authentik

mirror of https://github.com/goauthentik/authentik.git synced 2026-06-17 19:09:11 +03:00

Author	SHA1	Message	Date
Dominic R	6df226188f	providers/scim: Add GitLab compatibility mode (#22906 ) * providers/scim: Add GitLab compatibility mode Add a GitLab SCIM compatibility mode that skips ServiceProviderConfig probing and document when to use it. Also wrap non-JSON SCIM responses so providers that return HTML redirects fall back through the existing ServiceProviderConfig default path. Agent-thread: https://sdko.org/internal/thr/per/019ea36a-92dd-7651-8a2d-0d838e724a7d A7k-product: product A7k-product-repo: 1 Co-authored-by: Agent <agent@svc.sdko.net> * providers/scim: Fold GitLab mode into existing migration Agent-thread: https://sdko.org/internal/thr/ak/019ea7bd-ce63-77a2-90d6-5dcc25d4402d A7k-product: product A7k-product-repo: 2 Co-authored-by: Agent <agent@svc.sdko.net> --------- Co-authored-by: Agent <agent@svc.sdko.net>	2026-06-15 16:30:07 -04:00
Dominic R	fc8424ac50	stages/captcha: add Cap and JSON verification support (#22373 ) * stages/captcha: add Cap and JSON verification support Add a configurable verification request content type so CAPTCHA providers can use either form-encoded or JSON token verification. Add Cap as a preset and flow controller, including module-script loading, interactive widget handling, generated API/client types, tests, and docs. * web/admin: clarify Cap captcha configuration Treat the Cap endpoint as a form-only alias for the existing public key field and document Cap alongside the other CAPTCHA providers. Agent-thread: https://sdko.org/internal/threads/019e737a-314e-72d0-98ae-201cb855df3a A7k-product: product A7k-product-repo: 2 Co-authored-by: Agent <agent@svc.sdko.net> * stages/captcha: prefer self-hosted Cap widget URL Default the Cap provider guidance to the self-hosted widget asset and keep CDN usage pinned to reviewed releases. Agent-thread: https://sdko.org/internal/thr/ak/019ead31-2435-7e12-b933-e873155d6894 A7k-product: product A7k-product-repo: 2 Co-authored-by: Agent <agent@svc.sdko.net> * floating --------- Co-authored-by: Agent <agent@svc.sdko.net> Co-authored-by: Simonyi Gergő <28359278+gergosimonyi@users.noreply.github.com>	2026-06-11 16:15:21 +00:00
Dominic R	226c69d213	core, web: Remove stale compatibility paths (#22192 ) * Remove stale compatibility paths * fix schema * should have vibecoded this --------- Co-authored-by: Simonyi Gergő <28359278+gergosimonyi@users.noreply.github.com>	2026-06-10 12:31:48 -04:00
Teffen Ellis	5727ae4271	core, internal, packages: fix British spellings flagged by cspell (#22819 ) * core, internal, packages: fix British spellings flagged by cspell Apply American spellings in Python docstrings/comments, Go log messages, a Rust doc comment, and a template comment (behaviour->behavior, initialise->initialize, finalise->finalize, etc.). Part of enabling cspell's British-spelling rule; the rule itself lands in a separate PR once all areas are clean. Co-Authored-By: Playpen Agent <279763771+playpen-agent@users.noreply.github.com> * gen Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: Playpen Agent <279763771+playpen-agent@users.noreply.github.com> Co-authored-by: Jens Langhammer <jens@goauthentik.io>	2026-06-08 14:55:31 +02:00
dependabot[bot]	12d4c0ac2d	core: bump openapitools/openapi-generator-cli from v7.21.0 to v7.22.0 in /packages/client-ts (#22575 ) * core: bump openapitools/openapi-generator-cli in /packages/client-ts Bumps openapitools/openapi-generator-cli from v7.21.0 to v7.22.0. --- updated-dependencies: - dependency-name: openapitools/openapi-generator-cli dependency-version: v7.22.0 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> * re-gen Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Jens Langhammer <jens@goauthentik.io>	2026-06-02 18:25:13 +02:00
Marc 'risson' Schmitt	f4e4bfcbe5	root: fix schema and API clients (#22735 ) * regenerate schema Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * update ts client Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> --------- Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>	2026-06-01 18:42:06 +02:00
Connor Peshek	b9e1b27d59	events: fix certificate typo (#22542 ) authentik/events: fix certificate typo	2026-05-21 21:52:01 +00:00
Jens L.	1af9856274	flows: remove link to overview for non-internal user (#22362 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2026-05-14 23:23:14 +02:00
