c30d1a478d
files: rework ( #17535 )
...
Co-authored-by: Dominic R <dominic@sdko.org >
Co-authored-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Tana M Berry <tana@goauthentik.io >
2025-12-02 18:01:51 +01:00
874a20b908
enterprise: Apple Platform SSO ( #15318 )
...
* init
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* snap
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* format
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* it works
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* give session
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix session
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* better endpoint
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add api
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* attempt endpoint
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* refactor into endpoints system
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* start reworking
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make it work more
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* re-add user data
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add jwks
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add rest of the endpoints
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix test
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix lookup
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix device group selection
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix incorrect device id
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix register
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* implement the thing
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix a bunch of things
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix issuer
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix fully
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* format
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add test for apple JWE
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add more tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add token tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make auth session duration configurable, merge migrations
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update api & ui
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix enterprise
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* include platform sso in generated mdm config
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2025-12-01 00:28:09 +01:00
f1a1f327cd
endpoints: rework perms ( #18422 )
...
* fix api being incorrect
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* more lenient facts
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix authz flow not returning slug
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* different auth header for multi-auth
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2025-11-28 17:26:11 +01:00
59da20e81c
endpoints: include device ID in agent config ( #18414 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2025-11-27 19:23:56 +01:00
1fb71371cb
endpoints: AuthN and AuthZ ( #18350 )
...
* start agent auth
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* also check windows system disk (hardcode C: for now)
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add process table
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* include jwks
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* nonce
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* snap
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* missing exp and username (temp values)
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix missing meta
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* rework auth and migrations
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* include system config in agent config
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix a bunch of broken stuff
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update ui
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* format
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add device to login event
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add ssh
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* start adding tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* policies
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* remove domain name
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix leftover
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add device to flow context
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* dont allow access without policies
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* some ui changes
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* re-invent the wheel again
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* start updating tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* t
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* Revert "t"
This reverts commit b74db5f5d4b2524c00b2c7cdf4c018jens@goauthentik.io >
* fix ui
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* re-migrate
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix web build
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* f
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add device users and device groups
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* expand users
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2025-11-27 19:05:57 +01:00
9621082f06
*: convert slugfields to textfields ( #17411 )
...
* *: convert slugfields to textfields
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* update migrations
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
---------
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
2025-11-25 17:56:36 +00:00
b8dee0c0c3
web/sources: Add promoted source ( #18334 )
...
* web/sources: Add promoted source
* fix some css
* fix test
2025-11-25 10:54:07 -05:00
c18f6d2f21
root: regen schema ( #18327 )
2025-11-24 14:31:41 +01:00
e9c2e10828
endpoints: initial data structure + agent ( #11499 )
...
* endpoints: initial data structure
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* some moving
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* more stuff
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* rework models a bit
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* small QOL
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix API
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* more structure, early UI
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* start agent connector
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix IDs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix schema
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* init fleet
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* t
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add more pages
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* more
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* more
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* stage
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* start challenge
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* t
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* I had an idea
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* more stuf
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* more frontend plumbing
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* keep original gdtc for now
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* move agent to non enterprise
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* small stuff
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add last_update
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* rework common facts
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add processes
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add last_update
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* very basic UI
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* rework
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add path
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* capacity in int64
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add support for multiple versions of data
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* expiring snapshots
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update API
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* better structure and query and fleet
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix more
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add more metrics
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* more UI
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* more device data
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* format
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* correct task schedule
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* ignore device snapshot
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix more things, agent connector form
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* connector edit
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix some api stuff
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix build
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add preview banner
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add percentage
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* start agent view page
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add enrollment token api
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* start agent connector view page
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* more UI
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* small fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* ephemeral devices
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* less hardcoded
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add refresh interval
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix fleet os family, os family label
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix some things
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* start writing tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* rework auth to be more rest-framework like
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* move enterprise parts to enterprise
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* remove chrome from this PR
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* remove fleet from this PR
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* optimise API to use cached facts on list
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* rename some things
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* use hostname
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* re-migrate
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* cleanup unused things
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* remove stage for now
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* format
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* save connector related to user binding of device
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* device attributes
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add device group selector
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix expandable
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix missing device group obj
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* purge through cache if we get a snapshot from a new connection
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* dont log devicetoken
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make device deletable
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* handle no facts
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add device form
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix device group not assigned
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add tests for facts merging
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix lint
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* start setup, generate mdm config
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* connector -> controller to avoid duplicate names
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* format
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add full how to
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* format
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* enable search
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* more things
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add support on type create page for above form text
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix enrollment token expiry (list and form)
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add token copy
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* annotate mdm config correctly
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix config download
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* decent design
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* remove placeholders
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* pre-add fields for apple platform sso
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2025-11-20 22:31:30 +01:00
0b01f45b07
crypto: update certificate api and component ( #17921 )
...
