205hlab-mirrors/authentik
2
0
Fork 0
mirror of https://github.com/goauthentik/authentik.git synced 2026-06-17 19:09:11 +03:00
Code Issues Packages Projects Releases Wiki Activity
22,037 Commits 384 Branches 449 Tags
7a71bcfcdc442204b8985ab379b22f7eb9fe321f
Commit Graph

571 Commits

Author SHA1 Message Date
Dominic R f6024a23ef web: fix identification stage OUIA attributes (#22049) 
* web: fix identification stage OUIA attributes

* tests/e2e: update OUIA selectors for identification stage

Match the rename of ouiaId to data-ouia-component-id in
IdentificationStage.ts so the enroll and recovery flow tests can
locate the links again.
 2026-05-06 02:31:17 +02:00
Connor Peshek a3b0180049 providers/oauth: make rp init logout oidc certification changes (#21815) 
* providers/oauth: make rp init logout oidc certification changes

* update test

* slight rework

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add oidc certification tests

* test

* fix backchannel url

* make urls uniform

* update to main

* remove env bind

* cleanup patch

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fixup

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add traefik healthcheck

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix healthcheck

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
 2026-05-04 19:11:59 +02:00
Jens L. 4851179522 enterprise/providers/ssf: more conformance fixes (#21521) 
* enterprise/providers/ssf: more conformance fixes

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* include request when possible

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* remove null state

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* t

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* re-gen & format

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* remove None state

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix ci

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* revert a thing

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix ssf conformance test

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* no subtest

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix network

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add test for stream update

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2026-05-04 14:11:21 +02:00
Jens L. a0cdd81f71 tests: add mixin to launch traefik for tests requiring SSL (#22011) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2026-05-01 18:23:13 +02:00
Connor Peshek a2ca19d718 providers/saml: generate issuer url when provider is set on app (#18022) 
* providers/saml: generate issuer url in saml processors unless overridded

* remove issuer

* remove duplicate

* Generate url when assertion is created and save to session

* cleanup

* Fix front-end rendering of issuer

* Update web/src/admin/providers/saml/SAMLProviderViewPage.ts

Co-authored-by: Jens L. <jens@goauthentik.io>
Signed-off-by: Connor Peshek <connor@connorpeshek.me>

* Update authentik/providers/saml/models.py

Co-authored-by: Jens L. <jens@goauthentik.io>
Signed-off-by: Connor Peshek <connor@connorpeshek.me>

* Update authentik/providers/saml/models.py

Co-authored-by: Jens L. <jens@goauthentik.io>
Signed-off-by: Connor Peshek <connor@connorpeshek.me>

* use reverse for urls and update tests

* update issuer description

* Don't absorb sp entity id

* rename issuer_url to issuer_override

* fix migration file to rename to override

* fix migration file order

* lint, fix tests

* fix tests

* fix once again not importing the sp issuer

* build

* use const for default issuer

---------

Signed-off-by: Connor Peshek <connor@connorpeshek.me>
Co-authored-by: connor peshek <connorpeshek@connors-MacBook-Pro.local>
Co-authored-by: Jens L. <jens@goauthentik.io>
 2026-04-28 17:31:12 -05:00
Jens L. 8f1bdc01b6 providers/oauth2: Configure allowed grant types (#20363) 
* naming cleanup

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* adjust defaults, start adding tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* more tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* gen

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix proxy

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add UI

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* attempt to fix e2e

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* allow refresh token for conformance

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix e2e

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2026-04-27 13:36:57 +02:00
Jens L. 311954f920 providers/radius: fix message authenticator validation (#21824) 
* providers/radius: fix message authenticator validation

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix panic

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* send message auth

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2026-04-25 20:53:29 +02:00
Jens L. c6ee7b6881 core: complete rework to oobe and setup experience (#21753) 
* initial

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* use same startup template

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix check not working

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* unrelated: fix inspector auth

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update docs

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* ensure oobe flow can only accessed via correct url

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* set setup flag when applying bootstrap blueprint when env is set

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add system visibility to flags to make them non-editable

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* set setup flag for e2e tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix tests and linting

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* make github lint happy

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* make tests have less assumptions

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* Update docs

* include more heuristics in migration

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add management command to set any flag

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* migrate worker command to signal

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* improved api for setting flags

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* short circuit

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Dewi Roberts <dewi@goauthentik.io>
 2026-04-24 14:47:05 +02:00
dependabot[bot] 37c6359fdf core: bump axllent/mailpit from v1.29.5 to v1.29.6 in /tests/e2e (#21398) 
Bumps axllent/mailpit from v1.29.5 to v1.29.6.

