TaskAggregatedStatusEnum.Queued: case LastTaskStatusEnum.Queued: - return html`${msg("Waiting to run")}`; + return html`${msg("Waiting to run")}`; case TaskAggregatedStatusEnum.Consumed: case LastTaskStatusEnum.Consumed: return html`${msg("Consumed")}`; @@ -49,7 +49,7 @@ export class TaskStatus extends AKElement { case LastTaskStatusEnum.Error: return html`${msg("Error")}`; default: - return html`${msg("Unknown")}`; + return html`${msg("Unknown")}`; } } } From 88439e45f0fd8728119b265d0e839f566fec07f5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 4 Jun 2026 15:04:20 +0200 Subject: [PATCH 19/65] ci: bump aws-actions/configure-aws-credentials from 6.1.3 to 6.2.0 (#22855) Bumps [aws-actions/configure-aws-credentials](https://github.com/aws-actions/configure-aws-credentials) from 6.1.3 to 6.2.0. - [Release notes](https://github.com/aws-actions/configure-aws-credentials/releases) - [Changelog](https://github.com/aws-actions/configure-aws-credentials/blob/main/CHANGELOG.md) - [Commits](https://github.com/aws-actions/configure-aws-credentials/compare/99214aa6889fcddfa57764031d71add364327e59...e7f100cf4c008499ea8adda475de1042d6975c7b) --- updated-dependencies: - dependency-name: aws-actions/configure-aws-credentials dependency-version: 6.2.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/release-publish.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release-publish.yml b/.github/workflows/release-publish.yml index 726a7efa6a..736b9bd149 100644 --- a/.github/workflows/release-publish.yml +++ b/.github/workflows/release-publish.yml @@ -183,7 +183,7 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v5 - - uses: aws-actions/configure-aws-credentials@99214aa6889fcddfa57764031d71add364327e59 # v6.1.3 + - uses: aws-actions/configure-aws-credentials@e7f100cf4c008499ea8adda475de1042d6975c7b # v6.2.0 with: role-to-assume: "arn:aws:iam::016170277896:role/github_goauthentik_authentik" aws-region: ${{ env.AWS_REGION }} From 5b7d7a85d5dd9ae21acfb62a6ab0835b8b9ab4e9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 4 Jun 2026 15:04:32 +0200 Subject: [PATCH 20/65] core: bump astral-sh/uv from 0.11.17 to 0.11.19 in /lifecycle/container (#22854) Bumps [astral-sh/uv](https://github.com/astral-sh/uv) from 0.11.17 to 0.11.19. - [Release notes](https://github.com/astral-sh/uv/releases) - [Changelog](https://github.com/astral-sh/uv/blob/main/CHANGELOG.md) - [Commits](https://github.com/astral-sh/uv/compare/0.11.17...0.11.19) --- updated-dependencies: - dependency-name: astral-sh/uv dependency-version: 0.11.19 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- lifecycle/container/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lifecycle/container/Dockerfile b/lifecycle/container/Dockerfile index 52b57bbddc..932dd090b9 100644 --- a/lifecycle/container/Dockerfile +++ b/lifecycle/container/Dockerfile @@ -116,7 +116,7 @@ RUN --mount=type=bind,target=rust-toolchain.toml,src=rust-toolchain.toml \ RUN cat /root/.rustup/settings.toml # Stage: Download uv -FROM ghcr.io/astral-sh/uv:0.11.17@sha256:03bdc89bb9798628846e60c3a9ad19006c8c3c724ccd2985a33145c039a0577b AS uv +FROM ghcr.io/astral-sh/uv:0.11.19@sha256:b46b03ddfcfbf8f547af7e9eaefdf8a39c8cebcba7c98858d3162bd28cf536f6 AS uv # Stage: Base python image FROM ghcr.io/goauthentik/fips-python:3.14.5-slim-trixie-fips@sha256:7a0633910cf4aba773a8b7e7ff3fda90c972e3c992894de86c771249e03398ba AS python-base From fe958185a395592704354d7325aa4dc860410e9f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 4 Jun 2026 15:04:47 +0200 Subject: [PATCH 21/65] core: bump aiohttp from 3.13.5 to 3.14.0 (#22851) --- updated-dependencies: - dependency-name: aiohttp dependency-version: 3.14.0 dependency-type: indirect ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- uv.lock | 79 +++++++++++++++++++++++++++++++-------------------------- 1 file changed, 43 insertions(+), 36 deletions(-) diff --git a/uv.lock b/uv.lock index 548b7237a9..70847b8d41 100644 --- a/uv.lock +++ b/uv.lock @@ -22,7 +22,7 @@ wheels = [ [[package]] name = "aiohttp" -version = "3.13.5" +version = "3.14.0" source = { registry = "https://pypi.org/simple" } dependencies = [ { name = "aiohappyeyeballs" }, @@ -33,42 +33,49 @@ dependencies = [ { name = "propcache" }, { name = "yarl" }, ] -sdist = { url = "https://files.pythonhosted.org/packages/77/9a/152096d4808df8e4268befa55fba462f440f14beab85e8ad9bf990516918/aiohttp-3.13.5.tar.gz", hash = "sha256:9d98cc980ecc96be6eb4c1994ce35d28d8b1f5e5208a23b421187d1209dbb7d1", size = 7858271, upload-time = "2026-03-31T22:01:03.343Z" } +sdist = { url = "https://files.pythonhosted.org/packages/ee/ab/93ce242f899b68c51b0578c027aafa791ab3614cb9345fa5d37b5f5c8e3e/aiohttp-3.14.0.tar.gz", hash = "sha256:2882de819734c715fd1b9c11c97e09fa020d14438203d1d354d8ed1702791c9b", size = 7940674, upload-time = "2026-06-01T19:41:02.763Z" } wheels = [ - { url = "https://files.pythonhosted.org/packages/5d/ce/46572759afc859e867a5bc8ec3487315869013f59281ce61764f76d879de/aiohttp-3.13.5-cp314-cp314-macosx_10_13_universal2.whl", hash = "sha256:eb4639f32fd4a9904ab8fb45bf3383ba71137f3d9d4ba25b3b3f3109977c5b8c", size = 745721, upload-time = "2026-03-31T21:58:50.229Z" }, - { url = "https://files.pythonhosted.org/packages/13/fe/8a2efd7626dbe6049b2ef8ace18ffda8a4dfcbe1bcff3ac30c0c7575c20b/aiohttp-3.13.5-cp314-cp314-macosx_10_13_x86_64.whl", hash = "sha256:7e5dc4311bd5ac493886c63cbf76ab579dbe4641268e7c74e48e774c74b6f2be", size = 497663, upload-time = "2026-03-31T21:58:52.232Z" }, - { url = "https://files.pythonhosted.org/packages/9b/91/cc8cc78a111826c54743d88651e1687008133c37e5ee615fee9b57990fac/aiohttp-3.13.5-cp314-cp314-macosx_11_0_arm64.whl", hash = "sha256:756c3c304d394977519824449600adaf2be0ccee76d206ee339c5e76b70ded25", size = 499094, upload-time = "2026-03-31T21:58:54.566Z" }, - { url = "https://files.pythonhosted.org/packages/0a/33/a8362cb15cf16a3af7e86ed11962d5cd7d59b449202dc576cdc731310bde/aiohttp-3.13.5-cp314-cp314-manylinux2014_aarch64.manylinux_2_17_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:ecc26751323224cf8186efcf7fbcbc30f4e1d8c7970659daf25ad995e4032a56", size = 1726701, upload-time = "2026-03-31T21:58:56.864Z" }, - { url = "https://files.pythonhosted.org/packages/45/0c/c091ac5c3a17114bd76cbf85d674650969ddf93387876cf67f754204bd77/aiohttp-3.13.5-cp314-cp314-manylinux2014_armv7l.manylinux_2_17_armv7l.manylinux_2_31_armv7l.whl", hash = "sha256:10a75acfcf794edf9d8db50e5a7ec5fc818b2a8d3f591ce93bc7b1210df016d2", size = 1683360, upload-time = "2026-03-31T21:58:59.072Z" }, - { url = "https://files.pythonhosted.org/packages/23/73/bcee1c2b79bc275e964d1446c55c54441a461938e70267c86afaae6fba27/aiohttp-3.13.5-cp314-cp314-manylinux2014_ppc64le.manylinux_2_17_ppc64le.manylinux_2_28_ppc64le.whl", hash = "sha256:0f7a18f258d124cd678c5fe072fe4432a4d5232b0657fca7c1847f599233c83a", size = 1773023, upload-time = "2026-03-31T21:59:01.776Z" }, - { url = "https://files.pythonhosted.org/packages/c7/ef/720e639df03004fee2d869f771799d8c23046dec47d5b81e396c7cda583a/aiohttp-3.13.5-cp314-cp314-manylinux2014_s390x.manylinux_2_17_s390x.manylinux_2_28_s390x.whl", hash = "sha256:df6104c009713d3a89621096f3e3e88cc323fd269dbd7c20afe18535094320be", size = 1853795, upload-time = "2026-03-31T21:59:04.568Z" }, - { url = "https://files.pythonhosted.org/packages/bd/c9/989f4034fb46841208de7aeeac2c6d8300745ab4f28c42f629ba77c2d916/aiohttp-3.13.5-cp314-cp314-manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:241a94f7de7c0c3b616627aaad530fe2cb620084a8b144d3be7b6ecfe95bae3b", size = 1730405, upload-time = "2026-03-31T21:59:07.221Z" }, - { url = "https://files.pythonhosted.org/packages/ce/75/ee1fd286ca7dc599d824b5651dad7b3be7ff8d9a7e7b3fe9820d9180f7db/aiohttp-3.13.5-cp314-cp314-manylinux_2_31_riscv64.manylinux_2_39_riscv64.whl", hash = "sha256:c974fb66180e58709b6fc402846f13791240d180b74de81d23913abe48e96d94", size = 1558082, upload-time = "2026-03-31T21:59:09.484Z" }, - { url = "https://files.pythonhosted.org/packages/c3/20/1e9e6650dfc436340116b7aa89ff8cb2bbdf0abc11dfaceaad8f74273a10/aiohttp-3.13.5-cp314-cp314-musllinux_1_2_aarch64.whl", hash = "sha256:6e27ea05d184afac78aabbac667450c75e54e35f62238d44463131bd3f96753d", size = 1692346, upload-time = "2026-03-31T21:59:12.068Z" }, - { url = "https://files.pythonhosted.org/packages/d8/40/8ebc6658d48ea630ac7903912fe0dd4e262f0e16825aa4c833c56c9f1f56/aiohttp-3.13.5-cp314-cp314-musllinux_1_2_armv7l.whl", hash = "sha256:a79a6d399cef33a11b6f004c67bb07741d91f2be01b8d712d52c75711b1e07c7", size = 1698891, upload-time = "2026-03-31T21:59:14.552Z" }, - { url = "https://files.pythonhosted.org/packages/d8/78/ea0ae5ec8ba7a5c10bdd6e318f1ba5e76fcde17db8275188772afc7917a4/aiohttp-3.13.5-cp314-cp314-musllinux_1_2_ppc64le.whl", hash = "sha256:c632ce9c0b534fbe25b52c974515ed674937c5b99f549a92127c85f771a78772", size = 1742113, upload-time = "2026-03-31T21:59:17.068Z" }, - { url = "https://files.pythonhosted.org/packages/8a/66/9d308ed71e3f2491be1acb8769d96c6f0c47d92099f3bc9119cada27b357/aiohttp-3.13.5-cp314-cp314-musllinux_1_2_riscv64.whl", hash = "sha256:fceedde51fbd67ee2bcc8c0b33d0126cc8b51ef3bbde2f86662bd6d5a6f10ec5", size = 1553088, upload-time = "2026-03-31T21:59:19.541Z" }, - { url = "https://files.pythonhosted.org/packages/da/a6/6cc25ed8dfc6e00c90f5c6d126a98e2cf28957ad06fa1036bd34b6f24a2c/aiohttp-3.13.5-cp314-cp314-musllinux_1_2_s390x.whl", hash = "sha256:f92995dfec9420bb69ae629abf422e516923ba79ba4403bc750d94fb4a6c68c1", size = 1757976, upload-time = "2026-03-31T21:59:22.311Z" }, - { url = "https://files.pythonhosted.org/packages/c1/2b/cce5b0ffe0de99c83e5e36d8f828e4161e415660a9f3e58339d07cce3006/aiohttp-3.13.5-cp314-cp314-musllinux_1_2_x86_64.whl", hash = "sha256:20ae0ff08b1f2c8788d6fb85afcb798654ae6ba0b747575f8562de738078457b", size = 1712444, upload-time = "2026-03-31T21:59:24.635Z" }, - { url = "https://files.pythonhosted.org/packages/6c/cf/9e1795b4160c58d29421eafd1a69c6ce351e2f7c8d3c6b7e4ca44aea1a5b/aiohttp-3.13.5-cp314-cp314-win32.whl", hash = "sha256:b20df693de16f42b2472a9c485e1c948ee55524786a0a34345511afdd22246f3", size = 438128, upload-time = "2026-03-31T21:59:27.291Z" }, - { url = "https://files.pythonhosted.org/packages/22/4d/eaedff67fc805aeba4ba746aec891b4b24cebb1a7d078084b6300f79d063/aiohttp-3.13.5-cp314-cp314-win_amd64.whl", hash = "sha256:f85c6f327bf0b8c29da7d93b1cabb6363fb5e4e160a32fa241ed2dce21b73162", size = 464029, upload-time = "2026-03-31T21:59:29.429Z" }, - { url = "https://files.pythonhosted.org/packages/79/11/c27d9332ee20d68dd164dc12a6ecdef2e2e35ecc97ed6cf0d2442844624b/aiohttp-3.13.5-cp314-cp314t-macosx_10_13_universal2.whl", hash = "sha256:1efb06900858bb618ff5cee184ae2de5828896c448403d51fb633f09e109be0a", size = 778758, upload-time = "2026-03-31T21:59:31.547Z" }, - { url = "https://files.pythonhosted.org/packages/04/fb/377aead2e0a3ba5f09b7624f702a964bdf4f08b5b6728a9799830c80041e/aiohttp-3.13.5-cp314-cp314t-macosx_10_13_x86_64.whl", hash = "sha256:fee86b7c4bd29bdaf0d53d14739b08a106fdda809ca5fe032a15f52fae5fe254", size = 512883, upload-time = "2026-03-31T21:59:34.098Z" }, - { url = "https://files.pythonhosted.org/packages/bb/a6/aa109a33671f7a5d3bd78b46da9d852797c5e665bfda7d6b373f56bff2ec/aiohttp-3.13.5-cp314-cp314t-macosx_11_0_arm64.whl", hash = "sha256:20058e23909b9e65f9da62b396b77dfa95965cbe840f8def6e572538b1d32e36", size = 516668, upload-time = "2026-03-31T21:59:36.497Z" }, - { url = "https://files.pythonhosted.org/packages/79/b3/ca078f9f2fa9563c36fb8ef89053ea2bb146d6f792c5104574d49d8acb63/aiohttp-3.13.5-cp314-cp314t-manylinux2014_aarch64.manylinux_2_17_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:8cf20a8d6868cb15a73cab329ffc07291ba8c22b1b88176026106ae39aa6df0f", size = 1883461, upload-time = "2026-03-31T21:59:38.723Z" }, - { url = "https://files.pythonhosted.org/packages/b7/e3/a7ad633ca1ca497b852233a3cce6906a56c3225fb6d9217b5e5e60b7419d/aiohttp-3.13.5-cp314-cp314t-manylinux2014_armv7l.manylinux_2_17_armv7l.manylinux_2_31_armv7l.whl", hash = "sha256:330f5da04c987f1d5bdb8ae189137c77139f36bd1cb23779ca1a354a4b027800", size = 1747661, upload-time = "2026-03-31T21:59:41.187Z" }, - { url = "https://files.pythonhosted.org/packages/33/b9/cd6fe579bed34a906d3d783fe60f2fa297ef55b27bb4538438ee49d4dc41/aiohttp-3.13.5-cp314-cp314t-manylinux2014_ppc64le.manylinux_2_17_ppc64le.manylinux_2_28_ppc64le.whl", hash = "sha256:6f1cbf0c7926d315c3c26c2da41fd2b5d2fe01ac0e157b78caefc51a782196cf", size = 1863800, upload-time = "2026-03-31T21:59:43.84Z" }, - { url = "https://files.pythonhosted.org/packages/c0/3f/2c1e2f5144cefa889c8afd5cf431994c32f3b29da9961698ff4e3811b79a/aiohttp-3.13.5-cp314-cp314t-manylinux2014_s390x.manylinux_2_17_s390x.manylinux_2_28_s390x.whl", hash = "sha256:53fc049ed6390d05423ba33103ded7281fe897cf97878f369a527070bd95795b", size = 1958382, upload-time = "2026-03-31T21:59:46.187Z" }, - { url = "https://files.pythonhosted.org/packages/66/1d/f31ec3f1013723b3babe3609e7f119c2c2fb6ef33da90061a705ef3e1bc8/aiohttp-3.13.5-cp314-cp314t-manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:898703aa2667e3c5ca4c54ca36cd73f58b7a38ef87a5606414799ebce4d3fd3a", size = 1803724, upload-time = "2026-03-31T21:59:48.656Z" }, - { url = "https://files.pythonhosted.org/packages/0e/b4/57712dfc6f1542f067daa81eb61da282fab3e6f1966fca25db06c4fc62d5/aiohttp-3.13.5-cp314-cp314t-manylinux_2_31_riscv64.manylinux_2_39_riscv64.whl", hash = "sha256:0494a01ca9584eea1e5fbd6d748e61ecff218c51b576ee1999c23db7066417d8", size = 1640027, upload-time = "2026-03-31T21:59:51.284Z" }, - { url = "https://files.pythonhosted.org/packages/25/3c/734c878fb43ec083d8e31bf029daae1beafeae582d1b35da234739e82ee7/aiohttp-3.13.5-cp314-cp314t-musllinux_1_2_aarch64.whl", hash = "sha256:6cf81fe010b8c17b09495cbd15c1d35afbc8fb405c0c9cf4738e5ae3af1d65be", size = 1806644, upload-time = "2026-03-31T21:59:53.753Z" }, - { url = "https://files.pythonhosted.org/packages/20/a5/f671e5cbec1c21d044ff3078223f949748f3a7f86b14e34a365d74a5d21f/aiohttp-3.13.5-cp314-cp314t-musllinux_1_2_armv7l.whl", hash = "sha256:c564dd5f09ddc9d8f2c2d0a301cd30a79a2cc1b46dd1a73bef8f0038863d016b", size = 1791630, upload-time = "2026-03-31T21:59:56.239Z" }, - { url = "https://files.pythonhosted.org/packages/0b/63/fb8d0ad63a0b8a99be97deac8c04dacf0785721c158bdf23d679a87aa99e/aiohttp-3.13.5-cp314-cp314t-musllinux_1_2_ppc64le.whl", hash = "sha256:2994be9f6e51046c4f864598fd9abeb4fba6e88f0b2152422c9666dcd4aea9c6", size = 1809403, upload-time = "2026-03-31T21:59:59.103Z" }, - { url = "https://files.pythonhosted.org/packages/59/0c/bfed7f30662fcf12206481c2aac57dedee43fe1c49275e85b3a1e1742294/aiohttp-3.13.5-cp314-cp314t-musllinux_1_2_riscv64.whl", hash = "sha256:157826e2fa245d2ef46c83ea8a5faf77ca19355d278d425c29fda0beb3318037", size = 1634924, upload-time = "2026-03-31T22:00:02.116Z" }, - { url = "https://files.pythonhosted.org/packages/17/d6/fd518d668a09fd5a3319ae5e984d4d80b9a4b3df4e21c52f02251ef5a32e/aiohttp-3.13.5-cp314-cp314t-musllinux_1_2_s390x.whl", hash = "sha256:a8aca50daa9493e9e13c0f566201a9006f080e7c50e5e90d0b06f53146a54500", size = 1836119, upload-time = "2026-03-31T22:00:04.756Z" }, - { url = "https://files.pythonhosted.org/packages/78/b7/15fb7a9d52e112a25b621c67b69c167805cb1f2ab8f1708a5c490d1b52fe/aiohttp-3.13.5-cp314-cp314t-musllinux_1_2_x86_64.whl", hash = "sha256:3b13560160d07e047a93f23aaa30718606493036253d5430887514715b67c9d9", size = 1772072, upload-time = "2026-03-31T22:00:07.494Z" }, - { url = "https://files.pythonhosted.org/packages/7e/df/57ba7f0c4a553fc2bd8b6321df236870ec6fd64a2a473a8a13d4f733214e/aiohttp-3.13.5-cp314-cp314t-win32.whl", hash = "sha256:9a0f4474b6ea6818b41f82172d799e4b3d29e22c2c520ce4357856fced9af2f8", size = 471819, upload-time = "2026-03-31T22:00:10.277Z" }, - { url = "https://files.pythonhosted.org/packages/62/29/2f8418269e46454a26171bfdd6a055d74febf32234e474930f2f60a17145/aiohttp-3.13.5-cp314-cp314t-win_amd64.whl", hash = "sha256:18a2f6c1182c51baa1d28d68fea51513cb2a76612f038853c0ad3c145423d3d9", size = 505441, upload-time = "2026-03-31T22:00:12.791Z" }, + { url = "https://files.pythonhosted.org/packages/28/03/5f36ab196a88ba5e9648ae5643e6531e67a3a8c0e96f9c6510ff41540fec/aiohttp-3.14.0-cp314-cp314-android_24_arm64_v8a.whl", hash = "sha256:363ef9e91014e7891679bfb2ac0a7c6ea93435dbbfd10ecf41b9f06fcf506c5f", size = 503330, upload-time = "2026-06-01T19:39:18.195Z" }, + { url = "https://files.pythonhosted.org/packages/2c/ce/8b49ec2f30f68e02f314f4832186cd45e583360a5a386058be36855d23b6/aiohttp-3.14.0-cp314-cp314-android_24_x86_64.whl", hash = "sha256:884a4edbdad77be9d0ef36142c8b504351b170df0bf62b51e784fadabf311c42", size = 509822, upload-time = "2026-06-01T19:39:20.396Z" }, + { url = "https://files.pythonhosted.org/packages/1a/fe/6edbf5d39bf29322b6816365b17ed8ede4dace164a3aea1abcd30110eb78/aiohttp-3.14.0-cp314-cp314-ios_13_0_arm64_iphoneos.whl", hash = "sha256:70ea956f6cc4a37620966b56c2e205d88ca3e6d85ec063277e414b1035cddad3", size = 483329, upload-time = "2026-06-01T19:39:22.607Z" }, + { url = "https://files.pythonhosted.org/packages/1b/5a/fae531bdbc6456fb6241f46b7b81e4d8a0dd3fc09118a0055dc7141ac1ec/aiohttp-3.14.0-cp314-cp314-ios_13_0_arm64_iphonesimulator.whl", hash = "sha256:ea3b9806c89f61da22fddf1f12dd524fb368e5e28f1261fbdafe5c3cd8ce893b", size = 489502, upload-time = "2026-06-01T19:39:24.881Z" }, + { url = "https://files.pythonhosted.org/packages/36/f4/48a7b0414db7fed77a03d5dde34508c026afd83510ab6bca08c313855776/aiohttp-3.14.0-cp314-cp314-ios_13_0_x86_64_iphonesimulator.whl", hash = "sha256:a071be341c2bd9b0188e62d173509f024e0a35b1c342c53c50f8daaeda8c3bd8", size = 497357, upload-time = "2026-06-01T19:39:27.197Z" }, + { url = "https://files.pythonhosted.org/packages/75/75/e85a13a370acc007fca5feb1fd1b88ac2d8426e6dadd625479b7cadd55a3/aiohttp-3.14.0-cp314-cp314-macosx_10_15_universal2.whl", hash = "sha256:198cfe61bf253b19da1fb3e0fa122249dc4f14c12709493fed8054aa0411cc76", size = 750898, upload-time = "2026-06-01T19:39:29.563Z" }, + { url = "https://files.pythonhosted.org/packages/9e/e4/3d637f800c724eff0e2bed64df72557444482366fd0a35b0cec0e6968f6c/aiohttp-3.14.0-cp314-cp314-macosx_10_15_x86_64.whl", hash = "sha256:9dc203d6ce6b9106d54e2a93f41dfdfebfbca2d99962ba503bfd3e5921a6549e", size = 506986, upload-time = "2026-06-01T19:39:31.872Z" }, + { url = "https://files.pythonhosted.org/packages/1d/df/35161f3598bf7501d2b2a805b41ab4f45a2e34150c421bcb4ef8c0d281a7/aiohttp-3.14.0-cp314-cp314-macosx_11_0_arm64.whl", hash = "sha256:9e19d17ab02bf16832a2c8c0d55a486792c5b1645665652ee9531aebcc30cb72", size = 508033, upload-time = "2026-06-01T19:39:34.137Z" }, + { url = "https://files.pythonhosted.org/packages/e5/39/b36e5d3d31e850fb4691dd3e941684ac490a2559249f6fa634b6b0fdf020/aiohttp-3.14.0-cp314-cp314-manylinux2014_aarch64.manylinux_2_17_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:d925fba0c14d5b498a8028b0107beebdfd16c5d48d702ff54f879cb017aaaca3", size = 1746213, upload-time = "2026-06-01T19:39:36.654Z" }, + { url = "https://files.pythonhosted.org/packages/b1/28/24e1409e605a9aa5d84abe0e2acb365354b70ae56d40948101cabe3341ab/aiohttp-3.14.0-cp314-cp314-manylinux2014_armv7l.manylinux_2_17_armv7l.manylinux_2_31_armv7l.whl", hash = "sha256:d33e61021222ce7f9792bcac870d6f58d8adfceda33ab857b01264f4560f2c5f", size = 1705862, upload-time = "2026-06-01T19:39:38.968Z" }, + { url = "https://files.pythonhosted.org/packages/8c/d0/e5eb3ff1daeaf644c7e36a957517672494122628e067c38b263fa04eda77/aiohttp-3.14.0-cp314-cp314-manylinux2014_ppc64le.manylinux_2_17_ppc64le.manylinux_2_28_ppc64le.whl", hash = "sha256:44eca38755d0105bb32f47d085f5dd449846a449e1245fc105889e3279dcf8e3", size = 1798909, upload-time = "2026-06-01T19:39:41.334Z" }, + { url = "https://files.pythonhosted.org/packages/d3/ba/8943f906f0570342886ababb9a722a44e360f786a028c5e0b0e29e3f735b/aiohttp-3.14.0-cp314-cp314-manylinux2014_s390x.manylinux_2_17_s390x.manylinux_2_28_s390x.whl", hash = "sha256:f13087e06f68fea4941c21a0c541c00553aa16e4f8fd7bbe2b198df761e964d6", size = 1868892, upload-time = "2026-06-01T19:39:43.807Z" }, + { url = "https://files.pythonhosted.org/packages/3a/05/27df32c844b2156e1675a8d8ec22d963e3c8ba469ed7ceb1863320c7b521/aiohttp-3.14.0-cp314-cp314-manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:ff82be7f1ef73634cb77890a770743239bc3d487b848669be1c599889336dc0a", size = 1751659, upload-time = "2026-06-01T19:39:46.398Z" }, + { url = "https://files.pythonhosted.org/packages/7f/62/da182e5910ab912b2e88aa919b61a16046a37a95714a5795b02eb57b2d18/aiohttp-3.14.0-cp314-cp314-manylinux_2_31_riscv64.manylinux_2_39_riscv64.whl", hash = "sha256:a150c0875ac8fd87f1c398650841308a30d65facf7416b12dbdb9cfdcbe5a48c", size = 1578775, upload-time = "2026-06-01T19:39:48.902Z" }, + { url = "https://files.pythonhosted.org/packages/66/e3/53c67097e8a5ce98625e91e3fa7f43c9c6940de680345d03b3509a72a078/aiohttp-3.14.0-cp314-cp314-musllinux_1_2_aarch64.whl", hash = "sha256:edc01ea4e1ec5a1649a28866262bf24195889ff7b27bdd947029a6086741de9b", size = 1710090, upload-time = "2026-06-01T19:39:51.392Z" }, + { url = "https://files.pythonhosted.org/packages/dd/55/0e2732ca598c7a4dfe8a775662376d0ca2977cb1030e48386d4da5d9a456/aiohttp-3.14.0-cp314-cp314-musllinux_1_2_armv7l.whl", hash = "sha256:540632bf882ff8fc88f2e1697be0761578e89e0d79fb4a8a6d65dc5da7e729d4", size = 1715016, upload-time = "2026-06-01T19:39:53.807Z" }, + { url = "https://files.pythonhosted.org/packages/5a/96/f0b73730798c9ca525afc30b39f1f81bbe24e245d9654c54d3b39d63212d/aiohttp-3.14.0-cp314-cp314-musllinux_1_2_ppc64le.whl", hash = "sha256:860a86bc2c80237f5dff52edcf427e10a8d8352271fd84845429a3e60199e02c", size = 1763810, upload-time = "2026-06-01T19:39:56.31Z" }, + { url = "https://files.pythonhosted.org/packages/71/cc/11acb6c4518f448323405a7312b6f255d0f974a34373ad1db7633c4aadc8/aiohttp-3.14.0-cp314-cp314-musllinux_1_2_riscv64.whl", hash = "sha256:5cbd50e6a50d6b99283a826b18cbdebf65b0797689a7535cb0e9dd37be0f63c3", size = 1573064, upload-time = "2026-06-01T19:39:58.718Z" }, + { url = "https://files.pythonhosted.org/packages/de/2d/28c31dde0a7dc98c0ee7d0da2ddcec3f7688c4fc131e5989e278d0c03c0a/aiohttp-3.14.0-cp314-cp314-musllinux_1_2_s390x.whl", hash = "sha256:20144819e99db593e22bbd2f3f2691a5e149f879142d6b8670254708853ff4fb", size = 1775765, upload-time = "2026-06-01T19:40:01.195Z" }, + { url = "https://files.pythonhosted.org/packages/b8/69/155c4ef3aec96417d47024800472b33b16c5d8a665371dcd044c2afdf25d/aiohttp-3.14.0-cp314-cp314-musllinux_1_2_x86_64.whl", hash = "sha256:26b6d79aa54cb4ed50cc7d41ed14e99e0f1fc8e7c2d42f2e05b37aea897b2b52", size = 1733716, upload-time = "2026-06-01T19:40:03.631Z" }, + { url = "https://files.pythonhosted.org/packages/5f/44/6126116fd8a316b712bb615660b855c78466bb67ba1bb1742427eafcf7ac/aiohttp-3.14.0-cp314-cp314-win32.whl", hash = "sha256:106ed074a856f3e21d186b8579e2c8afb6da598e267cdaab01059e13db2fc44d", size = 453684, upload-time = "2026-06-01T19:40:06.277Z" }, + { url = "https://files.pythonhosted.org/packages/a2/d7/eff4c58a88c5cac5e38b55f44fb8a6d3929c3cbd77356e383e094d3220bd/aiohttp-3.14.0-cp314-cp314-win_amd64.whl", hash = "sha256:4f770846edae8f00ecc57af825bce811f787f87a7dcf0e90d191790efe5b31f7", size = 481758, upload-time = "2026-06-01T19:40:08.653Z" }, + { url = "https://files.pythonhosted.org/packages/d7/ed/17b5bd9fbcb46e688f02e572f517754a9a75831e7b54702f027761dc4fa5/aiohttp-3.14.0-cp314-cp314-win_arm64.whl", hash = "sha256:acf1581c4f21ed4b80a2dded504d87b055a071a84d5737ea966435f768275ac6", size = 450557, upload-time = "2026-06-01T19:40:11.03Z" }, + { url = "https://files.pythonhosted.org/packages/12/34/6180103ce9aabc8ebff3f7bb55a1228ffe60f61042823031d9692cb7b101/aiohttp-3.14.0-cp314-cp314t-macosx_10_15_universal2.whl", hash = "sha256:6aa1a40f9cbb3da9f80714c5966b8946c21e6a2530d809b9498b33161e3c8733", size = 787878, upload-time = "2026-06-01T19:40:13.401Z" }, + { url = "https://files.pythonhosted.org/packages/92/e9/08954a40e8b7baa3d8beadd2b074b186e9b1e9c8ddabc288678a6265de50/aiohttp-3.14.0-cp314-cp314t-macosx_10_15_x86_64.whl", hash = "sha256:b62af5a8cc96a194eaa01a9ed7b34a3ffa58d3d8daaa1a0d7a749353ad12d228", size = 524400, upload-time = "2026-06-01T19:40:15.972Z" }, + { url = "https://files.pythonhosted.org/packages/08/6a/b5965a634ac4d5ba99a463314cf4ab214ca073fcdc38a15e0294273701fc/aiohttp-3.14.0-cp314-cp314t-macosx_11_0_arm64.whl", hash = "sha256:6eb63b1417efaf7d1002a6ad034a40d44376afcc16508a57f8e74b49ad26a095", size = 527904, upload-time = "2026-06-01T19:40:18.28Z" }, + { url = "https://files.pythonhosted.org/packages/06/b4/932bcdd850c354d9bcca30f360e475d7852e30413fbbd44b182782ed5432/aiohttp-3.14.0-cp314-cp314t-manylinux2014_aarch64.manylinux_2_17_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:c20b9ad156a79eb97be5cf9e069eec01d2f0dc8472ffbd75299a8b2d4c2cbbde", size = 1912162, upload-time = "2026-06-01T19:40:20.825Z" }, + { url = "https://files.pythonhosted.org/packages/c6/85/ce79bab0310d2e3fd2d7bc7e44412abeff7c8338f8a21dd0f2f1714989e5/aiohttp-3.14.0-cp314-cp314t-manylinux2014_armv7l.manylinux_2_17_armv7l.manylinux_2_31_armv7l.whl", hash = "sha256:40ae7b0642c25632c7eabc4a04754012691864d2a1b93becf7cddb76027b838a", size = 1778813, upload-time = "2026-06-01T19:40:23.726Z" }, + { url = "https://files.pythonhosted.org/packages/05/54/ba62ac2d1bc87e010aad23751e383b8794e45d931df67677313a2da78823/aiohttp-3.14.0-cp314-cp314t-manylinux2014_ppc64le.manylinux_2_17_ppc64le.manylinux_2_28_ppc64le.whl", hash = "sha256:95f5217e76a046b9f228a101717ef8d42b1eb3d9d196d15202db5bf41df88936", size = 1899969, upload-time = "2026-06-01T19:40:26.406Z" }, + { url = "https://files.pythonhosted.org/packages/dc/82/7cc7907725d83a19f31551334061e1ab8e108b1d7ac52632a2a844a4acb5/aiohttp-3.14.0-cp314-cp314t-manylinux2014_s390x.manylinux_2_17_s390x.manylinux_2_28_s390x.whl", hash = "sha256:1a4a9f17e85b80878c176695c1998c790e83731d8271881e5d356488652a1f9e", size = 1991771, upload-time = "2026-06-01T19:40:29.061Z" }, + { url = "https://files.pythonhosted.org/packages/d0/1c/a57de71a4508c93a830b77c28af3d08cd97f606dedfc6b94275347744508/aiohttp-3.14.0-cp314-cp314t-manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:145262119b07d7f95abc1839add35ba2bfc84551d4b4660ca11542c0b215455b", size = 1868606, upload-time = "2026-06-01T19:40:31.843Z" }, + { url = "https://files.pythonhosted.org/packages/9c/ae/3839726cd49150a53ed340cc24ce5ba09d4c2117020ef9d45542bec5eb2f/aiohttp-3.14.0-cp314-cp314t-manylinux_2_31_riscv64.manylinux_2_39_riscv64.whl", hash = "sha256:49a33ded29b0b2fa7a367a02cf0fb89af602bb87542a16177ec8ce1c9c51d12a", size = 1665437, upload-time = "2026-06-01T19:40:35.01Z" }, + { url = "https://files.pythonhosted.org/packages/35/1e/c237923232c7da7f0392ea25d89fc5e60c0e93f685f4ebca8e7bcdd5271c/aiohttp-3.14.0-cp314-cp314t-musllinux_1_2_aarch64.whl", hash = "sha256:2cc736a9c9fc2bc4dd71fd404815741b6573df27c3f985948ec4076989ac57de", size = 1834090, upload-time = "2026-06-01T19:40:37.733Z" }, + { url = "https://files.pythonhosted.org/packages/98/02/a5a7a2524f92d3911761b405a7c067c751891942144adc13e2ad79611e39/aiohttp-3.14.0-cp314-cp314t-musllinux_1_2_armv7l.whl", hash = "sha256:b4141a3e5342ee3053a9cab54d25b64ed28289c1041e4c54b3d99839314d90ce", size = 1816907, upload-time = "2026-06-01T19:40:40.46Z" }, + { url = "https://files.pythonhosted.org/packages/fa/76/a8b9f0d09234d516af9f2d7dd715557f33b5da3b0b56ead41d1170e86e3c/aiohttp-3.14.0-cp314-cp314t-musllinux_1_2_ppc64le.whl", hash = "sha256:e30871b2d58996cb81aac52d2b1d15ac05257131ef0f90f18c2115a380fbfe7c", size = 1840382, upload-time = "2026-06-01T19:40:43.48Z" }, + { url = "https://files.pythonhosted.org/packages/c9/8e/140e715a0a4bbc211979ea30ec8396ad2ed5bf90ab87d8058fc4668b1923/aiohttp-3.14.0-cp314-cp314t-musllinux_1_2_riscv64.whl", hash = "sha256:667b881d083ccae3900ea5a241e17e5007ca78844c53ed389bb63d48f729d9c7", size = 1659497, upload-time = "2026-06-01T19:40:46.265Z" }, + { url = "https://files.pythonhosted.org/packages/10/c7/7ba5de8af9650b9767b063c675427b8685f43fa7ce563673a7bc3af60f08/aiohttp-3.14.0-cp314-cp314t-musllinux_1_2_s390x.whl", hash = "sha256:b584dfe615d151e9b8f0a8ecb3aee6147f2927ec5b95ba25fe621f5377510928", size = 1870829, upload-time = "2026-06-01T19:40:49.583Z" }, + { url = "https://files.pythonhosted.org/packages/cc/bc/2aaab2f85cadb26ea59c091fa2b8e370d625154b5c14b478f1b489d07551/aiohttp-3.14.0-cp314-cp314t-musllinux_1_2_x86_64.whl", hash = "sha256:6199707cc40e0e9cd39c36fbc97bec416c704e1d0ddce03412bb3b3e6a90ccd0", size = 1832281, upload-time = "2026-06-01T19:40:52.303Z" }, + { url = "https://files.pythonhosted.org/packages/39/98/31b9ad9fbc01f0075ee7221002df5fd2d10b647f451ca5f30edc802d9dd6/aiohttp-3.14.0-cp314-cp314t-win32.whl", hash = "sha256:a8d93334d4961c9d566b1f046c81dee475b7c21eb730728d38237bfa70d1c8e6", size = 490597, upload-time = "2026-06-01T19:40:54.937Z" }, + { url = "https://files.pythonhosted.org/packages/59/1f/299b21441c8de42ff70fddc7cfe65e92f810abcf740739a09b56f7835364/aiohttp-3.14.0-cp314-cp314t-win_amd64.whl", hash = "sha256:2d2ffe9b614f50f069068b3b52e73414e4107fc10b7efc939a76acff9251fdd2", size = 525789, upload-time = "2026-06-01T19:40:57.306Z" }, + { url = "https://files.pythonhosted.org/packages/70/11/7f83fcba9ee05d4c54d61b3f8104da0d43a59adac44dd28effc0c9a10422/aiohttp-3.14.0-cp314-cp314t-win_arm64.whl", hash = "sha256:7a3fc4358e65826c515350f199c210de747cf669998211b1ee6c2e46de364b24", size = 467399, upload-time = "2026-06-01T19:40:59.993Z" }, ] [[package]] From f815552bbe5cf6d23c89f39f23178d38a655d71a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 4 Jun 2026 15:06:05 +0200 Subject: [PATCH 22/65] core: bump uuid from 1.23.1 to 1.23.2 (#22849) Bumps [uuid](https://github.com/uuid-rs/uuid) from 1.23.1 to 1.23.2. - [Release notes](https://github.com/uuid-rs/uuid/releases) - [Commits](https://github.com/uuid-rs/uuid/compare/v1.23.1...v1.23.2) --- updated-dependencies: - dependency-name: uuid dependency-version: 1.23.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- Cargo.lock | 4 ++-- Cargo.toml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index e472aa9469..b475976d63 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -4346,9 +4346,9 @@ checksum = "06abde3611657adf66d383f00b093d7faecc7fa57071cce2578660c9f1010821" [[package]] name = "uuid" -version = "1.23.1" +version = "1.23.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ddd74a9687298c6858e9b88ec8935ec45d22e8fd5e6394fa1bd4e99a87789c76" +checksum = "d258b83ceec21034727ecee8c382cfa6c3e133699b0742c64571814fb420c9f7" dependencies = [ "getrandom 0.4.2", "js-sys", diff --git a/Cargo.toml b/Cargo.toml index 6a2b47b8bd..02f085538f 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -112,7 +112,7 @@ tracing-subscriber = { version = "= 0.3.23", features = [ "tracing-log", ] } url = "= 2.5.8" -uuid = { version = "= 1.23.1", features = ["serde", "v4"] } +uuid = { version = "= 1.23.2", features = ["serde", "v4"] } which = "= 8.0.2" ak-axum = { package = "authentik-axum", version = "2026.8.0-rc1", path = "./packages/ak-axum" } From b83036e8655bdb1056c248c1ceec9dd2e3007c6e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 4 Jun 2026 15:06:10 +0200 Subject: [PATCH 23/65] ci: bump taiki-e/install-action from 2.80.0 to 2.81.1 in /.github/actions/setup (#22848) ci: bump taiki-e/install-action in /.github/actions/setup Bumps [taiki-e/install-action](https://github.com/taiki-e/install-action) from 2.80.0 to 2.81.1. - [Release notes](https://github.com/taiki-e/install-action/releases) - [Changelog](https://github.com/taiki-e/install-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/taiki-e/install-action/compare/50b4a718b59c718df4ef27a3b445f86cd57b9f00...e49978b799e49ff429d162b7a30601a569ab6538) --- updated-dependencies: - dependency-name: taiki-e/install-action dependency-version: 2.81.1 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/actions/setup/action.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/actions/setup/action.yml b/.github/actions/setup/action.yml index 907b997c41..b1e4e70250 100644 --- a/.github/actions/setup/action.yml +++ b/.github/actions/setup/action.yml @@ -64,7 +64,7 @@ runs: rustflags: "" - name: Setup rust dependencies if: ${{ contains(inputs.dependencies, 'rust') }} - uses: taiki-e/install-action@50b4a718b59c718df4ef27a3b445f86cd57b9f00 # v2 + uses: taiki-e/install-action@e49978b799e49ff429d162b7a30601a569ab6538 # v2 with: tool: cargo-deny cargo-machete cargo-llvm-cov nextest - name: Setup node (root, web) From d7ea7f80af7a909bcba5e7d05289cf65364975df Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 4 Jun 2026 15:06:15 +0200 Subject: [PATCH 24/65] core: bump library/node from 26.2.0-trixie to 26.3.0-trixie in /website (#22845) Bumps library/node from 26.2.0-trixie to 26.3.0-trixie. --- updated-dependencies: - dependency-name: library/node dependency-version: 26.3.0-trixie dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- website/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/Dockerfile b/website/Dockerfile index 26d906af60..8b223889e1 100644 --- a/website/Dockerfile +++ b/website/Dockerfile @@ -1,4 +1,4 @@ -FROM --platform=${BUILDPLATFORM} docker.io/library/node:26.2.0-trixie@sha256:980c5420a7a2ddcb44037726977f2a349e5c7b64217516c7488dce4c74d71583 AS docs-builder +FROM --platform=${BUILDPLATFORM} docker.io/library/node:26.3.0-trixie@sha256:e3ffe0cbaeebdcddbfe1ee7bca9b564a92863a8386d5b99a3d72677b3667b61d AS docs-builder ENV NODE_ENV=production From a0547a02ddbe3ff43dcba5999bde0ca3f4519a3d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 4 Jun 2026 15:06:20 +0200 Subject: [PATCH 25/65] core: bump goauthentik/fips-python from `7a06339` to `b332680` in /lifecycle/container (#22844) core: bump goauthentik/fips-python in /lifecycle/container Bumps goauthentik/fips-python from `7a06339` to `b332680`. --- updated-dependencies: - dependency-name: goauthentik/fips-python dependency-version: 3.14.5-slim-trixie-fips dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- lifecycle/container/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lifecycle/container/Dockerfile b/lifecycle/container/Dockerfile index 932dd090b9..abf1ca8625 100644 --- a/lifecycle/container/Dockerfile +++ b/lifecycle/container/Dockerfile @@ -118,7 +118,7 @@ RUN cat /root/.rustup/settings.toml # Stage: Download uv FROM ghcr.io/astral-sh/uv:0.11.19@sha256:b46b03ddfcfbf8f547af7e9eaefdf8a39c8cebcba7c98858d3162bd28cf536f6 AS uv # Stage: Base python image -FROM ghcr.io/goauthentik/fips-python:3.14.5-slim-trixie-fips@sha256:7a0633910cf4aba773a8b7e7ff3fda90c972e3c992894de86c771249e03398ba AS python-base +FROM ghcr.io/goauthentik/fips-python:3.14.5-slim-trixie-fips@sha256:b332680f098882472bc13d5452b7b348bf8e7ef4400588d85aca41acde77c1f4 AS python-base ENV VENV_PATH="/ak-root/.venv" \ PATH="/lifecycle:/ak-root/.venv/bin:$PATH" \ From af9100c8784fc1fa2bb17251c439b129f27b8f0e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 4 Jun 2026 15:06:25 +0200 Subject: [PATCH 26/65] core: bump kubernetes from 35.0.0 to 36.0.0 (#22843) Bumps [kubernetes](https://github.com/kubernetes-client/python) from 35.0.0 to 36.0.0. - [Release notes](https://github.com/kubernetes-client/python/releases) - [Changelog](https://github.com/kubernetes-client/python/blob/master/CHANGELOG.md) - [Commits](https://github.com/kubernetes-client/python/compare/v35.0.0...v36.0.0) --- updated-dependencies: - dependency-name: kubernetes dependency-version: 36.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- pyproject.toml | 2 +- uv.lock | 9 +++++---- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/pyproject.toml b/pyproject.toml index 1501d80ffd..6e236c5440 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -41,7 +41,7 @@ dependencies = [ "gunicorn==26.0.0", "jsonpatch==1.33", "jwcrypto==1.5.7", - "kubernetes==35.0.0", + "kubernetes==36.0.0", "ldap3==2.9.1", "lxml==6.1.1", "msgraph-sdk==1.58.0", diff --git a/uv.lock b/uv.lock index 70847b8d41..0c014f120d 100644 --- a/uv.lock +++ b/uv.lock @@ -397,7 +397,7 @@ requires-dist = [ { name = "gunicorn", specifier = "==26.0.0" }, { name = "jsonpatch", specifier = "==1.33" }, { name = "jwcrypto", specifier = "==1.5.7" }, - { name = "kubernetes", specifier = "==35.0.0" }, + { name = "kubernetes", specifier = "==36.0.0" }, { name = "ldap3", specifier = "==2.9.1" }, { name = "lxml", specifier = "==6.1.1" }, { name = "msgraph-sdk", specifier = "==1.58.0" }, @@ -2058,9 +2058,10 @@ wheels = [ [[package]] name = "kubernetes" -version = "35.0.0" +version = "36.0.0" source = { registry = "https://pypi.org/simple" } dependencies = [ + { name = "aiohttp" }, { name = "certifi" }, { name = "durationpy" }, { name = "python-dateutil" }, @@ -2071,9 +2072,9 @@ dependencies = [ { name = "urllib3" }, { name = "websocket-client" }, ] -sdist = { url = "https://files.pythonhosted.org/packages/2c/8f/85bf51ad4150f64e8c665daf0d9dfe9787ae92005efb9a4d1cba592bd79d/kubernetes-35.0.0.tar.gz", hash = "sha256:3d00d344944239821458b9efd484d6df9f011da367ecb155dadf9513f05f09ee", size = 1094642, upload-time = "2026-01-16T01:05:27.76Z" } +sdist = { url = "https://files.pythonhosted.org/packages/bf/59/dc635e4e9afb3884bc5c57f14fe23783e4c04601aa20b835ac75c41d1625/kubernetes-36.0.0.tar.gz", hash = "sha256:027b606bb8032e6c6464a53236bdd9bd9a94c237e1063bc45a303c25b304ced9", size = 2346728, upload-time = "2026-05-20T20:44:24.28Z" } wheels = [ - { url = "https://files.pythonhosted.org/packages/0c/70/05b685ea2dffcb2adbf3cdcea5d8865b7bc66f67249084cf845012a0ff13/kubernetes-35.0.0-py2.py3-none-any.whl", hash = "sha256:39e2b33b46e5834ef6c3985ebfe2047ab39135d41de51ce7641a7ca5b372a13d", size = 2017602, upload-time = "2026-01-16T01:05:25.991Z" }, + { url = "https://files.pythonhosted.org/packages/cd/d2/6f99ca9c7eb961dfdd45b9643101399a8ee20922c662c362c91e9cc7e832/kubernetes-36.0.0-py2.py3-none-any.whl", hash = "sha256:a766433357ec9f90db7565cccf52e28e7fca40b0ef366c80a6022adbc0ac0425", size = 4660469, upload-time = "2026-05-20T20:44:20.893Z" }, ] [[package]] From 5c020d9bac102a22361e255e6ad88b84a6fb0b9f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 4 Jun 2026 15:06:31 +0200 Subject: [PATCH 27/65] core: bump django-prometheus from 2.4.1 to 2.5.0 (#22840) Bumps [django-prometheus](https://github.com/korfuri/django-prometheus) from 2.4.1 to 2.5.0. - [Release notes](https://github.com/korfuri/django-prometheus/releases) - [Changelog](https://github.com/django-commons/django-prometheus/blob/master/CHANGELOG.md) - [Commits](https://github.com/korfuri/django-prometheus/compare/v2.4.1...v2.5.0) --- updated-dependencies: - dependency-name: django-prometheus dependency-version: 2.5.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- pyproject.toml | 2 +- uv.lock | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/pyproject.toml b/pyproject.toml index 6e236c5440..ea039dbe18 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -22,7 +22,7 @@ dependencies = [ "django-pgtrigger==4.17.0", "django-postgres-cache", "django-postgres-extra==2.0.9", - "django-prometheus==2.4.1", + "django-prometheus==2.5.0", "django-storages[s3]==1.14.6", "django-tenants==3.10.1", "django==5.2.14", diff --git a/uv.lock b/uv.lock index 0c014f120d..b6585a4bba 100644 --- a/uv.lock +++ b/uv.lock @@ -379,7 +379,7 @@ requires-dist = [ { name = "django-pgtrigger", specifier = "==4.17.0" }, { name = "django-postgres-cache", editable = "packages/django-postgres-cache" }, { name = "django-postgres-extra", specifier = "==2.0.9" }, - { name = "django-prometheus", specifier = "==2.4.1" }, + { name = "django-prometheus", specifier = "==2.5.0" }, { name = "django-storages", extras = ["s3"], specifier = "==1.14.6" }, { name = "django-tenants", specifier = "==3.10.1" }, { name = "djangoql", specifier = "==0.19.1" }, @@ -1286,15 +1286,15 @@ wheels = [ [[package]] name = "django-prometheus" -version = "2.4.1" +version = "2.5.0" source = { registry = "https://pypi.org/simple" } dependencies = [ { name = "django" }, { name = "prometheus-client" }, ] -sdist = { url = "https://files.pythonhosted.org/packages/98/f4/cb39ddd2a41e07a274c4e162c076e906ae232d63b66bbabdea0300878877/django_prometheus-2.4.1.tar.gz", hash = "sha256:073628243d2a6de6a8a8c20e5b512872dfb85d66e1b60b28bcf1eca0155dad95", size = 24464, upload-time = "2025-06-25T15:45:37.149Z" } +sdist = { url = "https://files.pythonhosted.org/packages/7b/c7/dc39c4c19f7b35e827a486d08376de1fad31c50decb26c56e32668314f13/django_prometheus-2.5.0.tar.gz", hash = "sha256:4837b3c3734d8350880839ab8235aafd250b668c348e159d4aecc3cbefeee53e", size = 26465, upload-time = "2026-05-26T19:04:00.77Z" } wheels = [ - { url = "https://files.pythonhosted.org/packages/01/50/9c5e022fa92574e5d20606687f15a2aa255e10512a17d11a8216fa117f72/django_prometheus-2.4.1-py2.py3-none-any.whl", hash = "sha256:7fe5af7f7c9ad9cd8a429fe0f3f1bf651f0e244f77162147869eab7ec09cc5e7", size = 29541, upload-time = "2025-06-25T15:45:35.433Z" }, + { url = "https://files.pythonhosted.org/packages/5d/5d/6ec3083ba69545696c962ae505a0e52e280e7592d4c278c2f3803cabb688/django_prometheus-2.5.0-py2.py3-none-any.whl", hash = "sha256:f15efb526cd53f9cf12da72dc55506322f5566b017a819ff27be1da302303134", size = 31801, upload-time = "2026-05-26T19:03:59.505Z" }, ] [[package]] From c758e30a1eeed967741a14f7243142f1c0201fd1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 4 Jun 2026 15:06:36 +0200 Subject: [PATCH 28/65] core: bump library/node from `1e738cb` to `aa27a5f` in /lifecycle/container (#22839) core: bump library/node in /lifecycle/container Bumps library/node from `1e738cb` to `aa27a5f`. --- updated-dependencies: - dependency-name: library/node dependency-version: '26' dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- lifecycle/container/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lifecycle/container/Dockerfile b/lifecycle/container/Dockerfile index abf1ca8625..02404df8f8 100644 --- a/lifecycle/container/Dockerfile +++ b/lifecycle/container/Dockerfile @@ -1,7 +1,7 @@ # syntax=docker/dockerfile:1 # Stage: Build webui -FROM --platform=${BUILDPLATFORM} docker.io/library/node:26-trixie-slim@sha256:1e738cb88890a15c71880323fbc35a739b7bbc703d72e8bfd1613128f8182f78 AS node-builder +FROM --platform=${BUILDPLATFORM} docker.io/library/node:26-trixie-slim@sha256:aa27a5fbf5acb298116a38133794f080406c6f8dfe52e2e2836bb55dc7cae8f0 AS node-builder ARG GIT_BUILD_HASH ENV GIT_BUILD_HASH=$GIT_BUILD_HASH From 7263b890d20068e7dd3e57168058dd031755993b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 4 Jun 2026 15:06:41 +0200 Subject: [PATCH 29/65] web: bump @sentry/browser from 10.53.1 to 10.54.0 in /web in the sentry group across 1 directory (#22836) web: bump @sentry/browser in /web in the sentry group across 1 directory Bumps the sentry group with 1 update in the /web directory: [@sentry/browser](https://github.com/getsentry/sentry-javascript). Updates `@sentry/browser` from 10.53.1 to 10.54.0 - [Release notes](https://github.com/getsentry/sentry-javascript/releases) - [Changelog](https://github.com/getsentry/sentry-javascript/blob/develop/CHANGELOG.md) - [Commits](https://github.com/getsentry/sentry-javascript/compare/10.53.1...10.54.0) --- updated-dependencies: - dependency-name: "@sentry/browser" dependency-version: 10.54.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: sentry ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- web/package-lock.json | 60 +++++++++++++++++++++---------------------- web/package.json | 2 +- 2 files changed, 31 insertions(+), 31 deletions(-) diff --git a/web/package-lock.json b/web/package-lock.json index efb133241a..b061342dcd 100644 --- a/web/package-lock.json +++ b/web/package-lock.json @@ -44,7 +44,7 @@ "@patternfly/elements": "^4.4.0", "@patternfly/patternfly": "^4.224.2", "@playwright/test": "^1.60.0", - "@sentry/browser": "^10.53.1", + "@sentry/browser": "^10.54.0", "@storybook/addon-docs": "^10.4.0", "@storybook/addon-links": "^10.4.0", "@storybook/web-components": "^10.4.0", @@ -3838,75 +3838,75 @@ "license": "MIT" }, "node_modules/@sentry-internal/browser-utils": { - "version": "10.53.1", - "resolved": "https://registry.npmjs.org/@sentry-internal/browser-utils/-/browser-utils-10.53.1.tgz", - "integrity": "sha512-X4d6y8sBMjmNhcDW4eMBU3ASsNIMz8dqaFkhyIMN/dkYr/yZKnbRZPaVuVUGvHKjnlficPpIH0/HK9KBjrYxPw==", + "version": "10.54.0", + "resolved": "https://registry.npmjs.org/@sentry-internal/browser-utils/-/browser-utils-10.54.0.tgz", + "integrity": "sha512-Cz6NzYFmWJlHh1tvtltKsmLl+1jlseQaPXk18Z0P1g6lXAwhT3aJ99x7vDm4jwCzcJ12qAa8Oga8T3C23Ihijw==", "license": "MIT", "dependencies": { - "@sentry/core": "10.53.1" + "@sentry/core": "10.54.0" }, "engines": { "node": ">=18" } }, "node_modules/@sentry-internal/feedback": { - "version": "10.53.1", - "resolved": "https://registry.npmjs.org/@sentry-internal/feedback/-/feedback-10.53.1.tgz", - "integrity": "sha512-vVpTI/aEYN5d9IgZeYJWMqVaN0+iFgidSrYNAsZTh1US5sJUzF/wrl+68KdpmCtFROrN3jiAn1oPSwL5CKvEJA==", + "version": "10.54.0", + "resolved": "https://registry.npmjs.org/@sentry-internal/feedback/-/feedback-10.54.0.tgz", + "integrity": "sha512-14D+TPgi75zogGQ/EWwtIm34FVWP34gso4SfJZRAoHiQrRfd907q8/7MTXNItxi81x79cH9vweu/o55LBml6MA==", "license": "MIT", "dependencies": { - "@sentry/core": "10.53.1" + "@sentry/core": "10.54.0" }, "engines": { "node": ">=18" } }, "node_modules/@sentry-internal/replay": { - "version": "10.53.1", - "resolved": "https://registry.npmjs.org/@sentry-internal/replay/-/replay-10.53.1.tgz", - "integrity": "sha512-wZNzTBYkgGUPWMuUQv7L64+OJmoCnz7GQNiTrTFK6EVAjJXFBCSsPp/nhif0bLhbk8+0g4xz633uOhpXuQbFdw==", + "version": "10.54.0", + "resolved": "https://registry.npmjs.org/@sentry-internal/replay/-/replay-10.54.0.tgz", + "integrity": "sha512-B7eicNhAomJ7bGihJO7mCw7pZ8FFo/THQgGPo85VR3FaJVCCot20WxVgvhjc7IVBQVlaaxSrnlUFvA+yHjszqQ==", "license": "MIT", "dependencies": { - "@sentry-internal/browser-utils": "10.53.1", - "@sentry/core": "10.53.1" + "@sentry-internal/browser-utils": "10.54.0", + "@sentry/core": "10.54.0" }, "engines": { "node": ">=18" } }, "node_modules/@sentry-internal/replay-canvas": { - "version": "10.53.1", - "resolved": "https://registry.npmjs.org/@sentry-internal/replay-canvas/-/replay-canvas-10.53.1.tgz", - "integrity": "sha512-aueLaf/2prExwA76BGU5/bOXCKWqtt6jQXWA6WJQNrmKpPEtZJB4ypnpsou0McXQCF8tur2Y8U0TEkwQP13yJQ==", + "version": "10.54.0", + "resolved": "https://registry.npmjs.org/@sentry-internal/replay-canvas/-/replay-canvas-10.54.0.tgz", + "integrity": "sha512-CGsH019npxnU5cocVDoZKod7JaQtaM6JiR6e2fI8tDwssohJAxP616UQTmoTtBLe3yLG18P4e1BxMxYZFalZEQ==", "license": "MIT", "dependencies": { - "@sentry-internal/replay": "10.53.1", - "@sentry/core": "10.53.1" + "@sentry-internal/replay": "10.54.0", + "@sentry/core": "10.54.0" }, "engines": { "node": ">=18" } }, "node_modules/@sentry/browser": { - "version": "10.53.1", - "resolved": "https://registry.npmjs.org/@sentry/browser/-/browser-10.53.1.tgz", - "integrity": "sha512-zXF373hzUOGzUOrqd8xb1U3LQi5uYC3mwv+z5OMKUUinQlu30tTWBs7ypy6YTchtix9QlYaHWlayUF8vBZ5UjA==", + "version": "10.54.0", + "resolved": "https://registry.npmjs.org/@sentry/browser/-/browser-10.54.0.tgz", + "integrity": "sha512-XYuAA2E4Hf6NOJiP3PqczPgBhFUEsEAh+avgxcYTjTwYdr+Nh5XmDxXATr6RxXUvRASTiYN9zNWyK2o9kEDloA==", "license": "MIT", "dependencies": { - "@sentry-internal/browser-utils": "10.53.1", - "@sentry-internal/feedback": "10.53.1", - "@sentry-internal/replay": "10.53.1", - "@sentry-internal/replay-canvas": "10.53.1", - "@sentry/core": "10.53.1" + "@sentry-internal/browser-utils": "10.54.0", + "@sentry-internal/feedback": "10.54.0", + "@sentry-internal/replay": "10.54.0", + "@sentry-internal/replay-canvas": "10.54.0", + "@sentry/core": "10.54.0" }, "engines": { "node": ">=18" } }, "node_modules/@sentry/core": { - "version": "10.53.1", - "resolved": "https://registry.npmjs.org/@sentry/core/-/core-10.53.1.tgz", - "integrity": "sha512-XG4ezlkyuAPjBC5+9kXC94rXXuqYTw9NRhfaDHssbTFaGnqBR8vQX2UUgZfY7ucbeelRDGfBu1sywoU+mB04uA==", + "version": "10.54.0", + "resolved": "https://registry.npmjs.org/@sentry/core/-/core-10.54.0.tgz", + "integrity": "sha512-yC/bc8N5ut6vk9X/ugTnIFAbzaSZ2uGoKiHRGzt7VseDIrjXk5ENDJP0m7Rbchuozr41kBv2QB3mPcHUhfB43w==", "license": "MIT", "engines": { "node": ">=18" diff --git a/web/package.json b/web/package.json index c43c69a631..409cd0dc01 100644 --- a/web/package.json +++ b/web/package.json @@ -119,7 +119,7 @@ "@patternfly/elements": "^4.4.0", "@patternfly/patternfly": "^4.224.2", "@playwright/test": "^1.60.0", - "@sentry/browser": "^10.53.1", + "@sentry/browser": "^10.54.0", "@storybook/addon-docs": "^10.4.0", "@storybook/addon-links": "^10.4.0", "@storybook/web-components": "^10.4.0", From 835d2e5a37af2ea29c980d858392d9edf68e6f4b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 4 Jun 2026 15:06:47 +0200 Subject: [PATCH 30/65] core: bump goauthentik/selenium from 148.0-ak-0.43.1 to 148.0-ak-0.43.2 in /tests/e2e (#22835) core: bump goauthentik/selenium in /tests/e2e Bumps [goauthentik/selenium](https://github.com/SeleniumHQ/docker-selenium) from 148.0-ak-0.43.1 to 148.0-ak-0.43.2. - [Release notes](https://github.com/SeleniumHQ/docker-selenium/releases) - [Commits](https://github.com/SeleniumHQ/docker-selenium/commits) --- updated-dependencies: - dependency-name: goauthentik/selenium dependency-version: 148.0-ak-0.43.2 dependency-type: direct:production ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- tests/e2e/compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/e2e/compose.yml b/tests/e2e/compose.yml index 66b557be73..73c8677c5b 100644 --- a/tests/e2e/compose.yml +++ b/tests/e2e/compose.yml @@ -1,6 +1,6 @@ services: chromium: - image: ghcr.io/goauthentik/selenium:148.0-ak-0.43.1 + image: ghcr.io/goauthentik/selenium:148.0-ak-0.43.2 shm_size: 2g network_mode: host restart: always From ff7424ff7865c789622c2f2e73a1bf733d428ce1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 4 Jun 2026 15:06:54 +0200 Subject: [PATCH 31/65] lifecycle/aws: bump aws-cdk from 2.1124.1 to 2.1125.0 in /lifecycle/aws (#22834) Bumps [aws-cdk](https://github.com/aws/aws-cdk-cli/tree/HEAD/packages/aws-cdk) from 2.1124.1 to 2.1125.0. - [Release notes](https://github.com/aws/aws-cdk-cli/releases) - [Commits](https://github.com/aws/aws-cdk-cli/commits/aws-cdk@v2.1125.0/packages/aws-cdk) --- updated-dependencies: - dependency-name: aws-cdk dependency-version: 2.1125.0 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- lifecycle/aws/package-lock.json | 8 ++++---- lifecycle/aws/package.json | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/lifecycle/aws/package-lock.json b/lifecycle/aws/package-lock.json index 82e86109b7..6dc3577f04 100644 --- a/lifecycle/aws/package-lock.json +++ b/lifecycle/aws/package-lock.json @@ -9,7 +9,7 @@ "version": "0.0.0", "license": "MIT", "devDependencies": { - "aws-cdk": "^2.1124.1", + "aws-cdk": "^2.1125.0", "cross-env": "^10.1.0" }, "engines": { @@ -25,9 +25,9 @@ "license": "MIT" }, "node_modules/aws-cdk": { - "version": "2.1124.1", - "resolved": "https://registry.npmjs.org/aws-cdk/-/aws-cdk-2.1124.1.tgz", - "integrity": "sha512-sRYdPMdkX+02EHaT946AFV0w0CMfbHKWpLZPv525xTCkaVu1eYu6DzHFuTdimxdSN0uGQ2D4LHrD1sr94tRhow==", + "version": "2.1125.0", + "resolved": "https://registry.npmjs.org/aws-cdk/-/aws-cdk-2.1125.0.tgz", + "integrity": "sha512-QAvsE2XQMcyNOjMMqAS7eDADR9t6vcFcMQvhOmtLfDqgfJXSyTkHvzM5zgwZCdJ4FNqWr5Y/zXvL1Cv5ECKXwQ==", "dev": true, "license": "Apache-2.0", "bin": { diff --git a/lifecycle/aws/package.json b/lifecycle/aws/package.json index 7a4204b857..51ec72589c 100644 --- a/lifecycle/aws/package.json +++ b/lifecycle/aws/package.json @@ -7,7 +7,7 @@ "aws-cfn": "cross-env CI=false cdk synth --version-reporting=false > template.yaml" }, "devDependencies": { - "aws-cdk": "^2.1124.1", + "aws-cdk": "^2.1125.0", "cross-env": "^10.1.0" }, "engines": { From 31eff5b608f8c9692dbe4de20ce70922eeb74e59 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 4 Jun 2026 15:07:00 +0200 Subject: [PATCH 32/65] core: bump github.com/go-openapi/runtime from 0.31.0 to 0.32.2 (#22832) Bumps [github.com/go-openapi/runtime](https://github.com/go-openapi/runtime) from 0.31.0 to 0.32.2. - [Release notes](https://github.com/go-openapi/runtime/releases) - [Commits](https://github.com/go-openapi/runtime/compare/v0.31.0...v0.32.2) --- updated-dependencies: - dependency-name: github.com/go-openapi/runtime dependency-version: 0.32.2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 12 ++++++------ 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/go.mod b/go.mod index 27da6d51e2..23232b6286 100644 --- a/go.mod +++ b/go.mod @@ -10,7 +10,7 @@ require ( github.com/getsentry/sentry-go v0.46.2 github.com/go-http-utils/etag v0.0.0-20161124023236-513ea8f21eb1 github.com/go-ldap/ldap/v3 v3.4.13 - github.com/go-openapi/runtime v0.31.0 + github.com/go-openapi/runtime v0.32.2 github.com/golang-jwt/jwt/v5 v5.3.1 github.com/google/uuid v1.6.0 github.com/gorilla/handlers v1.5.2 diff --git a/go.sum b/go.sum index c0db133976..18f422fc63 100644 --- a/go.sum +++ b/go.sum @@ -51,8 +51,8 @@ github.com/go-openapi/jsonreference v0.21.5 h1:6uCGVXU/aNF13AQNggxfysJ+5ZcU4nEAe github.com/go-openapi/jsonreference v0.21.5/go.mod h1:u25Bw85sX4E2jzFodh1FOKMTZLcfifd1Q+iKKOUxExw= github.com/go-openapi/loads v0.23.3 h1:g5Xap1JfwKkUnZdn+S0L3SzBDpcTIYzZ5Qaag0YDkKQ= github.com/go-openapi/loads v0.23.3/go.mod h1:NOH07zLajXo8y55hom0omlHWDVVvCwBM/S+csCK8LqA= -github.com/go-openapi/runtime v0.31.0 h1:vhmlo1LMjGXYTlYB0eFm0tTVuAidDHtmrL1nAABzUCg= -github.com/go-openapi/runtime v0.31.0/go.mod h1:fZnoje1YWt7IrH/fHBOS1h9+VzeS1d0cHj8TTkZOaRc= +github.com/go-openapi/runtime v0.32.2 h1:X9mZz716lFwYZ6bFV1BBnthNdHTy46zKM5Em4D1UISI= +github.com/go-openapi/runtime v0.32.2/go.mod h1:IfM3cpgencPuwBp5Uo16i2IQaE74odL7Q4DCGovIQac= github.com/go-openapi/runtime/server-middleware v0.30.0 h1:8rPoJ/xv7JL8BsovaqboKETlpWBArVh8n+0L/GyePog= github.com/go-openapi/runtime/server-middleware v0.30.0/go.mod h1:OYNT/TxNvB/VK5oe4htM2jDTwlEXuejVJmu0DVZfAMs= github.com/go-openapi/spec v0.22.4 h1:4pxGjipMKu0FzFiu/DPwN3CTBRlVM2yLf/YTWorYfDQ= @@ -79,10 +79,10 @@ github.com/go-openapi/swag/typeutils v0.26.0 h1:2kdEwdiNWy+JJdOvu5MA2IIg2SylWAFu github.com/go-openapi/swag/typeutils v0.26.0/go.mod h1:oovDuIUvTrEHVMqWilQzKzV4YlSKgyZmFh7AlfABNVE= github.com/go-openapi/swag/yamlutils v0.26.0 h1:H7O8l/8NJJQ/oiReEN+oMpnGMyt8G0hl460nRZxhLMQ= github.com/go-openapi/swag/yamlutils v0.26.0/go.mod h1:1evKEGAtP37Pkwcc7EWMF0hedX0/x3Rkvei2wtG/TbU= -github.com/go-openapi/testify/enable/yaml/v2 v2.5.0 h1:3hZD1fwydvCx/cc1R2uYNQirHqf2s6lqpKV3FcNTURA= -github.com/go-openapi/testify/enable/yaml/v2 v2.5.0/go.mod h1:TvDZKBH7ZbMaF3EqH2AwTvNQCmzyZq8K1agRjf1B+Nk= -github.com/go-openapi/testify/v2 v2.5.0 h1:UOCr63aAsMIDydZbZGqo5Ev01D4eydItRbekDuZMJLw= -github.com/go-openapi/testify/v2 v2.5.0/go.mod h1:SgsVHtfooshd0tublTtJ50FPKhujf47YRqauXXOUxfw= +github.com/go-openapi/testify/enable/yaml/v2 v2.5.1 h1:q9NtHwK4qHF7yZziBPvZyv7zWAIk8ok88Gh2mR6Jpc8= +github.com/go-openapi/testify/enable/yaml/v2 v2.5.1/go.mod h1:JW0MXIotCYps/XsgJnG3a8Q7rE5xAiBwoOD5OfaIQBk= +github.com/go-openapi/testify/v2 v2.5.1 h1:TMdhCaw8fUNraVSf3Omoob1dO/AzBfhtFAPW0an6sBo= +github.com/go-openapi/testify/v2 v2.5.1/go.mod h1:SgsVHtfooshd0tublTtJ50FPKhujf47YRqauXXOUxfw= github.com/go-openapi/validate v0.25.2 h1:12NsfLAwGegqbGWr2CnvT65X/Q2USJipmJ9b7xDJZz0= github.com/go-openapi/validate v0.25.2/go.mod h1:Pgl1LpPPGFnZ+ys4/hTlDiRYQdI1ocKypgE+8Q8BLfY= github.com/go-viper/mapstructure/v2 v2.5.0 h1:vM5IJoUAy3d7zRSVtIwQgBj7BiWtMPfmPEgAXnvj1Ro= From 3aa275fd8cb9bd294058490caa90b34cc8387c54 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 4 Jun 2026 16:01:01 +0200 Subject: [PATCH 33/65] web: bump the bundler group across 1 directory with 3 updates (#22847) Bumps the bundler group with 1 update in the /web directory: [@vitest/browser](https://github.com/vitest-dev/vitest/tree/HEAD/packages/browser). Updates `@vitest/browser` from 4.1.6 to 4.1.7 - [Release notes](https://github.com/vitest-dev/vitest/releases) - [Changelog](https://github.com/vitest-dev/vitest/blob/main/docs/releases.md) - [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.7/packages/browser) Updates `@vitest/browser-playwright` from 4.1.6 to 4.1.7 - [Release notes](https://github.com/vitest-dev/vitest/releases) - [Changelog](https://github.com/vitest-dev/vitest/blob/main/docs/releases.md) - [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.7/packages/browser-playwright) Updates `vitest` from 4.1.6 to 4.1.7 - [Release notes](https://github.com/vitest-dev/vitest/releases) - [Changelog](https://github.com/vitest-dev/vitest/blob/main/docs/releases.md) - [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.7/packages/vitest) --- updated-dependencies: - dependency-name: "@vitest/browser" dependency-version: 4.1.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: bundler - dependency-name: "@vitest/browser-playwright" dependency-version: 4.1.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: bundler - dependency-name: vitest dependency-version: 4.1.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: bundler ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- web/package-lock.json | 114 +++++++++++++++++++++--------------------- web/package.json | 2 +- 2 files changed, 58 insertions(+), 58 deletions(-) diff --git a/web/package-lock.json b/web/package-lock.json index b061342dcd..32b9fb7547 100644 --- a/web/package-lock.json +++ b/web/package-lock.json @@ -59,7 +59,7 @@ "@typescript-eslint/parser": "^8.57.2", "@typescript-eslint/utils": "^8.57.2", "@typescript/native-preview": "^7.0.0-dev.20260510.1", - "@vitest/browser": "^4.1.6", + "@vitest/browser": "^4.1.7", "@vitest/browser-playwright": "^4.1.6", "@webcomponents/webcomponentsjs": "^2.8.0", "base64-js": "^1.5.1", @@ -6032,14 +6032,14 @@ } }, "node_modules/@vitest/browser": { - "version": "4.1.6", - "resolved": "https://registry.npmjs.org/@vitest/browser/-/browser-4.1.6.tgz", - "integrity": "sha512-ynsspTubXGSpa58JFJ24xIQt4z4A25epSbugEyaTmmrV1//Wec9EgE/LtoaC6yxUrXi5P7erGHRrkdZIHaVQuA==", + "version": "4.1.7", + "resolved": "https://registry.npmjs.org/@vitest/browser/-/browser-4.1.7.tgz", + "integrity": "sha512-N2JFGfXoEGVAut+kHeru9dD4BUMq/q5xDvBARNl0tUsly3m5KglLOu8VO/6MkDfOlgxXTycojkt6gBKsuyR+IQ==", "license": "MIT", "dependencies": { "@blazediff/core": "1.9.1", - "@vitest/mocker": "4.1.6", - "@vitest/utils": "4.1.6", + "@vitest/mocker": "4.1.7", + "@vitest/utils": "4.1.7", "magic-string": "^0.30.21", "pngjs": "^7.0.0", "sirv": "^3.0.2", @@ -6050,17 +6050,17 @@ "url": "https://opencollective.com/vitest" }, "peerDependencies": { - "vitest": "4.1.6" + "vitest": "4.1.7" } }, "node_modules/@vitest/browser-playwright": { - "version": "4.1.6", - "resolved": "https://registry.npmjs.org/@vitest/browser-playwright/-/browser-playwright-4.1.6.tgz", - "integrity": "sha512-4csoeyl/qwHyxU2zNL0++WaoDr8YJDXOQPwWPNJoTZ+QzcdO3INYKgF5Zfz730Io7zbkuv914aZmfQ+QE+1Hvw==", + "version": "4.1.7", + "resolved": "https://registry.npmjs.org/@vitest/browser-playwright/-/browser-playwright-4.1.7.tgz", + "integrity": "sha512-OlTlJej7YN6VwV7zJJoNeaCsctF+JXpzpZ4oBHUbrQFfIq+0KW2f07rprCLh9N/zRIZ0v4Mchn1QDDmWMUhPKw==", "license": "MIT", "dependencies": { - "@vitest/browser": "4.1.6", - "@vitest/mocker": "4.1.6", + "@vitest/browser": "^4.1.7", + "@vitest/mocker": "4.1.7", "tinyrainbow": "^3.1.0" }, "funding": { @@ -6068,7 +6068,7 @@ }, "peerDependencies": { "playwright": "*", - "vitest": "4.1.6" + "vitest": "4.1.7" }, "peerDependenciesMeta": { "playwright": { @@ -6140,12 +6140,12 @@ } }, "node_modules/@vitest/mocker": { - "version": "4.1.6", - "resolved": "https://registry.npmjs.org/@vitest/mocker/-/mocker-4.1.6.tgz", - "integrity": "sha512-MCFc63czMjEInOlcY2cpQCvCN+KgbAn+60xu9cMgP4sKaLC5JNAKw7JH8QdAnoAC88hW1IiSNZ+GgVXlN1UcMQ==", + "version": "4.1.7", + "resolved": "https://registry.npmjs.org/@vitest/mocker/-/mocker-4.1.7.tgz", + "integrity": "sha512-vY7nuamKgfvpA1Koa3oYIw/k7D6kZnpGyNMZW8loow2bsBYla1TFdqTaXncWdRn4pgwNs+90RhnXhJScDwQeJA==", "license": "MIT", "dependencies": { - "@vitest/spy": "4.1.6", + "@vitest/spy": "4.1.7", "estree-walker": "^3.0.3", "magic-string": "^0.30.21" }, @@ -6166,9 +6166,9 @@ } }, "node_modules/@vitest/pretty-format": { - "version": "4.1.6", - "resolved": "https://registry.npmjs.org/@vitest/pretty-format/-/pretty-format-4.1.6.tgz", - "integrity": "sha512-h5SxD/IzNhZYnrSZRsUZQIC+vD0GY8cUvq0iwsmkFKixRCKLLWqCXa/FIQ4S1R+sI+PGoojkHsdNrbZiM9Qpgw==", + "version": "4.1.7", + "resolved": "https://registry.npmjs.org/@vitest/pretty-format/-/pretty-format-4.1.7.tgz", + "integrity": "sha512-umgCarTOYQWIaDMvGDRZij+6b9oVeLIyJzfN+AS88e0ZOU3QTgNNSTtjQOpcvWr3np1N0j4WgZj+sb3oYBDscw==", "license": "MIT", "dependencies": { "tinyrainbow": "^3.1.0" @@ -6178,12 +6178,12 @@ } }, "node_modules/@vitest/runner": { - "version": "4.1.6", - "resolved": "https://registry.npmjs.org/@vitest/runner/-/runner-4.1.6.tgz", - "integrity": "sha512-nOPCmn2+yD0ZNmKdsXGv/UxMMWbMuKeD6GyYncNwdkYDxpQvrPSKYj2rWuDjC2Y4b6w6hjip5dBKFzEUuZe3vA==", + "version": "4.1.7", + "resolved": "https://registry.npmjs.org/@vitest/runner/-/runner-4.1.7.tgz", + "integrity": "sha512-BapjmAQ2aI78WdMEfeUWivnfVzB+VPGwWRQcJE0OUq7qEeEcBsCSf+0T5iREBNE5nBb4wA5Ya0W6IA+sghdEFw==", "license": "MIT", "dependencies": { - "@vitest/utils": "4.1.6", + "@vitest/utils": "4.1.7", "pathe": "^2.0.3" }, "funding": { @@ -6191,13 +6191,13 @@ } }, "node_modules/@vitest/snapshot": { - "version": "4.1.6", - "resolved": "https://registry.npmjs.org/@vitest/snapshot/-/snapshot-4.1.6.tgz", - "integrity": "sha512-YhsdE6xAVfTDmzjxL2ZDUvjj+ZsgyOKe+TdQzqkD72wIOmHka8NuGQ6NpTNZv9D2Z63fbwWKJPeVpEw4EQgYxw==", + "version": "4.1.7", + "resolved": "https://registry.npmjs.org/@vitest/snapshot/-/snapshot-4.1.7.tgz", + "integrity": "sha512-ZacLzja+TmJeZ1h14xW2FB/WpeimUD3haBXQPyJqxvo8jQTmfeA8zv58mtjN2C7EHXZDYVcVYdYmAxjkWVvKCw==", "license": "MIT", "dependencies": { - "@vitest/pretty-format": "4.1.6", - "@vitest/utils": "4.1.6", + "@vitest/pretty-format": "4.1.7", + "@vitest/utils": "4.1.7", "magic-string": "^0.30.21", "pathe": "^2.0.3" }, @@ -6206,21 +6206,21 @@ } }, "node_modules/@vitest/spy": { - "version": "4.1.6", - "resolved": "https://registry.npmjs.org/@vitest/spy/-/spy-4.1.6.tgz", - "integrity": "sha512-JFKxMx6udhwKh/Ldo270e17QX710vgunMkuPAvXjHSvC6oqLWAHhVhjg/I71q0u0CBSErIODV1Kjv0FQNSWjdg==", + "version": "4.1.7", + "resolved": "https://registry.npmjs.org/@vitest/spy/-/spy-4.1.7.tgz", + "integrity": "sha512-kbkI5LMWakyuTIvs6fUJ5qdIVb1XVKsYJAT4OJ938cHMROYMSfmoQdZy0aaAnjbbc8F61vkoTqz/Az+/HiIu5Q==", "license": "MIT", "funding": { "url": "https://opencollective.com/vitest" } }, "node_modules/@vitest/utils": { - "version": "4.1.6", - "resolved": "https://registry.npmjs.org/@vitest/utils/-/utils-4.1.6.tgz", - "integrity": "sha512-FxIY+U81R3LGKCxaHHFRQ5+g6/iRgGLmeHWdp2Amj4ljQRrEIWHmZyDfDYBRZlpyqA7qKxtS9DD1dhk8RnRIVQ==", + "version": "4.1.7", + "resolved": "https://registry.npmjs.org/@vitest/utils/-/utils-4.1.7.tgz", + "integrity": "sha512-T532WBu791cBxJlCl6SO+J14l81DQx6uQHm1bQbmCDY7nqlEIgkza/UFnSBNaUtSf41unldDFjdOBYEQC4b5Hw==", "license": "MIT", "dependencies": { - "@vitest/pretty-format": "4.1.6", + "@vitest/pretty-format": "4.1.7", "convert-source-map": "^2.0.0", "tinyrainbow": "^3.1.0" }, @@ -19593,18 +19593,18 @@ } }, "node_modules/vitest": { - "version": "4.1.6", - "resolved": "https://registry.npmjs.org/vitest/-/vitest-4.1.6.tgz", - "integrity": "sha512-6lvjbS3p9b4CrdCmguzbh2/4uoXhGE2q71R4OX5sqF9R1bo9Xd6fGrMAfvp5wnCzlBnFVdCOp6onuTQVbo8iUQ==", + "version": "4.1.7", + "resolved": "https://registry.npmjs.org/vitest/-/vitest-4.1.7.tgz", + "integrity": "sha512-flYyaFd2CgoCoU+0UKt3pxksgC+S02iTDN0n3LtqaMeXsI9SBcdNujc2k0DeFLzUn/0k538yNjOSdwgCqcrwJA==", "license": "MIT", "dependencies": { - "@vitest/expect": "4.1.6", - "@vitest/mocker": "4.1.6", - "@vitest/pretty-format": "4.1.6", - "@vitest/runner": "4.1.6", - "@vitest/snapshot": "4.1.6", - "@vitest/spy": "4.1.6", - "@vitest/utils": "4.1.6", + "@vitest/expect": "4.1.7", + "@vitest/mocker": "4.1.7", + "@vitest/pretty-format": "4.1.7", + "@vitest/runner": "4.1.7", + "@vitest/snapshot": "4.1.7", + "@vitest/spy": "4.1.7", + "@vitest/utils": "4.1.7", "es-module-lexer": "^2.0.0", "expect-type": "^1.3.0", "magic-string": "^0.30.21", @@ -19632,12 +19632,12 @@ "@edge-runtime/vm": "*", "@opentelemetry/api": "^1.9.0", "@types/node": "^20.0.0 || ^22.0.0 || >=24.0.0", - "@vitest/browser-playwright": "4.1.6", - "@vitest/browser-preview": "4.1.6", - "@vitest/browser-webdriverio": "4.1.6", - "@vitest/coverage-istanbul": "4.1.6", - "@vitest/coverage-v8": "4.1.6", - "@vitest/ui": "4.1.6", + "@vitest/browser-playwright": "4.1.7", + "@vitest/browser-preview": "4.1.7", + "@vitest/browser-webdriverio": "4.1.7", + "@vitest/coverage-istanbul": "4.1.7", + "@vitest/coverage-v8": "4.1.7", + "@vitest/ui": "4.1.7", "happy-dom": "*", "jsdom": "*", "vite": "^6.0.0 || ^7.0.0 || ^8.0.0" @@ -19682,15 +19682,15 @@ } }, "node_modules/vitest/node_modules/@vitest/expect": { - "version": "4.1.6", - "resolved": "https://registry.npmjs.org/@vitest/expect/-/expect-4.1.6.tgz", - "integrity": "sha512-7EHDquPthALSV0jhhjgEW8FXaviMx7rSqu8W6oqCoAuOhKov814P99QDV1pxMA3QPv21YudvJngIhjrNI4opLg==", + "version": "4.1.7", + "resolved": "https://registry.npmjs.org/@vitest/expect/-/expect-4.1.7.tgz", + "integrity": "sha512-1R+tw0ortHEbZDGMymm+pN7/AFQ/RkFFdtd7EN+VBpynKmLbP8A3rpEXdshBJ7+8hQ9zBJh/i1s0yKNtxAnU7w==", "license": "MIT", "dependencies": { "@standard-schema/spec": "^1.1.0", "@types/chai": "^5.2.2", - "@vitest/spy": "4.1.6", - "@vitest/utils": "4.1.6", + "@vitest/spy": "4.1.7", + "@vitest/utils": "4.1.7", "chai": "^6.2.2", "tinyrainbow": "^3.1.0" }, diff --git a/web/package.json b/web/package.json index 409cd0dc01..27ddfbb663 100644 --- a/web/package.json +++ b/web/package.json @@ -134,7 +134,7 @@ "@typescript-eslint/parser": "^8.57.2", "@typescript-eslint/utils": "^8.57.2", "@typescript/native-preview": "^7.0.0-dev.20260510.1", - "@vitest/browser": "^4.1.6", + "@vitest/browser": "^4.1.7", "@vitest/browser-playwright": "^4.1.6", "@webcomponents/webcomponentsjs": "^2.8.0", "base64-js": "^1.5.1", From ca2c9f2b3760d81694a49f761f78bb50514f48b3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 4 Jun 2026 16:01:12 +0200 Subject: [PATCH 34/65] web: bump the storybook group across 1 directory with 4 updates (#22846) Bumps the storybook group with 4 updates in the /web directory: [@storybook/addon-docs](https://github.com/storybookjs/storybook/tree/HEAD/code/addons/docs), [@storybook/addon-links](https://github.com/storybookjs/storybook/tree/HEAD/code/addons/links), [@storybook/web-components](https://github.com/storybookjs/storybook/tree/HEAD/code/renderers/web-components) and [@storybook/web-components-vite](https://github.com/storybookjs/storybook/tree/HEAD/code/frameworks/web-components-vite). Updates `@storybook/addon-docs` from 10.4.0 to 10.4.1 - [Release notes](https://github.com/storybookjs/storybook/releases) - [Changelog](https://github.com/storybookjs/storybook/blob/next/CHANGELOG.md) - [Commits](https://github.com/storybookjs/storybook/commits/v10.4.1/code/addons/docs) Updates `@storybook/addon-links` from 10.4.0 to 10.4.1 - [Release notes](https://github.com/storybookjs/storybook/releases) - [Changelog](https://github.com/storybookjs/storybook/blob/next/CHANGELOG.md) - [Commits](https://github.com/storybookjs/storybook/commits/v10.4.1/code/addons/links) Updates `@storybook/web-components` from 10.4.0 to 10.4.1 - [Release notes](https://github.com/storybookjs/storybook/releases) - [Changelog](https://github.com/storybookjs/storybook/blob/next/CHANGELOG.md) - [Commits](https://github.com/storybookjs/storybook/commits/v10.4.1/code/renderers/web-components) Updates `@storybook/web-components-vite` from 10.4.0 to 10.4.1 - [Release notes](https://github.com/storybookjs/storybook/releases) - [Changelog](https://github.com/storybookjs/storybook/blob/next/CHANGELOG.md) - [Commits](https://github.com/storybookjs/storybook/commits/v10.4.1/code/frameworks/web-components-vite) --- updated-dependencies: - dependency-name: "@storybook/addon-docs" dependency-version: 10.4.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: storybook - dependency-name: "@storybook/addon-links" dependency-version: 10.4.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: storybook - dependency-name: "@storybook/web-components" dependency-version: 10.4.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: storybook - dependency-name: "@storybook/web-components-vite" dependency-version: 10.4.