d880c46d7c
enterprise/endpoints/connectors: add google_chrome ( #19129 )
...
* init
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add icon
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* actually load
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix serializer
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* init ui
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix duplicated element name
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* include chrome url
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make it work, some small UI fixes
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* format
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* invisible submit for frame
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix device not set in flow plan, fix other small things, more tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* simplify
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* Minor doc changes
* dedupe templates
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Dewi Roberts <dewi@goauthentik.io >
2026-03-09 11:17:56 +01:00
6245809eae
web/flows: continuous login ( #19862 )
...
* wip
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
# Conflicts:
# authentik/core/signals.py
# authentik/stages/identification/stage.py
# web/src/flow/stages/RedirectStage.ts
# Conflicts:
# web/src/flow/FlowExecutor.ts
* fix race conditions
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* prevent stale locks
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add to feature flag
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add separate flag
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make it build
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* revisit
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* better origin check
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2026-03-04 10:37:53 +00:00
9ba7b373b1
enterprise/lifecycle: use datetime instead of date to track review cycles ( #20283 )
...
* enterprise/lifecycle: use datetime instead of date to track review cycles (fix for #20265 )
* Update authentik/enterprise/lifecycle/api/iterations.py
Co-authored-by: Jens L. <jens@beryju.org >
Signed-off-by: Alexander Tereshkin <96586+atereshkin@users.noreply.github.com >
* enterprise/lifecycle: replace extend_schema_field with type annotations
---------
Signed-off-by: Alexander Tereshkin <96586+atereshkin@users.noreply.github.com >
Co-authored-by: Simonyi Gergő <28359278+gergosimonyi@users.noreply.github.com >
Co-authored-by: Jens L. <jens@beryju.org >
2026-02-23 14:55:44 +01:00
fe0f559cd2
core: bump django-countries from 7.6.1 to 8.2.0 ( #19459 )
...
* core: bump django-countries from 7.6.1 to 8.2.0
Bumps [django-countries](https://github.com/SmileyChris/django-countries ) from 7.6.1 to 8.2.0.
- [Changelog](https://github.com/SmileyChris/django-countries/blob/main/CHANGES.md )
- [Commits](https://github.com/SmileyChris/django-countries/compare/v7.6.1...v8.2.0 )
---
updated-dependencies:
- dependency-name: django-countries
dependency-version: 8.2.0
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
# Conflicts:
# pyproject.toml
# uv.lock
* re-gen schema
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: dependabot[bot] <support@github.com >
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io >
2026-02-17 18:13:41 +01:00
b76539e73f
stage/invitation: Send invite via email UI ( #19823 )
...
* first approach
* add cc and bcc support, better ui
* remove unnecessary data return
* add template support
* fix linting
* do the ui
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* display invite info in InvitationSendEmailForm.ts
* Select the invitation template by default
* Fix linting
* fix tests
* Add tests, clean code
* Add docs
* fix link
* Make the UI less disgusting
* Make the UI less disgusting
* Apply suggestions from code review
Co-authored-by: Dewi Roberts <dewi@goauthentik.io >
Signed-off-by: Marcelo Elizeche Landó <marce@melizeche.com >
* small formatting fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* Use writeToClipboard function, better wording for CC and BCC
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Signed-off-by: Marcelo Elizeche Landó <marce@melizeche.com >
Co-authored-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Dewi Roberts <dewi@goauthentik.io >
2026-02-13 11:00:31 -03:00
858a040dfb
providers/saml: send logoutResponse on sp-init logout ( #17691 )
...
* providers/saml: send logoutResponse on sp-init logout
* Use first updated to fix multiple submits
* add backchannel logoutResponse
* tests
---------
Signed-off-by: Connor Peshek <connor@connorpeshek.me >
Co-authored-by: connor peshek <connorpeshek@connors-MacBook-Pro.local >
2026-02-11 14:18:39 -06:00
7cb789e777
root: bump version to 2026.5.0-rc1 ( #20174 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
2026-02-11 01:43:16 +01:00
2f2488b326
enterprise/lifecycle: implement Object Lifecycle Management ( #20015 )
...
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Co-authored-by: Jens L. <jens@beryju.org >
Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
Co-authored-by: Dominic R <dominic@sdko.org >
Co-authored-by: Dewi Roberts <dewi@goauthentik.io >
Co-authored-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com >
2026-02-10 18:33:06 +01:00
ef74ca01a2
enterprise/providers: WSFed configurable realm, default wreply ( #19996 )
...