---
updated-dependencies:
- dependency-name: axllent/mailpit
  dependency-version: v1.29.6
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-04-06 10:07:55 +01:00
Jens L. a6775bc61e tests: refactor test harness to split apart a single file (#21391) 
* re-instate previously flaky test

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* break up big file

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* move geoip data to subdir

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* i am but a weak man

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix ldap disconnect in testing

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* account for mismatched uid due to test server process

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2026-04-05 22:12:52 +02:00
Jens L. dc320df3a3 providers/rac: add e2e tests (#21390) 
* add test_runner option to not capture stdout

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix exception for container failing to start not being raised

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* maybe use channels server for testing?

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* simplify and patch enterprise

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* simplify waiting for outpost

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add rac SSH tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix rac missing in CI

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* retry on container failure

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* bump healthcheck tries

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* patch email port always

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fixup?

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix guardian cache

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* only build webui when using selenium

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* only use channels when needed

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix coverage and combine

based on https://github.com/django/channels/issues/2063#issuecomment-2067722400

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* dont even cache

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* test with delete_token_on_disconnect

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2026-04-05 19:07:31 +02:00
Jens L. ea2bdde5a3 enterprise/providers/ssf: test conformance (#21383) 
* bump conformance server

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add support for rfc push

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* make format and aud optional

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix some endpoints

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* force 401

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* implement get and patch for streams

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* cleanup

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* enable async stream deletion

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* allow configuring remote certificate validation

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add verification endpoint

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add support for authorization_header

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* set default aud cause spec cant agree with itself

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* bump timeout

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix header `typ`

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* enabled -> status

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* re-migrate

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* gen

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* more tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* more tests and a fix

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* make streams deletable

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* and more logs and fix a silly bug

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add stream status endpoint

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* move ssf out of preview

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* unrelated typing fix

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* format

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* sigh

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* more tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2026-04-05 16:35:39 +02:00
Jens L. 1848c6c380 outposts: Create separate metrics service in Kubernetes (#21229) 
* outposts: create separate metrics service

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix service monitor plumbing

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update docs

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* format

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add some static tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* make metrics service ClusterIP

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update service monitor when labels mismatch

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2026-03-29 23:51:10 +02:00
dependabot[bot] a62c6c92a8 core: bump axllent/mailpit from v1.29.4 to v1.29.5 in /tests/e2e (#21226) 
Bumps axllent/mailpit from v1.29.4 to v1.29.5.

---
updated-dependencies:
- dependency-name: axllent/mailpit
  dependency-version: v1.29.5
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-29 20:12:26 +01:00
Jens L. 253f5d3fcf ci: only run selenium for E2E tests when needed (#21217) 
* ci: less selenium

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* oidc needs selenium

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2026-03-28 22:31:29 +01:00
dependabot[bot] dd4237a2e3 core: bump axllent/mailpit from v1.29.3 to v1.29.4 in /tests/e2e (#21061) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-23 13:09:22 +00:00
Jens L. db9081e7dc policies: remove BufferedPolicyAccessView (#20521) 
* policies: remove BufferedPolicyAccessView

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

# Conflicts:
#	authentik/policies/views.py
#	authentik/providers/oauth2/views/authorize.py
#	schema.yml
#	tests/e2e/test_provider_saml.py

* format

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2026-03-16 18:19:15 +01:00
Jens L. 3d964ddd2e endpoints: fix tasks failing (#20904) 
* endpoints: fix tasks failing

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2026-03-15 01:47:02 +01:00
dependabot[bot] a04571b8d8 core: bump axllent/mailpit from v1.29.2 to v1.29.3 in /tests/e2e (#20811) 
Bumps axllent/mailpit from v1.29.2 to v1.29.3.