Jens L.	a712e5bb2f	enterprise/providers/scim: add support for interactive OAuth2 (#22072 ) * enterprise/providers/scim: add support for interactive OAuth2 Signed-off-by: Jens Langhammer <jens@goauthentik.io> * prep different oauth mode Signed-off-by: Jens Langhammer <jens@goauthentik.io> * implement it Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add data to API Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update ui Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fixes Signed-off-by: Jens Langhammer <jens@goauthentik.io> * cleanup Signed-off-by: Jens Langhammer <jens@goauthentik.io> * start adding tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add more tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * remove not-needed migration Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fixup Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix last_updated not being updated Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2026-05-13 18:27:34 +02:00
authentik-automation[bot]	5053167a05	internal: Automated internal backport: CVE-2026-40166.sec.patch to authentik-main (#22299 ) * Automated internal backport of patch CVE-2026-40166.sec.patch to authentik-main * gen Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com> Co-authored-by: Jens Langhammer <jens@goauthentik.io>	2026-05-12 20:15:56 +02:00
Connor Peshek	c810beca71	providers/saml: make unified saml endpoint (#20026 ) * providers/saml: make unified saml endpoint	2026-05-09 09:28:05 -05:00
authentik-automation[bot]	ea61e1cf3b	root: bump version to 2026.8.0-rc1 (#22167 ) Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>	2026-05-08 17:15:32 +00:00
Simonyi Gergő	e220d8e29b	events: fix `destination_group_obj` not being nullable (#22161 ) * events: fix `destination_group_obj` not being nullable * `make lint-fix`	2026-05-08 17:16:20 +02:00
Alexander Tereshkin	93abd2e041	stage/authenticator: expand attempt throttling to email- and sms-based 2FA (#21751 ) stages/authenticator: enable attempt throttling for email- and sms-based second authentication factor stages/authenticator: add throttling tests stage/authenticator_validate: add throttling documentation * Update website/docs/add-secure-apps/flows-stages/stages/authenticator_validate/index.mdx Co-authored-by: Dominic R <dominic@sdko.org> Signed-off-by: Alexander Tereshkin <96586+atereshkin@users.noreply.github.com> * Update website/docs/add-secure-apps/flows-stages/stages/authenticator_validate/index.mdx Co-authored-by: Dominic R <dominic@sdko.org> Signed-off-by: Alexander Tereshkin <96586+atereshkin@users.noreply.github.com> * stages/authenticator_validate: update docs wording * Update website/docs/add-secure-apps/flows-stages/stages/authenticator_validate/index.mdx Co-authored-by: Dominic R <dominic@sdko.org> Signed-off-by: Alexander Tereshkin <96586+atereshkin@users.noreply.github.com> * Update website/docs/add-secure-apps/flows-stages/stages/authenticator_validate/index.mdx Co-authored-by: Dominic R <dominic@sdko.org> Signed-off-by: Alexander Tereshkin <96586+atereshkin@users.noreply.github.com> * Update website/docs/add-secure-apps/flows-stages/stages/authenticator_validate/index.mdx Co-authored-by: Dominic R <dominic@sdko.org> Signed-off-by: Alexander Tereshkin <96586+atereshkin@users.noreply.github.com> --------- Signed-off-by: Alexander Tereshkin <96586+atereshkin@users.noreply.github.com> Co-authored-by: Dominic R <dominic@sdko.org>	2026-05-07 12:12:06 -05:00
Teffen Ellis	e40187179d	packages/client-ts: Fix TypeScript config, ESBuild warnings (#21863 ) * packages/client-ts: drop composite/incremental from tsconfig template Sync with goauthentik/client-ts#13. The flags are the mechanism of the missing-dist release bug upstream; harmless in the monorepo (no publishing) but pointless for a single-package, no-project-references setup. Keeping the two trees aligned avoids drift. Co-Authored-By: Agent (authentik-m-sync-packages-final-concrete-buff) <279763771+playpen-agent@users.noreply.github.com> * Fix package not building. --------- Co-authored-by: Agent (authentik-m-sync-packages-final-concrete-buff) <279763771+playpen-agent@users.noreply.github.com>	2026-05-06 12:29:46 +02:00
Marcelo Elizeche Landó	a8db2882ec	stages/invitation: Invitation wizard (#20399 )	2026-05-05 11:47:31 -05:00
Jens L.	7cffbb4d07	tenants: add option to mark flag as deprecated (#22063 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2026-05-05 17:25:01 +02:00
Dewi Roberts	716bc6e136	api: set authenticated session user agent nullable properties (#22059 ) * Set properties to nullable and regenerate schema * Make gen * format Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: Jens Langhammer <jens@goauthentik.io>	2026-05-05 14:47:27 +02:00
Luca Sannitu	b04f8a6177	providers/oauth2: override RedirectURITypeEnum capitalization for generated API (#22037 ) * fix(providers/oauth2): correct RedirectURITypeEnum capitalization in API schema * fix: remove encoding artifacts introduced during client regeneration	2026-05-05 14:18:02 +02:00