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: storybook ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- web/package-lock.json | 74 +++++++++++++++++++++---------------------- web/package.json | 8 ++--- 2 files changed, 41 insertions(+), 41 deletions(-) diff --git a/web/package-lock.json b/web/package-lock.json index 32b9fb7547..ea91e0727e 100644 --- a/web/package-lock.json +++ b/web/package-lock.json @@ -45,10 +45,10 @@ "@patternfly/patternfly": "^4.224.2", "@playwright/test": "^1.60.0", "@sentry/browser": "^10.54.0", - "@storybook/addon-docs": "^10.4.0", - "@storybook/addon-links": "^10.4.0", - "@storybook/web-components": "^10.4.0", - "@storybook/web-components-vite": "^10.4.0", + "@storybook/addon-docs": "^10.4.1", + "@storybook/addon-links": "^10.4.1", + "@storybook/web-components": "^10.4.1", + "@storybook/web-components-vite": "^10.4.1", "@types/codemirror": "^5.60.17", "@types/grecaptcha": "^3.0.9", "@types/guacamole-common-js": "^1.5.5", @@ -3943,15 +3943,15 @@ "license": "MIT" }, "node_modules/@storybook/addon-docs": { - "version": "10.4.0", - "resolved": "https://registry.npmjs.org/@storybook/addon-docs/-/addon-docs-10.4.0.tgz", - "integrity": "sha512-HJNvYGx/c3jjVwibnmbDgCZMYPI6xGUDjJSRi5CG0G9tpeoeijPo318f5N84RyYWK8LheHUrDN3Jv2UfVv8zwQ==", + "version": "10.4.1", + "resolved": "https://registry.npmjs.org/@storybook/addon-docs/-/addon-docs-10.4.1.tgz", + "integrity": "sha512-IYqUdjoZe4VO2LFZlKL/gwy7DsQSWCq6hX+zc1MBmZo04yycDASk1tte57n9pdlW3ajw9yYMF/+lVBi+xQjyvw==", "license": "MIT", "dependencies": { "@mdx-js/react": "^3.0.0", - "@storybook/csf-plugin": "10.4.0", + "@storybook/csf-plugin": "10.4.1", "@storybook/icons": "^2.0.2", - "@storybook/react-dom-shim": "10.4.0", + "@storybook/react-dom-shim": "10.4.1", "react": "^16.8.0 || ^17.0.0 || ^18.0.0 || ^19.0.0", "react-dom": "^16.8.0 || ^17.0.0 || ^18.0.0 || ^19.0.0", "ts-dedent": "^2.0.0" @@ -3962,7 +3962,7 @@ }, "peerDependencies": { "@types/react": "^16.8.0 || ^17.0.0 || ^18.0.0 || ^19.0.0", - "storybook": "^10.4.0" + "storybook": "^10.4.1" }, "peerDependenciesMeta": { "@types/react": { @@ -3971,9 +3971,9 @@ } }, "node_modules/@storybook/addon-links": { - "version": "10.4.0", - "resolved": "https://registry.npmjs.org/@storybook/addon-links/-/addon-links-10.4.0.tgz", - "integrity": "sha512-+NE1NGDoZD7U5XBEuIJvmh/fxjaVxfTxAYMWHcpwb6Qqx9Ew7gYVou5pKpiweW1wjbh+xScIVg0nPw+WyBCsyg==", + "version": "10.4.1", + "resolved": "https://registry.npmjs.org/@storybook/addon-links/-/addon-links-10.4.1.tgz", + "integrity": "sha512-h/5D23GwMuHA55sB7XDyhByF9psF7UFmaQOn72pjNAarew5eOpue5A+jXk3AKEYokHbvgQaoz+FrvWo9GEfSKQ==", "license": "MIT", "dependencies": { "@storybook/global": "^5.0.0" @@ -3985,7 +3985,7 @@ "peerDependencies": { "@types/react": "^16.8.0 || ^17.0.0 || ^18.0.0 || ^19.0.0", "react": "^16.8.0 || ^17.0.0 || ^18.0.0 || ^19.0.0", - "storybook": "^10.4.0" + "storybook": "^10.4.1" }, "peerDependenciesMeta": { "@types/react": { @@ -3997,12 +3997,12 @@ } }, "node_modules/@storybook/builder-vite": { - "version": "10.4.0", - "resolved": "https://registry.npmjs.org/@storybook/builder-vite/-/builder-vite-10.4.0.tgz", - "integrity": "sha512-RCq8uzvTc0vhK2aN0y2Z48DJ9Q7oKXh8A5pdU3YAmkgMcX/+Vi3Ju1nmueLrGIO+tKwYGpYS/ccUtscNt92rCw==", + "version": "10.4.1", + "resolved": "https://registry.npmjs.org/@storybook/builder-vite/-/builder-vite-10.4.1.tgz", + "integrity": "sha512-/oyQrXoNOqN8SW5hNnYP+I1uvgFxKxWXj/EP6NXYzc5SQwImofgru+D2+6gDhL0+Q//+Hx05DJoQO2omvUJ8bQ==", "license": "MIT", "dependencies": { - "@storybook/csf-plugin": "10.4.0", + "@storybook/csf-plugin": "10.4.1", "ts-dedent": "^2.0.0" }, "funding": { @@ -4010,14 +4010,14 @@ "url": "https://opencollective.com/storybook" }, "peerDependencies": { - "storybook": "^10.4.0", + "storybook": "^10.4.1", "vite": "^5.0.0 || ^6.0.0 || ^7.0.0 || ^8.0.0" } }, "node_modules/@storybook/csf-plugin": { - "version": "10.4.0", - "resolved": "https://registry.npmjs.org/@storybook/csf-plugin/-/csf-plugin-10.4.0.tgz", - "integrity": "sha512-iSmrhMyEi2ohCWKu49ZUUf8l+k0OIStbWI1BTWt2FvKySlnqY/aHenus7839SgNL3aUNG5P0y9zlyN6/HlwlEQ==", + "version": "10.4.1", + "resolved": "https://registry.npmjs.org/@storybook/csf-plugin/-/csf-plugin-10.4.1.tgz", + "integrity": "sha512-WdPepGBxDGOUDjYd8KxMtcf+us/2PAcnBczl77XtrnxxHNs0jWesxKkiJ9yiuGrge4BPhDeAj6rxjbBoaHxLBA==", "license": "MIT", "dependencies": { "unplugin": "^2.3.5" @@ -4029,7 +4029,7 @@ "peerDependencies": { "esbuild": "*", "rollup": "*", - "storybook": "^10.4.0", + "storybook": "^10.4.1", "vite": "*", "webpack": "*" }, @@ -4065,9 +4065,9 @@ } }, "node_modules/@storybook/react-dom-shim": { - "version": "10.4.0", - "resolved": "https://registry.npmjs.org/@storybook/react-dom-shim/-/react-dom-shim-10.4.0.tgz", - "integrity": "sha512-dcYWzdPaJEHVlyOyyz0/0v3QJXmcnK2sjw4YiFwU9IVJhoJrBlE9lMtmbO3QqIbq4qA0hElYtGkKO7tMLSKDGw==", + "version": "10.4.1", + "resolved": "https://registry.npmjs.org/@storybook/react-dom-shim/-/react-dom-shim-10.4.1.tgz", + "integrity": "sha512-6QFqfDNH4DMrt7yHKRfpqRopsVUc/Az+sXIdJ39IetYnHUxL3nW4NVaPc6uy/8Qi8urzUyEXL/nn7cpSIP2aPQ==", "license": "MIT", "funding": { "type": "opencollective", @@ -4078,7 +4078,7 @@ "@types/react-dom": "^16.8.0 || ^17.0.0 || ^18.0.0 || ^19.0.0", "react": "^16.8.0 || ^17.0.0 || ^18.0.0 || ^19.0.0", "react-dom": "^16.8.0 || ^17.0.0 || ^18.0.0 || ^19.0.0", - "storybook": "^10.4.0" + "storybook": "^10.4.1" }, "peerDependenciesMeta": { "@types/react": { @@ -4090,9 +4090,9 @@ } }, "node_modules/@storybook/web-components": { - "version": "10.4.0", - "resolved": "https://registry.npmjs.org/@storybook/web-components/-/web-components-10.4.0.tgz", - "integrity": "sha512-Sq3PuLO6A2Jd26Pjq9Abd7QaHgeEvN3J2T4YkQyBANacumUqe98bqxp9W8bEnVW4yYNt7Trjimu3IBYdeVZ/7w==", + "version": "10.4.1", + "resolved": "https://registry.npmjs.org/@storybook/web-components/-/web-components-10.4.1.tgz", + "integrity": "sha512-bvvIQZK7vdxoVrBmQtbvtNU5ugFF8dETc0l2j58nPUerDHUook8dFNXUiKfK1KmnLsBZ/7KEjPPmk7sEHygvlQ==", "license": "MIT", "dependencies": { "@storybook/global": "^5.0.0", @@ -4105,24 +4105,24 @@ }, "peerDependencies": { "lit": "^2.0.0 || ^3.0.0", - "storybook": "^10.4.0" + "storybook": "^10.4.1" } }, "node_modules/@storybook/web-components-vite": { - "version": "10.4.0", - "resolved": "https://registry.npmjs.org/@storybook/web-components-vite/-/web-components-vite-10.4.0.tgz", - "integrity": "sha512-dExmamVJnfBxB3tiPDJoCXLXGHuMrPQtGrlL5ROklVxYF2LbqtrRXW/CUaehXLDDND0h4usieIrcdPPTLDPiuw==", + "version": "10.4.1", + "resolved": "https://registry.npmjs.org/@storybook/web-components-vite/-/web-components-vite-10.4.1.tgz", + "integrity": "sha512-i66ublYmQNK9zvSgiT7w9zSHCcXh+g7lHWFoxO+QX7riRLMmtk5uOlWna9P7Ny41fkoQ7POKWJAuZ9PLBPl/Ug==", "license": "MIT", "dependencies": { - "@storybook/builder-vite": "10.4.0", - "@storybook/web-components": "10.4.0" + "@storybook/builder-vite": "10.4.1", + "@storybook/web-components": "10.4.1" }, "funding": { "type": "opencollective", "url": "https://opencollective.com/storybook" }, "peerDependencies": { - "storybook": "^10.4.0", + "storybook": "^10.4.1", "vite": "^5.0.0 || ^6.0.0 || ^7.0.0 || ^8.0.0" } }, diff --git a/web/package.json b/web/package.json index 27ddfbb663..cdf94cf59d 100644 --- a/web/package.json +++ b/web/package.json @@ -120,10 +120,10 @@ "@patternfly/patternfly": "^4.224.2", "@playwright/test": "^1.60.0", "@sentry/browser": "^10.54.0", - "@storybook/addon-docs": "^10.4.0", - "@storybook/addon-links": "^10.4.0", - "@storybook/web-components": "^10.4.0", - "@storybook/web-components-vite": "^10.4.0", + "@storybook/addon-docs": "^10.4.1", + "@storybook/addon-links": "^10.4.1", + "@storybook/web-components": "^10.4.1", + "@storybook/web-components-vite": "^10.4.1", "@types/codemirror": "^5.60.17", "@types/grecaptcha": "^3.0.9", "@types/guacamole-common-js": "^1.5.5", From b9d4a563d694e9e72e254f061cf415df167c8bd6 Mon Sep 17 00:00:00 2001 From: Emil Burzo Date: Thu, 4 Jun 2026 16:15:03 +0200 Subject: [PATCH 35/65] ci: harden cherry-pick action against template injection (#22828) --- .github/actions/cherry-pick/action.yml | 41 +++++++++++++++++--------- 1 file changed, 27 insertions(+), 14 deletions(-) diff --git a/.github/actions/cherry-pick/action.yml b/.github/actions/cherry-pick/action.yml index 7c11a2c6e6..5c6318677b 100644 --- a/.github/actions/cherry-pick/action.yml +++ b/.github/actions/cherry-pick/action.yml @@ -20,12 +20,22 @@ runs: shell: bash env: GITHUB_TOKEN: ${{ inputs.token }} + # Untrusted/event-derived values are passed via the environment (never + # interpolated into the script body) to avoid template injection. + EVENT_NAME: ${{ github.event_name }} + REPOSITORY: ${{ github.repository }} + ISSUE_NUMBER: ${{ github.event.issue.number }} + LABEL_NAME_CTX: ${{ github.event.label.name }} + PR_NUMBER_CTX: ${{ github.event.pull_request.number }} + MERGE_COMMIT_SHA_CTX: ${{ github.event.pull_request.merge_commit_sha }} + EVENT_ACTION: ${{ github.event.action }} + PR_MERGED_CTX: ${{ github.event.pull_request.merged }} run: | set -e -o pipefail # For issues events, check if it's actually a PR - if [ "${{ github.event_name }}" = "issues" ]; then + if [ "$EVENT_NAME" = "issues" ]; then # Check if this issue is actually a PR - PR_DATA=$(gh api repos/${{ github.repository }}/pulls/${{ github.event.issue.number }} 2>/dev/null || echo "null") + PR_DATA=$(gh api "repos/${REPOSITORY}/pulls/${ISSUE_NUMBER}" 2>/dev/null || echo "null") if [ "$PR_DATA" = "null" ]; then echo "should_run=false" >> $GITHUB_OUTPUT echo "reason=not_a_pr" >> $GITHUB_OUTPUT @@ -35,11 +45,11 @@ runs: # Get PR data PR_MERGED=$(echo "$PR_DATA" | jq -r '.merged') - PR_NUMBER="${{ github.event.issue.number }}" + PR_NUMBER="$ISSUE_NUMBER" MERGE_COMMIT_SHA=$(echo "$PR_DATA" | jq -r '.merge_commit_sha') # Check if it's a backport label - LABEL_NAME="${{ github.event.label.name }}" + LABEL_NAME="$LABEL_NAME_CTX" if [[ "$LABEL_NAME" =~ ^backport/(.+)$ ]]; then if [ "$PR_MERGED" = "true" ]; then echo "should_run=true" >> $GITHUB_OUTPUT @@ -61,11 +71,11 @@ runs: fi # For pull_request and pull_request_target events - PR_NUMBER="${{ github.event.pull_request.number }}" - MERGE_COMMIT_SHA="${{ github.event.pull_request.merge_commit_sha }}" + PR_NUMBER="$PR_NUMBER_CTX" + MERGE_COMMIT_SHA="$MERGE_COMMIT_SHA_CTX" # Case 1: PR was just merged (closed + merged = true) - if [ "${{ github.event.action }}" = "closed" ] && [ "${{ github.event.pull_request.merged }}" = "true" ]; then + if [ "$EVENT_ACTION" = "closed" ] && [ "$PR_MERGED_CTX" = "true" ]; then echo "should_run=true" >> $GITHUB_OUTPUT echo "reason=pr_merged" >> $GITHUB_OUTPUT echo "pr_number=$PR_NUMBER" >> $GITHUB_OUTPUT @@ -74,12 +84,12 @@ runs: fi # Case 2: Label was added - if [ "${{ github.event.action }}" = "labeled" ]; then - LABEL_NAME="${{ github.event.label.name }}" + if [ "$EVENT_ACTION" = "labeled" ]; then + LABEL_NAME="$LABEL_NAME_CTX" # Check if it's a backport label if [[ "$LABEL_NAME" =~ ^backport/(.+)$ ]]; then # Check if PR is already merged - if [ "${{ github.event.pull_request.merged }}" = "true" ]; then + if [ "$PR_MERGED_CTX" = "true" ]; then echo "should_run=true" >> $GITHUB_OUTPUT echo "reason=label_added_to_merged_pr" >> $GITHUB_OUTPUT echo "pr_number=$PR_NUMBER" >> $GITHUB_OUTPUT @@ -117,16 +127,18 @@ runs: GITHUB_TOKEN: ${{ inputs.token }} PR_NUMBER: ${{ steps.should_run.outputs.pr_number }} REASON: ${{ steps.should_run.outputs.reason }} + EVENT_NAME: ${{ github.event_name }} + LABEL_NAME_CTX: ${{ github.event.label.name }} run: | set -e -o pipefail # Determine which labels to process if [ "${REASON}" = "label_added_to_merged_pr" ]; then # Only process the specific label that was just added - if [ "${{ github.event_name }}" = "issues" ]; then - LABEL_NAME="${{ github.event.label.name }}" + if [ "$EVENT_NAME" = "issues" ]; then + LABEL_NAME="$LABEL_NAME_CTX" else - LABEL_NAME="${{ github.event.label.name }}" + LABEL_NAME="$LABEL_NAME_CTX" fi if [[ "$LABEL_NAME" =~ ^backport/(.+)$ ]]; then @@ -150,10 +162,11 @@ runs: PR_TITLE: ${{ github.event.pull_request.title }} PR_AUTHOR: ${{ github.event.pull_request.user.login }} LABELS: '${{ steps.pr_details.outputs.labels }}' + REASON: '${{ steps.should_run.outputs.reason }}' run: | set -e -o pipefail - echo "Processing PR #$PR_NUMBER (reason: ${{ steps.should_run.outputs.reason }})" + echo "Processing PR #$PR_NUMBER (reason: ${REASON})" echo "Found backport labels: $LABELS" # Process each backport label From 38b1dbdf8560cba9520497cd7b9096f1886ad010 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 4 Jun 2026 16:53:05 +0200 Subject: [PATCH 36/65] core: bump mypy from 2.0.0 to 2.1.0 (#22838) Bumps [mypy](https://github.com/python/mypy) from 2.0.0 to 2.1.0. - [Changelog](https://github.com/python/mypy/blob/master/CHANGELOG.md) - [Commits](https://github.com/python/mypy/compare/v2.0.0...v2.1.0) --- updated-dependencies: - dependency-name: mypy dependency-version: 2.1.0 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- pyproject.toml | 2 +- uv.lock | 36 ++++++++++++++++++------------------ 2 files changed, 19 insertions(+), 19 deletions(-) diff --git a/pyproject.toml b/pyproject.toml index ea039dbe18..31f579b95e 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -92,7 +92,7 @@ dev = [ "importlib-metadata==9.0.0", "k5test==0.10.4", "lxml-stubs==0.5.1", - "mypy==2.0.0", + "mypy==2.1.0", "pdoc==16.0.0", "pytest-django==4.12.0", "pytest-flakefinder==1.1.0", diff --git a/uv.lock b/uv.lock index b6585a4bba..d6b2339b3e 100644 --- a/uv.lock +++ b/uv.lock @@ -448,7 +448,7 @@ dev = [ { name = "importlib-metadata", specifier = "==9.0.0" }, { name = "k5test", specifier = "==0.10.4" }, { name = "lxml-stubs", specifier = "==0.5.1" }, - { name = "mypy", specifier = "==2.0.0" }, + { name = "mypy", specifier = "==2.1.0" }, { name = "pdoc", specifier = "==16.0.0" }, { name = "pytest", specifier = "==9.0.3" }, { name = "pytest-django", specifier = "==4.12.0" }, @@ -2492,7 +2492,7 @@ wheels = [ [[package]] name = "mypy" -version = "2.0.0" +version = "2.1.0" source = { registry = "https://pypi.org/simple" } dependencies = [ { name = "ast-serialize" }, @@ -2501,23 +2501,23 @@ dependencies = [ { name = "pathspec" }, { name = "typing-extensions" }, ] -sdist = { url = "https://files.pythonhosted.org/packages/cf/dc/7e6d49f04fca40b9dd5c752a51a432ffe67fb45200702bc9eee0cb4bbb26/mypy-2.0.0.tar.gz", hash = "sha256:1a9e3900ac5c40f1fe813506c7739da6e6f0eab2729067ebd94bfb0bbba53532", size = 3869036, upload-time = "2026-05-06T19:26:43.22Z" } +sdist = { url = "https://files.pythonhosted.org/packages/82/15/cca9d88503549ed6fedeaa1d448cdddd542ee8a490232d732e278036fbf2/mypy-2.1.0.tar.gz", hash = "sha256:81e76ad12c2d804512e9b13240d1588316531bfba07558286078bfbce9613633", size = 3898359, upload-time = "2026-05-11T18:37:36.237Z" } wheels = [ - { url = "https://files.pythonhosted.org/packages/ce/2c/6fefe954207860aed6eeb91776795e64a257d3ce0360862288984ce121f5/mypy-2.0.0-cp314-cp314-macosx_10_15_x86_64.whl", hash = "sha256:c918c64e8ce36557851b0347f84eb12f1965d3a06813c36df253eb0c0afd1d82", size = 14729633, upload-time = "2026-05-06T19:24:53.383Z" }, - { url = "https://files.pythonhosted.org/packages/23/d6/d336f5b820af189eb0390cce21de62d264c0a4e64713dfbe81bfc4fc7739/mypy-2.0.0-cp314-cp314-macosx_11_0_arm64.whl", hash = "sha256:301f1a8ccc7d79b542ee218b28bb49443a83e194eb3d10da63ff1649e5aa5d34", size = 13559524, upload-time = "2026-05-06T19:22:24.906Z" }, - { url = "https://files.pythonhosted.org/packages/af/a6/d7bb54fde1770f0484e5fbdbdce37a41e95ed0a1cd493ec60ead111e356c/mypy-2.0.0-cp314-cp314-manylinux2014_aarch64.manylinux_2_17_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:fdf4ef489d44ce350bac3fd699907834e551d4c934e9cc862ef201215ab1558d", size = 13936018, upload-time = "2026-05-06T19:25:02.992Z" }, - { url = "https://files.pythonhosted.org/packages/7d/ba/5be51316b91e6a6bf6e3a8adb3de500e7e1fb5bf9491743b8cbc81a34a2c/mypy-2.0.0-cp314-cp314-manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:9cde2d0989f912fc850890f727d0d76495e7a6c5bdd9912a1efdb64952b4398d", size = 14910712, upload-time = "2026-05-06T19:25:21.83Z" }, - { url = "https://files.pythonhosted.org/packages/b7/37/e2c8c3b373e20ebfb66e6c83a99027fd67df4ec43b08879f74e822d2dc4c/mypy-2.0.0-cp314-cp314-musllinux_1_2_x86_64.whl", hash = "sha256:cdf05693c231a14fe37dbfce192a3a1372c26a833af4a80f550547742952e719", size = 15141499, upload-time = "2026-05-06T19:20:50.924Z" }, - { url = "https://files.pythonhosted.org/packages/12/36/07756f933e00416d912e35878cfcf89a593a3350a885691c0bb85ae0226a/mypy-2.0.0-cp314-cp314-win_amd64.whl", hash = "sha256:73aee2da33a2237e66cbe84a94780e53599847e86bb3aa7b93e405e8cd9905f2", size = 11240511, upload-time = "2026-05-06T19:21:32.39Z" }, - { url = "https://files.pythonhosted.org/packages/70/05/79ac1f20f2397353f3845f7b8bb5d8006cda7c8ef9092f04f9de3c6135f2/mypy-2.0.0-cp314-cp314-win_arm64.whl", hash = "sha256:1f6dcd8f39971f41edab2728c877c4ac8b50ad3c387ff2770423b79a05d23910", size = 10149336, upload-time = "2026-05-06T19:22:08.383Z" }, - { url = "https://files.pythonhosted.org/packages/53/e0/0db84e0ebbad6e99e566c68e4b465784f2a2294f7719e8db9d509ef23087/mypy-2.0.0-cp314-cp314t-macosx_10_15_x86_64.whl", hash = "sha256:a04e980b9275c76159da66c6e1723c7798306f9802b31bdaf9358d0c84030ce8", size = 15797362, upload-time = "2026-05-06T19:22:00.835Z" }, - { url = "https://files.pythonhosted.org/packages/0a/a4/14cc0768164dd53bec48aa41a20270b18df9bf72aa5054278bf133608315/mypy-2.0.0-cp314-cp314t-macosx_11_0_arm64.whl", hash = "sha256:33f9cf4825469b2bc73c53ba55f6d9a9b4cdb60f9e6e228745581520f29b8771", size = 14635914, upload-time = "2026-05-06T19:23:43.675Z" }, - { url = "https://files.pythonhosted.org/packages/08/48/d866a3e23b4dc5974c77d9cf65a435bf22de01a84dd4620917950e233960/mypy-2.0.0-cp314-cp314t-manylinux2014_aarch64.manylinux_2_17_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:191675c3c7dc2a5c7722a035a6909c277f14046c5e4e02aa5fbf65f8524f08ad", size = 15270866, upload-time = "2026-05-06T19:22:34.756Z" }, - { url = "https://files.pythonhosted.org/packages/71/eb/de9ef94958eb2078a6b908ceb247757dc384d3a238d3bd6ed7d81de5eaf8/mypy-2.0.0-cp314-cp314t-manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:c3d26c4321a3b06fc9f04c741e0733af693f82d823f8e64e47b2e63b7f19fa84", size = 16093131, upload-time = "2026-05-06T19:23:56.541Z" }, - { url = "https://files.pythonhosted.org/packages/ad/07/0ab2c1a9d26e90942612724cbd5788f16b7810c5dd39bfcf79286c6c4524/mypy-2.0.0-cp314-cp314t-musllinux_1_2_x86_64.whl", hash = "sha256:bbcbc4d5917ca6ce12de70e051de7f533e3bf92d548b41a38a2232a6fe356525", size = 16330685, upload-time = "2026-05-06T19:21:42.037Z" }, - { url = "https://files.pythonhosted.org/packages/a6/8f/46f85d1371a5be642dad263828118ae1efd536d91d8bd2000c68acff3920/mypy-2.0.0-cp314-cp314t-win_amd64.whl", hash = "sha256:dbc6ba6d40572ae49268531565793a8f07eac7fc65ad76d482c9b4c8765b6043", size = 12752017, upload-time = "2026-05-06T19:22:44.002Z" }, - { url = "https://files.pythonhosted.org/packages/7a/e6/94ca48800cac19eb28a58188a768aaec0d16cac0f373915f073058ab0855/mypy-2.0.0-cp314-cp314t-win_arm64.whl", hash = "sha256:77926029dfcb7e1a3ecb0acb2ddbb24ca36be03f7d623e1759ad5376be8f6c01", size = 10527097, upload-time = "2026-05-06T19:20:58.973Z" }, - { url = "https://files.pythonhosted.org/packages/5c/14/fd0694aa594d6e9f9fd16ce821be2eff295197a273262ef56ddcc1388d68/mypy-2.0.0-py3-none-any.whl", hash = "sha256:8a92b2be3146b4fa1f062af7eb05574cbf3e6eb8e1f14704af1075423144e4e5", size = 2673434, upload-time = "2026-05-06T19:26:32.856Z" }, + { url = "https://files.pythonhosted.org/packages/b0/ca/b279a672e874aedd5498ae25f722dacc8aa86bbffb939b3f97cbb1cf6686/mypy-2.1.0-cp314-cp314-macosx_10_15_x86_64.whl", hash = "sha256:7354c5a7f69d9345c3d6e69921d57088eea3ddeeb6b20d34c1b3855b02c36ec2", size = 14848422, upload-time = "2026-05-11T18:35:45.984Z" }, + { url = "https://files.pythonhosted.org/packages/27/e6/3efe56c631d959b9b4454e208b0ac4b7f4f58b404c89f8bec7b49efdfc21/mypy-2.1.0-cp314-cp314-macosx_11_0_arm64.whl", hash = "sha256:49890d4f76ac9e06ec117f9e09f3174da70a620a0c300953d8595c926e80947f", size = 13677374, upload-time = "2026-05-11T18:36:57.188Z" }, + { url = "https://files.pythonhosted.org/packages/84/7f/8107ea87a44fd1f1b59882442f033c9c3488c127201b1d1d15f1cbd6022e/mypy-2.1.0-cp314-cp314-manylinux2014_aarch64.manylinux_2_17_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:761be68e023ef5d94678772396a8af1220030f80837a3afd8d0aef3b419666f4", size = 14055743, upload-time = "2026-05-11T18:35:18.361Z" }, + { url = "https://files.pythonhosted.org/packages/51/4d/b6d34db183133b83761b9199a82d31557cdbb70a380d8c3b3438e11882a3/mypy-2.1.0-cp314-cp314-manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:c90345fc182dc363b891350457ec69c35140858538f38b4540845afcc32b1aef", size = 15020937, upload-time = "2026-05-11T18:34:59.618Z" }, + { url = "https://files.pythonhosted.org/packages/ff/d7/f08360c691d758acb02f45022c34d98b92892f4ea756644e1000d4b9f3d8/mypy-2.1.0-cp314-cp314-musllinux_1_2_x86_64.whl", hash = "sha256:b84802e7b5a6daf1f5e15bc9fcd7ddae77be13981ffab037f1c67bb84d67d135", size = 15253371, upload-time = "2026-05-11T18:36:41.081Z" }, + { url = "https://files.pythonhosted.org/packages/67/1b/09460a13719530a19bce27bd3bc8449e83569dd2ba7faf51c9c3c30c0b61/mypy-2.1.0-cp314-cp314-win_amd64.whl", hash = "sha256:022c771234936ceac541ebaf836fe9e2abeb3f5e09aff21588fe543ff006fe21", size = 11326429, upload-time = "2026-05-11T18:34:13.526Z" }, + { url = "https://files.pythonhosted.org/packages/40/62/75dbf0f82f7b6680340efc614af29dd0b3c17b8a4f1cd09b8bd2fd6bc814/mypy-2.1.0-cp314-cp314-win_arm64.whl", hash = "sha256:498207db725cec88829a6a5c2fc771205fd043719ef98bc49aba8fb9fc4e6d57", size = 10218799, upload-time = "2026-05-11T18:32:23.491Z" }, + { url = "https://files.pythonhosted.org/packages/b2/66/caca04ed7d972fb6eb6dd1ccd6df1de5c38fae8c5b3dc1c4e8e0d85ee6b9/mypy-2.1.0-cp314-cp314t-macosx_10_15_x86_64.whl", hash = "sha256:7d5e5cad0efeba72b93cd17490cc0d69c5ac9ca132994fe3fb0314808aeeb83e", size = 15923458, upload-time = "2026-05-11T18:35:28.64Z" }, + { url = "https://files.pythonhosted.org/packages/ed/52/2d90cbe49d014b13ed7ff337930c30bad35893fe38a1e4641e756bb62191/mypy-2.1.0-cp314-cp314t-macosx_11_0_arm64.whl", hash = "sha256:ff715050c127d724fd260a2e666e7747fdd83511c0c47d449d98238970aef780", size = 14757697, upload-time = "2026-05-11T18:36:14.208Z" }, + { url = "https://files.pythonhosted.org/packages/ac/37/d98f4a14e081b238992d0ed96b6d39c7cc0148c9699eb71eaa68629665ea/mypy-2.1.0-cp314-cp314t-manylinux2014_aarch64.manylinux_2_17_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:82208da9e09414d520e912d3e462d454854bed0810b71540bb016dcbca7308fd", size = 15405638, upload-time = "2026-05-11T18:33:48.249Z" }, + { url = "https://files.pythonhosted.org/packages/a3/c2/15c46613b24a84fad2aea1248bf9619b99c2767ae9071fe224c179a0b7d4/mypy-2.1.0-cp314-cp314t-manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:e79ebc1b904b84f0310dff7469655a9c36c7a68bddb37bdd42b67a332df61d08", size = 16215852, upload-time = "2026-05-11T18:32:50.296Z" }, + { url = "https://files.pythonhosted.org/packages/5c/90/9c16a57f482c76d25f6379762b56bbf65c711d8158cf271fb2802cfb0640/mypy-2.1.0-cp314-cp314t-musllinux_1_2_x86_64.whl", hash = "sha256:e583edc957cfb0deb142079162ae826f58449b116c1d442f2d91c69d9fced081", size = 16452695, upload-time = "2026-05-11T18:33:38.182Z" }, + { url = "https://files.pythonhosted.org/packages/0f/4c/215a4eeb63cacc5f17f516691ea7285d11e249802b942476bff15922a314/mypy-2.1.0-cp314-cp314t-win_amd64.whl", hash = "sha256:b33b6cd332695bba180d55e717a79d3038e479a2c49cc5eb3d53603409b9a5d7", size = 12866622, upload-time = "2026-05-11T18:34:39.945Z" }, + { url = "https://files.pythonhosted.org/packages/4b/50/1043e1db5f455ffe4c9ab22747cd8ca2bc492b1e4f4e21b130a44ee2b217/mypy-2.1.0-cp314-cp314t-win_arm64.whl", hash = "sha256:4f910fe825376a7b66ef7ca8c98e5a149e8cd64c19ae71d84047a74ee060d4e6", size = 10610798, upload-time = "2026-05-11T18:36:31.444Z" }, + { url = "https://files.pythonhosted.org/packages/0d/2a/13ca1f292f6db1b98ff495ef3467736b331621c5917cad984b7043e7348d/mypy-2.1.0-py3-none-any.whl", hash = "sha256:a663814603a5c563fb87a4f96fb473eeb30d1f5a4885afcf44f9db000a366289", size = 2693302, upload-time = "2026-05-11T18:31:29.246Z" }, ] [[package]] From 5d16c90c1d2fb32b2523bb8ca11497c61a726ec4 Mon Sep 17 00:00:00 2001 From: "Jens L." Date: Thu, 4 Jun 2026 17:32:46 +0200 Subject: [PATCH 37/65] enterprise/providers/scim: fix interactive OAuth overriding refresh_token (#22858) * enterprise/providers/scim: fix interactive OAuth overriding refresh_token * fixup Signed-off-by: Jens Langhammer --------- Signed-off-by: Jens Langhammer --- authentik/enterprise/providers/scim/auth_oauth2.py | 5 ++++- authentik/enterprise/providers/scim/tests/test_token.py | 1 + 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/authentik/enterprise/providers/scim/auth_oauth2.py b/authentik/enterprise/providers/scim/auth_oauth2.py index 60df576d39..c3dbd972f0 100644 --- a/authentik/enterprise/providers/scim/auth_oauth2.py +++ b/authentik/enterprise/providers/scim/auth_oauth2.py @@ -68,13 +68,16 @@ class SCIMOAuthAuth: return conn token = self.retrieve_token(conn) access_token = token["access_token"] + refresh_token = token.get("refresh_token") + if not refresh_token and conn: + refresh_token = conn.refresh_token expires_in = int(token.get("expires_in", 0)) token, _ = UserOAuthSourceConnection.objects.update_or_create( source=self.provider.auth_oauth, user=self.user, defaults={ "access_token": access_token, - "refresh_token": token.get("refresh_token"), + "refresh_token": refresh_token, "expires": now() + timedelta(seconds=expires_in), # When using `update_or_create`, `last_updated` is not updated "last_updated": now(), diff --git a/authentik/enterprise/providers/scim/tests/test_token.py b/authentik/enterprise/providers/scim/tests/test_token.py index 1693ca195a..190b60dc69 100644 --- a/authentik/enterprise/providers/scim/tests/test_token.py +++ b/authentik/enterprise/providers/scim/tests/test_token.py @@ -104,6 +104,7 @@ class TestSCIMOAuthToken(APITestCase): source=self.source, user=self.provider.auth_oauth_user, ).first() + self.assertEqual(conn.refresh_token, refresh_token) self.assertIsNotNone(conn) self.assertTrue(conn.is_valid) auth = ( From 767fe966a37c8e6f553f719247734f99a0afcc6a Mon Sep 17 00:00:00 2001 From: Connor Peshek Date: Thu, 4 Jun 2026 11:12:50 -0500 Subject: [PATCH 38/65] root: Update PR template (#22185) * Update pr template * Update makefile in another PR * Apply suggestion from @dewi-tik Signed-off-by: Dewi Roberts --------- Signed-off-by: Dewi Roberts Co-authored-by: Dewi Roberts --- .github/pull_request_template.md | 38 +++++++++++--------------------- 1 file changed, 13 insertions(+), 25 deletions(-) diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md index 9de701ee5d..31887dbb2e 100644 --- a/.github/pull_request_template.md +++ b/.github/pull_request_template.md @@ -1,38 +1,26 @@ ## Details - -REPLACE ME --- ## Checklist -- [ ] Local tests pass (`ak test authentik/`) -- [ ] The code has been formatted (`make lint-fix`) - -If an API change has been made - -- [ ] The API schema and clients have been updated (`make gen`) - -If changes to the frontend have been made - -- [ ] The code has been formatted (`make web`) - -If applicable - -- [ ] The documentation has been updated -- [ ] The documentation has been formatted (`make docs`) +- [ ] The project has been linted, built, and tested (`make all`) +- [ ] The documentation has been updated and formatted (`make docs`) From b06e6620d4744c01aeba5a8489fade96385ec314 Mon Sep 17 00:00:00 2001 From: Lars <66955841+lm-gh@users.noreply.github.com> Date: Thu, 4 Jun 2026 18:22:00 +0200 Subject: [PATCH 39/65] website/integrations: update Joplin launch URL (#22862) Update Joplin integration launch URL in documentation Updated the application configuration steps for Joplin integration with a new launch URL. Signed-off-by: Lars <66955841+lm-gh@users.noreply.github.com> --- .../chat-communication-collaboration/joplin/index.md | 1 + 1 file changed, 1 insertion(+) diff --git a/website/integrations/chat-communication-collaboration/joplin/index.md b/website/integrations/chat-communication-collaboration/joplin/index.md index 4c32da6894..738308e1e9 100644 --- a/website/integrations/chat-communication-collaboration/joplin/index.md +++ b/website/integrations/chat-communication-collaboration/joplin/index.md @@ -54,6 +54,7 @@ To support the integration of Joplin with authentik, you need to create property 2. Navigate to **Applications** > **Applications** and click **New Application** to open the application wizard. - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. Take note of the **slug** as it will be required later. + - Set the **Launch URL** to `https://joplin.company/login/sso-saml`. - **Choose a Provider type**: select **SAML Provider** as the provider type. - **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations. - Set the **ACS URL** to `https://joplin.company/api/saml`. From 1bf4d34543ef6590d04f9617875914f59d46ec2e Mon Sep 17 00:00:00 2001 From: Dominic R Date: Thu, 4 Jun 2026 12:58:02 -0400 Subject: [PATCH 40/65] website/integrations: HashiCorp Vault: cleanup (#22695) * website/integrations: HashiCorp Vault: cleanup Refresh the HashiCorp Vault integration guide to match the current template and Vault OIDC behavior. Agent-thread: https://sdko.org/internal/threads/019e6b1e-bcda-7e61-98f5-3408adc799c9 Co-authored-by: Agent * minor changes Signed-off-by: Dewi Roberts --------- Signed-off-by: Dewi Roberts Co-authored-by: Agent Co-authored-by: Dewi Roberts --- .../security/hashicorp-vault/index.md | 178 +++++++++--------- 1 file changed, 90 insertions(+), 88 deletions(-) diff --git a/website/integrations/security/hashicorp-vault/index.md b/website/integrations/security/hashicorp-vault/index.md index 7c5bd9043f..f31df5dab4 100644 --- a/website/integrations/security/hashicorp-vault/index.md +++ b/website/integrations/security/hashicorp-vault/index.md @@ -4,22 +4,18 @@ sidebar_label: HashiCorp Vault support_level: authentik --- -## What is Vault? +## What is HashiCorp Vault? -> Secure, store and tightly control access to tokens, passwords, certificates, encryption keys for protecting secrets and other sensitive data using a UI, CLI, or HTTP API. +> HashiCorp Vault secures, stores, and controls access to tokens, passwords, certificates, encryption keys, and other sensitive data. > -> -- https://vaultproject.io - -:::info -This is based on authentik 2022.2.1 and Vault 1.9.3. Instructions may differ between versions. This guide does not cover Vault policies. See https://learn.hashicorp.com/tutorials/vault/oidc-auth?in=vault/auth-methods for a more in-depth Vault guide -::: +> -- https://developer.hashicorp.com/vault ## Preparation The following placeholders are used in this guide: - `authentik.company` is the FQDN of the authentik installation. -- `vault.company` is the FQDN of the Vault installation. +- `vault.company` is the FQDN of the HashiCorp Vault installation. :::info This documentation lists only the settings that you need to change from their default values. Be aware that any changes other than those explicitly mentioned in this guide could cause issues accessing your application. @@ -27,107 +23,113 @@ This documentation lists only the settings that you need to change from their de ## authentik configuration -To support the integration of HashiCorp Vault with authentik, you need to create an application/provider pair in authentik. +To support the integration of HashiCorp Vault with authentik, you need to create an application and provider pair in authentik. -### Create an application and provider in authentik +### Create an application and provider 1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Applications** > **Applications** and click **New Application** to open the application wizard. - -- **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. -- **Choose a Provider type**: select **OAuth2/OpenID Connect** as the provider type. -- **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations. - - Note the **Client ID**, **Client Secret**, and **slug** values because they will be required later. - - Add three `Strict` redirect URIs and set them to `https://vault.company/ui/vault/auth/oidc/oidc/callback`, `https://vault.company/oidc/callback`, and `http://localhost:8250/oidc/callback`. - - Select any available signing key. -- **Configure Bindings** _(optional)_: you can create a [binding](/docs/add-secure-apps/bindings-overview/) (policy, group, or user) to manage the listing and access to applications on a user's **Application Dashboard** page. - + - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. + - **Choose a Provider type**: select **OAuth2/OpenID Connect** as the provider type. + - **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations. + - Note the **Client ID**, **Client Secret**, and **slug** values because they will be required later. + - Set two `Strict` redirect URIs to `https://vault.company/ui/vault/auth/oidc/oidc/callback` and `http://localhost:8250/oidc/callback`. + - Select any available signing key. + - **Configure Bindings** _(optional)_: you can create a [binding](/docs/add-secure-apps/bindings-overview/) (policy, group, or user) to manage the listing and access to applications on a user's **Application Dashboard** page. 3. Click **Submit** to save the new application and provider. ## HashiCorp Vault configuration -Enable the OIDC auth method. -`vault auth enable oidc` +This guide assumes that the Vault OIDC auth method is mounted at `oidc`, which is the path used by `vault auth enable oidc`. If you mount the auth method at a different path, replace `oidc` in the Vault paths and in the Vault UI redirect URI. -Configure the OIDC auth method. The OIDC discovery URL is the OpenID Configuration Issuer in your provider. +:::info[Vault policies] +This guide configures OIDC authentication only. Create the Vault policies that you reference, such as `reader`, according to your Vault access model before assigning them to roles or identity groups. +::: -``` -vault write auth/oidc/config \ - oidc_discovery_url="https://authentik.company/application/o//" \ - oidc_client_id="Client ID" \ - oidc_client_secret="Client Secret" \ - default_role="reader" -``` +1. Enable the OIDC auth method. -Create the reader role. + ```bash + vault auth enable oidc + ``` -``` -vault write auth/oidc/role/reader \ - bound_audiences="Client ID" \ - allowed_redirect_uris="https://vault.company/ui/vault/auth/oidc/oidc/callback" \ - allowed_redirect_uris="https://vault.company/oidc/callback" \ - allowed_redirect_uris="http://localhost:8250/oidc/callback" \ - user_claim="sub" \ - policies="reader" -``` +2. Configure the OIDC auth method with the authentik provider details. + + ```bash + vault write auth/oidc/config \ + oidc_discovery_url="https://authentik.company/application/o//" \ + oidc_client_id="" \ + oidc_client_secret="" \ + default_role="reader" + ``` + +3. Create a Vault OIDC role named `reader`. + + ```bash + vault write auth/oidc/role/reader \ + bound_audiences="" \ + allowed_redirect_uris="https://vault.company/ui/vault/auth/oidc/oidc/callback" \ + allowed_redirect_uris="http://localhost:8250/oidc/callback" \ + user_claim="sub" \ + token_policies="reader" + ``` ## External groups -If you wish to manage group membership in HashiCorp Vault via authentik, you have to use [external groups](https://developer.hashicorp.com/vault/tutorials/auth-methods/oidc-auth#create-an-external-vault-group). +You can optionally use Vault external identity groups to assign Vault policies based on authentik group membership. -:::info -This assumes that the steps above have already been completed and tested. -::: +This example maps an authentik group named `vault-reader` to a Vault external group that grants the `reader` policy. The authentik default `profile` scope mapping supplies the `groups` claim used by Vault. -### Step 1 +1. Update the `reader` role to request the `profile` scope and read group membership from the `groups` claim. -In authentik, edit the OIDC provider created above. Under **Advanced protocol settings** add `authentik default OAuth Mapping: OpenID 'profile'` This includes the groups mapping. + ```bash + vault write auth/oidc/role/reader \ + bound_audiences="" \ + allowed_redirect_uris="https://vault.company/ui/vault/auth/oidc/oidc/callback" \ + allowed_redirect_uris="http://localhost:8250/oidc/callback" \ + user_claim="sub" \ + groups_claim="groups" \ + oidc_scopes="profile" + ``` -### Step 2 +2. Create an external Vault group for the `vault-reader` authentik group. -In Vault, change the reader role to have the following settings: + ```bash + vault write identity/group/name/vault-reader \ + policies="reader" \ + type="external" -``` -vault write auth/oidc/role/reader \ - bound_audiences="Client ID" \ - allowed_redirect_uris="https://vault.company/ui/vault/auth/oidc/oidc/callback" \ - allowed_redirect_uris="https://vault.company/oidc/callback" \ - allowed_redirect_uris="http://localhost:8250/oidc/callback" \ - user_claim="sub" \ - policies="reader" \ - groups_claim="groups" \ - oidc_scopes="openid,profile,email" + VAULT_GROUP_ID=$(vault read -field=id identity/group/name/vault-reader) + ``` + +3. Get the OIDC auth method mount accessor. + + ```bash + OIDC_ACCESSOR=$(vault read -field=accessor sys/auth/oidc) + ``` + +4. Create a group alias that maps the authentik group name to the Vault group. + + ```bash + vault write identity/group-alias \ + name="vault-reader" \ + mount_accessor="$OIDC_ACCESSOR" \ + canonical_id="$VAULT_GROUP_ID" + ``` + +## Configuration verification + +To confirm that authentik is properly configured with HashiCorp Vault, open Vault and select **OIDC** from the authentication method list. Sign in through the OIDC flow and confirm that Vault redirects you to authentik for authentication and then back to Vault. + +You can also verify the CLI flow with the following command: + +```bash +vault login -method=oidc role="reader" ``` -Add a group. +## Resources -``` -vault write identity/group \ - name="reader" \ - policies="reader" \ - type="external" -``` - -Get the canonical ID of the group. - -``` -vault list identity/group/id -``` - -Get the ID of the OIDC accessor. - -``` -vault auth list -``` - -Add a group alias, this maps the group to the OIDC backend. - -``` -vault write identity/group-alias \ - mount_accessor="auth_oidc_xxxxxx" \ - canonical_id="group_id" \ - name="group name in authentik" -``` - -You should then be able to sign in via OIDC. -`vault login -method=oidc role="reader"` +- [HashiCorp Developer - Vault](https://developer.hashicorp.com/vault) +- [HashiCorp Developer - Use JWT/OIDC authentication](https://developer.hashicorp.com/vault/docs/auth/jwt) +- [HashiCorp Developer - JWT/OIDC auth method API](https://developer.hashicorp.com/vault/api-docs/auth/jwt) +- [HashiCorp Developer - Identity group API](https://developer.hashicorp.com/vault/api-docs/secret/identity/group) +- [HashiCorp Developer - Identity group alias API](https://developer.hashicorp.com/vault/api-docs/secret/identity/group-alias) From b6c9b0a316741a9d386c8f8ad1212309b57c992e Mon Sep 17 00:00:00 2001 From: Dominic R Date: Thu, 4 Jun 2026 12:58:49 -0400 Subject: [PATCH 41/65] website/integrations: Stripe: cleanup (#22703) * website/integrations: Stripe: cleanup Agent-thread: https://sdko.org/internal/threads/019e6b53-1b1a-74e1-a11e-c68fdf728ce5 A7k-product: product A7k-product-repo: 4 Co-authored-by: Agent * Update website/integrations/platforms/stripe/index.mdx Co-authored-by: Dewi Roberts Signed-off-by: Dominic R * Update website/integrations/platforms/stripe/index.mdx Co-authored-by: Dewi Roberts Signed-off-by: Dominic R * Update website/integrations/platforms/stripe/index.mdx Co-authored-by: Dewi Roberts Signed-off-by: Dominic R * Update website/integrations/platforms/stripe/index.mdx Co-authored-by: Dewi Roberts Signed-off-by: Dominic R --------- Signed-off-by: Dominic R Co-authored-by: Agent Co-authored-by: Dewi Roberts --- .../integrations/platforms/stripe/index.mdx | 113 +++++++++++------- 1 file changed, 67 insertions(+), 46 deletions(-) diff --git a/website/integrations/platforms/stripe/index.mdx b/website/integrations/platforms/stripe/index.mdx index ea98088731..86f9a27896 100644 --- a/website/integrations/platforms/stripe/index.mdx +++ b/website/integrations/platforms/stripe/index.mdx @@ -15,87 +15,108 @@ support_level: community The following placeholders are used in this guide: - `authentik.company` is the FQDN of the authentik installation. +- `example.com` is the email domain that you verify for Stripe SSO. +- `stripe_account_id` is the Stripe account ID to configure, such as `acct_...`. :::info This documentation lists only the settings that you need to change from their default values. Be aware that any changes other than those explicitly mentioned in this guide could cause issues accessing your application. ::: +:::info Domain verification required +Stripe requires a verified email domain before SSO can be enabled. +::: + ## authentik configuration -To support the integration of Stripe with authentik, you need to create a group, a property mapping, and an application/provider pair in authentik. +To support the integration of Stripe with authentik, create a group, a property mapping, and an application/provider pair in authentik. -### Create a user group in authentik +### Create a user group + +Use a group attribute to define the Stripe role that authentik sends for each user. 1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Directory** > **Groups** and click **Create**. -3. Set a name for the group (e.g. `Stripe Admins`). -4. In the **Attributes** field enter: `stripe_role: admin`. Other account types are also supported, see the [Stripe SSO Documentation](https://docs.stripe.com/get-started/account/sso/other#configuring-your-identity-provider) -5. Click **Create**. -6. Then, click the name of the newly created group and navigate to the **Users** tab. -7. Click **Add existing user**, select the user that needs Stripe admin access and click **Add**. +3. Set a descriptive group name, such as `Stripe Admins`. +4. In the **Attributes** field, set the Stripe role for members of this group: -### Create a property mapping in authentik - -1. Log in to authentik as an administrator and open the authentik Admin interface. -2. Navigate to **Customization** > **Property Mappings** and click **Create**. Then, create a **SAML Provider Property Mapping** using the following settings: - - **Name**: `Stripe Role` - - **SAML Attribute Name**: `Stripe-Role-` Can be found [here](https://dashboard.stripe.com/settings/account) - - **Friendly Name**: Leave blank - - **Expression**: - - ```python - return request.user.group_attributes().get("stripe_role", "") + ```yaml + stripe_role: admin ``` - :::info - To find your Stripe account ID, log in to your Stripe dashboard and navigate to **Settings** > **Account** > **Account details**. You'll find your account ID, which starts with `acct_`, displayed on the right-hand side. - ::: + Use the Stripe role value that members of this group should receive, such as `admin`, `developer`, or `view_only`. Stripe lists the available role values in their [SSO documentation](https://docs.stripe.com/get-started/account/sso/other#configuring-your-identity-provider). -### Create an application and provider in authentik +5. Click **Create**. +6. Click the name of the newly created group and navigate to the **Users** tab. +7. Click **Add existing user**, select the user that needs Stripe access, and click **Add**. + +### Create a property mapping 1. Log in to authentik as an administrator and open the authentik Admin interface. -2. Navigate to **Applications** > **Applications** and click **New Application** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.) - - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. +2. Navigate to **Customization** > **Property Mappings** and click **Create**. +3. Select **SAML Provider Property Mapping** and click **Next**. +4. Configure the property mapping with the following settings: + - **Name**: `Stripe Role` + - **SAML Attribute Name**: `Stripe-Role-` + - **Friendly Name**: leave blank. + - **Expression**: + + ```python + return request.user.group_attributes(request).get("stripe_role", "") + ``` + +5. Click **Finish** to save the property mapping. + +:::info Organization-level SSO +For organization-level SSO, use `Stripe-Role-` as the SAML attribute name instead of `Stripe-Role-`. +::: + +### Create an application and provider pair + +1. Log in to authentik as an administrator and open the authentik Admin interface. +2. Navigate to **Applications** > **Applications** and click **New Application** to create an application and provider pair. + - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. Take note of the **Slug** value because it is required later. + - Under **UI Settings**, set **Launch URL** to `https://dashboard.stripe.com/login/saml_direct/domain/example.com/merchant/`. - **Choose a Provider type**: select **SAML Provider** as the provider type. - **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations. - Set the **ACS URL** to `https://dashboard.stripe.com/login/saml/consume`. - Set the **Audience** to `https://dashboard.stripe.com/saml/metadata`. - Under **Advanced protocol settings**: - - Set an available **Signing certificate**. - - Add the previously created `Stripe Role` property mapping to **Selected User Property Mappings**. + - Select an available **Signing Certificate**. - Set **NameID Property Mapping** to `authentik default SAML Mapping: Email`. - + - Add the `Stripe Role` property mapping to **Selected User Property Mappings**. - **Configure Bindings** _(optional)_: you can create a [binding](/docs/add-secure-apps/bindings-overview/) (policy, group, or user) to manage the listing and access to applications on a user's **Application Dashboard** page. 3. Click **Submit** to save the new application and provider. -### Download certificate file +### Download the signing certificate -1. Log in to authentik as an administrator and open the authentik Admin interface. -2. Navigate to **Applications** > **Providers** and click on the name of the provider that you created in the previous section (e.g. `Provider for Stripe`). -3. Under **Related objects** > **Download signing certificate**, click on **Download**. This downloaded file is your `Certificate` file and it will be required in the next section. +1. Navigate to **Applications** > **Providers** and click the name of the SAML provider that you created. +2. Under **Related objects** > **Download signing certificate**, click **Download**. This certificate file is required in the next section. ## Stripe configuration -1. Log in to the [Stripe administrator user authentication page](https://dashboard.stripe.com/account/user_authentication) as an administrator. -2. Click on the **Settings** cogwheel, and navigate to **Team and security** > **Single sign-on (SSO)**. -3. Click **Add domain**, then input the domain that SSO users will use. For more information, see the [Stripe Proving Domain Ownership documentation](https://docs.stripe.com/get-started/account/sso/other#proving-domain-verification). -4. Once your domain is verified, click the three dots next to the domain name, and click **Manage SSO Settings**. -5. Enter the following settings: - - **Identity Provider URL**: `https://auth.domain.com/application/saml/stripe/` - - **Issuer ID**: `https://authentik.company/application/saml//metadata/` - - **Identity Provider Certificate**: Paste in the contents of your authentik signing certificate. +This guide expects that you have already verified `example.com` for SSO in Stripe. -6. Click **Continue**. -7. Enter the email address of an authentik user designated for testing the SSO configuration and click **Continue**. Ensure that the user belongs to the appropriate authentik group. After logging in on authentik, you will be redirected back to Stripe. -8. If the test is successful, click **Continue**. Otherwise, verify your configuration and try again. -9. Choose the **SSO Enforcement** setting. Selecting `Required` mandates that users use authentik to log in, whereas `Optional` allows users to choose between authentik and the standard Stripe login. -10. Click **Save**. +1. Log in to the [Stripe Dashboard](https://dashboard.stripe.com/) as an administrator. +2. Click the **Settings** cogwheel, then navigate to **Team and security** > **Single sign-on (SSO)**. +3. Open the SSO settings for your verified domain. +4. Enter the following settings: + - **Identity provider URL**: `https://authentik.company/application/saml//` + - **Issuer ID**: `https://authentik.company/application/saml//metadata/` + - **Identity provider certificate**: paste the contents of the authentik signing certificate. +5. Click **Test** and complete the SSO test with a Stripe user whose email address belongs to the verified domain and who has the required Stripe role attribute from authentik. +6. If the test succeeds, save the settings and choose the appropriate **SSO enforcement** mode. + +:::warning Assign users before requiring SSO +Do not require SSO until the users who need Stripe access are assigned to the Stripe application in authentik and receive a valid Stripe role attribute. If users do not receive a valid role attribute, Stripe rejects the login. +::: ## Configuration verification -To verify that authentik is properly integrated with Stripe, first sign out of your account. Then, navigate to the [Stripe dashboard login page](https://dashboard.stripe.com/login) and then click **Sign in with SSO**. Enter an email address that’s provisioned for SSO, and click **Continue with SSO**. You will then be redirected to authentik for authentication before being sent back to the Stripe dashboard. +To confirm that authentik is properly configured with Stripe, open the Stripe application from the authentik Application Dashboard. You should be redirected to authentik for authentication and then to the Stripe Dashboard. ## Resources -- [Stripe documentation - Single sign-on with a SAML provider](https://docs.stripe.com/get-started/account/sso/other) +- [Stripe Docs - Single sign-on with SAML Identity Provider](https://docs.stripe.com/get-started/account/sso/other) +- [Stripe Docs - Organization-level SSO](https://docs.stripe.com/get-started/account/orgs/sso) +- [Stripe Docs - Troubleshoot SSO](https://docs.stripe.com/get-started/account/sso/troubleshooting) From 313eb26ac4ce77ce8725a536740dc62001bd1eab Mon Sep 17 00:00:00 2001 From: Dominic R Date: Thu, 4 Jun 2026 13:04:18 -0400 Subject: [PATCH 42/65] website/integrations: Zoho: cleanup (#22701) * website/integrations: Zoho: cleanup Refresh the Zoho SAML guide to match the current integration template and documented Zoho/authentik flows. Agent-thread: https://sdko.org/internal/threads/019e6b52-1f5f-7892-9ffd-229f764096a7 A7k-product: product A7k-product-repo: 2 Co-authored-by: Agent * Update website/integrations/platforms/zoho/index.mdx Co-authored-by: Dewi Roberts Signed-off-by: Dominic R * Update website/integrations/platforms/zoho/index.mdx Co-authored-by: Dewi Roberts Signed-off-by: Dominic R --------- Signed-off-by: Dominic R Co-authored-by: Agent Co-authored-by: Dewi Roberts --- website/integrations/platforms/zoho/index.mdx | 84 ++++++++----------- 1 file changed, 36 insertions(+), 48 deletions(-) diff --git a/website/integrations/platforms/zoho/index.mdx b/website/integrations/platforms/zoho/index.mdx index b30e9ba4bb..b43bf00924 100644 --- a/website/integrations/platforms/zoho/index.mdx +++ b/website/integrations/platforms/zoho/index.mdx @@ -6,7 +6,7 @@ support_level: community ## What is Zoho? -> Zoho Corporation is an Indian multinational technology company that makes computer software and web-based business tools. It is best known for the online office suite offering Zoho Office Suite. +> Zoho provides a suite of cloud applications for business operations, including email, collaboration, CRM, finance, HR, and analytics tools. > > -- https://www.zoho.com @@ -15,26 +15,26 @@ support_level: community The following placeholders are used in this guide: - `authentik.company` is the FQDN of the authentik installation. +- `accounts.zoho.com` is the Zoho Accounts URL for your organization's data center. :::info This documentation lists only the settings that you need to change from their default values. Be aware that any changes other than those explicitly mentioned in this guide could cause issues accessing your application. ::: -:::warning -IdP initiated login does not work with Zoho. This is due to Zoho's non-standard requirement to set the format of the SAML `NameID` response which is currently not possible with authentik. -::: +Use the Zoho Accounts URL that matches your organization's data center: + +- United States: `https://accounts.zoho.com` +- Australia: `https://accounts.zoho.com.au` +- Europe: `https://accounts.zoho.eu` +- India: `https://accounts.zoho.in` +- China: `https://accounts.zoho.com.cn` +- Japan: `https://accounts.zoho.jp` +- Canada: `https://accounts.zohocloud.ca` +- Saudi Arabia: `https://accounts.zoho.sa` ## Download Zoho metadata file -1. Log in to Zoho Accounts as an administrator via one of the following links: - - United States: https://accounts.zoho.com - - Australia: https://accounts.zoho.com.au - - European Union: https://accounts.zoho.eu - - India: https://accounts.zoho.in - - China: https://accounts.zoho.com.cn - - Japan: https://accounts.zoho.jp - - Canada: https://accounts.zohocloud.ca - +1. Log in to Zoho Accounts as an administrator at the Zoho Accounts URL for your data center. 2. Navigate to **Organization** > **SAML Authentication**. 3. Click **Download Metadata**. You will require this Zoho metadata file in the next section. @@ -42,33 +42,22 @@ IdP initiated login does not work with Zoho. This is due to Zoho's non-standard To support the integration of Zoho with authentik, you need to create an application/provider pair in authentik. -### Create provider +### Create an application and provider 1. Log in to authentik as an administrator and open the authentik Admin interface. -2. Navigate to **Applications** > **Provider** and click **Create**. +2. Navigate to **Applications** > **Applications** and click **New Application** to open the application wizard. + - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. - **Choose a Provider type**: select **SAML Provider from Metadata** as the provider type. - - **Configure the Provider**: - - Provide a descriptive name. - - Select the authorization and invalidation flows to use for this provider. - - For **Metadata**, select the Zoho metadata file that was downloaded in the previous section. - -3. Click **Finish** to save the new provider. -4. Select the **Edit** icon of the newly created Zoho provider, and configure the following settings: + - **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization and invalidation flows to use for this provider, and the following required configuration: + - **Metadata**: select the Zoho metadata file that you downloaded in the previous section. + - **Configure Bindings** _(optional)_: you can create a [binding](/docs/add-secure-apps/bindings-overview/) (policy, group, or user) to manage the listing and access to applications on a user's **Application Dashboard** page. +3. Click **Submit** to save the new application and provider. +4. Navigate to **Applications** > **Providers** and click the **Edit** icon of the Zoho provider. +5. Configure the following settings: - Under **Advanced protocol settings**: - - Select an available **Signing certificate**. + - Select an available **Signing Certificate**. - Set **NameID Property Mapping** to `authentik default SAML Mapping: Email`. - -5. Click **Update** to save the changes. - -### Create application - -1. Log in to authentik as an administrator and open the authentik Admin interface. -2. Navigate to **Applications** > **Application** and click **Create**. - - **Configure the Application**: - - Provide a descriptive name and slug. - - For **Provider**, select the Zoho provider created in the previous section. - - Under **UI Settings**, set **Launch URL** to `https://www.zoho.com/login.html`. -3. Click **Finish** to save the new application. +6. Click **Update**. ### Download authentik metadata file @@ -78,28 +67,27 @@ To support the integration of Zoho with authentik, you need to create an applica ## Zoho configuration -1. Log in to Zoho Accounts as an administrator via one of the following links: - - United States: https://accounts.zoho.com - - Australia: https://accounts.zoho.com.au - - European Union: https://accounts.zoho.eu - - India: https://accounts.zoho.in - - China: https://accounts.zoho.com.cn - - Japan: https://accounts.zoho.jp - - Canada: https://accounts.zohocloud.ca - +1. Log in to Zoho Accounts as an administrator using your Zoho Accounts URL. 2. Navigate to **Organization** > **SAML Authentication**, and under **SAML Authentication** select **Set up Now**. 3. Click **Upload Metadata** and upload your authentik metadata file. -4. Set **Name Identifier** to `Email Address`. +4. In **Zoho Service**, select the Zoho service that users should open after IdP-initiated sign-in from authentik. 5. Click **Submit**. -:::info -Accounts must be manually provisioned in Zoho before logging in via authentik SSO. +:::info User provisioning +If you do not enable Zoho's Just-in-Time provisioning, users must already exist in your Zoho organization before they can sign in with authentik. + +If you enable Just-in-Time provisioning, Zoho validates the SAML response and the user's domain before adding the user. Domain verification and user-field mapping in Zoho are outside the scope of this guide. ::: ## Configuration verification -To confirm that authentik is properly configured with Zoho, log out and go to the [Zoho login page](https://www.zoho.com/login.html), and click **SIGN IN**. Enter the email address of an account that is provisioned in both Zoho and authentik and click **Next**, and then select **Sign in using SAML - SAML**. You should be redirected to authentik, where you'll be prompted to authenticate. Once authenticated, you should then be redirected to the Zoho dashboard. +To confirm that authentik is properly configured with Zoho, open the Zoho integration from the authentik Application Dashboard. You should be redirected to Zoho and signed in to the Zoho service you selected during the Zoho configuration. + +You can also test the SP-initiated flow by opening the Zoho sign-in page for your data center, entering the email address of an account that exists in both Zoho and authentik, and selecting the SAML sign-in option when prompted. You should be redirected to authentik to authenticate, then back to Zoho. ## Resources - [Zoho Help - Configure SAML in Zoho Accounts](https://help.zoho.com/portal/en/kb/accounts/manage-your-organization/saml/articles/configure-saml-in-zoho-accounts#Configure_SAML_in_your_IdP_using_Zohos_Metadata) +- [Zoho Help - SAML terminology](https://help.zoho.com/portal/en/kb/accounts/manage-your-organization/saml/articles/saml-terminologies) +- [Zoho Help - Data center for Zoho Account](https://help.zoho.com/portal/en/kb/accounts/manage-your-zoho-account/articles/data-center-for-zoho-account) +- [Zoho China Help - Configure SAML in Zoho Accounts](https://www.zoho.com.cn/accounts/help/saml/configure-zoho-accounts.html) From 5ad73a0f6a63b0c94d7ec125f46e6f064896815c Mon Sep 17 00:00:00 2001 From: Dominic R Date: Thu, 4 Jun 2026 13:05:04 -0400 Subject: [PATCH 43/65] website/docs: clarify OAuth2 provider overview (#22144) --- .../providers/oauth2/index.mdx | 68 +++++++++---------- 1 file changed, 34 insertions(+), 34 deletions(-) diff --git a/website/docs/add-secure-apps/providers/oauth2/index.mdx b/website/docs/add-secure-apps/providers/oauth2/index.mdx index 15c514b3f3..8513d404a6 100644 --- a/website/docs/add-secure-apps/providers/oauth2/index.mdx +++ b/website/docs/add-secure-apps/providers/oauth2/index.mdx @@ -1,29 +1,29 @@ --- -title: OAuth 2.0 provider +title: OAuth2/OpenID provider --- -In authentik, you can [create](./create-oauth2-provider.md) an [OAuth 2.0](https://oauth.net/2/) provider that authentik uses to authenticate the user to the associated application. This provider supports both generic OAuth 2.0 as well as OpenID Connect (OIDC). +In authentik, you can [create](./create-oauth2-provider.md) an [OAuth 2.0](https://oauth.net/2/) provider that authenticates users to an associated application. The provider supports generic OAuth 2.0 clients and OpenID Connect (OIDC) relying parties. ## authentik and OAuth 2.0 -It's important to understand how authentik works with and supports the OAuth 2.0 protocol, so before taking a [closer look at OAuth 2.0 protocol](#about-oauth-20-and-oidc) itself, let's cover a bit about authentik. +Before looking at the [OAuth 2.0 protocol](#about-oauth-20-and-oidc), it helps to understand the roles that authentik can play. -authentik can act either as the OP (OpenID Provider, with authentik as the IdP), or as the RP (Relying Party, or the application that uses OAuth 2.0 to authenticate). If you want to configure authentik as an OP, create an OAuth 2.0 provider. If you want authentik to serve as the RP, then configure a [source](../../../users-sources/sources/index.md). Of course, authentik can serve as both the RP and OP, if you want to use the authentik OAuth provider and also use sources. +authentik can act as the OpenID Provider (OP), where authentik is the identity provider, or as the Relying Party (RP), where authentik uses an external OAuth 2.0 or OIDC provider for authentication. To use authentik as the OP, create an OAuth 2.0 provider and attach it to an application. To use authentik as the RP, configure an OAuth [source](../../../users-sources/sources/index.md). The same authentik instance can act as both an OP and an RP. -authentik supports all standard OAuth 2.0 flows (authorization code, client_credentials, implicit, hybrid, device code) and grant types, and follows the [OIDC spec](https://openid.net/specs/openid-connect-core-1_0.html). OAuth 2.0 in authentik supports PKCE, [GitHub compatibility](./github-compatibility.md), and the RP receives data from our scope mapping system. +authentik supports standard OAuth 2.0 flows and grant types, including authorization code, client credentials, implicit, hybrid, refresh token, and device code. authentik also follows the [OIDC spec](https://openid.net/specs/openid-connect-core-1_0.html), supports PKCE and [GitHub compatibility](./github-compatibility.md), and uses [scope mappings](../property-mappings/index.md#scope-mappings-with-oauth2) to control the claims returned to the RP. -The authentik OAuth 2.0 provider comes with all the standard functionality and features of OAuth 2.0, including the OAuth 2.0 security principles such as no cleartext storage of credentials, configurable encryption, configurable short expiration times, and the configuration of automatic rotation of refresh tokens. In short, authentik offers comprehensive OAuth 2.0 support. +The OAuth 2.0 provider includes security-focused configuration options such as no cleartext storage of credentials, configurable signing and encryption keys, short token expiration times, and automatic refresh token rotation. ## About OAuth 2.0 and OIDC -OAuth 2.0 is an authorization protocol that allows an application (the RP) to delegate authorization to an OP. OIDC is an authentication protocol built on top of OAuth 2.0, which provides identity credentials and other data on top of OAuth 2.0. +OAuth 2.0 is an authorization framework that lets an application delegate authorization to an authorization server. OIDC builds authentication on top of OAuth 2.0, adding identity tokens and standardized user claims. -**OAuth 2.0** typically requires two requests (unlike the previous "three-legged" OAuth 1.0). The two "legs", or requests, for OAuth 2.0 are: +A typical OAuth 2.0 authorization code flow has two main requests: -1. An authorization request is prepared by the RP and contains parameters for its implementation of OAuth and which data it requires, and then the User's browser is redirected to that URL. -2. The RP sends a request to authentik in the background to exchange the access code for an access token (and optionally a refresh token). +1. The RP prepares an authorization request that describes the requested access and redirects the user's browser to the OP. +2. After the OP authenticates the user, the RP exchanges the authorization code for an access token and, optionally, a refresh token. -In detail, with OAuth 2.0 when a user accesses the application (the RP) via their browser, the RP then prepares a URL with parameters for the OpenID Provider (OP), which the user's browser is redirected to. The OP authenticates the user and generates an authorization code. The OP then redirects the client (the user's browser) back to the RP, along with that authorization code. In the background, the RP then sends that same authorization code in a request authenticated by the `client_id` and `client_secret` to the OP. Finally, the OP responds by sending an Access Token saying this user has been authorized (the RP is recommended to validate this token using cryptography) and optionally a Refresh Token. +When a user opens the application, the RP builds an authorization URL and redirects the user's browser to the OP. The OP authenticates the user and redirects the browser back to the RP with an authorization code. The RP then sends the code to the OP in a back-channel request, authenticating with its `client_id` and, for confidential clients, its `client_secret`. The OP returns an access token and, when configured, a refresh token. The RP should validate received tokens before trusting their contents. The image below shows a typical authorization code flow. @@ -63,7 +63,7 @@ sequenceDiagram | OpenID Configuration | `/application/o//.well-known/openid-configuration` | :::caution Reserved application slugs -Due to how the OAuth2 provider endpoints are structured, you cannot create applications that use the slugs `authorize`, `token`, `device`, `userinfo`, `introspect`, or `revoke` as these would conflict with the global OAuth 2.0 endpoints. +Due to how the OAuth2/OpenID provider endpoints are structured, you cannot create applications that use the slugs `authorize`, `token`, `device`, `userinfo`, `introspect`, or `revoke` as these would conflict with the global OAuth 2.0 endpoints. ::: ### Cross-provider token introspection and revocation @@ -74,11 +74,11 @@ For cross-provider introspection or revocation, authenticate the request with a ### Additional configuration options with Redirect URIs -When using an OAuth 2.0 provider in authentik, the OP must validate the provided redirect URI by the RP. An authentik admin can configure a list in the **Redirect URI** field on the Provider. +When using an OAuth 2.0 provider in authentik, the OP must validate the redirect URI provided by the RP. An authentik administrator can configure allowed redirect URIs in the provider's **Redirect URI** field. -When you create a new OAuth 2.0 provider and app in authentik and you leave the **Redirect URI** field empty, then the first time a user opens that app, authentik uses that URL as the saved redirect URL. +If you leave the **Redirect URI** field empty when creating a provider and application, authentik saves the first redirect URI used when a user opens the application. -For advanced use cases, an authentik admin can use regular expressions (regex) instead of a redirect URL. For example, if you want to list ten different applications, instead of listing them all individually, you can create an expression with wildcards. When using regex, be aware that authentik uses a dot as a separator in the URL, but in regex a dot means "one of any character", a wildcard. You should therefore escape the dot with `\.` to prevent its interpretation as a wildcard. +For advanced use cases, an authentik administrator can use regular expressions instead of static redirect URLs. For example, you can use a regular expression to match a group of related redirect URLs instead of listing each URL individually. When matching literal periods in hostnames, escape them as `\.