---
updated-dependencies:
- dependency-name: axllent/mailpit
  dependency-version: v1.29.3
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-10 08:41:09 +00:00
dependabot[bot] ea8086be69 core: bump goauthentik/selenium from 145.0-ak-0.40.3 to 145.0-ak-0.40.5 in /tests/e2e (#20790) 
core: bump goauthentik/selenium in /tests/e2e

Bumps [goauthentik/selenium](https://github.com/SeleniumHQ/docker-selenium) from 145.0-ak-0.40.3 to 145.0-ak-0.40.5.
- [Release notes](https://github.com/SeleniumHQ/docker-selenium/releases)
- [Commits](https://github.com/SeleniumHQ/docker-selenium/commits)

---
updated-dependencies:
- dependency-name: goauthentik/selenium
  dependency-version: 145.0-ak-0.40.5
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-09 11:27:12 +01:00
dependabot[bot] 58e4fb004b core: bump goauthentik/selenium from 145.0-ak-0.40.2 to 145.0-ak-0.40.3 in /tests/e2e (#20726) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-05 13:44:14 +01:00
dependabot[bot] 80ca1ab954 core: bump goauthentik/selenium from 145.0-ak-0.40.1 to 145.0-ak-0.40.2 in /tests/e2e (#20650) 
core: bump goauthentik/selenium in /tests/e2e

Bumps [goauthentik/selenium](https://github.com/SeleniumHQ/docker-selenium) from 145.0-ak-0.40.1 to 145.0-ak-0.40.2.
- [Release notes](https://github.com/SeleniumHQ/docker-selenium/releases)
- [Commits](https://github.com/SeleniumHQ/docker-selenium/commits)

---
updated-dependencies:
- dependency-name: goauthentik/selenium
  dependency-version: 145.0-ak-0.40.2
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-02 12:50:33 +01:00
dependabot[bot] af0fc47939 core: bump goauthentik/selenium from 145.0-ak-0.40.0 to 145.0-ak-0.40.1 in /tests/e2e (#20585) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-02-27 18:49:53 +01:00
dependabot[bot] 223a8ffbb6 core: bump axllent/mailpit from v1.29.1 to v1.29.2 in /tests/e2e (#20553) 
Bumps axllent/mailpit from v1.29.1 to v1.29.2.

---
updated-dependencies:
- dependency-name: axllent/mailpit
  dependency-version: v1.29.2
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-02-25 14:43:39 +01:00
dependabot[bot] 4831497369 core: bump goauthentik/selenium from 144.0-ak-0.40.0 to 145.0-ak-0.40.0 in /tests/e2e (#20554) 
core: bump goauthentik/selenium in /tests/e2e

Bumps [goauthentik/selenium](https://github.com/SeleniumHQ/docker-selenium) from 144.0-ak-0.40.0 to 145.0-ak-0.40.0.
- [Release notes](https://github.com/SeleniumHQ/docker-selenium/releases)
- [Commits](https://github.com/SeleniumHQ/docker-selenium/commits)

---
updated-dependencies:
- dependency-name: goauthentik/selenium
  dependency-version: 145.0-ak-0.40.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-02-25 14:43:31 +01:00
Ken Sternberg 254bfd2a60 web/maintenance: no unknown attributes part 2 (#19014) 
* web: Add InvalidationFlow to Radius Provider dialogues

## What

- Bugfix: adds the InvalidationFlow to the Radius Provider dialogues
  - Repairs: `{"invalidation_flow":["This field is required."]}` message, which was *not* propagated
    to the Notification.
- Nitpick: Pretties `?foo=${true}` expressions: `s/\?([^=]+)=\$\{true\}/\1/`

## Note

Yes, I know I'm going to have to do more magic when we harmonize the forms, and no, I didn't add the
Property Mappings to the wizard, and yes, I know I'm going to have pain with the *new* version of
the wizard. But this is a serious bug; you can't make Radius servers with *either* of the current
dialogues at the moment.

