providers/oauth2: add initial JWE support

[BeryJu]

Details

REPLACE ME

---

Checklist

• Local tests pass (ak test authentik/)
• The code has been formatted (make lint-fix)

If an API change has been made

• The API schema has been updated (make gen-build)

If changes to the frontend have been made

• The code has been formatted (make web)

If applicable

• The documentation has been updated
• The documentation has been formatted (make website)

[notion-workspace]

OAuth2 JWE support for FAL3

[netlify]

✅ Deploy Preview for authentik-storybook canceled.

Name	Link
🔨 Latest commit	592fcda
🔍 Latest deploy log	https://app.netlify.com/sites/authentik-storybook/deploys/670fea30a681e90008fbe9e3

[netlify]

✅ Deploy Preview for authentik-docs canceled.

Name	Link
🔨 Latest commit	592fcda
🔍 Latest deploy log	https://app.netlify.com/sites/authentik-docs/deploys/670fea30e4f8d70008b86357

[codecov]

Codecov Report

Attention: Patch coverage is 97.89474% with 2 lines in your changes missing coverage. Please review.

Project coverage is 92.68%. Comparing base (01e7124) to head (592fcda).
Report is 6 commits behind head on main.

✅ All tests successful. No failed tests found.

Files with missing lines	Patch %	Lines
authentik/providers/oauth2/views/provider.py	60.00%	2 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main   #11344      +/-   ##
==========================================
- Coverage   92.75%   92.68%   -0.07%     
==========================================
  Files         736      736              
  Lines       36609    36698      +89     
==========================================
+ Hits        33956    34015      +59     
- Misses       2653     2683      +30     

Flag	Coverage Δ
e2e	49.20% <28.42%> (-0.18%)	⬇️
integration	24.91% <5.26%> (-0.05%)	⬇️
unit	90.21% <94.73%> (+0.01%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[github-actions]

authentik PR Installation instructions

Instructions for docker-compose

Add the following block to your .env file:

AUTHENTIK_IMAGE=ghcr.io/goauthentik/dev-server
AUTHENTIK_TAG=gh-592fcda2e94b240d8bbc0863fdef447ab5b09633
AUTHENTIK_OUTPOSTS__CONTAINER_IMAGE_BASE=ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s

For arm64, use these values:

AUTHENTIK_IMAGE=ghcr.io/goauthentik/dev-server
AUTHENTIK_TAG=gh-592fcda2e94b240d8bbc0863fdef447ab5b09633-arm64
AUTHENTIK_OUTPOSTS__CONTAINER_IMAGE_BASE=ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s

Afterwards, run the upgrade commands from the latest release notes.

Instructions for Kubernetes

Add the following block to your values.yml file:

authentik:
    outposts:
        container_image_base: ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s
global:
    image:
        repository: ghcr.io/goauthentik/dev-server
        tag: gh-592fcda2e94b240d8bbc0863fdef447ab5b09633

For arm64, use these values:

authentik:
    outposts:
        container_image_base: ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s
global:
    image:
        repository: ghcr.io/goauthentik/dev-server
        tag: gh-592fcda2e94b240d8bbc0863fdef447ab5b09633-arm64

Afterwards, run the upgrade commands from the latest release notes.