Jens L.	4851179522	enterprise/providers/ssf: more conformance fixes (#21521 ) * enterprise/providers/ssf: more conformance fixes Signed-off-by: Jens Langhammer <jens@goauthentik.io> * include request when possible Signed-off-by: Jens Langhammer <jens@goauthentik.io> * remove null state Signed-off-by: Jens Langhammer <jens@goauthentik.io> * t Signed-off-by: Jens Langhammer <jens@goauthentik.io> * re-gen & format Signed-off-by: Jens Langhammer <jens@goauthentik.io> * remove None state Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix ci Signed-off-by: Jens Langhammer <jens@goauthentik.io> * revert a thing Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix ssf conformance test Signed-off-by: Jens Langhammer <jens@goauthentik.io> * no subtest Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix network Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add test for stream update Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2026-05-04 14:11:21 +02:00
Dominic R	821b74d7c1	enterprise: account lockdown (#18615 )	2026-04-30 23:02:46 +00:00
Alexander Tereshkin	8963d29ab4	enterprise/lifecycle: remove one review per object limitation (#21046 ) * enterprise/lifecycle: allow multiple rules to apply to a single object (and thus, multiple concurrent reviews) * enterprise/lifecyle: add missing migration to allow multiple lifecycle rules per object, add tests, update documentation * enterprise/lifecycle: add a bit of padding to individual review iterations on Review tab for better visual separation * enterprise/lifecycle: remove validation preventing the creation of multiple lifecycle rules for one object type * enterprise/lifecycle: change the approach to querying the list of reviews with user_is_reviewer annotation to prevent duplicate rows * enterprise/lifecycle: add custom per-type logic to get object name for use in a notification to prevent texts like "Review is due for Group Group X" * enterprise/lifecycle: updated wording on lifecycle rule form and preview banner padding * enterprise/lifecycle: remove task list from lifecycle rules and switch to using per-rule schedules * enterprise/lifecycle: add a title to the lifecycle tab * Revert "enterprise/lifecycle: remove task list from lifecycle rules and switch to using per-rule schedules" This reverts commit 8a060015b693f65f651a71bdb0c47092d3463af1. * enterprise/lifecycle: remove task list from the lifecycle rule list page and attach the tasks to the schedule * enterprise/lifecycle: add proper caption when there are no reviews for an object * enterprise/lifecycle: attach individual apply_lifecycle_rule tasks to the schedule when launched from apply_lifecycle_rules * enterprise/lifecycle: update generated API clients * enterprise/lifecycle: update wording * enterprise/lifecycle: fix ts issues after rebase * Update website/docs/sys-mgmt/object-lifecycle-management.md Co-authored-by: Dominic R <dominic@sdko.org> Signed-off-by: Alexander Tereshkin <96586+atereshkin@users.noreply.github.com> * enterprise/lifecycle: remove fmall code artifact --------- Signed-off-by: Alexander Tereshkin <96586+atereshkin@users.noreply.github.com> Co-authored-by: Dominic R <dominic@sdko.org>	2026-04-30 14:11:07 -05:00
Dominic R	899994027d	core: support hashed password in users API + automated install (#18686 ) * core: add hash_password command and password_hash bootstrap support * core: prevent hash format exposure in validation error * core: remove redundant password length check * core: remove extra blank lines from hash_password command * core: add password_hash serializer tests, refine validation and imports * core: add null password fields test, add hash warning to docs * core: move hash validation to User.set_password_from_hash method * core: emit password_changed signal in set_password_from_hash * website: remove redundant hash security warning * core: wrap conflict error message for translation * core: wrap invalid hash error message for translation * web, core: add set_password_hash API endpoint and admin UI * core: simplify password_hash check to None comparison * core: use None check for password conflict validation * website: clarify Docker Compose $ escaping for .env vs compose.yml * website: lint * web: lint * core: add nosec comment for empty password string in signal * core: lint * web: Fix Password Hash help text * sources/kerberos,ldap: Gergo's review * add testing for ^^ and type fix * more general signal tests; not provider specific * only used in tests * add warning * we can do this * signals fix???? * core, web, website: review fixes * style(docs): format automated install guide * web: restore