* This (temporary) change is needed to prevent the unit tests from failing.

\# What

\# Why

\# How

\# Designs

\# Test Steps

\# Other Notes

* Revert "This (temporary) change is needed to prevent the unit tests from failing."

This reverts commit dddde09be5.

* website: fix bad escaping of URLs in release notes

## What

Fixes bad escaping of URLs in the release notes that resulted in mangled output.

v2024.6.4 had entries that looked like this:

```
##### `GET` /providers/google_workspace/{#123;id}#125;/
```

v2025.4.md had entries that looked like this:

```
##### `GET` /policies/unique_password/{#125;#123;policy_uuid}/
```

A couple of straightforward search-and-replaces has fixed the issue.

## Notes

Two of the release notes had bad escaping of URLs. I'm not sure how the error was made or got past,
but it was obvious when visiting the page.

@Beryju suggested that the bug is due to our using `{...}` to symbolize parameters in a URL while
Docusaurus wants to interpret `{...}` as an internal template instruction, resulting in odd
behavior. In either case, docusarus interpreted the hashtagged entries as links to unrelated issues
in Github (the same two issues, which were "bump version of pylint" and "bump version of sentry"),
which could be very confusing.

The inconsistencies between the two releases, and the working releases, suggests that the error was
introduced manually.

* web/maintenance/no-unknown-attributes-1

# What

This commit is a collection of fixes and adaptations discovered while running lit-analyzer in a stricter role than usual. These fixes are to 9 of the existing issues; there are 16 more that will be addressed in the next two pull requests.

The following issues were uncovered.

- `ak-slug-input` does not take `autocomplete`.
- `ak-wizard-page-type-create` does not take, or use, the `name` attribute. It also has no `value` of its own, so it is not processed as a form object.
- `ak-endpoints-device-access-groups-form` does not take a `pk` attribute. It takes an `.instancePk` property.
- `ak-provider-oauth2-redirect-uri` is only used in one place, and that place uses the term `input-id` for the key. The component was expected `inputId`. Since it is a string and therefore an attribute, kebab-case is the appropriate fix here.
- `input-mode` is not a valid attribute. The attribute is `inputmode`, and the property is `inputMode`. It may not be undefined. If it is defined, the default is `text`. I have fixed this in the attribute and in the two Forms that used it.
- `form-associated-element` had both `name` and `type` as readonly. Since they are native attributes, they can be attributes or they can be readonly. They can’t be both. I have made them read-write.
- `user-source-settings-page` is only used in one place, and that place uses the term `input-id` for the key. The component was expected `inputId`. Since it is a string and therefore an attribute, kebab-case is the appropriate fix here.

These guideposts will be placed on the PR.

* Update web/src/admin/providers/oauth2/OAuth2ProviderRedirectURI.ts

Co-authored-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com>
Signed-off-by: Ken Sternberg <133134217+kensternberg-authentik@users.noreply.github.com>

* Update web/src/components/ak-text-input.ts

Co-authored-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com>
Signed-off-by: Ken Sternberg <133134217+kensternberg-authentik@users.noreply.github.com>

* web/maintenance/no-unknown-attributes-2

# What

This commit is a collection of fixes and adaptations discovered while running lit-analyzer in a stricter role than usual.

- `src/admin/endpoints/connectors/agent/AgentConnectorSetup.ts`

After talking to @beryju, we determined that these labels aren’t shown and aren’t used.

- `src/admin/admin-overview/AdminOverviewPage.ts`
- `src/admin/admin-overview/DashboardUserPage.ts`
- `src/elements/cards/AggregatePromiseCard.ts`
- `src/elements/cards/stories/AggregatePromiseCard.stories.ts`

The `Promise` version of our card is not used by any client code. The Dashboard pages that were importing it want the vanilla `AggregateCard` instead.

- `./src/flow/stages/identification/IdentificationStage.ts`

Anchors do not have a `name` attribute, I cannot find any code using the name attributes as lookups, nor any CSS that might use the name attributes as guides. `ak-flow-password-input` is always required; the flag is unsupported and unnecessary.

