ci: replace codecov test-results action by BeryJu · Pull Request #18862 · goauthentik/authentik

BeryJu · 2025-12-16T11:34:42Z

https://github.com/codecov/test-results-action?tab=readme-ov-file#%EF%B8%8F-deprecation-warning-%EF%B8%8F

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

netlify · 2025-12-16T11:34:54Z

✅ Deploy Preview for authentik-integrations canceled.

Name	Link
🔨 Latest commit	`e1339b6`
🔍 Latest deploy log	https://app.netlify.com/projects/authentik-integrations/deploys/694143d530c171000883c325

netlify · 2025-12-16T11:35:15Z

✅ Deploy Preview for authentik-storybook canceled.

Name	Link
🔨 Latest commit	`e1339b6`
🔍 Latest deploy log	https://app.netlify.com/projects/authentik-storybook/deploys/694143d5a057ca0008d78251

netlify · 2025-12-16T11:35:35Z

❌ Deploy Preview for authentik-docs failed. Why did it fail? →

Name	Link
🔨 Latest commit	`e1339b6`
🔍 Latest deploy log	https://app.netlify.com/projects/authentik-docs/deploys/694143d56832a40007cc51ad

codecov · 2025-12-16T11:44:15Z

❌ 4 Tests Failed:

Tests completed	Failed	Passed	Skipped
2860	4	2856	2

View the top 3 failed test(s) by shortest run time

tests.e2e.test_provider_oidc.TestProviderOAuth2OIDC::test_authorization_consent_explicit

Stack Traces | 52.8s run time

self = <tests.e2e.test_provider_oidc.TestProviderOAuth2OIDC testMethod=test_authorization_consent_explicit>
args = (), kwargs = {}

    @wraps(func)
    def wrapper(self: TransactionTestCase, *args, **kwargs):
        """Run test again if we're below max_retries, including tearDown and
        setUp. Otherwise raise the error"""
        nonlocal count
        try:
>           return func(self, *args, **kwargs)

tests/e2e/utils.py:468: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

args = (<tests.e2e.test_provider_oidc.TestProviderOAuth2OIDC testMethod=test_authorization_consent_explicit>,)
kwargs = {}, file = 'default/flow-default-invalidation-flow.yaml'
content = 'version: 1\nmetadata:\n  name: Default - Invalidation flow\nentries:\n- attrs:\n    designation: invalidation\n    na...0\n    stage: !KeyOf default-invalidation-logout\n    target: !KeyOf flow\n  model: authentik_flows.flowstagebinding\n'

    @wraps(func)
    def wrapper(*args, **kwargs):
        for file in files:
            content = BlueprintInstance(path=file).retrieve()
            Importer.from_string(content).apply()
>       return func(*args, **kwargs)

.../blueprints/tests/__init__.py:25: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

args = (<tests.e2e.test_provider_oidc.TestProviderOAuth2OIDC testMethod=test_authorization_consent_explicit>,)
kwargs = {}
file = 'default/flow-default-provider-authorization-explicit-consent.yaml'
content = 'version: 1\nmetadata:\n  name: Default - Provider authorization flow (explicit consent)\nentries:\n- attrs:\n    desi...e: !KeyOf default-provider-authorization-consent\n    target: !KeyOf flow\n  model: authentik_flows.flowstagebinding\n'

    @wraps(func)
    def wrapper(*args, **kwargs):
        for file in files:
            content = BlueprintInstance(path=file).retrieve()
            Importer.from_string(content).apply()
>       return func(*args, **kwargs)

.../blueprints/tests/__init__.py:25: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

args = (<tests.e2e.test_provider_oidc.TestProviderOAuth2OIDC testMethod=test_authorization_consent_explicit>,)
kwargs = {}, file = 'system/providers-oauth2.yaml'
content = 'version: 1\nmetadata:\n  labels:\n    blueprints.goauthentik.io/system: "true"\n  name: System - OAuth2 Provider - Sc... application the ability to access the authentik API\n        # on behalf of the authorizing user\n        return {}\n'

    @wraps(func)
    def wrapper(*args, **kwargs):
        for file in files:
            content = BlueprintInstance(path=file).retrieve()
            Importer.from_string(content).apply()
>       return func(*args, **kwargs)

.../blueprints/tests/__init__.py:25: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

args = (<tests.e2e.test_provider_oidc.TestProviderOAuth2OIDC testMethod=test_authorization_consent_explicit>,)
kwargs = {}, config = <AuthentikCryptoConfig: authentik_crypto>

    @wraps(func)
    def wrapper(*args, **kwargs):
        config = apps.get_app_config(app_name)
        if isinstance(config, ManagedAppConfig):
            config._on_startup_callback(None)
>       return func(*args, **kwargs)

.../blueprints/tests/__init__.py:43: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <tests.e2e.test_provider_oidc.TestProviderOAuth2OIDC testMethod=test_authorization_consent_explicit>

    @retry()
    @apply_blueprint(
        "default/flow-default-authentication-flow.yaml",
        "default/flow-default-invalidation-flow.yaml",
    )
    @apply_blueprint("default/flow-default-provider-authorization-explicit-consent.yaml")
    @apply_blueprint("system/providers-oauth2.yaml")
    @reconcile_app("authentik_crypto")
    def test_authorization_consent_explicit(self):
        """test OpenID Provider flow (default authorization flow with explicit consent)"""
        sleep(1)
        # Bootstrap all needed objects
        authorization_flow = Flow.objects.get(
            slug="default-provider-authorization-explicit-consent"
        )
        provider = OAuth2Provider.objects.create(
            name=self.application_slug,
            authorization_flow=authorization_flow,
            client_type=ClientTypes.CONFIDENTIAL,
            client_id=self.client_id,
            client_secret=self.client_secret,
            signing_key=create_test_cert(),
            redirect_uris=[
                RedirectURI(RedirectURIMatchingMode.STRICT, "http://localhost:9009/auth/callback")
            ],
        )
        provider.property_mappings.set(
            ScopeMapping.objects.filter(
                scope_name__in=[
                    SCOPE_OPENID,
                    SCOPE_OPENID_EMAIL,
                    SCOPE_OPENID_PROFILE,
                    SCOPE_OFFLINE_ACCESS,
                ]
            )
        )
        app = Application.objects.create(
            name=self.application_slug,
            slug=self.application_slug,
            provider=provider,
        )
        self.setup_client()
    
        self.driver.get("http://localhost:9009")
        self.login()
    