* enterprise/providers/wsfed: make realm configurable
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make wreply optional, fallback to configure
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* use audience instead of issuer
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix lookup
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2026-02-06 00:14:10 +01:00
68c7037eea
flows: add option for flow layout with frame background ( #19527 )
...
* flows: add option for flow layout with frame background
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* Tidy variables. Fix mobile and tablet layouts, shadows.
* Update web/src/flow/FlowExecutor.ts
Co-authored-by: Jens L. <jens@goauthentik.io >
Signed-off-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Signed-off-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com >
Co-authored-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com >
2026-02-04 17:39:01 +01:00
68f70a0953
core: ask for token duration on recovery link/email by admin ( #19875 )
...
* add translations to `ValidationError`s in user api
* deduplicate recovery buttons
* refactor `recovery_email`
* simplify request.brand call
* ask for token duration on recovery link/email by admin
* use `@validate` decorator for admin recovery
* stylize if/else
* return uniform error message on no `view_` permission
* clarify wording on email success
2026-02-03 16:48:51 +01:00
ff87929dcf
crypto: Add ED25519 and ED448 support to the certificate builder ( #19465 )
...
* Add ED25519 and ED448 support to the certificate builder.
* retain cert format for non ed certs.
2026-02-03 14:29:33 +01:00
1b9653901c
rbac: clean up roles and permissions ( #19588 )
...
* clean up roles and permissions
This was purposefully not included in `2025.12` to split the changes up.
The main content of this patch is in the migrations. Everything else
follows more or less automatically.
* add breaking change warning to release notes
* add `ak_groups` --> `groups` deprecated proxy
* fixup! add `ak_groups` --> `groups` deprecated proxy
* fixup! add `ak_groups` --> `groups` deprecated proxy
* fixup! add `ak_groups` --> `groups` deprecated proxy
* add configuration warning to default notifications blueprint
* add rudimentary tests for User.ak_groups
* remove no longer used permissions
* clarify deprecation
Co-authored-by: Jens L. <jens@goauthentik.io >
Signed-off-by: Simonyi Gergő <28359278+gergosimonyi@users.noreply.github.com >
* remove integration changes
These will be included in a separate PR once this is released.
---------
Signed-off-by: Simonyi Gergő <28359278+gergosimonyi@users.noreply.github.com >
Co-authored-by: Jens L. <jens@goauthentik.io >
2026-01-29 19:12:38 +01:00
6ca26b501b
providers/scim: modify user- and group syncing behavior ( #13947 )
...
* providers/scim: modify user- and group syncing behavior
rename filtergroup to groupfilters and allow multiple values
only sync groups which are in the scimprovider's attribute \"group_filters\"
only sync users which are entitled to view the scimprovider's application
* Update authentik/providers/scim/api/providers.py
Signed-off-by: Immanuel von Neumann <45020096+ImmanuelVonNeumann@users.noreply.github.com >
* fix(authentik/scim): update schema.yml and test name
* merge migrations
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* providers/scim: fix linting
* format
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* filter eagerly
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Immanuel von Neumann <45020096+ImmanuelVonNeumann@users.noreply.github.com >
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Jens Langhammer <jens@goauthentik.io >
2026-01-29 17:07:58 +01:00
5834f43a8b
web: display custom attributes on admin view pages ( #19720 )
...
* web: display custom attributes on admin view pages
Overview:
Add a reusable ak-object-attributes-card component that displays custom attributes on User, Group, and Device admin view pages.
This allows admins to see custom attributes directly on the overview tab without needing to open the edit form.
The component:
- Filters out system attributes (goauthentik.io/* prefixed keys)
- Optionally excludes the notes attribute
- Renders values based on type: booleans as status labels, arrays as comma-separated lists, objects as formatted JSON
Testing:
1. Navigate to Admin > Identity > Users > [any user]
2. Verify "Custom Attributes" card appears below Changelog
3. Add custom attributes via Edit form:
```
{
"department": "Engineering",
"employee_id": 12345,
"is_contractor": false,
"is_manager": true,
"skills": ["Python", "TypeScript", "Go"],
"office_location": {
"building": "HQ",
"floor": 3,
"desk": "A-42"
},
"notes": "This should NOT appear in Custom Attributes card",
"goauthentik.io/user/sources": ["should-be-filtered"]
}
```
4. Confirm they appear in the card, system attributes are hidden
5. Repeat for Groups and Devices
Screenshot:
<!-- todo -->
Motivation:
Admins frequently need to view custom attributes on users, groups, and devices. Currently this requires clicking Edit and scrolling to the attributes field.
Closes: https://github.com/goauthentik/authentik/issues/18625
* web: Ken's suggestion
2026-01-29 01:42:43 +00:00
d1fb7dde14
enterprise/providers: WS-Federation ( #19583 )
...