` because, in regular expressions, an unescaped period matches any character. ### OAuth2/OpenID Connect back-channel logout @@ -109,11 +109,11 @@ Global issuer mode still serves the discovery document at `https://authentik.com There are three general flows of OAuth 2.0: -1. Web-based application authorization (Authorization code, Implicit, Refresh token) -2. Client credentials (Machine-to-machine) +1. Web-based application authorization (authorization code, implicit, and hybrid) +2. Client credentials (machine-to-machine) 3. Device code -Additionally, the [Refresh token](#refresh-token-grant) (grant type) is optionally used with any of the above flows, as well as the client credentials and device code flows. +The [refresh token](#refresh-token-grant) grant type can be used with several flows to obtain a new access token without another interactive login. You can define which grant types are available for your OAuth2 provider when you [create and configure the provider](./create-oauth2-provider.md). By default, all types are selected. @@ -127,27 +127,27 @@ The flows and grant types used in this case are those used for a typical authori #### Authorization code -The authorization code is for environments with both a client and an application server, where the back and forth happens between the client and an app server (the logic lives on app server). The RP needs to authorize itself to the OP. Client ID (public, identifies which app is talking to it) and client secret (the password) that the RP uses to authenticate. +The authorization code grant is intended for applications with a backend server. The browser receives an authorization code, and the backend exchanges that code for tokens. During the exchange, confidential clients authenticate to the OP with their client ID and client secret. -If you configure authentik to use "Offline access" then during the initial auth the OP sends two tokens, an access token (short-lived, hours, can be customized) and a refresh token (typically longer validity, days or infinite). The RP (the app) saves both tokens. When the access token is about to expire, the RP sends the saved refresh token back to the OP, and requests a new access token. When the refresh token itself is about to expire, the RP can also ask for a new refresh token. This can all happen without user interaction if you configured the offline access. +If you configure authentik to allow offline access, the OP can return both a short-lived access token and a longer-lived refresh token during the initial authorization. The RP stores the tokens and uses the refresh token to request a new access token before the current access token expires. Depending on the provider settings, the RP can also receive a rotated refresh token without requiring another user interaction. :::info -Starting with authentik 2024.2, applications only receive an access token. To receive a refresh token, both applications and authentik must be configured to request the `offline_access` scope. In authentik this can be done by selecting the `offline_access` Scope mapping in the provider settings. +Starting with authentik 2024.2, applications only receive an access token by default. To receive a refresh token, the application must request the `offline_access` scope and the authentik provider must include the `offline_access` scope mapping. ::: -The authorization code grant type is used to convert an authorization code to an access token (and optionally a refresh token). The authorization code is retrieved through the authentik [Authorization flow](../../flows-stages/flow/index.md), can only be used once, and expires quickly. +The authorization code grant converts an authorization code into an access token and, optionally, a refresh token. The authorization code is issued by the authentik [authorization flow](../../flows-stages/flow/index.md), can only be used once, and expires quickly. #### Implicit :::info -The OAuth 2.0 [Security Best Current Practice document](https://tools.ietf.org/html/draft-ietf-oauth-security-topics) recommends against using the Implicit flow entirely, and OAuth 2.0 for Browser-Based Apps describes the technique of using the authorization code flow with PKCE instead. ([source](https://oauth.net/2/grant-types/implicit/)) +The OAuth 2.0 [Security Best Current Practice document](https://tools.ietf.org/html/draft-ietf-oauth-security-topics) recommends against using the implicit flow. OAuth 2.0 for browser-based apps recommends using the authorization code flow with PKCE instead. ([source](https://oauth.net/2/grant-types/implicit/)) ::: -This flow is intended for modern single‑page applications or downloaded apps that run entirely on the client side (all JavaScript, no backend logic) and have no server that can safely store secrets or exchange tokens. Because the client secret cannot be kept secure on the user’s device, the implicit flow is required in these architectures. With the implicit flow, the application skips the second request in the authorization code flow: after the initial authorization request, the client receives a token directly. Using cryptographic checks such as PKCE, the client can verify that it is the intended recipient and that it is safe to use the token. The RP can then use cryptography to validate the token. +The implicit flow was designed for browser-only or installed applications that cannot safely store a client secret. In this flow, the OP returns tokens directly from the authorization request instead of requiring a separate back-channel token exchange. For new browser-based applications, use the authorization code flow with PKCE instead. #### Hybrid -The Hybrid flow is an OpenID Connect flow that incorporates traits of both the Implicit flow and the Authorization Code flow. It provides an application instant access to an ID token while ensuring secure and safe retrieval of access tokens and refresh tokens. This can be useful in situations where the application needs to quickly access information about the user, while in the background doing further processing to get additional tokens before gaining access to additional resources. +The hybrid flow is an OpenID Connect flow that combines parts of the implicit flow and the authorization code flow. It can return an ID token immediately while the application completes a back-channel exchange to retrieve access tokens and refresh tokens. ### 2. Client credentials @@ -157,13 +157,13 @@ For more information, see [Machine-to-machine authentication](./machine_to_machi ### 3. Device code -The device code flow is used in situations where there is no browser and limited options for text or data input from a client ("input-constrained devices"). For example, using a subscription TV program on a television, where you use a website on your mobile device to input a code displayed on the TV, authenticate, and then you are logged in to the TV. +The device code flow is used when a device has no browser or has limited text input. For example, a TV application can display a code that the user enters on another device to authenticate the session. For more information, see [Device code flow](./device_code.md). #### Refresh token grant -Refresh tokens can be used as long-lived tokens to access user data, and further renew the refresh token down the road. +Refresh tokens let an application obtain new access tokens without requiring another interactive login. Depending on the provider settings, refresh tokens can also be rotated when they are used. :::info Starting with authentik 2024.2, the refresh token grant type requires the `offline_access` scope. @@ -178,7 +178,7 @@ Scopes can be configured using scope mappings, a type of [property mapping](../p By default, every user that has access to an application can request any of the configured scopes. Starting with authentik 2022.4, you can do additional checks for the scope in an expression policy (bound to the application): ```python -# There are additional fields set in the context, use `ak_logger.debug(request.context)` to see them. +# There are additional fields set in the context; use `ak_logger.debug(request.context)` to see them. if "my-admin-scope" in request.context["oauth_scopes"]: return ak_is_group_member(request.user, name="my-admin-group") @@ -187,7 +187,7 @@ return True ## Default & special scopes -When a client does not request any scopes, authentik will treat the request as if all configured scopes were requested. Depending on the configured authorization flow, consent still needs to be given, and all scopes are listed there. +When a client does not request any scopes, authentik treats the request as if all configured scopes were requested. Depending on the configured authorization flow, consent still needs to be given, and all scopes are listed there. This does _not_ apply to special scopes, as those are not configurable in the provider. @@ -201,13 +201,13 @@ This does _not_ apply to special scopes, as those are not configurable in the pr ### authentik -- `goauthentik.io/api`: This scope grants the refresh token access to the authentik API on behalf of the user +- `goauthentik.io/api`: This scope grants the refresh token access to the authentik API on behalf of the user. ### GitHub compatibility -- `user`: No-op, is accepted for compatibility but does not give access to any resources -- `read:user`: Same as above -- `user:email`: Allows read-only access to `/user`, including email address +- `user`: No-op, is accepted for compatibility but does not give access to any resources. +- `read:user`: Same as above. +- `user:email`: Allows read-only access to `/user`, including email address. - `read:org`: Allows read-only access to `/user/teams`, listing all the user's groups as teams. ### Email scope verification @@ -242,4 +242,4 @@ When **Signing Key** is not selected, authentik signs JWTs symmetrically with th ### Encryption -authentik can also encrypt JWTs (turning them into JWEs) it issues by selecting an **Encryption Key** in the provider. When selected, all JWTs will be encrypted symmetrically using the selected certificate. authentik uses the `RSA-OAEP-256` algorithm with the `A256CBC-HS512` encryption method. +authentik can also encrypt JWTs (turning them into JWEs) that it issues by selecting an **Encryption Key** in the provider. When selected, all JWTs will be encrypted using the selected certificate. authentik uses the `RSA-OAEP-256` key management algorithm with the `A256CBC-HS512` content encryption method. From 0b1dc626c94767bbb298712eaddb6f7b18f6f28f Mon Sep 17 00:00:00 2001 From: Dominic R Date: Thu, 4 Jun 2026 13:14:10 -0400 Subject: [PATCH 44/65] website/docs: Document flow planner (#22660) --- website/api/flow-executor.md | 2 + .../bindings-overview/index.md | 15 +++---- .../flows-stages/flow/index.md | 4 +- .../flows-stages/flow/inspector.md | 6 +-- .../flows-stages/flow/planner.md | 42 +++++++++++++++++++ .../flows-stages/stages/deny/index.md | 2 +- .../flows-stages/stages/index.md | 2 +- .../flows-stages/stages/password/index.md | 2 +- .../expression/managing_flow_context_keys.md | 2 +- .../customize/policies/types/reputation.md | 2 +- .../policies/working_with_policies.md | 2 +- website/docs/sidebar.mjs | 1 + 12 files changed, 61 insertions(+), 21 deletions(-) create mode 100644 website/docs/add-secure-apps/flows-stages/flow/planner.md diff --git a/website/api/flow-executor.md b/website/api/flow-executor.md index 1e9fb7f767..7b69146cc2 100644 --- a/website/api/flow-executor.md +++ b/website/api/flow-executor.md @@ -11,6 +11,8 @@ However, any flow can be executed via an API from anywhere, in fact that is what Because the flow executor stores its state in the HTTP Session, so you need to ensure that cookies between flow executor requests are persisted. ::: +When a flow execution starts, authentik creates a [flow plan](/docs/add-secure-apps/flows-stages/flow/planner/) for the current session. The flow executor advances through that plan as each stage completes. + :::info Note that the HTTP session must be obtained as a cookie before `GET /api/v3/flows/executor/:slug` can be called. If you are using a JWT for authentication, you first have to obtain a session cookie via `GET /api/v3/flows/instances/:slug/execute/` before requesting `GET /api/v3/flows/executor/:slug`. ::: diff --git a/website/docs/add-secure-apps/bindings-overview/index.md b/website/docs/add-secure-apps/bindings-overview/index.md index cf0c132adc..0037a28543 100644 --- a/website/docs/add-secure-apps/bindings-overview/index.md +++ b/website/docs/add-secure-apps/bindings-overview/index.md @@ -132,23 +132,18 @@ If a target has no applicable bindings, authentik treats the result as passing b A flow-stage binding attaches a stage to a flow and defines the order in which that stage runs. -Flow-stage bindings are also called stage bindings. authentik uses them while building the flow plan that determines which stages a user will see and in what order. +Flow-stage bindings are also called stage bindings. authentik uses them while building the [flow plan](../flows-stages/flow/planner.md) that determines which stages a user will see and in what order. This matters because stages are reusable objects. The same stage can appear in multiple flows, but each flow-stage binding can have its own policies, users, groups, order, and evaluation settings. When you bind a policy to a stage in a specific flow, you are binding it to that flow-stage binding, not to the reusable stage definition itself. ### When authentik evaluates stage-binding policies -Flow-stage bindings have two evaluation settings: +Flow-stage bindings have two policy evaluation options: -- **Evaluate when flow is planned**: authentik evaluates the binding while it is building the flow plan. If the binding does not pass at planning time, the stage is not added to the plan. -- **Evaluate when the stage is run**: authentik adds the stage to the flow plan, then evaluates the binding again immediately before the stage is shown. If the binding no longer passes, authentik removes that stage from the flow plan. +- **Evaluate when flow is planned**: authentik evaluates policies while building the flow plan. +- **Evaluate when stage is run**: authentik evaluates policies immediately before presenting the stage. -The second option is useful when the decision depends on context that is only available later in the flow. For example, after an identification stage completes, a subsequent stage binding can assess the identified user and then trigger a CAPTCHA or Deny stage as needed. - -In other words: - -- use **Evaluate when flow is planned** when the decision can already be made before the user reaches the stage -- use **Evaluate when the stage is run** when the decision depends on flow context that is created by an earlier stage +At least one of these options must be enabled, and both can be enabled at the same time. For the full behavior and guidance on choosing the right setting, see [Flow Planner](../flows-stages/flow/planner.md#planning-and-stage-policies). ## What to remember diff --git a/website/docs/add-secure-apps/flows-stages/flow/index.md b/website/docs/add-secure-apps/flows-stages/flow/index.md index 71d1b41a15..16fd6f20ac 100644 --- a/website/docs/add-secure-apps/flows-stages/flow/index.md +++ b/website/docs/add-secure-apps/flows-stages/flow/index.md @@ -18,9 +18,9 @@ When these stages are successfully completed, authentik logs in the user. ![](./simple_stages.png) -By default, policies are evaluated dynamically, right before the stage (to which a policy is bound) is presented to the user. This flexibility allows the login process to continue, change, or stop, based on the success or failure of each policy. +By default, policies bound to stage bindings are evaluated dynamically, right before the stage is presented to the user. This flexibility allows the login process to continue, change, or stop, based on the success or failure of each policy. -This default behavior can be altered by enabling the **Evaluate when flow is planned** option on the stage binding. With this setting a _flow plan_ containing all stages is generated upon flow execution. This means that all attached policies are evaluated upon execution. For more information about flow plans, read our [flow context documentation](./context/index.mdx). +You can change this behavior by enabling the **Evaluate when flow is planned** option on the stage binding. When this option is enabled, authentik uses the [Flow Planner](./planner.md) to evaluate the stage binding's policies when the flow starts, and includes the stage in the flow plan only if those policies pass. ## Policies and permissions diff --git a/website/docs/add-secure-apps/flows-stages/flow/inspector.md b/website/docs/add-secure-apps/flows-stages/flow/inspector.md index 61a7782277..165bd8eb6a 100644 --- a/website/docs/add-secure-apps/flows-stages/flow/inspector.md +++ b/website/docs/add-secure-apps/flows-stages/flow/inspector.md @@ -2,7 +2,7 @@ title: Flow Inspector --- -The Flow Inspector allows administrators to visually determine how custom flows work, inspect the current [flow context](./context/index.mdx) by stepping through the flow process and observing the Inspector with each step, and investigate issues. +The Flow Inspector allows administrators to visually determine how custom flows work, inspect the current [flow context](./context/index.mdx) by stepping through the flow process and observing the Inspector with each step, and investigate issues. It shows details from the active [flow plan](./planner.md). As shown in the screenshot below, the Flow Inspector displays to the right, beside the selected flow (in this case, "Change Password"), with [information](#flow-inspector-details) about that specific flow and flow context. @@ -45,13 +45,13 @@ The following information is shown in the Inspector: #### Next stage -This is the currently planned next stage. If you have stage bindings configured to `Evaluate when flow is planned`, then you see the result here. If, however, you have them configured to re-evaluate (`Evaluate when stage is run`), then this does not show up, because the results vary based on your input. +This is the currently planned next stage. Stages that are evaluated when they run can still be skipped before they are shown. For more information, see [Planning and stage policies](./planner.md#planning-and-stage-policies). The name and kind of the stage, as well as the unique ID, are shown. #### Plan history -Here you can see an overview of which stages have run, which is currently active, and which is planned to come next. Same caveats as above apply. +Here you can see an overview of which stages have run, which is currently active, and which is planned to come next. #### Current plan context diff --git a/website/docs/add-secure-apps/flows-stages/flow/planner.md b/website/docs/add-secure-apps/flows-stages/flow/planner.md new file mode 100644 index 0000000000..38ae037282 --- /dev/null +++ b/website/docs/add-secure-apps/flows-stages/flow/planner.md @@ -0,0 +1,42 @@ +--- +title: Flow Planner +--- + +The Flow Planner is the component of authentik that takes a configured [flow](./index.md) and, for each incoming request for that flow, determines the specific stages to run and the order in which they will run. + +A flow describes a sequence of stages and policies. A flow plan is the per-session execution plan derived from that flow after authentik evaluates the request, the user, and the policies bound to the flow and its stage bindings. + +## How the planner works + +When a flow is executed, authentik creates a flow plan and does the following: + +1. Verifies that the flow can be used in the current authentication context. +2. Evaluates policies bound directly to the flow. +3. Loads the flow's stage bindings in order. +4. Evaluates stage binding policies when **Evaluate when flow is planned** is enabled. +5. Stores the resulting ordered stage list and [flow context](./context/index.mdx) in the user's session. + +The [flow executor](./executors/if-flow.md) then presents the first stage of the flow plan. When the stage completes successfully, authentik removes it from the flow plan and continues with the next stage. When no stages remain, the flow plan has completed. + +## Planning and stage policies + +Stage binding policies can be evaluated at two different times: + +- **Evaluate when flow is planned**: The policy is evaluated when the flow plan is created. If the policy does not pass, that stage is not included in the plan. +- **Evaluate when stage is run** (_default_): The policy is evaluated immediately before the stage is presented. If the policy does not pass at that point, authentik skips that stage and continues with the next planned stage. + +Both options can be enabled for the same stage binding. Use planning-time evaluation when a policy can be evaluated before any stages run. Use run-time evaluation when a policy depends on data that might be added to the flow context by earlier stages. + +For example, a password stage usually depends on the user identified by an earlier identification stage. If a policy for a later stage depends on `pending_user`, evaluate that policy when the stage is run, or ensure `pending_user` is already present when the plan is created. + +## Inspecting a plan + +Use the [Flow Inspector](./inspector.md) to execute a flow and, while it executes, view the current stage, the next planned stage, the plan history, and the current plan context. + +The Flow Inspector is accessed via the Flow Overview page and is particularly useful for troubleshooting flows and determining why stage binding policies fail to pass. It's also useful to evaluate values for use in policies. + +## Caching and session state + +authentik can cache flow plans so repeated executions of the same flow for the same user do not need to rebuild the same stage list every time. The active plan for a running flow is stored in the HTTP session, so browser-based and API-based flow executors must keep using the same session while the flow is running. + +If flow behavior changes after editing stage bindings or policies, start a new flow execution before troubleshooting. Existing sessions may already have a plan in progress. diff --git a/website/docs/add-secure-apps/flows-stages/stages/deny/index.md b/website/docs/add-secure-apps/flows-stages/stages/deny/index.md index afeebc65f1..e42c7b28d2 100644 --- a/website/docs/add-secure-apps/flows-stages/stages/deny/index.md +++ b/website/docs/add-secure-apps/flows-stages/stages/deny/index.md @@ -19,7 +19,7 @@ Bind this stage where a flow should stop after a policy or earlier stage determi ## Notes :::caution -To use this stage effectively, make sure **Evaluate when flow is planned** is disabled on the stage binding. +To use this stage effectively, make sure **Evaluate when flow is planned** is disabled on the stage binding. See [Planning and stage policies](../../flow/planner.md#planning-and-stage-policies). ::: If the binding is evaluated during flow planning, the denial can happen earlier than intended and skip the checks that were meant to decide whether the user should be denied. diff --git a/website/docs/add-secure-apps/flows-stages/stages/index.md b/website/docs/add-secure-apps/flows-stages/stages/index.md index 1ac0e09d86..6130a3d378 100644 --- a/website/docs/add-secure-apps/flows-stages/stages/index.md +++ b/website/docs/add-secure-apps/flows-stages/stages/index.md @@ -54,7 +54,7 @@ You can use a binding to determine which exact [stages](../stages/index.md) (all For an overview about all the different types of bindings in authentik and how they are used, refer to [About authentik bindings](../../bindings-overview/index.md). :::info -Be aware that some stages and flows do not allow user or group bindings, because in certain scenarios (authentication or enrollment), the flow plan doesn't yet know who the user or group is. +Be aware that some stages and flows do not allow user or group bindings, because in certain scenarios (authentication or enrollment), the [flow plan](../flow/planner.md) doesn't yet know who the user or group is. ::: ### Bind a stage to a flow diff --git a/website/docs/add-secure-apps/flows-stages/stages/password/index.md b/website/docs/add-secure-apps/flows-stages/stages/password/index.md index f47f45cdd0..3a206bf97a 100644 --- a/website/docs/add-secure-apps/flows-stages/stages/password/index.md +++ b/website/docs/add-secure-apps/flows-stages/stages/password/index.md @@ -53,7 +53,7 @@ To configure this setup: 3. Configure the expression so that it returns `True` only when the Password stage should run. Use one of the expressions below, depending on the authenticator type. 4. Navigate to **Flows and Stages** > **Flows** and open your authentication flow. 5. Open the **Stage Bindings** tab, expand the Password stage binding, and bind the Expression Policy there. Do not bind it to the flow itself or directly to the stage object. For more background, see [Bind a policy to a stage binding](../../../../customize/policies/working_with_policies.md#bind-a-policy-to-a-stage-binding). -6. On the Password stage binding, enable **Evaluate when stage is run**. Disable **Evaluate when flow is planned** unless the user is already known before the flow starts. +6. On the Password stage binding, enable **Evaluate when stage is run**. Disable **Evaluate when flow is planned** unless the user is already known before the flow starts. See [Planning and stage policies](../../flow/planner.md#planning-and-stage-policies). #### WebAuthn diff --git a/website/docs/customize/policies/types/expression/managing_flow_context_keys.md b/website/docs/customize/policies/types/expression/managing_flow_context_keys.md index 70a82c5b38..bcb4baf587 100644 --- a/website/docs/customize/policies/types/expression/managing_flow_context_keys.md +++ b/website/docs/customize/policies/types/expression/managing_flow_context_keys.md @@ -6,7 +6,7 @@ tags: - flows --- -[Flow context](../../../../add-secure-apps/flows-stages/flow/context/index.mdx) can be read and updated from an [Expression policy](./index.mdx) through `context["flow_plan"].context`. +[Flow context](../../../../add-secure-apps/flows-stages/flow/context/index.mdx) can be read and updated from an [Expression policy](./index.mdx) through `context["flow_plan"].context`. For more information about the active plan, see [Flow Planner](../../../../add-secure-apps/flows-stages/flow/planner.md). This is useful when you want to influence later stages in the same flow, such as changing a redirect target or passing data to another stage. diff --git a/website/docs/customize/policies/types/reputation.md b/website/docs/customize/policies/types/reputation.md index e6d42eef6c..bd267025ef 100644 --- a/website/docs/customize/policies/types/reputation.md +++ b/website/docs/customize/policies/types/reputation.md @@ -39,7 +39,7 @@ The threshold defaults to a low score, so the policy is naturally suited to "tri ## Use it on stage bindings -When you use a Reputation policy on a flow stage binding, configure the stage binding to **Evaluate when stage is run** so authentik can use the latest request context. +When you use a Reputation policy on a flow stage binding, configure the stage binding to **Evaluate when stage is run** so authentik can use the latest request context. For more information, see [Planning and stage policies](../../../add-secure-apps/flows-stages/flow/planner.md#planning-and-stage-policies). This is especially important when the policy should react to the current login attempt rather than only to the initial planned flow state. diff --git a/website/docs/customize/policies/working_with_policies.md b/website/docs/customize/policies/working_with_policies.md index f21bcae5bf..9f7f2ee5d2 100644 --- a/website/docs/customize/policies/working_with_policies.md +++ b/website/docs/customize/policies/working_with_policies.md @@ -67,7 +67,7 @@ When you bind a policy to a stage binding, this task is done per flow, and does 5. Click the arrow (**>**) beside the name of the stage to which you want to bind a policy. The details for that stage are displayed. 6. Either create and bind a new policy, or bind an existing policy, group, or user. -If the policy depends on request data that is only known after the user has interacted with the flow, configure the stage binding to **Evaluate when stage is run** instead of only at planning time. +If the policy depends on request data that is only known after the user has interacted with the flow, configure the stage binding to **Evaluate when stage is run**. For more information, see [Planning and stage policies](../../add-secure-apps/flows-stages/flow/planner.md#planning-and-stage-policies). ### Bind a policy to an application diff --git a/website/docs/sidebar.mjs b/website/docs/sidebar.mjs index 1e54df5a7a..9e143f314b 100644 --- a/website/docs/sidebar.mjs +++ b/website/docs/sidebar.mjs @@ -290,6 +290,7 @@ const items = [ id: "add-secure-apps/flows-stages/flow/index", }, items: [ + "add-secure-apps/flows-stages/flow/planner", "add-secure-apps/flows-stages/flow/inspector", "add-secure-apps/flows-stages/flow/context/index", { From f7b380ca76d1b112e6600e695ec8821cdd1f676d Mon Sep 17 00:00:00 2001 From: Dominic R Date: Thu, 4 Jun 2026 13:37:19 -0400 Subject: [PATCH 45/65] website/integrations: PocketBase: cleanup (#22705) * website/integrations: PocketBase: cleanup Agent-thread: https://sdko.org/internal/threads/019e6b67-aedf-7992-8101-7bc4b4a0c7c7 A7k-product: product A7k-product-repo: 2 Co-authored-by: Agent * Update website/integrations/platforms/pocketbase/index.md Signed-off-by: Dominic R --------- Signed-off-by: Dominic R Co-authored-by: Agent --- .../platforms/pocketbase/index.md | 63 ++++++++++--------- 1 file changed, 33 insertions(+), 30 deletions(-) diff --git a/website/integrations/platforms/pocketbase/index.md b/website/integrations/platforms/pocketbase/index.md index ab7e804c80..747e5bbbca 100644 --- a/website/integrations/platforms/pocketbase/index.md +++ b/website/integrations/platforms/pocketbase/index.md @@ -6,16 +6,9 @@ support_level: community ## What is PocketBase? -> PocketBase is a lightweight backend solution that provides a built-in database, authentication, and file storage. -> It allows developers to quickly set up and manage backend services without complex configurations. -> With its simple API and easy-to-use dashboard, it's perfect for small projects, prototypes, or even full-scale applications. +> PocketBase is an open source backend consisting of an embedded SQLite database, realtime subscriptions, built-in auth management, a dashboard UI, and a REST-like API. > -> -- https://pocketbase.io/ - -:::info -If your application relies on PocketBase as its backend, you may need to replace the pocketbase.company placeholder with your application's name. -However, if PocketBase is hosted on a separate domain and users are redirected there for authentication, this notice may not be necessary. Conversely, if PocketBase is hosted on the same domain as your application, this distinction might be relevant. -::: +> -- https://pocketbase.io ## Preparation @@ -36,29 +29,39 @@ To support the integration of PocketBase with authentik, you need to create an a 1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Applications** > **Applications** and click **New Application** to open the application wizard. - -- **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. -- **Choose a Provider type**: select **OAuth2/OpenID Connect** as the provider type. -- **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations. - - Note the **Client ID**, **Client Secret**, and **slug** values because they will be required later. - - Set a `Strict` redirect URI to `https://pocketbase.company/api/oauth2-redirect`. - - Select any available signing key. -- **Configure Bindings** _(optional)_: you can create a [binding](/docs/add-secure-apps/bindings-overview/) (policy, group, or user) to manage the listing and access to applications on a user's **Application Dashboard** page. + - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. + - **Choose a Provider type**: select **OAuth2/OpenID Connect** as the provider type. + - **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations. + - Note the **Client ID** and **Client Secret** values because they will be required later. + - Set a `Strict` redirect URI to `https://pocketbase.company/api/oauth2-redirect`. + - Select any available signing key. + - **Configure Bindings** _(optional)_: you can create a [binding](/docs/add-secure-apps/bindings-overview/) (policy, group, or user) to manage the listing and access to applications on a user's **Application Dashboard** page. 3. Click **Submit** to save the new application and provider. ## PocketBase configuration -1. Sign in to PocketBase and access the superusers dashboard by navigating to `https://pocketbase.company/\_/#/settings`. -2. Toggle off **Hide collection create and edit controls** then click the **Save changes** button. -3. Open the **users** collection by clicking the **Collections** icon on the sidebar or head to `https://pocketbase.company/\_/#/collections?collection=pb_users_auth`. -4. Click the gear icon next to the collection's name, then select the **Options** tab in the popup on the right. -5. Enable the **OAuth2** authentication method by clicking the **OAuth2** tab and toggling **Enable**. -6. Click **+ Add provider**, then select **OpenID Connect**. -7. Enter the following details from the authentik provider: - - Set **Client ID** to the Client ID copied from authentik. - - Set **Client secret** to the Client Secret copied from authentik. - - Set **Display name** to `authentik`. - - Set **Auth URL** to `https://authentik.company/application/o/authorize/`. - - Set **Token URL** to `https://authentik.company/application/o/token/`. - - Make sure **Fetch user info from** is set to `User info URL`, then set **User info URL** to `https://authentik.company/application/o/userinfo/` +1. Sign in to the PocketBase superuser dashboard at `https://pocketbase.company/_/`. +2. If collection controls are locked, navigate to **Settings** > **Application**, disable **Hide/Lock collection and record controls**, and click **Save changes**. +3. Navigate to **Collections** and open the **users** auth collection. +4. Click the gear icon next to the collection name and select the **Options** tab. +5. Open the **OAuth2** section and click **Add provider**. +6. Select **OIDC** and enter the following values: + - **Client ID**: enter the **Client ID** from authentik. + - **Client secret**: enter the **Client Secret** from authentik. + - **Display name**: `authentik` + - **Auth URL**: `https://authentik.company/application/o/authorize/` + - **Token URL**: `https://authentik.company/application/o/token/` + - **User info URL**: `https://authentik.company/application/o/userinfo/` +7. Click **Set provider config**. +8. Click **Save changes**. + +## Configuration verification + +To confirm that authentik is properly configured with PocketBase, open your application and sign in with the authentik OAuth2 provider. + +## Resources + +- [PocketBase documentation - Authenticate with OAuth2](https://pocketbase.io/docs/authentication/#authenticate-with-oauth2) +- [PocketBase source - OIDC provider](https://github.com/pocketbase/pocketbase/blob/master/tools/auth/oidc.go) +- [PocketBase source - OAuth2 redirect route](https://github.com/pocketbase/pocketbase/blob/master/apis/record_auth.go) From 4bc9b9eece6ff84401c675a0363a4d009fcdb047 Mon Sep 17 00:00:00 2001 From: Dominic R Date: Thu, 4 Jun 2026 13:44:49 -0400 Subject: [PATCH 46/65] website/integrations: add Productive integration (#22769) * website/integrations: add Productive integration Agent-thread: https://sdko.org/internal/threads/019e808e-70a3-7b02-ade4-839d9c259456 A7k-product: product A7k-product-repo: 3 Co-authored-by: Agent * change config verification step Signed-off-by: Dewi Roberts --------- Signed-off-by: Dewi Roberts Co-authored-by: Agent Co-authored-by: Dewi Roberts --- .../platforms/productive/index.md | 169 ++++++++++++++++++ 1 file changed, 169 insertions(+) create mode 100644 website/integrations/platforms/productive/index.md diff --git a/website/integrations/platforms/productive/index.md b/website/integrations/platforms/productive/index.md new file mode 100644 index 0000000000..b2547fb3ec --- /dev/null +++ b/website/integrations/platforms/productive/index.md @@ -0,0 +1,169 @@ +--- +title: Integrate with Productive +sidebar_label: Productive +support_level: community +--- + +## What is Productive? + +> Productive is a professional services automation platform for agencies, consultancies, and other service businesses. It includes tools for resource planning, time tracking, project management, CRM, budgeting, invoicing, forecasting, and reporting. +> +> -- https://productive.io/ + +## Preparation + +The following placeholders are used in this guide: + +- `authentik.company` is the FQDN of the authentik installation. + +:::info +This documentation lists only the settings that you need to change from their default values. Be aware that any changes other than those explicitly mentioned in this guide could cause issues accessing your application. +::: + +:::info Productive requirements +Single Sign-On (SSO) is available on all Productive plans. Enforcing SSO and SCIM provisioning require Productive's Ultimate plan. To let Productive create users automatically from SSO or SCIM, make sure each authentik user has an email address and a full name with a first and last name. +::: + +## authentik configuration + +To support the integration of Productive with authentik, you need to create two property mappings and an application/provider pair in authentik. + +### Create property mappings + +1. Log in to authentik as an administrator and open the authentik Admin interface. +2. Navigate to **Customization** > **Property Mappings** and click **Create**. +3. Select **SAML Provider Property Mapping** as the type and click **Next**. +4. Create a property mapping with the following values: + - **Name**: `Productive first name` + - **SAML Attribute Name**: `first_name` + - **Expression**: `return request.user.name.split(" ", 1)[0] if request.user.name else request.user.username` +5. Click **Create**. +6. Repeat steps 2-5 to create the following additional SAML provider property mapping: + - **Name**: `Productive last name` + - **SAML Attribute Name**: `last_name` + - **Expression**: `return request.user.name.rsplit(" ", 1)[-1] if " " in request.user.name else ""` + +### Create an application and provider in authentik + +1. Log in to authentik as an administrator and open the authentik Admin interface. +2. Navigate to **Applications** > **Applications** and click **New Application** to open the application wizard. + - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. + - **Choose a Provider type**: select **SAML Provider** as the provider type. + - **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations. + - Temporarily set the **ACS URL** and **Audience** to `https://temp.temp` + - Under **Advanced protocol settings**: + - Select an available **Signing Certificate**. + - Toggle on **Sign responses**. + - Set **NameID Property Mapping** to `authentik default SAML Mapping: Email`. + - Under **Property mappings**, add the property mappings that you created in the previous section. + - **Configure Bindings** _(optional)_: you can create a [binding](/docs/add-secure-apps/bindings-overview/) (policy, group, or user) to manage the listing and access to applications on a user's **Application Dashboard** page. If you add the SCIM provider as a backchannel provider later, only users who can view this application are synchronized. + +3. Click **Create Application** to save the new application and provider. + +## Productive configuration + +1. Log in to [Productive](https://app.productive.io/) as an administrator. +2. Navigate to **Settings** > **SSO and SCIM**. +3. Copy the **Single Sign-On URL** and **Audience URI** values. You will use these values in the next section. +4. Keep the Productive SSO settings open. + +## Configure the remaining information in authentik + +1. Log in to authentik as an administrator and open the authentik Admin interface. +2. Navigate to **Applications** > **Providers** and click the provider that you created in the previous step. +3. Click **Edit**. +4. Under **Protocol settings**, set the value of the **ACS URL** to the **Single Sign-On URL** value from Productive. Then, set the value of the **Audience** to the **Audience URI** value from Productive. +5. Click **Update**. + +## Enable SSO in Productive + +1. Return to the Productive **SSO and SCIM** page. +2. Set the following values: + - **Metadata URL**: `https://authentik.company/application/saml//metadata/` + - **Identity Provider Single Sign-On URL**: `https://authentik.company/application/saml//` +3. Click **Enable SSO**. + +## SCIM provisioning _(optional)_ + +authentik can also provision Productive users with SCIM. SCIM requires SSO to be configured first. + +### Create a SCIM property mapping + +1. Log in to authentik as an administrator and open the authentik Admin interface. +2. Navigate to **Customization** > **Property Mappings** and click **Create**. +3. Select **SCIM Provider Mapping** as the property mapping type and click **Next**. +4. Set the following values: + - **Name**: `Productive SCIM user` + - **Expression**: + + ```python + given_name, family_name = request.user.name, " " + formatted = request.user.name + " " + if " " in request.user.name: + given_name, _, family_name = request.user.name.partition(" ") + formatted = request.user.name + + user_name = request.user.email or request.user.username + + emails = [] + if request.user.email: + emails = [{ + "value": request.user.email, + "type": "work", + "primary": True, + }] + + return { + "userName": user_name, + "name": { + "formatted": formatted, + "givenName": given_name, + "familyName": family_name, + }, + "active": request.user.is_active, + "emails": emails, + } + ``` + +5. Click **Create**. + +### Enable SCIM in Productive + +1. Log in to [Productive](https://app.productive.io/) as an administrator. +2. Navigate to **Settings** > **Single Sign-On** > **SCIM**. +3. Open the **SCIM** section and click **Enable SCIM**. +4. Copy the **Base URL** and **Bearer Token** values. + +### Create a SCIM provider in authentik + +1. Log in to authentik as an administrator and open the authentik Admin interface. +2. Navigate to **Applications** > **Providers** and click **New Provider** to open the provider wizard. + - **Choose a Provider type**: select **SCIM Provider** as the provider type. + - **Configure the Provider**: provide a name for the provider, and the following required configurations. + - **URL**: the **Base URL** value from Productive. + - **Token**: the **Bearer Token** value from Productive. + - Under **Attribute mapping**: + - Remove `authentik default SCIM Mapping: User` from **Selected User Property Mappings** and add `Productive SCIM user`. + +3. Click **Create**. + +### Set SCIM provider as backchannel provider + +1. Log in to authentik as an administrator and open the authentik Admin interface. +2. Navigate to **Applications** > **Applications** and click the name of your Productive application. +3. Click the plus (+) icon next to **Backchannel Providers** and select the SCIM provider that you created in the previous section. +4. Click **Save Changes**. + +## Configuration verification + +To confirm that authentik is properly configured with Productive, log out and open Productive in a private or incognito browser window. Click **Use Single Sign-On (SSO)**, sign in with authentik, and confirm that you are redirected back to Productive. + +To confirm that SCIM is properly configured, open the Productive SCIM provider in authentik and click the run button on the **Full sync for SCIM provider** task. After the sync completes, verify that users with access to the Productive application are provisioned in Productive. + +## Resources + +- [Productive Help Center - Single Sign-On (SSO)](https://help.productive.io/en/articles/4362408-single-sign-on-sso) +- [Productive Help Center - Enabling SSO Using Microsoft Entra](https://help.productive.io/en/articles/5148311-enabling-sso-using-microsoft-entra) +- [Productive Help Center - Enabling SSO Using Google Workspace](https://help.productive.io/en/articles/4443738-enabling-sso-using-google-workspace) +- [Productive Help Center - Automatically Sync Users Between Microsoft Entra and Productive with SCIM](https://help.productive.io/en/articles/10586327-automatically-sync-users-between-microsoft-entra-and-productive-with-scim) +- [Productive Help Center - Configuring Optional SCIM Attribute Mappings in Microsoft Entra](https://help.productive.io/en/articles/11728308-configuring-optional-scim-attribute-mappings-in-microsoft-entra) From 93f19fcfd354eae1cb3a6286fee45a251642ac96 Mon Sep 17 00:00:00 2001 From: Dominic R Date: Thu, 4 Jun 2026 13:58:16 -0400 Subject: [PATCH 47/65] website/integrations: WordPress: cleanup (#22702) * website/integrations: WordPress: cleanup Update the WordPress integration guide to match the current template and current OpenID Connect Generic Client behavior. Agent-thread: https://sdko.org/internal/threads/019e6b52-8487-7133-9c46-7f120cc905dd A7k-product: product A7k-product-repo: 3 Co-authored-by: Agent * Update website/integrations/platforms/wordpress/index.md Signed-off-by: Dewi Roberts --------- Signed-off-by: Dewi Roberts Co-authored-by: Agent Co-authored-by: Dewi Roberts --- .../integrations/platforms/wordpress/index.md | 85 +++++++++---------- 1 file changed, 39 insertions(+), 46 deletions(-) diff --git a/website/integrations/platforms/wordpress/index.md b/website/integrations/platforms/wordpress/index.md index d91ced3721..9f9ea62820 100644 --- a/website/integrations/platforms/wordpress/index.md +++ b/website/integrations/platforms/wordpress/index.md @@ -6,20 +6,20 @@ support_level: community ## What is WordPress? -> WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. Features include a plugin architecture and a template system, referred to within WordPress as Themes +> WordPress is an open source publishing platform used to create websites, blogs, and other web content. > -> -- https://en.wikipedia.org/wiki/WordPress +> -- https://wordpress.org/ -:::info -There are many different plugins for WordPress that allow you to set up SSO using different authentication methods. This tutorial uses the "OpenID Connect Generic Client" plugin, version 3.8.5, by Jonathan Daggerhart. This plugin uses OpenID/OAuth2 and is free without paywalls or subscriptions at the time of writing. The plugin is available for free in the WordPress Plugin Directory. +:::info Plugin selection +There are many WordPress plugins that support SSO with different authentication protocols. This guide uses the **OpenID Connect Generic Client** plugin by Jonathan Daggerhart from the WordPress Plugin Directory. ::: ## Preparation The following placeholders are used in this guide: -- `wp.company` is the FQDN of WordPress installation. -- `authentik.company` is the FQDN of authentik installation. +- `wp.company` is the FQDN of the WordPress installation. +- `authentik.company` is the FQDN of the authentik installation. :::info This documentation lists only the settings that you need to change from their default values. Be aware that any changes other than those explicitly mentioned in this guide could cause issues accessing your application. @@ -29,62 +29,55 @@ This documentation lists only the settings that you need to change from their de To support the integration of WordPress with authentik, you need to create an application/provider pair in authentik. -### Create an application and provider in authentik +### Create an application and provider 1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Applications** > **Applications** and click **New Application** to open the application wizard. - -- **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. -- **Choose a Provider type**: select **OAuth2/OpenID Connect** as the provider type. -- **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations. - - Note the **Client ID**, **Client Secret**, and **slug** values because they will be required later. - - Set a `Strict` redirect URI to `https://wp.company/wp-admin/admin-ajax.php?action=openid-connect-authorize`. - - Select any available signing key. - - Under **Advanced protocol settings**, add `offline_access` to the list of selected scopes. -- **Configure Bindings** _(optional)_: you can create a [binding](/docs/add-secure-apps/bindings-overview/) (policy, group, or user) to manage the listing and access to applications on a user's **Application Dashboard** page. + - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. Set the **Launch URL** to `https://wp.company/wp-login.php`. + - **Choose a Provider type**: select **OAuth2/OpenID Connect** as the provider type. + - **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations. + - Note the **Client ID**, **Client Secret**, and application **slug** values because they will be required later. + - Set a `Strict` redirect URI to `https://wp.company/wp-admin/admin-ajax.php?action=openid-connect-authorize`. + - Select any available signing key. + - Under **Advanced protocol settings** > **Scopes**, add `authentik default OAuth Mapping: OpenID 'offline_access'` to the **Selected Scopes** list. + - **Configure Bindings** _(optional)_: you can create a [binding](/docs/add-secure-apps/bindings-overview/) (policy, group, or user) to manage the listing and access to applications on a user's **Application Dashboard** page. 3. Click **Submit** to save the new application and provider. +:::note Redirect URI +If WordPress is installed in a subdirectory, use the **Redirect URI** shown in the OpenID Connect Generic Client plugin's **Notes** section instead of the example redirect URI. +::: + ## WordPress configuration :::info -This guide assumes that you have successfully downloaded and activated the required "OpenID Connect Generic Client" plugin by Jonathan Daggerhart. +This guide assumes that you have installed and activated the **OpenID Connect Generic Client** plugin. ::: -In WordPress, under _Settings_, select _OpenID Connect Client_. +1. Log in to WordPress as an administrator. +2. In the WordPress dashboard, navigate to **Settings** > **OpenID Connect Client**. +3. Expand **Quick Setup: Import from Discovery Document** and set the **Discovery URL** to `https://authentik.company/application/o//.well-known/openid-configuration`. +4. Click **Load Configuration**. +5. Review the populated endpoint settings, then configure the following settings: + - **Client ID**: `` + - **Client Secret Key**: `` + - **OpenID Scope**: `email profile openid offline_access` +6. Click **Save Changes**. -:::info -Only settings that have been modified from default have been listed. +:::note Refresh tokens +The `offline_access` scope lets WordPress use refresh tokens for longer-lived sessions. ::: -- Login Type: OpenID Connect Button on Login (This option displays a button to log in using OpenID as well as local WP login) -- Client ID: Client ID from step 1 -- Client Secret: Client Secret from step 1 -- OpenID Scope: `email profile openid offline_access` -- Login Endpoint URL: `https://authentik.company/application/o/authorize/` -- Userinfo Endpoint URL: `https://authentik.company/application/o/userinfo/` -- Token Validation Endpoint URL: `https://authentik.company/application/o/token/` -- End Session Endpoint URL: `https://authentik.company/application/o/wordpress/end-session/` - -:::info -Make sure to include the _offline_access_ scope to ensure refresh tokens are generated. Otherwise your session will expire and force users to manually log in again. Refer to the [OpenID Connect Core specification](https://openid.net/specs/openid-connect-core-1_0.html#OfflineAccess) for more information. +:::info Optional settings +Review the WordPress plugin's optional settings for your environment. Common settings include **Link Existing Users**, **Create user if does not exist**, and **Enforce Privacy**. ::: -:::info -Review each setting and choose the ones you require for your installation. Examples of popular settings are _Link Existing Users_, _Create user if does not exist_, and _Enforce Privacy_. -::: +## Configuration verification -### Step 3 - authentik +To confirm that authentik is properly configured with WordPress, log out of WordPress and open the WordPress integration from authentik. On the WordPress login page, click **Login with OpenID Connect** and authenticate with authentik. -In authentik, create an application which uses this provider and directly launches WordPress' backend login-screen. Optionally apply access restrictions to the application using policy bindings. +## Resources -- Name: WordPress -- Slug: wordpress -- Provider: WordPress -- Launch URL: https://wp.company/wp-login.php - -## Notes - -:::info -OpenID Connect Generic Client Reference link: https://wordpress.org/plugins/daggerhart-openid-connect-generic/ -::: +- [WordPress.org](https://wordpress.org/) +- [OpenID Connect Generic Client WordPress plugin](https://wordpress.org/plugins/daggerhart-openid-connect-generic/) +- [OpenID Connect Generic Client GitHub repository](https://github.com/oidc-wp/openid-connect-generic) From 6f0c765a5e7f07fe31e0ff739240988c056aea47 Mon Sep 17 00:00:00 2001 From: Blue Date: Thu, 4 Jun 2026 21:10:54 +0200 Subject: [PATCH 48/65] website/docs: clarify Google Workspace signed response setting (#22812) docs: clarify Google Workspace signed response setting #22811 --- .../sources/social-logins/google/workspace/index.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/website/docs/users-sources/sources/social-logins/google/workspace/index.md b/website/docs/users-sources/sources/social-logins/google/workspace/index.md index d9b6733ad1..72cdebdfcc 100644 --- a/website/docs/users-sources/sources/social-logins/google/workspace/index.md +++ b/website/docs/users-sources/sources/social-logins/google/workspace/index.md @@ -74,6 +74,7 @@ authentik is acting as both a Service Provider (SP) to Google and an Identity Pr - Set **ACS URL** to `https://authentik.company/source/saml//acs/`. - Set **Entity ID** to `https://authentik.company/source/saml//metadata/`. - Set **Start URL** to `https://authentik.company`. + - Enable **Signed response**. - Set **Name ID format** to `EMAIL`. - Set **Name ID** to `Basic Information > Primary Email`. 2. Click **Continue**. @@ -112,8 +113,8 @@ authentik is acting as both a Service Provider (SP) to Google and an Identity Pr - Set **SSO URL** to the SSO URL from Google Workspace. - Set **Issuer** to `https://authentik.company/source/saml//metadata/`. - Set **Verification Certificate** to the Google Workspace certificate you uploaded earlier. - :::warning Disable Verify Assertion Signature - If you do not disable the following option, your integration with Google Workspace will not work. + :::warning Signed response required + These verification settings expect Google Workspace to sign the SAML response. Make sure **Signed response** is enabled in the Google Workspace SAML app. ::: - Disable **Verify Assertion Signature**. - Enable **Verify Response Signature**. @@ -133,6 +134,7 @@ For instructions on embedding the new source within a flow, such as an authoriza - **`403 app_not_configured_for_user`**: Ensure the Entity ID matches between Google Workspace and authentik. The Entity ID must be identical in both configurations. - **`403 app_not_enabled_for_user`**: Enable the application for your organization in the Google Workspace Admin Console under **Apps** > **Web and mobile apps**. +- **`Expected exactly one Signature in the Response element`**: Enable **Signed response** in the Google Workspace Admin Console under **Apps** > **Web and mobile apps** > your SAML app, for example `authentik`. If this option is disabled, Google Workspace signs only the SAML assertion instead of the outer SAML response. ## Resources From af79cdd1eca6a466633ea554cc51890e648ce8d2 Mon Sep 17 00:00:00 2001 From: Nerdy Technician Date: Thu, 4 Jun 2026 20:30:46 +0100 Subject: [PATCH 49/65] website/integrations: add Nexterm (#22768) * Added Guide for Setting up Authentik on Nexterm - http://nexterm.dev/ * website/integrations: Nexterm: cleanup Agent-thread: https://sdko.org/internal/threads/019e93e4-1ce3-7360-89dd-77ddace35e77 A7k-product: product A7k-product-repo: 1 Co-authored-by: Agent --------- Co-authored-by: Dominic R Co-authored-by: Agent --- locale/en/dictionaries/integrations.txt | 1 + .../infrastructure/nexterm/index.md | 65 +++++++++++++++++++ 2 files changed, 66 insertions(+) create mode 100644 website/integrations/infrastructure/nexterm/index.md diff --git a/locale/en/dictionaries/integrations.txt b/locale/en/dictionaries/integrations.txt index 44482f2645..6806eec636 100644 --- a/locale/en/dictionaries/integrations.txt +++ b/locale/en/dictionaries/integrations.txt @@ -36,6 +36,7 @@ Kubeconfig Mautic Mobilizon myabsorb +Nexterm Observium Ofair Ollama diff --git a/website/integrations/infrastructure/nexterm/index.md b/website/integrations/infrastructure/nexterm/index.md new file mode 100644 index 0000000000..ab4e0eb326 --- /dev/null +++ b/website/integrations/infrastructure/nexterm/index.md @@ -0,0 +1,65 @@ +--- +title: Integrate with Nexterm +sidebar_label: Nexterm +support_level: community +--- + +## What is Nexterm? + +> Nexterm is an open-source server management platform for SSH, VNC, and RDP. +> +> -- https://nexterm.dev/ + +## Preparation + +The following placeholders are used in this guide: + +- `nexterm.company` is the FQDN of the Nexterm installation. +- `authentik.company` is the FQDN of the authentik installation. + +:::info +This documentation lists only the settings that you need to change from their default values. Be aware that any changes other than those explicitly mentioned in this guide could cause issues accessing your application. +::: + +## authentik configuration + +To support the integration of Nexterm with authentik, you need to create an application/provider pair in authentik. + +### Create an application and provider in authentik + +1. Log in to authentik as an administrator and open the authentik Admin interface. +2. Navigate to **Applications** > **Applications** and click **New Application** to open the application wizard. + - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. + - **Choose a Provider type**: select **OAuth2/OpenID Connect** as the provider type. + - **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations. + - Note the **Client ID**, **Client Secret**, and **slug** values because they will be required later. + - Set a `Strict` redirect URI to `https://nexterm.company/api/auth/oidc/callback`. + - Select any available signing key. + - **Configure Bindings** _(optional)_: you can create a [binding](/docs/add-secure-apps/bindings-overview/) (policy, group, or user) to manage the listing and access to applications on a user's **Application Dashboard** page. + +3. Click **Submit** to save the new application and provider. + +## Nexterm configuration + +1. Log in to Nexterm as an administrator. +2. Navigate to **Settings** > **Authentication**. +3. Click **Add Provider**. +4. Set the following required settings: + - **Display Name**: `authentik` + - **Issuer URL**: `https://authentik.company/application/o//` + - **Client ID**: Client ID from authentik + - **Client Secret**: Client secret from authentik + - **Redirect URI**: `https://nexterm.company/api/auth/oidc/callback` +5. Save the provider. + +:::info Issuer URL +The trailing slash in the **Issuer URL** is required. +::: + +## Configuration verification + +To verify that authentik is correctly integrated with Nexterm, log out of Nexterm and select the authentik provider on the login page. You should be redirected to your authentik instance, and after successfully authenticating, you should return to Nexterm and be logged in automatically. + +## Resources + +- [Nexterm OIDC Authentication documentation](https://docs.nexterm.dev/oidc) From b35219e23aca8e2557feae0ad1f2ef7a5705b721 Mon Sep 17 00:00:00 2001 From: Connor Peshek Date: Thu, 4 Jun 2026 14:32:16 -0500 Subject: [PATCH 50/65] website/docs: Add improved akql docs (#22693) --- .../event_matcher/EventMatcherPolicyForm.ts | 4 +- website/docs/customize/policies/index.md | 18 +- .../customize/policies/types/event-matcher.md | 8 +- website/docs/releases/2025/v2025.8.mdx | 2 +- website/docs/releases/2026/v2026.5.md | 4 +- website/docs/sidebar.mjs | 1 + website/docs/sys-mgmt/akql.mdx | 329 ++++++++++++++++++ .../docs/sys-mgmt/events/logging-events.mdx | 76 +--- website/docs/sys-mgmt/events/notifications.md | 2 +- .../users-sources/groups/manage_groups.mdx | 4 + .../user/user_basic_operations.md | 20 +- 11 files changed, 357 insertions(+), 111 deletions(-) create mode 100644 website/docs/sys-mgmt/akql.mdx diff --git a/web/src/admin/policies/event_matcher/EventMatcherPolicyForm.ts b/web/src/admin/policies/event_matcher/EventMatcherPolicyForm.ts index 9d4aa333d9..ea60ff3563 100644 --- a/web/src/admin/policies/event_matcher/EventMatcherPolicyForm.ts +++ b/web/src/admin/policies/event_matcher/EventMatcherPolicyForm.ts @@ -85,7 +85,9 @@ export class EventMatcherPolicyForm extends BasePolicyForm { ${msg("See documentation for examples.")} diff --git a/website/docs/customize/policies/index.md b/website/docs/customize/policies/index.md index 4eb5b4a223..e357ec229e 100644 --- a/website/docs/customize/policies/index.md +++ b/website/docs/customize/policies/index.md @@ -29,15 +29,15 @@ You can also bind a **user** or **group** directly in the same places where you Use the built-in policy types when they already match what you need. Reach for an expression policy when the built-in types are too limited. -| Policy type | Use it when | Notes | -| ----------------------------------------------------- | ----------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------- | -| [Event Matcher](./types/event-matcher.md) | You want to react to specific authentik events, usually for notifications or automations. | Matches event action, app, model, and client IP. See [Notifications](../../sys-mgmt/events/notifications.md). | -| [Expression](./types/expression/index.mdx) | You need custom logic that is not covered by a more specialized policy type. | Most flexible option. Runs Python and can inspect flow context, prompt data, user data, request metadata, and more. | -| [GeoIP](./types/geoip.md) | You want to allow or deny requests based on country, ASN, or travel patterns. | Can also check recent login distance and impossible-travel scenarios. | -| [Password](./types/password.md) | You want to validate password complexity, HIBP exposure, or zxcvbn strength. | Commonly attached to a prompt stage's **Validation Policies**. | -| [Password Expiry](./types/password-expiry.md) | You want to expire passwords after a fixed number of days. | Can either deny login or mark the password unusable so the user must update it. | -| [Password Uniqueness](./types/password-uniqueness.md) | You want to prevent password reuse. | Enterprise feature. | -| [Reputation](./types/reputation.md) | You want to react to failed logins or suspicious sign-in activity. | Useful for showing CAPTCHA or another challenge only to low-reputation requests. | +| Policy type | Use it when | Notes | +| ----------------------------------------------------- | ----------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------- | +| [Event Matcher](./types/event-matcher.md) | You want to react to specific authentik events, usually for notifications or automations. | Matches event action, app, model, client IP, and [AKQL queries](../../sys-mgmt/akql.mdx#use-akql-in-an-event-matcher-policy). | +| [Expression](./types/expression/index.mdx) | You need custom logic that is not covered by a more specialized policy type. | Most flexible option. Runs Python and can inspect flow context, prompt data, user data, request metadata, and more. | +| [GeoIP](./types/geoip.md) | You want to allow or deny requests based on country, ASN, or travel patterns. | Can also check recent login distance and impossible-travel scenarios. | +| [Password](./types/password.md) | You want to validate password complexity, HIBP exposure, or zxcvbn strength. | Commonly attached to a prompt stage's **Validation Policies**. | +| [Password Expiry](./types/password-expiry.md) | You want to expire passwords after a fixed number of days. | Can either deny login or mark the password unusable so the user must update it. | +| [Password Uniqueness](./types/password-uniqueness.md) | You want to prevent password reuse. | Enterprise feature. | +| [Reputation](./types/reputation.md) | You want to react to failed logins or suspicious sign-in activity. | Useful for showing CAPTCHA or another challenge only to low-reputation requests. | ## Deprecated policy types diff --git a/website/docs/customize/policies/types/event-matcher.md b/website/docs/customize/policies/types/event-matcher.md index 3bb9d128a5..c8528931ae 100644 --- a/website/docs/customize/policies/types/event-matcher.md +++ b/website/docs/customize/policies/types/event-matcher.md @@ -6,7 +6,7 @@ tags: - notifications --- -Use an Event Matcher policy when you want to match authentik events against a small set of built-in fields instead of writing a custom expression. +Use an Event Matcher policy when you want to match authentik events with built-in fields or an [AKQL query](../../../sys-mgmt/akql.mdx#use-akql-in-an-event-matcher-policy). This policy is most commonly used with [Notification Rules](../../../sys-mgmt/events/notifications.md). @@ -19,17 +19,19 @@ Use an Event Matcher policy when you want to match against events such as: - activity from a specific authentik app - activity from a specific client IP -For more complex matching, such as network ranges or logic across multiple event fields, use an [Expression policy](./expression/index.mdx) instead. +For complex Python logic or network range matching, use an [Expression policy](./expression/index.mdx) instead. ## What it matches -An Event Matcher policy can match on: +An Event Matcher policy can match on these built-in fields: - action - app - model - exact client IP +It can also match on the **Query** field, which uses AKQL. For the available event fields, operators, and examples, see the [AKQL reference](../../../sys-mgmt/akql.mdx). + Any field you leave empty is treated as a wildcard. Any field you configure must match for the policy to pass. :::info Event Context diff --git a/website/docs/releases/2025/v2025.8.mdx b/website/docs/releases/2025/v2025.8.mdx index ad6c12174b..fefb9fa54a 100644 --- a/website/docs/releases/2025/v2025.8.mdx +++ b/website/docs/releases/2025/v2025.8.mdx @@ -11,7 +11,7 @@ slug: "/releases/2025.8" ![Screenshot of the admin interface showing events plotted on a histogram chart and on a map](../../sys-mgmt/events/event-map-chart.png) -- **Advanced search**: :ak-enterprise Search for [users](../../users-sources/user/user_basic_operations.md#advanced-queries) and [event logs](../../sys-mgmt/events/logging-events.mdx#advanced-queries) with custom query language to filter on their properties and attributes. +- **Advanced search**: :ak-enterprise Search with [AKQL](../../sys-mgmt/akql.mdx) to filter users and event logs by their properties and attributes. - **Email stage rate limiting**: The email stage can now be configured to set a maximum number of emails that can be sent within a specified time period. diff --git a/website/docs/releases/2026/v2026.5.md b/website/docs/releases/2026/v2026.5.md index fce87532f0..bea075e3ee 100644 --- a/website/docs/releases/2026/v2026.5.md +++ b/website/docs/releases/2026/v2026.5.md @@ -9,7 +9,7 @@ slug: "/releases/2026.5" - **Account Lockdown**: :ak-enterprise A new panic button for compromised accounts that can immediately cut off access, revoke tokens, end sessions, and leave an audit trail. - **Conditional Access**: :ak-enterprise New connectors verify device compliance and feed it into conditional access flows: Fleet (via Fleet certificates and an mTLS stage, without the authentik agent) and Google Chrome (via Chrome Enterprise Device Trust). -- **`AKQL` is now open source**: The `AKQL` search query language for logs and users, previously enterprise-only, is now free for everyone to use. +- **`AKQL` is now open source**: The `AKQL` search query language, previously enterprise-only, is now free for everyone to use. - **Command Palette and wizard upgrades**: A new `Cmd + K` command palette to search the authentik UI, alongside reworked wizards including a new user creation wizard, improved binding wizard, and new invitation wizard. - **Performance improvements**: The new Rust worker entrypoint drops memory usage by approximately 200 MB per worker container, and opens one fewer PostgreSQL connection per worker. The Admin interface is less resource-intensive through lazy-loaded modals. @@ -67,7 +67,7 @@ Keep in mind that hints are advisory — they only affect the browser UI, not po ### `AKQL` is now open source -The `AKQL` search query language was previously an enterprise-only feature for [querying logs](../../sys-mgmt/events/logging-events.mdx#advanced-queries) and [users](../../users-sources/user/user_basic_operations.md#advanced-queries). `AKQL` is now free for everyone to use, allowing searches based on specific attributes such as `context.geo.country = "Germany"`. +The `AKQL` search query language was previously an enterprise-only feature. `AKQL` is now free for everyone to use, allowing searches based on specific attributes such as `context.geo.country = "Germany"`. For the full syntax and a list of where you can use it, see the [AKQL reference](../../sys-mgmt/akql.mdx). ### OAuth2 configurable grant types diff --git a/website/docs/sidebar.mjs b/website/docs/sidebar.mjs index 9e143f314b..8d0d3cf608 100644 --- a/website/docs/sidebar.mjs +++ b/website/docs/sidebar.mjs @@ -726,6 +726,7 @@ const items = [ "sys-mgmt/events/event-actions", ], }, + "sys-mgmt/akql", "sys-mgmt/certificates", "sys-mgmt/settings", "sys-mgmt/service-accounts", diff --git a/website/docs/sys-mgmt/akql.mdx b/website/docs/sys-mgmt/akql.mdx new file mode 100644 index 0000000000..383862de0f --- /dev/null +++ b/website/docs/sys-mgmt/akql.mdx @@ -0,0 +1,329 @@ +--- +title: AKQL search syntax +sidebar_label: AKQL search +description: Use AKQL to filter events, users, groups, and event matcher policies. +--- + +import { KeyBindingsTable } from "@goauthentik/docusaurus-theme/components/KeyBindingsTable"; + +AKQL (authentik Query Language) is the advanced search syntax used in the authentik Admin interface and API. Use AKQL to filter long lists, such as events, users, and groups, with structured expressions like `action = "login"` or `context.geo.country = "Germany"`. + +AKQL is built on [DjangoQL](https://github.com/ivelum/djangoql). + +## Where AKQL is available + +AKQL is available on lists and fields backed by the query language: + +- **Events** > **Logs**: See [Logging events](./events/logging-events.mdx#advanced-queries). +- **Directory** > **Users**: See [Manage users](../users-sources/user/user_basic_operations.md#advanced-queries). +- **Directory** > **Groups**: See [Manage groups](../users-sources/groups/manage_groups.mdx#advanced-queries). +- **Event Matcher policies**: the **Query** field on an [Event Matcher policy](../customize/policies/types/event-matcher.md#what-it-matches). +- **REST API list endpoints**: the `search` query parameter on endpoints that return an AKQL autocomplete schema. See [Use AKQL through the API](#use-akql-through-the-api). + +Each area exposes its own searchable fields. See [Searchable fields](#searchable-fields). + +:::info Plain search fallback +If the search string is not a valid AKQL expression, authentik falls back to a plain case-insensitive substring search across that list's default search fields. For example, `bob` runs as plain search, while `username = "bob"` runs as AKQL. +::: + +## Query structure + +An AKQL query is built from comparisons in this format: + +```text + +``` + +**Example**: + +```text +username = "bob" +``` + +You can combine comparisons with `and` and `or`, and use parentheses to group conditions. + +### Fields + +A field is an attribute that you can filter on, such as `username`, `action`, or `is_active`. The available fields depend on the list that you search. + +For related objects and JSON values, use dot notation. For example, use `user.username` for a nested user value on an event, and `context.geo.country` for a value inside the event context. + +### Operators + +The valid operators depend on the field type. + +| Operator | Meaning | Field types | +| ---------------- | -------------------------------------- | ----------------------- | +| `=` | Equal to | All field types | +| `!