- `./src/flow/stages/password/PasswordStage.ts`

Anchors do not have a `name` attribute, I cannot find any code using the name attributes as lookups, nor any CSS that might use the name attributes as guides. `ak-flow-password-input` is always required; the flag is unsupported and unnecessary.

- `src/user/user-settings/UserSettingsPage.ts`

This change to the `UserSettingsPage`:

``` diff
-                                userId=${ifPresent(currentUser?.pk)}
+                                user-id=${ifPresent(currentUser?.pk)}
```

… corresponds correctly with:

``` typescript
    @property({ type: Number, attribute: "user-id" })
    public userId?: number;
```

I find it odd (and remarkable) that nobody has complained about this yet. I even went so far as to [confirm my understanding](https://codepen.io/kensternberg-authentik/pen/raLNBwO) and, yes:

- when an attribute is truthy, property syntax does not set the field
- when an attribute is deliberately given a kebab-case name, using the camelCase variant does not set the field

However, when the attribute is truthy, attribute names are case-insensitive: ‘user-id’ and ‘User-Id’ in client code would work just fine.

## Note

A large enough number of warnings remain. Some of those are due to `lit-analyzer` not being updated to recognize newly Baseline global DOM properties like `inert` or `popover`. The rest are from RapiDoc and QrCode, which do not supply sufficient documentation or metadata for Lit-anaylzer to read correctly.

* web/bug/hidden-secrets-not-propagating

# What

This commit updates ak-secret-text-input, adding the `name` attribute to all valid input fields and updating the value writer to match those of known-working components, to ensure that either variety of the display is fully and correctly updated with the content of the hidden secret.

# Why

The hidden input field is the one that HorizontalFormElement was expecting to read its value from, but that field never received a `name` because it wasn’t present when the field was first updated.

HorizontalFormElement writes the `name` field to the first `<input>` it finds. That was the “dummy” input field, which has no working value.

Form ignored the input element because the value it read came with an undefined name.

Object-oriented state management sometimes bites.

* Turns out, I was wrong. Someone *does* use the `name` attribute: the tests.  MDN says that `name`
is incorrect, and we should use `id` instead.  I have compromised; I have switched to using the
Open UI Automation ID instead, since that's what we're doing: automated tests.

\# What

\# Why

\# How

\# Designs

\# Test Steps

\# Other Notes

---------

Signed-off-by: Ken Sternberg <133134217+kensternberg-authentik@users.noreply.github.com>
Co-authored-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com>
Co-authored-by: Jens L. <jens@goauthentik.io>
 2026-02-23 12:55:26 -08:00
dependabot[bot] 7d1f7625e0 core: bump axllent/mailpit from v1.29.0 to v1.29.1 in /tests/e2e (#20310) 
Bumps axllent/mailpit from v1.29.0 to v1.29.1.

---
updated-dependencies:
- dependency-name: axllent/mailpit
  dependency-version: v1.29.1
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-02-16 13:54:55 +01:00
Jens L. ef74ca01a2 enterprise/providers: WSFed configurable realm, default wreply (#19996) 
* enterprise/providers/wsfed: make realm configurable

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* make wreply optional, fallback to configure

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* use audience instead of issuer

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix lookup

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2026-02-06 00:14:10 +01:00
dependabot[bot] f85c127e82 core: bump axllent/mailpit from v1.28.4 to v1.29.0 in /tests/e2e (#19918) 
Bumps axllent/mailpit from v1.28.4 to v1.29.0.

---
updated-dependencies:
- dependency-name: axllent/mailpit
  dependency-version: v1.29.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-02-02 13:24:09 +01:00
dependabot[bot] a8e28216ea core: bump goauthentik/selenium from 144.0-ak-0.35.9 to 144.0-ak-0.40.0 in /tests/e2e (#19917) 
core: bump goauthentik/selenium in /tests/e2e

Bumps [goauthentik/selenium](https://github.com/SeleniumHQ/docker-selenium) from 144.0-ak-0.35.9 to 144.0-ak-0.40.0.
- [Release notes](https://github.com/SeleniumHQ/docker-selenium/releases)
- [Commits](https://github.com/SeleniumHQ/docker-selenium/commits)

---
updated-dependencies:
- dependency-name: goauthentik/selenium
  dependency-version: 144.0-ak-0.40.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-02-02 13:23:56 +01:00
Jens L. e90c249274 common: introduce common (#19852) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2026-01-30 16:27:41 +01:00
Simonyi Gergő 1b9653901c rbac: clean up roles and permissions (#19588) 
* clean up roles and permissions

This was purposefully not included in `2025.12` to split the changes up.