* init
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix metadata
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* aight
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* progress
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix timedelta
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* start testing metadata
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add some more tests and schemas
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* test signature
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* attempt to fix signed xml linebreak
https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/1258
https://github.com/robrichards/xmlseclibs/issues/28
https://github.com/xmlsec/python-xmlsec/issues/196
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* format + gen
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update web
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* more validation
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* hmm
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add e2e test
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* qol fix in wait_for_url
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add UI
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* acs -> reply url
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* sign_out
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix some XML typing
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* remove verification_kp as its not used
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix reply url
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add ws-fed to tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add logout test
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add SAMLSession
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* refactor
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* unrelated type fixes
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add backchannel logout
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* delete import_metadata in wsfed
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* include generated realm
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* Update web/src/admin/providers/wsfed/WSFederationProviderViewPage.ts
Co-authored-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com >
Signed-off-by: Jens L. <jens@beryju.org >
* include wtrealm in ui
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Signed-off-by: Jens L. <jens@beryju.org >
Co-authored-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com >
2026-01-28 17:43:16 +01:00
25820f063e
providers/oauth2: Support login_hint ( #19498 )
...
* clean up code
* simplify skipping logic
* clean up reading flag, fix user submission on identification stage
* do not auto add login_hint if user doesnt exist and pretend_user_exists is off
* rework
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* more tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* sigh
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix login_hint conformance test
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Jens Langhammer <jens@goauthentik.io >
2026-01-27 15:15:24 +01:00
33594c9cb4
admin/files: add centralized theme variable support for file URLs ( #19657 )
...
* Revert "admin/files: support %(theme)s variable in media file paths (#19108 )"
This reverts commit 1a963d27c8
2026-01-27 08:09:42 -05:00
85434710f3
root: update client-go generation ( #19762 )
2026-01-26 19:51:38 +01:00
9a806f7e49
enterprise/audit: Expanded Diff ( #19726 )
...
* add cleanup for tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make .get classmethod
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add flag to include more data
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add UI
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix flag tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2026-01-26 14:30:37 +01:00
e2cb1a8d0c
endpoints: FleetDM connector ( #18589 )
...
* enterprise/endpoints/connectors/fleet: init
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
# Conflicts:
# blueprints/schema.json
# schema.yml
* add ui
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix desc
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add configurable headers
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* Address review feedback on FleetDM connector implementation (#18651 )
* Initial plan
* Add public override modifiers to updated method
Co-authored-by: GirlBossRush <592134+GirlBossRush@users.noreply.github.com >
* Address additional feedback from PR #18589
Co-authored-by: GirlBossRush <592134+GirlBossRush@users.noreply.github.com >
* Fix indentation in ak-switch-input component
Co-authored-by: GirlBossRush <592134+GirlBossRush@users.noreply.github.com >
---------
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com >
Co-authored-by: GirlBossRush <592134+GirlBossRush@users.noreply.github.com >
* fix permission model
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add attributes to device access group
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add option to map device team
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* cleanup
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update schema
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* format
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* switch connector to grid, add icons
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix pagination
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add software tab
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix pages in test
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add more test devices
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add fedora test machine
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* better formatting for OS version
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Copilot <198982749+Copilot@users.noreply.github.com >
Co-authored-by: GirlBossRush <592134+GirlBossRush@users.noreply.github.com >
2026-01-23 21:40:28 +01:00
c67447d4db
web/admin: fix file upload not preserving extension for custom names with dots ( #19548 )
...
* web/admin: fix file upload not preserving extension for custom names with dots
Overview:
The `hasBasenameExtension()` function in `FileUploadForm.ts` incorrectly determined whether a custom filename already had an extension by checking if it contained any dot at position > 0.
This caused filenames like "e._.e" to be treated as having an extension, so the original file's extension was not appended. The file would be saved as "e._.e" instead of "e._.e.jpg", which caused `mimetypes.guess_type()` to return `None` (since ".e" is not a recognized extension) and the backend to fall back to "application/octet-stream".
Removed `hasBasenameExtension()` entirely. Since the UI explicitly states "Optionally rename the file (without extension)", we now always append the original file's extension when a custom name is provided.
Testing:
1. Upload a JPG file with custom name "e" --> saves as "e.jpg", and is detected as "image/jpeg"
2. Upload a JPG file with custom name "e._.e" --> now saves as "e._.e.jpg",and is detected as "image/jpeg"
Motivation:
Fixes incorrect MIME type detection for uploaded files when users provide custom filenames containing dots.