=` | Not equal to | All field types | +| `>` | Greater than | Numbers, dates, strings | +| `>=` | Greater than or equal to | Numbers, dates, strings | +| `<` | Less than | Numbers, dates, strings | +| `<=` | Less than or equal to | Numbers, dates, strings | +| `~` | Contains, case-insensitive | Strings, dates | +| `!~` | Does not contain, case-insensitive | Strings, dates | +| `startswith` | Starts with, case-insensitive | Strings | +| `not startswith` | Does not start with, case-insensitive | Strings | +| `endswith` | Ends with, case-insensitive | Strings | +| `not endswith` | Does not end with, case-insensitive | Strings | +| `in (...)` | Matches any value in the list | All field types | +| `not in (...)` | Matches none of the values in the list | All field types | + +:::info `~` is not a regular expression +The `~` and `!~` operators perform a case-insensitive substring match, not a regular-expression match. For example, `username ~ "adm"` matches `akadmin` and `administrator`. +::: + +### Values + +Values are typed. The way you write the value tells AKQL how to interpret it. + +| Type | Syntax | Examples | +| ------- | ----------------------------------------- | -------------------- | +| String | Double quotes or single quotes | `"bob"`, `'login'` | +| Integer | Whole number | `42`, `-7` | +| Float | Decimal or exponent number | `3.14`, `1e3` | +| Boolean | `True` or `False` | `is_active = False` | +| Null | `None` | `email = None` | +| List | Comma-separated values inside parentheses | `("ana", "akadmin")` | + +Keep the following rules in mind: + +- Operators and keywords such as `and`, `or`, `not`, `in`, `startswith`, and `endswith` are lowercase. +- Boolean and null values use `True`, `False`, and `None`. +- Strings support escape sequences such as `\"`, `\\`, `\n`, `\t`, and `\u00e9`. +- You can compare a field to `None` only when that field is nullable. + +### Combine conditions + +Use `and` and `or` to combine comparisons. + +**Examples**: + +```text +action = "login" and user.username = "bob" +``` + +```text +action = "login" or action = "logout" +``` + +```text +(action = "login" or action = "logout") and user.username = "bob" +``` + +:::tip +When you mix `and` and `or`, use parentheses so the grouping is clear. +::: + +AKQL does not support a standalone `not` operator for a whole expression. Use `!=` for "not equal to" and `!~` for "does not contain". The `not` keyword is valid only in `not in`, `not startswith`, and `not endswith`. + +## Field types + +Each searchable field has a type. The field type determines which operators and values it accepts. + +### Choice fields + +Choice fields, such as an event's `action` or a user's `type`, accept only a fixed set of values. The Admin interface suggests valid values as you type. + +### Date and time fields + +Date and time fields, such as an event's `created` timestamp, use quoted timestamp values. + +Supported formats: + +- `"YYYY-MM-DD"`, for example `"2024-01-30"`. +- `"YYYY-MM-DD HH:MM"`, for example `"2024-01-30 09:00"`. +- `"YYYY-MM-DD HH:MM:SS"`, for example `"2024-01-30 09:00:15"`. + +**Examples**: + +```text +created > "2024-01-01" +``` + +```text +created >= "2024-01-30 09:00" and created < "2024-01-30 17:00" +``` + +The `~` operator on a date field performs a substring match on the text form of the timestamp. This is useful for matching a whole day. + +```text +created ~ "2024-01-30" +``` + +### JSON and nested fields + +Some searchable fields, such as a user's `attributes` or an event's `context`, contain JSON objects. Use dot notation to query values inside them. + +**Examples**: + +```text +attributes.department = "engineering" +``` + +```text +context.geo.country = "Germany" +``` + +For related objects and JSON objects, query a nested value such as `user.username`, `brand.name`, or `context.http_request.path`. A comparison against the root object, such as `user = "bob"`, is not valid AKQL. + +Autocomplete suggests a known subset of nested paths. You can still query other JSON key paths that exist in the stored data. + +## Searchable fields + +The fields available to AKQL are specific to each list. + +### Events + +Available in **Events** > **Logs** and in the **Query** field on Event Matcher policies. + +| Field | Type | Description | +| ------------------ | --------- | ------------------------------------------------------------------------------ | +| `action` | Choice | The [event action](./events/event-actions.md), such as `login`. | +| `event_uuid` | String | The event's unique identifier. | +| `app` | String | The application or authentik component that emitted the event. | +| `client_ip` | String | The client IP address associated with the event. | +| `user.pk` | Integer | The acting user's primary key. | +| `user.username` | String | The acting user's username. | +| `user.email` | String | The acting user's email address. | +| `brand.pk` | String | The primary key of the [brand](../customize/branding.md) active for the event. | +| `brand.app` | String | The brand's app label. | +| `brand.name` | String | The brand's name. | +| `brand.model_name` | String | The brand's model name. | +| `context.*` | JSON | Arbitrary event context. | +| `created` | Date/time | When the event occurred. | + +Common event context paths include: + +- `context.http_request.path`, `context.http_request.method`, `context.http_request.request_id`, `context.http_request.user_agent`, and `context.http_request.args.*`. +- `context.geo.country`, `context.geo.city`, and other geolocation keys when [GeoIP](./ops/geoip.mdx) is configured. +- `context.authorized_application.name` and other details for the application involved in the event. + +### Users + +Available in **Directory** > **Users**. + +| Field | Type | Description | +| -------------- | ------- | ----------------------------------------------------------------------- | +| `username` | String | The user's username. | +| `name` | String | The user's display name. | +| `email` | String | The user's email address. | +| `path` | String | The user's path within the directory. | +| `is_active` | Boolean | Whether the account is active. | +| `type` | Choice | The user type, such as `internal` or `external`. | +| `attributes.*` | JSON | Any [custom attribute](../users-sources/user/user_ref.mdx) on the user. | + +### Groups + +Available in **Directory** > **Groups**. + +| Field | Type | Description | +| -------------- | ------- | ------------------------------------------ | +| `name` | String | The group's name. | +| `is_superuser` | Boolean | Whether the group grants superuser access. | +| `attributes.*` | JSON | Any custom attribute on the group. | + +## Examples + +### Event examples + +```text +action = "login" +``` + +```text +app startswith "authentik" +``` + +```text +user.username in ("ana", "akadmin") +``` + +```text +context.geo.country = "Germany" +``` + +### User examples + +```text +is_active = False +``` + +```text +email endswith "@authentik.company" +``` + +```text +attributes.department = "engineering" +``` + +### Group examples + +```text +is_superuser = True +``` + +```text +attributes.role = "admin" +``` + +## Use AKQL through the API + +API list endpoints that support AKQL accept the query in the `search` query parameter. URL-encode the query string. + +**Example**: + +```http +GET /api/v3/core/users/?search=username%20%3D%20%22bob%22 +``` + +The response pagination object includes an `autocomplete` field that describes the searchable schema for the endpoint. The Admin interface uses this schema for autocomplete suggestions. + +## Use AKQL in an Event Matcher policy + +Use the **Query** field on an [Event Matcher policy](../customize/policies/types/event-matcher.md) to match events with AKQL. + +1. In the Admin interface, navigate to **Customization** > **Policies**. +2. Create or edit an **Event Matcher Policy**. +3. In the **Query** field, enter a query that uses the [event fields](#events). + +**Example**: + +```text +action = "login_failed" and context.geo.country != "United States" +``` + +The policy passes when the event matches the query. If you configure other fields on the policy, such as **Action** or **App**, the event must match those fields and the AKQL query. + +## Autocomplete and keyboard shortcuts + +AKQL search fields offer autocomplete suggestions for fields, operators, and values where suggestions are available. + +:::info +If an operator or value does not appear in the autocomplete menu, enter it manually. +::: + +The following keyboard shortcuts are available in AKQL search fields: + +↓], + ["Select previous suggestion", ], + ["Accept the current suggestion", Tab], + ["Accept the current suggestion", Enter], + ["Dismiss suggestions", ESC], + ], + ], + [ + "Search", + [ + ["Submit the current query", Enter], + ["Clear the current query", ESC], + ], + ], + ]} +/> diff --git a/website/docs/sys-mgmt/events/logging-events.mdx b/website/docs/sys-mgmt/events/logging-events.mdx index bb3e82adbf..9df25defde 100644 --- a/website/docs/sys-mgmt/events/logging-events.mdx +++ b/website/docs/sys-mgmt/events/logging-events.mdx @@ -2,8 +2,6 @@ title: Logging events --- -import { KeyBindingsTable } from "@goauthentik/docusaurus-theme/components/KeyBindingsTable"; - Logs are a vital tool for system diagnostics, event auditing, user management, reporting, and more. They capture detailed information about each event including the client's IP address, the user involved, the date and time, and the specific action taken. Event logging in authentik is highly configurable. You can set the [retention period](./index.md#event-retention-and-forwarding) for storing and displaying events, specify which events should trigger a [notification](./notifications.md), and access low-level details about when and where each event occurred. @@ -49,76 +47,4 @@ To review, download, or delete past data exports, navigate to **Events** > **Dat ## Advanced queries for event logs {#advanced-queries} -You can construct advanced queries to find specific event logs. In the Admin interface, navigate to **Events** > **Logs**, and then use the auto-complete in the **Search** field or enter your own queries to return results with greater specificity. - -- **Field**: `action`, `event_uuid`, `app`, `client_ip`, `user`, `brand`, `context`, `created` -- **Operators**: `=`, `!=`, `~`, `!~`, `startswith`, `not startswith`, `endswith`, `not endswith`, `in`, `not in` -- **Values**: `True`, `False`, `None`, and more - -### Examples - -The following are examples of advanced queries: - -```sh Search event by application name -app startswith "N" -``` - -```sh Search event by action -action = "login" -``` - -```sh Search event by authorized application context -authorized_application.name = "My app" -``` - -```sh Search event by country -context.geo.country = "Germany" -``` - -```sh Search event by IP address -client_ip = "10.0.0.1" -``` - -```sh Search event by brand -brand.name = "my brand" -``` - -```sh Search event by user -user.username in ("ana", "akadmin") -``` - -For more examples, refer to the list of [Event actions](./event-actions.md) and the related examples for each type of event. - -:::info - -1. If the list of operators does not appear in a drop-down menu you will need to manually enter it. -2. For queries that include `user`, `brand`, or `context` you need to use a compound term such as `user.username` or `brand.name`. - ::: - -### Keyboard shortcuts for advanced queries - -The following keyboard shortcuts can be used in the advanced query search: - -↓], - ["Select previous suggestion", ], - ["Accept the current suggestion", Enter], - ["Dismiss suggestions", ESC], - ], - ], - [ - "Search", - [ - ["Submit the current query", Enter], - ["Clear the current query", ESC], - ], - ], - ]} - -/> +You can use AKQL to filter event logs in **Events** > **Logs**. For the event fields, operators, examples, and keyboard shortcuts, see the [AKQL reference](../akql.mdx). diff --git a/website/docs/sys-mgmt/events/notifications.md b/website/docs/sys-mgmt/events/notifications.md index fe275bb7eb..394648ec8f 100644 --- a/website/docs/sys-mgmt/events/notifications.md +++ b/website/docs/sys-mgmt/events/notifications.md @@ -27,7 +27,7 @@ You will need to create a policy (either the **Event Matcher** policy or a custo ### Event Matcher policy -For simple event matching you can create and configure an [Event Matcher Policy](../../customize/policies/types/event-matcher.md) to define which events (known as _Actions_ in the policy) will trigger a notification. For example, whenever a user deletes a model object, or whenever any user fails to successfully log in. +For simple event matching, create and configure an [Event Matcher policy](../../customize/policies/types/event-matcher.md) to define which events trigger a notification. Use the policy's [AKQL query](../akql.mdx#use-akql-in-an-event-matcher-policy) when you need to match event context fields such as `context.geo.country` or `context.authorized_application.name`. Be aware that an event has to match all configured fields in the policy, otherwise the notification rule will not trigger. diff --git a/website/docs/users-sources/groups/manage_groups.mdx b/website/docs/users-sources/groups/manage_groups.mdx index ea3e247df6..3fbd9c05fc 100644 --- a/website/docs/users-sources/groups/manage_groups.mdx +++ b/website/docs/users-sources/groups/manage_groups.mdx @@ -27,6 +27,10 @@ To create a super-user, you need to add the user to a group that has super-user Super-user permission is inherited by all descendant groups. Make sure you review every member of every descendant group to prevent accidentally granting super-user permission. ::: +## Advanced queries for groups {#advanced-queries} + +You can use AKQL to filter the group list in **Directory** > **Groups**. For the group fields, operators, examples, and keyboard shortcuts, see the [AKQL reference](../../sys-mgmt/akql.mdx). + ## Modify a group To edit the group's name, parent groups, whether the group grants superuser permissions, associated roles, and any custom attributes, click the Edit icon beside the role's name. Make the changes and then click **Update**. diff --git a/website/docs/users-sources/user/user_basic_operations.md b/website/docs/users-sources/user/user_basic_operations.md index 3e7ab6a674..17870a5929 100644 --- a/website/docs/users-sources/user/user_basic_operations.md +++ b/website/docs/users-sources/user/user_basic_operations.md @@ -31,25 +31,7 @@ To create a super-user, you need to add the user to a group that has super-user ## Advanced queries for users {#advanced-queries} -You can create advanced queries to locate specific users within the list shown under **Directory** > **Users** in the Admin interface. Use the auto-complete in the **Search** field or enter your own queries to return results with greater specificity. - -- **Field**: `username`, `path`, `name`, `email`, `path`, `is_active`, `type`, `attributes` - -- **Operators**: `=`, `!=`, `~`, `!~`, `startswith`, `not startswith`, `endswith`, `not endswith`, `in`, `not in` - -- **Values**: `True`, `False`, `None`, and more - -- **Example queries**: - - search user by status: `is_active = False` - - search user by username: `username = "bob"` - - search user by email address: `email = "bob@authentik.company"` - - search user by attribute: `attribute.my_custom_attribute = "foo"` - -:::info - -1. To dismiss the drop-down menu option, click **ESC**. -2. If the list of operators does not appear in a drop-down menu you will need to manually enter it. - ::: +You can use AKQL to filter the user list in **Directory** > **Users**. For the user fields, operators, examples, and keyboard shortcuts, see the [AKQL reference](../../sys-mgmt/akql.mdx). ## View user details From d3317ef07a1f608f3495a604bc8fab54bd0b76e3 Mon Sep 17 00:00:00 2001 From: "transifex-integration[bot]" <43880903+transifex-integration[bot]@users.noreply.github.com> Date: Thu, 4 Jun 2026 21:43:56 +0200 Subject: [PATCH 51/65] translate: Updates for project authentik and language hu_HU (#22813) translate: Translate django.po in hu_HU 100% translated source file: 'django.po' on 'hu_HU'. Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com> --- locale/hu_HU/LC_MESSAGES/django.po | 5500 ++++++++++++++++++++++++++++ 1 file changed, 5500 insertions(+) create mode 100644 locale/hu_HU/LC_MESSAGES/django.po diff --git a/locale/hu_HU/LC_MESSAGES/django.po b/locale/hu_HU/LC_MESSAGES/django.po new file mode 100644 index 0000000000..601b01c818 --- /dev/null +++ b/locale/hu_HU/LC_MESSAGES/django.po @@ -0,0 +1,5500 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the PACKAGE package. +# FIRST AUTHOR , YEAR. +# +# Translators: +# Marc Schmitt, 2025 +# Gyula Kiss , 2026 +# +#, fuzzy +msgid "" +msgstr "" +"Project-Id-Version: PACKAGE VERSION\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2026-05-22 00:36+0000\n" +"PO-Revision-Date: 2025-12-01 19:09+0000\n" +"Last-Translator: Gyula Kiss , 2026\n" +"Language-Team: Hungarian (Hungary) (https://app.transifex.com/authentik/teams/119923/hu_HU/)\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Language: hu_HU\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" + +#: authentik/admin/files/api.py +#, python-brace-format +msgid "File size ({file.size}B) exceeds maximum allowed " +msgstr "Fájlméret ({file.size}B) túlmutat a maximális engedélyezett értéken" + +#: authentik/admin/files/validation.py +msgid "File name cannot be empty" +msgstr "A fájlnevet nem lehet üresként hagyni" + +#: authentik/admin/files/validation.py +#, python-format +msgid "" +"File name can only contain letters (a-z, A-Z), numbers (0-9), dots (.), " +"hyphens (-), underscores (_), forward slashes (/), and the placeholder " +"%(theme)s for theme-specific files" +msgstr "" +"A fájlnevben csak betűket (a-z, A-Z), számokat (0-9), pontok (. ), " +"kötőjeleket (-), aláhúzás jeleket (_), felhasználójelöletek (/) és a téma-" +"specifikus fájlokhoz használt %(theme)s helyettesítő karaktereket " +"tartalmazhat" + +#: authentik/admin/files/validation.py +msgid "File name cannot contain duplicate /" +msgstr "A fájlnevben nem lehet duplikált / karakter" + +#: authentik/admin/files/validation.py +msgid "Absolute paths are not allowed" +msgstr "Abszolút elérési utak nem engedélyezettek" + +#: authentik/admin/files/validation.py +msgid "Parent directory references ('..') are not allowed" +msgstr "A szülőmappák hivatkozásai ('..') nem engedélyezettek" + +#: authentik/admin/files/validation.py +msgid "Paths cannot start with '.'" +msgstr "Az elérési útok nem kezdhető '.' karakterrel" + +#: authentik/admin/files/validation.py +#, python-brace-format +msgid "File name too long (max {MAX_FILE_NAME_LENGTH} characters)" +msgstr "A fájlnev túl hosszú (maximum {MAX_FILE_NAME_LENGTH} karakter)" + +#: authentik/admin/files/validation.py +#, python-brace-format +msgid "Path component too long (max {MAX_PATH_COMPONENT_LENGTH} characters)" +msgstr "" +"Az elérési utat alkotó komponens túl hosszú (maximum " +"{MAX_PATH_COMPONENT_LENGTH} karakter)" + +#: authentik/admin/models.py +msgid "Version history" +msgstr "Verzióelőzmények" + +#: authentik/admin/tasks.py +msgid "Update latest version info." +msgstr "Frissítse a legfrissebb verzióinformációkat." + +#: authentik/admin/tasks.py +#, python-brace-format +msgid "New version {version} available!" +msgstr "Új verzió {version} elérhető!" + +#: authentik/api/v3/schema/query.py +msgid "Which field to use when ordering the results." +msgstr "A sorrendben lévő eredményekhez használandó mező." + +#: authentik/api/v3/schema/query.py +msgid "A page number within the paginated result set." +msgstr "Az oldalak közötti lapozásban a jelenlegi oldal száma." + +#: authentik/api/v3/schema/query.py +msgid "Number of results to return per page." +msgstr "Az egyes oldalakon visszaadott eredmények maximális száma." + +#: authentik/api/v3/schema/query.py +msgid "A search term." +msgstr "A kereséshez használt kifejezés." + +#: authentik/api/v3/schema/response.py +msgid "Generic API Error" +msgstr "Általános API hiba" + +#: authentik/api/v3/schema/response.py +msgid "Validation Error" +msgstr "Érvényesítési hiba" + +#: authentik/blueprints/api.py +msgid "Blueprint file does not exist" +msgstr "Blueprint fájl nem létezik" + +#: authentik/blueprints/api.py +msgid "Context must be valid JSON" +msgstr "Az adatok JSON formátumban kell lenniük." + +#: authentik/blueprints/api.py +msgid "Context must be a JSON object" +msgstr "Az adatok JSON objektumként kell megadásuk." + +#: authentik/blueprints/api.py +msgid "Failed to validate blueprint" +msgstr "Nem sikerült érvényesíteni a blueprint-et" + +#: authentik/blueprints/api.py +msgid "Either path or content must be set." +msgstr "Vagy az elérési utat, vagy a tartalmat be kell állítani." + +#: authentik/blueprints/api.py +#, python-brace-format +msgid "User lacks permission to create {model}" +msgstr "A felhasználónak nincs jogosultsága hogy elkészítse a {model}-t." + +#: authentik/blueprints/models.py +msgid "Managed by authentik" +msgstr "Authentik által kezelve" + +#: authentik/blueprints/models.py +msgid "" +"Objects that are managed by authentik. These objects are created and updated" +" automatically. This flag only indicates that an object can be overwritten " +"by migrations. You can still modify the objects via the API, but expect " +"changes to be overwritten in a later update." +msgstr "" +"Authentik által kezelt objektumok. Ezek az objektumok automatikusan jönnek " +"létre és frissülnek. Ez azt jelenti, hogy egy objektumot a migrációk " +"felülírhatják, módosíthatják. Az objektumokat továbbra is módosíthatja az " +"API-n keresztül, de figyelemmel kell lenni arra, hogy a módosítások egy " +"későbbi frissítés során felülíródhatnak." + +#: authentik/blueprints/models.py +msgid "Blueprint Instance" +msgstr "Blueprint példány" + +#: authentik/blueprints/models.py +msgid "Blueprint Instances" +msgstr "Blueprint példány" + +#: authentik/blueprints/v1/exporter.py +#, python-brace-format +msgid "authentik Export - {date}" +msgstr "authentik Exportálás - {date}" + +#: authentik/blueprints/v1/tasks.py +msgid "Find blueprints as `blueprints_find` does, but return a safe dict." +msgstr "" +"`blueprints_find` minta alapján a blueprint-eket találja, de biztonságos " +"szótárban adja vissza." + +#: authentik/blueprints/v1/tasks.py +msgid "Find blueprints and check if they need to be created in the database." +msgstr "" +"A blueprint-eket találja és ellenőrzi, hogy azoknak létre kell hozniuk-e a " +"adatbázisban." + +#: authentik/blueprints/v1/tasks.py +msgid "Apply single blueprint." +msgstr "Egy blueprint alkalmazása." + +#: authentik/blueprints/v1/tasks.py +msgid "Remove blueprints which couldn't be fetched." +msgstr "Azok eltávolítására, amik nem tölthetők be." + +#: authentik/brands/models.py +msgid "" +"Domain that activates this brand. Can be a superset, i.e. `a.b` for `aa.b` " +"and `ba.b`" +msgstr "" +"Az a domain, amely aktiválja ezt a brand-et. Ez lehet egy superset, például " +"a.b az aa.b és ba.b esetében." + +#: authentik/brands/models.py +msgid "" +"When set, external users will be redirected to this application after " +"authenticating." +msgstr "" +"Ha be van állítva, a külső felhasználók erre az alkalmazásra lesznek " +"továbbítva bejelentkezés után." + +#: authentik/brands/models.py +msgid "Web Certificate used by the authentik Core webserver." +msgstr "Az authentik Core webszervere által használt webes tanúsítvány." + +#: authentik/brands/models.py +msgid "Certificates used for client authentication." +msgstr "A kliens-hitelesítéshez használt tanúsítványok." + +#: authentik/brands/models.py +msgid "Brand" +msgstr "Brand" + +#: authentik/brands/models.py +msgid "Brands" +msgstr "Brand-ek" + +#: authentik/common/oauth/constants.py +msgid "Based on the Hashed User ID" +msgstr "A felhasználó hash-elt ID-ja alapján" + +#: authentik/common/oauth/constants.py +msgid "Based on user ID" +msgstr "A felhasználó ID-ja alapján" + +#: authentik/common/oauth/constants.py +msgid "Based on user UUID" +msgstr "A felhasználó UUID-ja alapján" + +#: authentik/common/oauth/constants.py +msgid "Based on the username" +msgstr "A felhasználónév alapján" + +#: authentik/common/oauth/constants.py +msgid "Based on the User's Email. This is recommended over the UPN method." +msgstr "A felhasználó email címe alapján. Ezt ajánljuk UPN módszer helyett." + +#: authentik/common/oauth/constants.py +msgid "" +"Based on the User's UPN, only works if user has a 'upn' attribute set. Use " +"this method only if you have different UPN and Mail domains." +msgstr "" +"A felhasználó UPN-je alapján, csak akkor működik, ha a 'upn' attribútum be " +"van állítva. Csak akkor használja, ha van különböző UPN és levelező domain-" +"je." + +#: authentik/core/api/application_entitlements.py +msgid "User does not have access to application." +msgstr "" +"Az felhasználó nincs engedélyezve a felhasználói alkalmazásnak való " +"hozzáféréssel." + +#: authentik/core/api/applications.py +#, python-brace-format +msgid "The slug '{slug}' is reserved and cannot be used for applications." +msgstr "A '{slug}' slug elavult, és nem használható alkalmazásokhoz." + +#: authentik/core/api/groups.py +msgid "User does not have permission to add members to this group." +msgstr "" +"Az felhasználónak nincs jogosultsága a csoport tagjainak hozzáadására." + +#: authentik/core/api/providers.py +msgid "" +"When not set all providers are returned. When set to true, only backchannel " +"providers are returned. When set to false, backchannel providers are " +"excluded" +msgstr "" +"Ha nincs beállítva, minden szolgáltatót visszadob. Ha true-ra van állítva, " +"csak a háttérszolgáltatókat dobja vissza. Ha false-ra van állítva, a " +"háttérszolgáltatókat kivéve dobja vissza." + +#: authentik/core/api/users.py +msgid "Invalid password hash format. Must be a valid Django password hash." +msgstr "" +"Érvénytelen jelszó hash formátum. A Django jelszó hashnak kell lennie." + +#: authentik/core/api/users.py +msgid "Cannot set both password and password_hash. Use only one." +msgstr "" +"Nem lehet mindkét jelszót és jelszó hash-ot egyidejűleg beállítani. " +"Használjon csak egyet." + +#: authentik/core/api/users.py +msgid "No leading or trailing slashes allowed." +msgstr "Kezdeti és záró perjelek használata nem engedélyezett." + +#: authentik/core/api/users.py +msgid "No empty segments in user path allowed." +msgstr "Szóközök használata nem engedélyezett a felhasználói útvonalban." + +#: authentik/core/api/users.py +msgid "Can't change internal service account to other user type." +msgstr "" +"A belső szolgáltatás fióktól eltérő felhasználói típust nem lehet " +"beállítani." + +#: authentik/core/api/users.py +msgid "Setting a user to internal service account is not allowed." +msgstr "Belül szolgáltatói fiókra való konvertálás nem engedélyezett." + +#: authentik/core/api/users.py +msgid "User does not have permission to add members to a superuser group." +msgstr "" +"Az felhasználónak nincs jogosultsága a superuser csoport tagjainak " +"hozzáadására." + +#: authentik/core/api/users.py +msgid "User does not have permission to assign roles." +msgstr "Az felhasználónak nincs jogosultsága szerepkörök kiosztására." + +#: authentik/core/api/users.py +msgid "Can't modify internal service account users" +msgstr "Nem módosítható a belső szolgáltatásfiók felhasználói" + +#: authentik/core/api/users.py +msgid "filter: failed to parse JSON" +msgstr "szűrő: nem sikerült megjeleníteni a JSON-t" + +#: authentik/core/api/users.py +msgid "filter: value must be key:value mapping" +msgstr "szűrő: az értéknek kulcs:érték formátumúnak kell lennie" + +#: authentik/core/api/users.py +msgid "No recovery flow set." +msgstr "Nincs visszaállítási folyamat beállítva." + +#: authentik/core/api/users.py +msgid "Recovery flow not applicable to user" +msgstr "A visszaállítási folyamat nem alkalmazható a felhasználónak" + +#: authentik/core/api/users.py +msgid "A user/group with these details already exists" +msgstr "Egy felhasználó/csoport már létezik ezzel az információval" + +#: authentik/core/api/users.py +msgid "Unable to create user" +msgstr "Nem sikerült létrehozni a felhasználót" + +#: authentik/core/api/users.py +msgid "Unknown error occurred" +msgstr "Ismeretlen hiba történt" + +#: authentik/core/api/users.py +msgid "User does not have an email address set." +msgstr "A felhasználónak nincs email-címe beállítva." + +#: authentik/core/api/users.py +msgid "Email stage not found." +msgstr "Az email folyamat nem található." + +#: authentik/core/api/users.py +msgid "This field is required." +msgstr "Ez a mező szükséges." + +#: authentik/core/apps.py +msgid "" +"Configure if applications without any policy/group/user bindings should be " +"accessible to any user." +msgstr "" +"Konfigurálja, hogy azoknak az alkalmazásoknak, amelyeknek nincs megfelelő " +"jogkör/együttható/felhasználói kötése, bármilyen felhasználó számára " +"elérhetőek legyenek." + +#: authentik/core/models.py +msgid "name" +msgstr "név" + +#: authentik/core/models.py +msgid "Users added to this group will be superusers." +msgstr "" +"Ebbe a csoportba felvett felhasználók superuser szerepkörrel fognak " +"rendelkezni." + +#: authentik/core/models.py +msgid "Group" +msgstr "Csoport" + +#: authentik/core/models.py +msgid "Groups" +msgstr "Csoportok" + +#: authentik/core/models.py +msgid "Add user to group" +msgstr "Felhasználó csoporthoz adása." + +#: authentik/core/models.py +msgid "Remove user from group" +msgstr "Felhasználó csoportból eltávolítása" + +#: authentik/core/models.py +msgid "Enable superuser status" +msgstr "A superuser státusz engedélyezése" + +#: authentik/core/models.py +msgid "Disable superuser status" +msgstr "A superuser státusz letiltása" + +#: authentik/core/models.py +msgid "Group Parentage Node" +msgstr "Csoport Szülői Csomópont" + +#: authentik/core/models.py +msgid "Group Parentage Nodes" +msgstr "Csoport Szülői Csomópontok" + +#: authentik/core/models.py +msgid "User's display name." +msgstr "A felhasználó megjelenített neve." + +#: authentik/core/models.py authentik/providers/oauth2/models.py +#: authentik/providers/saml/models.py +msgid "User" +msgstr "Felhasználó" + +#: authentik/core/models.py +msgid "Users" +msgstr "Felhasználók" + +#: authentik/core/models.py +#: authentik/stages/email/templates/email/password_reset.html +msgid "Reset Password" +msgstr "Jelszó helyreállítása" + +#: authentik/core/models.py +msgid "Can impersonate other users" +msgstr "Megszemélyesíthet más felhasználókat" + +#: authentik/core/models.py +msgid "Can preview user data sent to providers" +msgstr "Megtekintheti az szolgáltatóknak küldött felhasználói adatokat." + +#: authentik/core/models.py +msgid "View applications the user has access to" +msgstr "" +"Megtekintheti az alkalmazásokat, amelyekhez a felhasználóknak hozzáférésel " +"rendelkezik" + +#: authentik/core/models.py +msgid "" +"Flow used for authentication when the associated application is accessed by " +"an un-authenticated user." +msgstr "" +"Az a folyamat, amelyet hitelesítésre használnak, amikor egy nem hitelesített" +" felhasználó kíván hozzáférni a hozzárendelt alkalmazáshoz." + +#: authentik/core/models.py +msgid "Flow used when authorizing this provider." +msgstr "Szolgáltató hitelesítéskor használt folyamat." + +#: authentik/core/models.py +msgid "Flow used ending the session from a provider." +msgstr "Szolgáltató munkamenetének lezárására használt folyamat." + +#: authentik/core/models.py +msgid "" +"Accessed from applications; optional backchannel providers for protocols " +"like LDAP and SCIM." +msgstr "" +"Alkalmazásokból férnek hozzá; választható háttérszolgáltatók olyan " +"protokollokhoz, mint például az LDAP és SCIM." + +#: authentik/core/models.py +msgid "Application's display Name." +msgstr "Az alkalmazás megjelenített neve." + +#: authentik/core/models.py +msgid "Internal application name, used in URLs." +msgstr "URL-ekben használt belső alkalmazás név." + +#: authentik/core/models.py +msgid "Open launch URL in a new browser tab or window." +msgstr "Indítási URL új böngészőfülön vagy -ablakban történő megnyitása." + +#: authentik/core/models.py +msgid "Hide this application from the user's My applications page." +msgstr "" +"Ez az alkalmazás elrejtése a felhasználó \"Saját alkalmazásaim\" oldaláról." + +#: authentik/core/models.py +msgid "Application" +msgstr "Alkalmazás" + +#: authentik/core/models.py +msgid "Applications" +msgstr "Alkalmazások" + +#: authentik/core/models.py +msgid "Application Entitlement" +msgstr "Alkalmazás Jogosultság" + +#: authentik/core/models.py +msgid "Application Entitlements" +msgstr "Alkalmazás Jogosultságok" + +#: authentik/core/models.py +msgid "Use the source-specific identifier" +msgstr "Használja a forrásspecifikus azonosítót." + +#: authentik/core/models.py +msgid "" +"Link to a user with identical email address. Can have security implications " +"when a source doesn't validate email addresses." +msgstr "" +"Link egy azonos e-mail címmel rendelkező felhasználóhoz. Biztonsági " +"következményekkel járhat, ha egy forrás nem ellenőrzi az e-mail címeket." + +#: authentik/core/models.py +msgid "" +"Use the user's email address, but deny enrollment when the email address " +"already exists." +msgstr "" +"Használja a felhasználó e-mail címét, de tagadja meg a feliratkozást, ha az " +"e-mail cím már létezik." + +#: authentik/core/models.py +msgid "" +"Link to a user with identical username. Can have security implications when " +"a username is used with another source." +msgstr "" +"Link egy azonos felhasználónévvel rendelkező felhasználóhoz. Biztonsági " +"következményekkel járhat, ha egy forrás nem ellenőrzi az e-mail címeket." + +#: authentik/core/models.py +msgid "" +"Use the user's username, but deny enrollment when the username already " +"exists." +msgstr "" +"Használja a felhasználó felhasználónevét, de tagadja meg a beliratkozást, ha" +" az e-mail cím már létezik." + +#: authentik/core/models.py +msgid "" +"Link to a group with identical name. Can have security implications when a " +"group name is used with another source." +msgstr "" +"Link egy azonos névvel rendelkező csoporthoz. Biztonsági következményekkel " +"járhat, ha a csoport neve már van egy másik forrásban." + +#: authentik/core/models.py +msgid "Use the group name, but deny enrollment when the name already exists." +msgstr "" +"Használja a csoportnevet, de tagadma meg a beiratkozást, ha a név már " +"létezik." + +#: authentik/core/models.py +msgid "Source's display Name." +msgstr "A forrás megjelenített neve." + +#: authentik/core/models.py +msgid "Internal source name, used in URLs." +msgstr "URL-ekben használt belső forrás név." + +#: authentik/core/models.py +msgid "" +"When enabled, this source will be displayed as a prominent button on the " +"login page, instead of a small icon." +msgstr "" +"Ha engedélyezve van, ez a forrás jelenik meg a bejelentkezési oldalon egy " +"jellemző gombként, helyette kis ikonként." + +#: authentik/core/models.py +msgid "Flow to use when authenticating existing users." +msgstr "" +"Az a folyamat, amit létező felhasználó bejelentkeztetésénél használunk." + +#: authentik/core/models.py +msgid "Flow to use when enrolling new users." +msgstr "Az a folyamat, amit felhasználó beiratkozásánál használunk." + +#: authentik/core/models.py +msgid "" +"How the source determines if an existing user should be authenticated or a " +"new user enrolled." +msgstr "" +"Ahogy a forrás eldönti, hogy egy létező felhasználót kell bejelentkeztetni, " +"vagy egy újat beiratkoztatni." + +#: authentik/core/models.py +msgid "" +"How the source determines if an existing group should be used or a new group" +" created." +msgstr "" +"Ahogy a forrás eldönti, hogy egy létező csoportot kell használni, vagy egy " +"újat készíteni." + +#: authentik/core/models.py authentik/providers/scim/models.py +msgid "Token" +msgstr "Token" + +#: authentik/core/models.py +msgid "Tokens" +msgstr "Tokenek" + +#: authentik/core/models.py authentik/endpoints/connectors/agent/models.py +msgid "View token's key" +msgstr "Token kulcs megtekintése" + +#: authentik/core/models.py +msgid "Set a token's key" +msgstr "Token kulcs beállítása" + +#: authentik/core/models.py +msgid "Property Mapping" +msgstr "Tulajdonság összerendelés" + +#: authentik/core/models.py +msgid "Property Mappings" +msgstr "Tulajdonság összerendelések" + +#: authentik/core/models.py +msgid "session data" +msgstr "munkamenedens adatok" + +#: authentik/core/models.py +msgid "Session" +msgstr "Munkamenendező" + +#: authentik/core/models.py +msgid "Sessions" +msgstr "Munkamenendezők" + +#: authentik/core/models.py +msgid "Authenticated Session" +msgstr "Hitelesített Munkamenet" + +#: authentik/core/models.py +msgid "Authenticated Sessions" +msgstr "Hitelesített Munkamenetek" + +#: authentik/core/sources/flow_manager.py +#, python-brace-format +msgid "" +"Request to authenticate with {source} has been denied. Please authenticate " +"with the source you've previously signed up with." +msgstr "" +"A kérés a {source} forrással való hitelesítésre elutasításra került. Kérjük," +" hitelesítsen azon a forráson, amellyel korábban regisztrált." + +#: authentik/core/sources/flow_manager.py +msgid "Configured flow does not exist." +msgstr "A beállított folyamat nem létezik." + +#: authentik/core/sources/flow_manager.py +#, python-brace-format +msgid "Successfully authenticated with {source}!" +msgstr "Sikeres hitelesítés a {source} forrással!" + +#: authentik/core/sources/flow_manager.py +#, python-brace-format +msgid "Successfully linked {source}!" +msgstr "Sikeres összekapcsolás a {source} forrással." + +#: authentik/core/sources/flow_manager.py +msgid "Source is not configured for enrollment." +msgstr "A forrás nincs konfigurálva a feliratkozáshoz." + +#: authentik/core/tasks.py +msgid "Remove expired objects." +msgstr "Elavult objektumok eltávolítása." + +#: authentik/core/tasks.py +msgid "Remove temporary users created by SAML Sources." +msgstr "" +"A SAML források által létrehozott ideiglenes felhasználók eltávolítása." + +#: authentik/core/templates/if/error.html +#: authentik/policies/templates/policies/denied.html +msgid "Go home" +msgstr "Vissza a kezdőlapra" + +#: authentik/core/templates/login/base_full.html +msgid "Site footer" +msgstr "Weboldalszületől" + +#: authentik/core/templates/login/base_full.html +msgid "Flow links" +msgstr "Folyamat-hivatkozások" + +#: authentik/core/templates/login/base_full.html +#: authentik/flows/templates/if/flow-sfe.html +msgid "Powered by authentik" +msgstr "Powered by authentik" + +#: authentik/core/views/apps.py +#: authentik/enterprise/providers/ws_federation/views.py +#: authentik/providers/oauth2/views/authorize.py +#: authentik/providers/oauth2/views/device_init.py +#: authentik/providers/saml/views/sso.py +#, python-format +msgid "You're about to sign into %(application)s." +msgstr "Mindjárt bejelentkezik a %(application)s alkalmazásba." + +#: authentik/core/views/interface.py +msgid "Interface can only be accessed by internal users." +msgstr "A felület kizárólag belső felhasználók számára érhető el." + +#: authentik/crypto/api.py +msgid "Subject-alt name" +msgstr "Tárgy-alternatív név" + +#: authentik/crypto/builder.py +msgid "rsa" +msgstr "rsa" + +#: authentik/crypto/builder.py +msgid "ecdsa" +msgstr "ecdsa" + +#: authentik/crypto/builder.py authentik/crypto/models.py +msgid "Ed25519" +msgstr "Ed25519" + +#: authentik/crypto/builder.py authentik/crypto/models.py +msgid "Ed448" +msgstr "Ed448" + +#: authentik/crypto/models.py +msgid "RSA" +msgstr "RSA" + +#: authentik/crypto/models.py +msgid "Elliptic Curve" +msgstr "Elliptikus görbe" + +#: authentik/crypto/models.py +msgid "DSA" +msgstr "DSA" + +#: authentik/crypto/models.py +msgid "PEM-encoded Certificate data" +msgstr "PEM-kódolt Tanusítvány adat" + +#: authentik/crypto/models.py +msgid "" +"Optional Private Key. If this is set, you can use this keypair for " +"encryption." +msgstr "" +"Választható Magán Kulcs. Ha ez be van állítva, a kulcspárat használhatja " +"titkosításra." + +#: authentik/crypto/models.py +msgid "Key algorithm type detected from the certificate's public key" +msgstr "" +"A tanúsítvánnyal kapcsolatos nyilvános kulcsból észlelt kulcstipszis típusa" + +#: authentik/crypto/models.py +msgid "Certificate expiry date" +msgstr "Tanúsítvány lejárati dátuma" + +#: authentik/crypto/models.py +msgid "Certificate subject as RFC4514 string" +msgstr "A tanúsítvány tárgya RFC4514 karakterláncként" + +#: authentik/crypto/models.py +msgid "SHA256 fingerprint of the certificate" +msgstr "A tanúsítvány SHA256 fingerprintje" + +#: authentik/crypto/models.py +msgid "SHA1 fingerprint of the certificate" +msgstr "A tanúsítvány SHA1 fingerprintje" + +#: authentik/crypto/models.py +msgid "Key ID generated from private key" +msgstr "Privát kulcsból generált kulcis" + +#: authentik/crypto/models.py +msgid "Certificate-Key Pair" +msgstr "Tanúsítvány kulcspár" + +#: authentik/crypto/models.py +msgid "Certificate-Key Pairs" +msgstr "Tanúsítvány kulcspárok" + +#: authentik/crypto/models.py +msgid "View Certificate-Key pair's certificate" +msgstr "Tanúsítvány-kulcs párok megtekintése" + +#: authentik/crypto/models.py +msgid "View Certificate-Key pair's private key" +msgstr "Létrehozott tanúsítván-kulcs-párok magánhivendélyek megtekintése" + +#: authentik/crypto/tasks.py +msgid "Discover, import and update certificates from the filesystem." +msgstr "" +"Fájlrendszerből való tanúsítványok felfedezése, importálása és frissítése." + +#: authentik/endpoints/api/stages.py +msgid "Selected connector is not compatible with this stage." +msgstr "A kijelölt csatoló nem kompatibilis ezzel a szakaszban." + +#: authentik/endpoints/connectors/agent/api/connectors.py +msgid "Selected platform not supported" +msgstr "Az adott platform nem támogatott" + +#: authentik/endpoints/connectors/agent/api/connectors.py +msgid "Token is expired" +msgstr "A token lejárt" + +#: authentik/endpoints/connectors/agent/api/connectors.py +msgid "Invalid token for connector" +msgstr "Érvénytelen token a csatolónál" + +#: authentik/endpoints/connectors/agent/models.py +msgid "Agent Connector" +msgstr "Agent Csatló" + +#: authentik/endpoints/connectors/agent/models.py +msgid "Agent Connectors" +msgstr "Agent Csatlók" + +#: authentik/endpoints/connectors/agent/models.py +#: authentik/providers/oauth2/models.py +msgid "Device Token" +msgstr "Eszköz Token" + +#: authentik/endpoints/connectors/agent/models.py +#: authentik/providers/oauth2/models.py +msgid "Device Tokens" +msgstr "Eszköz Token-ek." + +#: authentik/endpoints/connectors/agent/models.py +msgid "Enrollment Token" +msgstr "Regisztrációs Token" + +#: authentik/endpoints/connectors/agent/models.py +msgid "Enrollment Tokens" +msgstr "Regisztrációs Tokens" + +#: authentik/endpoints/connectors/agent/models.py +msgid "Device authentication token" +msgstr "Eszköz hitelesítési token" + +#: authentik/endpoints/connectors/agent/models.py +msgid "Device authentication tokens" +msgstr "Eszköz hitelesítési tokensek" + +#: authentik/endpoints/connectors/agent/models.py +msgid "Apple Nonce" +msgstr "Apple Nonce" + +#: authentik/endpoints/connectors/agent/models.py +msgid "Apple Nonces" +msgstr "Apple Nonces" + +#: authentik/endpoints/connectors/agent/models.py +msgid "Apple Independent Secure Enclave" +msgstr "Apple független biztonsági tár" + +#: authentik/endpoints/connectors/agent/models.py +msgid "Apple Independent Secure Enclaves" +msgstr "Apple független biztonsági tárok" + +#: authentik/endpoints/facts.py +msgid "Operating System name, such as 'Server 2022' or 'Ubuntu'" +msgstr "Operációs rendszer név, például 'Server 2022' vagy 'Ubuntu'" + +#: authentik/endpoints/facts.py +msgid "" +"Operating System version, must always be the version number but may contain " +"build name" +msgstr "" +"Operációs rendszerversionumerek, mindig csak a verziószámot kell megadni, de" +" lehetnek build nevek is" + +#: authentik/endpoints/models.py +msgid "Device" +msgstr "Eszköz" + +#: authentik/endpoints/models.py +msgid "Devices" +msgstr "Eszközek" + +#: authentik/endpoints/models.py +msgid "Device User binding" +msgstr "Eszköz felhasználói kötődés" + +#: authentik/endpoints/models.py +msgid "Device User bindings" +msgstr "Eszköz felhasználói kötődések" + +#: authentik/endpoints/models.py +msgid "Device connection" +msgstr "Eszköz csatlakozás" + +#: authentik/endpoints/models.py +msgid "Device connections" +msgstr "Eszköz csatlakozások" + +#: authentik/endpoints/models.py +msgid "Device fact snapshot" +msgstr "Eszköz tényező snapshot" + +#: authentik/endpoints/models.py +msgid "Device fact snapshots" +msgstr "Eszköz tényező snapshottak" + +#: authentik/endpoints/models.py +msgid "Device access group" +msgstr "Eszköz hozzáférési csoport" + +#: authentik/endpoints/models.py +msgid "Device access groups" +msgstr "Eszköz hozzáférési csoportok" + +#: authentik/endpoints/models.py +msgid "Endpoint Stage" +msgstr "Végpont Stág" + +#: authentik/endpoints/models.py +msgid "Endpoint Stages" +msgstr "Végpont Stágok" + +#: authentik/endpoints/tasks.py +msgid "Sync endpoints." +msgstr "Szinkronizálási végpontok." + +#: authentik/enterprise/api.py +msgid "Enterprise is required to create/update this object." +msgstr "" +"Az objektum készítéséhez/frissítéséhez Enterprise előfizetés szükséges." + +#: authentik/enterprise/api.py +msgid "Enterprise is required to use this endpoint." +msgstr "Az Enterprise szükséges ehhez a végponthoz való használatra." + +#: authentik/enterprise/audit/apps.py +msgid "" +"Include additional information in audit logs, may incur a performance " +"penalty." +msgstr "" +"További információkat adj hivatkozási naplókhoz, ez lehet hatással a " +"teljesítményre." + +#: authentik/enterprise/endpoints/connectors/fleet/models.py +#: authentik/events/models.py +msgid "" +"Configure additional headers to be sent. Mapping should return a dictionary " +"of key-value pairs" +msgstr "" +"Konfigurálj további fejlécek küldését. A lekérdezés visszaadnia kell egy " +"kulcs-érték párok listáját" + +#: authentik/enterprise/endpoints/connectors/fleet/models.py +msgid "Fleet Connector" +msgstr "Fleet Connector" + +#: authentik/enterprise/endpoints/connectors/fleet/models.py +msgid "Fleet Connectors" +msgstr "Fleet Connectors" + +#: authentik/enterprise/endpoints/connectors/google_chrome/models.py +msgid "Google Device Trust Connector" +msgstr "Google Device Trust Connector" + +#: authentik/enterprise/endpoints/connectors/google_chrome/models.py +msgid "Google Device Trust Connectors" +msgstr "Google Device Trust Connectors" + +#: authentik/enterprise/endpoints/connectors/google_chrome/stage.py +#: authentik/enterprise/stages/authenticator_endpoint_gdtc/stage.py +msgid "Verifying your browser..." +msgstr "Validálja a böngészőjét..." + +#: authentik/enterprise/lifecycle/api/reviews.py +msgid "You are not allowed to submit a review for this object." +msgstr "Nem engedélyezett hozzászólást küldeni erre az objektumra." + +#: authentik/enterprise/lifecycle/api/rules.py +msgid "Object does not exist" +msgstr "Az objektum nem létezik" + +#: authentik/enterprise/lifecycle/api/rules.py +msgid "Either a reviewer group or a reviewer must be set." +msgstr "Egy ellenőrző csoport vagy egy ellenőrnek meg kell határozni." + +#: authentik/enterprise/lifecycle/api/rules.py +msgid "Grace period must be shorter than the interval." +msgstr "A szabadságidő hosszabb nem lehet a periódusszámnál." + +#: authentik/enterprise/lifecycle/models.py +msgid "" +"Select which transports should be used to notify the reviewers. If none are " +"selected, the notification will only be shown in the authentik UI." +msgstr "" +"Válassza ki, hogy mely továbbításokat használják az ellenőrzések " +"értesítésére. Ha nincs semmi kiválasztva, az értesítés csak a authentik " +"felhasználói felületén jelenik meg." + +#: authentik/enterprise/lifecycle/models.py +msgid "Reviewed" +msgstr "Ellenőrizve" + +#: authentik/enterprise/lifecycle/models.py +msgid "Pending" +msgstr "Füssben" + +#: authentik/enterprise/lifecycle/models.py +msgid "Overdue" +msgstr "Késleltetett" + +#: authentik/enterprise/lifecycle/models.py +msgid "Canceled" +msgstr "Mégsemzott" + +#: authentik/enterprise/lifecycle/models.py +msgid "Go to {self._get_model_name()}" +msgstr "{self._get_model_name()}-ra ugrás" + +#: authentik/enterprise/lifecycle/models.py +msgid "" +"Access review is due for {self.content_type.name.lower()} {object_label}" +msgstr "" +"{self.content_type.name.lower()} {object_label} hozzáférési ellenőrzése " +"érvénybe lép." + +#: authentik/enterprise/lifecycle/models.py +msgid "" +"Access review is overdue for {self.content_type.name} {str(self.object)}" +msgstr "" +"{self.content_type.name} {str(self.object)} hozzáférési ellenőrzése " +"késleltetett." + +#: authentik/enterprise/lifecycle/models.py +msgid "" +"Access review completed for {self.content_type.name} {str(self.object)}" +msgstr "" +"{self.content_type.name} hozzáférési ellenőrzése befejeződött " +"{str(self.object)}" + +#: authentik/enterprise/lifecycle/tasks.py +msgid "Dispatch tasks to apply lifecycle rules." +msgstr "Elszállítás feladatok a lifecycle szabályok alkalmazásához." + +#: authentik/enterprise/lifecycle/tasks.py +msgid "Apply lifecycle rule." +msgstr "A lifecycle szabály alkalmazása." + +#: authentik/enterprise/lifecycle/tasks.py +msgid "Send lifecycle rule notification." +msgstr "A lifecycle szabály értesítésének küldése." + +#: authentik/enterprise/models.py +msgid "License" +msgstr "Licensz" + +#: authentik/enterprise/models.py +msgid "Licenses" +msgstr "Licenszek" + +#: authentik/enterprise/models.py +msgid "License Usage" +msgstr "Licenchasználat" + +#: authentik/enterprise/models.py +msgid "License Usage Records" +msgstr "Licenchasználati rekordok" + +#: authentik/enterprise/policies/unique_password/models.py +#: authentik/policies/password/models.py +msgid "Field key to check, field keys defined in Prompt stages are available." +msgstr "" +"Az ellenőrizni kívánt mezőkulcsok, a Prompt szakaszban meghatározott " +"mezőkulcsok elérhetőek." + +#: authentik/enterprise/policies/unique_password/models.py +msgid "Number of passwords to check against." +msgstr "__T0__ ellenőrzendő jelszavak száma" + +#: authentik/enterprise/policies/unique_password/models.py +#: authentik/policies/password/models.py +msgid "Password not set in context" +msgstr "A jelszó a kontextusban nincs beállítva" + +#: authentik/enterprise/policies/unique_password/models.py +msgid "This password has been used previously. Please choose a different one." +msgstr "Ez a jelszó korábban használt volt. Kérjük, válasszon másikat." + +#: authentik/enterprise/policies/unique_password/models.py +msgid "Password Uniqueness Policy" +msgstr "A Jelszó Egyediség Szabály" + +#: authentik/enterprise/policies/unique_password/models.py +msgid "Password Uniqueness Policies" +msgstr "Jelszó Egyediség Szabályok" + +#: authentik/enterprise/policies/unique_password/models.py +msgid "User Password History" +msgstr "Felhasználói Jelszavak Története" + +#: authentik/enterprise/policies/unique_password/tasks.py +msgid "" +"Check if any UniquePasswordPolicy exists, and if not, purge the password " +"history table." +msgstr "" +"Ellenőrizze, hogy létezik-e egyediek UniquePasswordPolicy, és ha nincs, " +"törölje a jelszó-történet táblázatot." + +#: authentik/enterprise/policies/unique_password/tasks.py +msgid "Remove user password history that are too old." +msgstr "" +"Eldobja a felhasználó jelszava előzményeit, amelyek túl régen történtek." + +#: authentik/enterprise/policy.py +msgid "Enterprise required to access this feature." +msgstr "A funkció eléréséhez Enterprise előfizetés szükséges." + +#: authentik/enterprise/policy.py +msgid "Feature only accessible for internal users." +msgstr "A funkció kizárólag belső felhasználók számára érhető el." + +#: authentik/enterprise/providers/google_workspace/models.py +msgid "Google Workspace Provider User" +msgstr "Google Workspace szolgáltató felhasználó" + +#: authentik/enterprise/providers/google_workspace/models.py +msgid "Google Workspace Provider Users" +msgstr "Google Workspace szolgáltató felhasználók" + +#: authentik/enterprise/providers/google_workspace/models.py +msgid "Google Workspace Provider Group" +msgstr "Google Workspace szolgáltató csoport" + +#: authentik/enterprise/providers/google_workspace/models.py +msgid "Google Workspace Provider Groups" +msgstr "Google Workspace szolgáltató csoportok" + +#: authentik/enterprise/providers/google_workspace/models.py +#: authentik/enterprise/providers/microsoft_entra/models.py +#: authentik/providers/scim/models.py +msgid "Property mappings used for group creation/updating." +msgstr "" +"Csoport létrehozásánál/módosításánál használt tulajdonság összerendelések." + +#: authentik/enterprise/providers/google_workspace/models.py +msgid "Google Workspace Provider" +msgstr "Google Workspace szolgáltató" + +#: authentik/enterprise/providers/google_workspace/models.py +msgid "Google Workspace Providers" +msgstr "Google Workspace szolgáltatók" + +#: authentik/enterprise/providers/google_workspace/models.py +msgid "Google Workspace Provider Mapping" +msgstr "Google Workspace szolgáltató összerendelés" + +#: authentik/enterprise/providers/google_workspace/models.py +msgid "Google Workspace Provider Mappings" +msgstr "Google Workspace szolgáltató összerendelések" + +#: authentik/enterprise/providers/google_workspace/tasks.py +msgid "Sync Google Workspace provider objects." +msgstr "Szerkesztés Google Workspace szolgáltató objektumaihoz." + +#: authentik/enterprise/providers/google_workspace/tasks.py +msgid "Full sync for Google Workspace provider." +msgstr "Teljes szinkronizáció a Google Workspace szolgáltatóhoz." + +#: authentik/enterprise/providers/google_workspace/tasks.py +msgid "Sync a direct object (user, group) for Google Workspace provider." +msgstr "" +"Szerkesztés közvetlen objektum (felhasználó, csoport) a Google Workspace " +"szolgáltatóhoz." + +#: authentik/enterprise/providers/google_workspace/tasks.py +msgid "" +"Dispatch deletions for an object (user, group) for Google Workspace " +"providers." +msgstr "" +"Elindítja a törléseket egy objektum esetében (felhasználó, csoport) a Google" +" Workspace szolgáltatókhoz." + +#: authentik/enterprise/providers/google_workspace/tasks.py +msgid "Delete an object (user, group) for Google Workspace provider." +msgstr "" +"Eltávolítás egy objektum esetében (felhasználó, csoport) a Google Workspace " +"szolgáltatótól." + +#: authentik/enterprise/providers/google_workspace/tasks.py +msgid "" +"Dispatch syncs for a direct object (user, group) for Google Workspace " +"providers." +msgstr "" +"Elindítja a szinkronizálásokat közvetlen objektum esetében (felhasználó, " +"csoport) a Google Workspace szolgáltatókhoz." + +#: authentik/enterprise/providers/google_workspace/tasks.py +msgid "Sync a related object (memberships) for Google Workspace provider." +msgstr "" +"Szerkesztés kapcsolódó objektum (tagok) a Google Workspace szolgáltatóhoz." + +#: authentik/enterprise/providers/google_workspace/tasks.py +msgid "" +"Dispatch syncs for a related object (memberships) for Google Workspace " +"providers." +msgstr "" +"Elindítja a szinkronizálásokat kapcsolódó objektum esetében (tagok) a Google" +" Workspace szolgáltatókhoz." + +#: authentik/enterprise/providers/microsoft_entra/models.py +msgid "Microsoft Entra Provider User" +msgstr "Microsoft Entra szolgáltató felhasználó" + +#: authentik/enterprise/providers/microsoft_entra/models.py +msgid "Microsoft Entra Provider Group" +msgstr "Microsoft Entra szolgáltató csoport" + +#: authentik/enterprise/providers/microsoft_entra/models.py +msgid "Microsoft Entra Provider Groups" +msgstr "Microsoft Entra szolgáltató csoportok" + +#: authentik/enterprise/providers/microsoft_entra/models.py +msgid "Microsoft Entra Provider" +msgstr "Microsoft Entra szolgáltató" + +#: authentik/enterprise/providers/microsoft_entra/models.py +msgid "Microsoft Entra Providers" +msgstr "Microsoft Entra szolgáltatók" + +#: authentik/enterprise/providers/microsoft_entra/models.py +msgid "Microsoft Entra Provider Mapping" +msgstr "Microsoft Entra szolgáltató összerendelés" + +#: authentik/enterprise/providers/microsoft_entra/models.py +msgid "Microsoft Entra Provider Mappings" +msgstr "Microsoft Entra szolgáltató összerendelések" + +#: authentik/enterprise/providers/microsoft_entra/tasks.py +msgid "Sync Microsoft Entra provider objects." +msgstr "Szerkesztés Microsoft Entra szolgáltató objektumaihoz." + +#: authentik/enterprise/providers/microsoft_entra/tasks.py +msgid "Full sync for Microsoft Entra provider." +msgstr "Teljes szinkronizálás a Microsoft Entra szolgáltatáshoz." + +#: authentik/enterprise/providers/microsoft_entra/tasks.py +msgid "Sync a direct object (user, group) for Microsoft Entra provider." +msgstr "" +"Egy közvetlen objektum (felhasználó, csoport) szinkronizálása a Microsoft " +"Entra szolgáltatáshoz." + +#: authentik/enterprise/providers/microsoft_entra/tasks.py +msgid "" +"Dispatch syncs for a direct object (user, group) for Microsoft Entra " +"providers." +msgstr "" +"Egy közvetlen objektum (felhasználó, csoport) szinkronizálásának elindítása " +"a Microsoft Entra szolgáltatásokhoz." + +#: authentik/enterprise/providers/microsoft_entra/tasks.py +msgid "Delete an object (user, group) for Microsoft Entra provider." +msgstr "" +"Objektum (felhasználó, csoport) törlése a Microsoft Entra szolgáltatáshoz." + +#: authentik/enterprise/providers/microsoft_entra/tasks.py +msgid "" +"Dispatch deletions for an object (user, group) for Microsoft Entra " +"providers." +msgstr "" +"Egy objektum (felhasználó, csoport) törlésének elindítása a Microsoft Entra " +"szolgáltatásokhoz." + +#: authentik/enterprise/providers/microsoft_entra/tasks.py +msgid "Sync a related object (memberships) for Microsoft Entra provider." +msgstr "" +"Kapcsolódó objektum (tagságok) szinkronizálása a Microsoft Entra " +"szolgáltatáshoz." + +#: authentik/enterprise/providers/microsoft_entra/tasks.py +msgid "" +"Dispatch syncs for a related object (memberships) for Microsoft Entra " +"providers." +msgstr "" +"Egy kapcsolódó objektum (tagságok) szinkronizálásának elindítása a Microsoft" +" Entra szolgáltatásokhoz." + +#: authentik/enterprise/providers/radius/api.py +msgid "Enterprise is required to use EAP-TLS." +msgstr "A vállalatnak EAP-TLS használatára van köteles." + +#: authentik/enterprise/providers/scim/api.py +msgid "Enterprise is required to use the OAuth mode." +msgstr "A vállalatnak az OAuth mód használatára van köteles." + +#: authentik/enterprise/providers/ssf/models.py +msgid "SSF RFC Push" +msgstr "SSF RFC Push" + +#: authentik/enterprise/providers/ssf/models.py +msgid "SSF RFC Pull" +msgstr "SSF RFC-pull" + +#: authentik/enterprise/providers/ssf/models.py +#: authentik/providers/oauth2/models.py +msgid "Signing Key" +msgstr "Aláíró kulcs" + +#: authentik/enterprise/providers/ssf/models.py +msgid "Key used to sign the SSF Events." +msgstr "__T0__-t használt jelzések aláírására a SSF eseményeknél." + +#: authentik/enterprise/providers/ssf/models.py +msgid "Shared Signals Framework Provider" +msgstr "Megosztott Jelzéses Rendszer Provider" + +#: authentik/enterprise/providers/ssf/models.py +msgid "Shared Signals Framework Providers" +msgstr "Megosztott Jelzéses Rendszer Providers" + +#: authentik/enterprise/providers/ssf/models.py +msgid "Add stream to SSF provider" +msgstr "Hozzáadás stream-je a SSF provider-hez" + +#: authentik/enterprise/providers/ssf/models.py +msgid "SSF Stream" +msgstr "SSF Stream" + +#: authentik/enterprise/providers/ssf/models.py +msgid "SSF Streams" +msgstr "SSF Streams" + +#: authentik/enterprise/providers/ssf/models.py +msgid "SSF Stream Event" +msgstr "SSF Stream Esemény" + +#: authentik/enterprise/providers/ssf/models.py +msgid "SSF Stream Events" +msgstr "SSF Stream Események" + +#: authentik/enterprise/providers/ssf/tasks.py +msgid "Dispatch SSF events." +msgstr "SSF események elhelyezése." + +#: authentik/enterprise/providers/ssf/tasks.py +msgid "Send an SSF event." +msgstr "SSF esemény küldése." + +#: authentik/enterprise/providers/ws_federation/models.py +msgid "WS-Federation Provider" +msgstr "WS-Federation Provider" + +#: authentik/enterprise/providers/ws_federation/models.py +msgid "WS-Federation Providers" +msgstr "WS-Federation Providers" + +#: authentik/enterprise/providers/ws_federation/views.py +#: authentik/providers/oauth2/views/authorize.py +#: authentik/providers/saml/views/flows.py +#, python-brace-format +msgid "Redirecting to {app}..." +msgstr "{app}-ra átirányítás..." + +#: authentik/enterprise/reports/models.py +msgid "Data Export" +msgstr "Adatexportálás" + +#: authentik/enterprise/reports/models.py +msgid "Data Exports" +msgstr "Adatexportálások" + +#: authentik/enterprise/reports/models.py +#, python-brace-format +msgid "{model_verbose_name} export generated successfully" +msgstr "{model_verbose_name} export sikeresen generálva" + +#: authentik/enterprise/reports/models.py +msgid "Download" +msgstr "Letöltés" + +#: authentik/enterprise/reports/tasks.py +msgid "Generate data export." +msgstr "Adatexportálás generálása." + +#: authentik/enterprise/stages/account_lockdown/api.py +msgid "User to lock. If omitted, locks the current user (self-service)." +msgstr "" +"Zárolandó felhasználó. Ha nincs megadva, a jelenlegi felhasználót (személyes" +" szolgáltatás) zárolja." + +#: authentik/enterprise/stages/account_lockdown/api.py +msgid "No lockdown flow configured." +msgstr "Nincs beállított zárolási folyamat." + +#: authentik/enterprise/stages/account_lockdown/api.py +msgid "Lockdown flow is not applicable." +msgstr "A lockdownd folyamat nem alkalmazható." + +#: authentik/enterprise/stages/account_lockdown/api.py +msgid "Choose the target account, then return a flow link." +msgstr "" +"Válassza ki a célcsoporti fiókot, majd adja vissza a folyam hivatkozását." + +#: authentik/enterprise/stages/account_lockdown/api.py +msgid "No lockdown flow configured or the flow is not applicable" +msgstr "Nincs beállítva lockdownd folyamat vagy a folyamat nem alkalmazható" + +#: authentik/enterprise/stages/account_lockdown/api.py +msgid "Permission denied (when targeting another user)" +msgstr "Hozzáférés megtagadva (mikor egy másik felhasználót célozza meg)" + +#: authentik/enterprise/stages/account_lockdown/models.py +msgid "Deactivate the user account (set is_active to False)" +msgstr "Deaktiválja a felhasználói fiókot (beállítás: is_active False-ra)" + +#: authentik/enterprise/stages/account_lockdown/models.py +msgid "Set an unusable password for the user" +msgstr "" +"Bejelentkezési jelszónak nevezhetetlen értéket adjon meg a felhasználónak" + +#: authentik/enterprise/stages/account_lockdown/models.py +msgid "Delete all active sessions for the user" +msgstr "Törölje az összes aktív munkamenetet a felhasználótól" + +#: authentik/enterprise/stages/account_lockdown/models.py +msgid "" +"Revoke all tokens for the user (API, app password, recovery, verification, " +"OAuth)" +msgstr "" +"Visszavonja az összes tokenet a felhasználótól (API, alkalmazásjelszó, " +"helyreállítás, ellenőrzés, OAuth)" + +#: authentik/enterprise/stages/account_lockdown/models.py +msgid "" +"Flow to redirect users to after self-service lockdown. This flow should not " +"require authentication since the user's session is deleted." +msgstr "" +"A folyamat, amire átirányítja a felhasználókat a saját-szolgáltatás " +"lockdownd után. Ez a folyamat nem követelményben kell, hogy igazolványt " +"kérjen, mivel a felhasználói munkamenet törölve lesz." + +#: authentik/enterprise/stages/account_lockdown/models.py +msgid "Account Lockdown Stage" +msgstr "Felhasználói fiók lockdownd szakasz" + +#: authentik/enterprise/stages/account_lockdown/models.py +msgid "Account Lockdown Stages" +msgstr "Fiók zárolásának szakaszai" + +#: authentik/enterprise/stages/account_lockdown/stage.py +msgid "No target user specified for account lockdown" +msgstr "Nincs megadva cél felhasználó a fiók zárolásához" + +#: authentik/enterprise/stages/account_lockdown/stage.py +msgid "You do not have permission to lock down this account." +msgstr "Nem rendelkezik jogosultsággal ezt a fiókot zárolni." + +#: authentik/enterprise/stages/account_lockdown/stage.py +msgid "Account lockdown failed for this account." +msgstr "A fiók zárolása sikertelen volt erre a fióknak." + +#: authentik/enterprise/stages/account_lockdown/stage.py +msgid "Self-service account lockdown requires a completion flow." +msgstr "Önkiszolgáló fiók zárolás szükséges egy befejezési folyamatra." + +#: authentik/enterprise/stages/authenticator_endpoint_gdtc/models.py +msgid "Endpoint Authenticator Google Device Trust Connector Stage" +msgstr "Endpoint Authenticator Google Device Trust Connector szakasz" + +#: authentik/enterprise/stages/authenticator_endpoint_gdtc/models.py +msgid "Endpoint Authenticator Google Device Trust Connector Stages" +msgstr "Endpoint Authenticator Google Device Trust Connector szakaszok" + +#: authentik/enterprise/stages/authenticator_endpoint_gdtc/models.py +msgid "Endpoint Device" +msgstr "Végpont eszköz" + +#: authentik/enterprise/stages/authenticator_endpoint_gdtc/models.py +msgid "Endpoint Devices" +msgstr "Végpont eszközök" + +#: authentik/enterprise/stages/mtls/models.py +msgid "" +"Configure certificate authorities to validate the certificate against. This " +"option has a higher priority than the `client_certificate` option on " +"`Brand`." +msgstr "" +"Konfigurálja az igazgatott kivonatokat, amelyeket a kivonat ellen " +"vizsgálnak. Ez a lehetőség magasabb prioritással rendelkezik a `Brand`-en " +"lévő `client_certificate` beállításnál." + +#: authentik/enterprise/stages/mtls/models.py +msgid "Mutual TLS Stage" +msgstr "Egyezményes TLS szakasz" + +#: authentik/enterprise/stages/mtls/models.py +msgid "Mutual TLS Stages" +msgstr "Egyezményes TLS szakaszok" + +#: authentik/enterprise/stages/mtls/models.py +msgid "Permissions to pass Certificates for outposts." +msgstr "Jogosultságok kivonatok átadására az outposts számára." + +#: authentik/enterprise/stages/mtls/stage.py +msgid "Certificate required but no certificate was given." +msgstr "Kérelemben nincs megadott kivonat, bár ez szükséges." + +#: authentik/enterprise/stages/mtls/stage.py +msgid "No user found for certificate." +msgstr "Nincs felhasználó találat a tanúsítvánnyal." + +#: authentik/enterprise/stages/source/models.py +msgid "" +"Amount of time a user can take to return from the source to continue the " +"flow (Format: hours=-1;minutes=-2;seconds=-3)" +msgstr "" +"A felhasználónak ennyi ideje van, hogy visszatérjen a forrástól és folytassa" +" a folyamatot (Formátum: óra=-1;perc=-2;másodperc=-3)" + +#: authentik/enterprise/stages/source/models.py +msgid "Source Stage" +msgstr "Forrás szakasz" + +#: authentik/enterprise/stages/source/models.py +msgid "Source Stages" +msgstr "Forrás szakaszok" + +#: authentik/enterprise/tasks.py +msgid "Update enterprise license status." +msgstr "Frissítse az üzleti licenc állapotát." + +#: authentik/events/models.py +msgid "Event" +msgstr "Esemény" + +#: authentik/events/models.py +msgid "Events" +msgstr "Események" + +#: authentik/events/models.py +msgid "authentik inbuilt notifications" +msgstr "Beépített authentik