modal invoker import after rebase Co-authored-by: Codex <codex@openai.com> * fix generated clients * core: trim hash password command tests * core: add password hash permission * core: cover service account password hashes * web: remove password hash form * core: regenerate password hash migration * core: reuse password serializer for hashes * docs: clarify hashed password imports * Regenerate * core: deduplicate user serializer writes * core: deduplicate password update actions * core: deduplicate password change signaling * tests: reuse password hash API helper * tests: reuse SSF credential assertions * docs: centralize hashed password caveat * core: name password hash signal source * core: centralize password hash validation * core: deduplicate serializer password saves * docs: link source writeback caveats * api: clarify password hash request field * tests: deduplicate password hash API assertions * web: reuse user display-name helper * web: use existing user display formatter * core: reuse reset password permission for hash endpoint * core: keep separate password hash serializer * tests: remove redundant password hash permission test * 21745 Co-authored-by: Gergo <gergo@goauthentik.io> * core: preserve empty password handling in user serializer * core: inline blueprint user serializer fields * Use password hash constant * Simplify user serializer flow * Inline password update handling * Apply serializer cleanup * Clean blueprint password handling * Drop extra returns * Split password hash signal * Align hash signal receivers * Remove stale password guards * Inline password signal --------- Co-authored-by: Codex <codex@openai.com> Co-authored-by: Gergo <gergo@goauthentik.io>	2026-04-29 06:27:59 +02:00
Connor Peshek	a2ca19d718	providers/saml: generate issuer url when provider is set on app (#18022 ) * providers/saml: generate issuer url in saml processors unless overridded * remove issuer * remove duplicate * Generate url when assertion is created and save to session * cleanup * Fix front-end rendering of issuer * Update web/src/admin/providers/saml/SAMLProviderViewPage.ts Co-authored-by: Jens L. <jens@goauthentik.io> Signed-off-by: Connor Peshek <connor@connorpeshek.me> * Update authentik/providers/saml/models.py Co-authored-by: Jens L. <jens@goauthentik.io> Signed-off-by: Connor Peshek <connor@connorpeshek.me> * Update authentik/providers/saml/models.py Co-authored-by: Jens L. <jens@goauthentik.io> Signed-off-by: Connor Peshek <connor@connorpeshek.me> * use reverse for urls and update tests * update issuer description * Don't absorb sp entity id * rename issuer_url to issuer_override * fix migration file to rename to override * fix migration file order * lint, fix tests * fix tests * fix once again not importing the sp issuer * build * use const for default issuer --------- Signed-off-by: Connor Peshek <connor@connorpeshek.me> Co-authored-by: connor peshek <connorpeshek@connors-MacBook-Pro.local> Co-authored-by: Jens L. <jens@goauthentik.io>	2026-04-28 17:31:12 -05:00
Marcelo Elizeche Landó	05005f4eb9	core: add support for hiding applications from the user dashboard (#21530 ) * Add meta_hide field to hide apps * exclude hidden applications from user dashboard * Add the hide option to the UI * Add schema * Add hide setting to application wizard * Add typescript client changes * fix linting * Convert blank://blank to meta_hide=True in the migration * fix tests * update docs * fix continuous login Signed-off-by: Jens Langhammer <jens@goauthentik.io> * Apply suggestions from code review Co-authored-by: Dewi Roberts <dewi@goauthentik.io> Signed-off-by: Marcelo Elizeche Landó <marce@melizeche.com> * fix linting * fix migrations * Apply suggestions from code review Co-authored-by: Dominic R <dominic@sdko.org> Signed-off-by: Marcelo Elizeche Landó <marce@melizeche.com> * rename all mentions of dashboard to My applications * generate schema * generate TS client --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io> Signed-off-by: Marcelo Elizeche Landó <marce@melizeche.com> Co-authored-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: Dewi Roberts <dewi@goauthentik.io> Co-authored-by: Dominic R <dominic@sdko.org>	2026-04-28 13:05:56 -03:00
Dominic R	620387f294	providers/scim: fix vCenter compatibility mode (#21830 )	2026-04-27 12:00:00 +00:00