* web: lint
* web: Ken's suggestion
2026-01-23 00:39:10 +00:00
d60806dfc3
core: add bulk session revocation ( #18564 )
...
* feat: add bulk session revocation functionality for users
* feat: add bulk delete functionality for authenticated sessions
- Implemented BulkDeleteSessionSerializer for handling bulk session deletions.
- Added bulk_delete action to AuthenticatedSessionViewSet for revoking sessions by user IDs.
- Updated API schema to include new endpoint for bulk session deletion.
- Modified UserBulkRevokeSessionsForm to utilize the new bulk delete API.
* Update authentik/core/api/authenticated_sessions.py
Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
Signed-off-by: CodeMax IT Solutions Pvt. Ltd. <137166088+cdmx-in@users.noreply.github.com >
* Update authentik/core/api/authenticated_sessions.py
PassiveSerializer for BulkDeleteSessionSerializer
Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
Signed-off-by: CodeMax IT Solutions Pvt. Ltd. <137166088+cdmx-in@users.noreply.github.com >
* Update authentik/core/api/authenticated_sessions.py
user_pks instead of user_ids
Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
Signed-off-by: CodeMax IT Solutions Pvt. Ltd. <137166088+cdmx-in@users.noreply.github.com >
* feat: enhance bulk delete functionality for authenticated sessions
* feat: update bulk delete endpoint for authenticated sessions to use DELETE method and query parameters
* Update authentik/core/api/authenticated_sessions.py
Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
Signed-off-by: CodeMax IT Solutions Pvt. Ltd. <137166088+cdmx-in@users.noreply.github.com >
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Prettier
---------
Signed-off-by: CodeMax IT Solutions Pvt. Ltd. <137166088+cdmx-in@users.noreply.github.com >
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
Co-authored-by: Dewi Roberts <dewi@goauthentik.io >
2026-01-22 17:17:04 +00:00
288f6f50f6
core: bump bandit from 1.9.2 to 1.9.3 ( #19566 )
...
* core: bump bandit from 1.9.2 to 1.9.3
Bumps [bandit](https://github.com/PyCQA/bandit ) from 1.9.2 to 1.9.3.
- [Release notes](https://github.com/PyCQA/bandit/releases )
- [Commits](https://github.com/PyCQA/bandit/compare/1.9.2...1.9.3 )
---
updated-dependencies:
- dependency-name: bandit
dependency-version: 1.9.3
dependency-type: direct:development
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
* update config, fix warnings
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: dependabot[bot] <support@github.com >
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io >
2026-01-20 01:45:45 +01:00
3e9b59cc13
endpoints: show agent version ( #19239 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2026-01-08 20:01:10 +01:00
39f6f72e96
stages/authenticator_static: set max token length to 100 chars ( #19162 )
...
* stages/authenticator_static: add max length validation for token_length field
* wip
* wip
2026-01-07 22:50:10 +00:00
85759d5fd2
endpoints: include license status in agent config ( #19227 )
...
* web/admin: consistent OS display
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* include license status with agent config
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* slightly rework
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2026-01-07 17:23:13 +01:00
c3cf94550f
core: add last_login filter to users API ( #18993 )
2026-01-06 04:02:02 +00:00
4ac01724a5
rbac: Add show all to roles tab, add role tab to groups ( #19097 )
...
* improve sort order and inherit visual
* Update web/src/admin/groups/GroupViewPage.ts
Co-authored-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com >
Signed-off-by: Connor Peshek <connor@connorpeshek.me >
* Update web/src/admin/users/UserViewPage.ts
Co-authored-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com >
Signed-off-by: Connor Peshek <connor@connorpeshek.me >
* Update web/src/admin/roles/RelatedRoleList.ts
Co-authored-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com >
Signed-off-by: Connor Peshek <connor@connorpeshek.me >
* Update web/src/admin/roles/RelatedRoleList.ts
Co-authored-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com >
Signed-off-by: Connor Peshek <connor@connorpeshek.me >
* Update web/src/admin/roles/RelatedRoleList.ts
Co-authored-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com >
Signed-off-by: Connor Peshek <connor@connorpeshek.me >
* Update web/src/admin/roles/RelatedRoleList.ts
Co-authored-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com >
Signed-off-by: Connor Peshek <connor@connorpeshek.me >
* setup include inherited roles and fix returning nothing
* update api calls
* fix rendering error
* do not use set
* change from exception handling
* go off query param
* fix wording
* fix linting error for new group api structure
---------
Signed-off-by: Connor Peshek <connor@connorpeshek.me >
Co-authored-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com >
2026-01-05 23:14:44 +00:00
fcc0438961
web/admin: prevent file upload attempt when backend not managed ( #18646 )
...