* Update crypto api and front-end component
---------
Co-authored-by: connor peshek <connorpeshek@connors-MacBook-Pro.local >
2025-11-04 14:44:57 -06:00
e593933bca
lib/sync/outgoing: store sync settings in database ( #17630 )
2025-10-22 17:15:37 +02:00
db213a8944
root: bump version to 2025.12.0-rc1 ( #17603 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
2025-10-21 01:10:16 +02:00
2484f28bb6
sources/oauth: configurable PKCE mode ( #17487 )
...
* sources/oauth: configurable PKCE mode
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* common function for pkce s256
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2025-10-16 13:32:03 +02:00
619fdb506f
stages/prompt: add ability to set separate labels and values for choices ( #16693 )
...
* Choices can have value and label
Value and label are set turned to a string.
This will make choices into a Array<{ [key: string]: any; }> | null which at some point it should be a defined interface.
* Auto Updated schema.yml
* Used label and value in choice
Label and Value are used for Dropdown and RadioButtonGroup. Strings are still accepted.
* docs: Updated stages/prompt documentation
* Updated docs for initial-value
Also fixed wrong choice example in previous docs changes
* Check if choice is dict
Choice can of course be anything, we shouldn't assume it's string or dict
* Check if choice is dict for initial value
Same as before, choice can be anything. We check if it's explicitely a dict
* Added tests for dict choices
* ran make lint-fix
* Apply typo fix from code review
Co-authored-by: macmoritz <49832924+macmoritz@users.noreply.github.com >
Signed-off-by: Erik Ahlund <erik@ahlund.me >
* stages/prompt: add PromptChoiceSerializer
choices are now a list of PromptChoiceSerializer instead of a generic DictField.
The PromptChallenge also forces the use of value/label object.
* web: use PromptChoice object
The front end can now safely use choices as an array of PromptChoice instead of it being either a string or an object.
* slight revise
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* small ui
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* Apply suggestion from @dominic-r
Signed-off-by: Dominic R <dominic@sdko.org >
* Apply suggestion from @dominic-r
Signed-off-by: Dominic R <dominic@sdko.org >
* Apply suggestion from @dominic-r
Signed-off-by: Dominic R <dominic@sdko.org >
---------
Signed-off-by: Erik Ahlund <erik@ahlund.me >
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Signed-off-by: Dominic R <dominic@sdko.org >
Co-authored-by: macmoritz <49832924+macmoritz@users.noreply.github.com >
Co-authored-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Dominic R <dominic@sdko.org >
2025-10-15 16:30:27 +02:00
23357f45e9
*: remove Redis leftovers ( #17146 )
...
* *: remove Redis leftovers
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* more removal
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix leftover
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* more removal
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix broken anchor
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* re-add redis for previous version migrations
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Jens Langhammer <jens@goauthentik.io >
2025-10-11 01:46:53 +02:00
7dbdb4c613
tasks: store messages in separate table ( #17359 )
2025-10-10 14:35:13 +00:00
48797c6d35
providers/saml: add frontchannel idp slo, backchannel post idp slo ( #15863 )
...