Jens L.	8f1bdc01b6	providers/oauth2: Configure allowed grant types (#20363 ) * naming cleanup Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add Signed-off-by: Jens Langhammer <jens@goauthentik.io> * adjust defaults, start adding tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * more tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * gen Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix proxy Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add UI Signed-off-by: Jens Langhammer <jens@goauthentik.io> * attempt to fix e2e Signed-off-by: Jens Langhammer <jens@goauthentik.io> * allow refresh token for conformance Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix e2e Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2026-04-27 13:36:57 +02:00
Bapuji Koraganti	24edee3e78	flows: add warning message for expired password reset links (#21395 ) * flows: add warning message for expired password reset links Fixes #21306 * Replace token expiry check with REQUIRE_TOKEN authentication requirement Incorporate review comments to move expired/invalid token handling from executor-level check to flow planner authentication requirement. This avoids disclosing whether a token ever existed and handles already-cleaned-up tokens. * The fix was changing gettext_lazy to gettext * remove unneeded migration Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update form Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: Jens Langhammer <jens@goauthentik.io>	2026-04-22 15:09:05 +02:00
Jens L.	915b5a73fc	enterprise/endpoints/connectors/agent: add independent secure enclave support for tap to login (#20766 ) * enterprise/endpoints/connectors/agent: add independent secure enclave support for tap to login Signed-off-by: Jens Langhammer <jens@goauthentik.io> * format Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix API url Signed-off-by: Jens Langhammer <jens@goauthentik.io> * remove optional settings Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add a missing text Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2026-04-18 20:29:17 +02:00
Jens L.	00639d9596	policies/event_matcher: Add query option to filter events (#21618 ) * policies/event_matcher: support QL query Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix lit dev warning Signed-off-by: Jens Langhammer <jens@goauthentik.io> * cache autocomplete data if QL isn't setup yet Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add ui Signed-off-by: Jens Langhammer <jens@goauthentik.io> * dont use ql input in modal Signed-off-by: Jens Langhammer <jens@goauthentik.io> * cleanup Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix codespell Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2026-04-16 01:52:11 +02:00
Fletcher Heisler	c32f21046d	enterprise/search: move QL to open source] (#21484 ) * enterprise/search move to /search * use make gen for schema updates * update docs * re-org Signed-off-by: Jens Langhammer <jens@goauthentik.io> * cleanup more Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix web Signed-off-by: Jens Langhammer <jens@goauthentik.io> * oops Signed-off-by: Jens Langhammer <jens@goauthentik.io> * huh Signed-off-by: Jens Langhammer <jens@goauthentik.io> * typing Signed-off-by: Jens Langhammer <jens@goauthentik.io> * gen Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: Jens Langhammer <jens@goauthentik.io>	2026-04-09 16:37:11 +02:00
Simonyi Gergő	2b8313ee91	core: fix policy binding objects not being nullable (#21421 ) * fix policy binding objects not being nullable * `make gen-clients` * fix schema Signed-off-by: Jens Langhammer <jens@goauthentik.io> * tidy Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix test * `make gen` --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: Jens Langhammer <jens@goauthentik.io>	2026-04-08 16:39:00 +02:00
Jens L.	57d2135c8a	sources/ldap: Switch to new connection tracking, deprecated attribute-based connection (#21392 ) * init user Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix and update groups Signed-off-by: Jens Langhammer <jens@goauthentik.io> * split api Signed-off-by: Jens Langhammer <jens@goauthentik.io> * include user and group in ldap conn Signed-off-by: Jens Langhammer <jens@goauthentik.io> * unrelated cleanup Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add ldap users/groups page Signed-off-by: Jens Langhammer <jens@goauthentik.io> * ui cleanup Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fixup Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update error message Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix import Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add forms for user/group connections Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix py sync Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fixup web Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix connection not always saved Signed-off-by: Jens Langhammer <jens@goauthentik.io> * more tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix help text Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2026-04-07 16:13:05 +02:00