        self.wait.until(ec.presence_of_element_located((By.CSS_SELECTOR, "ak-flow-executor")))
    
        flow_executor = self.get_shadow_root("ak-flow-executor")
>       consent_stage = self.get_shadow_root("ak-stage-consent", flow_executor)

tests/e2e/test_provider_oidc.py:264: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <tests.e2e.test_provider_oidc.TestProviderOAuth2OIDC testMethod=test_authorization_consent_explicit>
selector = 'ak-stage-consent'
container = <selenium.webdriver.remote.shadowroot.ShadowRoot (session="a0c7d2788f29e1b923e6deaa4ab3b6a9", element="f.F8030994D6CC237F20DB1C9248A31205.d.878D6B6E1355F584E490C025544860A1.e.7")>
timeout = 10

    def get_shadow_root(
        self, selector: str, container: WebElement | WebDriver | None = None, timeout: float = 10
    ) -> WebElement:
        """Get the shadow root of a web component specified by `selector`."""
        if not container:
            container = self.driver
        wait = WebDriverWait(container, timeout)
        host: WebElement | None = None
    
        try:
>           host = wait.until(lambda c: c.find_element(By.CSS_SELECTOR, selector))

tests/e2e/utils.py:323: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <[AttributeError("'ShadowRoot' object has no attribute 'session_id'") raised in repr()] WebDriverWait object at 0x7f8f8ff77000>
method = <function SeleniumTestCase.get_shadow_root.<locals>.<lambda> at 0x7f8f9128bba0>
message = ''

    def until(self, method: Callable[[D], Union[Literal[False], T]], message: str = "") -> T:
        """Wait until the method returns a value that is not False.
    
        Calls the method provided with the driver as an argument until the
        return value does not evaluate to ``False``.
    
        Parameters:
        -----------
        method: callable(WebDriver)
            - A callable object that takes a WebDriver instance as an argument.
    
        message: str
            - Optional message for :exc:`TimeoutException`
    
        Return:
        -------
        object: T
            - The result of the last call to `method`
    
        Raises:
        -------
        TimeoutException
            - If 'method' does not return a truthy value within the WebDriverWait
            object's timeout
    
        Example:
        --------
        >>> from selenium.webdriver.common.by import By
        >>> from selenium.webdriver.support.ui import WebDriverWait
        >>> from selenium.webdriver.support import expected_conditions as EC
    
        # Wait until an element is visible on the page
        >>> wait = WebDriverWait(driver, 10)
        >>> element = wait.until(EC.visibility_of_element_located((By.ID, "exampleId")))
        >>> print(element.text)
        """
        screen = None
        stacktrace = None
    
        end_time = time.monotonic() + self._timeout
        while True:
            try:
>               value = method(self._driver)

.venv/lib/python3.13.../webdriver/support/wait.py:137: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

c = <selenium.webdriver.remote.shadowroot.ShadowRoot (session="a0c7d2788f29e1b923e6deaa4ab3b6a9", element="f.F8030994D6CC237F20DB1C9248A31205.d.878D6B6E1355F584E490C025544860A1.e.7")>

>   host = wait.until(lambda c: c.find_element(By.CSS_SELECTOR, selector))

tests/e2e/utils.py:323: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <selenium.webdriver.remote.shadowroot.ShadowRoot (session="a0c7d2788f29e1b923e6deaa4ab3b6a9", element="f.F8030994D6CC237F20DB1C9248A31205.d.878D6B6E1355F584E490C025544860A1.e.7")>
by = 'css selector', value = 'ak-stage-consent'

    def find_element(self, by: str = By.ID, value: str = None):
        """Find an element inside a shadow root given a By strategy and
        locator.
    
        Parameters:
        -----------
        by : selenium.webdriver.common.by.By
            The locating strategy to use. Default is `By.ID`. Supported values include:
            - By.ID: Locate by element ID.
            - By.NAME: Locate by the `name` attribute.
            - By.XPATH: Locate by an XPath expression.
            - By.CSS_SELECTOR: Locate by a CSS selector.
            - By.CLASS_NAME: Locate by the `class` attribute.
            - By.TAG_NAME: Locate by the tag name (e.g., "input", "button").
            - By.LINK_TEXT: Locate a link element by its exact text.
            - By.PARTIAL_LINK_TEXT: Locate a link element by partial text match.
            - RelativeBy: Locate elements relative to a specified root element.
    
        Example:
        --------
        element = driver.find_element(By.ID, 'foo')
    
        Returns:
        -------
        WebElement
            The first matching `WebElement` found on the page.
        """
        if by == By.ID:
            by = By.CSS_SELECTOR
            value = f'[id="{value}"]'
        elif by == By.CLASS_NAME:
            by = By.CSS_SELECTOR
            value = f".{value}"
        elif by == By.NAME:
            by = By.CSS_SELECTOR
            value = f'[name="{value}"]'
    
>       return self._execute(Command.FIND_ELEMENT_FROM_SHADOW_ROOT, {"using": by, "value": value})["value"]

.venv/lib/python3.13.../webdriver/remote/shadowroot.py:79: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <selenium.webdriver.remote.shadowroot.ShadowRoot (session="a0c7d2788f29e1b923e6deaa4ab3b6a9", element="f.F8030994D6CC237F20DB1C9248A31205.d.878D6B6E1355F584E490C025544860A1.e.7")>
command = 'findElementFromShadowRoot'
params = {'shadowId': 'f.F8030994D6CC237F20DB1C9248A31205.d.878D6B6E1355F584E490C025544860A1.e.7', 'using': 'css selector', 'value': 'ak-stage-consent'}

    def _execute(self, command, params=None):
        """Executes a command against the underlying HTML element.
    
        Args:
          command: The name of the command to _execute as a string.
          params: A dictionary of named parameters to send with the command.
    
        Returns:
          The command's JSON response loaded into a dictionary object.
        """
        if not params:
            params = {}
        params["shadowId"] = self._id
>       return self.session.execute(command, params)

.venv/lib/python3.13.../webdriver/remote/shadowroot.py:133: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <selenium.webdriver.remote.webdriver.WebDriver (session="a0c7d2788f29e1b923e6deaa4ab3b6a9")>
driver_command = 'findElementFromShadowRoot'
params = {'using': 'css selector', 'value': 'ak-stage-consent'}

    def execute(self, driver_command: str, params: dict = None) -> dict:
        """Sends a command to be executed by a command.CommandExecutor.
    