értesítések." + +#: authentik/events/models.py +msgid "Generic Webhook" +msgstr "Általános Webhook" + +#: authentik/events/models.py +msgid "Slack Webhook (Slack/Discord)" +msgstr "Slack Webhook (Slack/Discord)" + +#: authentik/events/models.py +#: authentik/stages/authenticator_validate/models.py +msgid "Email" +msgstr "Email cím" + +#: authentik/events/models.py +msgid "" +"Only send notification once, for example when sending a webhook into a chat " +"channel." +msgstr "" +"Csak egyszer küldjön értesítéset, például amikor webhook-ot küld csevegő " +"csatornába." + +#: authentik/events/models.py +msgid "" +"When set, the selected certificate is used to validate the certificate of " +"the webhook server." +msgstr "" +"Ha be van állítva, a kiválasztott tanúsítvány a webhook-kiszolgáló " +"tanúsítványának érvényesítésére szolgál." + +#: authentik/events/models.py +msgid "" +"Customize the body of the request. Mapping should return data that is JSON-" +"serializable." +msgstr "" +"Villamosidős kérelem szövegének testreszabása. A lekérdezés ábrázolásai " +"JSON-serializálható adatokat kell visszaadniuk." + +#: authentik/events/models.py +msgid "Severity" +msgstr "Súlyosság" + +#: authentik/events/models.py +msgid "Dispatched for user" +msgstr "Felhasználónak elküldve" + +#: authentik/events/models.py +msgid "Event user" +msgstr "Esemény felhasználó" + +#: authentik/events/models.py +msgid "Notification Transport" +msgstr "Értesítés Szállító" + +#: authentik/events/models.py +msgid "Notification Transports" +msgstr "Értesítés Szállítók" + +#: authentik/events/models.py +msgid "Notice" +msgstr "Értesítés" + +#: authentik/events/models.py +msgid "Warning" +msgstr "Figyelmeztetés" + +#: authentik/events/models.py +msgid "Alert" +msgstr "Riasztás" + +#: authentik/events/models.py +msgid "Notification" +msgstr "Értesítés" + +#: authentik/events/models.py +msgid "Notifications" +msgstr "Értesítések" + +#: authentik/events/models.py +msgid "" +"Select which transports should be used to notify the user. If none are " +"selected, the notification will only be shown in the authentik UI." +msgstr "" +"Válassza ki melyik szállító értesítse a felhasználót. Ha egyik sincs " +"kiválasztva, az értesítés az authentik felhasználói felületen lesz látható." + +#: authentik/events/models.py +msgid "Controls which severity level the created notifications will have." +msgstr "Beállítja melyik súlyossági szintje legyen az értesítésnek." + +#: authentik/events/models.py +msgid "" +"Define which group of users this notification should be sent and shown to. " +"If left empty, Notification won't ben sent." +msgstr "" +"Állítsa be melyik felhasználói csoportoknak legyen ez az értesítés küldve és" +" mutatva. Ha üres, nem lesznek értesítések küldve." + +#: authentik/events/models.py +msgid "" +"When enabled, notification will be sent to user the user that triggered the " +"event.When destination_group is configured, notification is sent to both." +msgstr "" +"Ha engedélyezett, értesítést küld a felhasználónak, akinek az eseményt " +"aktívvá tette. Ha a célcsoport be van állítva, az értesítés mindkét " +"csoportnak lesz elküldve." + +#: authentik/events/models.py +msgid "Notification Rule" +msgstr "Értesítési szabály" + +#: authentik/events/models.py +msgid "Notification Rules" +msgstr "Értesítési szabályok" + +#: authentik/events/models.py +msgid "Webhook Mapping" +msgstr "Webhook összerendelés" + +#: authentik/events/models.py +msgid "Webhook Mappings" +msgstr "Webhook összerendelések" + +#: authentik/events/tasks.py +msgid "Dispatch new event notifications." +msgstr "Eseménysorozatok indítása új értesítésekhez." + +#: authentik/events/tasks.py +msgid "" +"Check if policies attached to NotificationRule match event and dispatch " +"notification tasks." +msgstr "" +"Ellenőrizze, hogy a hozzárendelt szabályok illeszkednek-e az eseményre és " +"üzenetküldési feladatokat kezdeményeznek-e." + +#: authentik/events/tasks.py +msgid "Send notification." +msgstr "Értesítés küldése." + +#: authentik/events/tasks.py +msgid "Cleanup events for GDPR compliance." +msgstr "Események törlése GDPR-megfelelőségi igazoláshoz." + +#: authentik/events/tasks.py +msgid "Cleanup seen notifications and notifications whose event expired." +msgstr "" +"Látogázott értesítések és lejárta az esemény időtartama ért értesítések " +"törlése." + +#: authentik/flows/api/flows.py +#, python-brace-format +msgid "Flow not applicable to current user/request: {messages}" +msgstr "" +"A folyamat nem alkalmazható a jelenlegi felhasználóra/kérésre: {messages}" + +#: authentik/flows/api/flows_diagram.py +#, python-brace-format +msgid "Policy ({type})" +msgstr "Szabályzat ({type})" + +#: authentik/flows/api/flows_diagram.py +#, python-brace-format +msgid "Binding {order}" +msgstr "Hozzárendelés {order}" + +#: authentik/flows/api/flows_diagram.py +msgid "Policy passed" +msgstr "Szabályzat átment" + +#: authentik/flows/api/flows_diagram.py +#, python-brace-format +msgid "Stage ({type})" +msgstr "Szakasz ({type})" + +#: authentik/flows/api/flows_diagram.py +msgid "Policy denied" +msgstr "Szabályzat elutasítva" + +#: authentik/flows/api/flows_diagram.py +msgid "End of the flow" +msgstr "Folyamat vége" + +#: authentik/flows/api/flows_diagram.py +msgid "Requirement not fulfilled" +msgstr "Követelmény nincs teljesítve" + +#: authentik/flows/api/flows_diagram.py +msgid "Flow authentication requirement" +msgstr "Folyamathitelesítés követelménye" + +#: authentik/flows/api/flows_diagram.py +msgid "Requirement fulfilled" +msgstr "Követelmény teljesítve" + +#: authentik/flows/api/flows_diagram.py +msgid "Pre-flow policies" +msgstr "Elő-folyamat házirendek" + +#: authentik/flows/api/flows_diagram.py authentik/flows/models.py +msgid "Flow" +msgstr "Folyamat" + +#: authentik/flows/apps.py +msgid "Refresh other tabs after successful authentication." +msgstr "Frissítse az egyéb lapokat sikeres hitelesítés után." + +#: authentik/flows/apps.py +msgid "" +"Upon successful authentication, re-start authentication in other open tabs." +msgstr "" +"Sikeres hitelesítést követően újraindítsa a hitelesítést az egyéb nyitott " +"lapokban." + +#: authentik/flows/exceptions.py +msgid "Flow does not apply to current user." +msgstr "A folyamat nem vonatkozik a jelenlegi felhasználóra." + +#: authentik/flows/models.py +#, python-brace-format +msgid "Dynamic In-memory stage: {doc}" +msgstr "Dinamikus memóriabeli szakasz: {doc}" + +#: authentik/flows/models.py +msgid "Visible in the URL." +msgstr "URL-ben látható." + +#: authentik/flows/models.py +msgid "Shown as the Title in Flow pages." +msgstr "A folyamatoldalon Címként mutatva." + +#: authentik/flows/models.py +msgid "" +"Decides what this Flow is used for. For example, the Authentication flow is " +"redirect to when an un-authenticated user visits authentik." +msgstr "" +"Eldönti mire való ez a folyamat. Például, a hitelesítő folyamat átírányít ha" +" egy nem hitelesített felhasználó meglátogatja az authentik-et." + +#: authentik/flows/models.py +msgid "Background shown during execution" +msgstr "Futtatás közben mutatott háttér" + +#: authentik/flows/models.py +msgid "" +"Enable compatibility mode, increases compatibility with password managers on" +" mobile devices." +msgstr "" +"Kompatibilitási mód engedélyezése, növeli a jelszókezelőkkel való " +"kompatibilitást mobileszközökön." + +#: authentik/flows/models.py +msgid "Configure what should happen when a flow denies access to a user." +msgstr "" +"Beállítja mi történik mikor a folyamat megtiltja a felhasználó elérését." + +#: authentik/flows/models.py +msgid "Required level of authentication and authorization to access a flow." +msgstr "A folyamat eléréséhez kötelező hitelesítési és engedélyezési szint." + +#: authentik/flows/models.py +msgid "Flows" +msgstr "Folyamatok" + +#: authentik/flows/models.py +msgid "Can export a Flow" +msgstr "Exportálhat folyamatot." + +#: authentik/flows/models.py +msgid "Can inspect a Flow's execution" +msgstr "Megszemlélhet folyamatot" + +#: authentik/flows/models.py +msgid "View Flow's cache metrics" +msgstr "A folyamat gyorsítótáridőmértékeinek megnézése." + +#: authentik/flows/models.py +msgid "Clear Flow's cache metrics" +msgstr "A folyamat gyorsítótáridőmértékeinek tisztítása." + +#: authentik/flows/models.py +msgid "Evaluate policies during the Flow planning process." +msgstr "Értékelje ki a házirendeket a folyamattervezési folyamat során." + +#: authentik/flows/models.py +msgid "Evaluate policies when the Stage is presented to the user." +msgstr "A Stagenél megjelenített időpontban értékelje a szabályokat." + +#: authentik/flows/models.py +msgid "" +"Configure how the flow executor should handle an invalid response to a " +"challenge. RETRY returns the error message and a similar challenge to the " +"executor. RESTART restarts the flow from the beginning, and " +"RESTART_WITH_CONTEXT restarts the flow while keeping the current context." +msgstr "" +"Állítsa be hogyan kezelje a folyamatvégrehajtó a kihívásra adott érvénytelen" +" válaszolkat. RETRY visszadob egy hibaüzenetet és egy hasonló kihivást a " +"végrehajtónak. RESTART újraindítja a folyamatot az elejétől és a " +"RESTART_WITH_CONTEXT újraindítja a folyamatot miközben megtartja a " +"kontextust." + +#: authentik/flows/models.py +msgid "Flow Stage Binding" +msgstr "Folyamat Szakasz Hozzárendelés" + +#: authentik/flows/models.py +msgid "Flow Stage Bindings" +msgstr "Folyamat Szakasz Hozzárendelések" + +#: authentik/flows/models.py +msgid "" +"Flow used by an authenticated user to configure this Stage. If empty, user " +"will not be able to configure this stage." +msgstr "" +"A hitelesített felhasználó által használt folyamat ezek szakasz " +"beállítására. Ha üres, a felhasználó nem lesz képes beállítani ezen " +"szakaszt." + +#: authentik/flows/models.py +msgid "Flow Token" +msgstr "Folyamat Token" + +#: authentik/flows/models.py +msgid "Flow Tokens" +msgstr "Folyamat Token-ek" + +#: authentik/flows/planner.py +msgid "This link is invalid or has expired. Please request a new one." +msgstr "Ez a hivatkozás érvénytelen vagy lejárt. Kérjen egy újat." + +#: authentik/flows/views/executor.py +msgid "Invalid next URL" +msgstr "Érvénytelen következő URL" + +#: authentik/lib/sync/incoming/models.py +msgid "When to trigger sync for outgoing providers" +msgstr "Az indulást ideiglenes szolgáltatók számára" + +#: authentik/lib/sync/outgoing/models.py +msgid "Controls the number of objects synced in a single task" +msgstr "A feladatban részt vevő objektumok számának beállítása" + +#: authentik/lib/sync/outgoing/models.py +msgid "Timeout for synchronization of a single page" +msgstr "Az oldal szinkronizálásának időtúllépése" + +#: authentik/lib/sync/outgoing/models.py +msgid "" +"When enabled, provider will not modify or create objects in the remote " +"system." +msgstr "" +"Ha engedélyezve van, a szolgáltató nem módosítja vagy létrehozhat " +"objektumokat a távoli rendszerben." + +#: authentik/lib/utils/time.py +#, python-format +msgid "%(value)s is not in the correct format of 'hours=3;minutes=1'." +msgstr "A %(value)s érték nincs a megfelelő formátumban: 'óra=3;perc=1'." + +#: authentik/lib/validators.py +#, python-brace-format +msgid "The fields {field_names} must be used together." +msgstr "A {field_names} mezőket együtt kell használni." + +#: authentik/outposts/api/service_connections.py +msgid "" +"You can only use an empty kubeconfig when connecting to a local cluster." +msgstr "" +"Csak egy üres kubeconfig-ot használhatsz amikor csatlakozol egy helyi " +"klaszterhez." + +#: authentik/outposts/api/service_connections.py +msgid "Invalid kubeconfig" +msgstr "Érvénytelen kubeconfig" + +#: authentik/outposts/models.py +msgid "" +"If enabled, use the local connection. Required Docker socket/Kubernetes " +"Integration" +msgstr "" +"Ha engedélyezett, használja a helyi kapcsolatokat. Docker socket/Kubernetes " +"Integrációhoz kötelező." + +#: authentik/outposts/models.py +msgid "Outpost Service-Connection" +msgstr "Előörs Szolgáltatás-Kapcsolat" + +#: authentik/outposts/models.py +msgid "Outpost Service-Connections" +msgstr "Előörs Szolgáltatás-Kapcsolatok" + +#: authentik/outposts/models.py +msgid "" +"Can be in the format of 'unix://' when connecting to a local docker " +"daemon, or 'https://:2376' when connecting to a remote system." +msgstr "" +"A formátum lehet 'unix://' amikor helyi docker démonhoz csatlakozik, " +"vagy 'https://:2376' amikor távoli rendszerhez." + +#: authentik/outposts/models.py +msgid "" +"CA which the endpoint's Certificate is verified against. Can be left empty " +"for no validation." +msgstr "" +"CA (Tanúsítványhatóság) ami a végpont tanúsítványa ellen érvényesít. Ha " +"nincs érvényesítés, üresen hagyható." + +#: authentik/outposts/models.py +msgid "" +"Certificate/Key used for authentication. Can be left empty for no " +"authentication." +msgstr "" +"A hitelestésre használt tanúsítvány/kulcs. Ha nincs hitelesítés, üresen " +"lehet hagyni." + +#: authentik/outposts/models.py +msgid "Docker Service-Connection" +msgstr "Docker Szolgáltatás-Kapcsolat" + +#: authentik/outposts/models.py +msgid "Docker Service-Connections" +msgstr "Docker Szolgáltatás-Kapcsolatok" + +#: authentik/outposts/models.py +msgid "" +"Paste your kubeconfig here. authentik will automatically use the currently " +"selected context." +msgstr "" +"Illessze be a kubeconfig-ját ide. Az authentik automatikusan a jelenleg " +"kiválasztott kontextus-t használja." + +#: authentik/outposts/models.py +msgid "Verify SSL Certificates of the Kubernetes API endpoint" +msgstr "Érvényesítse a Kubernetes API végpont SSL tanusítványait." + +#: authentik/outposts/models.py +msgid "Kubernetes Service-Connection" +msgstr "Kubernetes Szolgáltatás-Kapcsolat" + +#: authentik/outposts/models.py +msgid "Kubernetes Service-Connections" +msgstr "Kubernetes Szolgáltatás-Kapcsolatok" + +#: authentik/outposts/models.py +msgid "" +"Select Service-Connection authentik should use to manage this outpost. Leave" +" empty if authentik should not handle the deployment." +msgstr "" +"Válassza ki a szolgáltatás-kapcsolatot amit az authentik-nek erre az " +"előőrsre kéne használnia." + +#: authentik/outposts/models.py +msgid "Outpost" +msgstr "Előörs" + +#: authentik/outposts/models.py +msgid "Outposts" +msgstr "Előörsök" + +#: authentik/outposts/tasks.py +msgid "Update cached state of service connection." +msgstr "Frissítse a szolgáltatáskapcsolat gyorsítótárazott állapotát." + +#: authentik/outposts/tasks.py +msgid "Create/update/monitor/delete the deployment of an Outpost." +msgstr "" +"Hozzon létre, frissítse, nyomon kövessen vagy törölje az Outpost " +"üzemeltetését." + +#: authentik/outposts/tasks.py +msgid "Ensure that all Outposts have valid Service Accounts and Tokens." +msgstr "" +"Görgezz, hogy minden Outpost érvényes Service Accounts és Tokens maradjon." + +#: authentik/outposts/tasks.py +msgid "Send update to outpost" +msgstr "Frissítés küldése az outpostnak" + +#: authentik/outposts/tasks.py +msgid "Checks the local environment and create Service connections." +msgstr "" +"A helyi környezet ellenőrzése és a szolgáltatáskapcsolatok létrehozása." + +#: authentik/outposts/tasks.py +msgid "Terminate session on all outposts." +msgstr "Minden outpost-on történő munkamenedemen belül véglegesítés." + +#: authentik/policies/denied.py +msgid "Access denied" +msgstr "Hozzáférés megtagadva" + +#: authentik/policies/dummy/models.py +msgid "Dummy Policy" +msgstr "Üres szabályzat" + +#: authentik/policies/dummy/models.py +msgid "Dummy Policies" +msgstr "Üres házirendek" + +#: authentik/policies/event_matcher/api.py +#: authentik/policies/event_matcher/models.py +msgid "" +"Match events created by selected application. When left empty, all " +"applications are matched." +msgstr "" +"A kiválasztott alkalmazás által létrehozott események egyeztetése. Ha üresen" +" hagyja, az összes alkalmazás megfelel." + +#: authentik/policies/event_matcher/api.py +#: authentik/policies/event_matcher/models.py +msgid "" +"Match events created by selected model. When left empty, all models are " +"matched. When an app is selected, all the application's models are matched." +msgstr "" +"A kiválasztott modell által létrehozott események egyeztetése. Ha üresen " +"hagyja, az összes modell megfelel. Amikor egy alkalmazás van kiválasztva, az" +" alkalmazás minden modellje megfelel." + +#: authentik/policies/event_matcher/api.py +msgid "At least one criteria must be set." +msgstr "Legalább egy kritériának meg kell felelni." + +#: authentik/policies/event_matcher/models.py +msgid "" +"Match created events with this action type. When left empty, all action " +"types will be matched." +msgstr "" +"A kiválasztott akciótípus által létrehozott események egyeztetése. Ha üresen" +" hagyja, az összes akciótípus megfelel." + +#: authentik/policies/event_matcher/models.py +msgid "" +"Matches Event's Client IP (strict matching, for network matching use an " +"Expression Policy)" +msgstr "" +"A kiválasztott esemény kliens IP-je (szigorú egyeztetés, a hálózati " +"egyeztetéshez használjon kifejezési szabályzatot)" + +#: authentik/policies/event_matcher/models.py +msgid "Event Matcher Policy" +msgstr "Esemény kiválasztási szabályzat" + +#: authentik/policies/event_matcher/models.py +msgid "Event Matcher Policies" +msgstr "Esemény Kiválasztási Házirendek" + +#: authentik/policies/expiry/models.py +#, python-brace-format +msgid "Password expired {days} days ago. Please update your password." +msgstr "A jelszó {days} napja lejárt. Kérjük, hogy frissítse jelszavát." + +#: authentik/policies/expiry/models.py +msgid "Password has expired." +msgstr "A jelszava lejárt." + +#: authentik/policies/expiry/models.py +msgid "Password Expiry Policy" +msgstr "Jelszó lejárati szabályzat." + +#: authentik/policies/expiry/models.py +msgid "Password Expiry Policies" +msgstr "Jelszó lejárati házirendek." + +#: authentik/policies/expression/models.py +msgid "Expression Policy" +msgstr "Kifejezési szabályzat" + +#: authentik/policies/expression/models.py +msgid "Expression Policies" +msgstr "Kifejezési házirendek" + +#: authentik/policies/geoip/models.py +msgid "GeoIP: client IP not found in ASN database." +msgstr "GeoIP: a kliens IP nem található az ASN adatbázisban." + +#: authentik/policies/geoip/models.py +msgid "Client IP is not part of an allowed autonomous system." +msgstr "A kliens IP nem része az engedélyezett autonóm rendszereknek." + +#: authentik/policies/geoip/models.py +msgid "GeoIP: client IP address not found in City database." +msgstr "GeoIP: a kliens IP-cím nem található a városi adatbázisban. " + +#: authentik/policies/geoip/models.py +msgid "Client IP is not in an allowed country." +msgstr "A kliens IP nem része az engedélyezett országoknak." + +#: authentik/policies/geoip/models.py +msgid "Distance from previous authentication is larger than threshold." +msgstr "Az előző hitelesítés távolsága a küszöbértéktől nagyobb." + +#: authentik/policies/geoip/models.py +msgid "Distance is further than possible." +msgstr "A távolság annál messzebb, mint lehetséges." + +#: authentik/policies/geoip/models.py +msgid "GeoIP Policy" +msgstr "GeoIP szabályzat" + +#: authentik/policies/geoip/models.py +msgid "GeoIP Policies" +msgstr "GeoIP szabályzatok" + +#: authentik/policies/models.py +msgid "all, all policies must pass" +msgstr "all, minden szabályzat átmegy" + +#: authentik/policies/models.py +msgid "any, any policy must pass" +msgstr "any, bármely szabályzat átmegy" + +#: authentik/policies/models.py +msgid "Policy Binding Model" +msgstr "Szabályzat összekötő minta" + +#: authentik/policies/models.py +msgid "Policy Binding Models" +msgstr "Szabályzat összekötő minták" + +#: authentik/policies/models.py +msgid "Negates the outcome of the policy. Messages are unaffected." +msgstr "Negálja a szabályzat eredményét. Üzenetekre nincs hatással." + +#: authentik/policies/models.py +msgid "Timeout after which Policy execution is terminated." +msgstr "Időtúllépés, amely után a szabályzat-végrehajtás leáll." + +#: authentik/policies/models.py +msgid "Result if the Policy execution fails." +msgstr "Eredmény ha a szabályzat-végrehajtás megbukik." + +#: authentik/policies/models.py +msgid "Policy Binding" +msgstr "Szabályzat hozzárendelés" + +#: authentik/policies/models.py +msgid "Policy Bindings" +msgstr "Szabályzat hozzárendelések" + +#: authentik/policies/models.py +msgid "" +"When this option is enabled, all executions of this policy will be logged. " +"By default, only execution errors are logged." +msgstr "" +"Ha ez az opció engedélyezve van, a szabályzat minden végrehajtása naplózásra" +" kerül. Alapértelmezés szerint csak a végrehajtási hibák kerülnek " +"naplózásra." + +#: authentik/policies/models.py +msgid "Policy" +msgstr "Szabályzat" + +#: authentik/policies/models.py +msgid "Policies" +msgstr "Szabályzatok" + +#: authentik/policies/models.py +msgid "View Policy's cache metrics" +msgstr "A szabályzat gyorsítótáridőmértékeinek megnézése." + +#: authentik/policies/models.py +msgid "Clear Policy's cache metrics" +msgstr "A szabályzat gyorsítótáridőmértékeinek tisztítása." + +#: authentik/policies/password/models.py +msgid "How many times the password hash is allowed to be on haveibeenpwned" +msgstr "Hányszor engedélyezett a jelszó hash értéke a haveibeenpwned-on." + +#: authentik/policies/password/models.py +msgid "" +"If the zxcvbn score is equal or less than this value, the policy will fail." +msgstr "" +"Ha az zxcvbn pontszám egyenlő vagy kevesebb ennél az értéknél, a szabályzat " +"megbukik." + +#: authentik/policies/password/models.py +msgid "Invalid password." +msgstr "Érvénytelen jelszó." + +#: authentik/policies/password/models.py +#, python-brace-format +msgid "Password exists on {count} online lists." +msgstr "A jelszó {count} online listán létezik." + +#: authentik/policies/password/models.py +msgid "Password is too weak." +msgstr "A jelszó túl gyenge." + +#: authentik/policies/password/models.py +msgid "Password Policy" +msgstr "Jelszó szabályzat" + +#: authentik/policies/password/models.py +msgid "Password Policies" +msgstr "Jelszó házirendek" + +#: authentik/policies/reputation/api.py +msgid "Either IP or Username must be checked" +msgstr "Vagy az IP-t vagy a felhasználónevet ellenőrizni kell" + +#: authentik/policies/reputation/models.py +msgid "Reputation Policy" +msgstr "Hírnév szabályzat" + +#: authentik/policies/reputation/models.py +msgid "Reputation Policies" +msgstr "Hírnév szabályzatok" + +#: authentik/policies/reputation/models.py +msgid "Reputation Score" +msgstr "Hírnév pontszám" + +#: authentik/policies/reputation/models.py +msgid "Reputation Scores" +msgstr "Hírnév pontszámok" + +#: authentik/policies/templates/policies/denied.html +msgid "Permission denied" +msgstr "Engedély megtagadva" + +#: authentik/policies/templates/policies/denied.html +msgid "User's avatar" +msgstr "A felhasználó avatárja" + +#: authentik/policies/templates/policies/denied.html +msgid "Not you?" +msgstr "Nem maga?" + +#: authentik/policies/templates/policies/denied.html +msgid "Error" +msgstr "Hiba" + +#: authentik/policies/templates/policies/denied.html +msgid "Request has been denied." +msgstr "A kérés elutasítva." + +#: authentik/policies/templates/policies/denied.html +msgid "Messages:" +msgstr "Üzenetek:" + +#: authentik/policies/templates/policies/denied.html +msgid "Explanation:" +msgstr "Magyarázat:" + +#: authentik/policies/templates/policies/denied.html +#, python-format +msgid "" +"\n" +" Policy binding '%(name)s' returned result '%(result)s'\n" +" " +msgstr "" +"\n" +"'%(name)s' szabályzat összekötés '%(result)s' eredményt dobta vissza" + +#: authentik/policies/views.py +msgid "Failed to resolve application" +msgstr "Alkalmazásfeloldás megbukott" + +#: authentik/providers/ldap/models.py +msgid "DN under which objects are accessible." +msgstr "Elérhető az ezen objektum alatti DN." + +#: authentik/providers/ldap/models.py +msgid "" +"The start for uidNumbers, this number is added to the user.pk to make sure " +"that the numbers aren't too low for POSIX users. Default is 2000 to ensure " +"that we don't collide with local users uidNumber" +msgstr "" +"Az uidNumber-ek kezdete, ez a szám hozzáadódik a user.pk fájlhoz, hogy " +"megbizonyosodjon arról, hogy a számok nem túl alacsonyak a POSIX " +"felhasználók számára. Az alapértelmezett 2000 annak biztosítására, hogy ne " +"ütközzünk a helyi felhasználók uidNumber-eivel" + +#: authentik/providers/ldap/models.py +msgid "" +"The start for gidNumbers, this number is added to a number generated from " +"the group.pk to make sure that the numbers aren't too low for POSIX groups. " +"Default is 4000 to ensure that we don't collide with local groups or users " +"primary groups gidNumber" +msgstr "" +"A gidNumber-ek kezdete, ez a szám hozzáadódik a group.pk fájlból generált " +"számhoz, hogy megbizonyosodjon arról, hogy a számok nem túl alacsonyak a " +"POSIX csoportokhoz. Az alapértelmezett 4000 annak biztosítására, hogy ne " +"ütközzünk helyi csoportokkal vagy felhasználói elsődleges csoportok " +"gidNumber-eivel" + +#: authentik/providers/ldap/models.py authentik/providers/radius/models.py +msgid "" +"When enabled, code-based multi-factor authentication can be used by " +"appending a semicolon and the TOTP code to the password. This should only be" +" enabled if all users that will bind to this provider have a TOTP device " +"configured, as otherwise a password may incorrectly be rejected if it " +"contains a semicolon." +msgstr "" +"Amennyiben engedélyezve van, a kódalapú többfaktoros hitelesítés úgy valósul" +" meg, hogy jelszóhoz egy TOTP-kódot csatolunk. Ezt kizáólag abban az esetben" +" engedélyezzük, amennyiben az összes felhasználó - aki ehhez a " +"szolgáltatóhoz kötődik - rendelkezik beálíltott TOTP-eszközzel, mivel " +"ellenkező esetben a hitelesítés elutasításra kerülhet." + +#: authentik/providers/ldap/models.py +msgid "LDAP Provider" +msgstr "LDAP szolgáltató" + +#: authentik/providers/ldap/models.py +msgid "LDAP Providers" +msgstr "LDAP szolgáltatók" + +#: authentik/providers/ldap/models.py +msgid "Search full LDAP directory" +msgstr "Keressen az egész LDAP könyvtárban" + +#: authentik/providers/oauth2/api/providers.py +#, python-brace-format +msgid "Invalid Regex Pattern: {url}" +msgstr "Érvénytelen Regex minta: {url}" + +#: authentik/providers/oauth2/models.py +msgid "Confidential" +msgstr "Bizalmas" + +#: authentik/providers/oauth2/models.py +msgid "Public" +msgstr "Nyílvános" + +#: authentik/providers/oauth2/models.py +msgid "Same identifier is used for all providers" +msgstr "Minden szolgáltató használja ugyanazt az azonosítót." + +#: authentik/providers/oauth2/models.py +msgid "Each provider has a different issuer, based on the application slug." +msgstr "" +"Minden szolgáltatónak más-más kibocsátója van, az alkalmazás \"slug\" " +"alapján." + +#: authentik/providers/oauth2/models.py +msgid "Strict URL comparison" +msgstr "Szigorú URL összehasonlítás" + +#: authentik/providers/oauth2/models.py +msgid "Regular Expression URL matching" +msgstr "Reguláris Kifejezés URL összeillesztés" + +#: authentik/providers/oauth2/models.py +msgid "Authorization" +msgstr "Engedélyezés" + +#: authentik/providers/oauth2/models.py +msgid "Logout" +msgstr "Kijelentkezés" + +#: authentik/providers/oauth2/models.py +msgid "Back-channel" +msgstr "Háttér-kapcsolat" + +#: authentik/providers/oauth2/models.py +msgid "Front-channel" +msgstr "Előtéri csatorna" + +#: authentik/providers/oauth2/models.py +msgid "code (Authorization Code Flow)" +msgstr "code (Engedélyezési kód folyamat)" + +#: authentik/providers/oauth2/models.py +msgid "id_token (Implicit Flow)" +msgstr "id_token (Hallgatólagos folyamat)" + +#: authentik/providers/oauth2/models.py +msgid "id_token token (Implicit Flow)" +msgstr "id_token token (Hallgatólagos folymat)" + +#: authentik/providers/oauth2/models.py +msgid "code token (Hybrid Flow)" +msgstr "code token (Hibrid folyamat)" + +#: authentik/providers/oauth2/models.py +msgid "code id_token (Hybrid Flow)" +msgstr "code id_token (Hibrid folyamat)" + +#: authentik/providers/oauth2/models.py +msgid "code id_token token (Hybrid Flow)" +msgstr "code id_token token (Hibrid folyamat)" + +#: authentik/providers/oauth2/models.py +msgid "HS256 (Symmetric Encryption)" +msgstr "HS256 (Szimmetrikus titkosítás)" + +#: authentik/providers/oauth2/models.py +msgid "RS256 (Asymmetric Encryption)" +msgstr "RS256 (Asszimetrikus titkosítás)" + +#: authentik/providers/oauth2/models.py +msgid "ES256 (Asymmetric Encryption)" +msgstr "ES256 (Asszimetrikus titkosítás)" + +#: authentik/providers/oauth2/models.py +msgid "ES384 (Asymmetric Encryption)" +msgstr "ES384 (Szimmetrikus titkosítás)" + +#: authentik/providers/oauth2/models.py +msgid "ES512 (Asymmetric Encryption)" +msgstr "ES512 (Szimmetrikus titkosítás)" + +#: authentik/providers/oauth2/models.py +msgid "Scope used by the client" +msgstr "A kliens által használt hatáskör" + +#: authentik/providers/oauth2/models.py +msgid "" +"Description shown to the user when consenting. If left empty, the user won't" +" be informed." +msgstr "" +"A leírás amit a felhasználó hozzájárulásakor mutatunk meg. Ha üresen van " +"hagyva, a felhasználó nem lesz tájékoztatva." + +#: authentik/providers/oauth2/models.py +msgid "Scope Mapping" +msgstr "Hatáskör összerendelés" + +#: authentik/providers/oauth2/models.py +msgid "Scope Mappings" +msgstr "Hatáskör összerendelések" + +#: authentik/providers/oauth2/models.py +msgid "Client Type" +msgstr "Kliens típus" + +#: authentik/providers/oauth2/models.py +msgid "" +"Confidential clients are capable of maintaining the confidentiality of their" +" credentials. Public clients are incapable" +msgstr "" +"A bizalmas kliensek képesek a hitelesítő adataik bizalmasságát. Nyílt " +"kliensek nem képesek rá." + +#: authentik/providers/oauth2/models.py +msgid "Client ID" +msgstr "Kliens ID" + +#: authentik/providers/oauth2/models.py +msgid "Client Secret" +msgstr "Kliens titok" + +#: authentik/providers/oauth2/models.py +msgid "Redirect URIs" +msgstr "Átirányítási URI-k" + +#: authentik/providers/oauth2/models.py +msgid "Logout URI" +msgstr "Kijelentkezési URI" + +#: authentik/providers/oauth2/models.py +msgid "Logout Method" +msgstr "Kijelentkezési mód" + +#: authentik/providers/oauth2/models.py +msgid "" +"Backchannel logs out with server to server calls. Frontchannel uses iframes " +"in your browser" +msgstr "" +"A háttércsatorna a kiszolgáló között történő kommunikációval jelzi a " +"kijelentkezést. Az előtéri csatorna iframe-k segítségével kezeli ezt a " +"folyamatot." + +#: authentik/providers/oauth2/models.py +msgid "Include claims in id_token" +msgstr "Az id_token-ek tartalmazzák a claim-eket" + +#: authentik/providers/oauth2/models.py +msgid "" +"Include User claims from scopes in the id_token, for applications that don't" +" access the userinfo endpoint." +msgstr "" +"Az id_token-ek tartalmazzák a felhasználók hatásköri claim-jeiket, olyan " +"alkalmazásokhoz, amik nem érik el a userinfo endpoint-ot." + +#: authentik/providers/oauth2/models.py +msgid "" +"Access codes not valid on or after current time + this value (Format: " +"hours=1;minutes=2;seconds=3)." +msgstr "" +"A hozzáférési kódok nem érvényesek az aktuális időpontban vagy azt követően " +"+ ez az érték (Formátum: óra=1;perc=2;másodperc=3)." + +#: authentik/providers/oauth2/models.py +msgid "" +"Tokens not valid on or after current time + this value (Format: " +"hours=1;minutes=2;seconds=3)." +msgstr "" +"A tokenek nem érvényesek az aktuális időpontban vagy azt követően + ez az " +"érték (Formátum: óra=1;perc=2;másodperc=3)." + +#: authentik/providers/oauth2/models.py +msgid "" +"When refreshing a token, if the refresh token is valid for less than this " +"duration, it will be renewed. When set to seconds=0, token will always be " +"renewed. (Format: hours=1;minutes=2;seconds=3)." +msgstr "" +"Amikor frissít egy jogkivonatot, ha a frissítési jogkivonat érvényes " +"időtartama rövidebb, mint ez az időtartam, újra frissíti. Ha be van állítva " +"seconds=0, mindig frissíti a jogkivonatot. (Formátum: " +"hours=1;minutes=2;seconds=3)." + +#: authentik/providers/oauth2/models.py +msgid "" +"Configure what data should be used as unique User Identifier. For most " +"cases, the default should be fine." +msgstr "" +"Állítsa be milyen adatot kéne hsaználni az egyedi felhasználói azonosítónak." +" A legtöbb esetben az alapértelmezett rendben van." + +#: authentik/providers/oauth2/models.py +msgid "Configure how the issuer field of the ID Token should be filled." +msgstr "Állítsa be, hogy az ID Token kibocsátó mezője hogyan legyen kitöltve." + +#: authentik/providers/oauth2/models.py +msgid "Key used to sign the tokens." +msgstr "A kulcs, amit digitális aláírásra lesz használva." + +#: authentik/providers/oauth2/models.py +msgid "Encryption Key" +msgstr "Titkosító kulcs" + +#: authentik/providers/oauth2/models.py +msgid "" +"Key used to encrypt the tokens. When set, tokens will be encrypted and " +"returned as JWEs." +msgstr "" +"A kulcs, ami a token-ek titkosítására lesz használva. Mikor be van állítva, " +"a token-ek titkosítva lesznek és JWE-kként lesznek visszadobva." + +#: authentik/providers/oauth2/models.py +msgid "" +"Any JWT signed by the JWK of the selected source can be used to " +"authenticate." +msgstr "" +"Lehessen használni bejelentkeztetésre bármilyen kiválsztott forrás JWK-ja " +"által aláírt JWT-t." + +#: authentik/providers/oauth2/models.py +msgid "OAuth2/OpenID Provider" +msgstr "OAuth2/OpenID szolgáltató" + +#: authentik/providers/oauth2/models.py +msgid "OAuth2/OpenID Providers" +msgstr "OAuth2/OpenID szolgáltatók" + +#: authentik/providers/oauth2/models.py +msgid "Scopes" +msgstr "Hatáskörök" + +#: authentik/providers/oauth2/models.py +msgid "Code" +msgstr "Kód" + +#: authentik/providers/oauth2/models.py +msgid "Nonce" +msgstr "Semmi" + +#: authentik/providers/oauth2/models.py +msgid "Code Challenge" +msgstr "Kód kihívás" + +#: authentik/providers/oauth2/models.py +msgid "Code Challenge Method" +msgstr "Kód kihívási módszer" + +#: authentik/providers/oauth2/models.py +msgid "Authorization Code" +msgstr "Engedélyezési kód" + +#: authentik/providers/oauth2/models.py +msgid "Authorization Codes" +msgstr "Engedélyezési kódok" + +#: authentik/providers/oauth2/models.py +msgid "OAuth2 Access Token" +msgstr "OAuth2 hozzáférés token" + +#: authentik/providers/oauth2/models.py +msgid "OAuth2 Access Tokens" +msgstr "OAuth2 hozzáférés tokenek" + +#: authentik/providers/oauth2/models.py +msgid "ID Token" +msgstr "ID Token" + +#: authentik/providers/oauth2/models.py +msgid "OAuth2 Refresh Token" +msgstr "OAuth2 frissítési token" + +#: authentik/providers/oauth2/models.py +msgid "OAuth2 Refresh Tokens" +msgstr "OAuth2 frissítési token-ek" + +#: authentik/providers/oauth2/tasks.py +msgid "Send a back-channel logout request to the registered client" +msgstr "" +"Háttércsatornai kijelentkezési kérelem küldése a regisztrált ügyfélhez" + +#: authentik/providers/oauth2/tasks.py +msgid "Handle backchannel logout notifications dispatched via signal" +msgstr "" +"Kezelje a háttércsatornai kijelentkezési értesítéseket jelző jelek " +"segítségével" + +#: authentik/providers/oauth2/views/device_init.py +msgid "Invalid code" +msgstr "Érvénytelen kód" + +#: authentik/providers/oauth2/views/userinfo.py +msgid "GitHub Compatibility: Access your User Information" +msgstr "GitHub-kompatibilitás: hozzáférés felhasználói adataihoz" + +#: authentik/providers/oauth2/views/userinfo.py +msgid "GitHub Compatibility: Access you Email addresses" +msgstr "GitHub-kompatibilitás: hozzáférés email címeihez" + +#: authentik/providers/oauth2/views/userinfo.py +msgid "GitHub Compatibility: Access your Groups" +msgstr "GitHub-kompatibilitás: hozzáférés csoportjaihoz" + +#: authentik/providers/proxy/api.py +msgid "User and password attributes must be set when basic auth is enabled." +msgstr "" +"A felhasználói és jelszóattribútumokat be kell állítani, amennyiben a basic " +"auth hitelesítés engedélyezve van." + +#: authentik/providers/proxy/api.py +msgid "Internal host cannot be empty when forward auth is disabled." +msgstr "" +"A belső kiszolgáló nem lehet üres ha a hitelesítés továbbítás ki van " +"kapcsolva." + +#: authentik/providers/proxy/models.py +msgid "Proxy Session" +msgstr "Proxy-munkamenet" + +#: authentik/providers/proxy/models.py +msgid "Proxy Sessions" +msgstr "Proxy-munkamenetek" + +#: authentik/providers/proxy/models.py +msgid "Validate SSL Certificates of upstream servers" +msgstr "Az upstream kiszolgálók SSL tanúsítványának érvényesítése." + +#: authentik/providers/proxy/models.py +msgid "Internal host SSL Validation" +msgstr "Belső kiszolgáló SSL érvényesítése" + +#: authentik/providers/proxy/models.py +msgid "" +"Enable support for forwardAuth in traefik and nginx auth_request. Exclusive " +"with internal_host." +msgstr "" +"Hitelesítés továbbítás támogatás engedélyezése Traefik és nginx " +"auth_request-re. Kizárólag belső_koszolgáló-ra lehet használni." + +#: authentik/providers/proxy/models.py +msgid "" +"Regular expressions for which authentication is not required. Each new line " +"is interpreted as a new Regular Expression." +msgstr "" +"Reguláris Kifejezések, amikhez nincs szükség hitelesítésre. Minden új sor " +"egy új Reguláris Kifejezés." + +#: authentik/providers/proxy/models.py +msgid "" +"When enabled, this provider will intercept the authorization header and " +"authenticate requests based on its value." +msgstr "" +"Ha engedélyezve van, ez a szolgáltató elfogja az engedélyezési fejlécet, és " +"az értéke alapján hitelesíti a kéréseket." + +#: authentik/providers/proxy/models.py +msgid "Set HTTP-Basic Authentication" +msgstr "Állítsa be a HTTP-Basic hitelesítést." + +#: authentik/providers/proxy/models.py +msgid "" +"Set a custom HTTP-Basic Authentication header based on values from " +"authentik." +msgstr "" +"Állítson be egy egyedi HTTP-Basic hitelesítési fejlécet authentik-ből " +"szerzett érték alapján." + +#: authentik/providers/proxy/models.py +msgid "HTTP-Basic Username Key" +msgstr "HTTP-Basic felhasználó kulcs" + +#: authentik/providers/proxy/models.py +msgid "" +"User/Group Attribute used for the user part of the HTTP-Basic Header. If not" +" set, the user's Email address is used." +msgstr "" +"A HTTP-Basic fejlécének felhasználó részére használt Felasználó/Csoport " +"attribútum. Ha nincs beállítva, a felhasználó Email címe lesz használva." + +#: authentik/providers/proxy/models.py +msgid "HTTP-Basic Password Key" +msgstr "HTTP-Basic jelszó kulcs" + +#: authentik/providers/proxy/models.py +msgid "" +"User/Group Attribute used for the password part of the HTTP-Basic Header." +msgstr "" +"A HTTP-Basic fejlécének jelszó részére használt Felasználó/Csoport " +"attribútum." + +#: authentik/providers/proxy/models.py +msgid "Proxy Provider" +msgstr "Proxy szolgáltató" + +#: authentik/providers/proxy/models.py +msgid "Proxy Providers" +msgstr "Proxy szolgáltatók" + +#: authentik/providers/rac/models.py authentik/stages/user_login/models.py +msgid "" +"Determines how long a session lasts. Default of 0 means that the sessions " +"lasts until the browser is closed. (Format: hours=-1;minutes=-2;seconds=-3)" +msgstr "" +"Meghatározza, hogy a munkamenet mennyi ideig tart. Az alapértelmezett 0 azt " +"jelenti, hogy a munkamenet a böngésző bezárásáig tart. (Formátum: " +"óra=-1;perc=-2;másodperc=-3)" + +#: authentik/providers/rac/models.py +msgid "When set to true, connection tokens will be deleted upon disconnect." +msgstr "" +"Amikor true-ra van állítva, a kapcsolat token-jei törölve lesznek " +"szétkapcsoláskor." + +#: authentik/providers/rac/models.py +msgid "RAC Provider" +msgstr "RAC szolgáltató" + +#: authentik/providers/rac/models.py +msgid "RAC Providers" +msgstr "RAC szolgáltatók" + +#: authentik/providers/rac/models.py +msgid "RAC Endpoint" +msgstr "RAC végpont" + +#: authentik/providers/rac/models.py +msgid "RAC Endpoints" +msgstr "RAC végpontok" + +#: authentik/providers/rac/models.py +msgid "RAC Provider Property Mapping" +msgstr "RAC szolgáltató tulajdonság összerendelés" + +#: authentik/providers/rac/models.py +msgid "RAC Provider Property Mappings" +msgstr "RAC szolgáltató tulajdonság összerendelések" + +#: authentik/providers/rac/models.py +msgid "RAC Connection token" +msgstr "RAC Kapcsolat token" + +#: authentik/providers/rac/models.py +msgid "RAC Connection tokens" +msgstr "RAC Kapcsolat token-ek" + +#: authentik/providers/rac/views.py +msgid "Maximum connection limit reached." +msgstr "Elérte a maximális kapcsolódási limitet." + +#: authentik/providers/rac/views.py +msgid "(You are already connected in another tab/window)" +msgstr "(Már be van jelentkezve egy másik tab-ban/ablakban)" + +#: authentik/providers/radius/models.py +msgid "Shared secret between clients and server to hash packets." +msgstr "" +"Megosztott titok az ügyfelek és a kiszolgáló között a csomagok hash-elése " +"céljából." + +#: authentik/providers/radius/models.py +msgid "" +"List of CIDRs (comma-separated) that clients can connect from. A more " +"specific CIDR will match before a looser one. Clients connecting from a non-" +"specified CIDR will be dropped." +msgstr "" +"Azon CIDR-ek listája (vesszővel elválasztva), amelyekről az ügyfelek " +"csatlakozhatnak. Egy specifikusabb CIDR fog egyezni a lazább előtt. A nem " +"meghatározott CIDR-ről csatlakozó ügyfelek el lesznek vetve." + +#: authentik/providers/radius/models.py +msgid "Radius Provider" +msgstr "Radius szolgáltató" + +#: authentik/providers/radius/models.py +msgid "Radius Providers" +msgstr "Radius szolgáltatók" + +#: authentik/providers/radius/models.py +msgid "Radius Provider Property Mapping" +msgstr "Radius szolgáltató tulajdonság összerendelés" + +#: authentik/providers/radius/models.py +msgid "Radius Provider Property Mappings" +msgstr "Radius szolgáltató tulajdonság összerendelések" + +#: authentik/providers/saml/api/providers.py +msgid "" +"With a signing keypair selected, at least one of 'Sign assertion' and 'Sign " +"Response' must be selected." +msgstr "" +"Ha az aláíró kulcspárt kiválasztotta, akkor legalább az egyiket ki kell " +"jelölni az 'Állítás aláírása' és 'Válasz aláírása' közül." + +#: authentik/providers/saml/api/providers.py +msgid "Only RSA, EC, and DSA key types are supported for SAML signing." +msgstr "Csak RSA, EC és DSA kulcs típusok támogatottak a SAML aláírásra." + +#: authentik/providers/saml/api/providers.py +msgid "Invalid XML Syntax" +msgstr "Érvénytelen XML szintaxis." + +#: authentik/providers/saml/api/providers.py +#, python-brace-format +msgid "Failed to import Metadata: {messages}" +msgstr "Sikertelen Metadata beolvasás: {messages}" + +#: authentik/providers/saml/models.py +msgid "ACS URL" +msgstr "ACS URL" + +#: authentik/providers/saml/models.py +msgid "Service Provider Binding" +msgstr "Szolgáltatás szolgáltató kötés" + +#: authentik/providers/saml/models.py +msgid "" +"This determines how authentik sends the response back to the Service " +"Provider." +msgstr "" +"Ez határozza meg, hogy az authentik hogyan küldi vissza a választ a " +"szolgáltatás szolgáltatónak." + +#: authentik/providers/saml/models.py +msgid "" +"Value of the audience restriction field of the assertion. When left empty, " +"no audience restriction will be added." +msgstr "" +"Az állítás közönség korlátozás mezőjének értéke. Üresen hagyva nem lesz " +"közönségkorlátozás hozzáadva." + +#: authentik/providers/saml/models.py +msgid "" +"Also known as EntityID. Providing a value overrides the default issuer " +"generated by authentik." +msgstr "" +"Egyébként az EntitID. Egy érték megadása felülírja az authentik által " +"generált alapértelmezett kibocsátó értéket." + +#: authentik/providers/saml/models.py +msgid "SLS URL" +msgstr "SLS URL" + +#: authentik/providers/saml/models.py +msgid "Single Logout Service URL where the logout response should be sent." +msgstr "" +"Az egyesített kilépési szolgáltatás URL-je, ahol a kilépési választ " +"elküldeni kell." + +#: authentik/providers/saml/models.py +msgid "SLS Binding" +msgstr "SLS Binding" + +#: authentik/providers/saml/models.py +msgid "" +"This determines how authentik sends the logout response back to the Service " +"Provider." +msgstr "" +"Ez határozza meg, hogyan küldi el az authentik a kilépési választ vissza a " +"Szolgáltatónak." + +#: authentik/providers/saml/models.py +msgid "" +"Method to use for logout. Front-channel iframe loads all logout URLs " +"simultaneously in hidden iframes. Front-channel native uses your active " +"browser tab to send post requests and redirect to providers. Back-channel " +"sends logout requests directly from the server without user interaction " +"(requires POST SLS binding)." +msgstr "" +"A kilépéshez használandó módszer. A front-channel iframe minden kilépési " +"URL-t egyszerre betölti rejtett iframékben. A front-channel native használja" +" az aktív böngésző lapját a POST kérések küldéséhez és átirányításához a " +"szolgáltatókhoz. A back-channel közvetlenül a kiszolgálóról küldi el a " +"kilépési kérelmeket felhasználói interakció nélkül (a POST SLS binding " +"szükséges)." + +#: authentik/providers/saml/models.py +msgid "NameID Property Mapping" +msgstr "NameID tulajdonság összerendelés" + +#: authentik/providers/saml/models.py +msgid "" +"Configure how the NameID value will be created. When left empty, the " +"NameIDPolicy of the incoming request will be considered" +msgstr "" +"Állítsa be a NameID érték létrehozásának módját. Ha üresen hagyja, a " +"rendszer figyelembe veszi a bejövő kérés NameID szabályzatát." + +#: authentik/providers/saml/models.py +msgid "AuthnContextClassRef Property Mapping" +msgstr "AuthnContextClassRef tulajdonság-hozzárendelés" + +#: authentik/providers/saml/models.py +msgid "" +"Configure how the AuthnContextClassRef value will be created. When left " +"empty, the AuthnContextClassRef will be set based on which authentication " +"methods the user used to authenticate." +msgstr "" +"Konfigurálja, hogyan lesz létrehozva az AuthnContextClassRef érték. Ha " +"üresen hagyják, az authentik alapértelmezett beállítások szerint állítja be " +"az AuthnContextClassRef-ot a felhasználó által használt hitelesítési " +"módszerek alapján." + +#: authentik/providers/saml/models.py +msgid "" +"Assertion valid not before current time + this value (Format: " +"hours=-1;minutes=-2;seconds=-3)." +msgstr "" +"Az állítás érvénytelen a mostani idő + ezen érték előtt. (Formátum: " +"óra=-1;perc=-2;másodperc=-3)." + +#: authentik/providers/saml/models.py +msgid "" +"Assertion not valid on or after current time + this value (Format: " +"hours=1;minutes=2;seconds=3)." +msgstr "" +"Az állítás érvénytelen a mostani idő + ezen értéken vagy utána. (Formátum: " +"óra=-1;perc=-2;másodperc=-3)." + +#: authentik/providers/saml/models.py +msgid "" +"Session not valid on or after current time + this value (Format: " +"hours=1;minutes=2;seconds=3)." +msgstr "" +"Az munkamenet érvénytelen a mostani idő + ezen értéken vagy utána. " +"(Formátum: óra=-1;perc=-2;másodperc=-3)." + +#: authentik/providers/saml/models.py authentik/sources/saml/models.py +msgid "SHA1" +msgstr "SHA1" + +#: authentik/providers/saml/models.py authentik/sources/saml/models.py +msgid "SHA256" +msgstr "SHA256" + +#: authentik/providers/saml/models.py authentik/sources/saml/models.py +msgid "SHA384" +msgstr "SHA384" + +#: authentik/providers/saml/models.py authentik/sources/saml/models.py +msgid "SHA512" +msgstr "SHA512" + +#: authentik/providers/saml/models.py authentik/sources/saml/models.py +msgid "RSA-SHA1" +msgstr "RSA-SHA1" + +#: authentik/providers/saml/models.py authentik/sources/saml/models.py +msgid "RSA-SHA256" +msgstr "RSA-SHA256" + +#: authentik/providers/saml/models.py authentik/sources/saml/models.py +msgid "RSA-SHA384" +msgstr "RSA-SHA384" + +#: authentik/providers/saml/models.py authentik/sources/saml/models.py +msgid "RSA-SHA512" +msgstr "RSA-SHA512" + +#: authentik/providers/saml/models.py authentik/sources/saml/models.py +msgid "ECDSA-SHA1" +msgstr "ECDSA-SHA1" + +#: authentik/providers/saml/models.py authentik/sources/saml/models.py +msgid "ECDSA-SHA256" +msgstr "ECDSA-SHA256" + +#: authentik/providers/saml/models.py authentik/sources/saml/models.py +msgid "ECDSA-SHA384" +msgstr "ECDSA-SHA384" + +#: authentik/providers/saml/models.py authentik/sources/saml/models.py +msgid "ECDSA-SHA512" +msgstr "ECDSA-SHA512" + +#: authentik/providers/saml/models.py authentik/sources/saml/models.py +msgid "DSA-SHA1" +msgstr "DSA-SHA1" + +#: authentik/providers/saml/models.py authentik/sources/saml/models.py +msgid "" +"When selected, incoming assertion's Signatures will be validated against " +"this certificate. To allow unsigned Requests, leave on default." +msgstr "" +"Kiválasztva, bejövő állítások aláírásainak érvényességét ezzel a " +"tanúsítvánnyal ellenőrizzük. Aláíratlan kérések engedélyezésére hagyja " +"üresen." + +#: authentik/providers/saml/models.py authentik/sources/saml/models.py +msgid "Verification Certificate" +msgstr "Hitelesítő Tanusítvány" + +#: authentik/providers/saml/models.py +msgid "Keypair used to sign outgoing Responses going to the Service Provider." +msgstr "" +"Kulcspár a szolgáltatás szolgáltatóhoz érkezett kimenő válaszok aláírására " +"szolgál." + +#: authentik/providers/saml/models.py authentik/sources/saml/models.py +msgid "Signing Keypair" +msgstr "Aláíró kulcspár" + +#: authentik/providers/saml/models.py authentik/sources/saml/models.py +msgid "" +"When selected, incoming assertions are encrypted by the IdP using the public" +" key of the encryption keypair. The assertion is decrypted by the SP using " +"the the private key." +msgstr "" +"Kiválasztva, a bejövő állításokat az IDP ezen kulcspár nyílvános kulcsával " +"fogja titkosítani. Az állítást az SP a privát kulccsal oldja fel." + +#: authentik/providers/saml/models.py authentik/sources/saml/models.py +msgid "Encryption Keypair" +msgstr "Titkosító kulcspár" + +#: authentik/providers/saml/models.py +msgid "Default relay_state value for IDP-initiated logins" +msgstr "" +"Alapértelmezett relay_state érték IDP által kedzeményezett bejelentkezésre." + +#: authentik/providers/saml/models.py +msgid "SAML Provider" +msgstr "SAML szolgáltató" + +#: authentik/providers/saml/models.py +msgid "SAML Providers" +msgstr "SAML szolgáltatók" + +#: authentik/providers/saml/models.py +msgid "SAML Provider Property Mapping" +msgstr "SAML szolgáltató tulajdonság összerendelés" + +#: authentik/providers/saml/models.py +msgid "SAML Provider Property Mappings" +msgstr "SAML szolgáltató tulajdonság összerendelések" + +#: authentik/providers/saml/models.py +msgid "SAML Provider from Metadata" +msgstr "SAML szolgáltató Metaadatokból" + +#: authentik/providers/saml/models.py +msgid "SAML Providers from Metadata" +msgstr "SAML szolgáltatók Metaadatokból" + +#: authentik/providers/saml/models.py +msgid "Link to the user's authenticated session" +msgstr "A felhasználó hitelesített munkamenetéhez tartozó hivatkozás" + +#: authentik/providers/saml/models.py +msgid "SAML SessionIndex for this session" +msgstr "Ez a munkamenetre vonatkozó SAML SessionIndex" + +#: authentik/providers/saml/models.py +msgid "SAML NameID value for this session" +msgstr "Ez a munkamenetre vonatkozó SAML NameID érték" + +#: authentik/providers/saml/models.py +msgid "SAML NameID format" +msgstr "SAML NameID formátum" + +#: authentik/providers/saml/models.py +msgid "SAML Issuer used for this session" +msgstr "Ez a SAML szolgáltató, amelyet ezen a munkameneten használnak" + +#: authentik/providers/saml/models.py +msgid "SAML Session" +msgstr "SAML munkamenet" + +#: authentik/providers/saml/models.py +msgid "SAML Sessions" +msgstr "SAML munkamenetek" + +#: authentik/providers/scim/models.py +msgid "OAuth (Silent)" +msgstr "OAuth (titkos)" + +#: authentik/providers/scim/models.py +msgid "OAuth (interactive)" +msgstr "OAuth (interaktív)" + +#: authentik/providers/scim/models.py +msgid "Default" +msgstr "Alapértelmezett" + +#: authentik/providers/scim/models.py +msgid "AWS" +msgstr "AWS" + +#: authentik/providers/scim/models.py +msgid "Slack" +msgstr "Slack" + +#: authentik/providers/scim/models.py +msgid "Salesforce" +msgstr "Salesforce" + +#: authentik/providers/scim/models.py +msgid "Webex" +msgstr "Webex" + +#: authentik/providers/scim/models.py +msgid "vCenter" +msgstr "vCenter" + +#: authentik/providers/scim/models.py +msgid "Group filters used to define sync-scope for groups." +msgstr "" +"Csoport szűrők, amelyeket csoportok szinkronizálási körét definiálnak." + +#: authentik/providers/scim/models.py +msgid "Base URL to SCIM requests, usually ends in /v2" +msgstr "Alap URL a SCIM-kérelmekhez, általában végződik /v2-re" + +#: authentik/providers/scim/models.py +msgid "Authentication token" +msgstr "Hitelesítési token" + +#: authentik/providers/scim/models.py +msgid "OAuth Source used for authentication" +msgstr "OAuth forrás, ami azonosításhoz használt" + +#: authentik/providers/scim/models.py +msgid "Additional OAuth parameters, such as grant_type" +msgstr "További OAuth paraméterek, például grant_type" + +#: authentik/providers/scim/models.py +msgid "SCIM Compatibility Mode" +msgstr "SCIM kompatibilitási mód" + +#: authentik/providers/scim/models.py +msgid "Alter authentik behavior for vendor-specific SCIM implementations." +msgstr "" +"Vendortípusonkénti SCIM implementációkhoz tartozó authentik viselkedés " +"módosítása." + +#: authentik/providers/scim/models.py +msgid "" +"Cache duration for ServiceProviderConfig responses. Set minutes=0 to " +"disable." +msgstr "" +"ServiceProviderConfig válaszok gyorsítótár-időtartama. A letiltás érdekében " +"beállítsa a minutes=0 értéket." + +#: authentik/providers/scim/models.py +msgid "SCIM Provider" +msgstr "SCIM szolgáltató" + +#: authentik/providers/scim/models.py +msgid "SCIM Providers" +msgstr "SCIM szolgáltatók" + +#: authentik/providers/scim/models.py +msgid "SCIM Provider Mapping" +msgstr "SCIM szolgáltató összerendelés" + +#: authentik/providers/scim/models.py +msgid "SCIM Provider Mappings" +msgstr "SCIM szolgáltató összerendelések" + +#: authentik/providers/scim/tasks.py +msgid "Sync SCIM provider objects." +msgstr "SCIM szolgáltató objektumainak szinkronizálása." + +#: authentik/providers/scim/tasks.py +msgid "Full sync for SCIM provider." +msgstr "Teljes SCIM szolgáltató szinkronizálása." + +#: authentik/providers/scim/tasks.py +msgid "Sync a direct object (user, group) for SCIM provider." +msgstr "" +"Egy közvetlen objektum (felhasználó, csoport) szinkronizálása a SCIM " +"szolgáltatóhoz." + +#: authentik/providers/scim/tasks.py +msgid "Dispatch syncs for a direct object (user, group) for SCIM providers." +msgstr "" +"Egy közvetlen objektum (felhasználó, csoport) szinkronizálásának elindítása " +"a SCIM szolgáltatókhoz." + +#: authentik/providers/scim/tasks.py +msgid "Delete an object (user, group) for SCIM provider." +msgstr "Az objektum (felhasználó, csoport) törlése a SCIM szolgáltatótól." + +#: authentik/providers/scim/tasks.py +msgid "Dispatch deletions for an object (user, group) for SCIM providers." +msgstr "" +"Egy objektum (felhasználó, csoport) törlésének elindítása a SCIM " +"szolgáltatókhoz." + +#: authentik/providers/scim/tasks.py +msgid "Sync a related object (memberships) for SCIM provider." +msgstr "" +"A kapcsolódó objektum (tagságok) szinkronizálása a SCIM szolgáltatótól." + +#: authentik/providers/scim/tasks.py +msgid "Dispatch syncs for a related object (memberships) for SCIM providers." +msgstr "" +"Egy kapcsolódó objektum (tagságok) szinkronizálásának elindítása a SCIM " +"szolgáltatókhoz." + +#: authentik/rbac/models.py +msgid "Role" +msgstr "Szerepkör" + +#: authentik/rbac/models.py +msgid "Roles" +msgstr "Szerepkörök" + +#: authentik/rbac/models.py +msgid "Can assign permissions to roles" +msgstr "Jogosultságokat rendelhet hozzá szerepkörekhöz" + +#: authentik/rbac/models.py +msgid "Can unassign permissions from roles" +msgstr "Távolíthat el jogosultságokat szerepkörektől" + +#: authentik/rbac/models.py +msgid "Initial Permissions" +msgstr "Kezdeti jogosultságok" + +#: authentik/rbac/models.py +msgid "System permission" +msgstr "Rendszerjogosultság" + +#: authentik/rbac/models.py +msgid "System permissions" +msgstr "Rendszerjogosultságok" + +#: authentik/rbac/models.py +msgid "Can view system info" +msgstr "Létező rendszerek információinak megtekintése" + +#: authentik/rbac/models.py +msgid "Can access admin interface" +msgstr "Hozzáférhet a rendszergazdai felülethez" + +#: authentik/rbac/models.py +msgid "Can view system settings" +msgstr "Megnézheti a rendszerszintű beállításokat" + +#: authentik/rbac/models.py +msgid "Can edit system settings" +msgstr "Rendszerebeállítások szerkesztése lehetséges" + +#: authentik/rbac/models.py +msgid "Can view media files" +msgstr "Médiafájlok megtekintése lehetséges" + +#: authentik/rbac/models.py +msgid "Can manage media files" +msgstr "Médiafájlok kezelése lehetséges" + +#: authentik/recovery/management/commands/create_admin_group.py +msgid "Create admin group if the default group gets deleted." +msgstr "" +"Az alapértelmezett csoport törlésére kerül, akkor hozzon létre egy admin-" +"csoportot." + +#: authentik/recovery/management/commands/create_recovery_key.py +msgid "Create a Key which can be used to restore access to authentik." +msgstr "" +"Hozzon létre egy kulcsot, amelyet használhat a hozzáférés visszaállításához " +"authentik-nak." + +#: authentik/recovery/views.py +msgid "Used recovery-link to authenticate." +msgstr "A recovery-link használatával való hitelesítéshez." + +#: authentik/sources/kerberos/models.py +msgid "Kerberos realm" +msgstr "Kerberos világ" + +#: authentik/sources/kerberos/models.py +msgid "Custom krb5.conf to use. Uses the system one by default" +msgstr "" +"Egyéni krb5.conf fájl a használathoz. Alapértelmezés szerint a rendszeriatot" +" használja." + +#: authentik/sources/kerberos/models.py +msgid "KAdmin server type" +msgstr "KAdmin kiszolgáló típusa" + +#: authentik/sources/kerberos/models.py +msgid "Sync users from Kerberos into authentik" +msgstr "Synchronizáljon felhasználókat Kerberostól authentik-be" + +#: authentik/sources/kerberos/models.py +msgid "When a user changes their password, sync it back to Kerberos" +msgstr "" +"Amikor a felhasználó megváltoztatja a jelszavát, szinkronizálja vissza a " +"Kerberoshez." + +#: authentik/sources/kerberos/models.py +msgid "Principal to authenticate to kadmin for sync." +msgstr "A kadmin-szel való hitelesítéshez használandó principal." + +#: authentik/sources/kerberos/models.py +msgid "Password to authenticate to kadmin for sync" +msgstr "A kadmin-szel való hitelesítéshez használandó jelszó." + +#: authentik/sources/kerberos/models.py +msgid "" +"Keytab to authenticate to kadmin for sync. Must be base64-encoded or in the " +"form TYPE:residual" +msgstr "" +"A kadmin-szel való hitelesítéshez használandó keytab. Base64-kódolva kell " +"lennie vagy a TYPE:residual formában kell megadni." + +#: authentik/sources/kerberos/models.py +msgid "" +"Credentials cache to authenticate to kadmin for sync. Must be in the form " +"TYPE:residual" +msgstr "" +"A kadmin-szel való hitelesítéshez használandó hitelesítői gyűjtemény. A " +"TYPE:residual formában kell megadni." + +#: authentik/sources/kerberos/models.py +msgid "" +"Force the use of a specific server name for SPNEGO. Must be in the form " +"HTTP@hostname" +msgstr "" +"Szükséges, ha egy konkrét szervernevet szeretnénk használni a SPNEGO-hez. " +"HTTP@hostname formában kell megadni." + +#: authentik/sources/kerberos/models.py +msgid "SPNEGO keytab base64-encoded or path to keytab in the form FILE:path" +msgstr "" +"A SPNEGO-hez használandó keytab base64-kódolva vagy FILE:path formájú " +"elérési út." + +#: authentik/sources/kerberos/models.py +msgid "Credential cache to use for SPNEGO in form type:residual" +msgstr "" +"A SPNEGO-hez használandó hitelesítői gyűjtemény type:residual formában kell " +"megadni." + +#: authentik/sources/kerberos/models.py +msgid "" +"If enabled, the authentik-stored password will be updated upon login with " +"the Kerberos password backend" +msgstr "" +"Ha engedélyezve van, a bejelentkezéskor frissíti az authentik-beli tárolt " +"jelszót a Kerberos hitelesítési háttérrel." + +#: authentik/sources/kerberos/models.py +msgid "Kerberos Source" +msgstr "Kerberos forrás" + +#: authentik/sources/kerberos/models.py +msgid "Kerberos Sources" +msgstr "Kerberos források" + +#: authentik/sources/kerberos/models.py +msgid "Kerberos Source Property Mapping" +msgstr "Kerberos forrási tulajdonság-hozzárendelés" + +#: authentik/sources/kerberos/models.py +msgid "Kerberos Source Property Mappings" +msgstr "Kerberos forráshiányzatok tulajdonság-hozzárendelései" + +#: authentik/sources/kerberos/models.py +msgid "User Kerberos Source Connection" +msgstr "Felhasználói Kerberos forrás-összekötés" + +#: authentik/sources/kerberos/models.py +msgid "User Kerberos Source Connections" +msgstr "Felhasználói Kerberos forrás-összekötések" + +#: authentik/sources/kerberos/models.py +msgid "Group Kerberos Source Connection" +msgstr "Csoport Kerberos forrás-összekötés" + +#: authentik/sources/kerberos/models.py +msgid "Group Kerberos Source Connections" +msgstr "Csoport Kerberos forrás-összekötések" + +#: authentik/sources/kerberos/tasks.py +msgid "Check connectivity for Kerberos sources." +msgstr "Kerberos források kapcsolatellenőrzése." + +#: authentik/sources/kerberos/tasks.py +msgid "Sync Kerberos source." +msgstr "Kerberos forrás szinkronizálása." + +#: authentik/sources/kerberos/views.py +msgid "SPNEGO authentication required" +msgstr "SPNEGO hitelesítés szükséges" + +#: authentik/sources/kerberos/views.py +msgid "" +"\n" +" Make sure you have valid tickets (obtainable via kinit)\n" +" and configured the browser correctly.\n" +" Please contact your administrator.\n" +" " +msgstr "" +"\n" +" Győződjön meg róla, hogy érvényes tanúsítványokkal rendelkezik (az kinit segítségével szerezhetőek be)\n" +" és helyesen konfigurálta a böngészőt.\n" +" Kérjük, forduljon az adminisztrátorhoz.