Connor Peshek	8c3d5f1269	providers/oauth: post_logout_redirect_uri support (#20011 ) * oauth2/providers: add post logout redirect uri to providers * properly handle post_logout_redirect_uri and frontchannel message to rp * add backchannel support * move logout url logic * hanlde forbidden_uri_schemes on post_logout_redirect_uri * merge post_logout with redirect_uri --------- Signed-off-by: Connor Peshek <connor@connorpeshek.me> Co-authored-by: Jens L. <jens@goauthentik.io>	2026-04-07 03:46:11 -05:00
Jens L.	ea2bdde5a3	enterprise/providers/ssf: test conformance (#21383 ) * bump conformance server Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add support for rfc push Signed-off-by: Jens Langhammer <jens@goauthentik.io> * make format and aud optional Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix some endpoints Signed-off-by: Jens Langhammer <jens@goauthentik.io> * force 401 Signed-off-by: Jens Langhammer <jens@goauthentik.io> * implement get and patch for streams Signed-off-by: Jens Langhammer <jens@goauthentik.io> * cleanup Signed-off-by: Jens Langhammer <jens@goauthentik.io> * enable async stream deletion Signed-off-by: Jens Langhammer <jens@goauthentik.io> * allow configuring remote certificate validation Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add verification endpoint Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add support for authorization_header Signed-off-by: Jens Langhammer <jens@goauthentik.io> * set default aud cause spec cant agree with itself Signed-off-by: Jens Langhammer <jens@goauthentik.io> * bump timeout Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix header `typ` Signed-off-by: Jens Langhammer <jens@goauthentik.io> * enabled -> status Signed-off-by: Jens Langhammer <jens@goauthentik.io> * re-migrate Signed-off-by: Jens Langhammer <jens@goauthentik.io> * gen Signed-off-by: Jens Langhammer <jens@goauthentik.io> * more tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * more tests and a fix Signed-off-by: Jens Langhammer <jens@goauthentik.io> * make streams deletable Signed-off-by: Jens Langhammer <jens@goauthentik.io> * and more logs and fix a silly bug Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add stream status endpoint Signed-off-by: Jens Langhammer <jens@goauthentik.io> * move ssf out of preview Signed-off-by: Jens Langhammer <jens@goauthentik.io> * unrelated typing fix Signed-off-by: Jens Langhammer <jens@goauthentik.io> * format Signed-off-by: Jens Langhammer <jens@goauthentik.io> * sigh Signed-off-by: Jens Langhammer <jens@goauthentik.io> * more tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2026-04-05 16:35:39 +02:00
Jens L.	f38584b343	root: misc API client and web typing fixes (#21388 ) * fix relObjId type Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix slot comments Signed-off-by: Jens Langhammer <jens@goauthentik.io> * sigh Signed-off-by: Jens Langhammer <jens@goauthentik.io> * use prettier on generated ts code Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2026-04-05 13:46:08 +02:00
Jens L.	827a77dd52	web/admin: more and more polish (#21303 ) * fix user edit button Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix impersonate button not aligned Signed-off-by: Jens Langhammer <jens@goauthentik.io> * cleanup oauth2 provider page Signed-off-by: Jens Langhammer <jens@goauthentik.io> * better desc for outpost health Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix static table not updating when items change Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix lint Signed-off-by: Jens Langhammer <jens@goauthentik.io> * include oidc providers in ssf provider retrieve Signed-off-by: Jens Langhammer <jens@goauthentik.io> * consistent oauth provider label Signed-off-by: Jens Langhammer <jens@goauthentik.io> * rework ssf view page Signed-off-by: Jens Langhammer <jens@goauthentik.io> * make client-rust makefile on macos specifically when gnu sed is installed in the path Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2026-04-04 22:35:11 +02:00
Jens L.	8610c25bd3	blueprints: rework one-time import (#18074 ) * initial move Signed-off-by: Jens Langhammer <jens@goauthentik.io> * rework permissions Signed-off-by: Jens Langhammer <jens@goauthentik.io> * initial UI rework Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add option to one-time import from file Signed-off-by: Jens Langhammer <jens@goauthentik.io> * adjust ui Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update api Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix import form logs Signed-off-by: Jens Langhammer <jens@goauthentik.io> * reset correctly Signed-off-by: Jens Langhammer <jens@goauthentik.io> * improve error handling Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2026-04-01 15:03:16 +02:00