        Parameters:
        -----------
        driver_command : str
            - The name of the command to execute as a string.
    
        params : dict
            - A dictionary of named Parameters to send with the command.
    
        Returns:
        --------
          dict - The command's JSON response loaded into a dictionary object.
        """
        params = self._wrap_value(params)
    
        if self.session_id:
            if not params:
                params = {"sessionId": self.session_id}
            elif "sessionId" not in params:
                params["sessionId"] = self.session_id
    
        response = self.command_executor.execute(driver_command, params)
        if response:
>           self.error_handler.check_response(response)

.venv/lib/python3.13.../webdriver/remote/webdriver.py:448: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <selenium.webdriver.remote.errorhandler.ErrorHandler object at 0x7f8f90204160>
response = {'status': 404, 'value': '{"value":{"error":"detached shadow root","message":"detached shadow root: detached shadow ro...\\n#27 0x561f2e88e7f5 \\u003Cunknown>\\n#28 0x561f2e8a0229 \\u003Cunknown>\\n#29 0x7f709c4ba7db \\u003Cunknown>\\n"}}'}

    def check_response(self, response: Dict[str, Any]) -> None:
        """Checks that a JSON response from the WebDriver does not have an
        error.
    
        :Args:
         - response - The JSON response from the WebDriver server as a dictionary
           object.
    
        :Raises: If the response contains an error message.
        """
        status = response.get("status", None)
        if not status or status == ErrorCode.SUCCESS:
            return
        value = None
        message = response.get("message", "")
        screen: str = response.get("screen", "")
        stacktrace = None
        if isinstance(status, int):
            value_json = response.get("value", None)
            if value_json and isinstance(value_json, str):
                import json
    
                try:
                    value = json.loads(value_json)
                    if len(value) == 1:
                        value = value["value"]
                    status = value.get("error", None)
                    if not status:
                        status = value.get("status", ErrorCode.UNKNOWN_ERROR)
                        message = value.get("value") or value.get("message")
                        if not isinstance(message, str):
                            value = message
                            message = message.get("message")
                    else:
                        message = value.get("message", None)
                except ValueError:
                    pass
    
        exception_class: Type[WebDriverException]
        e = ErrorCode()
        error_codes = [item for item in dir(e) if not item.startswith("__")]
        for error_code in error_codes:
            error_info = getattr(ErrorCode, error_code)
            if isinstance(error_info, list) and status in error_info:
                exception_class = getattr(ExceptionMapping, error_code, WebDriverException)
                break
        else:
            exception_class = WebDriverException
    
        if not value:
            value = response["value"]
        if isinstance(value, str):
            raise exception_class(value)
        if message == "" and "message" in value:
            message = value["message"]
    
        screen = None  # type: ignore[assignment]
        if "screen" in value:
            screen = value["screen"]
    
        stacktrace = None
        st_value = value.get("stackTrace") or value.get("stacktrace")
        if st_value:
            if isinstance(st_value, str):
                stacktrace = st_value.split("\n")
            else:
                stacktrace = []
                try:
                    for frame in st_value:
                        line = frame.get("lineNumber", "")
                        file = frame.get("fileName", "<anonymous>")
                        if line:
                            file = f"{file}:{line}"
                        meth = frame.get("methodName", "<anonymous>")
                        if "className" in frame:
                            meth = f"{frame['className']}.{meth}"
                        msg = "    at %s (%s)"
                        msg = msg % (meth, file)
                        stacktrace.append(msg)
                except TypeError:
                    pass
        if exception_class == UnexpectedAlertPresentException:
            alert_text = None
            if "data" in value:
                alert_text = value["data"].get("text")
            elif "alert" in value:
                alert_text = value["alert"].get("text")
            raise exception_class(message, screen, stacktrace, alert_text)  # type: ignore[call-arg]  # mypy is not smart enough here
>       raise exception_class(message, screen, stacktrace)
E       selenium.common.exceptions.DetachedShadowRootException: Message: detached shadow root: detached shadow root not found
E         (Session info: chrome=143.0.7499.40)
E       Stacktrace:
E       #0 0x561f2e8a0f52 <unknown>
E       #1 0x561f2e2e621b <unknown>
E       #2 0x561f2e2f9d07 <unknown>
E       #3 0x561f2e2f8910 <unknown>
E       #4 0x561f2e2fa219 <unknown>
E       #5 0x561f2e2ed764 <unknown>
E       #6 0x561f2e2ec373 <unknown>
E       #7 0x561f2e2ef86f <unknown>
E       #8 0x561f2e2ef955 <unknown>
E       #9 0x561f2e3358a4 <unknown>
E       #10 0x561f2e3362d5 <unknown>
E       #11 0x561f2e32a7aa <unknown>
E       #12 0x561f2e35a9e1 <unknown>
E       #13 0x561f2e32a681 <unknown>
E       #14 0x561f2e35aba2 <unknown>
E       #15 0x561f2e37c662 <unknown>
E       #16 0x561f2e35a767 <unknown>
E       #17 0x561f2e328b47 <unknown>
E       #18 0x561f2e329915 <unknown>
E       #19 0x561f2e86bb84 <unknown>
E       #20 0x561f2e86ee74 <unknown>
E       #21 0x561f2e86e92e <unknown>
E       #22 0x561f2e86f309 <unknown>
E       #23 0x561f2e85559a <unknown>
E       #24 0x561f2e86f67a <unknown>
E       #25 0x561f2e83e149 <unknown>
E       #26 0x561f2e88e609 <unknown>
E       #27 0x561f2e88e7f5 <unknown>
E       #28 0x561f2e8a0229 <unknown>
E       #29 0x7f709c4ba7db <unknown>

.venv/lib/python3.13.../webdriver/remote/errorhandler.py:232: DetachedShadowRootException

During handling of the above exception, another exception occurred:

self = <tests.e2e.test_provider_oidc.TestProviderOAuth2OIDC testMethod=test_authorization_consent_explicit>
args = (), kwargs = {}

    @wraps(func)
    def wrapper(self: TransactionTestCase, *args, **kwargs):
        """Run test again if we're below max_retries, including tearDown and
        setUp. Otherwise raise the error"""
        nonlocal count
        try:
>           return func(self, *args, **kwargs)

tests/e2e/utils.py:468: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

args = (<tests.e2e.test_provider_oidc.TestProviderOAuth2OIDC testMethod=test_authorization_consent_explicit>,)
kwargs = {}, file = 'default/flow-default-invalidation-flow.yaml'
content = 'version: 1\nmetadata:\n  name: Default - Invalidation flow\nentries:\n- attrs:\n    designation: invalidation\n    na...0\n    stage: !KeyOf default-invalidation-logout\n    target: !KeyOf flow\n  model: authentik_flows.flowstagebinding\n'

