Skip to content

flows: silent authz flow#12213

Merged
BeryJu merged 12 commits intomainfrom
flows/silent-authz
Dec 10, 2024
Merged

flows: silent authz flow#12213
BeryJu merged 12 commits intomainfrom
flows/silent-authz

Conversation

@BeryJu
Copy link
Member

@BeryJu BeryJu commented Nov 27, 2024
edited
Loading

Details

Check if we need to show the flow executor when running a flow and allow certain stages to run directly if there's no other stages/policies in the flow preventing it

Checklist

  • Local tests pass (ak test authentik/)
  • The code has been formatted (make lint-fix)

If an API change has been made

  • The API schema has been updated (make gen-build)

If changes to the frontend have been made

  • The code has been formatted (make web)

If applicable

  • The documentation has been updated
  • The documentation has been formatted (make website)

@BeryJu BeryJu requested a review from a team as a code owner November 27, 2024 21:25
@netlify
Copy link

netlify bot commented Nov 27, 2024
edited
Loading

Deploy Preview for authentik-storybook canceled.

Name Link
🔨 Latest commit 04545fd
🔍 Latest deploy log https://app.netlify.com/sites/authentik-storybook/deploys/67582ee1ae74b10008abff9b

@netlify
Copy link

netlify bot commented Nov 27, 2024
edited
Loading

Deploy Preview for authentik-docs canceled.

Name Link
🔨 Latest commit 04545fd
🔍 Latest deploy log https://app.netlify.com/sites/authentik-docs/deploys/67582ee18ef42400086f109f

@codecov
Copy link

codecov bot commented Nov 27, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 98.27586% with 2 lines in your changes missing coverage. Please review.

Project coverage is 92.68%. Comparing base (28a2311) to head (04545fd).
Report is 4 commits behind head on main.

✅ All tests successful. No failed tests found.

Files with missing lines Patch % Lines
authentik/flows/tests/test_planner.py 96.72% 2 Missing ⚠️
Additional details and impacted files 
@@           Coverage Diff           @@
##             main   #12213   +/-   ##
=======================================
  Coverage   92.68%   92.68%           
=======================================
  Files         762      762           
  Lines       38156    38212   +56     
=======================================
+ Hits        35363    35416   +53     
- Misses       2793     2796    +3
Flag Coverage Δ
e2e 49.06% <31.03%> (-0.03%) ⬇️
integration 24.73% <4.31%> (-0.03%) ⬇️
unit 90.23% <94.82%> (+0.01%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@BeryJu BeryJu force-pushed the flows/silent-authz branch 2 times, most recently from ca79933 to 93d0cab Compare November 28, 2024 17:25
BeryJu added 11 commits December 10, 2024 12:53
@BeryJu
flows: add FlowPlan .to_redirect helper to redirect to flow executor
0bff636 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
@BeryJu
flows: add initial silent flow executor
4fd76c8 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
@BeryJu
more cleanup
ea1f105 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
@BeryJu
refactor and add tests
b6387bd 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
@BeryJu
how'd that happen
1fa2e5b 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
@BeryJu
fix most tests
77e7e04 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
@BeryJu
don't set allowed_silent_types if we cant transmit data via URL
262c97d 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
@BeryJu
fix stage not being set early enough
dca5c81 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
@BeryJu
fix OAuthDeviceCodeFinishStage being marked able-to-be-skipped-to whe…
2e439dd 
…n it is not

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
@BeryJu
fix more tests
70b4f6a 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
@BeryJu
dont skip on rac for now
26b89b0 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
@BeryJu BeryJu force-pushed the flows/silent-authz branch from 7ed713c to 26b89b0 Compare December 10, 2024 12:00
@BeryJu
add support for SAML redirect
04545fd 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
@BeryJu BeryJu merged commit 47e330d into main Dec 10, 2024
@BeryJu BeryJu deleted the flows/silent-authz branch December 10, 2024 12:43
@github-actions
Copy link
Contributor

github-actions bot commented Dec 10, 2024
edited
Loading

authentik PR Installation instructions

Instructions for docker-compose

Add the following block to your .env file:

AUTHENTIK_IMAGE=ghcr.io/goauthentik/dev-server
AUTHENTIK_TAG=gh-04545fd7cfcc701b478e297e45c678fd74fa88a7
AUTHENTIK_OUTPOSTS__CONTAINER_IMAGE_BASE=ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s

For arm64, use these values:

AUTHENTIK_IMAGE=ghcr.io/goauthentik/dev-server
AUTHENTIK_TAG=gh-04545fd7cfcc701b478e297e45c678fd74fa88a7-arm64
AUTHENTIK_OUTPOSTS__CONTAINER_IMAGE_BASE=ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s

Afterwards, run the upgrade commands from the latest release notes.

Instructions for Kubernetes

Add the following block to your values.yml file:

authentik:
    outposts:
        container_image_base: ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s
global:
    image:
        repository: ghcr.io/goauthentik/dev-server
        tag: gh-04545fd7cfcc701b478e297e45c678fd74fa88a7

For arm64, use these values:

authentik:
    outposts:
        container_image_base: ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s
global:
    image:
        repository: ghcr.io/goauthentik/dev-server
        tag: gh-04545fd7cfcc701b478e297e45c678fd74fa88a7-arm64

Afterwards, run the upgrade commands from the latest release notes.

kensternberg-authentik added a commit that referenced this pull request Dec 10, 2024
@kensternberg-authentik
Merge branch 'main' into web/policy-wizard-3
9e0579a 
* main: (93 commits)
  flows: better test stage's challenge responses (#12316)
  enterprise/stages/authenticator_endpoint_gdtc: don't set frame options globally (#12311)
  stages/identification: fix invalid challenge warning when no captcha stage is set (#12312)
  website/docs: prepare 2024.10.5 release notes (#12309)
  website: bump nanoid from 3.3.7 to 3.3.8 in /website (#12307)
  flows: silent authz flow (#12213)
  root:  use healthcheck in depends_on for postgres and redis (#12301)
  ci: ensure mark jobs always run and reflect correct status (#12288)
  enterprise: allow deletion/modification of users when in read-only mode (#12289)
  web/flows: resize captcha iframes (#12260)
  website/docs: add page about the Cobalt pentest (#12249)
  core: bump aws-cdk-lib from 2.171.1 to 2.172.0 (#12296)
  website: bump aws-cdk from 2.171.1 to 2.172.0 in /website (#12295)
  core: bump sentry-sdk from 2.19.1 to 2.19.2 (#12297)
  core: bump coverage from 7.6.8 to 7.6.9 (#12299)
  core, web: update translations (#12290)
  root: fix override locale only if it is not empty (#12283)
  translate: Updates for file web/xliff/en.xlf in fr (#12276)
  core: bump twilio from 9.3.7 to 9.3.8 (#12282)
  website: bump path-to-regexp and express in /website (#12279)
  ...

Integration of the change from jwksSources -> (jwtFederatedSources, jwtFederatedProviders) by
hand, and necessitated an update of Wdio to 9.4.

All tests passing (thank Gnu).
kensternberg-authentik added a commit that referenced this pull request Jan 8, 2025
@kensternberg-authentik
Merge branch 'main' into dev
1dcf910 
* main:
  flows: better test stage's challenge responses (#12316)
  enterprise/stages/authenticator_endpoint_gdtc: don't set frame options globally (#12311)
  stages/identification: fix invalid challenge warning when no captcha stage is set (#12312)
  website/docs: prepare 2024.10.5 release notes (#12309)
  website: bump nanoid from 3.3.7 to 3.3.8 in /website (#12307)
  flows: silent authz flow (#12213)
  root:  use healthcheck in depends_on for postgres and redis (#12301)
  ci: ensure mark jobs always run and reflect correct status (#12288)
  enterprise: allow deletion/modification of users when in read-only mode (#12289)
  web/flows: resize captcha iframes (#12260)
@BeryJu BeryJu mentioned this pull request Mar 22, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@BeryJu