\n" +" " + +#: authentik/sources/ldap/api/sources.py +msgid "Only a single LDAP Source with password synchronization is allowed" +msgstr "" +"Csak egy LDAP forrással lehet rendelkezni jelszó-szinkronizálás esetén." + +#: authentik/sources/ldap/models.py +msgid "Server URI" +msgstr "Kiszolgálói URI" + +#: authentik/sources/ldap/models.py +msgid "" +"Optionally verify the LDAP Server's Certificate against the CA Chain in this" +" keypair." +msgstr "" +"Beállíthatja a tanúsítvány ellenőrzést az LDAP-kiszolgálón lévő " +"tanúsítványhoz e tanúsítványláncban." + +#: authentik/sources/ldap/models.py +msgid "" +"Client certificate to authenticate against the LDAP Server's Certificate." +msgstr "A kliens-tanúsítvány az LDAP-kiszolgálóval való hitelesítéshez." + +#: authentik/sources/ldap/models.py +msgid "Bind CN" +msgstr "Csatlakozási CN" + +#: authentik/sources/ldap/models.py +msgid "Enable Start TLS" +msgstr "Start TLS engedélyezése" + +#: authentik/sources/ldap/models.py +msgid "Use Server URI for SNI verification" +msgstr "Az URI használata a SNI ellenőrzéshez" + +#: authentik/sources/ldap/models.py +msgid "Base DN" +msgstr "Alap DN" + +#: authentik/sources/ldap/models.py +msgid "Prepended to Base DN for User-queries." +msgstr "A felhasználók lekérdezéséhez hozzáadott előtag az Alap DN-hez." + +#: authentik/sources/ldap/models.py +msgid "Addition User DN" +msgstr "Bővítményes Felhasználó DN" + +#: authentik/sources/ldap/models.py +msgid "Prepended to Base DN for Group-queries." +msgstr "A Group-queries alapján hozzáadott Base DN előtag." + +#: authentik/sources/ldap/models.py +msgid "Addition Group DN" +msgstr "Bővítményes Csoport DN" + +#: authentik/sources/ldap/models.py +msgid "Consider Objects matching this filter to be Users." +msgstr "Ehhez a szűrőhöz illeszkedő objektumokat felhasználókké tekinteni." + +#: authentik/sources/ldap/models.py +msgid "Attribute which matches the value of `group_membership_field`." +msgstr "Attribútum, amely az `group_membership_field` értékét illeszt meg." + +#: authentik/sources/ldap/models.py +msgid "Field which contains members of a group." +msgstr "Az adott csoport tagjait tartalmazó mező." + +#: authentik/sources/ldap/models.py +msgid "Consider Objects matching this filter to be Groups." +msgstr "Ehhez a szűrőhöz illeszkedő objektumokat csoportoknak tekinteni." + +#: authentik/sources/ldap/models.py +msgid "Field which contains a unique Identifier." +msgstr "Egyedi azonosítót tartalmazó mező." + +#: authentik/sources/ldap/models.py +msgid "Update internal authentik password when login succeeds with LDAP" +msgstr "" +"A bejelentkezés sikeres LDAP-val után frissíti a belső authentik jelszót" + +#: authentik/sources/ldap/models.py +msgid "" +"When a user changes their password, sync it back to LDAP. This can only be " +"enabled on a single LDAP source." +msgstr "" +"Amikor egy felhasználó megváltoztatja a jelszavát, szinkronizálja azt vissza" +" az LDAP-ba. Ez csak egyetlen LDAP-forráson engedélyezhető." + +#: authentik/sources/ldap/models.py +msgid "" +"Lookup group membership based on a user attribute instead of a group " +"attribute. This allows nested group resolution on systems like FreeIPA and " +"Active Directory" +msgstr "" +"Csoporttagságokat felhasználói attribútum alapján keres, nem " +"csoportattribútummal. Ez lehetővé teszi a FreeIPA és az Active Directory " +"rendszerekben a beágyazott csoportok megoldását" + +#: authentik/sources/ldap/models.py +msgid "" +"Delete authentik users and groups which were previously supplied by this " +"source, but are now missing from it." +msgstr "" +"Törli az authentik felhasználókat és csoportokat, amelyek korábban ezen " +"forrásból származtak, de most már nincsenek benne." + +#: authentik/sources/ldap/models.py +msgid "N/A" +msgstr "N/A" + +#: authentik/sources/ldap/models.py +msgid "LDAP Source" +msgstr "LDAP Forrás" + +#: authentik/sources/ldap/models.py +msgid "LDAP Sources" +msgstr "LDAP Források" + +#: authentik/sources/ldap/models.py +msgid "LDAP Source Property Mapping" +msgstr "LDAP Forrás tulajdonság-hozzárendelés" + +#: authentik/sources/ldap/models.py +msgid "LDAP Source Property Mappings" +msgstr "LDAP Forrás tulajdonság-hozzárendelések" + +#: authentik/sources/ldap/models.py +msgid "" +"Unique ID used while checking if this object still exists in the directory." +msgstr "" +"Egyedik azonosító, amelyet a rendszer használ arra, hogy ellenőrizze, " +"létezik-e még ez az objektum a katalógusban." + +#: authentik/sources/ldap/models.py +msgid "User LDAP Source Connection" +msgstr "Felhasználói LDAP forrás-kapcsolat" + +#: authentik/sources/ldap/models.py +msgid "User LDAP Source Connections" +msgstr "Felhasználói LDAP forrás-kapcsolatok" + +#: authentik/sources/ldap/models.py +msgid "Group LDAP Source Connection" +msgstr "Csoport LDAP forrás-kapcsolat" + +#: authentik/sources/ldap/models.py +msgid "Group LDAP Source Connections" +msgstr "Csoport LDAP forrás-kapcsolatok" + +#: authentik/sources/ldap/signals.py +msgid "Password does not match Active Directory Complexity." +msgstr "" +"A jelszó nem felel meg az Active Directory bonyolultsági követelményeinek." + +#: authentik/sources/ldap/tasks.py +msgid "Check connectivity for LDAP source." +msgstr "A LDAP forráshoz kapcsolódási teszt." + +#: authentik/sources/ldap/tasks.py +msgid "Sync LDAP source." +msgstr "LDAP forrás szinkronizálása." + +#: authentik/sources/ldap/tasks.py +msgid "Sync page for LDAP source." +msgstr "LDAP forrás szinkronizálási oldal." + +#: authentik/sources/oauth/clients/oauth2.py +msgid "No token received." +msgstr "Nincs token megkapva." + +#: authentik/sources/oauth/models.py +msgid "HTTP Basic Authentication" +msgstr "HTTP Basic hitelesítés" + +#: authentik/sources/oauth/models.py +msgid "Include the client ID and secret as request parameters" +msgstr "" +"Az ügyfélazonosító és titkos kulcs belefoglalása a kérés paramétereiként" + +#: authentik/sources/oauth/models.py +msgid "No PKCE" +msgstr "Nincs PKCE" + +#: authentik/sources/oauth/models.py +msgid "Plain" +msgstr "Egyszerű" + +#: authentik/sources/oauth/models.py +msgid "S256" +msgstr "S256" + +#: authentik/sources/oauth/models.py +msgid "Request Token URL" +msgstr "Token-kérést küldő URL-cím" + +#: authentik/sources/oauth/models.py +msgid "" +"URL used to request the initial token. This URL is only required for OAuth " +"1." +msgstr "" +"Az inicializáló token kérése érdekében használt URL-cím. Ez az URL csak a " +"OAuth 1 esetén szükséges." + +#: authentik/sources/oauth/models.py +msgid "Authorization URL" +msgstr "Engedélyezési URL-cím" + +#: authentik/sources/oauth/models.py +msgid "URL the user is redirect to to conest the flow." +msgstr "" +"A felhasználót átirányító URL, amelyre a folyamat engedélyezése érdekében " +"navigálnia kell." + +#: authentik/sources/oauth/models.py +msgid "Access Token URL" +msgstr "Hozzáférési token URL-címe" + +#: authentik/sources/oauth/models.py +msgid "URL used by authentik to retrieve tokens." +msgstr "Az authentik hozzáférési tokent beszerzéséhez használt URL-cím." + +#: authentik/sources/oauth/models.py +msgid "Profile URL" +msgstr "Profil URL-címe" + +#: authentik/sources/oauth/models.py +msgid "URL used by authentik to get user information." +msgstr "Az authentik felhasználói információk beszerzéséhez használt URL-cím." + +#: authentik/sources/oauth/models.py +msgid "Additional Scopes" +msgstr "További környezeti hatókörök" + +#: authentik/sources/oauth/models.py +msgid "PKCE" +msgstr "PKCE" + +#: authentik/sources/oauth/models.py +msgid "" +"How to perform authentication during an authorization_code token request " +"flow" +msgstr "" +"Hogyan hajthat végre azonosítást egy authorization_code token kéréssel járó " +"folyamatra" + +#: authentik/sources/oauth/models.py +msgid "OAuth Source" +msgstr "OAuth forrás" + +#: authentik/sources/oauth/models.py +msgid "OAuth Sources" +msgstr "OAuth források" + +#: authentik/sources/oauth/models.py +msgid "GitHub OAuth Source" +msgstr "GitHub OAuth forrás" + +#: authentik/sources/oauth/models.py +msgid "GitHub OAuth Sources" +msgstr "GitHub OAuth források" + +#: authentik/sources/oauth/models.py +msgid "GitLab OAuth Source" +msgstr "GitLab OAuth forrás" + +#: authentik/sources/oauth/models.py +msgid "GitLab OAuth Sources" +msgstr "GitLab OAuth források" + +#: authentik/sources/oauth/models.py +msgid "Twitch OAuth Source" +msgstr "Twitch OAuth forrás" + +#: authentik/sources/oauth/models.py +msgid "Twitch OAuth Sources" +msgstr "Twitch OAuth források" + +#: authentik/sources/oauth/models.py +msgid "Mailcow OAuth Source" +msgstr "Mailcow OAuth forrás" + +#: authentik/sources/oauth/models.py +msgid "Mailcow OAuth Sources" +msgstr "Mailcow OAuth források" + +#: authentik/sources/oauth/models.py +msgid "Twitter OAuth Source" +msgstr "Twitter OAuth forrás" + +#: authentik/sources/oauth/models.py +msgid "Twitter OAuth Sources" +msgstr "Twitter OAuth források" + +#: authentik/sources/oauth/models.py +msgid "Facebook OAuth Source" +msgstr "Facebook OAuth forrás" + +#: authentik/sources/oauth/models.py +msgid "Facebook OAuth Sources" +msgstr "Facebook OAuth források" + +#: authentik/sources/oauth/models.py +msgid "Discord OAuth Source" +msgstr "Discord OAuth forrás" + +#: authentik/sources/oauth/models.py +msgid "Discord OAuth Sources" +msgstr "Discord OAuth források" + +#: authentik/sources/oauth/models.py +msgid "Slack OAuth Source" +msgstr "Slack OAuth forrás" + +#: authentik/sources/oauth/models.py +msgid "Slack OAuth Sources" +msgstr "Slack OAuth források" + +#: authentik/sources/oauth/models.py +msgid "Patreon OAuth Source" +msgstr "Patreon OAuth forrás" + +#: authentik/sources/oauth/models.py +msgid "Patreon OAuth Sources" +msgstr "Patreon OAuth források" + +#: authentik/sources/oauth/models.py +msgid "Google OAuth Source" +msgstr "Google OAuth forrás" + +#: authentik/sources/oauth/models.py +msgid "Google OAuth Sources" +msgstr "Google OAuth források" + +#: authentik/sources/oauth/models.py +msgid "Azure AD OAuth Source" +msgstr "Azure AD OAuth forrás" + +#: authentik/sources/oauth/models.py +msgid "Azure AD OAuth Sources" +msgstr "Azure AD OAuth források" + +#: authentik/sources/oauth/models.py +msgid "Entra ID OAuth Source" +msgstr "Entra ID OAuth forrás" + +#: authentik/sources/oauth/models.py +msgid "Entra ID OAuth Sources" +msgstr "Entra ID OAuth források" + +#: authentik/sources/oauth/models.py +msgid "OpenID OAuth Source" +msgstr "OpenID OAuth forrás" + +#: authentik/sources/oauth/models.py +msgid "OpenID OAuth Sources" +msgstr "OpenID OAuth források" + +#: authentik/sources/oauth/models.py +msgid "Apple OAuth Source" +msgstr "Apple OAuth forrás" + +#: authentik/sources/oauth/models.py +msgid "Apple OAuth Sources" +msgstr "Apple OAuth források" + +#: authentik/sources/oauth/models.py +msgid "Okta OAuth Source" +msgstr "Okta OAuth forrás" + +#: authentik/sources/oauth/models.py +msgid "Okta OAuth Sources" +msgstr "Okta OAuth források" + +#: authentik/sources/oauth/models.py +msgid "Reddit OAuth Source" +msgstr "Reddit OAuth forrás" + +#: authentik/sources/oauth/models.py +msgid "Reddit OAuth Sources" +msgstr "Reddit OAuth források" + +#: authentik/sources/oauth/models.py +msgid "WeChat OAuth Source" +msgstr "WeChat OAuth forrás" + +#: authentik/sources/oauth/models.py +msgid "WeChat OAuth Sources" +msgstr "WeChat OAuth források" + +#: authentik/sources/oauth/models.py +msgid "OAuth Source Property Mapping" +msgstr "OAuth forrás tulajdonságok ábrázolása" + +#: authentik/sources/oauth/models.py +msgid "OAuth Source Property Mappings" +msgstr "OAuth forrás tulajdonságok ábrázolásai" + +#: authentik/sources/oauth/models.py +msgid "User OAuth Source Connection" +msgstr "Felhasználói OAuth forráskapcsolat" + +#: authentik/sources/oauth/models.py +msgid "User OAuth Source Connections" +msgstr "Felhasználói OAuth forrás-kapcsolatok" + +#: authentik/sources/oauth/models.py +msgid "Group OAuth Source Connection" +msgstr "Csoport OAuth forrás-kapcsolat" + +#: authentik/sources/oauth/models.py +msgid "Group OAuth Source Connections" +msgstr "Csoport OAuth forrás-kapcsolatok" + +#: authentik/sources/oauth/tasks.py +msgid "" +"Update OAuth sources' config from well_known, and JWKS info from the " +"configured URL." +msgstr "" +"Frissítse az OAuth források konfigurációját a well_known-ből, és a " +"beállított URL-tól származó JWKS információkból." + +#: authentik/sources/oauth/views/callback.py +#, python-brace-format +msgid "Authentication failed: {reason}" +msgstr "Hitelesítés sikertelen: {reason}" + +#: authentik/sources/plex/models.py +msgid "Client identifier used to talk to Plex." +msgstr "A Plex-hez való kommunikációhoz használt ügyfélazonosító." + +#: authentik/sources/plex/models.py +msgid "" +"Which servers a user has to be a member of to be granted access. Empty list " +"allows every server." +msgstr "" +"Azok a kiszolgálók, melyeknek tagjaként kell lennie a felhasználónak ahhoz, " +"hogy hozzáférést kapjon. Üres lista minden kiszolgálót engedélyezi." + +#: authentik/sources/plex/models.py +msgid "Allow friends to authenticate, even if you don't share a server." +msgstr "" +"Engedélyezze az ismeretségben lévők hitelesítését, még akkor is, ha nem " +"közös kiszolgálójaik van." + +#: authentik/sources/plex/models.py +msgid "Plex token used to check friends" +msgstr "A Plex token, amelyet a barátok ellenőrzéséhez használnak" + +#: authentik/sources/plex/models.py +msgid "Plex Source" +msgstr "Plex forrás" + +#: authentik/sources/plex/models.py +msgid "Plex Sources" +msgstr "Plex források" + +#: authentik/sources/plex/models.py +msgid "Plex Source Property Mapping" +msgstr "Plex forrási tulajdonság-hozzárendelés" + +#: authentik/sources/plex/models.py +msgid "Plex Source Property Mappings" +msgstr "Plex forráshi tulajdonság-hozzárendelések" + +#: authentik/sources/plex/models.py +msgid "User Plex Source Connection" +msgstr "Felhasználói Plex forráskapcsolat" + +#: authentik/sources/plex/models.py +msgid "User Plex Source Connections" +msgstr "Felhasználói Plex forráskapcsolatok" + +#: authentik/sources/plex/models.py +msgid "Group Plex Source Connection" +msgstr "CsoportPLEXforráskapcsolat" + +#: authentik/sources/plex/models.py +msgid "Group Plex Source Connections" +msgstr "CsoportPLEXforráskapcsolatok" + +#: authentik/sources/plex/tasks.py +msgid "Check the validity of a Plex source." +msgstr "Ellenőrizze a Plex forrás érvényességét." + +#: authentik/sources/saml/api/source.py +msgid "" +"With a Verification Certificate selected, at least one of 'Verify Assertion " +"Signature' or 'Verify Response Signature' must be selected." +msgstr "" +"Ha ellenőrzési tanúsítvány van kiválasztva, legalább az 'Assertív állítás " +"aláírásának' vagy a 'Válasz aláírásának' egyikének is meg kell jelennie." + +#: authentik/sources/saml/models.py +msgid "Redirect Binding" +msgstr "Átirányítási kötőszöveg" + +#: authentik/sources/saml/models.py +msgid "POST Binding" +msgstr "POST csatolás" + +#: authentik/sources/saml/models.py +msgid "POST Binding with auto-confirmation" +msgstr "POST csatolás automatikus megerősítéssel" + +#: authentik/sources/saml/models.py authentik/sources/telegram/models.py +msgid "Flow used before authentication." +msgstr "A hitelesítés előtt használt folyamat." + +#: authentik/sources/saml/models.py +msgid "Issuer" +msgstr "Kibocsátó" + +#: authentik/sources/saml/models.py +msgid "Also known as Entity ID. Defaults the Metadata URL." +msgstr "Egyéni azonosítóként ismert. Alapértelmezett a Metaadat URL-cím." + +#: authentik/sources/saml/models.py +msgid "SSO URL" +msgstr "SSO URL" + +#: authentik/sources/saml/models.py +msgid "URL that the initial Login request is sent to." +msgstr "Az első Login kérést elküldő URL-cím." + +#: authentik/sources/saml/models.py +msgid "SLO URL" +msgstr "SLO URL" + +#: authentik/sources/saml/models.py +msgid "Optional URL if your IDP supports Single-Logout." +msgstr "Opcionális URL, ha az IDP támogatja a Single-Logout funkciót." + +#: authentik/sources/saml/models.py +msgid "" +"Allows authentication flows initiated by the IdP. This can be a security " +"risk, as no validation of the request ID is done." +msgstr "" +"Engedélyezi az IdP által kezdeményezett hitelesítési folyamatokat. Ez lehet " +"biztonsági kockázat, mivel nincs igazolás a kérés azonosítóira." + +#: authentik/sources/saml/models.py +msgid "" +"When enabled, the IdP will re-authenticate the user even if a session " +"exists." +msgstr "" +"Ha engedélyezve van, az IdP újra hitelesít egy felhasználót, még akkor is, " +"ha már létezik munkamenet." + +#: authentik/sources/saml/models.py +msgid "" +"NameID Policy sent to the IdP. Can be unset, in which case no Policy is " +"sent." +msgstr "" +"NameID szabályzat amit az IdP-re lesz küldve. Ha nincs beállítva, nem lesz " +"küldve." + +#: authentik/sources/saml/models.py +msgid "Delete temporary users after" +msgstr "Tímid temporáris felhasználók törlése után" + +#: authentik/sources/saml/models.py +msgid "" +"Time offset when temporary users should be deleted. This only applies if " +"your IDP uses the NameID Format 'transient', and the user doesn't log out " +"manually. (Format: hours=1;minutes=2;seconds=3)." +msgstr "" +"A temporáris felhasználók törlésének időtartama. Ez csak akkor érvényes, ha " +"az IDP a 'transient' NameID Formátumot használja és a felhasználó nem " +"jelentkezik ki manuálisan. (Formátum: óra=1;perc=2;másodperc=3)." + +#: authentik/sources/saml/models.py +msgid "" +"Keypair used to sign outgoing Responses going to the Identity Provider." +msgstr "" +"A kulcspár az identitásszolgáltatóhoz intézett kimenő válaszok aláírására " +"szolgál." + +#: authentik/sources/saml/models.py +msgid "SAML Source" +msgstr "SAML forrás" + +#: authentik/sources/saml/models.py +msgid "SAML Sources" +msgstr "SAML források" + +#: authentik/sources/saml/models.py +msgid "SAML Source Property Mapping" +msgstr "SAML forrás tulajdonság-hozzárendelés" + +#: authentik/sources/saml/models.py +msgid "SAML Source Property Mappings" +msgstr "SAML forrás tulajdonság-hozzárendelések" + +#: authentik/sources/saml/models.py +msgid "User SAML Source Connection" +msgstr "Felhasználó SAML forrás csatlakozása" + +#: authentik/sources/saml/models.py +msgid "User SAML Source Connections" +msgstr "Felhasználó SAML forrás csatlakozások" + +#: authentik/sources/saml/models.py +msgid "Group SAML Source Connection" +msgstr "Csoport SAML forrás csatlakozása" + +#: authentik/sources/saml/models.py +msgid "Group SAML Source Connections" +msgstr "Csoport SAML forrás-kapcsolatok" + +#: authentik/sources/saml/views.py +#, python-brace-format +msgid "Continue to {source_name}" +msgstr "Folytatás {source_name}-ra" + +#: authentik/sources/scim/models.py +msgid "SCIM Source" +msgstr "SCIM forrás" + +#: authentik/sources/scim/models.py +msgid "SCIM Sources" +msgstr "SCIM források" + +#: authentik/sources/scim/models.py +msgid "SCIM Source Property Mapping" +msgstr "SCIM forrás-szempontok megfeleltetése" + +#: authentik/sources/scim/models.py +msgid "SCIM Source Property Mappings" +msgstr "SCIM forrás-szempontok megfeleltetései" + +#: authentik/sources/telegram/api/source.py +msgid "This Telegram account is already connected to another user." +msgstr "Ez a Telegram-fiók már csatlakoztatva van egy másik felhasználóhoz." + +#: authentik/sources/telegram/models.py authentik/sources/telegram/stage.py +msgid "Telegram bot username" +msgstr "Telegram bot felhasználói név" + +#: authentik/sources/telegram/models.py +msgid "Telegram bot token" +msgstr "Telegram bot token" + +#: authentik/sources/telegram/models.py +msgid "Request access to send messages from your bot." +msgstr "Kérje meg az üzenetek küldéséhez szükséges engedéllyt a botodtól." + +#: authentik/sources/telegram/models.py +msgid "Telegram Source" +msgstr "Telegram forrás" + +#: authentik/sources/telegram/models.py +msgid "Telegram Sources" +msgstr "Telegram forráskódok" + +#: authentik/sources/telegram/models.py +msgid "Telegram Source Property Mapping" +msgstr "Telegram forrás tulajdonságok ábrázolása" + +#: authentik/sources/telegram/models.py +msgid "Telegram Source Property Mappings" +msgstr "Telegram forrás tulajdonságok ábrázolásai" + +#: authentik/sources/telegram/models.py +msgid "User Telegram Source Connection" +msgstr "Felhasználó Telegram forrás csatlakoztatva" + +#: authentik/sources/telegram/models.py +msgid "User Telegram Source Connections" +msgstr "Felhasználó Telegram forrás csatlakoztatások" + +#: authentik/sources/telegram/models.py +msgid "Group Telegram Source Connection" +msgstr "Csoport Telegram forrás csatlakoztatva" + +#: authentik/sources/telegram/models.py +msgid "Group Telegram Source Connections" +msgstr "Csoport Telegram forrás csatlakoztatások" + +#: authentik/sources/telegram/telegram.py +msgid "Authentication date is too old" +msgstr "Az aláírási dátum túlrejtegetett" + +#: authentik/sources/telegram/telegram.py +msgid "Invalid hash" +msgstr "Érvénytelen szóró" + +#: authentik/stages/authenticator_duo/models.py +msgid "Duo Authenticator Setup Stage" +msgstr "Duo hitelesítő alkalmazás beállító szakasz" + +#: authentik/stages/authenticator_duo/models.py +msgid "Duo Authenticator Setup Stages" +msgstr "Duo hitelesítő alkalmazás beállító szakaszok" + +#: authentik/stages/authenticator_duo/models.py +msgid "Duo Device" +msgstr "Duo eszköz" + +#: authentik/stages/authenticator_duo/models.py +msgid "Duo Devices" +msgstr "Duo eszközök" + +#: authentik/stages/authenticator_email/models.py +#: authentik/stages/email/models.py +msgid "" +"When enabled, global Email connection settings will be used and connection " +"settings below will be ignored." +msgstr "" +"Ha engedélyezve van, a globális E-mail kapcsolat beállításai lesznek " +"használatban és az alábbi beállítások figyelmen kívül lesznek hagyva." + +#: authentik/stages/authenticator_email/models.py +#: authentik/stages/email/models.py +msgid "Time the token sent is valid (Format: hours=3,minutes=17,seconds=300)." +msgstr "" +"A küldött token érvényességi ideje (Formátum: óra=3, perc=17, " +"másodperc=300)." + +#: authentik/stages/authenticator_email/models.py +msgid "Email Authenticator Setup Stage" +msgstr "E-mail hitelesítő alkalmazás beállító szakasz" + +#: authentik/stages/authenticator_email/models.py +msgid "Email Authenticator Setup Stages" +msgstr "E-mail hitelesítő alkalmazás beállító szakaszok" + +#: authentik/stages/authenticator_email/models.py +#: authentik/stages/authenticator_email/stage.py +#: authentik/stages/email/stage.py +msgid "Exception occurred while rendering E-mail template" +msgstr "Hiba történt az E-mail sablon megjelenítése közben" + +#: authentik/stages/authenticator_email/models.py +msgid "Email Device" +msgstr "E-mail eszköz" + +#: authentik/stages/authenticator_email/models.py +msgid "Email Devices" +msgstr "E-mail eszközek" + +#: authentik/stages/authenticator_email/stage.py +#: authentik/stages/authenticator_sms/stage.py +#: authentik/stages/authenticator_totp/stage.py +msgid "Code does not match" +msgstr "A kód nem egyezik" + +#: authentik/stages/authenticator_email/stage.py +msgid "Invalid email" +msgstr "Érvénytelen email cím" + +#: authentik/stages/authenticator_email/stage.py +msgid "The user already has an email address registered for MFA." +msgstr "A felhasználó már MFA érkezési címmel van regisztrált." + +#: authentik/stages/authenticator_email/templates/email/email_otp.html +#: authentik/stages/email/templates/email/password_reset.html +#, python-format +msgid "" +"\n" +" Hi %(username)s,\n" +" " +msgstr "" +"\n" +"Üdv %(username)s,\\" + +#: authentik/stages/authenticator_email/templates/email/email_otp.html +msgid "" +"\n" +" Email MFA code.\n" +" " +msgstr "" +"\n" +" Email MFA kód.\n" +" " + +#: authentik/stages/authenticator_email/templates/email/email_otp.html +#, python-format +msgid "" +"\n" +" If you did not request this code, please ignore this email. The code above is valid for %(expires)s.\n" +" " +msgstr "" +"\n" +" Ha nem igényelt le ezt a kódot, ne vegye figyelembe ezt az email-t. A fenti kód %(expires)s ideig érvényes.\n" +" " + +#: authentik/stages/authenticator_email/templates/email/email_otp.txt +#: authentik/stages/email/templates/email/password_reset.txt +#, python-format +msgid "Hi %(username)s," +msgstr "Szia %(username)s," + +#: authentik/stages/authenticator_email/templates/email/email_otp.txt +msgid "" +"\n" +"Email MFA code\n" +msgstr "" +"\n" +"Email MFA kód\n" + +#: authentik/stages/authenticator_email/templates/email/email_otp.txt +#, python-format +msgid "" +"\n" +"If you did not request this code, please ignore this email. The code above is valid for %(expires)s.\n" +msgstr "" +"\n" +"Ha nem igényelt le ezt a kódot, ne vegye figyelembe ezt az email-t. A fenti kód %(expires)s ideig érvényes.\n" + +#: authentik/stages/authenticator_sms/models.py +msgid "" +"When enabled, the Phone number is only used during enrollment to verify the " +"users authenticity. Only a hash of the phone number is saved to ensure it is" +" not reused in the future." +msgstr "" +"A bekapcsolás esetén a Telefonszám csak az engedélyezés során szolgál a " +"felhasználó igazságosságának ellenőrzésére. Csak egy hash-je van elmentve, " +"hogy biztosítsuk, hogy nem lesz további használatra." + +#: authentik/stages/authenticator_sms/models.py +msgid "Optionally modify the payload being sent to custom providers." +msgstr "Módosíthatja az egyéni szolgáltatóknak küldött csomagot." + +#: authentik/stages/authenticator_sms/models.py +#, python-brace-format +msgid "Use this code to authenticate in authentik: {token}" +msgstr "Használja ezt a kódot az authentik bejelentkezéshez: {token}" + +#: authentik/stages/authenticator_sms/models.py +msgid "SMS Authenticator Setup Stage" +msgstr "SMS Authenticator Beállítás Stág" + +#: authentik/stages/authenticator_sms/models.py +msgid "SMS Authenticator Setup Stages" +msgstr "SMS Hitelesítői Fázisok Beállítása" + +#: authentik/stages/authenticator_sms/models.py +msgid "SMS Device" +msgstr "SMS eszköz" + +#: authentik/stages/authenticator_sms/models.py +msgid "SMS Devices" +msgstr "SMS eszközök" + +#: authentik/stages/authenticator_sms/stage.py +msgid "Invalid phone number" +msgstr "Érvénytelen telefonszám" + +#: authentik/stages/authenticator_static/models.py +msgid "Static Authenticator Setup Stage" +msgstr "Egyszerűsített Hitelesítői Fázis Beállítása" + +#: authentik/stages/authenticator_static/models.py +msgid "Static Authenticator Setup Stages" +msgstr "Egyszerűsített Hitelesítői Fázisok Beállítása" + +#: authentik/stages/authenticator_static/models.py +msgid "Static Device" +msgstr "Statikus eszköz" + +#: authentik/stages/authenticator_static/models.py +msgid "Static Devices" +msgstr "Statikus eszközök" + +#: authentik/stages/authenticator_static/models.py +msgid "Static Token" +msgstr "Egyszerűsített Token" + +#: authentik/stages/authenticator_static/models.py +msgid "Static Tokens" +msgstr "Egyszerűsített Tokens" + +#: authentik/stages/authenticator_totp/models.py +msgid "6 digits, widely compatible" +msgstr "6 számjegy, széles körben kompatibilis" + +#: authentik/stages/authenticator_totp/models.py +msgid "8 digits, not compatible with apps like Google Authenticator" +msgstr "" +"8 számjegy, nem kompatibilis alkalmazásokkal, mint például a Google " +"Authenticator" + +#: authentik/stages/authenticator_totp/models.py +msgid "TOTP Authenticator Setup Stage" +msgstr "TOTP Hitelesítői Fázis Beállítása" + +#: authentik/stages/authenticator_totp/models.py +msgid "TOTP Authenticator Setup Stages" +msgstr "TOTP Hitelesítői Fázisok Beállítása" + +#: authentik/stages/authenticator_totp/models.py +msgid "TOTP Device" +msgstr "TOTP eszköz" + +#: authentik/stages/authenticator_totp/models.py +msgid "TOTP Devices" +msgstr "TOTP eszközök" + +#: authentik/stages/authenticator_validate/challenge.py +msgid "" +"Invalid Token. Please ensure the time on your device is accurate and try " +"again." +msgstr "" +"Érvénytelen token. Kérjük, ellenőrizze a(z) eszköz időbeállításait és " +"próbálja újra." + +#: authentik/stages/authenticator_validate/challenge.py +#: authentik/stages/authenticator_webauthn/stage.py +#, python-brace-format +msgid "Invalid device type. Contact your {brand} administrator for help." +msgstr "" +"Érvénytelen eszkiszámítógép típusa. Kapcsolatba lépjen az {brand} " +"adminisztrátorral a segítségért." + +#: authentik/stages/authenticator_validate/models.py +msgid "Static" +msgstr "Félig statikus" + +#: authentik/stages/authenticator_validate/models.py +msgid "TOTP" +msgstr "TOTP" + +#: authentik/stages/authenticator_validate/models.py +msgid "WebAuthn" +msgstr "WebAuthn" + +#: authentik/stages/authenticator_validate/models.py +msgid "Duo" +msgstr "Duo" + +#: authentik/stages/authenticator_validate/models.py +msgid "SMS" +msgstr "SMS" + +#: authentik/stages/authenticator_validate/models.py +msgid "" +"Stages used to configure Authenticator when user doesn't have any compatible" +" devices. After this configuration Stage passes, the user is not prompted " +"again." +msgstr "" +"Hitelesítő konfigurálására vonatkozó szakaszok, amennyiben a felhasználónak " +"nincs kompatibilis eszköze. Miután ez a konfigurációs szakasz lezajlik, a " +"felhasználónak nem kell ismét elvégeznie a folyamatot." + +#: authentik/stages/authenticator_validate/models.py +msgid "Device classes which can be used to authenticate" +msgstr "Azon eszközosztályok, amelyek hitelesítésre használhatóak." + +#: authentik/stages/authenticator_validate/models.py +msgid "" +"If any of the user's device has been used within this threshold, this stage " +"will be skipped" +msgstr "" +"Amennyiben a felhasználó bármelyik eszközét használták ezen küszöbérték " +"időtartama alatt, ez a szakasz át lesz ugorva." + +#: authentik/stages/authenticator_validate/models.py +msgid "Enforce user verification for WebAuthn devices." +msgstr "A felhasználói hitelesítés kikényszerítése WebAuthn eszközökön." + +#: authentik/stages/authenticator_validate/models.py +msgid "Authenticator Validation Stage" +msgstr "Hitelesítő alkalmazás ellenőrzési szakasz" + +#: authentik/stages/authenticator_validate/models.py +msgid "Authenticator Validation Stages" +msgstr "Hitelesítő alkalmazás ellenőrzési szakaszok" + +#: authentik/stages/authenticator_validate/stage.py +msgid "No (allowed) MFA authenticator configured." +msgstr "Nincs (engedélyezett) MFA hitelesítő alkalmazás konfigurálva." + +#: authentik/stages/authenticator_webauthn/models.py +msgid "When enabled, a given device can only be registered once." +msgstr "" +"Amikor engedélyezve van, egy megadott eszköz csak egyszer regisztrálható." + +#: authentik/stages/authenticator_webauthn/models.py +msgid "WebAuthn Authenticator Setup Stage" +msgstr "WebAuthn hitelesítői beállítások" + +#: authentik/stages/authenticator_webauthn/models.py +msgid "WebAuthn Authenticator Setup Stages" +msgstr "WebAuthn hitelesítői beállítások" + +#: authentik/stages/authenticator_webauthn/models.py +msgid "WebAuthn Device" +msgstr "WebAuthn eszköz" + +#: authentik/stages/authenticator_webauthn/models.py +msgid "WebAuthn Devices" +msgstr "WebAuthn eszközök" + +#: authentik/stages/authenticator_webauthn/models.py +msgid "WebAuthn Device type" +msgstr "WebAuthn eszköz típusa" + +#: authentik/stages/authenticator_webauthn/models.py +msgid "WebAuthn Device types" +msgstr "WebAuthn eszköz típusai" + +#: authentik/stages/authenticator_webauthn/tasks.py +msgid "" +"Background task to import FIDO Alliance MDS blob and AAGUIDs into database." +msgstr "" +"Háttérbeli feladat a FIDO Alliance MDS blob és az AAGUID-k importálásához a " +"adatbázisba." + +#: authentik/stages/captcha/models.py +msgid "Public key, acquired your captcha Provider." +msgstr "Nyilvános kulcs, megszerezve a captcha-szolgáltató által." + +#: authentik/stages/captcha/models.py +msgid "Private key, acquired your captcha Provider." +msgstr "Magán kulcs, megszerezve a captcha-szolgáltató által." + +#: authentik/stages/captcha/models.py +msgid "" +"When enabled and the received captcha score is outside of the given " +"threshold, the stage will show an error message. When not enabled, the flow " +"will continue, but the data from the captcha will be available in the " +"context for policy decisions" +msgstr "" +"Ha engedélyezve van, és a kapott captcha pontszám kívül esik a megadott " +"küszöbértéken, a szakasz hibaüzenetet jelenít meg. Ha nincs engedélyezve, a " +"folyamat folytatódik, de a captcha-ból származó adatok elérhetőek lesznek az" +" irányelvekkel kapcsolatos döntésekhez." + +#: authentik/stages/captcha/models.py +msgid "Captcha Stage" +msgstr "Captcha szakasz" + +#: authentik/stages/captcha/models.py +msgid "Captcha Stages" +msgstr "Captcha szakaszok" + +#: authentik/stages/captcha/stage.py +msgid "Invalid captcha response. Retrying may solve this issue." +msgstr "" +"Érvénytelen captcha válasz. Újra próbálkozás segíthet e problémák " +"megoldásában." + +#: authentik/stages/captcha/stage.py +msgid "Invalid captcha response" +msgstr "Érvénytelen captcha válasz" + +#: authentik/stages/captcha/stage.py +msgid "Failed to validate token" +msgstr "Token ellenőrzése sikertelen" + +#: authentik/stages/consent/models.py +msgid "" +"Offset after which consent expires. (Format: hours=1;minutes=2;seconds=3)." +msgstr "" +"A jogosítvány lejárati időpontja (Formátum: óra=1;perc=2;másodperc=3)." + +#: authentik/stages/consent/models.py +msgid "Consent Stage" +msgstr "Hozzájárulás szakasz" + +#: authentik/stages/consent/models.py +msgid "Consent Stages" +msgstr "Hozzájárulások szakasza" + +#: authentik/stages/consent/models.py +msgid "User Consent" +msgstr "Felhasználói hozzájárulás" + +#: authentik/stages/consent/models.py +msgid "User Consents" +msgstr "Felhasználói hozzájárulások" + +#: authentik/stages/consent/stage.py +msgid "Invalid consent token, re-showing prompt" +msgstr "" +"Érvénytelen hozzájárulási jogkivonat, újravalasztás a felugró ablakban" + +#: authentik/stages/deny/models.py +msgid "Deny Stage" +msgstr "Elutasítás szakasz" + +#: authentik/stages/deny/models.py +msgid "Deny Stages" +msgstr "Elutasítások szakasza" + +#: authentik/stages/dummy/models.py +msgid "Dummy Stage" +msgstr "Tervezési szakasz" + +#: authentik/stages/dummy/models.py +msgid "Dummy Stages" +msgstr "Tervezési szakaszok" + +#: authentik/stages/email/flow.py +msgid "Continue to confirm this email address." +msgstr "Folytatás ezen az email-cím ellenőrzése." + +#: authentik/stages/email/flow.py +msgid "Link was already used, please request a new link." +msgstr "" +"A hivatkozás már használatban van, kérem kérje meg egy új hivatkozást." + +#: authentik/stages/email/models.py +msgid "Password Reset" +msgstr "Jelszó visszaállítása" + +#: authentik/stages/email/models.py +msgid "Account Confirmation" +msgstr "Fiók megerősítése" + +#: authentik/stages/email/models.py +msgid "Email OTP" +msgstr "E-mail OTP" + +#: authentik/stages/email/models.py +msgid "Event Notification" +msgstr "Értesítés eseményről" + +#: authentik/stages/email/models.py authentik/stages/invitation/models.py +msgid "Invitation" +msgstr "Meghívás" + +#: authentik/stages/email/models.py +msgid "" +"The time window used to count recent account recovery attempts. If the " +"number of attempts exceed recovery_max_attempts within this period, further " +"attempts will be rate-limited. (Format: hours=1;minutes=2;seconds=3)." +msgstr "" +"A körülhatárolt időszak, amelyben a fiók-visszaállítási kísérleteket " +"számoljuk. Ha a visszaállítási kísérletek száma meghaladja a " +"recovery_max_attempts értéket ebben az időszakban, további kísérletek " +"korlátozottan engedélyezettek (Formátum: órák=1;percek=2;mp=3)." + +#: authentik/stages/email/models.py +msgid "Activate users upon completion of stage." +msgstr "Aktiválja a felhasználókat a szakasz befejezésekor." + +#: authentik/stages/email/models.py +msgid "Email Stage" +msgstr "E-mail szakasz" + +#: authentik/stages/email/models.py +msgid "Email Stages" +msgstr "E-mail szakaszok" + +#: authentik/stages/email/stage.py +msgid "Successfully verified Email." +msgstr "Sikeresen ellenőrzött e-mail." + +#: authentik/stages/email/stage.py +msgid "No pending user." +msgstr "Nincs függőben lévő felhasználó." + +#: authentik/stages/email/stage.py +msgid "Email sent." +msgstr "Email elküldve." + +#: authentik/stages/email/stage.py +#, python-brace-format +msgid "" +"Too many account verification attempts. Please try again after {minutes} " +"minutes." +msgstr "" +"Túl sok fiók-ellenőrzési kísérlet. Kérem, próbálja újra {minutes} perccel " +"később." + +#: authentik/stages/email/stage.py +msgid "Email Successfully sent." +msgstr "Email sikeresen elküldve." + +#: authentik/stages/email/tasks.py +msgid "Send email." +msgstr "E-mail küldése." + +#: authentik/stages/email/templates/email/account_confirmation.html +#: authentik/stages/email/templates/email/account_confirmation.txt +msgid "Welcome!" +msgstr "Üdvözöljük!" + +#: authentik/stages/email/templates/email/account_confirmation.html +msgid "" +"We're excited to have you get started. First, you need to confirm your " +"account. Just press the button below." +msgstr "" +"Örülünk, hogy kezdeményezést lát a használatunkban. Először is, ellenőrizze " +"az fiókját. Kattintson a gombra alábbiakban." + +#: authentik/stages/email/templates/email/account_confirmation.html +msgid "Confirm Account" +msgstr "Fiók megerősítése" + +#: authentik/stages/email/templates/email/account_confirmation.html +#, python-format +msgid "" +"\n" +" If that doesn't work, copy and paste the following link in your browser: %(url)s\n" +" " +msgstr "" +"\n" +" Ha ez nem működik, másolja és illessze be a következő linket a böngészőbe: %(url)s\n" +" " + +#: authentik/stages/email/templates/email/account_confirmation.txt +msgid "" +"We're excited to have you get started. First, you need to confirm your " +"account. Just open the link below." +msgstr "" +"Örülünk, hogy kezdeményezést lát a használatunkban. Először is, ellenőrizze " +"az fiókját. Nyissa meg a következő linket alábbiakban." + +#: authentik/stages/email/templates/email/event_notification.html +#, python-format +msgid "" +"\n" +" This email was sent from the notification transport %(name)s.\n" +" " +msgstr "" +"\n" +"Ez az e-mail a(z) %(name)s értesítési szolgáltatásból küldték.\n" +" " + +#: authentik/stages/email/templates/email/event_notification.txt +msgid "Dear authentik user," +msgstr "Kedves authentik felhasználó," + +#: authentik/stages/email/templates/email/event_notification.txt +msgid "The following notification was created:" +msgstr "A következő értesítés jött létre:" + +#: authentik/stages/email/templates/email/event_notification.txt +msgid "Additional attributes:" +msgstr "További attribútumok:" + +#: authentik/stages/email/templates/email/event_notification.txt +#, python-format +msgid "" +"\n" +"This email was sent from the notification transport %(name)s.\n" +msgstr "" +"\n" +"Ez az e-mail a(z) %(name)s értesítési szolgáltatásból küldték.\n" + +#: authentik/stages/email/templates/email/invitation.html +msgid "" +"\n" +" You're Invited!\n" +" " +msgstr "" +"\n" +" Előírásod van!\n" +" " + +#: authentik/stages/email/templates/email/invitation.html +#, python-format +msgid "" +"\n" +" You have been invited to join %(host)s. Click the button below to get started.\n" +" " +msgstr "" +"\n" +" Előírták, hogy csatlakozzon %(host)s. Kattintson a gombra alább a kezdéshez.\n" +" " + +#: authentik/stages/email/templates/email/invitation.html +#, python-format +msgid "" +"\n" +" This invitation expires %(expires)s.\n" +" " +msgstr "" +"\n" +" Ez az előírás %(expires)s után lejár.\n" +" " + +#: authentik/stages/email/templates/email/invitation.html +#: authentik/stages/email/templates/email/invitation.txt +msgid "Accept Invitation" +msgstr "Elfogadás" + +#: authentik/stages/email/templates/email/invitation.html +msgid "" +"\n" +" If you cannot click the button above, please copy and paste the following URL into your browser:\n" +" " +msgstr "" +"\n" +" Ha nem kattinthat a felső gombra, kérjük másolja és illessze be a következő URL-t a böngészőbe:\n" +" " + +#: authentik/stages/email/templates/email/invitation.txt +msgid "You're Invited!" +msgstr "Megírva!" + +#: authentik/stages/email/templates/email/invitation.txt +#, python-format +msgid "" +"You have been invited to join %(host)s. Use the link below to get started." +msgstr "" +"Elküldték az önnhez tartozó csatlakozási meghívást %(host)s-hoz. Használja a" +" lenti hivatkozást, hogy kezdjen." + +#: authentik/stages/email/templates/email/invitation.txt +#, python-format +msgid "This invitation expires %(expires)s." +msgstr "Ez a meghívás lejár ideig: %(expires)s." + +#: authentik/stages/email/templates/email/invitation.txt +msgid "" +"If you cannot click the link above, please copy and paste the following URL " +"into your browser:" +msgstr "" +"Ha nem kattinthat a felső hivatkozatra, kérjük másolja és illessze be a " +"következő URL-t a böngészőbe:" + +#: authentik/stages/email/templates/email/password_reset.html +msgid "" +"\n" +" You recently requested to change your password for your authentik account. Use the button below to set a new password.\n" +" " +msgstr "" +"\n" +"Ön nemrégiben jelszóváltoztatást kezdeményezett az authentik fiókjához. Új jelszó beállításához használja a lentebbi gombot." + +#: authentik/stages/email/templates/email/password_reset.html +#, python-format +msgid "" +"\n" +" If you did not request a password change, please ignore this email. The link above is valid for %(expires)s.\n" +" " +msgstr "" +"\n" +"Ha nem kérte a jelszót megváltoztatni, kérem, ne vegye figyelembe ezen az e-mailen. A felső hivatkozás ideiglenes, és %(expires)s után lejár." + +#: authentik/stages/email/templates/email/password_reset.txt +msgid "" +"\n" +"You recently requested to change your password for your authentik account. Use the link below to set a new password.\n" +msgstr "" +"\n" +"Néhány idő múlva jelszót megváltoztatni kívánta a saját authentik fiókjában. Használja a lenti hivatkozást, hogy beállíthat új jelszót.\n" + +#: authentik/stages/email/templates/email/password_reset.txt +#, python-format +msgid "" +"\n" +"If you did not request a password change, please ignore this email. The link above is valid for %(expires)s.\n" +msgstr "" +"\n" +"Ha nem igyekvett jelszót megváltoztatni, kérem, ne vegye figyelembe ezen az e-mailen. A felső hivatkozás ideiglenes, és %(expires)s után lejár.\n" + +#: authentik/stages/email/templates/email/setup.html +msgid "authentik Test-Email" +msgstr "authentik teszt-e-mail" + +#: authentik/stages/email/templates/email/setup.html +msgid "" +"\n" +" This is a test email to inform you, that you've successfully configured authentik emails.\n" +" " +msgstr "" +"\n" +"Ez egy teszt e-mail a hitelesítés beállításainak sikeres konfigurálásáról." + +#: authentik/stages/email/templates/email/setup.txt +msgid "" +"\n" +"This is a test email to inform you, that you've successfully configured authentik emails.\n" +msgstr "" +"\n" +"Ez egy teszt e-mail a hitelesítés beállításainak sikeres konfigurálásáról.\n" + +#: authentik/stages/identification/api.py +msgid "When no user fields are selected, at least one source must be selected" +msgstr "" +"Ha nincs felhasználói mező kiválasztva, legalább egy forrásnak kell " +"megjelennie." + +#: authentik/stages/identification/models.py +msgid "" +"Fields of the user object to match against. (Hold shift to select multiple " +"options)" +msgstr "" +"A felhasználó objektum mezői, amelyekkel az összevetés történik. (Nyomd le a" +" Shift-gombot több opciót kiválasztáshoz)" + +#: authentik/stages/identification/models.py +msgid "When enabled, user fields are matched regardless of their casing." +msgstr "" +"Ha engedélyezve van, a felhasználói mezők összehasonlítása esetleges " +"betűméretnek is megfelel." + +#: authentik/stages/identification/models.py +msgid "" +"When a valid username/email has been entered, and this option is enabled, " +"the user's username and avatar will be shown. Otherwise, the text that the " +"user entered will be shown" +msgstr "" +"Amikor egy érvényes felhasználónév vagy e-mail cím be van írva és ez az " +"opció engedélyezve van, a felhasználó felhasználónév és profilképe jelenik " +"meg. Ellenkező esetben a felhasználó által beírt szöveg jelenik meg." + +#: authentik/stages/identification/models.py +msgid "" +"When enabled, the stage will succeed and continue even when incorrect user " +"info is entered." +msgstr "" +"Ha engedélyezve van, az állapothoz bármilyen hibás felhasználói adatokkal is" +" sikerül és folytatódik." + +#: authentik/stages/identification/models.py +msgid "" +"Show the user the 'Remember me on this device' toggle, allowing repeat users" +" to skip straight to entering their password." +msgstr "" +"Mutassa a felhasználónak a 'Ezt az eszközt emlékezz meg' kapcsolót, amely " +"lehetővé teszi a visszatérő felhasználóknak közvetlenül jelszavuk beírására." + +#: authentik/stages/identification/models.py +msgid "Optional enrollment flow, which is linked at the bottom of the page." +msgstr "" +"Opcionális regisztrációs folyamat, ami az oldal alján található " +"hivatkozással érhető el." + +#: authentik/stages/identification/models.py +msgid "Optional recovery flow, which is linked at the bottom of the page." +msgstr "" +"Opcionális helyreállítási folyamat, ami az oldal alján található " +"hivatkozással érhető el." + +#: authentik/stages/identification/models.py +msgid "Optional passwordless flow, which is linked at the bottom of the page." +msgstr "Nem kötelező jelszómentes folyamat, amely a lapon alul látható." + +#: authentik/stages/identification/models.py +msgid "Specify which sources should be shown." +msgstr "Határozzza meg, mely forrásokat szeretné mutatni." + +#: authentik/stages/identification/models.py +msgid "Identification Stage" +msgstr "Azonosítási Stág" + +#: authentik/stages/identification/models.py +msgid "Identification Stages" +msgstr "Azonosítási Stágok" + +#: authentik/stages/identification/stage.py +msgid "No identification data provided." +msgstr "Nincs azonosítási adatodottakat nyújtva." + +#: authentik/stages/identification/stage.py +msgid "Failed to authenticate." +msgstr "A hitelesítés sikertelen." + +#: authentik/stages/identification/stage.py +msgid "Log in" +msgstr "Bejelentkezés" + +#: authentik/stages/identification/stage.py +msgid "Continue" +msgstr "Folytatás" + +#: authentik/stages/invitation/models.py +msgid "" +"If this flag is set, this Stage will jump to the next Stage when no " +"Invitation is given. By default this Stage will cancel the Flow when no " +"invitation is given." +msgstr "" +"Ha ez a jelző be van állítva, ezen a Stágon keresztül lép tovább az " +"alábbihoz, ha nincs meghívás. Alapértelmezés szerint ez a Stág a folyamatot " +"megszakítja, ha nincs meghívás." + +#: authentik/stages/invitation/models.py +msgid "Invitation Stage" +msgstr "Meghívás Stág" + +#: authentik/stages/invitation/models.py +msgid "Invitation Stages" +msgstr "Meghívó szakaszok" + +#: authentik/stages/invitation/models.py +msgid "When set, only the configured flow can use this invitation." +msgstr "" +"Ha be van kapcsolva, csak a konfigurált folyamat használhatja ezt a " +"meghívót." + +#: authentik/stages/invitation/models.py +msgid "When enabled, the invitation will be deleted after usage." +msgstr "Ha engedélyezve van, a meghívó törölkedik az használat után." + +#: authentik/stages/invitation/models.py +msgid "Optional fixed data to enforce on user enrollment." +msgstr "" +"Opcionális beállított adatok, amelyeket a felhasználói regisztráció során " +"követelnek meg." + +#: authentik/stages/invitation/models.py +msgid "Invitations" +msgstr "Meghívók" + +#: authentik/stages/invitation/stage.py +msgid "Invalid invite/invite not found" +msgstr "Érvénytelen meghívó/nem található meghívó" + +#: authentik/stages/password/models.py +msgid "User database + standard password" +msgstr "Felhasználói adatbázis + standard jelszó" + +#: authentik/stages/password/models.py +msgid "User database + app passwords" +msgstr "Felhasználói adatbázis + alkalmazásjelszavak" + +#: authentik/stages/password/models.py +msgid "User database + LDAP password" +msgstr "Felhasználói adatbázis + LDAP-jelszó" + +#: authentik/stages/password/models.py +msgid "User database + Kerberos password" +msgstr "Felhasználói adatbázis + Kerberos-jelszó" + +#: authentik/stages/password/models.py +msgid "Selection of backends to test the password against." +msgstr "" +"Háttérszolgáltatások kiválasztása, amelyekhez tesztelni szeretné a jelszót." + +#: authentik/stages/password/models.py +msgid "" +"How many attempts a user has before the flow is canceled. To lock the user " +"out, use a reputation policy and a user_write stage." +msgstr "" +"Hányszor próbálkozik a felhasználó a folyamat megszakítása előtt. A " +"felhasználó kizárásához használjon hírnévszabályzatot és user_write " +"szakaszt." + +#: authentik/stages/password/models.py +msgid "" +"When enabled, provides a 'show password' button with the password input " +"field." +msgstr "" +"Ha engedélyezve van, egy 'jelszó megjelenítése' gombot nyújt a jelszónév " +"mező mellett." + +#: authentik/stages/password/models.py +msgid "Password Stage" +msgstr "Jelszó szakasz" + +#: authentik/stages/password/models.py +msgid "Password Stages" +msgstr "Jelszó szakasz" + +#: authentik/stages/password/stage.py +msgid "Invalid password" +msgstr "Helytelen jelszó" + +#: authentik/stages/prompt/models.py +msgid "Text: Simple Text input" +msgstr "Szöveg: Egyszerű szövegmegadás" + +#: authentik/stages/prompt/models.py +msgid "Text area: Multiline Text Input." +msgstr "Szövegszelet: Több soros szövegemadás." + +#: authentik/stages/prompt/models.py +msgid "Text (read-only): Simple Text input, but cannot be edited." +msgstr "" +"Szöveg (olvasási módban): Egyszerű szövegmegadás, de nem szerkeszthető." + +#: authentik/stages/prompt/models.py +msgid "Text area (read-only): Multiline Text input, but cannot be edited." +msgstr "" +"Szövegszelet (olvasási módban): Több soros szövegemadás, de nem " +"szerkeszthető." + +#: authentik/stages/prompt/models.py +msgid "" +"Username: Same as Text input, but checks for and prevents duplicate " +"usernames." +msgstr "" +"Felhasználónév: Ugyanaz, mint a Szöveg mező, de duplikált felhasználónevek " +"elleni ellenőrzést hajt végre." + +#: authentik/stages/prompt/models.py +msgid "Email: Text field with Email type." +msgstr "E-mail: E-mail típusú szövegmegadás." + +#: authentik/stages/prompt/models.py +msgid "" +"Password: Masked input, multiple inputs of this type on the same prompt need" +" to be identical." +msgstr "" +"Jelszó: maszkolt bevitel, az ilyen típusú beviteli mezőkben lévő adatoknak " +"ugyanazon a prompton meg kell egyeznie." + +#: authentik/stages/prompt/models.py +msgid "Fixed choice field rendered as a group of radio buttons." +msgstr "" +"Fix választási lehetőség mező, amely rádiógombok csoportjaként jelenik meg." + +#: authentik/stages/prompt/models.py +msgid "Fixed choice field rendered as a dropdown." +msgstr "Fix választási lehetőség mező, amely alsóvonali menüként jelenik meg." + +#: authentik/stages/prompt/models.py +msgid "" +"File: File upload for arbitrary files. File content will be available in " +"flow context as data-URI" +msgstr "" +"Fájl: Bármilyen fájlok feltöltése. A fájl tartalma flow kontextusban " +"elérhető data-URI formátumban." + +#: authentik/stages/prompt/models.py +msgid "Separator: Static Separator Line" +msgstr "Elválasztó: Statikus elválasztó vonal" + +#: authentik/stages/prompt/models.py +msgid "Hidden: Hidden field, can be used to insert data into form." +msgstr "" +"Rejtett: Rejtett mező, amely adatok beillesztenésére szolgál a form-ba." + +#: authentik/stages/prompt/models.py +msgid "Static: Static value, displayed as-is." +msgstr "Statikus: Statikus érték, az eredeti formában jelenik meg." + +#: authentik/stages/prompt/models.py +msgid "Alert (Info): Static alert box with info styling" +msgstr "" +"Figyelmeztetés (Információ): Információs stílusú statikus figyelmeztető " +"ablak" + +#: authentik/stages/prompt/models.py +msgid "Alert (Warning): Static alert box with warning styling" +msgstr "" +"Figyelmeztetés (Figyelem): Figyelem stílusú statikus figyelmeztető ablak" + +#: authentik/stages/prompt/models.py +msgid "Alert (Danger): Static alert box with danger styling" +msgstr "" +"Figyelmeztetés (Sérülés): Sérülés stílusú statikus figyelmeztető ablak" + +#: authentik/stages/prompt/models.py +msgid "authentik: Selection of locales authentik supports" +msgstr "authentik: Az authentik támogatott területi beállítások kiválasztása" + +#: authentik/stages/prompt/models.py +msgid "Name of the form field, also used to store the value" +msgstr "A form mező neve, amely használatos az érték tárolására is" + +#: authentik/stages/prompt/models.py +msgid "" +"Optionally provide a short hint that describes the expected input value. " +"When creating a fixed choice field, enable interpreting as expression and " +"return a list to return multiple choices." +msgstr "" +"Opcionálisan adjon meg egy rövid utasítást a várható bemeneti értékről. A " +"fiksat választási mező létrehozása során engedélyezze az kifejezésként " +"történő interpretálást és adjon vissza egy listát több választás esetén." + +#: authentik/stages/prompt/models.py +msgid "" +"Optionally pre-fill the input with an initial value. When creating a fixed " +"choice field, enable interpreting as expression and return a list to return " +"multiple default choices." +msgstr "" +"Például elektelt értéket adhat hozzá a bemenethez. Amikor egy meghatározott " +"választási mezőt hoz létre, engedélyezze az kifejezésként történő " +"interpretálást és adjon vissza egy listát több alapértelmezett " +"választásokhoz." + +#: authentik/stages/prompt/models.py +msgid "Prompt" +msgstr "Kérdés" + +#: authentik/stages/prompt/models.py +msgid "Prompts" +msgstr "Kérdések" + +#: authentik/stages/prompt/models.py +msgid "Prompt Stage" +msgstr "Kérdési szakasz" + +#: authentik/stages/prompt/models.py +msgid "Prompt Stages" +msgstr "Kérdési szakaszok" + +#: authentik/stages/prompt/stage.py +msgid "Passwords don't match." +msgstr "A jelszavak nem egyeznek." + +#: authentik/stages/redirect/api.py +msgid "Target URL should be present when mode is Static." +msgstr "A célmegengedett URL megadása esetén statikus mód." + +#: authentik/stages/redirect/api.py +msgid "Target Flow should be present when mode is Flow." +msgstr "Cél-folyamathoz hivatkozó mezők megadása esetén folyam mód." + +#: authentik/stages/redirect/models.py +msgid "Redirect Stage" +msgstr "Átirányítási szakasz" + +#: authentik/stages/redirect/models.py +msgid "Redirect Stages" +msgstr "Átirányítási szakaszok" + +#: authentik/stages/user_delete/models.py +msgid "User Delete Stage" +msgstr "Felhasználói törlési szakasz" + +#: authentik/stages/user_delete/models.py +msgid "User Delete Stages" +msgstr "Felhasználó törlési fázisok" + +#: authentik/stages/user_delete/stage.py +msgid "No Pending User." +msgstr "Nincs várakozó felhasználó." + +#: authentik/stages/user_login/models.py +msgid "Bind sessions created by this stage to the configured network" +msgstr "" +"A hozzáadott fázison keresztül létrehozott munkamenetek kötése a beállított " +"hálózathoz" + +#: authentik/stages/user_login/models.py +msgid "Bind sessions created by this stage to the configured GeoIP location" +msgstr "" +"A hozzáadott fázison keresztül létrehozott munkamenetek kötése a konfigurált" +" GeoIP helyhez" + +#: authentik/stages/user_login/models.py +msgid "Terminate all other sessions of the user logging in." +msgstr "" +"Véglegesítsen minden másik munkamenetet a bejelentkező felhasználóval." + +#: authentik/stages/user_login/models.py +msgid "" +"Offset the session will be extended by when the user picks the remember me " +"option. Default of 0 means that the remember me option will not be shown. " +"(Format: hours=-1;minutes=-2;seconds=-3)" +msgstr "" +"A munkamenet hosszabbításának időtartama, amikor a felhasználó a " +"\"memorbiztos\" opciót választja. Az alapértelmezett 0 érték azt jelenti, " +"hogy nem jelenik meg a \"memorbiztos\" lehetőség. (Formátum: " +"óra=-1;perc=-2;mp=-3)" + +#: authentik/stages/user_login/models.py +msgid "" +"When set to a non-zero value, authentik will save a cookie with a longer " +"expiry,to remember the device the user is logging in from. (Format: " +"hours=-1;minutes=-2;seconds=-3)" +msgstr "" +"Ha nem nulla értékre van beállítva, az authentik egy hosszabb élettartamú " +"sütível menti el a felhasználó által használt eszközt. (Formátum: " +"óra=-1;perc=-2;mp=-3)" + +#: authentik/stages/user_login/models.py +msgid "User Login Stage" +msgstr "Felhasználói bejelentkezési fázis" + +#: authentik/stages/user_login/models.py +msgid "User Login Stages" +msgstr "Felhasználói bejelentkezési fázisok" + +#: authentik/stages/user_login/stage.py +msgid "No Pending user to login." +msgstr "Nincs várakozó felhasználó a bejelentkezéshez." + +#: authentik/stages/user_logout/models.py +msgid "User Logout Stage" +msgstr "Felhasználó kijelentkezési szakasz" + +#: authentik/stages/user_logout/models.py +msgid "User Logout Stages" +msgstr "Felhasználó kijelentkezési szakaszok" + +#: authentik/stages/user_write/models.py +msgid "When set, newly created users are inactive and cannot login." +msgstr "" +"Ha be van állítva, az újonnan létrehozott felhasználók inaktívak és nem " +"jelentkezhetnek be." + +#: authentik/stages/user_write/models.py +msgid "Optionally add newly created users to this group." +msgstr "" +"Választottan adja hozzá az újonnan létrehozott felhasználókat ehhez a " +"csoportokhoz." + +#: authentik/stages/user_write/models.py +msgid "User Write Stage" +msgstr "Felhasználó írás szakasz" + +#: authentik/stages/user_write/models.py +msgid "User Write Stages" +msgstr "Felhasználó írás szakaszok" + +#: authentik/stages/user_write/stage.py +msgid "No Pending data." +msgstr "Nincs várólistán lévő adat." + +#: authentik/stages/user_write/stage.py +msgid "No user found and can't create new user." +msgstr "Nem található felhasználó és nem hozható létre új felhasználó." + +#: authentik/stages/user_write/stage.py +msgid "Failed to update user. Please try again later." +msgstr "A felhasználó frissítése sikertelen. Kérjük, próbálja meg később." + +#: authentik/tasks/models.py +msgid "Tenant this task belongs to" +msgstr "Az ügyfél, amelyhez ez a teendő tartozik" + +#: authentik/tasks/models.py +msgid "Retry failed task" +msgstr "Újra próbálkozz egy meghiúsult feladattal" + +#: authentik/tasks/models.py +msgid "Task log" +msgstr "Feladat naplók" + +#: authentik/tasks/models.py +msgid "Task logs" +msgstr "Feladat naplói" + +#: authentik/tasks/models.py +msgid "Worker status" +msgstr "Munkahirdető állapota" + +#: authentik/tasks/models.py +msgid "Worker statuses" +msgstr "Munkahirdető állapotok" + +#: authentik/tasks/schedules/models.py +msgid "Unique schedule identifier" +msgstr "Egyedi ütemezés azonosítója" + +#: authentik/tasks/schedules/models.py +msgid "User schedule identifier" +msgstr "Felhasználói ütemezési azonosító" + +#: authentik/tasks/schedules/models.py +msgid "Manually trigger a schedule" +msgstr "Kezdj manuálisan egy ütemezést" + +#: authentik/tasks/tasks.py +msgid "Remove old worker statuses." +msgstr "Eldobja a régi munkahirdető állapotokat." + +#: authentik/tenants/api/settings.py +#, python-brace-format +msgid "Value for flag {flag_key} needs to be of type {type}." +msgstr "" +"A {flag_key} jelző értékenek ezzel a típussal kell rendelkeznie: {type}." + +#: authentik/tenants/models.py +msgid "" +"Schema name must start with t_, only contain lowercase letters and numbers " +"and be less than 63 characters." +msgstr "" +"A schema névjenek t_ karakterekkel kezdődnie kell, csak kisbetűket és " +"számokat tartalmazhat, és nem lehet hosszabb, mint 63 karakter." + +#: authentik/tenants/models.py +msgid "Configure how authentik should show avatars for users." +msgstr "" +"Konfigurálja, hogyan jelenjenek meg az authentik felhasználók profilképeinek" +" a felhasználók számára." + +#: authentik/tenants/models.py +msgid "Enable the ability for users to change their name." +msgstr "Engedélyezze a felhasználóknak nevük módosítását." + +#: authentik/tenants/models.py +msgid "Enable the ability for users to change their email address." +msgstr "Engedélyezze a felhasználóknak az e-mail címük módosítását." + +#: authentik/tenants/models.py +msgid "Enable the ability for users to change their username." +msgstr "Engedélyezze a felhasználóknak a felhasználónévük módosítását." + +#: authentik/tenants/models.py +msgid "" +"Events will be deleted after this duration.(Format: " +"weeks=3;days=2;hours=3,seconds=2)." +msgstr "" +"Az események eznyelő idő múltára törölve lesznek.(Formátum: " +"hét=3;nap=2;óra=3,másodperc=2)." + +#: authentik/tenants/models.py +msgid "Reputation cannot decrease lower than this value. Zero or negative." +msgstr "" +"A hírnevközlemény nem csökkenthető ezen értéknél alul. Nulla vagy negatív." + +#: authentik/tenants/models.py +msgid "Reputation cannot increase higher than this value. Zero or positive." +msgstr "" +"A hírnevközlemény nem növekedhet ezen értéknél felül. Nulla vagy pozitív." + +#: authentik/tenants/models.py +msgid "The option configures the footer links on the flow executor pages." +msgstr "" +"Az opció beállítja a folyamat végrehajtásának oldalak alján található " +"linkeket." + +#: authentik/tenants/models.py +msgid "" +"When enabled, all the events caused by a user will be deleted upon the " +"user's deletion." +msgstr "" +"Ha engedélyezve van, akkor a felhasználó törlése után törölje az " +"eseményeket, amelyeket a felhasználó okozott." + +#: authentik/tenants/models.py +msgid "Globally enable/disable impersonation." +msgstr "Teljes körű engedélyezés/kikapcsolás az átállításhoz." + +#: authentik/tenants/models.py +msgid "Require administrators to provide a reason for impersonating a user." +msgstr "" +"Az adminisztrátoroknak szükségük van oka megadni a felhasználó " +"átállításához." + +#: authentik/tenants/models.py +msgid "Default token duration" +msgstr "Alapértelmezett jogkivonat időtartama" + +#: authentik/tenants/models.py +msgid "Default token length" +msgstr "Alapértelmezett jogkivonat hossza" + +#: authentik/tenants/models.py +msgid "Default page size for API responses, if no size was requested." +msgstr "Az API-válaszok alapértelmezett oldalhossza, ha nincs kéréssel." + +#: authentik/tenants/models.py +msgid "Maximum page size" +msgstr "Maximum oldalhossz" + +#: authentik/tenants/models.py +msgid "Tenant" +msgstr "Tényleg" + +#: authentik/tenants/models.py +msgid "Tenants" +msgstr "Tényegek" + +#: authentik/tenants/models.py +msgid "Domain" +msgstr "Domaín" + +#: authentik/tenants/models.py +msgid "Domains" +msgstr "Domáinek" + +#: packages/ak-guardian/guardian/models.py +msgid "object ID" +msgstr "objektum azonosító" + +#: packages/django-channels-postgres/django_channels_postgres/models.py +msgid "Group channel" +msgstr "Csoport csatorna" + +#: packages/django-channels-postgres/django_channels_postgres/models.py +msgid "Group channels" +msgstr "Csoport csatornák" + +#: packages/django-channels-postgres/django_channels_postgres/models.py +msgid "Message" +msgstr "Üzenet" + +#: packages/django-channels-postgres/django_channels_postgres/models.py +msgid "Messages" +msgstr "Üzeneteink" + +#: packages/django-dramatiq-postgres/django_dramatiq_postgres/models.py +msgid "Queue name" +msgstr "Sor név" + +#: packages/django-dramatiq-postgres/django_dramatiq_postgres/models.py +msgid "Dramatiq actor name" +msgstr "Dramatiq színész neve" + +#: packages/django-dramatiq-postgres/django_dramatiq_postgres/models.py +msgid "Message body" +msgstr "Üzenet tartalma" + +#: packages/django-dramatiq-postgres/django_dramatiq_postgres/models.py +msgid "Task status" +msgstr "Feladat állapota" + +#: packages/django-dramatiq-postgres/django_dramatiq_postgres/models.py +msgid "Task last modified time" +msgstr "A feladat utolsó módosítás ideje" + +#: packages/django-dramatiq-postgres/django_dramatiq_postgres/models.py +msgid "Number of retries" +msgstr "Próbalkozások száma" + +#: packages/django-dramatiq-postgres/django_dramatiq_postgres/models.py +msgid "Planned execution time" +msgstr "Terminált futtatási idő" + +#: packages/django-dramatiq-postgres/django_dramatiq_postgres/models.py +msgid "Task result" +msgstr "Feladat eredménye" + +#: packages/django-dramatiq-postgres/django_dramatiq_postgres/models.py +msgid "Result expiry time" +msgstr "Eredmény lejárati ideje" + +#: packages/django-dramatiq-postgres/django_dramatiq_postgres/models.py +msgid "Task" +msgstr "Feladat" + +#: packages/django-dramatiq-postgres/django_dramatiq_postgres/models.py +msgid "Tasks" +msgstr "Feladatok" + +#: packages/django-dramatiq-postgres/django_dramatiq_postgres/models.py +#, python-format +msgid "%(value)s is not a valid crontab" +msgstr "%(value)s nem érvényes crontab formátum" + +#: packages/django-dramatiq-postgres/django_dramatiq_postgres/models.py +msgid "Dramatiq actor to call" +msgstr "Dramatiq színész hívása" + +#: packages/django-dramatiq-postgres/django_dramatiq_postgres/models.py +msgid "Args to send to the actor" +msgstr "Argumentumok a színésznek" + +#: packages/django-dramatiq-postgres/django_dramatiq_postgres/models.py +msgid "Kwargs to send to the actor" +msgstr "Kulcsszavas argumentumok a színésznek" + +#: packages/django-dramatiq-postgres/django_dramatiq_postgres/models.py +msgid "Options to send to the actor" +msgstr "Az aktorhoz küldendő beállítások" + +#: packages/django-dramatiq-postgres/django_dramatiq_postgres/models.py +msgid "When to schedule tasks" +msgstr "A feladatok ütemezésének ideje" + +#: packages/django-dramatiq-postgres/django_dramatiq_postgres/models.py +msgid "Pause this schedule" +msgstr "Ez az ütemezést szünetelteti" + +#: packages/django-dramatiq-postgres/django_dramatiq_postgres/models.py +msgid "Schedule" +msgstr "Ütemezés" + +#: packages/django-dramatiq-postgres/django_dramatiq_postgres/models.py +msgid "Schedules" +msgstr "Ütemezések" From 77f293a1f04b9e9d0936fa31b49fb8437a04f1ee Mon Sep 17 00:00:00 2001 From: "authentik-automation[bot]" <135050075+authentik-automation[bot]@users.noreply.github.com> Date: Thu, 4 Jun 2026 19:48:19 +0000 Subject: [PATCH 52/65] core, web: update translations (#22852) Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com> --- web/xliff/cs-CZ.xlf | 6 +++--- web/xliff/de-DE.xlf | 6 +++--- web/xliff/en.xlf | 6 +++--- web/xliff/es-ES.xlf | 6 +++--- web/xliff/fi-FI.xlf | 6 +++--- web/xliff/fr-FR.xlf | 6 +++--- web/xliff/it-IT.xlf | 6 +++--- web/xliff/ja-JP.xlf | 6 +++--- web/xliff/ko-KR.xlf | 6 +++--- web/xliff/nl-NL.xlf | 6 +++--- web/xliff/pl-PL.xlf | 6 +++--- web/xliff/pt-BR.xlf | 6 +++--- web/xliff/ru-RU.xlf | 6 +++--- web/xliff/tr-TR.xlf | 6 +++--- web/xliff/zh-Hans.xlf | 7 +++---- web/xliff/zh-Hant.xlf | 6 +++--- 16 files changed, 48 insertions(+), 49 deletions(-) diff --git a/web/xliff/cs-CZ.xlf b/web/xliff/cs-CZ.xlf index 289e4040b6..5515cebdbf 100644 --- a/web/xliff/cs-CZ.xlf +++ b/web/xliff/cs-CZ.xlf @@ -8889,9 +8889,6 @@ Vazby na skupiny/uživatele jsou kontrolovány vůči uživateli události. Hide managed roles - - Flags allow you to enable new functionality and behaviour in authentik early. - Refresh other flow tabs upon authentication @@ -11237,6 +11234,9 @@ Vazby na skupiny/uživatele jsou kontrolovány vůči uživateli události. Details Label for the step in the creation wizard where the details of the entity being created are filled in. The placeholder {entity} is replaced with the name of the entity type, for example 'User Details' or 'Group Details'. + + Flags allow you to enable new functionality and behavior in authentik early. + diff --git a/web/xliff/de-DE.xlf b/web/xliff/de-DE.xlf index 6d4be4ddb7..e07cd9f2c7 100644 --- a/web/xliff/de-DE.xlf +++ b/web/xliff/de-DE.xlf @@ -8921,9 +8921,6 @@ Bindings zu Gruppen/Benutzern werden mit dem Benutzer des Ereignisses abgegliche Hide managed roles - - Flags allow you to enable new functionality and behaviour in authentik early. - Refresh other flow tabs upon authentication @@ -11269,6 +11266,9 @@ Bindings zu Gruppen/Benutzern werden mit dem Benutzer des Ereignisses abgegliche Details Label for the step in the creation wizard where the details of the entity being created are filled in. The placeholder {entity} is replaced with the name of the entity type, for example 'User Details' or 'Group Details'. + + Flags allow you to enable new functionality and behavior in authentik early. + diff --git a/web/xliff/en.xlf b/web/xliff/en.xlf index 86c2e2812a..53c95b2ad2 100644 --- a/web/xliff/en.xlf +++ b/web/xliff/en.xlf @@ -6912,9 +6912,6 @@ Bindings to groups/users are checked against the user of the event. Hide managed roles - - Flags allow you to enable new functionality and behaviour in authentik early. - Refresh other flow tabs upon authentication @@ -9260,6 +9257,9 @@ Bindings to groups/users are checked against the user of the event. Details Label for the step in the creation wizard where the details of the entity being created are filled in. The placeholder {entity} is replaced with the name of the entity type, for example 'User Details' or 'Group Details'. + + Flags allow you to enable new functionality and behavior in authentik early. + diff --git a/web/xliff/es-ES.xlf b/web/xliff/es-ES.xlf index 84ad2f2111..2d8e26c5f6 100644 --- a/web/xliff/es-ES.xlf +++ b/web/xliff/es-ES.xlf @@ -8848,9 +8848,6 @@ Las vinculaciones a grupos/usuarios se verifican en función del usuario del eve Hide managed roles - - Flags allow you to enable new functionality and behaviour in authentik early. - Refresh other flow tabs upon authentication @@ -11196,6 +11193,9 @@ Las vinculaciones a grupos/usuarios se verifican en función del usuario del eve Details Label for the step in the creation wizard where the details of the entity being created are filled in. The placeholder {entity} is replaced with the name of the entity type, for example 'User Details' or 'Group Details'. + + Flags allow you to enable new functionality and behavior in authentik early. + diff --git a/web/xliff/fi-FI.xlf b/web/xliff/fi-FI.xlf index fc62e4fee4..908b56d2af 100644 --- a/web/xliff/fi-FI.xlf +++ b/web/xliff/fi-FI.xlf @@ -9087,9 +9087,6 @@ Liitokset käyttäjiin/ryhmiin tarkistetaan tapahtuman käyttäjästä. Hide managed roles - - Flags allow you to enable new functionality and behaviour in authentik early. - Refresh other flow tabs upon authentication @@ -11435,6 +11432,9 @@ Liitokset käyttäjiin/ryhmiin tarkistetaan tapahtuman käyttäjästä. Details Label for the step in the creation wizard where the details of the entity being created are filled in. The placeholder {entity} is replaced with the name of the entity type, for example 'User Details' or 'Group Details'. + + Flags allow you to enable new functionality and behavior in authentik early. + diff --git a/web/xliff/fr-FR.xlf b/web/xliff/fr-FR.xlf index 9e90467b5d..d0b4174309 100644 --- a/web/xliff/fr-FR.xlf +++ b/web/xliff/fr-FR.xlf @@ -9076,9 +9076,6 @@ Les liaisons avec les groupes/utilisateurs sont vérifiées par rapport à l'uti Hide managed roles - - Flags allow you to enable new functionality and behaviour in authentik early. - Refresh other flow tabs upon authentication @@ -11424,6 +11421,9 @@ Les liaisons avec les groupes/utilisateurs sont vérifiées par rapport à l'uti Details Label for the step in the creation wizard where the details of the entity being created are filled in. The placeholder {entity} is replaced with the name of the entity type, for example 'User Details' or 'Group Details'. + + Flags allow you to enable new functionality and behavior in authentik early. + diff --git a/web/xliff/it-IT.xlf b/web/xliff/it-IT.xlf index 09ea6b897c..ae785e0830 100644 --- a/web/xliff/it-IT.xlf +++ b/web/xliff/it-IT.xlf @@ -8797,9 +8797,6 @@ Bindings to groups/users are checked against the user of the event. Hide managed roles - - Flags allow you to enable new functionality and behaviour in authentik early. - Refresh other flow tabs upon authentication @@ -11145,6 +11142,9 @@ Bindings to groups/users are checked against the user of the event. Details Label for the step in the creation wizard where the details of the entity being created are filled in. The placeholder {entity} is replaced with the name of the entity type, for example 'User Details' or 'Group Details'. + + Flags allow you to enable new functionality and behavior in authentik early. + diff --git a/web/xliff/ja-JP.xlf b/web/xliff/ja-JP.xlf index 8fda1ffad9..c050ecbbe8 100644 --- a/web/xliff/ja-JP.xlf +++ b/web/xliff/ja-JP.xlf @@ -9077,9 +9077,6 @@ Bindings to groups/users are checked against the user of the event. Hide managed roles - - Flags allow you to enable new functionality and behaviour in authentik early. - Refresh other flow tabs upon authentication @@ -11425,6 +11422,9 @@ Bindings to groups/users are checked against the user of the event. Details Label for the step in the creation wizard where the details of the entity being created are filled in. The placeholder {entity} is replaced with the name of the entity type, for example 'User Details' or 'Group Details'. + + Flags allow you to enable new functionality and behavior in authentik early. + diff --git a/web/xliff/ko-KR.xlf b/web/xliff/ko-KR.xlf index bb534939f3..4c3f600733 100644 --- a/web/xliff/ko-KR.xlf +++ b/web/xliff/ko-KR.xlf @@ -8449,9 +8449,6 @@ Bindings to groups/users are checked against the user of the event. Hide managed roles - - Flags allow you to enable new functionality and behaviour in authentik early. - Refresh other flow tabs upon authentication @@ -10797,6 +10794,9 @@ Bindings to groups/users are checked against the user of the event. Details Label for the step in the creation wizard where the details of the entity being created are filled in. The placeholder {entity} is replaced with the name of the entity type, for example 'User Details' or 'Group Details'. + + Flags allow you to enable new functionality and behavior in authentik early. + diff --git a/web/xliff/nl-NL.xlf b/web/xliff/nl-NL.xlf index c6e342d999..d47029f2d6 100644 --- a/web/xliff/nl-NL.xlf +++ b/web/xliff/nl-NL.xlf @@ -8134,9 +8134,6 @@ Bindingen naar groepen/gebruikers worden gecontroleerd tegen de gebruiker van de Hide managed roles - - Flags allow you to enable new functionality and behaviour in authentik early. - Refresh other flow tabs upon authentication @@ -10482,6 +10479,9 @@ Bindingen naar groepen/gebruikers worden gecontroleerd tegen de gebruiker van de Details Label for the step in the creation wizard where the details of the entity being created are filled in. The placeholder {entity} is replaced with the name of the entity type, for example 'User Details' or 'Group Details'. + + Flags allow you to enable new functionality and behavior in authentik early. + diff --git a/web/xliff/pl-PL.xlf b/web/xliff/pl-PL.xlf index 69eeed8ad8..55bf4aab79 100644 --- a/web/xliff/pl-PL.xlf +++ b/web/xliff/pl-PL.xlf @@ -8473,9 +8473,6 @@ Powiązania z grupami/użytkownikami są sprawdzane względem użytkownika zdarz Hide managed roles - - Flags allow you to enable new functionality and behaviour in authentik early. - Refresh other flow tabs upon authentication @@ -10821,6 +10818,9 @@ Powiązania z grupami/użytkownikami są sprawdzane względem użytkownika zdarz Details Label for the step in the creation wizard where the details of the entity being created are filled in. The placeholder {entity} is replaced with the name of the entity type, for example 'User Details' or 'Group Details'. + + Flags allow you to enable new functionality and behavior in authentik early. + diff --git a/web/xliff/pt-BR.xlf b/web/xliff/pt-BR.xlf index db84450fc0..e9454e0fc0 100644 --- a/web/xliff/pt-BR.xlf +++ b/web/xliff/pt-BR.xlf @@ -9069,9 +9069,6 @@ por exemplo: oci://registry.domain.tld/path Hide managed roles - - Flags allow you to enable new functionality and behaviour in authentik early. - Refresh other flow tabs upon authentication @@ -11417,6 +11414,9 @@ por exemplo: oci://registry.domain.tld/path Details Label for the step in the creation wizard where the details of the entity being created are filled in. The placeholder {entity} is replaced with the name of the entity type, for example 'User Details' or 'Group Details'. + + Flags allow you to enable new functionality and behavior in authentik