    @wraps(func)
    def wrapper(*args, **kwargs):
        for file in files:
            content = BlueprintInstance(path=file).retrieve()
            Importer.from_string(content).apply()
>       return func(*args, **kwargs)

.../blueprints/tests/__init__.py:25: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

args = (<tests.e2e.test_provider_oidc.TestProviderOAuth2OIDC testMethod=test_authorization_consent_explicit>,)
kwargs = {}
file = 'default/flow-default-provider-authorization-explicit-consent.yaml'
content = 'version: 1\nmetadata:\n  name: Default - Provider authorization flow (explicit consent)\nentries:\n- attrs:\n    desi...e: !KeyOf default-provider-authorization-consent\n    target: !KeyOf flow\n  model: authentik_flows.flowstagebinding\n'

    @wraps(func)
    def wrapper(*args, **kwargs):
        for file in files:
            content = BlueprintInstance(path=file).retrieve()
            Importer.from_string(content).apply()
>       return func(*args, **kwargs)

.../blueprints/tests/__init__.py:25: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

args = (<tests.e2e.test_provider_oidc.TestProviderOAuth2OIDC testMethod=test_authorization_consent_explicit>,)
kwargs = {}, file = 'system/providers-oauth2.yaml'
content = 'version: 1\nmetadata:\n  labels:\n    blueprints.goauthentik.io/system: "true"\n  name: System - OAuth2 Provider - Sc... application the ability to access the authentik API\n        # on behalf of the authorizing user\n        return {}\n'

    @wraps(func)
    def wrapper(*args, **kwargs):
        for file in files:
            content = BlueprintInstance(path=file).retrieve()
            Importer.from_string(content).apply()
>       return func(*args, **kwargs)

.../blueprints/tests/__init__.py:25: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

args = (<tests.e2e.test_provider_oidc.TestProviderOAuth2OIDC testMethod=test_authorization_consent_explicit>,)
kwargs = {}, config = <AuthentikCryptoConfig: authentik_crypto>

    @wraps(func)
    def wrapper(*args, **kwargs):
        config = apps.get_app_config(app_name)
        if isinstance(config, ManagedAppConfig):
            config._on_startup_callback(None)
>       return func(*args, **kwargs)

.../blueprints/tests/__init__.py:43: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <tests.e2e.test_provider_oidc.TestProviderOAuth2OIDC testMethod=test_authorization_consent_explicit>

    @retry()
    @apply_blueprint(
        "default/flow-default-authentication-flow.yaml",
        "default/flow-default-invalidation-flow.yaml",
    )
    @apply_blueprint("default/flow-default-provider-authorization-explicit-consent.yaml")
    @apply_blueprint("system/providers-oauth2.yaml")
    @reconcile_app("authentik_crypto")
    def test_authorization_consent_explicit(self):
        """test OpenID Provider flow (default authorization flow with explicit consent)"""
        sleep(1)
        # Bootstrap all needed objects
        authorization_flow = Flow.objects.get(
            slug="default-provider-authorization-explicit-consent"
        )
        provider = OAuth2Provider.objects.create(
            name=self.application_slug,
            authorization_flow=authorization_flow,
            client_type=ClientTypes.CONFIDENTIAL,
            client_id=self.client_id,
            client_secret=self.client_secret,
            signing_key=create_test_cert(),
            redirect_uris=[
                RedirectURI(RedirectURIMatchingMode.STRICT, "http://localhost:9009/auth/callback")
            ],
        )
        provider.property_mappings.set(
            ScopeMapping.objects.filter(
                scope_name__in=[
                    SCOPE_OPENID,
                    SCOPE_OPENID_EMAIL,
                    SCOPE_OPENID_PROFILE,
                    SCOPE_OFFLINE_ACCESS,
                ]
            )
        )
        app = Application.objects.create(
            name=self.application_slug,
            slug=self.application_slug,
            provider=provider,
        )
        self.setup_client()
    
        self.driver.get("http://localhost:9009")
        self.login()
    
        self.wait.until(ec.presence_of_element_located((By.CSS_SELECTOR, "ak-flow-executor")))
    
        flow_executor = self.get_shadow_root("ak-flow-executor")
>       consent_stage = self.get_shadow_root("ak-stage-consent", flow_executor)

tests/e2e/test_provider_oidc.py:264: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <tests.e2e.test_provider_oidc.TestProviderOAuth2OIDC testMethod=test_authorization_consent_explicit>
selector = 'ak-stage-consent'
container = <selenium.webdriver.remote.shadowroot.ShadowRoot (session="8fb95e48011d0f3ac5bf9c038b1c6538", element="f.2E10E53161FF59706434017104F5BBA0.d.C150E3154E4EA6812D0ADCB8F9F5C12A.e.7")>
timeout = 10

    def get_shadow_root(
        self, selector: str, container: WebElement | WebDriver | None = None, timeout: float = 10
    ) -> WebElement:
        """Get the shadow root of a web component specified by `selector`."""
        if not container:
            container = self.driver
        wait = WebDriverWait(container, timeout)
        host: WebElement | None = None
    
        try:
>           host = wait.until(lambda c: c.find_element(By.CSS_SELECTOR, selector))

tests/e2e/utils.py:323: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <[AttributeError("'ShadowRoot' object has no attribute 'session_id'") raised in repr()] WebDriverWait object at 0x7f8f7f85bbd0>
method = <function SeleniumTestCase.get_shadow_root.<locals>.<lambda> at 0x7f8f7f7f1d00>
message = ''

    def until(self, method: Callable[[D], Union[Literal[False], T]], message: str = "") -> T:
        """Wait until the method returns a value that is not False.
    
        Calls the method provided with the driver as an argument until the
        return value does not evaluate to ``False``.
    