* web/admin: prevent file upload attempt when backend not managed
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* wip
* fixup
* rework
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* format
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add check for reports
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix delete table for data exports missing details
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Dominic R <dominic@sdko.org >
2025-12-23 13:41:27 +01:00
7fa28c60c7
enterprise/reports: improve export list, confirmation ( #18981 )
...
* enterprise/reports: use verbose name for model label
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add confirmation for export
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* remove duplicated api
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix duplicate
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix search query not updated
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* exclude page & page size
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* improve query display
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix user display
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* exclude unset params
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* Apply suggestions from code review
Co-authored-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com >
Signed-off-by: Jens L. <jens@beryju.org >
* more code style
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* format
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix types
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Signed-off-by: Jens L. <jens@beryju.org >
Co-authored-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com >
2025-12-22 20:35:18 +01:00
59460ac840
flows/executor: fix KeyError when session has no existing plan ( #18951 )
2025-12-19 00:21:32 +00:00
603820854b
stages/authenticator_*: fix code input field not string ( #18875 )
...
* stages/authenticator_*: fix code input field not string
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* Update authentik/stages/authenticator_totp/stage.py
Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
Signed-off-by: Jens L. <jens@beryju.org >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Signed-off-by: Jens L. <jens@beryju.org >
Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
2025-12-16 19:10:48 +01:00
c557b55e0e
crypto: Store details parsed from includeDetails in database instead ( #18013 )
...
* crypto: Store details parsed from includeDetails in database instead
* fix signal for tests
* Update authentik/crypto/signals.py
Co-authored-by: Jens L. <jens@goauthentik.io >
Signed-off-by: Connor Peshek <connor@connorpeshek.me >
* Update authentik/crypto/apps.py
Co-authored-by: Jens L. <jens@goauthentik.io >
Signed-off-by: Connor Peshek <connor@connorpeshek.me >
* Update authentik/crypto/signals.py
Co-authored-by: Jens L. <jens@goauthentik.io >
Signed-off-by: Connor Peshek <connor@connorpeshek.me >
* Add feedback
* cleanup
* update
* cleanup
* simplify serializer
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* Update KID for when updating certificates
* lint
---------
Signed-off-by: Connor Peshek <connor@connorpeshek.me >
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: connor peshek <connorpeshek@connors-MacBook-Pro.local >
Co-authored-by: Jens L. <jens@goauthentik.io >
2025-12-15 13:50:16 -06:00
fbe8028b08
root: bump version to 2026.2.0-rc1 ( #18794 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
2025-12-12 20:59:47 +00:00
15b93a5e9d
stages/identification: Add WebAuthn conditional UI (passkey autofill) support ( #18377 )
...
* add passkey_login to identification stage
* handle passkey auth in identification stage
* Add passkey settings in identification stage in the admin UI
* Add UI changes for basic passkey conditional login
* Fix linting
* rework
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update tests
* update admin form
* allow passing stage to validate_challenge_webauthn
* update flows/tests/test_inspector.py
* update for new field
* Fix linting
* update go solvers for identification challenge
* Refactor tests
* Skip mfa validation if user already authenticated via passkey at identification stage
* Add skip_if_passkey_authenticated option to authenticator validate stage and UI
* Add e2e test for passkey login conditional ui
* add policy
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* Remove skip_if_passkey_authenticated
* fix blueprint
* Set backend so password stage policy knows user is already authenticated
* Set backend so password stage policy knows user is already authenticated
* fix linting
* slight tweaks
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* simplify e2e test
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Signed-off-by: Marcelo Elizeche Landó <marcelo@goauthentik.io >
Co-authored-by: Jens Langhammer <jens@goauthentik.io >
2025-12-11 11:49:05 -03:00
196bce348f
api: allow configuring default page_size and max_page_size ( #18165 )
...
Co-authored-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
2025-12-11 14:45:50 +00:00
572d965084
sources/telegram: implement connecting existing user to a Telegram account ( #18517 )
2025-12-10 18:20:40 +01:00
92c5efbac1
sources/sync: configuration for outgoing sync trigger mode ( #17669 )
...
* sources/sync: configuration for outgoing sync trigger mode
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* api and frontend
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* update migrations
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Wrap `msg` calls in function to fix translation. Update props to accept
callbacks.
---------
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
Co-authored-by: Teffen Ellis <teffen@goauthentik.io >
2025-12-10 12:40:32 -03:00
efdc11e413
web/admin: Add SAML metadata form to wizard ( #17690 )
...