* providers/saml: add frontchannel idp slo, backchannel post idp slo
* move signal to user_logout stage
* split logic for injection of stages into proper providers signals
* cleanup data structures
* scope stages
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* uuid pk
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* cleanup schema
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* format
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* format, again
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* Update tasks.py
* Update pyproject.toml
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: connor peshek <connorpeshek@connors-MacBook-Pro.local >
Co-authored-by: Jens Langhammer <jens@goauthentik.io >
2025-10-10 12:01:39 +00:00
bbf77002d5
api: Clean schema up more ( #17055 )
...
* api: better filtering
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* revamp prompt
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add common query param to dedupe
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* simplify paginated results
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* simplify error responses
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* keep error schemas
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* better structure
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* format
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* ok simplifying too far
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix web
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* remove unused optimization
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* re-gen
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2025-10-08 22:35:10 +02:00
a4a6c1fe3b
tasks: show number of retries and planned execution time ( #17295 )
...
Co-authored-by: Jens L. <jens@goauthentik.io >
2025-10-08 16:45:18 +02:00
e3ae6eea00
tasks: add task status summary ( #17302 )
2025-10-07 18:20:31 +02:00
907ccd63a0
tasks: add preprocess, running and postprocess statuses ( #17297 )
2025-10-07 14:19:03 +00:00
eeb5cb08cd
sources: add Telegram source ( #15749 )
...
* sources: add Telegram source (#2232 )
* sources/telegram: put telegram user info into policy context (#2232 )
* sources/telegram: replace regular input for bot token with a "secret" one (#2232 )
* sources/telegram: fix typo on Telegram source form
* sources/telegram: added UserSourceConnection/GroupSourceConnection and SourceFlowManager subclasses for Telegram source
* sources/telegram: improved code layout
* sources/telegram: collapsed migrations
* sources/telegram: fix lint errors
* sources/telegram: fixed lint errors in docs
* sources/telegram: fix app config
* Update website/docs/users-sources/sources/social-logins/telegram/index.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Alexander Tereshkin <96586+atereshkin@users.noreply.github.com >
* Update website/docs/users-sources/sources/social-logins/telegram/index.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Alexander Tereshkin <96586+atereshkin@users.noreply.github.com >
* Update website/docs/users-sources/sources/social-logins/telegram/index.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Alexander Tereshkin <96586+atereshkin@users.noreply.github.com >
* Update website/docs/users-sources/sources/social-logins/telegram/index.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Alexander Tereshkin <96586+atereshkin@users.noreply.github.com >
* Update website/docs/users-sources/sources/social-logins/telegram/index.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Alexander Tereshkin <96586+atereshkin@users.noreply.github.com >
* Update website/docs/users-sources/sources/social-logins/telegram/index.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Alexander Tereshkin <96586+atereshkin@users.noreply.github.com >
* Update website/docs/users-sources/sources/social-logins/telegram/index.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Alexander Tereshkin <96586+atereshkin@users.noreply.github.com >
* Update website/docs/users-sources/sources/social-logins/telegram/index.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Alexander Tereshkin <96586+atereshkin@users.noreply.github.com >
* Update website/docs/users-sources/sources/social-logins/telegram/index.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Alexander Tereshkin <96586+atereshkin@users.noreply.github.com >
* Update website/docs/users-sources/sources/social-logins/telegram/index.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Alexander Tereshkin <96586+atereshkin@users.noreply.github.com >
* Update website/docs/users-sources/sources/social-logins/telegram/index.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Alexander Tereshkin <96586+atereshkin@users.noreply.github.com >
* Update website/docs/users-sources/sources/social-logins/telegram/index.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Alexander Tereshkin <96586+atereshkin@users.noreply.github.com >
* Update website/docs/users-sources/sources/social-logins/telegram/index.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Alexander Tereshkin <96586+atereshkin@users.noreply.github.com >
* Update website/docs/users-sources/sources/social-logins/telegram/index.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Alexander Tereshkin <96586+atereshkin@users.noreply.github.com >
* sources/telegram: add user source settings UI so that the users can disconnect Telegram source from their account
* sources/telegram: clean up code per @risson's suggestions
* sources/telegram: improve docs based on @tanberry's suggestions
* sources/telegram: fix minor docs formatting issue
* sources/teleram: add tests for views
* sources/telegram: update serielizer field types references to be in line with convention