        Parameters:
        -----------
        method: callable(WebDriver)
            - A callable object that takes a WebDriver instance as an argument.
    
        message: str
            - Optional message for :exc:`TimeoutException`
    
        Return:
        -------
        object: T
            - The result of the last call to `method`
    
        Raises:
        -------
        TimeoutException
            - If 'method' does not return a truthy value within the WebDriverWait
            object's timeout
    
        Example:
        --------
        >>> from selenium.webdriver.common.by import By
        >>> from selenium.webdriver.support.ui import WebDriverWait
        >>> from selenium.webdriver.support import expected_conditions as EC
    
        # Wait until an element is visible on the page
        >>> wait = WebDriverWait(driver, 10)
        >>> element = wait.until(EC.visibility_of_element_located((By.ID, "exampleId")))
        >>> print(element.text)
        """
        screen = None
        stacktrace = None
    
        end_time = time.monotonic() + self._timeout
        while True:
            try:
>               value = method(self._driver)

.venv/lib/python3.13.../webdriver/support/wait.py:137: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

c = <selenium.webdriver.remote.shadowroot.ShadowRoot (session="8fb95e48011d0f3ac5bf9c038b1c6538", element="f.2E10E53161FF59706434017104F5BBA0.d.C150E3154E4EA6812D0ADCB8F9F5C12A.e.7")>

>   host = wait.until(lambda c: c.find_element(By.CSS_SELECTOR, selector))

tests/e2e/utils.py:323: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <selenium.webdriver.remote.shadowroot.ShadowRoot (session="8fb95e48011d0f3ac5bf9c038b1c6538", element="f.2E10E53161FF59706434017104F5BBA0.d.C150E3154E4EA6812D0ADCB8F9F5C12A.e.7")>
by = 'css selector', value = 'ak-stage-consent'

    def find_element(self, by: str = By.ID, value: str = None):
        """Find an element inside a shadow root given a By strategy and
        locator.
    
        Parameters:
        -----------
        by : selenium.webdriver.common.by.By
            The locating strategy to use. Default is `By.ID`. Supported values include:
            - By.ID: Locate by element ID.
            - By.NAME: Locate by the `name` attribute.
            - By.XPATH: Locate by an XPath expression.
            - By.CSS_SELECTOR: Locate by a CSS selector.
            - By.CLASS_NAME: Locate by the `class` attribute.
            - By.TAG_NAME: Locate by the tag name (e.g., "input", "button").
            - By.LINK_TEXT: Locate a link element by its exact text.
            - By.PARTIAL_LINK_TEXT: Locate a link element by partial text match.
            - RelativeBy: Locate elements relative to a specified root element.
    
        Example:
        --------
        element = driver.find_element(By.ID, 'foo')
    
        Returns:
        -------
        WebElement
            The first matching `WebElement` found on the page.
        """
        if by == By.ID:
            by = By.CSS_SELECTOR
            value = f'[id="{value}"]'
        elif by == By.CLASS_NAME:
            by = By.CSS_SELECTOR
            value = f".{value}"
        elif by == By.NAME:
            by = By.CSS_SELECTOR
            value = f'[name="{value}"]'
    
>       return self._execute(Command.FIND_ELEMENT_FROM_SHADOW_ROOT, {"using": by, "value": value})["value"]

.venv/lib/python3.13.../webdriver/remote/shadowroot.py:79: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <selenium.webdriver.remote.shadowroot.ShadowRoot (session="8fb95e48011d0f3ac5bf9c038b1c6538", element="f.2E10E53161FF59706434017104F5BBA0.d.C150E3154E4EA6812D0ADCB8F9F5C12A.e.7")>
command = 'findElementFromShadowRoot'
params = {'shadowId': 'f.2E10E53161FF59706434017104F5BBA0.d.C150E3154E4EA6812D0ADCB8F9F5C12A.e.7', 'using': 'css selector', 'value': 'ak-stage-consent'}

    def _execute(self, command, params=None):
        """Executes a command against the underlying HTML element.
    
        Args:
          command: The name of the command to _execute as a string.
          params: A dictionary of named parameters to send with the command.
    
        Returns:
          The command's JSON response loaded into a dictionary object.
        """
        if not params:
            params = {}
        params["shadowId"] = self._id
>       return self.session.execute(command, params)

.venv/lib/python3.13.../webdriver/remote/shadowroot.py:133: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <selenium.webdriver.remote.webdriver.WebDriver (session="8fb95e48011d0f3ac5bf9c038b1c6538")>
driver_command = 'findElementFromShadowRoot'
params = {'using': 'css selector', 'value': 'ak-stage-consent'}

    def execute(self, driver_command: str, params: dict = None) -> dict:
        """Sends a command to be executed by a command.CommandExecutor.
    
        Parameters:
        -----------
        driver_command : str
            - The name of the command to execute as a string.
    
        params : dict
            - A dictionary of named Parameters to send with the command.
    
        Returns:
        --------
          dict - The command's JSON response loaded into a dictionary object.
        """
        params = self._wrap_value(params)
    
        if self.session_id:
            if not params:
                params = {"sessionId": self.session_id}
            elif "sessionId" not in params:
                params["sessionId"] = self.session_id
    
        response = self.command_executor.execute(driver_command, params)
        if response:
>           self.error_handler.check_response(response)

.venv/lib/python3.13.../webdriver/remote/webdriver.py:448: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <selenium.webdriver.remote.errorhandler.ErrorHandler object at 0x7f8f9043f650>
response = {'status': 404, 'value': '{"value":{"error":"detached shadow root","message":"detached shadow root: detached shadow ro...\\n#27 0x5557ba9c97f5 \\u003Cunknown>\\n#28 0x5557ba9db229 \\u003Cunknown>\\n#29 0x7f25441f87db \\u003Cunknown>\\n"}}'}

    def check_response(self, response: Dict[str, Any]) -> None:
        """Checks that a JSON response from the WebDriver does not have an
        error.
    
        :Args:
         - response - The JSON response from the WebDriver server as a dictionary
           object.
    