The main content of this patch is in the migrations. Everything else
follows more or less automatically.

* add breaking change warning to release notes

* add `ak_groups` --> `groups` deprecated proxy

* fixup! add `ak_groups` --> `groups` deprecated proxy

* fixup! add `ak_groups` --> `groups` deprecated proxy

* fixup! add `ak_groups` --> `groups` deprecated proxy

* add configuration warning to default notifications blueprint

* add rudimentary tests for User.ak_groups

* remove no longer used permissions

* clarify deprecation

Co-authored-by: Jens L. <jens@goauthentik.io>
Signed-off-by: Simonyi Gergő <28359278+gergosimonyi@users.noreply.github.com>

* remove integration changes

These will be included in a separate PR once this is released.

---------

Signed-off-by: Simonyi Gergő <28359278+gergosimonyi@users.noreply.github.com>
Co-authored-by: Jens L. <jens@goauthentik.io>
 2026-01-29 19:12:38 +01:00
dependabot[bot] f5de9eb6c2 core: bump goauthentik/selenium from 144.0-ak-0.35.8 to 144.0-ak-0.35.9 in /tests/e2e (#19832) 
core: bump goauthentik/selenium in /tests/e2e

Bumps [goauthentik/selenium](https://github.com/SeleniumHQ/docker-selenium) from 144.0-ak-0.35.8 to 144.0-ak-0.35.9.
- [Release notes](https://github.com/SeleniumHQ/docker-selenium/releases)
- [Commits](https://github.com/SeleniumHQ/docker-selenium/commits)

---
updated-dependencies:
- dependency-name: goauthentik/selenium
  dependency-version: 144.0-ak-0.35.9
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-01-29 13:12:55 +01:00
Jens L. d1fb7dde14 enterprise/providers: WS-Federation (#19583) 
* init

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix metadata

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* aight

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* progress

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix timedelta

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* start testing metadata

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add some more tests and schemas

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* test signature

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* attempt to fix signed xml linebreak

https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/1258
https://github.com/robrichards/xmlseclibs/issues/28
https://github.com/xmlsec/python-xmlsec/issues/196
Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* format + gen

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update web

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* more validation

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* hmm

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add e2e test

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* qol fix in wait_for_url

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add UI

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* acs -> reply url

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* sign_out

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix some XML typing

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* remove verification_kp as its not used

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix reply url

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add ws-fed to tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add logout test

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add SAMLSession

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* refactor

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* unrelated type fixes

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add backchannel logout

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* delete import_metadata in wsfed

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* include generated realm

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* Update web/src/admin/providers/wsfed/WSFederationProviderViewPage.ts

Co-authored-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com>
Signed-off-by: Jens L. <jens@beryju.org>

* include wtrealm in ui

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens L. <jens@beryju.org>
Co-authored-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com>
 2026-01-28 17:43:16 +01:00
Connor Peshek 25820f063e providers/oauth2: Support login_hint (#19498) 
* clean up code

* simplify skipping logic

* clean up reading flag, fix user submission on identification stage

* do not auto add login_hint if user doesnt exist and pretend_user_exists is off

* rework

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* more tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* sigh

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix login_hint conformance test

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
 2026-01-27 15:15:24 +01:00
Jens L. cdd3fb7827 web/sfe: downgrade bootstrap, add access denied test (#19763) 
* web/sfe: downgrade bootstrap, add access denied test

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2026-01-26 16:14:12 +01:00
dependabot[bot] 32f67336a4 core: bump axllent/mailpit from v1.28.3 to v1.28.4 in /tests/e2e (#19748) 
Bumps axllent/mailpit from v1.28.3 to v1.28.4.