Co-authored-by: connor peshek <connorpeshek@connors-MacBook-Pro.local >
2025-12-10 13:58:13 +01:00
cd09bff247
sources/oauth: add WeChat type ( #18086 )
...
* Add wechat.
* Refactor comments and formatting in wechat.py
Signed-off-by: Anduin Xue <anduin@aiursoft.com >
* Fix lint.
Signed-off-by: Anduin Xue <anduin@aiursoft.com >
* Fix lint.
* fix: Rename `WeChat` enum member to `Wechat` for consistency
* docs: Add WeChat social login integration guide.
* Docs updates
* Revise WeChat integration instructions
Updated instructions for creating a WeChat Website Application and added details about scopes and user attribute mappings.
Signed-off-by: Anduin Xue <anduin@aiursoft.com >
* Prettier
* Update wechat.py
Signed-off-by: Anduin Xue <anduin@aiursoft.com >
---------
Signed-off-by: Anduin Xue <anduin@aiursoft.com >
Co-authored-by: dewi-tik <dewi@goauthentik.io >
Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
2025-12-10 12:48:12 +00:00
379a9d09f1
endpoints: fix device access group missing from blueprint ( #18703 )
...
* endpoints: fix device access group missing from blueprint
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* also fix flow_set not being read_only
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix general blueprint schema issue of incorrect related PK fields having the wrong type some places
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix web format
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2025-12-09 19:46:49 +01:00
7e9e0a87f7
enterprise/reports: add users and events export ( #18088 )
...
* enterprise: add users and events export (reports app)
* enterprise/reports: replace assert with AsertionError so that the assumption check is not lost when compiling to optimised byte code
* enterprise/reports: use ConditionalInheritance with ExportMixin to make reduce coupling of enterprise with the rest of authentik
* enterprise/reports: use custom iterative File to save data export instead of accessing default_storage directly, so all the FileField.save logic can run correctly (e.g. creating directories)
* enterprise/reports: change app label to simply "authentik_reports"
* wip
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* update for new file api
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Apply suggestions from code review
Signed-off-by: Dominic R <dominic@sdko.org >
* wip
* sources/oauth: save returned oauth refresh tokens and add slack provider (#18501 )
* sources/oauth: save returned oauth refresh tokens
* Update authentik/sources/oauth/models.py
Co-authored-by: Jens L. <jens@goauthentik.io >
Signed-off-by: Connor Peshek <connor@connorpeshek.me >
* lint
* add tests
* fix proper id setting
* update id test
---------
Signed-off-by: Connor Peshek <connor@connorpeshek.me >
Co-authored-by: connor peshek <connorpeshek@unknown1641287c8f5d.attlocal.net >
Co-authored-by: Jens L. <jens@goauthentik.io >
Co-authored-by: connor peshek <connorpeshek@connors-MacBook-Pro.local >
* core: custom avatar url improvements (#10525 )
Co-authored-by: Dominic R <dominic@sdko.org >
* website/integrations: add salesforce (#18516 )
Co-authored-by: connor peshek <connorpeshek@connors-MacBook-Pro.local >
Co-authored-by: dewi-tik <dewi@goauthentik.io >
Co-authored-by: Dominic R <dominic@sdko.org >
* endpoints: implement endpoint stage (#18468 )
* endpoints: implement endpoint stage
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* format
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix mismatched label
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix url in mdm config
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* rephrase
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* and API & UI
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add deprecated support and deprecate gdtc
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add stage mode
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fixup
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* rework stage slightly, add frontend
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* include jwks, add iat and exp
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* set kid
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* include device details in event list
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* format
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* implement device summary
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add remaining tables
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* revert sanitize
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix uuid format issues
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* web/flows: update default background image (#18540 )
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* website/integrations: add hoop.dev (#17868 )
Co-authored-by: iops <iops@syneforge.com >
Co-authored-by: Dominic R <dominic@sdko.org >
* website: Docusaurus 3.9.2 (#18506 )
* endpoints/stage: v2, better error handling, more settings (#18545 )
* add options, idle fallback
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* delete other device tokens during enroll
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* better error handling
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* website: Glossary (#16007 )
* website: Glossary
fix minor issues
wip
Apply suggestion from @dominic-r
Signed-off-by: Dominic R <dominic@sdko.org >
anchor to param
wip
wip
at least the lockfile changes now
sure
a-z first as tana asked
idk why i switched in the first place
wip
wip
lock
lockfiles are hard
wip
please work
no have?
Revert "no have?"