Connor Peshek	8dddc05bc0	source/saml: Add forceauthn to saml authnrequest (#20883 ) * source/saml: Add ForceAuthn support to SAML AuthnRequest	2026-03-31 22:54:01 -05:00
Jens L.	06408cba59	core: fix provider not nullable (#21275 ) * core: fix provider not nullable Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix more inconsistencies Signed-off-by: Jens Langhammer <jens@goauthentik.io> * idk man Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2026-03-31 18:27:22 +02:00
Jens L.	0b1ba60354	stages/authenticator_webauthn: save attestation certificate when creating credential (#20095 ) * stages/authenticator_webauthn: save attestation certificate when creating credential Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add toggle Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix migration Signed-off-by: Jens Langhammer <jens@goauthentik.io> * gen Signed-off-by: Jens Langhammer <jens@goauthentik.io> * squash Signed-off-by: Jens Langhammer <jens@goauthentik.io> * better test Signed-off-by: Jens Langhammer <jens@goauthentik.io> * ui Signed-off-by: Jens Langhammer <jens@goauthentik.io> * docs Signed-off-by: Jens Langhammer <jens@goauthentik.io> * gen Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2026-03-30 13:55:39 +02:00
Jens L.	d1c997b2fe	core: Application stats, device events & cleanup (#21225 ) * core: app stats Signed-off-by: Jens Langhammer <jens@goauthentik.io> * refctor Signed-off-by: Jens Langhammer <jens@goauthentik.io> * rework to generic API Signed-off-by: Jens Langhammer <jens@goauthentik.io> * oops Signed-off-by: Jens Langhammer <jens@goauthentik.io> * handling Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix docs Signed-off-by: Jens Langhammer <jens@goauthentik.io> * more docs Signed-off-by: Jens Langhammer <jens@goauthentik.io> * unrelated fix Signed-off-by: Jens Langhammer <jens@goauthentik.io> * allow filtering events by device Signed-off-by: Jens Langhammer <jens@goauthentik.io> * show device events on device page Signed-off-by: Jens Langhammer <jens@goauthentik.io> * simply event tables Signed-off-by: Jens Langhammer <jens@goauthentik.io> * tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2026-03-29 21:58:12 +02:00
Jens L.	1a43ac1dc2	providers/scim: add webex compatibility mode (#21208 ) * providers/scim: add webex compatibility mode Signed-off-by: Jens Langhammer <jens@goauthentik.io> * migrate Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2026-03-27 21:39:39 +01:00
Jens L.	d4590f15e7	packages: use openapi-generator-ignore instead of deleting extra files (#21209 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2026-03-27 21:39:24 +01:00
Jens L.	5108be6554	api: cleanup enums (#21201 ) * api: cleanup choice enums Signed-off-by: Jens Langhammer <jens@goauthentik.io> * more names Signed-off-by: Jens Langhammer <jens@goauthentik.io> * unrelated Signed-off-by: Jens Langhammer <jens@goauthentik.io> * rework Signed-off-by: Jens Langhammer <jens@goauthentik.io> * gen Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update web Signed-off-by: Jens Langhammer <jens@goauthentik.io> * format Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix? Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * try custom template Signed-off-by: Jens Langhammer <jens@goauthentik.io> * sed it instead? Signed-off-by: Jens Langhammer <jens@goauthentik.io> * correct sed Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2026-03-27 15:54:59 +01:00
Teffen Ellis	1b1be27f6a	core, web: Vendored client follow-ups (#21174 ) * core, web: Vendored client follow-ups - Updated packages for use with TypeScript 6 - Fix search results including symlinks. * Bump docker package. * web: bump vite from 8.0.2 to 8.0.3 in /web Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) from 8.0.2 to 8.0.3. - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/create-vite@8.0.3/packages/vite) --- updated-dependencies: - dependency-name: vite dependency-version: 8.0.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Fix import declaration order. * Fix live reload imports, package declarations. * Tidy admin entrypoint. * Rename. * Fix import. * Fix import. * Update paths. Update Knip. * Bump knip. * Update esbuild.d.ts Signed-off-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com> * Bump. * Re-enable deprecation warning. --------- Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com> Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-03-26 18:33:24 +01:00
Marc 'risson' Schmitt	ef1d0b0279	packages/client-ts: init (#21120 ) Co-authored-by: Jens Langhammer <jens@goauthentik.io>	2026-03-26 13:34:48 +01:00

47 Commits