---
updated-dependencies:
- dependency-name: axllent/mailpit
  dependency-version: v1.28.4
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-01-26 13:43:18 +01:00
dependabot[bot] ed1125af04 core: bump goauthentik/selenium from 144.0-ak-0.35.7 to 144.0-ak-0.35.8 in /tests/e2e (#19747) 
core: bump goauthentik/selenium in /tests/e2e

Bumps [goauthentik/selenium](https://github.com/SeleniumHQ/docker-selenium) from 144.0-ak-0.35.7 to 144.0-ak-0.35.8.
- [Release notes](https://github.com/SeleniumHQ/docker-selenium/releases)
- [Commits](https://github.com/SeleniumHQ/docker-selenium/commits)

---
updated-dependencies:
- dependency-name: goauthentik/selenium
  dependency-version: 144.0-ak-0.35.8
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-01-26 13:42:35 +01:00
dependabot[bot] 4dbdad8beb core: bump goauthentik/selenium from 143.0-ak-0.35.3 to 144.0-ak-0.35.7 in /tests/e2e (#19688) 
core: bump goauthentik/selenium in /tests/e2e

Bumps [goauthentik/selenium](https://github.com/SeleniumHQ/docker-selenium) from 143.0-ak-0.35.3 to 144.0-ak-0.35.7.
- [Release notes](https://github.com/SeleniumHQ/docker-selenium/releases)
- [Commits](https://github.com/SeleniumHQ/docker-selenium/commits)

---
updated-dependencies:
- dependency-name: goauthentik/selenium
  dependency-version: 144.0-ak-0.35.7
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-01-23 12:24:57 +01:00
Jens L. 083b61ca7f tests: improve e2e/integration test reliability (#19540) 
* add flakefinder

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* show local IP in test header

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* attempt to join worker on test finish

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix?

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add timeout

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add flush

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* stop -> close

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix rare test issue of this failing

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* check correctly

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* un-serialize rollback?

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* explicitly join before db teardown

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* skip flaky tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* new broker

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* classmethod

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* separate docker helpers

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* only timeout functions

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* type and format

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* show detected IP too

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* cleanup

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2026-01-20 02:15:35 +01:00
dependabot[bot] a908efb792 core: bump black from 25.12.0 to 26.1.0 (#19567) 
* core: bump black from 25.12.0 to 26.1.0

Bumps [black](https://github.com/psf/black) from 25.12.0 to 26.1.0.
- [Release notes](https://github.com/psf/black/releases)
- [Changelog](https://github.com/psf/black/blob/main/CHANGES.md)
- [Commits](https://github.com/psf/black/compare/25.12.0...26.1.0)

---
updated-dependencies:
- dependency-name: black
  dependency-version: 26.1.0
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* lint

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
 2026-01-20 01:12:31 +01:00
dependabot[bot] 74831d6dcc core: bump axllent/mailpit from v1.28.2 to v1.28.3 in /tests/e2e (#19565) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-01-19 12:45:27 +00:00
Marcelo Elizeche Landó f56148fc91 tests/e2e: Add delay and serialized rollback to saml e2e test (#18840) 
* Add delay and serialized rollback to saml e2e test

* Apply suggestion from @BeryJu

Signed-off-by: Jens L. <jens@beryju.org>

* trigger build

---------

Signed-off-by: Jens L. <jens@beryju.org>
Co-authored-by: Jens L. <jens@goauthentik.io>
 2026-01-16 17:22:42 -03:00
Jens L. 885f3b68b2 root: Python 3.14 (#17313) 
* root: Python 3.14

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update pydantic

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* bump kadmin

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add krb5 stuff to compile on macos?