        :Raises: If the response contains an error message.
        """
        status = response.get("status", None)
        if not status or status == ErrorCode.SUCCESS:
            return
        value = None
        message = response.get("message", "")
        screen: str = response.get("screen", "")
        stacktrace = None
        if isinstance(status, int):
            value_json = response.get("value", None)
            if value_json and isinstance(value_json, str):
                import json
    
                try:
                    value = json.loads(value_json)
                    if len(value) == 1:
                        value = value["value"]
                    status = value.get("error", None)
                    if not status:
                        status = value.get("status", ErrorCode.UNKNOWN_ERROR)
                        message = value.get("value") or value.get("message")
                        if not isinstance(message, str):
                            value = message
                            message = message.get("message")
                    else:
                        message = value.get("message", None)
                except ValueError:
                    pass
    
        exception_class: Type[WebDriverException]
        e = ErrorCode()
        error_codes = [item for item in dir(e) if not item.startswith("__")]
        for error_code in error_codes:
            error_info = getattr(ErrorCode, error_code)
            if isinstance(error_info, list) and status in error_info:
                exception_class = getattr(ExceptionMapping, error_code, WebDriverException)
                break
        else:
            exception_class = WebDriverException
    
        if not value:
            value = response["value"]
        if isinstance(value, str):
            raise exception_class(value)
        if message == "" and "message" in value:
            message = value["message"]
    
        screen = None  # type: ignore[assignment]
        if "screen" in value:
            screen = value["screen"]
    
        stacktrace = None
        st_value = value.get("stackTrace") or value.get("stacktrace")
        if st_value:
            if isinstance(st_value, str):
                stacktrace = st_value.split("\n")
            else:
                stacktrace = []
                try:
                    for frame in st_value:
                        line = frame.get("lineNumber", "")
                        file = frame.get("fileName", "<anonymous>")
                        if line:
                            file = f"{file}:{line}"
                        meth = frame.get("methodName", "<anonymous>")
                        if "className" in frame:
                            meth = f"{frame['className']}.{meth}"
                        msg = "    at %s (%s)"
                        msg = msg % (meth, file)
                        stacktrace.append(msg)
                except TypeError:
                    pass
        if exception_class == UnexpectedAlertPresentException:
            alert_text = None
            if "data" in value:
                alert_text = value["data"].get("text")
            elif "alert" in value:
                alert_text = value["alert"].get("text")
            raise exception_class(message, screen, stacktrace, alert_text)  # type: ignore[call-arg]  # mypy is not smart enough here
>       raise exception_class(message, screen, stacktrace)
E       selenium.common.exceptions.DetachedShadowRootException: Message: detached shadow root: detached shadow root not found
E         (Session info: chrome=143.0.7499.40)
E       Stacktrace:
E       #0 0x5557ba9dbf52 <unknown>
E       #1 0x5557ba42121b <unknown>
E       #2 0x5557ba434d07 <unknown>
E       #3 0x5557ba433910 <unknown>
E       #4 0x5557ba435219 <unknown>
E       #5 0x5557ba428764 <unknown>
E       #6 0x5557ba427373 <unknown>
E       #7 0x5557ba42a86f <unknown>
E       #8 0x5557ba42a955 <unknown>
E       #9 0x5557ba4708a4 <unknown>
E       #10 0x5557ba4712d5 <unknown>
E       #11 0x5557ba4657aa <unknown>
E       #12 0x5557ba4959e1 <unknown>
E       #13 0x5557ba465681 <unknown>
E       #14 0x5557ba495ba2 <unknown>
E       #15 0x5557ba4b7662 <unknown>
E       #16 0x5557ba495767 <unknown>
E       #17 0x5557ba463b47 <unknown>
E       #18 0x5557ba464915 <unknown>
E       #19 0x5557ba9a6b84 <unknown>
E       #20 0x5557ba9a9e74 <unknown>
E       #21 0x5557ba9a992e <unknown>
E       #22 0x5557ba9aa309 <unknown>
E       #23 0x5557ba99059a <unknown>
E       #24 0x5557ba9aa67a <unknown>
E       #25 0x5557ba979149 <unknown>
E       #26 0x5557ba9c9609 <unknown>
E       #27 0x5557ba9c97f5 <unknown>
E       #28 0x5557ba9db229 <unknown>
E       #29 0x7f25441f87db <unknown>

.venv/lib/python3.13.../webdriver/remote/errorhandler.py:232: DetachedShadowRootException

During handling of the above exception, another exception occurred:

self = <unittest.case._Outcome object at 0x7f8f90bb3ad0>
test_case = <tests.e2e.test_provider_oidc.TestProviderOAuth2OIDC testMethod=test_authorization_consent_explicit>
subTest = False

    @contextlib.contextmanager
    def testPartExecutor(self, test_case, subTest=False):
        old_success = self.success
        self.success = True
        try:
>           yield

.../hostedtoolcache/Python/3.13.11........./x64/lib/python3.13/unittest/case.py:58: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <tests.e2e.test_provider_oidc.TestProviderOAuth2OIDC testMethod=test_authorization_consent_explicit>
result = <TestCaseFunction test_authorization_consent_explicit>

    def run(self, result=None):
        if result is None:
            result = self.defaultTestResult()
            startTestRun = getattr(result, 'startTestRun', None)
            stopTestRun = getattr(result, 'stopTestRun', None)
            if startTestRun is not None:
                startTestRun()
        else:
            stopTestRun = None
    
        result.startTest(self)
        try:
            testMethod = getattr(self, self._testMethodName)
            if (getattr(self.__class__, "__unittest_skip__", False) or
                getattr(testMethod, "__unittest_skip__", False)):
                # If the class or method was skipped.
                skip_why = (getattr(self.__class__, '__unittest_skip_why__', '')
                            or getattr(testMethod, '__unittest_skip_why__', ''))
                _addSkip(result, self, skip_why)
                return result
    
            expecting_failure = (
                getattr(self, "__unittest_expecting_failure__", False) or
                getattr(testMethod, "__unittest_expecting_failure__", False)
            )
            outcome = _Outcome(result)
            start_time = time.perf_counter()
            try:
                self._outcome = outcome
    
                with outcome.testPartExecutor(self):
                    self._callSetUp()
                if outcome.success:
                    outcome.expecting_failure = expecting_failure
                    with outcome.testPartExecutor(self):
>                       self._callTestMethod(testMethod)

.../hostedtoolcache/Python/3.13.11........./x64/lib/python3.13/unittest/case.py:651: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <tests.e2e.test_provider_oidc.TestProviderOAuth2OIDC testMethod=test_authorization_consent_explicit>
method = <bound method TestProviderOAuth2OIDC.test_authorization_consent_explicit of <tests.e2e.test_provider_oidc.TestProviderOAuth2OIDC testMethod=test_authorization_consent_explicit>>

    def _callTestMethod(self, method):
>       if method() is not None:

.../hostedtoolcache/Python/3.13.11........./x64/lib/python3.13/unittest/case.py:606: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <tests.e2e.test_provider_oidc.TestProviderOAuth2OIDC testMethod=test_authorization_consent_explicit>
args = (), kwargs = {}