early. + diff --git a/web/xliff/ru-RU.xlf b/web/xliff/ru-RU.xlf index 81a814eb63..e685331bb5 100644 --- a/web/xliff/ru-RU.xlf +++ b/web/xliff/ru-RU.xlf @@ -8559,9 +8559,6 @@ Bindings to groups/users are checked against the user of the event. Hide managed roles - - Flags allow you to enable new functionality and behaviour in authentik early. - Refresh other flow tabs upon authentication @@ -10907,6 +10904,9 @@ Bindings to groups/users are checked against the user of the event. Details Label for the step in the creation wizard where the details of the entity being created are filled in. The placeholder {entity} is replaced with the name of the entity type, for example 'User Details' or 'Group Details'. + + Flags allow you to enable new functionality and behavior in authentik early. + diff --git a/web/xliff/tr-TR.xlf b/web/xliff/tr-TR.xlf index 383fef9747..150b9b802c 100644 --- a/web/xliff/tr-TR.xlf +++ b/web/xliff/tr-TR.xlf @@ -8549,9 +8549,6 @@ Gruplara/kullanıcılara yapılan bağlamalar, etkinliğin kullanıcısına kar Hide managed roles - - Flags allow you to enable new functionality and behaviour in authentik early. - Refresh other flow tabs upon authentication @@ -10897,6 +10894,9 @@ Gruplara/kullanıcılara yapılan bağlamalar, etkinliğin kullanıcısına kar Details Label for the step in the creation wizard where the details of the entity being created are filled in. The placeholder {entity} is replaced with the name of the entity type, for example 'User Details' or 'Group Details'. + + Flags allow you to enable new functionality and behavior in authentik early. + diff --git a/web/xliff/zh-Hans.xlf b/web/xliff/zh-Hans.xlf index 5cf335633b..c2c7379fed 100644 --- a/web/xliff/zh-Hans.xlf +++ b/web/xliff/zh-Hans.xlf @@ -9229,10 +9229,6 @@ Bindings to groups/users are checked against the user of the event. Hide managed roles 隐藏管理角色 - - Flags allow you to enable new functionality and behaviour in authentik early. - 标志允许你提前启用 authentik 的新功能和行为 - Refresh other flow tabs upon authentication @@ -11716,6 +11712,9 @@ Bindings to groups/users are checked against the user of the event. Details Label for the step in the creation wizard where the details of the entity being created are filled in. The placeholder {entity} is replaced with the name of the entity type, for example 'User Details' or 'Group Details'. + + Flags allow you to enable new functionality and behavior in authentik early. + diff --git a/web/xliff/zh-Hant.xlf b/web/xliff/zh-Hant.xlf index 5b97a1645a..569e92981a 100644 --- a/web/xliff/zh-Hant.xlf +++ b/web/xliff/zh-Hant.xlf @@ -8186,9 +8186,6 @@ Bindings to groups/users are checked against the user of the event. Hide managed roles - - Flags allow you to enable new functionality and behaviour in authentik early. - Refresh other flow tabs upon authentication @@ -10534,6 +10531,9 @@ Bindings to groups/users are checked against the user of the event. Details Label for the step in the creation wizard where the details of the entity being created are filled in. The placeholder {entity} is replaced with the name of the entity type, for example 'User Details' or 'Group Details'. + + Flags allow you to enable new functionality and behavior in authentik early. + From 0837df670429c967c9345896e0c349bd86c0307b Mon Sep 17 00:00:00 2001 From: NiceDevil <17103076+nicedevil007@users.noreply.github.com> Date: Thu, 4 Jun 2026 21:57:03 +0200 Subject: [PATCH 53/65] website/integrations: add Icinga Web 2 (#22767) * website/integrations: Icinga Web 2 Add an integration guide for Icinga Web 2 with OIDC SSO against authentik via the third-party RISE-GmbH oidc module (github.com/RISE-GmbH/icingaweb2-module-oidc). Covers the OAuth2/ OpenID Connect provider configuration in authentik (including the module-specific redirect URI under /icingaweb2/oidc/authentication/ realm?name=), the New Provider dialog in the Icinga Web 2 OIDC module (Name, Url, Secret, Appname, Groups to sync, Enabled, Enforce Https on redirect urls), an explicit hint to scope Groups to sync to the few groups actually used for Icinga, and a pointer to assign roles to the imported users and groups under Configuration > Authentication > Roles. Tested with Icinga Web 2 2.13 and authentik 2026.5.2. Also add Icinga to the integrations spell-check dictionary. * website/integrations: Icinga Web 2: cleanup Agent-thread: https://sdko.org/internal/threads/019e93e4-7da8-7432-81c3-dd7dca5f8590 A7k-product: product A7k-product-repo: 2 Co-authored-by: Agent --------- Co-authored-by: nicedevil007 Co-authored-by: Dominic R Co-authored-by: Agent --- locale/en/dictionaries/integrations.txt | 1 + .../integrations/monitoring/icinga/index.md | 86 +++++++++++++++++++ 2 files changed, 87 insertions(+) create mode 100644 website/integrations/monitoring/icinga/index.md diff --git a/locale/en/dictionaries/integrations.txt b/locale/en/dictionaries/integrations.txt index 6806eec636..70cdf456d3 100644 --- a/locale/en/dictionaries/integrations.txt +++ b/locale/en/dictionaries/integrations.txt @@ -25,6 +25,7 @@ Gravitee grommunio HACS Homarr +Icinga Informatique Jellyseerr Kimai diff --git a/website/integrations/monitoring/icinga/index.md b/website/integrations/monitoring/icinga/index.md new file mode 100644 index 0000000000..06e29e3962 --- /dev/null +++ b/website/integrations/monitoring/icinga/index.md @@ -0,0 +1,86 @@ +--- +title: Integrate with Icinga Web 2 +sidebar_label: Icinga Web 2 +support_level: community +--- + +## What is Icinga Web 2? + +> Icinga Web 2 is the next-generation web interface for the Icinga monitoring stack. It provides a flexible UI to view monitoring states, drill into problems, and integrate with the Icinga 2 backend. +> +> -- https://icinga.com/ + +## Preparation + +The following placeholders are used in this guide: + +- `icinga.company` is the FQDN of the Icinga Web 2 installation. +- `authentik.company` is the FQDN of the authentik installation. + +:::info Prerequisites +This guide assumes the `oidc` module from RISE-GmbH is already installed, enabled, and configured with a database resource. Refer to the [module installation documentation](https://github.com/RISE-GmbH/icingaweb2-module-oidc/blob/main/doc/02-Installation.md) for the prerequisites. +::: + +:::info +This documentation lists only the settings that you need to change from their default values. Be aware that any changes other than those explicitly mentioned in this guide could cause issues accessing your application. +::: + +## authentik configuration + +To support the integration of Icinga Web 2 with authentik, you need to create an application/provider pair in authentik. + +### Create an application and provider in authentik + +1. Log in to authentik as an administrator and open the authentik Admin interface. +2. Navigate to **Applications** > **Applications** and click **New Application** to open the application wizard. + - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. Note the **slug** value because you will use it when configuring Icinga Web 2. + - **Choose a Provider type**: select **OAuth2/OpenID Connect** as the provider type. + - **Configure Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations. + - Note the **Client ID** and **Client Secret** values because they will be required later. + - Set a `Strict` redirect URI to `https://icinga.company/icingaweb2/oidc/authentication/realm?name=authentik`. + - Select any available signing key. + - **Configure Bindings** _(optional)_: you can create a [binding](/docs/add-secure-apps/bindings-overview/) (policy, group, or user) to manage the listing and access to applications on a user's **Application Dashboard** page. + +3. Click **Submit** to save the new application and provider. + +## Icinga Web 2 configuration + +1. Log in to Icinga Web 2 as an administrator. +2. Open the OIDC module and click **New Provider**. +3. Configure the following fields: + - **Name**: `authentik` (must match the value of the `name` query parameter in the redirect URI you registered in authentik). + - **Url**: `https://authentik.company/application/o//` + - **Secret**: the Client Secret from the authentik provider. + - **Appname**: the Client ID from the authentik provider. + - **Caption**: the label shown on the new login button on the Icinga Web 2 sign-in page, for example `Sign in with authentik`. + - **Custom Username**: `preferred_username` + - **Groups to sync** _(optional)_: a comma-separated list of the groups that should be imported into the Icinga database (see the info box below). You can use wildcard patterns, for example `icinga-*`. + - **Required Groups** _(optional)_: a comma-separated list of groups the user must be a member of in order to be allowed to log in via authentik. Leave empty to allow any authenticated authentik user. + - **Button Color**: choose the background color of the login button. + - **Text Color**: choose a text color that contrasts with the button color. + - **Enabled**: toggle on. The login button is displayed after the provider is enabled. + - **Enforce Https on redirect urls**: toggle on if Icinga Web 2 runs behind an HTTPS-terminating reverse proxy. +4. Click **Create Provider** to save the configuration. + +:::info Group synchronization +The OIDC module imports the groups matched by **Groups to sync** into Icinga Web 2. To avoid creating unrelated group entries in **Access Control**, restrict this field to the groups that are used for Icinga permissions, for example `icinga-admins, icinga-users`. +::: + +### Grant permissions to authentik users and groups + +After a user logs in via authentik for the first time, the user (and any synced groups) is created in the Icinga Web 2 database without any permissions. To grant access, assign **Roles** to the user or group under **Configuration** > **Authentication** > **Roles**. + +:::info Icinga permissions +Configuring Icinga Web 2 roles and permissions in detail is out of scope for this guide. Refer to the [Icinga Web 2 access control documentation](https://icinga.com/docs/icinga-web/latest/doc/06-Security/) for the specifics. +::: + +## Configuration verification + +To confirm that authentik is properly configured with Icinga Web 2, log out of Icinga Web 2 and click the new authentik login button on the sign-in screen. You should be redirected to authentik to log in, then redirected back to the Icinga Web 2 dashboard. + +## Resources + +- [RISE-GmbH OIDC module for Icinga Web 2 on GitHub](https://github.com/RISE-GmbH/icingaweb2-module-oidc) +- [RISE-GmbH OIDC module installation documentation](https://github.com/RISE-GmbH/icingaweb2-module-oidc/blob/main/doc/02-Installation.md) +- [RISE-GmbH OIDC module configuration documentation](https://github.com/RISE-GmbH/icingaweb2-module-oidc/blob/main/doc/03-Configuration.md) +- [Icinga Web 2 access control documentation](https://icinga.com/docs/icinga-web/latest/doc/06-Security/) From d307e200c595c777b9416ff39a670f4837859fbc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Simonyi=20Gerg=C5=91?= <28359278+gergosimonyi@users.noreply.github.com> Date: Thu, 4 Jun 2026 22:01:33 +0200 Subject: [PATCH 54/65] website/docs: mark cves CVE-2026-49443 and CVE-2026-49448 (#22808) * mark cves * Ignore spellcheck on redirects, headers. --------- Co-authored-by: Jens L. Co-authored-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com> --- cspell.config.jsonc | 2 ++ .../security/cves/{GHSA-xp7f-xjjx-gwm8.md => CVE-2026-49443.md} | 2 +- .../security/cves/{GHSA-wr38-7xg8-fqxr.md => CVE-2026-49448.md} | 2 +- website/docs/static/_redirects | 2 ++ 4 files changed, 6 insertions(+), 2 deletions(-) rename website/docs/security/cves/{GHSA-xp7f-xjjx-gwm8.md => CVE-2026-49443.md} (94%) rename website/docs/security/cves/{GHSA-wr38-7xg8-fqxr.md => CVE-2026-49448.md} (96%) diff --git a/cspell.config.jsonc b/cspell.config.jsonc index 756275854d..dfb5ded223 100644 --- a/cspell.config.jsonc +++ b/cspell.config.jsonc @@ -269,6 +269,8 @@ ".docusaurus/**", // Cache "./{docs,website}/build", // Topic docs build output "./{docs,website}/**/build", // Workspaces output + "_redirects", // Redirects file + "_headers", // Headers file //#endregion //#region Golang "go.mod", // Go module file diff --git a/website/docs/security/cves/GHSA-xp7f-xjjx-gwm8.md b/website/docs/security/cves/CVE-2026-49443.md similarity index 94% rename from website/docs/security/cves/GHSA-xp7f-xjjx-gwm8.md rename to website/docs/security/cves/CVE-2026-49443.md index 0fda0640b4..dec302ea65 100644 --- a/website/docs/security/cves/GHSA-xp7f-xjjx-gwm8.md +++ b/website/docs/security/cves/CVE-2026-49443.md @@ -1,6 +1,6 @@ -# GHSA-xp7f-xjjx-gwm8 +# CVE-2026-49443 / GHSA-xp7f-xjjx-gwm8 ## SourceStage bypass via empty POST diff --git a/website/docs/security/cves/GHSA-wr38-7xg8-fqxr.md b/website/docs/security/cves/CVE-2026-49448.md similarity index 96% rename from website/docs/security/cves/GHSA-wr38-7xg8-fqxr.md rename to website/docs/security/cves/CVE-2026-49448.md index 617ab27f73..6cd4c93a10 100644 --- a/website/docs/security/cves/GHSA-wr38-7xg8-fqxr.md +++ b/website/docs/security/cves/CVE-2026-49448.md @@ -1,4 +1,4 @@ -# GHSA-5wcc-hf24-rf5h +# CVE-2026-49443 / GHSA-5wcc-hf24-rf5h ## `UserSourceConnection.user` and `GroupSourceConnection.group` are changeable through the API diff --git a/website/docs/static/_redirects b/website/docs/static/_redirects index 5b94f26b36..be5b35d757 100644 --- a/website/docs/static/_redirects +++ b/website/docs/static/_redirects @@ -95,6 +95,8 @@ /security/2023-06-cure53 /security/audits-and-certs/2023-06-cure53 301! /security/CVE-* /security/cves/CVE-:splat 301! /security/GHSA-* /security/cves/GHSA-:splat 301! +/security/cves/GHSA-xp7f-xjjx-gwm8 /security/cves/CVE-2026-49448 +/security/cves/GHSA-wr38-7xg8-fqxr /security/cves/CVE-2026-49443 #endregion #region Troubleshooting From 986d961c6beba39d94a2f374f50f2b83268c16f7 Mon Sep 17 00:00:00 2001 From: Dewi Roberts Date: Thu, 4 Jun 2026 21:25:38 +0100 Subject: [PATCH 55/65] website/integrations: add email verified info to Mailcow (#22783) * Add email verified info * website/integrations: address Mailcow review feedback Agent-thread: https://sdko.org/internal/threads/019e9434-7d09-7b71-a974-d3d0924c06d4 A7k-product: product A7k-product-repo: 3 Co-authored-by: Agent --------- Co-authored-by: Dominic R Co-authored-by: Agent --- .../mailcow/index.md | 41 ++++++++++++++----- 1 file changed, 31 insertions(+), 10 deletions(-) diff --git a/website/integrations/chat-communication-collaboration/mailcow/index.md b/website/integrations/chat-communication-collaboration/mailcow/index.md index c4d8bfee1e..d5fe636eb3 100644 --- a/website/integrations/chat-communication-collaboration/mailcow/index.md +++ b/website/integrations/chat-communication-collaboration/mailcow/index.md @@ -27,20 +27,41 @@ This documentation lists only the settings that you need to change from their de ## authentik configuration -To support the integration of mailcow with authentik, you need to create an application/provider pair in authentik. +To support the integration of mailcow with authentik, you need to create a property mapping, set the `email_verified` attribute on required users, and create an application/provider pair in authentik. -### Create an application and provider in authentik +### Create a property mapping + +Mailcow requires that users have a verified email address. The required attribute can be returned via a scope mapping in combination with user attributes. + +1. Log in to authentik as an administrator and open the authentik Admin interface. +2. Navigate to **Customization** > **Property Mappings** and click **New Property Mapping**. +3. Select **Scope Mapping** as the property mapping type. Use `email` as the scope name, and copy the user attribute expression from [Email scope verification](/docs/add-secure-apps/providers/oauth2/index.mdx#email-scope-verification). +4. Click **Create**. + +### Set `email_verified` user attribute + +1. Log in to authentik as an administrator and open the authentik Admin interface. +2. Navigate to **Directory** > **Users** and select a user that will use the Mailcow integration. +3. Click **Edit User**. +4. Add `email_verified: true` to the **Attributes** field. +5. Click **Save Changes**. + +Repeat these steps for all users that need to use the Mailcow integration. + +### Create an application and provider 1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Applications** > **Applications** and click **New Application** to open the application wizard. - -- **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. -- **Choose a Provider type**: select **OAuth2/OpenID Connect** as the provider type. -- **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations. - - Note the **Client ID** and **Client Secret** values because they will be required later. - - Set a `Strict` redirect URI to `https://mailcow.company`. - - Select any available signing key. -- **Configure Bindings** _(optional)_: you can create a [binding](/docs/add-secure-apps/bindings-overview/) (policy, group, or user) to manage the listing and access to applications on a user's **Application Dashboard** page. + - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. + - **Choose a Provider type**: select **OAuth2/OpenID Connect** as the provider type. + - **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations. + - Note the **Client ID** and **Client Secret** values because they will be required later. + - Set a `Strict` redirect URI to `https://mailcow.company`. + - Select any available signing key. + - Under **Advanced protocol settings**: + - Remove the `authentik default OAuth Mapping: OpenID 'email'` scope from **Selected Scopes**. + - Add the scope mapping that you previously created to **Selected Scopes**. + - **Configure Bindings** _(optional)_: you can create a [binding](/docs/add-secure-apps/bindings-overview/) (policy, group, or user) to manage the listing and access to applications on a user's **Application Dashboard** page. 3. Click **Submit** to save the new application and provider. From 9840fa5e55658f1407a32287ed99bdc4ba34510e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 4 Jun 2026 22:35:33 +0200 Subject: [PATCH 56/65] web: bump the eslint group across 1 directory with 3 updates (#22841) Bumps the eslint group with 3 updates in the /web directory: [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin), [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) and [@typescript-eslint/utils](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/utils). Updates `@typescript-eslint/eslint-plugin` from 8.59.3 to 8.60.0 - [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases) - [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md) - [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.60.0/packages/eslint-plugin) Updates `@typescript-eslint/parser` from 8.59.3 to 8.60.0 - [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases) - [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md) - [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.60.0/packages/parser) Updates `@typescript-eslint/utils` from 8.59.3 to 8.60.0 - [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases) - [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/utils/CHANGELOG.md) - [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.60.0/packages/utils) --- updated-dependencies: - dependency-name: "@typescript-eslint/eslint-plugin" dependency-version: 8.60.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: eslint - dependency-name: "@typescript-eslint/parser" dependency-version: 8.60.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: eslint - dependency-name: "@typescript-eslint/utils" dependency-version: 8.60.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: eslint ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- web/package-lock.json | 723 ++++++++++++++++++++++++++++++++++++++++-- web/package.json | 6 +- 2 files changed, 696 insertions(+), 33 deletions(-) diff --git a/web/package-lock.json b/web/package-lock.json index ea91e0727e..457164da76 100644 --- a/web/package-lock.json +++ b/web/package-lock.json @@ -55,9 +55,9 @@ "@types/node": "^25.7.0", "@types/react": "^19.2.14", "@types/react-dom": "^19.2.3", - "@typescript-eslint/eslint-plugin": "^8.57.2", - "@typescript-eslint/parser": "^8.57.2", - "@typescript-eslint/utils": "^8.57.2", + "@typescript-eslint/eslint-plugin": "^8.60.0", + "@typescript-eslint/parser": "^8.60.0", + "@typescript-eslint/utils": "^8.60.0", "@typescript/native-preview": "^7.0.0-dev.20260510.1", "@vitest/browser": "^4.1.7", "@vitest/browser-playwright": "^4.1.6", @@ -5604,16 +5604,16 @@ "license": "MIT" }, "node_modules/@typescript-eslint/eslint-plugin": { - "version": "8.59.3", - "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-8.59.3.tgz", - "integrity": "sha512-PwFvSKsXGShKGW6n5bZOhGHEcCZXM8HofLK9fNsEwZXzFRjoY+XT1Vsf1zgyXdwTr0ZYz1/2tkZ0DBTT9jZjhw==", + "version": "8.60.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-8.60.0.tgz", + "integrity": "sha512-QYb/sa74/s7OKMbACMjrYnGspj9Hs5YI5aaffSL65UfeBUzVzBJfVo3oWSpbzPurvm7yaCCo2Lk7lVj610HqKw==", "license": "MIT", "dependencies": { "@eslint-community/regexpp": "^4.12.2", - "@typescript-eslint/scope-manager": "8.59.3", - "@typescript-eslint/type-utils": "8.59.3", - "@typescript-eslint/utils": "8.59.3", - "@typescript-eslint/visitor-keys": "8.59.3", + "@typescript-eslint/scope-manager": "8.60.0", + "@typescript-eslint/type-utils": "8.60.0", + "@typescript-eslint/utils": "^8.60.0", + "@typescript-eslint/visitor-keys": "8.60.0", "ignore": "^7.0.5", "natural-compare": "^1.4.0", "ts-api-utils": "^2.5.0" @@ -5626,11 +5626,70 @@ "url": "https://opencollective.com/typescript-eslint" }, "peerDependencies": { - "@typescript-eslint/parser": "^8.59.3", + "@typescript-eslint/parser": "^8.60.0", "eslint": "^8.57.0 || ^9.0.0 || ^10.0.0", "typescript": ">=4.8.4 <6.1.0" } }, + "node_modules/@typescript-eslint/eslint-plugin/node_modules/@typescript-eslint/scope-manager": { + "version": "8.60.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.60.0.tgz", + "integrity": "sha512-pFzqhllJMs+jghLQWzV00ds39xLzuyqPSev5pd8f4Ir0rtKR3ZLUB4/4dhjOFighWb9larvtfJvqL+4yKDI3Xw==", + "license": "MIT", + "dependencies": { + "@typescript-eslint/types": "8.60.0", + "@typescript-eslint/visitor-keys": "8.60.0" + }, + "engines": { + "node": "^18.18.0 || ^20.9.0 || >=21.1.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/typescript-eslint" + } + }, + "node_modules/@typescript-eslint/eslint-plugin/node_modules/@typescript-eslint/types": { + "version": "8.60.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.60.0.tgz", + "integrity": "sha512-AsE7x2XaAK+CVbeih0Fvbn+r1qHxtpLDJ3XUuFcIinT318T90yHMJC+Zgv+jUuDjQQd06HKwxnDu6sz1IcTilA==", + "license": "MIT", + "engines": { + "node": "^18.18.0 || ^20.9.0 || >=21.1.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/typescript-eslint" + } + }, + "node_modules/@typescript-eslint/eslint-plugin/node_modules/@typescript-eslint/visitor-keys": { + "version": "8.60.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.60.0.tgz", + "integrity": "sha512-9WI52t8ZGLVGrPMBet25yAftqY/n95+zmoUUtJBBQTKDSKUu7OsPTroT2op7U9JatkoRccL0YkWDNMFfC4Sjxg==", + "license": "MIT", + "dependencies": { + "@typescript-eslint/types": "8.60.0", + "eslint-visitor-keys": "^5.0.0" + }, + "engines": { + "node": "^18.18.0 || ^20.9.0 || >=21.1.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/typescript-eslint" + } + }, + "node_modules/@typescript-eslint/eslint-plugin/node_modules/eslint-visitor-keys": { + "version": "5.0.1", + "resolved": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-5.0.1.tgz", + "integrity": "sha512-tD40eHxA35h0PEIZNeIjkHoDR4YjjJp34biM0mDvplBe//mB+IHCqHDGV7pxF+7MklTvighcCPPZC7ynWyjdTA==", + "license": "Apache-2.0", + "engines": { + "node": "^20.19.0 || ^22.13.0 || >=24" + }, + "funding": { + "url": "https://opencollective.com/eslint" + } + }, "node_modules/@typescript-eslint/eslint-plugin/node_modules/ignore": { "version": "7.0.5", "resolved": "https://registry.npmjs.org/ignore/-/ignore-7.0.5.tgz", @@ -5641,15 +5700,15 @@ } }, "node_modules/@typescript-eslint/parser": { - "version": "8.59.3", - "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-8.59.3.tgz", - "integrity": "sha512-HPwA+hVkfcriajbNvTmZv4VRauibay+cWArYUYq7u7W7PmGShMxbPxLvrwDme55a6d5alG3nrYfhyJ/G28XlLg==", + "version": "8.60.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-8.60.0.tgz", + "integrity": "sha512-fcqpj/MyK4sxDPcbe7STNPbpQL4RLZOPWuaTmwZYuc+hJKzRf58yRxfhqGpc6PIq9ZyfSBpfHgmUHmHs0KwHwg==", "license": "MIT", "dependencies": { - "@typescript-eslint/scope-manager": "8.59.3", - "@typescript-eslint/types": "8.59.3", - "@typescript-eslint/typescript-estree": "8.59.3", - "@typescript-eslint/visitor-keys": "8.59.3", + "@typescript-eslint/scope-manager": "8.60.0", + "@typescript-eslint/types": "8.60.0", + "@typescript-eslint/typescript-estree": "8.60.0", + "@typescript-eslint/visitor-keys": "8.60.0", "debug": "^4.4.3" }, "engines": { @@ -5664,6 +5723,177 @@ "typescript": ">=4.8.4 <6.1.0" } }, + "node_modules/@typescript-eslint/parser/node_modules/@typescript-eslint/project-service": { + "version": "8.60.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/project-service/-/project-service-8.60.0.tgz", + "integrity": "sha512-aZu74NNKJeUWqCjDddzdiKaS82dgYgV/vmf+Ui3ZdZejmgfXR/q+pRumgobnQ2cCJTgGTWp4ypiwsuofFubavg==", + "license": "MIT", + "dependencies": { + "@typescript-eslint/tsconfig-utils": "^8.60.0", + "@typescript-eslint/types": "^8.60.0", + "debug": "^4.4.3" + }, + "engines": { + "node": "^18.18.0 || ^20.9.0 || >=21.1.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/typescript-eslint" + }, + "peerDependencies": { + "typescript": ">=4.8.4 <6.1.0" + } + }, + "node_modules/@typescript-eslint/parser/node_modules/@typescript-eslint/scope-manager": { + "version": "8.60.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.60.0.tgz", + "integrity": "sha512-pFzqhllJMs+jghLQWzV00ds39xLzuyqPSev5pd8f4Ir0rtKR3ZLUB4/4dhjOFighWb9larvtfJvqL+4yKDI3Xw==", + "license": "MIT", + "dependencies": { + "@typescript-eslint/types": "8.60.0", + "@typescript-eslint/visitor-keys": "8.60.0" + }, + "engines": { + "node": "^18.18.0 || ^20.9.0 || >=21.1.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/typescript-eslint" + } + }, + "node_modules/@typescript-eslint/parser/node_modules/@typescript-eslint/tsconfig-utils": { + "version": "8.60.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/tsconfig-utils/-/tsconfig-utils-8.60.0.tgz", + "integrity": "sha512-BZPR3RGYlAXnly6ymAxfkVn5rCbZzQNou0rxv3GfWZ8cTQp+hhVd73khbGLAd8k1TlAPLISH337M+tAgAnaJDQ==", + "license": "MIT", + "engines": { + "node": "^18.18.0 || ^20.9.0 || >=21.1.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/typescript-eslint" + }, + "peerDependencies": { + "typescript": ">=4.8.4 <6.1.0" + } + }, + "node_modules/@typescript-eslint/parser/node_modules/@typescript-eslint/types": { + "version": "8.60.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.60.0.tgz", + "integrity": "sha512-AsE7x2XaAK+CVbeih0Fvbn+r1qHxtpLDJ3XUuFcIinT318T90yHMJC+Zgv+jUuDjQQd06HKwxnDu6sz1IcTilA==", + "license": "MIT", + "engines": { + "node": "^18.18.0 || ^20.9.0 || >=21.1.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/typescript-eslint" + } + }, + "node_modules/@typescript-eslint/parser/node_modules/@typescript-eslint/typescript-estree": { + "version": "8.60.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.60.0.tgz", + "integrity": "sha512-3AcZNBGMClm6CXDyo8kYvVGT/sx29sS0oBsIb9oZI2gunA4Vm2M3YHzRLPvsUBBsl+yB5FPtltq7gGH0iTlp9g==", + "license": "MIT", + "dependencies": { + "@typescript-eslint/project-service": "8.60.0", + "@typescript-eslint/tsconfig-utils": "8.60.0", + "@typescript-eslint/types": "8.60.0", + "@typescript-eslint/visitor-keys": "8.60.0", + "debug": "^4.4.3", + "minimatch": "^10.2.2", + "semver": "^7.7.3", + "tinyglobby": "^0.2.15", + "ts-api-utils": "^2.5.0" + }, + "engines": { + "node": "^18.18.0 || ^20.9.0 || >=21.1.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/typescript-eslint" + }, + "peerDependencies": { + "typescript": ">=4.8.4 <6.1.0" + } + }, + "node_modules/@typescript-eslint/parser/node_modules/@typescript-eslint/visitor-keys": { + "version": "8.60.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.60.0.tgz", + "integrity": "sha512-9WI52t8ZGLVGrPMBet25yAftqY/n95+zmoUUtJBBQTKDSKUu7OsPTroT2op7U9JatkoRccL0YkWDNMFfC4Sjxg==", + "license": "MIT", + "dependencies": { + "@typescript-eslint/types": "8.60.0", + "eslint-visitor-keys": "^5.0.0" + }, + "engines": { + "node": "^18.18.0 || ^20.9.0 || >=21.1.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/typescript-eslint" + } + }, + "node_modules/@typescript-eslint/parser/node_modules/balanced-match": { + "version": "4.0.4", + "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-4.0.4.tgz", + "integrity": "sha512-BLrgEcRTwX2o6gGxGOCNyMvGSp35YofuYzw9h1IMTRmKqttAZZVU67bdb9Pr2vUHA8+j3i2tJfjO6C6+4myGTA==", + "license": "MIT", + "engines": { + "node": "18 || 20 || >=22" + } + }, + "node_modules/@typescript-eslint/parser/node_modules/brace-expansion": { + "version": "5.0.6", + "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-5.0.6.tgz", + "integrity": "sha512-kLpxurY4Z4r9sgMsyG0Z9uzsBlgiU/EFKhj/h91/8yHu0edo7XuixOIH3VcJ8kkxs6/jPzoI6U9Vj3WqbMQ94g==", + "license": "MIT", + "dependencies": { + "balanced-match": "^4.0.2" + }, + "engines": { + "node": "18 || 20 || >=22" + } + }, + "node_modules/@typescript-eslint/parser/node_modules/eslint-visitor-keys": { + "version": "5.0.1", + "resolved": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-5.0.1.tgz", + "integrity": "sha512-tD40eHxA35h0PEIZNeIjkHoDR4YjjJp34biM0mDvplBe//mB+IHCqHDGV7pxF+7MklTvighcCPPZC7ynWyjdTA==", + "license": "Apache-2.0", + "engines": { + "node": "^20.19.0 || ^22.13.0 || >=24" + }, + "funding": { + "url": "https://opencollective.com/eslint" + } + }, + "node_modules/@typescript-eslint/parser/node_modules/minimatch": { + "version": "10.2.5", + "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-10.2.5.tgz", + "integrity": "sha512-MULkVLfKGYDFYejP07QOurDLLQpcjk7Fw+7jXS2R2czRQzR56yHRveU5NDJEOviH+hETZKSkIk5c+T23GjFUMg==", + "license": "BlueOak-1.0.0", + "dependencies": { + "brace-expansion": "^5.0.5" + }, + "engines": { + "node": "18 || 20 || >=22" + }, + "funding": { + "url": "https://github.com/sponsors/isaacs" + } + }, + "node_modules/@typescript-eslint/parser/node_modules/semver": { + "version": "7.8.1", + "resolved": "https://registry.npmjs.org/semver/-/semver-7.8.1.tgz", + "integrity": "sha512-rkVq3IXh+4FDGch+KwzX3aV9W3kO54GyEgpvBzSyctDA6Xtd7RJQV1xmXbeQp5v7+VzLOfVqiutSE6GICgPFvg==", + "license": "ISC", + "bin": { + "semver": "bin/semver.js" + }, + "engines": { + "node": ">=10" + } + }, "node_modules/@typescript-eslint/project-service": { "version": "8.59.3", "resolved": "https://registry.npmjs.org/@typescript-eslint/project-service/-/project-service-8.59.3.tgz", @@ -5719,14 +5949,14 @@ } }, "node_modules/@typescript-eslint/type-utils": { - "version": "8.59.3", - "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-8.59.3.tgz", - "integrity": "sha512-g71d8QD8UaiHGvrJwyIS1hCX5r63w6Jll+4VEYhEAHXTDIqX1JgxhTAbEHtKntL9kuc4jRo7/GWw5xfCepSccQ==", + "version": "8.60.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-8.60.0.tgz", + "integrity": "sha512-SX46wEUtitCpq7AN38HkUU/+zvUpdKf7ephtWAFgckH8O7PQIyL5gvrhQgBLuEYgLfuKWOVvWVskMbuFHAz5xg==", "license": "MIT", "dependencies": { - "@typescript-eslint/types": "8.59.3", - "@typescript-eslint/typescript-estree": "8.59.3", - "@typescript-eslint/utils": "8.59.3", + "@typescript-eslint/types": "8.60.0", + "@typescript-eslint/typescript-estree": "8.60.0", + "@typescript-eslint/utils": "^8.60.0", "debug": "^4.4.3", "ts-api-utils": "^2.5.0" }, @@ -5742,6 +5972,160 @@ "typescript": ">=4.8.4 <6.1.0" } }, + "node_modules/@typescript-eslint/type-utils/node_modules/@typescript-eslint/project-service": { + "version": "8.60.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/project-service/-/project-service-8.60.0.tgz", + "integrity": "sha512-aZu74NNKJeUWqCjDddzdiKaS82dgYgV/vmf+Ui3ZdZejmgfXR/q+pRumgobnQ2cCJTgGTWp4ypiwsuofFubavg==", + "license": "MIT", + "dependencies": { + "@typescript-eslint/tsconfig-utils": "^8.60.0", + "@typescript-eslint/types": "^8.60.0", + "debug": "^4.4.3" + }, + "engines": { + "node": "^18.18.0 || ^20.9.0 || >=21.1.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/typescript-eslint" + }, + "peerDependencies": { + "typescript": ">=4.8.4 <6.1.0" + } + }, + "node_modules/@typescript-eslint/type-utils/node_modules/@typescript-eslint/tsconfig-utils": { + "version": "8.60.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/tsconfig-utils/-/tsconfig-utils-8.60.0.tgz", + "integrity": "sha512-BZPR3RGYlAXnly6ymAxfkVn5rCbZzQNou0rxv3GfWZ8cTQp+hhVd73khbGLAd8k1TlAPLISH337M+tAgAnaJDQ==", + "license": "MIT", + "engines": { + "node": "^18.18.0 || ^20.9.0 || >=21.1.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/typescript-eslint" + }, + "peerDependencies": { + "typescript": ">=4.8.4 <6.1.0" + } + }, + "node_modules/@typescript-eslint/type-utils/node_modules/@typescript-eslint/types": { + "version": "8.60.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.60.0.tgz", + "integrity": "sha512-AsE7x2XaAK+CVbeih0Fvbn+r1qHxtpLDJ3XUuFcIinT318T90yHMJC+Zgv+jUuDjQQd06HKwxnDu6sz1IcTilA==", + "license": "MIT", + "engines": { + "node": "^18.18.0 || ^20.9.0 || >=21.1.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/typescript-eslint" + } + }, + "node_modules/@typescript-eslint/type-utils/node_modules/@typescript-eslint/typescript-estree": { + "version": "8.60.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.60.0.tgz", + "integrity": "sha512-3AcZNBGMClm6CXDyo8kYvVGT/sx29sS0oBsIb9oZI2gunA4Vm2M3YHzRLPvsUBBsl+yB5FPtltq7gGH0iTlp9g==", + "license": "MIT", + "dependencies": { + "@typescript-eslint/project-service": "8.60.0", + "@typescript-eslint/tsconfig-utils": "8.60.0", + "@typescript-eslint/types": "8.60.0", + "@typescript-eslint/visitor-keys": "8.60.0", + "debug": "^4.4.3", + "minimatch": "^10.2.2", + "semver": "^7.7.3", + "tinyglobby": "^0.2.15", + "ts-api-utils": "^2.5.0" + }, + "engines": { + "node": "^18.18.0 || ^20.9.0 || >=21.1.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/typescript-eslint" + }, + "peerDependencies": { + "typescript": ">=4.8.4 <6.1.0" + } + }, + "node_modules/@typescript-eslint/type-utils/node_modules/@typescript-eslint/visitor-keys": { + "version": "8.60.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.60.0.tgz", + "integrity": "sha512-9WI52t8ZGLVGrPMBet25yAftqY/n95+zmoUUtJBBQTKDSKUu7OsPTroT2op7U9JatkoRccL0YkWDNMFfC4Sjxg==", + "license": "MIT", + "dependencies": { + "@typescript-eslint/types": "8.60.0", + "eslint-visitor-keys": "^5.0.0" + }, + "engines": { + "node": "^18.18.0 || ^20.9.0 || >=21.1.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/typescript-eslint" + } + }, + "node_modules/@typescript-eslint/type-utils/node_modules/balanced-match": { + "version": "4.0.4", + "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-4.0.4.tgz", + "integrity": "sha512-BLrgEcRTwX2o6gGxGOCNyMvGSp35YofuYzw9h1IMTRmKqttAZZVU67bdb9Pr2vUHA8+j3i2tJfjO6C6+4myGTA==", + "license": "MIT", + "engines": { + "node": "18 || 20 || >=22" + } + }, + "node_modules/@typescript-eslint/type-utils/node_modules/brace-expansion": { + "version": "5.0.6", + "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-5.0.6.tgz", + "integrity": "sha512-kLpxurY4Z4r9sgMsyG0Z9uzsBlgiU/EFKhj/h91/8yHu0edo7XuixOIH3VcJ8kkxs6/jPzoI6U9Vj3WqbMQ94g==", + "license": "MIT", + "dependencies": { + "balanced-match": "^4.0.2" + }, + "engines": { + "node": "18 || 20 || >=22" + } + }, + "node_modules/@typescript-eslint/type-utils/node_modules/eslint-visitor-keys": { + "version": "5.0.1", + "resolved": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-5.0.1.tgz", + "integrity": "sha512-tD40eHxA35h0PEIZNeIjkHoDR4YjjJp34biM0mDvplBe//mB+IHCqHDGV7pxF+7MklTvighcCPPZC7ynWyjdTA==", + "license": "Apache-2.0", + "engines": { + "node": "^20.19.0 || ^22.13.0 || >=24" + }, + "funding": { + "url": "https://opencollective.com/eslint" + } + }, + "node_modules/@typescript-eslint/type-utils/node_modules/minimatch": { + "version": "10.2.5", + "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-10.2.5.tgz", + "integrity": "sha512-MULkVLfKGYDFYejP07QOurDLLQpcjk7Fw+7jXS2R2czRQzR56yHRveU5NDJEOviH+hETZKSkIk5c+T23GjFUMg==", + "license": "BlueOak-1.0.0", + "dependencies": { + "brace-expansion": "^5.0.5" + }, + "engines": { + "node": "18 || 20 || >=22" + }, + "funding": { + "url": "https://github.com/sponsors/isaacs" + } + }, + "node_modules/@typescript-eslint/type-utils/node_modules/semver": { + "version": "7.8.1", + "resolved": "https://registry.npmjs.org/semver/-/semver-7.8.1.tgz", + "integrity": "sha512-rkVq3IXh+4FDGch+KwzX3aV9W3kO54GyEgpvBzSyctDA6Xtd7RJQV1xmXbeQp5v7+VzLOfVqiutSE6GICgPFvg==", + "license": "ISC", + "bin": { + "semver": "bin/semver.js" + }, + "engines": { + "node": ">=10" + } + }, "node_modules/@typescript-eslint/types": { "version": "8.59.3", "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.59.3.tgz", @@ -5831,15 +6215,15 @@ } }, "node_modules/@typescript-eslint/utils": { - "version": "8.59.3", - "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.59.3.tgz", - "integrity": "sha512-JAvT14goBzRzzzZyqq3P9BLArIxTtQURUtFgQ/V7FO+eU+Gg6ES+5ymOPP1wRxXcxAYeivCk4uS3jCKWI1K8Zg==", + "version": "8.60.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.60.0.tgz", + "integrity": "sha512-HtXuPfrHTyBDkameWpl+vJb1Uevu2tznAyahM1Oc4AENidCLTPiZDWIo4GfcxNdC/RcfGcadzzkqbRG87dUrQA==", "license": "MIT", "dependencies": { "@eslint-community/eslint-utils": "^4.9.1", - "@typescript-eslint/scope-manager": "8.59.3", - "@typescript-eslint/types": "8.59.3", - "@typescript-eslint/typescript-estree": "8.59.3" + "@typescript-eslint/scope-manager": "8.60.0", + "@typescript-eslint/types": "8.60.0", + "@typescript-eslint/typescript-estree": "8.60.0" }, "engines": { "node": "^18.18.0 || ^20.9.0 || >=21.1.0" @@ -5853,6 +6237,177 @@ "typescript": ">=4.8.4 <6.1.0" } }, + "node_modules/@typescript-eslint/utils/node_modules/@typescript-eslint/project-service": { + "version": "8.60.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/project-service/-/project-service-8.60.0.tgz", + "integrity": "sha512-aZu74NNKJeUWqCjDddzdiKaS82dgYgV/vmf+Ui3ZdZejmgfXR/q+pRumgobnQ2cCJTgGTWp4ypiwsuofFubavg==", + "license": "MIT", + "dependencies": { + "@typescript-eslint/tsconfig-utils": "^8.60.0", + "@typescript-eslint/types": "^8.60.0", + "debug": "^4.4.3" + }, + "engines": { + "node": "^18.18.0 || ^20.9.0 || >=21.1.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/typescript-eslint" + }, + "peerDependencies": { + "typescript": ">=4.8.4 <6.1.0" + } + }, + "node_modules/@typescript-eslint/utils/node_modules/@typescript-eslint/scope-manager": { + "version": "8.60.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.60.0.tgz", + "integrity": "sha512-pFzqhllJMs+jghLQWzV00ds39xLzuyqPSev5pd8f4Ir0rtKR3ZLUB4/4dhjOFighWb9larvtfJvqL+4yKDI3Xw==", + "license": "MIT", + "dependencies": { + "@typescript-eslint/types": "8.60.0", + "@typescript-eslint/visitor-keys": "8.60.0" + }, + "engines": { + "node": "^18.18.0 || ^20.9.0 || >=21.1.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/typescript-eslint" + } + }, + "node_modules/@typescript-eslint/utils/node_modules/@typescript-eslint/tsconfig-utils": { + "version": "8.60.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/tsconfig-utils/-/tsconfig-utils-8.60.0.tgz", + "integrity": "sha512-BZPR3RGYlAXnly6ymAxfkVn5rCbZzQNou0rxv3GfWZ8cTQp+hhVd73khbGLAd8k1TlAPLISH337M+tAgAnaJDQ==", + "license": "MIT", + "engines": { + "node": "^18.18.0 || ^20.9.0 || >=21.1.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/typescript-eslint" + }, + "peerDependencies": { + "typescript": ">=4.8.4 <6.1.0" + } + }, + "node_modules/@typescript-eslint/utils/node_modules/@typescript-eslint/types": { + "version": "8.60.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.60.0.tgz", + "integrity": "sha512-AsE7x2XaAK+CVbeih0Fvbn+r1qHxtpLDJ3XUuFcIinT318T90yHMJC+Zgv+jUuDjQQd06HKwxnDu6sz1IcTilA==", + "license": "MIT", + "engines": { + "node": "^18.18.0 || ^20.9.0 || >=21.1.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/typescript-eslint" + } + }, + "node_modules/@typescript-eslint/utils/node_modules/@typescript-eslint/typescript-estree": { + "version": "8.60.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.60.0.tgz", + "integrity": "sha512-3AcZNBGMClm6CXDyo8kYvVGT/sx29sS0oBsIb9oZI2gunA4Vm2M3YHzRLPvsUBBsl+yB5FPtltq7gGH0iTlp9g==", + "license": "MIT", + "dependencies": { + "@typescript-eslint/project-service": "8.60.0", + "@typescript-eslint/tsconfig-utils": "8.60.0", + "@typescript-eslint/types": "8.60.0", + "@typescript-eslint/visitor-keys": "8.60.0", + "debug": "^4.4.3", + "minimatch": "^10.2.2", + "semver": "^7.7.3", + "tinyglobby": "^0.2.15", + "ts-api-utils": "^2.5.0" + }, + "engines": { + "node": "^18.18.0 || ^20.9.0 || >=21.1.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/typescript-eslint" + }, + "peerDependencies": { + "typescript": ">=4.8.4 <6.1.0" + } + }, + "node_modules/@typescript-eslint/utils/node_modules/@typescript-eslint/visitor-keys": { + "version": "8.60.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.60.0.tgz", + "integrity": "sha512-9WI52t8ZGLVGrPMBet25yAftqY/n95+zmoUUtJBBQTKDSKUu7OsPTroT2op7U9JatkoRccL0YkWDNMFfC4Sjxg==", + "license": "MIT", + "dependencies": { + "@typescript-eslint/types": "8.60.0", + "eslint-visitor-keys": "^5.0.0" + }, + "engines": { + "node": "^18.18.0 || ^20.9.0 || >=21.1.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/typescript-eslint" + } + }, + "node_modules/@typescript-eslint/utils/node_modules/balanced-match": { + "version": "4.0.4", + "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-4.0.4.tgz", + "integrity": "sha512-BLrgEcRTwX2o6gGxGOCNyMvGSp35YofuYzw9h1IMTRmKqttAZZVU67bdb9Pr2vUHA8+j3i2tJfjO6C6+4myGTA==", + "license": "MIT", + "engines": { + "node": "18 || 20 || >=22" + } + }, + "node_modules/@typescript-eslint/utils/node_modules/brace-expansion": { + "version": "5.0.6", + "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-5.0.6.tgz", + "integrity": "sha512-kLpxurY4Z4r9sgMsyG0Z9uzsBlgiU/EFKhj/h91/8yHu0edo7XuixOIH3VcJ8kkxs6/jPzoI6U9Vj3WqbMQ94g==", + "license": "MIT", + "dependencies": { + "balanced-match": "^4.0.2" + }, + "engines": { + "node": "18 || 20 || >=22" + } + }, + "node_modules/@typescript-eslint/utils/node_modules/eslint-visitor-keys": { + "version": "5.0.1", + "resolved": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-5.0.1.tgz", + "integrity": "sha512-tD40eHxA35h0PEIZNeIjkHoDR4YjjJp34biM0mDvplBe//mB+IHCqHDGV7pxF+7MklTvighcCPPZC7ynWyjdTA==", + "license": "Apache-2.0", + "engines": { + "node": "^20.19.0 || ^22.13.0 || >=24" + }, + "funding": { + "url": "https://opencollective.com/eslint" + } + }, + "node_modules/@typescript-eslint/utils/node_modules/minimatch": { + "version": "10.2.5", + "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-10.2.5.tgz", + "integrity": "sha512-MULkVLfKGYDFYejP07QOurDLLQpcjk7Fw+7jXS2R2czRQzR56yHRveU5NDJEOviH+hETZKSkIk5c+T23GjFUMg==", + "license": "BlueOak-1.0.0", + "dependencies": { + "brace-expansion": "^5.0.5" + }, + "engines": { + "node": "18 || 20 || >=22" + }, + "funding": { + "url": "https://github.com/sponsors/isaacs" + } + }, + "node_modules/@typescript-eslint/utils/node_modules/semver": { + "version": "7.8.1", + "resolved": "https://registry.npmjs.org/semver/-/semver-7.8.1.tgz", + "integrity": "sha512-rkVq3IXh+4FDGch+KwzX3aV9W3kO54GyEgpvBzSyctDA6Xtd7RJQV1xmXbeQp5v7+VzLOfVqiutSE6GICgPFvg==", + "license": "ISC", + "bin": { + "semver": "bin/semver.js" + }, + "engines": { + "node": ">=10" + } + }, "node_modules/@typescript-eslint/visitor-keys": { "version": "8.59.3", "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.59.3.tgz", @@ -19047,6 +19602,114 @@ "typescript": ">=4.8.4 <6.1.0" } }, + "node_modules/typescript-eslint/node_modules/@typescript-eslint/eslint-plugin": { + "version": "8.59.3", + "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-8.59.3.tgz", + "integrity": "sha512-PwFvSKsXGShKGW6n5bZOhGHEcCZXM8HofLK9fNsEwZXzFRjoY+XT1Vsf1zgyXdwTr0ZYz1/2tkZ0DBTT9jZjhw==", + "license": "MIT", + "dependencies": { + "@eslint-community/regexpp": "^4.12.2", + "@typescript-eslint/scope-manager": "8.59.3", + "@typescript-eslint/type-utils": "8.59.3", + "@typescript-eslint/utils": "8.59.3", + "@typescript-eslint/visitor-keys": "8.59.3", + "ignore": "^7.0.5", + "natural-compare": "^1.4.0", + "ts-api-utils": "^2.5.0" + }, + "engines": { + "node": "^18.18.0 || ^20.9.0 || >=21.1.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/typescript-eslint" + }, + "peerDependencies": { + "@typescript-eslint/parser": "^8.59.3", + "eslint": "^8.57.0 || ^9.0.0 || ^10.0.0", + "typescript": ">=4.8.4 <6.1.0" + } + }, + "node_modules/typescript-eslint/node_modules/@typescript-eslint/parser": { + "version": "8.59.3", + "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-8.59.3.tgz", + "integrity": "sha512-HPwA+hVkfcriajbNvTmZv4VRauibay+cWArYUYq7u7W7PmGShMxbPxLvrwDme55a6d5alG3nrYfhyJ/G28XlLg==", + "license": "MIT", + "dependencies": { + "@typescript-eslint/scope-manager": "8.59.3", + "@typescript-eslint/types": "8.59.3", + "@typescript-eslint/typescript-estree": "8.59.3", + "@typescript-eslint/visitor-keys": "8.59.3", + "debug": "^4.4.3" + }, + "engines": { + "node": "^18.18.0 || ^20.9.0 || >=21.1.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/typescript-eslint" + }, + "peerDependencies": { + "eslint": "^8.57.0 || ^9.0.0 || ^10.0.0", + "typescript": ">=4.8.4 <6.1.0" + } + }, + "node_modules/typescript-eslint/node_modules/@typescript-eslint/type-utils": { + "version": "8.59.3", + "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-8.59.3.tgz", + "integrity": "sha512-g71d8QD8UaiHGvrJwyIS1hCX5r63w6Jll+4VEYhEAHXTDIqX1JgxhTAbEHtKntL9kuc4jRo7/GWw5xfCepSccQ==", + "license": "MIT", + "dependencies": { + "@typescript-eslint/types": "8.59.3", + "@typescript-eslint/typescript-estree": "8.59.3", + "@typescript-eslint/utils": "8.59.3", + "debug": "^4.4.3", + "ts-api-utils": "^2.5.0" + }, + "engines": { + "node": "^18.18.0 || ^20.9.0 || >=21.1.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/typescript-eslint" + }, + "peerDependencies": { + "eslint": "^8.57.0 || ^9.0.0 || ^10.0.0", + "typescript": ">=4.8.4 <6.1.0" + } + }, + "node_modules/typescript-eslint/node_modules/@typescript-eslint/utils": { + "version": "8.59.3", + "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.59.3.tgz", + "integrity": "sha512-JAvT14goBzRzzzZyqq3P9BLArIxTtQURUtFgQ/V7FO+eU+Gg6ES+5ymOPP1wRxXcxAYeivCk4uS3jCKWI1K8Zg==", + "license": "MIT", + "dependencies": { + "@eslint-community/eslint-utils": "^4.9.1", + "@typescript-eslint/scope-manager": "8.59.3", + "@typescript-eslint/types": "8.59.3", + "@typescript-eslint/typescript-estree": "8.59.3" + }, + "engines": { + "node": "^18.18.0 || ^20.9.0 || >=21.1.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/typescript-eslint" + }, + "peerDependencies": { + "eslint": "^8.57.0 || ^9.0.0 || ^10.0.0", + "typescript": ">=4.8.4 <6.1.0" + } + }, + "node_modules/typescript-eslint/node_modules/ignore": { + "version": "7.0.5", + "resolved": "https://registry.npmjs.org/ignore/-/ignore-7.0.5.tgz", + "integrity": "sha512-Hs59xBNfUIunMFgWAbGX5cq6893IbWg4KnrjbYwX3tx0ztorVgTDA6B2sxf8ejHJ4wz8BqGUMYlnzNBer5NvGg==", + "license": "MIT", + "engines": { + "node": ">= 4" + } + }, "node_modules/ufo": { "version": "1.6.3", "resolved": "https://registry.npmjs.org/ufo/-/ufo-1.6.3.tgz", diff --git a/web/package.json b/web/package.json index cdf94cf59d..409fe71b62 100644 --- a/web/package.json +++ b/web/package.json @@ -130,9 +130,9 @@ "@types/node": "^25.7.0", "@types/react": "^19.2.14", "@types/react-dom": "^19.2.3", - "@typescript-eslint/eslint-plugin": "^8.57.2", - "@typescript-eslint/parser": "^8.57.2", - "@typescript-eslint/utils": "^8.57.2", + "@typescript-eslint/eslint-plugin": "^8.60.0", + "@typescript-eslint/parser": "^8.60.0", + "@typescript-eslint/utils": "^8.60.0", "@typescript/native-preview": "^7.0.0-dev.20260510.1", "@vitest/browser": "^4.1.7", "@vitest/browser-playwright": "^4.1.6", From 26e7078ae9abc9b6fdffe3f3a904a5d46fb771ad Mon Sep 17 00:00:00 2001 From: 4www <1502484+4www@users.noreply.github.com> Date: Thu, 4 Jun 2026 23:07:02 +0200 Subject: [PATCH 57/65] website/docs: add GitLab social login source guide (#22764) * website/docs: add GitLab social login source guide * website/docs: clean up GitLab social login guide Restructure the GitLab source guide so GitLab.com and self-hosted setup are handled in one flow. Agent-thread: https://sdko.org/internal/threads/019e9445-5367-7973-8c2e-9a6be0cedfb3 A7k-product: product A7k-product-repo: 4 Co-authored-by: Agent --------- Co-authored-by: Dominic R Co-authored-by: Agent --- .../sources/social-logins/gitlab/index.mdx | 70 +++++++++++++++++++ 1 file changed, 70 insertions(+) create mode 100644 website/docs/users-sources/sources/social-logins/gitlab/index.mdx diff --git a/website/docs/users-sources/sources/social-logins/gitlab/index.mdx b/website/docs/users-sources/sources/social-logins/gitlab/index.mdx new file mode 100644 index 0000000000..b0246adcec --- /dev/null +++ b/website/docs/users-sources/sources/social-logins/gitlab/index.mdx @@ -0,0 +1,70 @@ +--- +title: Log in with GitLab +sidebar_label: GitLab +tags: + - source + - gitlab +--- + +Allows users to authenticate using their GitLab credentials by configuring GitLab as a federated identity provider via OAuth 2.0. + +## Preparation + +The following placeholders are used in this guide: + +- `authentik.company` is the FQDN of the authentik installation. +- `gitlab.company` is the FQDN of the GitLab installation. Use `gitlab.com` for GitLab SaaS. + +## GitLab configuration + +To integrate GitLab with authentik, you need to create an OAuth application in GitLab. + +1. Log in to GitLab and navigate to the application settings: + - For a user-owned application, select your avatar, click **Edit profile**, and then navigate to **Access** > **Applications**. + - For a group-owned application, navigate to the group and then click **Settings** > **Applications**. + - For an instance-wide application, navigate to **Admin** > **Applications**. +2. Click **Add new application** or **New application** and set the following values: + - **Name**: `authentik` + - **Redirect URI**: `https://authentik.company/source/oauth/callback/gitlab/` + - **Scopes**: select all four of the following: + - `read_user` + - `openid` + - `profile` + - `email` + +3. Click **Save application** and take note of the **Application ID** and **Secret**. These values are required in the next section. + +## authentik configuration + +To support the integration of GitLab with authentik, you need to create a GitLab OAuth source in authentik. + +1. Log in to authentik as an administrator and open the authentik Admin interface. +2. Navigate to **Directory** > **Federation and Social login**, click **New Source**, and then configure the following settings: + - **Select type**: select **GitLab OAuth Source** as the source type. + - **Create GitLab OAuth Source**: provide a name, a slug which must match the slug used in the GitLab **Redirect URI** field (e.g. `gitlab`), and set the following required configurations: + - Under **Protocol settings**: + - **Consumer key**: set the **Application ID** from GitLab. + - **Consumer secret**: set the **Secret** from GitLab. + - Under **URL settings** _(self-hosted GitLab instances only)_: + - **Authorization URL**: `https://gitlab.company/oauth/authorize` + - **Access token URL**: `https://gitlab.company/oauth/token` + - **Profile URL**: `https://gitlab.company/oauth/userinfo` + - **OIDC Well-known URL**: `https://gitlab.company/.well-known/openid-configuration` + - **OIDC JWKS URL**: `https://gitlab.company/oauth/discovery/keys` +3. Click **Finish** to save your settings. + +:::info Display new source on login screen +For instructions on how to display the new source on the authentik login page, refer to the [Add sources to default login page documentation](../../index.md#add-sources-to-default-login-page). +::: + +:::info Embed new source in flow :ak-enterprise +For instructions on embedding the new source within a flow, such as an authorization flow, refer to the [Source Stage documentation](../../../../../add-secure-apps/flows-stages/stages/source/). +::: + +## Source property mappings + +Source property mappings allow you to modify or gather extra information from sources. See the [overview](../../property-mappings/index.md) for more information. + +## Resources + +- [GitLab Docs - Configure GitLab as an OAuth 2.0 authentication identity provider](https://docs.gitlab.com/integration/oauth_provider/) From c4968a9c56975b264bec519daa84e00d6fc23e21 Mon Sep 17 00:00:00 2001 From: powerquell <67701236+powerquell@users.noreply.github.com> Date: Thu, 4 Jun 2026 23:21:20 +0200 Subject: [PATCH 58/65] website/docs: add launch URL in Komodo docs (#22866) * Update index.mdx Add launch URL Signed-off-by: powerquell <67701236+powerquell@users.noreply.github.com> * Apply suggestion from @dominic-r Signed-off-by: Dominic R --------- Signed-off-by: powerquell <67701236+powerquell@users.noreply.github.com> Signed-off-by: Dominic R Co-authored-by: Dominic R --- website/integrations/infrastructure/komodo/index.mdx | 1 + 1 file changed, 1 insertion(+) diff --git a/website/integrations/infrastructure/komodo/index.mdx b/website/integrations/infrastructure/komodo/index.mdx index 79ad44bc08..de4d83794a 100644 --- a/website/integrations/infrastructure/komodo/index.mdx +++ b/website/integrations/infrastructure/komodo/index.mdx @@ -36,6 +36,7 @@ To support the integration of Komodo with authentik, you need to create an appli - Set a `Strict` redirect URI to `https://komodo.company/auth/oidc/callback`. - Select any available signing key. - **Configure Bindings** _(optional)_: you can create a [binding](/docs/add-secure-apps/bindings-overview/) (policy, group, or user) to manage the listing and access to applications on a user's **Application Dashboard** page. + - **Configure Launch URL** _(optional)_: set to `https://komodo.company/auth/oidc/login`. 3. Click **Submit** to save the new application and provider. From 3c861d3f04906df26ed5b3395bb09fe059c91dca Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 4 Jun 2026 23:26:55 +0200 Subject: [PATCH 59/65] core: bump library/golang from 1.26.3-trixie to 1.26.4-trixie in /lifecycle/container (#22837) core: bump library/golang in /lifecycle/container Bumps library/golang from 1.26.3-trixie to 1.26.4-trixie. --- updated-dependencies: - dependency-name: library/golang dependency-version: 1.26.4-trixie dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- lifecycle/container/Dockerfile | 2 +- lifecycle/container/ldap.Dockerfile | 2 +- lifecycle/container/proxy.Dockerfile | 2 +- lifecycle/container/rac.Dockerfile | 2 +- lifecycle/container/radius.Dockerfile | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/lifecycle/container/Dockerfile b/lifecycle/container/Dockerfile index 02404df8f8..b57a11b3ba 100644 --- a/lifecycle/container/Dockerfile +++ b/lifecycle/container/Dockerfile @@ -41,7 +41,7 @@ RUN npm run build && \ npm run build:sfe # Stage: Build go proxy -FROM --platform=${BUILDPLATFORM} docker.io/library/golang:1.26.3-trixie@sha256:0f6b034c99663ea8957e7dae99124e37374cbe7fcb5b5646f19b185f8f976279 AS go-builder +FROM --platform=${BUILDPLATFORM} docker.io/library/golang:1.26.4-trixie@sha256:0dcba0d95dbfb072e9917a106b9e07d7cc298097dc83e9307056ef1889de654d AS go-builder ARG TARGETOS ARG TARGETARCH diff --git a/lifecycle/container/ldap.Dockerfile b/lifecycle/container/ldap.Dockerfile index 15043380b2..445d5d3e47 100644 --- a/lifecycle/container/ldap.Dockerfile +++ b/lifecycle/container/ldap.Dockerfile @@ -1,7 +1,7 @@ # syntax=docker/dockerfile:1 # Stage 1: Build -FROM --platform=${BUILDPLATFORM} docker.io/library/golang:1.26.3-trixie@sha256:0f6b034c99663ea8957e7dae99124e37374cbe7fcb5b5646f19b185f8f976279 AS builder +FROM --platform=${BUILDPLATFORM} docker.io/library/golang:1.26.4-trixie@sha256:0dcba0d95dbfb072e9917a106b9e07d7cc298097dc83e9307056ef1889de654d AS builder ARG TARGETOS ARG TARGETARCH diff --git a/lifecycle/container/proxy.Dockerfile b/lifecycle/container/proxy.Dockerfile index 3fec87f246..b796656e70 100644 --- a/lifecycle/container/proxy.Dockerfile +++ b/lifecycle/container/proxy.Dockerfile @@ -32,7 +32,7 @@ COPY web . RUN npm run build-proxy # Stage 2: Build -FROM --platform=${BUILDPLATFORM} docker.io/library/golang:1.26.3-trixie@sha256:0f6b034c99663ea8957e7dae99124e37374cbe7fcb5b5646f19b185f8f976279 AS builder +FROM --platform=${BUILDPLATFORM} docker.io/library/golang:1.26.4-trixie@sha256:0dcba0d95dbfb072e9917a106b9e07d7cc298097dc83e9307056ef1889de654d AS builder ARG TARGETOS ARG TARGETARCH diff --git a/lifecycle/container/rac.Dockerfile b/lifecycle/container/rac.Dockerfile index c1cc578476..0b5ea8ab4b 100644 --- a/lifecycle/container/rac.Dockerfile +++ b/lifecycle/container/rac.Dockerfile @@ -1,7 +1,7 @@ # syntax=docker/dockerfile:1 # Stage 1: Build -FROM --platform=${BUILDPLATFORM} docker.io/library/golang:1.26.3-trixie@sha256:0f6b034c99663ea8957e7dae99124e37374cbe7fcb5b5646f19b185f8f976279 AS builder +FROM --platform=${BUILDPLATFORM} docker.io/library/golang:1.26.4-trixie@sha256:0dcba0d95dbfb072e9917a106b9e07d7cc298097dc83e9307056ef1889de654d AS builder ARG TARGETOS ARG TARGETARCH diff --git a/lifecycle/container/radius.Dockerfile b/lifecycle/container/radius.Dockerfile index 5a37f88bc8..340b0a196a 100644 --- a/lifecycle/container/radius.Dockerfile +++ b/lifecycle/container/radius.Dockerfile @@ -1,7 +1,7 @@ # syntax=docker/dockerfile:1 # Stage 1: Build -FROM --platform=${BUILDPLATFORM} docker.io/library/golang:1.26.3-trixie@sha256:0f6b034c99663ea8957e7dae99124e37374cbe7fcb5b5646f19b185f8f976279 AS builder +FROM --platform=${BUILDPLATFORM} docker.io/library/golang:1.26.4-trixie@sha256:0dcba0d95dbfb072e9917a106b9e07d7cc298097dc83e9307056ef1889de654d AS builder ARG TARGETOS ARG TARGETARCH From 4e5c8171d1972519155365e763b4ccab1bc52468 Mon Sep 17 00:00:00 2001 From: Dominic R Date: Thu, 4 Jun 2026 23:05:07 -0400 Subject: [PATCH 60/65] website/docs: update binding wizard labels (#22869) Refresh binding instructions to match the current Create or bind wizard labels across application, policy, event, and RAC docs. Closes: #22272 Agent-thread: https://sdko.org/internal/threads/019e948f-6a16-7181-ba2e-3c539bec06e7 A7k-product: product A7k-product-repo: 2 Co-authored-by: Agent --- .../docs/add-secure-apps/applications/manage_apps.mdx | 10 +++++----- .../providers/rac/rac_credentials_prompt.md | 2 +- .../docs/customize/policies/working_with_policies.md | 8 ++++---- website/docs/sys-mgmt/events/notifications.md | 2 +- 4 files changed, 11 insertions(+), 11 deletions(-) diff --git a/website/docs/add-secure-apps/applications/manage_apps.mdx b/website/docs/add-secure-apps/applications/manage_apps.mdx index 33bb107444..9485191185 100644 --- a/website/docs/add-secure-apps/applications/manage_apps.mdx +++ b/website/docs/add-secure-apps/applications/manage_apps.mdx @@ -49,7 +49,7 @@ The most common ways to control access to an application by using bindings are: ### Policy-driven authorization -To use a [policy](../../customize/policies/index.md) to control which users or groups can access an application, click on an application in the applications list, click the **Policy/Group/User Bindings** tab, and then select **Policy** from the **Policy/Group/User Bindings** options. +To use a [policy](../../customize/policies/index.md) to control which users or groups can access an application, click an application in the applications list, open the **Policy / Group / User Bindings** tab, and click **Create or bind...**. You can then create a new policy and bind it to the application, or select **Bind an existing policy** under **Bind Existing...**. ### Bind a user or group to an application @@ -57,11 +57,11 @@ You can bind a user or group to an application either when you create a new appl #### When creating an application and provider -Follow the instructions for [creating a new application and provider](#create-an-application-and-provider-pair). On the **Policy/Group/User Bindings** tab at the top of the page, you can select **Group** or \*User\*\* to bind a specific group or userto the application. +Follow the instructions for [creating a new application and provider](#create-an-application-and-provider-pair). On the **Configure Bindings** step, click **Bind existing policy/group/user**. Select **Group** or **User**, choose the group or user to bind to the application, configure any additional binding settings, and then click **Save Binding**. #### Add binding to an existing application -To bind a user or group to an existing application, click on an application in the applications list, select **Group** or **User** from the **Policy/Group/User Bindings** options, and then select the group or user that you want to bind to the application. +To bind a user or group to an existing application, click the application in the applications list, open the **Policy / Group / User Bindings** tab, and click **Create or bind...**. Under **Bind Existing...**, select **Bind a user** or **Bind a group**, choose the user or group to bind to the application, configure any additional binding settings, and then click **Create**. ## Application Entitlements @@ -105,8 +105,8 @@ return { 2. Click the name of the application for which you want to create an entitlement. 3. Click the **Application entitlements** tab at the top of the page, and then click **New Entitlement**. Provide a name for the entitlement, enter any optional **Attributes**, and then click **Create**. 4. In the list locate the entitlement to which you want to bind a user or group, and then **click the caret (>) to expand the entitlement details.** -5. In the expanded area, click **Bind existing Group/User**. -6. In the **New Binding** box, select either the tab for **Group** or **User**, and then in the drop-down list, select the group or user. +5. In the expanded area, click **Bind existing group/user**. +6. In the binding modal, select **Group** or **User**, and then select the group or user. 7. Optionally, configure additional settings for the binding, and then click **Create** to create the binding and close the box. ## Hide applications diff --git a/website/docs/add-secure-apps/providers/rac/rac_credentials_prompt.md b/website/docs/add-secure-apps/providers/rac/rac_credentials_prompt.md index 0955e556fb..0c0cbfafb6 100644 --- a/website/docs/add-secure-apps/providers/rac/rac_credentials_prompt.md +++ b/website/docs/add-secure-apps/providers/rac/rac_credentials_prompt.md @@ -55,7 +55,7 @@ You can optionally add other prompt fields such as `domain` (e.g. `connection_se 1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Flows and Stages** > **Flows**. 3. Click the name of the newly created authorization flow. -4. Click on **Stage bindings**, click **New Stage**, and enter the following required settings: +4. Click **Stage Bindings**, click **Create or bind...**, select **New Stage**, and enter the following required settings: - **Select Type**: Select `Prompt stage` as the prompt type. - **Create Prompt Stage**: - **Name**: Enter a name for the prompt stage. diff --git a/website/docs/customize/policies/working_with_policies.md b/website/docs/customize/policies/working_with_policies.md index 9f7f2ee5d2..54c28d2ad1 100644 --- a/website/docs/customize/policies/working_with_policies.md +++ b/website/docs/customize/policies/working_with_policies.md @@ -49,8 +49,8 @@ These bindings control which users can access a flow. 1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Flows and Stages** > **Flows**. 3. In the list of flows, click on the name of the flow to which you want to bind a policy. -4. Click on the **Policy/Group/User Bindings** tab at the top of the page. -5. Either create a new policy and bind it immediately with **Create and bind Policy**, or attach an existing policy, group, or user with **Bind existing policy/group/user**. +4. Click on the **Policy / Group / User Bindings** tab at the top of the page. +5. Click **Create or bind...**. You can then create a new policy and bind it to the flow, or select **Bind an existing policy** under **Bind Existing...**. ### Bind a policy to a stage binding @@ -76,8 +76,8 @@ These bindings control which users or groups can access an application. 1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Applications** > **Applications**. 3. In the list of applications, click on the name of the application to which you want to bind a policy. -4. Click on the **Policy/Group/User Bindings** tab at the top of the page. -5. Either create and bind a new policy, or bind an existing policy, group, or user. +4. Click on the **Policy / Group / User Bindings** tab at the top of the page. +5. Click **Create or bind...**. You can then create a new policy and bind it to the application, or select **Bind an existing policy** under **Bind Existing...**. ### Bind a policy to a source diff --git a/website/docs/sys-mgmt/events/notifications.md b/website/docs/sys-mgmt/events/notifications.md index 394648ec8f..1f44936c6a 100644 --- a/website/docs/sys-mgmt/events/notifications.md +++ b/website/docs/sys-mgmt/events/notifications.md @@ -61,7 +61,7 @@ After you've created the policies to match the events you want, create a notific 4. In the list of notification rules, click the arrow in the row of the notification rule to expand the details of the rule. -5. Click **Bind existing Policy/Group/User** and in the **Create Binding** modal, select the policy that you created for this notification rule and then click **Create Policy Binding** to finalize the binding. +5. Click **Create or bind...**. Under **Bind Existing...**, select **Bind an existing policy**. In the **Create Binding** modal, select the policy that you created for this notification rule, and then click **Create** to finalize the binding. :::info Be aware that policies are executed even when no group is selected. From 63ed60bdabd9d41d7172552f4edca877d0b1a00f Mon Sep 17 00:00:00 2001 From: Dominic R Date: Fri, 5 Jun 2026 03:54:15 -0400 Subject: [PATCH 61/65] website/docs: improve service account docs (#22145) * website/docs: improve service account docs * website/docs: title service account warning --------- Co-authored-by: Agent --- website/docs/sys-mgmt/service-accounts.md | 150 ++++++++++++++-------- 1 file changed, 94 insertions(+), 56 deletions(-) diff --git a/website/docs/sys-mgmt/service-accounts.md b/website/docs/sys-mgmt/service-accounts.md index 85d1bb6019..2379246635 100644 --- a/website/docs/sys-mgmt/service-accounts.md +++ b/website/docs/sys-mgmt/service-accounts.md @@ -3,26 +3,35 @@ title: Service accounts sidebar_label: Service accounts --- -Service accounts are specialized user accounts designed for machine-to-machine authentication and automation purposes rather than interactive human use. They're ideal for integrating authentik with external systems, APIs, and services. +Service accounts are specialized user accounts for machine-to-machine authentication and automation. Use them when an external service, script, integration, or protocol client needs to authenticate to authentik without representing a human user. + +Common examples include LDAP bind users, automation that calls the authentik API, SCIM or outpost-related integrations, and third-party applications that need a stable credential. ## Types of service accounts -authentik distinguishes between two types of service accounts: +authentik has two service account types: -1. **User-created service accounts**: Created by administrators for integrating with external systems or for automation purposes. -2. **Internal service accounts**: Created and managed automatically by authentik for internal purposes, such as outpost communications. These cannot be created manually. +- **User-created service accounts**: accounts created by administrators for external systems or automation. These accounts appear under **Directory** > **Users** with the `Service account` user type. +- **Internal service accounts**: accounts created and managed by authentik for internal components, such as outpost communication. These accounts cannot be created manually, converted to another user type, or edited like regular users. + +## How service accounts work + +A user-created service account is an authentik user of type `Service account` that authenticates using: + +- **App passwords**: Authenticate to flows and protocol clients that accept a username and password, such as LDAP bind clients. When you create a service account from **Directory** > **Users**, authentik creates an app password for the account and shows it once in the confirmation screen. +- **API tokens**: Authenticate to the authentik API with HTTP Bearer authentication. Use API tokens for scripts, CI/CD jobs, and other automation that calls `/api/v3/` endpoints. + +A service account is still a user object for authorization purposes. You can add it to groups, add it to roles, assign object permissions, and include or exclude it from application access through bindings and policies. ## Limitations -Service accounts have certain limitations compared to regular user accounts: +Service accounts differ from regular users in the following ways: -1. Cannot log in through the UI. -2. Cannot have a password (they use tokens exclusively). -3. Cannot participate in multi-factor authentication flows. -4. Cannot be used for interactive sessions that require human interaction. -5. Cannot have permissions assigned directly if they are internal service accounts. -6. Cannot change their own password or manage their own account settings. -7. Are subject to token expiration policies that differ from regular user accounts. +- They are intended for non-interactive use and cannot access the authentik user or Admin interfaces. If a service account authenticates in a browser, authentik redirects it to the brand's default application when configured; otherwise, access to the interface is denied. +- They do not have a usable account password. They instead use app passwords or API tokens. +- They cannot complete interactive MFA setup or other human-driven account settings flows. +- They should not be used to represent a person. Create a regular internal or external user for human access. +- Internal service accounts are managed by authentik and cannot be modified directly. ## Create a service account @@ -31,79 +40,108 @@ To create a service account: 1. In the authentik **Admin interface**, navigate to **Directory** > **Users**. 