providers/oauth2: Configure allowed grant types (#20363)

* naming cleanup

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* adjust defaults, start adding tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* more tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* gen

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix proxy

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add UI

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* attempt to fix e2e

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* allow refresh token for conformance

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix e2e

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

packages/client-ts/src/models/GrantTypesEnum.ts

@@ -0,0 +1,62 @@
+/* tslint:disable */
+/* eslint-disable */
+/**
+ * authentik
+ * Making authentication simple.
+ *
+ * The version of the OpenAPI document: 2026.5.0-rc1
+ * Contact: hello@goauthentik.io
+ *
+ * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).
+ * https://openapi-generator.tech
+ * Do not edit the class manually.
+ */
+
+/**
+ *
+ * @export
+ */
+export const GrantTypesEnum = {
+    AuthorizationCode: "authorization_code",
+    Implicit: "implicit",
+    Hybrid: "hybrid",
+    RefreshToken: "refresh_token",
+    ClientCredentials: "client_credentials",
+    Password: "password",
+    UrnIetfParamsOauthGrantTypeDeviceCode: "urn:ietf:params:oauth:grant-type:device_code",
+    UnknownDefaultOpenApi: "11184809",
+} as const;
+export type GrantTypesEnum = (typeof GrantTypesEnum)[keyof typeof GrantTypesEnum];
+
+export function instanceOfGrantTypesEnum(value: any): boolean {
+    for (const key in GrantTypesEnum) {
+        if (Object.prototype.hasOwnProperty.call(GrantTypesEnum, key)) {
+            if (GrantTypesEnum[key as keyof typeof GrantTypesEnum] === value) {
+                return true;
+            }
+        }
+    }
+    return false;
+}
+
+export function GrantTypesEnumFromJSON(json: any): GrantTypesEnum {
+    return GrantTypesEnumFromJSONTyped(json, false);
+}
+
+export function GrantTypesEnumFromJSONTyped(
+    json: any,
+    ignoreDiscriminator: boolean,
+): GrantTypesEnum {
+    return json as GrantTypesEnum;
+}
+
+export function GrantTypesEnumToJSON(value?: GrantTypesEnum | null): any {
+    return value as any;
+}
+
+export function GrantTypesEnumToJSONTyped(
+    value: any,
+    ignoreDiscriminator: boolean,
+): GrantTypesEnum {
+    return value as GrantTypesEnum;
+}

packages/client-ts/src/models/OAuth2Provider.ts

@@ -14,6 +14,8 @@
 
 import type { ClientTypeEnum } from "./ClientTypeEnum";
 import { ClientTypeEnumFromJSON, ClientTypeEnumToJSON } from "./ClientTypeEnum";
+import type { GrantTypesEnum } from "./GrantTypesEnum";
+import { GrantTypesEnumFromJSON, GrantTypesEnumToJSON } from "./GrantTypesEnum";
 import type { IssuerModeEnum } from "./IssuerModeEnum";
 import { IssuerModeEnumFromJSON, IssuerModeEnumToJSON } from "./IssuerModeEnum";
 import type { OAuth2ProviderLogoutMethodEnum } from "./OAuth2ProviderLogoutMethodEnum";
@@ -122,6 +124,12 @@ export interface OAuth2Provider {
      * @memberof OAuth2Provider
      */
     clientType?: ClientTypeEnum;
+    /**
+     *
+     * @type {Array<GrantTypesEnum>}
+     * @memberof OAuth2Provider
+     */
+    grantTypes?: Array<GrantTypesEnum>;
     /**
      *
      * @type {string}
@@ -279,6 +287,10 @@ export function OAuth2ProviderFromJSONTyped(
         metaModelName: json["meta_model_name"],
         clientType:
             json["client_type"] == null ? undefined : ClientTypeEnumFromJSON(json["client_type"]),
+        grantTypes:
+            json["grant_types"] == null
+                ? undefined
+                : (json["grant_types"] as Array<any>).map(GrantTypesEnumFromJSON),
         clientId: json["client_id"] == null ? undefined : json["client_id"],
         clientSecret: json["client_secret"] == null ? undefined : json["client_secret"],
         accessCodeValidity:
@@ -341,6 +353,10 @@ export function OAuth2ProviderToJSONTyped(
         invalidation_flow: value["invalidationFlow"],
         property_mappings: value["propertyMappings"],
         client_type: ClientTypeEnumToJSON(value["clientType"]),
+        grant_types:
+            value["grantTypes"] == null
+                ? undefined
+                : (value["grantTypes"] as Array<any>).map(GrantTypesEnumToJSON),
         client_id: value["clientId"],
         client_secret: value["clientSecret"],
         access_code_validity: value["accessCodeValidity"],