* sources/telegram: add missing type annotations
* sources/telegram: add check for source.enabled in the redirect view
* sources/telegram: add pre-authentication flow to telegram source
* sources: add Telegram source (#2232 )
* sources/telegram: added UserSourceConnection/GroupSourceConnection and SourceFlowManager subclasses for Telegram source
* sources/telegram: collapsed migrations
* sources/telegram: fix lint errors
* sources/telegram: clean up code per @risson's suggestions
* sources/teregram: fix merge errors
* sources/telegram: improve docs wording
* Standardized documentation
* sources/telegram: added telegram source package to the list of ignored modules for mypy
* sources/telegram: fix TS lint errors
* sources/telegram: improve test coverage
* web: bump @types/node from 22.15.19 to 24.5.2 in /web (#16989 )
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node ) from 22.15.19 to 24.5.2.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases )
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node )
---
updated-dependencies:
- dependency-name: "@types/node"
dependency-version: 24.5.2
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---------
Signed-off-by: Alexander Tereshkin <96586+atereshkin@users.noreply.github.com >
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Co-authored-by: dewi-tik <dewi@goauthentik.io >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-10-01 17:03:38 +02:00
0b667c8019
core: Add input validation for service account creation ( #16964 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2025-09-30 14:07:41 +02:00
1028c962c7
providers/oauth2: only issue new refresh token if old one is about to expire ( #16905 )
...
* providers/oauth2: only issue new refresh token if old one is about to expire
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make configurable
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* tests and fixes
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* sigh
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2025-09-27 00:18:14 +02:00
87a28d63ed
sources/saml: add location selection for Signature node ( #15626 )
...
* sources/saml: add location selection for Signature node
---------
Signed-off-by: Connor Peshek <connor@connorpeshek.me >
Co-authored-by: connor <connor@connors-MacBook-Pro.local >
Co-authored-by: Dominic R <dominic@sdko.org >
Co-authored-by: connor peshek <connorpeshek@connors-MacBook-Pro.local >
Co-authored-by: Katsushi Kobayashi < ikob@acm.org >
2025-09-26 11:07:51 -05:00
4ec785a598
core/api: Better naming for partial user/group serializer, optimise bindings ( #17022 )
...
* core: add index on Group.is_superuser (#17011 )
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update go code
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* also optimise bindings
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* typo
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* remove unused
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
2025-09-26 14:43:39 +02:00
53308295a2
providers/scim: add salesforce support ( #16976 )
...
* providers/scim: add salesforce support
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix lint
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2025-09-25 14:36:23 +02:00
1f81d234cb
enterprise/providers/radius: add EAP-TLS support ( #15702 )
...
* implement with library (backend)
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add outpost
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* format
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add basic docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add enterprise notice to certificate
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* clearer enterprise stuff
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* idk
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2025-09-23 23:54:09 +02:00
2e56082066
enterprise/providers/scim: Add SCIM OAuth support ( #16903 )
...
* sources/oauth: add expires field to user source connection
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* providers/scim: add support for other auth methods
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* rest of the owl
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* allow specifying any params
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add UI
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* delete user when token
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add tests and fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* sigh
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* gen
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* better API validation
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix sentry
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* one more test and fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2025-09-23 17:52:02 +02:00
1636707dcd
blueprints: exclude exporting UserConsent ( #16640 )
...
The blueprint exporter would error when attempting to export a blueprint containing UserConsent. UserConsent no longer exports when exporting a blueprint
2025-09-19 11:15:45 -05:00
2363c0d09f
api: optimise schemas' common query parameters ( #16884 )
...
* api: optimise schemas' common query parameters
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix location?
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* format
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2025-09-19 13:51:07 +02:00
d94f743124
stages: update friendly_name model from null to blank ( #16672 )
...
authentik/stages: update friendly_name model from null to blank
2025-09-16 12:06:42 -05:00
3a978dc348
core: fix description on remove_user_from_group ( #16694 )
...