    @wraps(func)
    def wrapper(self: TransactionTestCase, *args, **kwargs):
        """Run test again if we're below max_retries, including tearDown and
        setUp. Otherwise raise the error"""
        nonlocal count
        try:
            return func(self, *args, **kwargs)
    
        except tuple(exceptions) as exc:
            count += 1
            if count > max_retires:
                logger.debug("Exceeded retry count", exc=exc, test=self)
    
                raise exc
            logger.debug("Retrying on error", exc=exc, test=self)
            self.tearDown()
            self._post_teardown()
            self._pre_setup()
            self.setUp()
>           return wrapper(self, *args, **kwargs)

tests/e2e/utils.py:481: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <tests.e2e.test_provider_oidc.TestProviderOAuth2OIDC testMethod=test_authorization_consent_explicit>
args = (), kwargs = {}

    @wraps(func)
    def wrapper(self: TransactionTestCase, *args, **kwargs):
        """Run test again if we're below max_retries, including tearDown and
        setUp. Otherwise raise the error"""
        nonlocal count
        try:
            return func(self, *args, **kwargs)
    
        except tuple(exceptions) as exc:
            count += 1
            if count > max_retires:
                logger.debug("Exceeded retry count", exc=exc, test=self)
    
                raise exc
            logger.debug("Retrying on error", exc=exc, test=self)
            self.tearDown()
            self._post_teardown()
            self._pre_setup()
            self.setUp()
>           return wrapper(self, *args, **kwargs)

tests/e2e/utils.py:481: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <tests.e2e.test_provider_oidc.TestProviderOAuth2OIDC testMethod=test_authorization_consent_explicit>
args = (), kwargs = {}

    @wraps(func)
    def wrapper(self: TransactionTestCase, *args, **kwargs):
        """Run test again if we're below max_retries, including tearDown and
        setUp. Otherwise raise the error"""
        nonlocal count
        try:
            return func(self, *args, **kwargs)
    
        except tuple(exceptions) as exc:
            count += 1
            if count > max_retires:
                logger.debug("Exceeded retry count", exc=exc, test=self)
    
>               raise exc

tests/e2e/utils.py:475: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <tests.e2e.test_provider_oidc.TestProviderOAuth2OIDC testMethod=test_authorization_consent_explicit>
args = (), kwargs = {}

    @wraps(func)
    def wrapper(self: TransactionTestCase, *args, **kwargs):
        """Run test again if we're below max_retries, including tearDown and
        setUp. Otherwise raise the error"""
        nonlocal count
        try:
>           return func(self, *args, **kwargs)

tests/e2e/utils.py:468: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

args = (<tests.e2e.test_provider_oidc.TestProviderOAuth2OIDC testMethod=test_authorization_consent_explicit>,)
kwargs = {}, file = 'default/flow-default-invalidation-flow.yaml'
content = 'version: 1\nmetadata:\n  name: Default - Invalidation flow\nentries:\n- attrs:\n    designation: invalidation\n    na...0\n    stage: !KeyOf default-invalidation-logout\n    target: !KeyOf flow\n  model: authentik_flows.flowstagebinding\n'

    @wraps(func)
    def wrapper(*args, **kwargs):
        for file in files:
            content = BlueprintInstance(path=file).retrieve()
            Importer.from_string(content).apply()
>       return func(*args, **kwargs)

.../blueprints/tests/__init__.py:25: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

args = (<tests.e2e.test_provider_oidc.TestProviderOAuth2OIDC testMethod=test_authorization_consent_explicit>,)
kwargs = {}
file = 'default/flow-default-provider-authorization-explicit-consent.yaml'
content = 'version: 1\nmetadata:\n  name: Default - Provider authorization flow (explicit consent)\nentries:\n- attrs:\n    desi...e: !KeyOf default-provider-authorization-consent\n    target: !KeyOf flow\n  model: authentik_flows.flowstagebinding\n'

    @wraps(func)
    def wrapper(*args, **kwargs):
        for file in files:
            content = BlueprintInstance(path=file).retrieve()
            Importer.from_string(content).apply()
>       return func(*args, **kwargs)

.../blueprints/tests/__init__.py:25: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

args = (<tests.e2e.test_provider_oidc.TestProviderOAuth2OIDC testMethod=test_authorization_consent_explicit>,)
kwargs = {}, file = 'system/providers-oauth2.yaml'
content = 'version: 1\nmetadata:\n  labels:\n    blueprints.goauthentik.io/system: "true"\n  name: System - OAuth2 Provider - Sc... application the ability to access the authentik API\n        # on behalf of the authorizing user\n        return {}\n'

    @wraps(func)
    def wrapper(*args, **kwargs):
        for file in files:
            content = BlueprintInstance(path=file).retrieve()
            Importer.from_string(content).apply()
>       return func(*args, **kwargs)

.../blueprints/tests/__init__.py:25: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

args = (<tests.e2e.test_provider_oidc.TestProviderOAuth2OIDC testMethod=test_authorization_consent_explicit>,)
kwargs = {}, config = <AuthentikCryptoConfig: authentik_crypto>

    @wraps(func)
    def wrapper(*args, **kwargs):
        config = apps.get_app_config(app_name)
        if isinstance(config, ManagedAppConfig):
            config._on_startup_callback(None)
>       return func(*args, **kwargs)

.../blueprints/tests/__init__.py:43: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <tests.e2e.test_provider_oidc.TestProviderOAuth2OIDC testMethod=test_authorization_consent_explicit>

