providers/scim: add compatibility mode for AWS & Slack

[jorhett]

Details

AWS /ServiceProviderConfig query responds that it supports patch, but they only support patching a single group property.

resolves #12321

Checklist

• [] Local tests pass (ak test authentik/)
• The code has been formatted (make lint-fix)

[netlify]

✅ Deploy Preview for authentik-docs canceled.

Name	Link
🔨 Latest commit	5fdfa4b
🔍 Latest deploy log	https://app.netlify.com/sites/authentik-docs/deploys/67cb8328e624c5000888cfb8

[netlify]

✅ Deploy Preview for authentik-storybook ready!

Name	Link
🔨 Latest commit	5fdfa4b
🔍 Latest deploy log	https://app.netlify.com/sites/authentik-storybook/deploys/67cb832851d3770008f23e17
😎 Deploy Preview	https://deploy-preview-13342--authentik-storybook.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify site configuration.

[arcdigital]

This doesn't account for other AWS partitions which use a different domain. An option to manually override would be a more robust solution

[jorhett]

This doesn't account for other AWS partitions which use a different domain. An option to manually override would be a more robust solution

Please show the AWS docs that mention SCIM support for any other domain? I used the authoritative endpoint list here, and this regex matches every one listed https://docs.aws.amazon.com/general/latest/gr/sso.html#sso_region

That being said AWS docs are often out of date so please feel free to submit a patch if you know better.

[rissson]

I took the liberty of pushing a more generic solution. I haven't discussed this with the team prior to implementing, so no promises on those changes.

[codecov]

Codecov Report

Attention: Patch coverage is 83.33333% with 2 lines in your changes missing coverage. Please review.

Project coverage is 92.73%. Comparing base (8244c23) to head (5fdfa4b).
Report is 87 commits behind head on main.

Files with missing lines	Patch %	Lines
authentik/providers/scim/clients/base.py	71.42%	2 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main   #13342      +/-   ##
==========================================
- Coverage   92.75%   92.73%   -0.02%     
==========================================
  Files         793      793              
  Lines       40352    40386      +34     
==========================================
+ Hits        37429    37453      +24     
- Misses       2923     2933      +10     

Flag	Coverage Δ
e2e	48.01% <41.66%> (-0.04%)	⬇️
integration	24.07% <41.66%> (-0.02%)	⬇️
unit	90.45% <83.33%> (-0.01%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[jorhett]

I took the liberty of pushing a more generic solution

You are welcome and encouraged to take that liberty with any PR I send to you any time! It will probably be a long time before I get familiar with your coding standards. My PRs will just be ideas, and you are always welcome to improve them.

[jorhett]

@BeryJu any idea when this will ship?

[rissson]

With the next release. We don't publicly announce release dates in advance.

[arcdigital]

It looks like this didn't make it in 2025.2.3, do you think you'll include it in the next release?

[fheisler]

Yes, this will be included in 2025.4

[arcdigital]

thanks! I know you don't publish dates, but do you have an approximate ETA? (and will you be skipping 2025.3?)

[fheisler]

no guarantees, but we've been sticking to a rough every-two-months schedule lately and intend that with this next major release later in April

[argo1984]

it seemes not to be shipped with 2025.2.4

[rissson]

Will be shipped with 2025.4