Fix description on authentik_core.remove_user_from_group and regenerated schema
2025-09-10 12:35:56 -05:00
1e0b7e461d
core: Mark impersonation reason field as required in UI and fix status codes ( #16065 )
2025-09-03 15:54:33 +02:00
180cec9d61
core: fix client-side only validation allowing admin to set blank user password ( #16467 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2025-08-29 13:07:41 +00:00
17ff12f68f
core: Add email template selector ( #16170 )
...
* Unify all email templates under stages.email.models.EmailTemplates
* Add template selector to Email Authenticator Stage
* fix tests
* Add email_template field to events.notificationtransport
* update schemas
* Make email_template default as None, add UI to notif transports
* Add showEmail and fix default selection in TransportForm
* fix required field for emailtemplate and webhookurl in TransportForm
* use switch because typescript is whinning
* Add email_subject_prefix to NotificationTransport
* Add tests, update migration
* remove duplicate API
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* rename template name
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* move send_once up
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* better defaults
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* no null
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update test for email templates endpoint
* fix test url
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Jens Langhammer <jens@goauthentik.io >
2025-08-15 11:44:18 +01:00
130fe4cac7
root: bump version to 2025.10.0-rc1 ( #16149 )
...
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
2025-08-12 21:17:14 +00:00
e36529614f
website/docs: Fixed documentation issue for core_users_recovery_email_create ( #16140 )
...
Co-authored-by: Luca Dametto <>
2025-08-12 21:20:14 +02:00
a4c7e7ba2e
root: bump version to 2025.8.0-rc1 ( #16135 )
2025-08-12 15:24:23 +00:00
34bab28985
website/docs: remove slash from API reference ( #16117 )
2025-08-12 15:02:19 +02:00
e771bb74ee
policies: buffered policy access view for concurrent authorization attempts when unauthenticated ( #15034 )
...
Co-authored-by: Marcelo Elizeche Landó <marcelo@goauthentik.io >
Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
2025-08-10 16:22:05 +00:00
cfe113b36a
stages/email: implement rate limiting for account verification ( #15531 )
...
Co-authored-by: Marcelo Elizeche Landó <marcelo@goauthentik.io >
2025-08-06 16:44:35 +02:00
30670bb547
providers/oauth2: backchannel logout ( #15401 )
...
Co-authored-by: Dewi Roberts <dewi@goauthentik.io >
Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
2025-08-05 14:16:02 +02:00
ba725365ec
core: add updated_at field to user ( #15571 )
...
Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
2025-08-04 13:36:09 +00:00
ab1f87cfd6
core, providers/ldap: add parent/child groups to api and ldap results ( #14974 )
2025-08-04 14:29:16 +02:00
8b1240ff0b
providers/saml: configuration for default NameID Policy ( #15109 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2025-08-03 18:24:12 +01:00
29f20a4829
*: replace Celery with Dramatiq ( #13492 )
2025-07-28 17:00:09 +02:00
6d68844270
root: backport release 2025.6.4 ( #15723 )
...
release: 2025.6.4
2025-07-22 15:38:16 +02:00
6c939341b0
sources/oauth: add entra ID source and move logic over ( #15538 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2025-07-14 15:44:07 +02:00
21b6204c90
sources/SCIM: Full Patch support for User and Group ( #15485 )
...
* add patch support
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix group members
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add tests for group adding
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* format, more tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* mark patch as supported
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* support excludedAttributes
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* allow updating externalId
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* more patcher tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* let the ai do things?
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* format
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix ai generated code
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* remove the old code
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add fix to handle URN format
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* tests pass
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* improve 404 handling for non uuid IDs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* better None path handling
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* split code to make it more readable
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* handle patch operation with Path None and value containing urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:organization
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests that were not correct
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix external ID change - the bad way
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add separate field for externalId
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* more schema fixes
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix replace for manager
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* save last_updated
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* more unittests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* more tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2025-07-14 00:02:15 +02:00
Marc 'risson' Schmitt
Jens L.
Dominic R
Connor Peshek
authentik-automation[bot]
Erik Ahlund
Alexander Tereshkin
Dewi Roberts
Marcelo Elizeche Landó
Dametto Luca
dechen-authentik
Jose D. Gomez R.
Daniel Adu-Gyan