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* re-lock

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* trigger build

* lock uv

* bump to 3.14.2

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* output container logs if it failed to start

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* relock

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* target black and ruff to python 3.14

* upgrade pydatic from 2.11.7 to 2.12.5

* revert ruff to python 3.13 ruff checks

* bump docs

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix makefile

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Marcelo Elizeche Landó <marcelo@goauthentik.io>
Co-authored-by: Marcelo Elizeche Landó <marcelo@goauthentik.io>
 2026-01-15 02:08:17 +01:00
dependabot[bot] 3421567a31 core: bump axllent/mailpit from v1.28.1 to v1.28.2 in /tests/e2e (#19329) 
Bumps axllent/mailpit from v1.28.1 to v1.28.2.

---
updated-dependencies:
- dependency-name: axllent/mailpit
  dependency-version: v1.28.2
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-01-12 14:37:09 +01:00
dependabot[bot] 0a78fd21e1 core: bump axllent/mailpit from v1.28.0 to v1.28.1 in /tests/e2e (#19204) 
Bumps axllent/mailpit from v1.28.0 to v1.28.1.

---
updated-dependencies:
- dependency-name: axllent/mailpit
  dependency-version: v1.28.1
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-01-06 16:07:45 +01:00
Teffen Ellis 2c813cbe03 web: Merge branch -- Stale notifications, synchronized context objects, rendering fixes (#19141) 
* web: Fix stale notifications.

* Fix overlap of API and notifications drawers.

* Fix issues surrounding duplicate context controller values.

* Clean up drawer events, alignment.

* Export parts. Fix z-index, colors.

* Fix formatting, alignment. repeated renders.

* Fix indent.

* Fix progress bar fade out, positioning, labels.

* Fix clickable area.

* Ignore clickable icons.

* Clean up logging.

* Fix width.

* Move event listeners into decorator.

* Fix double counting of notifications.

* Fix ARIA lables.

* Fix empty state ARIA.

* Fix order of locale updating.

* Fix rebase.

* web: fix notification count update

* Update selector.

* web: Fix CAPTCHA locale.

* Clean up logging.

---------

Co-authored-by: macmoritz <tratarmoritz@gmail.com>
 2026-01-05 15:54:50 -05:00
Jens L. 4f4e37f2b0 tests/e2e: add endpoint tests (#19072) 
* tests/e2e: add endpoint tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* dont rely on hostname

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2025-12-28 12:53:00 +01:00
Jens L. 3cd1a31365 providers/oauth2: Automated OpenID Conformance tests (#14785) 
* some progress

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* somewhat working?

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* remove some previous debugging things

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* make it kinda work

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* revert more debugging stuff

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* make tests mostly work

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* smaller screenshots?

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* remove debugging

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* sleep a bit before checking again

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* cleanup, restart loop when we finished an operation

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* refactor conformance helper to requests (thanks chatgpt)

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* properly install subtests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* maybe run in CI?

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* dont hardcode IP

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix network and cookie deletion

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* upload cert exports

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* test

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* attempt to switch to generated

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* make it work generated?

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix teardown

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* re-add implicit and fix?

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* Revert "re-add implicit and fix?"

This reverts commit 6a4d15fc22cf4b27ffa428be9ecc9a0e778961c6.

* Revert "fix teardown"

This reverts commit cb96b0cb988acedec1fe72ec437b68e2c38ed6b1.

* Revert "make it work generated?"

This reverts commit 4e29d2c5737ee9aaad6c0f4701caf7e0fb110e15.

* Revert "attempt to switch to generated"

This reverts commit 6f851e021d305a93be9cfbb4a9b6783231b6d7cf.

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* check authorize request param earlier

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix some

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix basic suite?

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* another actual fix; don't return access_token when using response_type id_token

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add implicit test

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add custom profile scope that includes standard scopes to return number of warnings

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* use actual timestamp

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix missing offline_access, use scoped issuer

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* only run basic+implicit for now, fix other tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* split up

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix offline_access tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix waiting for compete on error

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix duplicate artifact

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix artifact

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* 👀

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix typing

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* typing

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix implicit

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* don't wait for conformance test

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* more disk space

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2025-12-22 20:21:22 +01:00
Jens L. e24b60f806 blueprints: add InternallyManagedMixin instead of large list (#18983) 
* blueprints: add InternallyManagedMixin instead of large list

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix recursion

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix e2e tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2025-12-21 03:31:41 +01:00