2. Click **New User**, and then select **Service Account**. 3. Configure the following settings: - - **Username**: The account's primary identifier (150 characters or fewer). - - **Create Group** (_optional_): Enabling this toggle will create a group named after the account, with the user as a member. - - **Expiring**: If selected, the token will expire and be automatically rotated upon expiration. - - **Expires on**: Sets the expiration date (defaults to 1 year from the creation date). + - **Username**: the primary identifier for the service account. This value is used as the username for app-password authentication. + - **Create Group** (_optional_): creates a group with the same name as the service account and adds the service account to it. This can be useful when you want to grant access through group membership. + - **Expiring**: controls whether the generated app password expires. + - **Expires on**: sets the expiration date for the generated app password. If no date is provided, the default is 360 days. 4. Click **Next**. - View the confirmation screen that shows the username and generated password (token). Make sure to copy this information somewhere secure as you'll need it for authentication. If you need the token later, navigate to the **Directory -> Tokens and App passwords** and copy the one for your service account. + View the confirmation screen that shows the username and generated password. Copy this information and store the password in a secure secret store. 5. Click **Close**. +:::warning Store the generated password securely +The generated password is the service account's initial app password. Treat it like any other secret. Anyone with this value can authenticate as the service account anywhere that app passwords are accepted. +::: + ## Token properties Service account tokens have the following properties: -- **Expiration**: By default, tokens expire after 360 days but can be configured to be non-expiring. -- **Custom Expiration Date**: You can set a specific expiration date when creating the service account. -- **Revocation**: Tokens can be revoked at any time by deleting them or generating new ones. OAuth2 access tokens associated with service accounts can also be introspected or revoked through the OAuth2 provider endpoints when the authenticating provider is the issuing provider or is configured for [cross-provider token introspection and revocation](../add-secure-apps/providers/oauth2/index.mdx#cross-provider-token-introspection-and-revocation). -- **Automatic Rotation**: When a token expires, it's automatically rotated to maintain security. +- **Expiration**: by default, tokens expire after 360 days but can be configured to be non-expiring. +- **Custom expiration date**: you can set a specific expiration date when creating the service account. +- **Revocation**: tokens can be revoked at any time by deleting them or generating new ones. OAuth2 access tokens associated with service accounts can also be introspected or revoked through the OAuth2 provider endpoints when the authenticating provider is the issuing provider or is configured for [cross-provider token introspection and revocation](../add-secure-apps/providers/oauth2/index.mdx#cross-provider-token-introspection-and-revocation). +- **Automatic rotation**: when a token expires, authentik automatically rotates API tokens to maintain security. ## Manage service account tokens -Tokens for service accounts are managed through the authentik Admin interface: +Service account tokens are managed from **Directory** > **Tokens and App passwords**. -1. Log in to authentik as an administrator and open the authentik Admin interface. -2. Navigate to **Directory** > **Tokens and App passwords**. - Here you can view, create, copy, delete, and manage tokens. +### Create another app password -### Create new tokens +Create an app password when an integration needs username/password-style authentication, for example an LDAP bind password. -To create a new token for a service account: +1. Navigate to **Directory** > **Tokens and App passwords**. +2. Click **Create**. +3. Enter a unique **Identifier**. +4. Select the service account in the **User** field. +5. Set **Intent** to **App password**. +6. Configure whether the token expires and, if needed, set **Expires on**. +7. Click **Create** and copy the generated value. -1. Click **Create**. -2. Set the identifier for your token. -3. In the **User** dropdown list, select your service account. -4. For **Intent**, choose one of the following: - - **API Token**: Used to access the API programmatically (30-minute default lifespan). - - **App password**: Used for logging in using a flow executor (1-year default lifespan). -5. Click **Create** to generate the new token. +### Create an API token -### Manage and regenerate tokens +Create an API token when automation needs to call the authentik API. -- To copy a token's value, use the copy button under the **Actions** column. -- To delete a token, select it from the list and click the **Delete** button. -- To regenerate a token, delete the existing token and create a new one with the same settings, ensuring you select the same username under the **User** dropdown list. +1. Navigate to **Directory** > **Tokens and App passwords**. +2. Click **Create**. +3. Enter a unique **Identifier**. +4. Select the service account in the **User** field. +5. Set **Intent** to **API Token**. +6. Click **Create** and copy the generated value. -## Authentication with service accounts +Use the token as a Bearer token in the `Authorization` header when calling the authentik API: -Service accounts authenticate using [HTTP Basic authentication](https://datatracker.ietf.org/doc/html/rfc7617). The username and password (token) generated during account creation are used as credentials. +```http +Authorization: Bearer +``` + +### Rotate or revoke tokens + +- To view a token value, use the copy action in **Directory** > **Tokens and App passwords**. Access to token values is controlled by the `View token's key` permission. +- To revoke a token, delete it. +- To rotate an app password, create a replacement token, update the external system, and then delete the old token. +- Expiring app passwords become invalid when they expire. Expiring API tokens are rotated by authentik. ## Permissions and access control -Like regular user accounts, with service accounts you can assign [permissions and use RBAC](../users-sources/access-control/manage_permissions.md). +Service accounts start with no special access beyond normal authentication. Grant only the permissions required for the integration. -1. Assign the service account to groups to inherit group permissions. -2. Grant specific permissions directly to the service account. -3. Restrict the service account to specific applications or resources. +You can grant access in the same ways as regular users: -We recommend following the principle of least privilege and granting service accounts only the permissions they need. +- Add the service account to a group and grant permissions to that group. +- Add the service account to a role and grant global or object permissions to that role. +- Grant object permissions directly to the service account when access should not be shared with other accounts. +- Use application [bindings](../add-secure-apps/applications/manage_apps.mdx#use-bindings-to-control-access) or policies to restrict which applications the service account can access. -## Common use cases +For more information about assigning permissions, see [Manage permissions](../users-sources/access-control/manage_permissions.md). -### Integration with external systems +### Example: LDAP search account -Service accounts are commonly used for: +LDAP clients often need a bind account that can search the LDAP directory. In this case: -1. **LDAP authentication**: Systems like SSSD, QNAP NAS, and other LDAP clients often use service accounts to bind to authentik's LDAP provider. -2. **Directory synchronization**: Tools that sync users and groups between authentik and other systems. -3. **API automation**: For scripts, CI/CD pipelines, or other systems that need to interact with authentik's API. +1. Create a service account, such as `ldapservice`. +2. Store the generated app password in the LDAP client configuration. +3. Create a role for LDAP search access. +4. Add the service account to that role. +5. On the LDAP provider, assign the role the **Search full LDAP directory** object permission. + +For the full LDAP setup, see [Create an LDAP provider](../add-secure-apps/providers/ldap/create-ldap-provider.mdx#create-a-service-account). + +### Example: API automation account + +Automation that manages authentik objects should use an API token for a dedicated service account. + +1. Create a service account for the automation, such as `ci-authentik-admin`. +2. Create an API token for that service account. +3. Grant the service account only the permissions required by the automation. For example, a script that rotates application certificates should receive certificate-related permissions, not full administrator access. +4. Store the API token in your CI/CD or secret management system and send it as `Authorization: Bearer `. ## Security best practices When using service accounts, follow these security practices: -1. **Least privilege**: Grant service accounts only the permissions they need. -2. **Secure storage**: Store service account tokens securely in encrypted storage, environment variables, or secret management systems. -3. **Token rotation**: Rotate tokens periodically for sensitive integrations. -4. **Use expiration**: Set appropriate token expiration dates for your use case. -5. **Audit usage**: Monitor service account activity for unexpected behavior. +- **Use one service account per integration**. Avoid sharing one account across unrelated systems so audit events and token rotation remain clear. +- **Grant least privilege**. Assign only the global permissions, object permissions, groups, roles, or application access that the integration needs. +- **Prefer expiring tokens** for credentials stored outside authentik, and rotate long-lived secrets on a regular schedule. +- **Store tokens securely** in a secret manager, encrypted environment variable store, or equivalent system. +- **Disable or delete unused accounts**. If an integration is retired, delete its tokens and deactivate or remove the service account. +- **Audit usage** by reviewing events for unexpected logins, API calls, or token access. From eb919510f208a5e9d54e72544ed09f948a330ad5 Mon Sep 17 00:00:00 2001 From: Dominic R Date: Fri, 5 Jun 2026 07:12:17 -0400 Subject: [PATCH 62/65] website/integrations: 1Password: cleanup (#22699) Agent-thread: https://sdko.org/internal/threads/019e6b51-dbe5-74f1-88e6-f3548914f8e0 A7k-product: product A7k-product-repo: 1 Co-authored-by: Agent --- .../integrations/security/1password/index.mdx | 79 ++++++++++--------- 1 file changed, 41 insertions(+), 38 deletions(-) diff --git a/website/integrations/security/1password/index.mdx b/website/integrations/security/1password/index.mdx index 465ab7dfce..18d81c8f8e 100644 --- a/website/integrations/security/1password/index.mdx +++ b/website/integrations/security/1password/index.mdx @@ -15,6 +15,7 @@ support_level: community The following placeholders are used in this guide: - `authentik.company` is the FQDN of the authentik installation. +- `your-domain.1password.com` is your 1Password sign-in address. If your account uses another region or the enterprise region, replace it with your full sign-in address, such as `your-domain.1password.ca`, `your-domain.1password.eu`, or `your-domain.ent.1password.com`. - `scim-bridge.company` is the FQDN of the 1Password SCIM Bridge _(optional)_. :::info @@ -28,15 +29,15 @@ To support the integration of 1Password with authentik, you need to create an ap ### Create an application and provider in authentik 1. Log in to authentik as an administrator and open the authentik Admin interface. -2. Navigate to **Applications** > **Applications** and click **New Application** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.) +2. Navigate to **Applications** > **Applications** and click **New Application** to open the application wizard. - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. - **Choose a Provider type**: select **OAuth2/OpenID Connect** as the provider type. - **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations. - - Set **Client type** to `Public`. + - Set **Client Type** to `Public`. - Note the **Client ID** and **slug** values because they will be required later. - - Set two `Strict` redirect URIs to `https://<1password_company_domain>.1password.com/sso/oidc/redirect/` and `onepassword://sso/oidc/redirect`. - - Select any available signing key. - - **Configure Bindings** _(optional)_: you can create a [binding](/docs/add-secure-apps/bindings-overview/) (policy, group, or user) to manage the listing and access to applications on a user's **Application Dashboard** page. + - Add two `Strict` redirect URIs and set them to `https://your-domain.1password.com/sso/oidc/redirect/` and `onepassword://sso/oidc/redirect`. + - Select any available **Signing Key**. + - **Configure Bindings** _(optional)_: you can create a [binding](/docs/add-secure-apps/bindings-overview/) (policy, group, or user) to manage the listing and access to applications on a user's **Application Dashboard** page. If you add a SCIM provider as a backchannel provider later, only users who can view this application are synchronized. 3. Click **Submit** to save the new application and provider. @@ -44,35 +45,24 @@ To support the integration of 1Password with authentik, you need to create an ap 1. Log in to the [1Password dashboard](https://start.1password.com/) as an administrator. 2. In the sidebar, click **Policies**. -3. Under **Configure Identity Provider**, click **Manage**. -4. Set the following values: - - **Client ID**: Client ID from authentik. - - **Well-known URL**: `https://temp.temp` -5. Take note of the **Redirect URIs** that are shown because they will be required in the next section. -6. Keep the page open because you will need to return to it after reconfiguring authentik. - -## Reconfigure authentik provider - -1. Log in to authentik as an administrator and open the authentik Admin interface. -2. Navigate to **Applications** > **Providers** and click the **Edit** icon of the newly created 1Password provider. - - Set redirect URIs to match the values taken from 1Password. -3. Click **Update**. - -## Finalize 1Password configuration - -1. Return to the 1Password SSO configuration page. -2. Click **Test connection** to validate the configuration. -3. After the test completes successfully, click **Save**. +3. Under **Single sign-on**, click **Manage policies**. +4. Select **Other** as the identity provider. +5. Set the following values: + - **Client ID**: paste the Client ID from authentik. + - **Well-known URL**: `https://authentik.company/application/o//.well-known/openid-configuration` +6. Click **Next**, then click **Next** again. The redirect URIs were already configured in authentik. +7. Click **Test connection** to validate the configuration. +8. After the test completes successfully, click **Save**. ## Configuration verification -To verify that authentik is properly integrated with 1Password, first sign out of your account. Then, navigate to the [1Password login page](https://my.1password.com/signin), enter an email that's provisioned for SSO in 1Password, and click **Sign in with authentik**. You will then be redirected to authentik for authentication before being sent back to the 1Password dashboard. +To verify that authentik is properly integrated with 1Password, first sign out of your account. Then, open 1Password, enter an email address that's configured to unlock with SSO in 1Password, and click **Sign in with authentik**. You will be redirected to authentik for authentication before being sent back to 1Password. ## Automated user provisioning _(optional)_ You can optionally configure automated user provisioning from authentik to 1Password. This allows you to create users and groups, manage access, and suspend users in 1Password with authentik. -To support automated user provisioning, you need to create a group, and a SCIM provider in authentik. This SCIM provider is then connected to the **1Password SCIM Bridge**, which will need to be deployed. For more information, see the [Automate provisioning in 1Password Business using SCIM Documentation](https://support.1password.com/scim/). +To support automated user provisioning, you need to deploy the 1Password SCIM Bridge, create a group and SCIM provider in authentik, and add the SCIM provider as a backchannel provider for the 1Password application. For more information, see the [1Password SCIM Bridge Documentation](https://support.1password.com/scim/). ### Set up automated user provisioning in authentik @@ -87,27 +77,40 @@ To support automated user provisioning, you need to create a group, and a SCIM p #### Create a SCIM provider 1. Log in to authentik as an admin and open the authentik Admin interface. -2. Navigate to **Applications** > **Providers** and click **Create** - - **Choose a Provider type**: select **SCIM** as the provider type. +2. Navigate to **Applications** > **Providers** and click **Create**. + - **Choose a Provider type**: select **SCIM Provider** as the provider type. - **Configure the Provider**: provide a name (e.g. `1password-scim`), and the following required configurations. - - Set the **URL** to `scim-bridge.company`. - - Set the **Token** to the token taken from your 1Password SCIM Bridge deployment. - - Under **User filtering**: - - Set **Group** to the previously created group (e.g. `1Password Users`). + - **URL**: `https://scim-bridge.company/scim` + - **Token**: paste the bearer token from your 1Password SCIM Bridge deployment. + - **Group Filter**: select the groups that should be provisioned to 1Password. 3. Click **Finish** to save the new provider. +#### Add the SCIM provider to the 1Password application + +1. Navigate to **Applications** > **Applications** and click the **Edit** icon of the 1Password application. +2. In the **Backchannel Providers** field, select the SCIM provider that you created. +3. Click **Update**. +4. Ensure that the users who should be provisioned to 1Password can access the application. If you created the `1Password Users` group above, add it as a binding for the application. + ### Set up automated user provisioning in 1Password 1. Log in to the [1Password dashboard](https://start.1password.com/) as an administrator. -2. Click on **Integrations** in the sidebar and **Automated User Provisioning**. -3. Enable **Provisioning users & groups**. +2. Click **Integrations** in the sidebar. +3. Choose your identity provider from the **User Provisioning** section, then follow the 1Password setup flow to deploy the SCIM Bridge and generate the bearer token. +4. After the SCIM Bridge is deployed, select the groups you want to sync in the **Managed Groups** section. -For more information, see the [Automate provisioning in 1Password Business using SCIM Documentation](https://support.1password.com/scim/), [1Password SCIM Bridge deployment methods Documentation](https://github.com/1Password/scim-examples), and the [1Password Connect Microsoft Entra ID to 1Password SCIM Bridge Documentation](https://support.1password.com/scim-entra-id/#next-steps) that can be used as an example. +### Verify automated user provisioning + +Open the SCIM provider in authentik. In the **Schedules** section, click the play icon for the SCIM sync schedule. After the sync completes, confirm that the user is provisioned in 1Password. + +:::info Provisioning setup scope +1Password requires the SCIM Bridge to be reachable from authentik and the 1Password service. DNS and hosting setup for the SCIM Bridge are outside the scope of this guide. +::: ## Resources - [Configure Unlock 1Password with SSO using OpenID Connect Documentation](https://support.1password.com/sso-configure-generic/) -- [Automate provisioning in 1Password Business using SCIM Documentation](https://support.1password.com/scim/) -- [1Password SCIM Bridge deployment methods Documentation](https://github.com/1Password/scim-examples) -- [1Password Connect Microsoft Entra ID to 1Password SCIM Bridge Documentation](https://support.1password.com/scim-entra-id/#next-steps) +- [Set up automated provisioning using 1Password SCIM Bridge](https://support.1password.com/scim/) +- [About 1Password SCIM Bridge endpoints](https://support.1password.com/scim-endpoints/) +- [1Password SCIM Bridge deployment examples](https://github.com/1Password/scim-examples) From 813b51ddf88692b3496728a280684f16002c598d Mon Sep 17 00:00:00 2001 From: Dominic R Date: Fri, 5 Jun 2026 07:49:10 -0400 Subject: [PATCH 63/65] website/integrations: fix Node-RED OIDC username docs (#22868) Remove the custom Node-RED verify callback so Passport and Node-RED use the parsed OpenID Connect profile normally. Closes: #22689 Agent-thread: https://sdko.org/internal/threads/019e9486-cd54-7a70-bd09-f2d9e4d06e6e A7k-product: product A7k-product-repo: 4 Co-authored-by: Agent --- website/integrations/development/node-red/index.md | 3 --- 1 file changed, 3 deletions(-) diff --git a/website/integrations/development/node-red/index.md b/website/integrations/development/node-red/index.md index a8d4ed884b..f0ef11869f 100644 --- a/website/integrations/development/node-red/index.md +++ b/website/integrations/development/node-red/index.md @@ -82,9 +82,6 @@ adminAuth: { callbackURL: 'https://nodered.company/auth/strategy/callback/', scope: ['email', 'profile', 'openid'], proxy: true, - verify: function(context, issuer, profile, done) { - return done(null, profile); - }, } }, users: function(user) { From f4b9b0aa77f0e37d9e03ad51e3c5844a7974b40e Mon Sep 17 00:00:00 2001 From: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com> Date: Fri, 5 Jun 2026 14:17:39 +0200 Subject: [PATCH 64/65] website: fix British spellings flagged by cspell (#22818) * website: fix British spellings flagged by cspell Apply American spellings (behaviour->behavior, colour->color, organise->organize, etc.) across release notes, integration docs, and security docs. Part of enabling cspell's British-spelling rule; the rule itself lands in a separate PR once all areas are clean. Co-Authored-By: Playpen Agent <279763771+playpen-agent@users.noreply.github.com> * Update website/docs/developer-docs/docs/style-guide.mdx Signed-off-by: Dewi Roberts --------- Signed-off-by: Dewi Roberts Co-authored-by: Playpen Agent <279763771+playpen-agent@users.noreply.github.com> Co-authored-by: Dewi Roberts Co-authored-by: Dominic R --- website/docs/developer-docs/docs/style-guide.mdx | 2 +- website/docs/releases/2021/v2021.10.md | 2 +- website/docs/releases/2021/v2021.12.md | 10 +++++----- website/docs/releases/2021/v2021.3.md | 4 ++-- website/docs/releases/2021/v2021.4.md | 2 +- website/docs/releases/2021/v2021.5.md | 4 ++-- website/docs/releases/2021/v2021.9.md | 4 ++-- website/docs/releases/2022/v2022.1.md | 2 +- website/docs/releases/2022/v2022.3.md | 2 +- website/docs/releases/2022/v2022.4.md | 2 +- website/docs/releases/2022/v2022.5.md | 2 +- website/docs/releases/2022/v2022.7.md | 2 +- website/docs/releases/2023/v2023.1.md | 2 +- website/docs/releases/2023/v2023.2.md | 4 ++-- website/docs/releases/2023/v2023.4.md | 2 +- website/docs/releases/2023/v2023.5.md | 4 ++-- website/docs/releases/2023/v2023.8.md | 6 +++--- website/docs/releases/2024/v2024.10.md | 4 ++-- website/docs/releases/2024/v2024.2.md | 4 ++-- website/docs/releases/2024/v2024.4.md | 2 +- website/docs/releases/2024/v2024.8.md | 6 +++--- website/docs/releases/2025/v2025.10.md | 2 +- website/docs/releases/2025/v2025.2.md | 6 +++--- website/docs/releases/2025/v2025.8.mdx | 4 ++-- website/docs/releases/2026/v2026.5.md | 2 +- website/docs/releases/old/v0.14.md | 2 +- .../security/audits-and-certs/2025-09-includesec.md | 2 +- website/docs/security/security-hardening.md | 2 +- website/integrations/documentation/bookstack/index.mdx | 2 +- .../infrastructure/apache-guacamole/index.mdx | 4 ++-- website/integrations/monitoring/sentry/index.md | 4 ++-- website/integrations/platforms/atlassian/index.mdx | 2 +- 32 files changed, 52 insertions(+), 52 deletions(-) diff --git a/website/docs/developer-docs/docs/style-guide.mdx b/website/docs/developer-docs/docs/style-guide.mdx index 5d968dc694..e67759ec7b 100644 --- a/website/docs/developer-docs/docs/style-guide.mdx +++ b/website/docs/developer-docs/docs/style-guide.mdx @@ -86,7 +86,7 @@ The tone of the authentik documentation should be friendly but professional. It ### Language -The documentation uses **American English** spelling conventions (e.g., "customize" instead of "customise"). +The documentation uses **American English** spelling conventions (e.g., "...ize" instead of "...ise"). ### Voice diff --git a/website/docs/releases/2021/v2021.10.md b/website/docs/releases/2021/v2021.10.md index 65f8d34cf4..0b06c458a7 100644 --- a/website/docs/releases/2021/v2021.10.md +++ b/website/docs/releases/2021/v2021.10.md @@ -101,7 +101,7 @@ A huge shoutout to all the people that contributed, helped test and also transla - web/elements: use dedicated button for search clear instead of webkit exclusive one - web/flows: adjust message for email stage - web/user: don't show managed tokens in user interface -- web/user: initial optimisation for smaller screens +- web/user: initial optimization for smaller screens - web/user: load interface settings from user settings ## Fixed in 2021.10.1-rc2 diff --git a/website/docs/releases/2021/v2021.12.md b/website/docs/releases/2021/v2021.12.md index be402661bf..f4fe03738c 100644 --- a/website/docs/releases/2021/v2021.12.md +++ b/website/docs/releases/2021/v2021.12.md @@ -56,7 +56,7 @@ This release does not have any headline features, and mostly fixes bugs. - web/elements: add new API to store attributes in URL, use for table and tabs - web/elements: allow app.model names for ak-object-changelog - web/elements: allow multiple tabs with different state -- web/flows: fix spinner during webauthn not centred +- web/flows: fix spinner during webauthn not centered - web/flows: update default background - web/user: fix filtering for applications based on launchURL - web/user: fix height issues on user interface @@ -98,7 +98,7 @@ This release does not have any headline features, and mostly fixes bugs. - stages/prompt: use policyenginemode all - tests/e2e: add post binding test - web: fix duplicate classes, make generic icon clickable -- web: fix text colour for bad request on light mode +- web: fix text color for bad request on light mode - web/admin: show outpost warning on application page too - web/elements: close dropdown when refresh event is dispatched - web/user: allow custom font-awesome icons for applications @@ -158,7 +158,7 @@ This release does not have any headline features, and mostly fixes bugs. - internal: cleanup duplicate and redundant code, properly set sentry SDK scope settings - lifecycle: add -Ofair to celery - web/admin: add sidebar to applications -- web/admin: fix notification unread colours not matching on user and admin interface +- web/admin: fix notification unread colors not matching on user and admin interface - web/admin: fix stage related flows not being shown in a list - web/elements: add Markdown component to improve rendering - web/elements: add support for sidebar on table page @@ -174,7 +174,7 @@ This release does not have any headline features, and mostly fixes bugs. - providers/oauth2: don't rely on expiry task for access codes and refresh tokens - sources/oauth: allow writing to user in SourceConnection - web: ignore instantSearchSDKJSBridgeClearHighlight error on edge on iOS -- web/admin: fix background colour for application sidebar +- web/admin: fix background color for application sidebar - web/elements: fix border between search buttons ## Fixed in 2021.12.3 @@ -238,7 +238,7 @@ This release does not have any headline features, and mostly fixes bugs. - stages/identification: add field for passwordless flow - tenants: forbid creation of multiple default tenants - web: add tr to locale -- web: remove page header colour, match user navbar to admin sidebar +- web: remove page header color, match user navbar to admin sidebar - web/admin: add Admin in titlebar for admin interface - web/admin: fix alignment in outpost list when expanding rows - web/admin: fix display when groups/users don't fit on a single row diff --git a/website/docs/releases/2021/v2021.3.md b/website/docs/releases/2021/v2021.3.md index 161adfa129..5d01db898a 100644 --- a/website/docs/releases/2021/v2021.3.md +++ b/website/docs/releases/2021/v2021.3.md @@ -50,7 +50,7 @@ slug: "/releases/2021.3" - providers/oauth2: allow protected_resource_view when method is OPTIONS - stages/authenticator_static: fix error when disable static tokens - stages/authenticator_webauthn: add missing migration -- web: fix Colours for user settings in dark mode +- web: fix Colors for user settings in dark mode - web: fix Flow executor not showing spinner when redirecting - web: fix Source icons not being displayed on firefox - web: fix styling for static token list @@ -77,7 +77,7 @@ slug: "/releases/2021.3" - web: show related edit button for bound stages and policies - web: use chunking for vendor and api - web: use loadingState for autosubmitStage -- web: use sections in sidebar, adjust colouring +- web: use sections in sidebar, adjust coloring ## Upgrading diff --git a/website/docs/releases/2021/v2021.4.md b/website/docs/releases/2021/v2021.4.md index b2d36216a2..99e568164e 100644 --- a/website/docs/releases/2021/v2021.4.md +++ b/website/docs/releases/2021/v2021.4.md @@ -117,7 +117,7 @@ slug: "/releases/2021.4" - stages/email: catch ValueError when global email settings are invalid - stages/invitation: accept token from prompt_data - stages/invitation: fix token not being loaded correctly from query string -- web: fix text-colour for form help text +- web: fix text-color for form help text - web: ignore network errors for sentry - web/admin: don't show docker certs as required - web/flows: fix redirect loop when sentry is enabled on flow views diff --git a/website/docs/releases/2021/v2021.5.md b/website/docs/releases/2021/v2021.5.md index b762337eec..4228856ba8 100644 --- a/website/docs/releases/2021/v2021.5.md +++ b/website/docs/releases/2021/v2021.5.md @@ -36,12 +36,12 @@ This feature is still in technical preview, so please report any Bugs you run in You can now limit access to authentik based on which servers a Plex user is member of. -- Configurable source behaviour +- Configurable source behavior You can now configure how a source behaves after the user has authenticated themselves to the source. Previously, authentik always checked the unique identifier from the source, enrolled the user when the identifier didn't exist and authenticated the user otherwise. Now you can configure how the matching should be done: - - Identifier: Keeps the old behaviour, can lead to duplicate user accounts + - Identifier: Keeps the old behavior, can lead to duplicate user accounts - Email (link): If a user with the same Email address exists, they are linked. Can have security implications when a source doesn't validate email addresses. - Email (deny): Deny the flow if the Email address is already used. - Username (link): If a user with the same username address exists, they are linked. Can have security implications when a username is used with another source. diff --git a/website/docs/releases/2021/v2021.9.md b/website/docs/releases/2021/v2021.9.md index dbda21488a..f4d4963498 100644 --- a/website/docs/releases/2021/v2021.9.md +++ b/website/docs/releases/2021/v2021.9.md @@ -37,7 +37,7 @@ slug: "/releases/2021.9" - core: optimize groups api by removing member superuser status - core: remove ?v from static files - events: add mark_all_seen -- events: allow setting a mapping for webhook transport to customise request payloads +- events: allow setting a mapping for webhook transport to customize request payloads - internal: fix font loading errors on safari - lifecycle: fix worker startup error when docker socket's group is not called docker - outpost: fix spans being sent without parent context @@ -80,7 +80,7 @@ slug: "/releases/2021.9" - sources/ldap: improve messages of sync tasks in UI - sources/ldap: prevent error when retrying old system task with no arguments - web: fix datetime-local fields throwing errors on firefox -- web: fix text colour in delete form in dark mode +- web: fix text color in delete form in dark mode - web: improve display of action buttons with non-primary classes - web/admin: fix error in firefox when creating token - web/admin: fix ldap sync status for new API diff --git a/website/docs/releases/2022/v2022.1.md b/website/docs/releases/2022/v2022.1.md index 10a5076b00..e633657e80 100644 --- a/website/docs/releases/2022/v2022.1.md +++ b/website/docs/releases/2022/v2022.1.md @@ -48,7 +48,7 @@ This release mostly removes legacy fields and features that have been deprecated - outposts/proxyv2: allow access to /outpost.goauthentik.io urls in forward auth mode to make routing in nginx/traefik easier - outposts/proxyv2: fix before-redirect url not being saved in proxy mode - outposts/proxyv2: fix JWKS url pointing to localhost on embedded outpost -- providers/oauth2: change default redirect uri behaviour; set first used url when blank and use star for wildcard +- providers/oauth2: change default redirect uri behavior; set first used url when blank and use star for wildcard - root: allow customization of ports in compose without override - root: decrease to 10 backup history - root: fix backups running every minute instead of once diff --git a/website/docs/releases/2022/v2022.3.md b/website/docs/releases/2022/v2022.3.md index 4575ecd1ec..70fded2933 100644 --- a/website/docs/releases/2022/v2022.3.md +++ b/website/docs/releases/2022/v2022.3.md @@ -30,7 +30,7 @@ To simplify the release process we don't publish explicitly tagged release-candi - providers/oauth2: initial client_credentials grant support (#2437) - providers/proxy: always set rd param in addition to session to prevent wrong url in session - web: cleanup default footer links -- web: prioritise ?locale parameter over saved locale +- web: prioritize ?locale parameter over saved locale - web/admin: improve user and group management by showing related objects - web/admin: use searchable select field for users and groups in policy binding form - web/flows: fix rendering of help text on prompt stages diff --git a/website/docs/releases/2022/v2022.4.md b/website/docs/releases/2022/v2022.4.md index f799ac5aa2..d7b9aa10e1 100644 --- a/website/docs/releases/2022/v2022.4.md +++ b/website/docs/releases/2022/v2022.4.md @@ -21,7 +21,7 @@ slug: "/releases/2022.4" - Application Grouping - Applications can now be grouped together to better organise connected applications in the user dashboard. + Applications can now be grouped together to better organize connected applications in the user dashboard. - JWT authentication for `client_credentials` grants diff --git a/website/docs/releases/2022/v2022.5.md b/website/docs/releases/2022/v2022.5.md index 0588fa4dfe..58780016b6 100644 --- a/website/docs/releases/2022/v2022.5.md +++ b/website/docs/releases/2022/v2022.5.md @@ -11,7 +11,7 @@ slug: "/releases/2022.5" - OAuth Provider: Redirect URIs are now checked using regular expressions - Allowed Redirect URIs now accepts regular expressions to check redirect URIs to support wildcards. In most cases this will not change anything, however casing is also important now. Meaning if your redirect URI is "https://Foo.bar" and allowed is "https://foo.bar", authorization will not be allowed. Additionally, the special handling when _Redirect URIs/Origins_ is set to `*` has been removed. To get the same behaviour, set _Redirect URIs/Origins_ to `.+`. + Allowed Redirect URIs now accepts regular expressions to check redirect URIs to support wildcards. In most cases this will not change anything, however casing is also important now. Meaning if your redirect URI is "https://Foo.bar" and allowed is "https://foo.bar", authorization will not be allowed. Additionally, the special handling when _Redirect URIs/Origins_ is set to `*` has been removed. To get the same behavior, set _Redirect URIs/Origins_ to `.+`. ## New features diff --git a/website/docs/releases/2022/v2022.7.md b/website/docs/releases/2022/v2022.7.md index ae83b323a5..2a5e791a5a 100644 --- a/website/docs/releases/2022/v2022.7.md +++ b/website/docs/releases/2022/v2022.7.md @@ -14,7 +14,7 @@ slug: "/releases/2022.7" In earlier versions, cyclic group relations can lead to a deadlock when one of groups in the relationship are bound to an application/flow/etc. This is now limited to 20 levels of recursion. -- Change in context behaviour for policies executed within flows +- Change in context behavior for policies executed within flows In previous versions, the policy context would be set to a reference to the currently active flow plan context. This makes it so any changes to `context` were directly reflected in the flow context. The context has been changed to only include the values, and as such updates like this won't be reflected in the flow. Instead, `context['flow_plan']` is now set, which contains a full reference to the flow Plan, allowing for more customizability than previously. Context changes can be made by modifying `context['flow_plan'].context`. diff --git a/website/docs/releases/2023/v2023.1.md b/website/docs/releases/2023/v2023.1.md index f70a89236c..3fffb6773e 100644 --- a/website/docs/releases/2023/v2023.1.md +++ b/website/docs/releases/2023/v2023.1.md @@ -90,7 +90,7 @@ image: - web/admin: link impersonation user for events - web/admin: rework admin dashboard, add more links, remove user and group graphs (#4399) - web/admin: show GeoIP information inline in events -- web/elements: fix pagination page button colours in dark mode +- web/elements: fix pagination page button colors in dark mode - web/elements: use correct Action Label for user related events ## Fixed in 2023.1.1 diff --git a/website/docs/releases/2023/v2023.2.md b/website/docs/releases/2023/v2023.2.md index 0aa5ec7e6a..3f389c71f8 100644 --- a/website/docs/releases/2023/v2023.2.md +++ b/website/docs/releases/2023/v2023.2.md @@ -73,7 +73,7 @@ image: - stages/prompt: field name (#4497) - stages/user_write: fix migration setting wrong value, fix form - web: fix token delete form not showing token identifiers -- web/admin: add notice for user_login stage session cookie behaviour +- web/admin: add notice for user_login stage session cookie behavior - web/admin: clarify access code expiration - web/admin: default to disable policy execution logging - web/admin: fix certificate filtering for SAML verification certificate @@ -105,7 +105,7 @@ image: - providers/proxy: fix value is too long with filesystem sessions - root: use channel send workaround for sync sending of websocket messages - web/admin: fix error when creating new users -- web/user: revert truncate behaviour for application description +- web/user: revert truncate behavior for application description ## Fixed in 2023.2.3 diff --git a/website/docs/releases/2023/v2023.4.md b/website/docs/releases/2023/v2023.4.md index 3eb38a42cd..d338319f70 100644 --- a/website/docs/releases/2023/v2023.4.md +++ b/website/docs/releases/2023/v2023.4.md @@ -9,7 +9,7 @@ slug: "/releases/2023.4" In previous versions, the helm chart would create a _ClusterRole_ and _ClusterRoleBinding_ if the service account creation was enabled. This was done to allow the deployment of outposts in any namespace in kubernetes. As this conflicted with multiple authentik installs per cluster, and was often not used, the new helm chart changes these resources to a _Role_ and _RoleBinding_, which give authentik access to deploy in the same namespace. - To keep the old behaviour, you can install the [authentik-remote-cluster](https://artifacthub.io/packages/helm/goauthentik/authentik-remote-cluster) chart, which deploys the same RBAC into any other namespace or cluster. + To keep the old behavior, you can install the [authentik-remote-cluster](https://artifacthub.io/packages/helm/goauthentik/authentik-remote-cluster) chart, which deploys the same RBAC into any other namespace or cluster. ## New features diff --git a/website/docs/releases/2023/v2023.5.md b/website/docs/releases/2023/v2023.5.md index 392f35f0b5..083e38831d 100644 --- a/website/docs/releases/2023/v2023.5.md +++ b/website/docs/releases/2023/v2023.5.md @@ -1285,7 +1285,7 @@ Changed response : **200 OK** - Changed content type : `application/json` - Changed property `application_slug` (string) - > Prioritise backchannel slug over direct application slug + > Prioritize backchannel slug over direct application slug ##### `POST` /policies/event_matcher/ @@ -2842,7 +2842,7 @@ Changed response : **200 OK** Changed items (object): > LDAPProvider Serializer - Changed property `application_slug` (string) - > Prioritise backchannel slug over direct application slug + > Prioritize backchannel slug over direct application slug ##### `POST` /providers/ldap/ diff --git a/website/docs/releases/2023/v2023.8.md b/website/docs/releases/2023/v2023.8.md index b0bd9947ee..7a7900a141 100644 --- a/website/docs/releases/2023/v2023.8.md +++ b/website/docs/releases/2023/v2023.8.md @@ -13,13 +13,13 @@ slug: "/releases/2023.8" For Kubernetes install, a manual one-time migration has to be done: [Upgrading PostgreSQL on Kubernetes](../../troubleshooting/postgres/upgrade_kubernetes.md) -- Changed nested Group membership behaviour +- Changed nested Group membership behavior In previous versions, nested groups were handled very inconsistently. Binding a group to an application/etc would check the membership recursively, however when using `user.ak_groups.all()` would only return direct memberships. Additionally, using `user.group_attributes()` would do the same and only merge all group attributes for direct memberships. This has been changed to always use the same logic as when checking for access, which means dealing with complex group structures is a lot more consistent. - Policies that do use `user.ak_groups.all()` will retain the current behaviour, to use the new behaviour replace the call with `user.all_groups()`. + Policies that do use `user.ak_groups.all()` will retain the current behavior, to use the new behavior replace the call with `user.all_groups()`. ## New features @@ -109,7 +109,7 @@ image: - web/user: fix alignment between image icons and fallback text icons (#6416) - web/user: fix app icon size for user interface - web/user: fix background alignment (#6383) -- web/user: fix user settings colours on dark theme (#6499) +- web/user: fix user settings colors on dark theme (#6499) - web/user: fix user settings elements not being in cards (#6608) - web/user: only render expand element when required (#6641) - web: fix app icon rendering, style refinements (#6409) diff --git a/website/docs/releases/2024/v2024.10.md b/website/docs/releases/2024/v2024.10.md index b290ee841d..d37d8c1fe9 100644 --- a/website/docs/releases/2024/v2024.10.md +++ b/website/docs/releases/2024/v2024.10.md @@ -90,8 +90,8 @@ helm upgrade authentik authentik/authentik -f values.yaml --version ^2024.10 - flows: include Outpost instance in flow context and save in login event (#11318) - flows: provider invalidation (#5048) - internal: fix go paginator not setting page correctly (#11253) -- internal: restore /ping behaviour for embedded outpost (#11568) -- policies/event_matcher: fix inconsistent behaviour (#11724) +- internal: restore /ping behavior for embedded outpost (#11568) +- policies/event_matcher: fix inconsistent behavior (#11724) - providers/ldap: fix incorrect permission check for search access (#11217) - providers/ldap: fix migration assuming search group is set (#11170) - providers/ldap: rework search_group migration to work with read replicas (#11228) diff --git a/website/docs/releases/2024/v2024.2.md b/website/docs/releases/2024/v2024.2.md index 65413e34f4..9687283e6e 100644 --- a/website/docs/releases/2024/v2024.2.md +++ b/website/docs/releases/2024/v2024.2.md @@ -160,7 +160,7 @@ slug: /releases/2024.2 - **LDAP provider: allow overriding gidNumber** - Previously, the `gidNumber` attribute on a user was set to the same as `uidNumber`. You can now override this behaviour. + Previously, the `gidNumber` attribute on a user was set to the same as `uidNumber`. You can now override this behavior. - **LDAP source: new command to check connectivity** @@ -322,7 +322,7 @@ helm upgrade authentik authentik/authentik -f values.yaml --version ^2024.2 - core: fix blueprint export (cherry-pick #8695) (#8696) - enterprise: fix read_only activating when no license is installed (cherry-pick #8697) (#8698) - enterprise: force license usage update after change to license (cherry-pick #8723) (#8725) -- flows: fix mismatched redirect behaviour for invalid and valid flows (cherry-pick #8794) (#8796) +- flows: fix mismatched redirect behavior for invalid and valid flows (cherry-pick #8794) (#8796) - providers/oauth2: fix inconsistent `sub` value when setting via mapping (cherry-pick #8677) (#8682) - providers/oauth2: fix offline_access requests when prompt doesn't include consent (cherry-pick #8731) (#8732) - providers/oauth2: fix validation ordering (cherry-pick #8793) (#8795) diff --git a/website/docs/releases/2024/v2024.4.md b/website/docs/releases/2024/v2024.4.md index aed11ac5bd..f510fdcb7b 100644 --- a/website/docs/releases/2024/v2024.4.md +++ b/website/docs/releases/2024/v2024.4.md @@ -122,7 +122,7 @@ helm upgrade authentik authentik/authentik -f values.yaml --version ^2024.4 - events: fix log_capture (#9075) - events: rework log messages returned from API and their rendering (#8770) - events: sanitize args and kwargs saved in system tasks (#8644) -- flows: fix mismatched redirect behaviour for invalid and valid flows (#8794) +- flows: fix mismatched redirect behavior for invalid and valid flows (#8794) - internal: add tests to go flow executor (#9219) - internal: cleanup static file serving setup code (#8965) - lib: cache gravatar connection status (#9248) diff --git a/website/docs/releases/2024/v2024.8.md b/website/docs/releases/2024/v2024.8.md index fa4802b2a2..401942ec46 100644 --- a/website/docs/releases/2024/v2024.8.md +++ b/website/docs/releases/2024/v2024.8.md @@ -234,7 +234,7 @@ helm upgrade authentik authentik/authentik -f values.yaml --version ^2024.8 - web/admin: fix access token list calling wrong API (#10434) - web/admin: fix authentication/enrollment flow in sources being marked as required (#10911) - web/admin: fix missing SAML Provider ECDSA options (#10612) -- web/admin: fix selectable card colour in dark theme (#10794) +- web/admin: fix selectable card color in dark theme (#10794) - web/admin: refactor property mappings forms (#10810) - web/admin: show matching user reputation scores in user details (#10276) - web/admin: widen prompt form (#10615) @@ -290,8 +290,8 @@ helm upgrade authentik authentik/authentik -f values.yaml --version ^2024.8 - blueprints: fix validation error when using internal storage (cherry-pick #11654) (#11656) - core: fix permission check for scoped impersonation (cherry-pick #11603) (#11650) -- internal: restore /ping behaviour for embedded outpost (cherry-pick #11568) (#11570) -- policies/event_matcher: fix inconsistent behaviour (cherry-pick #11724) (#11726) +- internal: restore /ping behavior for embedded outpost (cherry-pick #11568) (#11570) +- policies/event_matcher: fix inconsistent behavior (cherry-pick #11724) (#11726) - providers/oauth2: don't overwrite attributes when updating service account (cherry-pick #11709) (#11723) - providers/saml: fix incorrect ds:Reference URI (cherry-pick #11699) (#11701) - providers/scim: add comparison with existing group on update and delta update users (cherry-pick #11414) (#11796) diff --git a/website/docs/releases/2025/v2025.10.md b/website/docs/releases/2025/v2025.10.md index e7ae8b7844..4cd9d3810b 100644 --- a/website/docs/releases/2025/v2025.10.md +++ b/website/docs/releases/2025/v2025.10.md @@ -163,7 +163,7 @@ If you had persistence for Redis configured, you can delete the PVC and PV after - flows: redirect to next when accessing an unapplicable authentication flow while already authenticated (#17243) - flows: SessionEndStage: only show page if user is still authenticated (#17003) - lib: import ExceptionDictTransformer from structlog.tracebacks (#17526) -- lib: match exception_to_dict locals behaviour (#17006) +- lib: match exception_to_dict locals behavior (#17006) - lib: small type hinting improvements (#17528) - lib/config: fix listen settings (#17005) - lib/logging: only show locals when in debug mode (#16772) diff --git a/website/docs/releases/2025/v2025.2.md b/website/docs/releases/2025/v2025.2.md index e11e8ccc4a..938211b824 100644 --- a/website/docs/releases/2025/v2025.2.md +++ b/website/docs/releases/2025/v2025.2.md @@ -13,11 +13,11 @@ slug: "/releases/2025.2" ## Breaking changes -- **Fixed behaviour in Source stage :ak-enterprise** +- **Fixed behavior in Source stage :ak-enterprise** - In previous versions, the Source stage would incorrectly continue with the initial flow after returning from the source, which didn't match the documented behaviour. + In previous versions, the Source stage would incorrectly continue with the initial flow after returning from the source, which didn't match the documented behavior. - With this release this behaviour has been corrected and the source stage will now correctly run the selected enrollment/authentication flow before returning to the flow from which the source stage was executed. + With this release this behavior has been corrected and the source stage will now correctly run the selected enrollment/authentication flow before returning to the flow from which the source stage was executed. - **Deprecated and frozen `:latest` container image tag after 2025.2** diff --git a/website/docs/releases/2025/v2025.8.mdx b/website/docs/releases/2025/v2025.8.mdx index fefb9fa54a..8e46890eb6 100644 --- a/website/docs/releases/2025/v2025.8.mdx +++ b/website/docs/releases/2025/v2025.8.mdx @@ -193,7 +193,7 @@ helm upgrade authentik authentik/authentik -f values.yaml --version ^2025.8 - blueprints: add File tag (#15727) - blueprints: add FindObject tag (#12415) - blueprints: add JSON tag to parse JSON from string (#15235) -- blueprints: add section support for organisation (#15045) +- blueprints: add section support for organization (#15045) - blueprints: sort schema items (#15022) - brands: revert sort matched brand by match length (revert #15413) (cherry-pick #16233) (#16235) - brands: sort matched brand by match length (#15413) @@ -402,7 +402,7 @@ helm upgrade authentik authentik/authentik -f values.yaml --version ^2025.8 - \*/bindings: order by pk (cherry-pick #17027) (#17053) - cmd/server/healthcheck: info log success instead of debug (cherry-pick #17093 to version-2025.8) (#17097) - core: add index on Group.is_superuser (cherry-pick #17011) (#17017) -- lib: match exception_to_dict locals behaviour (cherry-pick #17006) (#17016) +- lib: match exception_to_dict locals behavior (cherry-pick #17006) (#17016) - lib/config: fix listen settings (cherry-pick #17005) (#17023) - outposts/ldap: add pwdChangeTime attribute (cherry-pick #17010 to version-2025.8) (#17101) - packages/django-dramatiq-postgres: broker: fix new messages not being picked up when too many messages are waiting (cherry-pick #17106 to version-2025.8) (#17108) diff --git a/website/docs/releases/2026/v2026.5.md b/website/docs/releases/2026/v2026.5.md index bea075e3ee..5805ee48d5 100644 --- a/website/docs/releases/2026/v2026.5.md +++ b/website/docs/releases/2026/v2026.5.md @@ -196,7 +196,7 @@ helm upgrade authentik authentik/authentik -f values.yaml --version ^2026.5 - core, web: update translations (#22129) - core, web: Vendored client follow-ups (#21174) - core: add cooldown to dependabot (#21286) -- core: add flag for future default behaviour of requiring a binding to access an application (#16247) +- core: add flag for future default behavior of requiring a binding to access an application (#16247) - core: add logging when session decode fails (#21514) - core: add support for hiding applications from the user dashboard (#21530) - core: allow interfaces to specify alternative stylesheets (#20774) diff --git a/website/docs/releases/old/v0.14.md b/website/docs/releases/old/v0.14.md index 7e1ddcd456..36494281ba 100644 --- a/website/docs/releases/old/v0.14.md +++ b/website/docs/releases/old/v0.14.md @@ -20,7 +20,7 @@ slug: "/releases/0.14" - The OAuth2 Provider has been updated to closer match the OpenID Connect Specifications - Response type no longer has to be configured manually. The issuer field can be configured now (the default behaviour is the same as pre-0.14) + Response type no longer has to be configured manually. The issuer field can be configured now (the default behavior is the same as pre-0.14) Authorization Codes are now generated as a JWT Token, which is not specified as spec, but seems to be a quasi-standard. diff --git a/website/docs/security/audits-and-certs/2025-09-includesec.md b/website/docs/security/audits-and-certs/2025-09-includesec.md index 611553ded8..81b590daf1 100644 --- a/website/docs/security/audits-and-certs/2025-09-includesec.md +++ b/website/docs/security/audits-and-certs/2025-09-includesec.md @@ -2,7 +2,7 @@ In September of 2025, we had a pentest conducted by [Include Security](https://includesecurity.com). This resulted in a number of code improvements to our application, however did not result in any assigned CVEs. -> IncludeSec performed a security assessment of Authentik Security's Web Apps, APIs, Deployment Config, Servers, & ETL. The assessment team performed a 8 day effort spanning from September 4 through September 15, 2025, using a Standard Grey Box assessment methodology. +> IncludeSec performed a security assessment of Authentik Security's Web Apps, APIs, Deployment Config, Servers, & ETL. The assessment team performed a 8 day effort spanning from September 4 through September 15, 2025, using a Standard Gray Box assessment methodology. View the full report of our original [test](https://goauthentik.io/resources/includesec-Q3-2025-Multi-Report.pdf) and the [retest results](https://goauthentik.io/resources/includesec-Q3-2025-Multi-Remediation-Report.pdf), completed in January/February 2026. diff --git a/website/docs/security/security-hardening.md b/website/docs/security/security-hardening.md index 1edc0de4f8..08b43f13f4 100644 --- a/website/docs/security/security-hardening.md +++ b/website/docs/security/security-hardening.md @@ -17,7 +17,7 @@ For further options, see [Password Policy](../customize/policies/types/password. ### Expressions -[Expressions](../customize/policies/types/expression/index.mdx) allow super-users and other highly privileged users to create custom logic within authentik to modify its behaviour. Editing/creating these expressions is, by default, limited to super-users and any related events are fully logged. +[Expressions](../customize/policies/types/expression/index.mdx) allow super-users and other highly privileged users to create custom logic within authentik to modify its behavior. Editing/creating these expressions is, by default, limited to super-users and any related events are fully logged. However, for further hardening, it is possible to prevent any user (even super-users) from using expressions to create or edit any objects. To do so, configure your deployment to block API requests to these endpoints: diff --git a/website/integrations/documentation/bookstack/index.mdx b/website/integrations/documentation/bookstack/index.mdx index 3f62465fbb..a73e7894fb 100644 --- a/website/integrations/documentation/bookstack/index.mdx +++ b/website/integrations/documentation/bookstack/index.mdx @@ -9,7 +9,7 @@ import Tabs from "@theme/Tabs"; ## What is BookStack? -> BookStack is a free and open-source wiki software aimed for a simple, self-hosted, and easy-to-use platform. It uses the ideas of books to organise pages and store information. BookStack is multilingual and available in over thirty languages. For the simplicity, BookStack is considered as suitable for smaller businesses or freelancers. +> BookStack is a free and open-source wiki software aimed for a simple, self-hosted, and easy-to-use platform. It uses the ideas of books to organize pages and store information. BookStack is multilingual and available in over thirty languages. For the simplicity, BookStack is considered as suitable for smaller businesses or freelancers. > > -- https://bookstackapp.com diff --git a/website/integrations/infrastructure/apache-guacamole/index.mdx b/website/integrations/infrastructure/apache-guacamole/index.mdx index b41baaa9b4..a91a85d647 100644 --- a/website/integrations/infrastructure/apache-guacamole/index.mdx +++ b/website/integrations/infrastructure/apache-guacamole/index.mdx @@ -71,7 +71,7 @@ Docker containers are typically configured using environment variables. To ensur OPENID_ENABLED=true ``` -You must also add one of the following variables, depending on your desired behaviour: +You must also add one of the following variables, depending on your desired behavior: - To automatically redirect all unauthenticated users, add the following: @@ -109,7 +109,7 @@ Additionally, ensure your `guacamole.properties` file (typically located in `/et openid-enabled=true ``` -You must also add one of the following settings depending on your desired behaviour: +You must also add one of the following settings depending on your desired behavior: - To automatically redirect all unauthenticated users, add the following: diff --git a/website/integrations/monitoring/sentry/index.md b/website/integrations/monitoring/sentry/index.md index 1f3162c308..4f44976fb5 100644 --- a/website/integrations/monitoring/sentry/index.md +++ b/website/integrations/monitoring/sentry/index.md @@ -24,8 +24,8 @@ This documentation lists only the settings that you need to change from their de Create an application in authentik. Create a SAML Provider with the following values -- ACS URL: `https://sentry.company/saml/acs//` -- Audience: `https://sentry.company/saml/metadata//` +- ACS URL: `https://sentry.company/saml/acs//` +- Audience: `https://sentry.company/saml/metadata//` Under _Advanced protocol settings_, set the following: diff --git a/website/integrations/platforms/atlassian/index.mdx b/website/integrations/platforms/atlassian/index.mdx index ddf4e7d38f..9276beacd5 100644 --- a/website/integrations/platforms/atlassian/index.mdx +++ b/website/integrations/platforms/atlassian/index.mdx @@ -15,7 +15,7 @@ This guide offers instructions for setting up authentik as a SAML provider speci Atlassian Cloud has two types of users; **internal** and **external**. -Internal users are defined by their email domain which needs to be a [verified domain in Atlassian Cloud](https://support.atlassian.com/user-management/docs/verify-a-domain-to-manage-accounts/). Internal users are able to utilise SSO without Atlassian Cloud credentials. +Internal users are defined by their email domain which needs to be a [verified domain in Atlassian Cloud](https://support.atlassian.com/user-management/docs/verify-a-domain-to-manage-accounts/). Internal users are able to utilize SSO without Atlassian Cloud credentials. [External users](https://support.atlassian.com/security-and-access-policies/docs/who-are-external-users/) are required to log in to Atlassian Cloud using Atlassian Cloud credentials. They are then prompted for authentik credentials when accessing specific Atlassian Cloud apps like Jira. ::: From df3dbbef9ee3a1287740e7e1752abe710e3ae10b Mon Sep 17 00:00:00 2001 From: NiceDevil <17103076+nicedevil007@users.noreply.github.com> Date: Fri, 5 Jun 2026 15:05:21 +0200 Subject: [PATCH 65/65] website/integrations: FortiAnalyzer (#22610) * website/integrations: FortiAnalyzer Add an integration guide for FortiAnalyzer with SAML SSO against authentik, covering the SAML provider configuration, a `username` property mapping, and the FortiAnalyzer Single Sign-On settings (tested with FortiAnalyzer 8.0). Also add ADOM to the integrations spell-check dictionary because the term is used by multiple Fortinet products (FortiAnalyzer, FortiManager, FortiGate) and will likely appear in future guides as well. * website/integrations: FortiAnalyzer: cleanup Update the FortiAnalyzer SAML guide to match the current integration template and verified Fortinet/authentik behavior. Agent-thread: https://sdko.org/internal/threads/019e6120-ca6e-7301-a10f-669607e5ac61 Co-authored-by: Agent * trigger ci??? Signed-off-by: Dominic R --------- Signed-off-by: Dominic R Co-authored-by: nicedevil007 Co-authored-by: Dominic R Co-authored-by: Agent Co-authored-by: Dominic R Co-authored-by: Dewi Roberts --- locale/en/dictionaries/integrations.txt | 1 + .../monitoring/fortianalyzer/index.md | 99 +++++++++++++++++++ 2 files changed, 100 insertions(+) create mode 100644 website/integrations/monitoring/fortianalyzer/index.md diff --git a/locale/en/dictionaries/integrations.txt b/locale/en/dictionaries/integrations.txt index 70cdf456d3..43e40ac016 100644 --- a/locale/en/dictionaries/integrations.txt +++ b/locale/en/dictionaries/integrations.txt @@ -1,4 +1,5 @@ # Integrations +ADOM appflowy Ascensio Authy diff --git a/website/integrations/monitoring/fortianalyzer/index.md b/website/integrations/monitoring/fortianalyzer/index.md new file mode 100644 index 0000000000..470ac5dee7 --- /dev/null +++ b/website/integrations/monitoring/fortianalyzer/index.md @@ -0,0 +1,99 @@ +--- +title: Integrate with FortiAnalyzer +sidebar_label: FortiAnalyzer +support_level: community +--- + +## What is FortiAnalyzer? + +> FortiAnalyzer is a centralized log management, analytics, and reporting platform for Fortinet devices and the Fortinet Security Fabric. +> +> -- https://www.fortinet.com/products/management/fortianalyzer + +This guide was tested with FortiAnalyzer 8.0. + +## Preparation + +The following placeholders are used in this guide: + +- `faz.company` is the FQDN of the FortiAnalyzer installation. +- `authentik.company` is the FQDN of the authentik installation. + +:::info +This documentation lists only the settings that you need to change from their default values. Be aware that any changes other than those explicitly mentioned in this guide could cause issues accessing your application. +::: + +## authentik configuration + +To support the integration of FortiAnalyzer with authentik, you need to create a SAML property mapping and an application/provider pair in authentik. + +### Create a property mapping in authentik + +FortiAnalyzer expects a SAML attribute named `username` that contains the value used to identify the administrator account. This example uses the authentik username, but you can return any user attribute that matches the FortiAnalyzer administrator identifier. + +1. Log in to authentik as an administrator and open the authentik Admin interface. +2. Navigate to **Customization** > **Property Mappings** and click **Create**. +3. Select **SAML Provider Property Mapping** as the type and click **Next**. +4. Create a property mapping with the following values: + - **Name**: `FortiAnalyzer username` + - **SAML Attribute Name**: `username` + - **Expression**: + + ```python + return request.user.username + ``` + +5. Click **Finish** to save the property mapping. + +:::info Optional SAML attributes +FortiAnalyzer also accepts `profilename` and `adoms` attributes. The `profilename` attribute assigns a matching admin profile that already exists on FortiAnalyzer. The `adoms` attribute grants access to one or more ADOMs. To use either attribute, create additional SAML provider property mappings with the corresponding **SAML Attribute Name**, return the desired values from the **Expression**, and add the mappings to **Selected User Property Mappings** when configuring the provider. +::: + +### Create an application and provider in authentik + +1. Log in to authentik as an administrator and open the authentik Admin interface. +2. Navigate to **Applications** > **Applications** and click **New Application** to open the application wizard. + - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. Note the **Slug** value because you will use it when configuring FortiAnalyzer. + - **Choose a Provider type**: select **SAML Provider** as the provider type. + - **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations. + - Set the **ACS URL** to `https://faz.company/saml/?acs`. + - Set the **SLS URL** to `https://faz.company/saml/?sls`. + - Under **Advanced protocol settings**: + - Set the **Signing Certificate** to any available certificate. + - Add `FortiAnalyzer username` to **Selected User Property Mappings**. + - Set the **NameID Property Mapping** to `authentik default SAML Mapping: Username`. + - **Configure Bindings** _(optional)_: you can create a [binding](/docs/add-secure-apps/bindings-overview/) (policy, group, or user) to manage the listing and access to applications on a user's **Application Dashboard** page. + +3. Click **Submit** to save the new application and provider. + +## FortiAnalyzer configuration + +1. Log in to the FortiAnalyzer web interface as an administrator. +2. Navigate to **System Settings** > **SAML SSO**. +3. Configure the **Single Sign-On Settings**: + - **Server Address**: `faz.company` + - **Single Sign-On Mode**: `Service Provider (SP)` + - **SP Certificate**: select an available certificate. + - **Default Login Page**: select whether FortiAnalyzer should show the normal login page with an SSO option, or redirect directly to authentik. + - **Auto Create Admin**: enable this setting if FortiAnalyzer should create SSO administrators on first login. If you leave it disabled, create matching SSO administrators in FortiAnalyzer before testing the integration. +4. Configure the **IdP Settings**: + - **IdP Type**: `Custom` + - **IdP Entity ID**: `https://authentik.company/application/saml//metadata/` + - **IdP Login URL**: `https://authentik.company/application/saml//` + - **IdP Logout URL**: `https://authentik.company/application/saml//` + - **IdP Certificate**: import the signing certificate that you selected in the authentik SAML provider. You can download it from the authentik SAML provider page, under **Related objects** > **Download signing certificate**. +5. If you enabled any options under **Signing Options** in FortiAnalyzer, align them with the corresponding options under **Advanced protocol settings** in the authentik SAML provider. +6. Click **Apply** to save the configuration. + +:::info Administrator permissions +With **Auto Create Admin** enabled, newly-created SSO administrators receive the configured default admin profile. If users should receive permissions through SAML attributes instead, create matching FortiAnalyzer admin profiles and ADOMs, and send the optional `profilename` and `adoms` attributes from authentik. +::: + +## Configuration verification + +To confirm that authentik is properly configured with FortiAnalyzer, open FortiAnalyzer and sign in via authentik. + +## Resources + +- [FortiAnalyzer Administration Guide - SAML admin authentication](https://docs.fortinet.com/document/fortianalyzer/8.0.0/administration-guide/981386/saml-admin-authentication) +- [FortiAnalyzer CLI Reference - SAML](https://docs.fortinet.com/document/fortianalyzer/8.0.0/cli-reference/312574/saml)