packages/client-ts/src/models/OAuth2ProviderRequest.ts

@@ -14,6 +14,8 @@
 
 import type { ClientTypeEnum } from "./ClientTypeEnum";
 import { ClientTypeEnumFromJSON, ClientTypeEnumToJSON } from "./ClientTypeEnum";
+import type { GrantTypesEnum } from "./GrantTypesEnum";
+import { GrantTypesEnumFromJSON, GrantTypesEnumToJSON } from "./GrantTypesEnum";
 import type { IssuerModeEnum } from "./IssuerModeEnum";
 import { IssuerModeEnumFromJSON, IssuerModeEnumToJSON } from "./IssuerModeEnum";
 import type { OAuth2ProviderLogoutMethodEnum } from "./OAuth2ProviderLogoutMethodEnum";
@@ -68,6 +70,12 @@ export interface OAuth2ProviderRequest {
      * @memberof OAuth2ProviderRequest
      */
     clientType?: ClientTypeEnum;
+    /**
+     *
+     * @type {Array<GrantTypesEnum>}
+     * @memberof OAuth2ProviderRequest
+     */
+    grantTypes?: Array<GrantTypesEnum>;
     /**
      *
      * @type {string}
@@ -197,6 +205,10 @@ export function OAuth2ProviderRequestFromJSONTyped(
         propertyMappings: json["property_mappings"] == null ? undefined : json["property_mappings"],
         clientType:
             json["client_type"] == null ? undefined : ClientTypeEnumFromJSON(json["client_type"]),
+        grantTypes:
+            json["grant_types"] == null
+                ? undefined
+                : (json["grant_types"] as Array<any>).map(GrantTypesEnumFromJSON),
         clientId: json["client_id"] == null ? undefined : json["client_id"],
         clientSecret: json["client_secret"] == null ? undefined : json["client_secret"],
         accessCodeValidity:
@@ -248,6 +260,10 @@ export function OAuth2ProviderRequestToJSONTyped(
         invalidation_flow: value["invalidationFlow"],
         property_mappings: value["propertyMappings"],
         client_type: ClientTypeEnumToJSON(value["clientType"]),
+        grant_types:
+            value["grantTypes"] == null
+                ? undefined
+                : (value["grantTypes"] as Array<any>).map(GrantTypesEnumToJSON),
         client_id: value["clientId"],
         client_secret: value["clientSecret"],
         access_code_validity: value["accessCodeValidity"],

packages/client-ts/src/models/PatchedOAuth2ProviderRequest.ts

@@ -14,6 +14,8 @@
 
 import type { ClientTypeEnum } from "./ClientTypeEnum";
 import { ClientTypeEnumFromJSON, ClientTypeEnumToJSON } from "./ClientTypeEnum";
+import type { GrantTypesEnum } from "./GrantTypesEnum";
+import { GrantTypesEnumFromJSON, GrantTypesEnumToJSON } from "./GrantTypesEnum";
 import type { IssuerModeEnum } from "./IssuerModeEnum";
 import { IssuerModeEnumFromJSON, IssuerModeEnumToJSON } from "./IssuerModeEnum";
 import type { OAuth2ProviderLogoutMethodEnum } from "./OAuth2ProviderLogoutMethodEnum";
@@ -68,6 +70,12 @@ export interface PatchedOAuth2ProviderRequest {
      * @memberof PatchedOAuth2ProviderRequest
      */
     clientType?: ClientTypeEnum;
+    /**
+     *
+     * @type {Array<GrantTypesEnum>}
+     * @memberof PatchedOAuth2ProviderRequest
+     */
+    grantTypes?: Array<GrantTypesEnum>;
     /**
      *
      * @type {string}
@@ -196,6 +204,10 @@ export function PatchedOAuth2ProviderRequestFromJSONTyped(
         propertyMappings: json["property_mappings"] == null ? undefined : json["property_mappings"],
         clientType:
             json["client_type"] == null ? undefined : ClientTypeEnumFromJSON(json["client_type"]),
+        grantTypes:
+            json["grant_types"] == null
+                ? undefined
+                : (json["grant_types"] as Array<any>).map(GrantTypesEnumFromJSON),
         clientId: json["client_id"] == null ? undefined : json["client_id"],
         clientSecret: json["client_secret"] == null ? undefined : json["client_secret"],
         accessCodeValidity:
@@ -250,6 +262,10 @@ export function PatchedOAuth2ProviderRequestToJSONTyped(
         invalidation_flow: value["invalidationFlow"],
         property_mappings: value["propertyMappings"],
         client_type: ClientTypeEnumToJSON(value["clientType"]),
+        grant_types:
+            value["grantTypes"] == null
+                ? undefined
+                : (value["grantTypes"] as Array<any>).map(GrantTypesEnumToJSON),
         client_id: value["clientId"],
         client_secret: value["clientSecret"],
         access_code_validity: value["accessCodeValidity"],

packages/client-ts/src/models/index.ts

@@ -221,6 +221,7 @@ export * from "./GoogleWorkspaceProviderMappingRequest";
 export * from "./GoogleWorkspaceProviderRequest";
 export * from "./GoogleWorkspaceProviderUser";
 export * from "./GoogleWorkspaceProviderUserRequest";
+export * from "./GrantTypesEnum";
 export * from "./Group";
 export * from "./GroupKerberosSourceConnection";
 export * from "./GroupKerberosSourceConnectionRequest";