This reverts commit 743dbc1bc2900eedcc2c93af248e6afdec3688a3.
* changed to sentence-case capitalization
---------
Co-authored-by: Tana M Berry <tana@goauthentik.io >
* web/i18n: Locale Context Merge Branch (#18426 )
* web: Update fonts to Patternfly 5 variants.
* Fix order of heading override.
* web: Flesh out locale context.
* Fix Han pattern.
* Remove comment.
* Add additional regional codes.
* Clarify comment.
* Fix typos.
* web/i18n: Add locale-specific font overrides.
* Fix stale session in locale lifecycle.
* core, web: Fix Han language codes.
* Fix warnings about invalid BCP language code.
* Build translations.
* Add locale relative labels.
* Add locale translations for Finnish and Portuguese.
* Fix XLIFF errors.
* Clean up labels.
* Tidy regions.
* Match region comment.
* Update extracted values.
* Fix locale switch not triggering on source language.
* Split labels.
* Clean up labels.
* providers/scim: cache ServiceProviderConfig (#18047 )
* Update authentik/enterprise/reports/api/reports.py
Co-authored-by: Jens L. <jens@beryju.org >
Signed-off-by: Alexander Tereshkin <96586+atereshkin@users.noreply.github.com >
* enterprise/reports: got rid of unnecessary method-level import
* enterprise/reports: celan up code duplication in data export generation (invoke viewset.filter_queryset directly instead of replicating it)
* enterprise/reports: add check for app label when switching on content types
* enterprise/reports: make hyperlink field on Notification larger so it can fit the security token in the export file URL
* enterprise/reports: add is_superuser back in users export
* enterprise/reports: split tests into multiple files
* Apply suggestions from code review
Signed-off-by: Dewi Roberts <dewi@goauthentik.io >
* Fixed prettier issue
* Update web/src/admin/events/DataExportListPage.ts
Co-authored-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com >
Signed-off-by: Alexander Tereshkin <96586+atereshkin@users.noreply.github.com >
* Update web/src/admin/events/DataExportListPage.ts
Co-authored-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com >
Signed-off-by: Alexander Tereshkin <96586+atereshkin@users.noreply.github.com >
* Update web/src/admin/events/EventListPage.ts
Co-authored-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com >
Signed-off-by: Alexander Tereshkin <96586+atereshkin@users.noreply.github.com >
* Update web/src/admin/reports/ExportButton.ts
Co-authored-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com >
Signed-off-by: Alexander Tereshkin <96586+atereshkin@users.noreply.github.com >
* Update web/src/admin/reports/ExportButton.ts
Co-authored-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com >
Signed-off-by: Alexander Tereshkin <96586+atereshkin@users.noreply.github.com >
* Update web/src/admin/users/UserListPage.ts
Co-authored-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com >
Signed-off-by: Alexander Tereshkin <96586+atereshkin@users.noreply.github.com >
* Update web/src/elements/notifications/NotificationDrawer.ts
Co-authored-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com >
Signed-off-by: Alexander Tereshkin <96586+atereshkin@users.noreply.github.com >
* Update web/src/elements/sidebar/SidebarItem.css
Co-authored-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com >
Signed-off-by: Alexander Tereshkin <96586+atereshkin@users.noreply.github.com >
* enterprise/reports: resolve code review merge errors
* enterprise/reports: remove the export button from the dom flow (by settings display:none) when there's no license
* enterprise/reports: improve docs
* include notification link in email
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* format
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* enterprise/reports: remove assignment assertion in ExportButton.ts
* cleanup tests after perm update
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
Signed-off-by: Dominic R <dominic@sdko.org >
Signed-off-by: Connor Peshek <connor@connorpeshek.me >
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Signed-off-by: Alexander Tereshkin <96586+atereshkin@users.noreply.github.com >
Signed-off-by: Dewi Roberts <dewi@goauthentik.io >
Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
Co-authored-by: Dominic R <dominic@sdko.org >
Co-authored-by: Connor Peshek <connor@connorpeshek.me >
Co-authored-by: connor peshek <connorpeshek@unknown1641287c8f5d.attlocal.net >
Co-authored-by: Jens L. <jens@goauthentik.io >
Co-authored-by: connor peshek <connorpeshek@connors-MacBook-Pro.local >
Co-authored-by: Konrad Mösch <konrad@moesch.org >
Co-authored-by: dewi-tik <dewi@goauthentik.io >
Co-authored-by: shcherbak <ju.shcherbak@gmail.com >
Co-authored-by: iops <iops@syneforge.com >
Co-authored-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com >
Co-authored-by: Tana M Berry <tana@goauthentik.io >
Co-authored-by: Jens L. <jens@beryju.org >
2025-12-09 09:35:41 -05:00
f7e23295ed
core: add digraph group hierarchy ( #17050 )
...
* move imports
* core: add digraph group hierarchy
* move to permissions from Group or User to Role
* set group parents on frontend
* do not serialize `GroupParentageNode` directly
* core: enforce unique group name on database level
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* use group parents in LDAP provider
* add user-role relationship control to frontend
* move materialized view to be more discoverable
* add guardian to mypy exceptions
* make `Role` a `ManagedModel`
* fixup! make `Role` a `ManagedModel`
* simplify `get_objects_for_user`
* fix flaky unit test
* rename `django-guardian` fork to `ak-guardian`
* add tests around users/groups/roles
* remove unused guardian config variable
* simplify guardian file structure
* clean up frontend
* initial docs
* remove `mode` from `InitialPermissions`
This is no longer needed, since users no longer directly have permissions.
* fixup! Merge branch 'main' into core/add-digraph-group-hierarchy
* clean up docs for managing permissions
* addendums from docs review
* fixup! Merge branch 'main' into core/add-digraph-group-hierarchy
* tweaks
* dewi and tana edits to docs
* tweak
* truly final tweaks, for now
* relabel Role Permissions table
* clarify button label
* fixup! Merge branch 'main' into core/add-digraph-group-hierarchy
* fixup! Merge branch 'main' into core/add-digraph-group-hierarchy
* merge migrations
* fixup! Merge branch 'main' into core/add-digraph-group-hierarchy
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Tana M Berry <tana@goauthentik.io >
2025-12-08 12:04:04 +01:00
475ab76a5e
endpoints: fix UI bugs, add user binding, etc ( #18609 )
...
* fix serializer for device user binding
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix missing import
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* don't expire enrollment tokens by default
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* slightly better config modal error handling
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add ability to bind to device
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add text when authenticating to device
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* prevent error when no authz flow is set
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add device to token log
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* address comments
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* rework config
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix expiring default
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* don't require page refresh for enrollment token to show up
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make config
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2025-12-08 01:13:29 +01:00
31186baf25
flows: refresh unauthenticated tabs ( #18621 )
...
* flows: implement signaling
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add flag
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* better flag configuration
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* format
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* Update web/src/flow/FlowExecutor.ts
Co-authored-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com >
Signed-off-by: Jens L. <jens@beryju.org >
* format
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Signed-off-by: Jens L. <jens@beryju.org >
Co-authored-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com >
2025-12-05 16:03:16 +01:00
c1cfeaf4b5
providers/scim: cache ServiceProviderConfig ( #18047 )
2025-12-03 08:07:00 -05:00
d0ef8a8b8e
endpoints/stage: v2, better error handling, more settings ( #18545 )
...
* add options, idle fallback
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* delete other device tokens during enroll
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* better error handling
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2025-12-02 22:25:47 +01:00
5ccd66ddca
endpoints: implement endpoint stage ( #18468 )
...
* endpoints: implement endpoint stage
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* format
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix mismatched label
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix url in mdm config
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* rephrase
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* and API & UI
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add deprecated support and deprecate gdtc
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add stage mode
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fixup
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* rework stage slightly, add frontend
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* include jwks, add iat and exp
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* set kid
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* include device details in event list
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* format
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* implement device summary
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add remaining tables
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* revert sanitize
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix uuid format issues
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2025-12-02 19:19:14 +01:00
45ee4af451
sources/oauth: save returned oauth refresh tokens and add slack provider ( #18501 )
...
* sources/oauth: save returned oauth refresh tokens
* Update authentik/sources/oauth/models.py
Co-authored-by: Jens L. <jens@goauthentik.io >
Signed-off-by: Connor Peshek <connor@connorpeshek.me >
* lint
* add tests
* fix proper id setting
* update id test
---------
Signed-off-by: Connor Peshek <connor@connorpeshek.me >
Co-authored-by: connor peshek <connorpeshek@unknown1641287c8f5d.attlocal.net >
Co-authored-by: Jens L. <jens@goauthentik.io >
Co-authored-by: connor peshek <connorpeshek@connors-MacBook-Pro.local >
2025-12-02 11:49:40 -06:00
Jens L.
Alexander Tereshkin
dependabot[bot]
Marcelo Elizeche Landó
Connor Peshek
authentik-automation[bot]
Simonyi Gergő
Immanuel von Neumann
Dominic R
Marc 'risson' Schmitt
CodeMax IT Solutions Pvt. Ltd.
Nuno Alves
Anduin Xue