    @retry()
    @apply_blueprint(
        "default/flow-default-authentication-flow.yaml",
        "default/flow-default-invalidation-flow.yaml",
    )
    @apply_blueprint("default/flow-default-provider-authorization-explicit-consent.yaml")
    @apply_blueprint("system/providers-oauth2.yaml")
    @reconcile_app("authentik_crypto")
    def test_authorization_consent_explicit(self):
        """test OpenID Provider flow (default authorization flow with explicit consent)"""
        sleep(1)
        # Bootstrap all needed objects
        authorization_flow = Flow.objects.get(
            slug="default-provider-authorization-explicit-consent"
        )
        provider = OAuth2Provider.objects.create(
            name=self.application_slug,
            authorization_flow=authorization_flow,
            client_type=ClientTypes.CONFIDENTIAL,
            client_id=self.client_id,
            client_secret=self.client_secret,
            signing_key=create_test_cert(),
            redirect_uris=[
                RedirectURI(RedirectURIMatchingMode.STRICT, "http://localhost:9009/auth/callback")
            ],
        )
        provider.property_mappings.set(
            ScopeMapping.objects.filter(
                scope_name__in=[
                    SCOPE_OPENID,
                    SCOPE_OPENID_EMAIL,
                    SCOPE_OPENID_PROFILE,
                    SCOPE_OFFLINE_ACCESS,
                ]
            )
        )
        app = Application.objects.create(
            name=self.application_slug,
            slug=self.application_slug,
            provider=provider,
        )
        self.setup_client()
    
        self.driver.get("http://localhost:9009")
        self.login()
    
        self.wait.until(ec.presence_of_element_located((By.CSS_SELECTOR, "ak-flow-executor")))
    
        flow_executor = self.get_shadow_root("ak-flow-executor")
>       consent_stage = self.get_shadow_root("ak-stage-consent", flow_executor)

tests/e2e/test_provider_oidc.py:264: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <tests.e2e.test_provider_oidc.TestProviderOAuth2OIDC testMethod=test_authorization_consent_explicit>
selector = 'ak-stage-consent'
container = <selenium.webdriver.remote.shadowroot.ShadowRoot (session="c521af4a08e120c5fa54b226336859b3", element="f.865B0467F3A2EE066B095E4347D91834.d.8AA7BD44FFB186504A5AF2744E992418.e.7")>
timeout = 10

    def get_shadow_root(
        self, selector: str, container: WebElement | WebDriver | None = None, timeout: float = 10
    ) -> WebElement:
        """Get the shadow root of a web component specified by `selector`."""
        if not container:
            container = self.driver
        wait = WebDriverWait(container, timeout)
        host: WebElement | None = None
    
        try:
>           host = wait.until(lambda c: c.find_element(By.CSS_SELECTOR, selector))

tests/e2e/utils.py:323: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <[AttributeError("'ShadowRoot' object has no attribute 'session_id'") raised in repr()] WebDriverWait object at 0x7f8f90213930>
method = <function SeleniumTestCase.get_shadow_root.<locals>.<lambda> at 0x7f8f7f7d3a60>
message = ''

    def until(self, method: Callable[[D], Union[Literal[False], T]], message: str = "") -> T:
        """Wait until the method returns a value that is not False.
    
        Calls the method provided with the driver as an argument until the
        return value does not evaluate to ``False``.
    
        Parameters:
        -----------
        method: callable(WebDriver)
            - A callable object that takes a WebDriver instance as an argument.
    
        message: str
            - Optional message for :exc:`TimeoutException`
    
        Return:
        -------
        object: T
            - The result of the last call to `method`
    
        Raises:
        -------
        TimeoutException
            - If 'method' does not return a truthy value within the WebDriverWait
            object's timeout
    
        Example:
        --------
        >>> from selenium.webdriver.common.by import By
        >>> from selenium.webdriver.support.ui import WebDriverWait
        >>> from selenium.webdriver.support import expected_conditions as EC
    
        # Wait until an element is visible on the page
        >>> wait = WebDriverWait(driver, 10)
        >>> element = wait.until(EC.visibility_of_element_located((By.ID, "exampleId")))
        >>> print(element.text)
        """
        screen = None
        stacktrace = None
    
        end_time = time.monotonic() + self._timeout
        while True:
            try:
>               value = method(self._driver)

.venv/lib/python3.13.../webdriver/support/wait.py:137: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

c = <selenium.webdriver.remote.shadowroot.ShadowRoot (session="c521af4a08e120c5fa54b226336859b3", element="f.865B0467F3A2EE066B095E4347D91834.d.8AA7BD44FFB186504A5AF2744E992418.e.7")>

>   host = wait.until(lambda c: c.find_element(By.CSS_SELECTOR, selector))

tests/e2e/utils.py:323: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <selenium.webdriver.remote.shadowroot.ShadowRoot (session="c521af4a08e120c5fa54b226336859b3", element="f.865B0467F3A2EE066B095E4347D91834.d.8AA7BD44FFB186504A5AF2744E992418.e.7")>
by = 'css selector', value = 'ak-stage-consent'

    def find_element(self, by: str = By.ID, value: str = None):
        """Find an element inside a shadow root given a By strategy and
        locator.
    
        Parameters:
        -----------
        by : selenium.webdriver.common.by.By
            The locating strategy to use. Default is `By.ID`. Supported values include:
            - By.ID: Locate by element ID.
            - By.NAME: Locate by the `name` attribute.
            - By.XPATH: Locate by an XPath expression.
            - By.CSS_SELECTOR: Locate by a CSS selector.
            - By.CLASS_NAME: Locate by the `class` attribute.
            - By.TAG_NAME: Locate by the tag name (e.g., "input", "button").
            - By.LINK_TEXT: Locate a link element by its exact text.
            - By.PARTIAL_LINK_TEXT: Locate a link element by partial text match.
            - RelativeBy: Locate elements relative to a specified root element.
    
        Example:
        --------
        element = driver.find_element(By.ID, 'foo')
    
        Returns:
        -------
        WebElement
            The first matching `WebElement` found on the page.
        """
        if by == By.ID:
            by = By.CSS_SELECTOR
            value = f'[id="{value}"]'
        elif by == By.CLASS_NAME:
            by = By.CSS_SELECTOR
            value = f".{value}"
        elif by == By.NAME:
            by = By.CSS_SELECTOR
            value = f'[name="{value}"]'
    
>       return self._execute(Command.FIND_ELEMENT_FROM_SHADOW_ROOT, {"using": by, "value": value})["value"]

.venv/lib/python3.13.../webdriver/remote/shadowroot.py:79: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <selenium.webdriver.remote.shadowroot.ShadowRoot (session="c521af4a08e120c5fa54b226336859b3", element="f.865B0467F3A2EE066B095E4347D91834.d.8AA7BD44FFB186504A5AF2744E992418.e.7")>
command = 'findElementFromShadowRoot'
params = {'shadowId': 'f.865B0467F3A2EE066B095E4347D91834.d.8AA7BD44FFB186504A5AF2744E992418.e.7', 'using': 'css selector', 'value': 'ak-stage-consent'}

    def _execute(self, command, params=None):
        """Executes a command against the underlying HTML element.
    
        Args:
          command: The name of the command to _execute as a string.
          params: A dictionary of named parameters to send with the command.
    
        Returns:
          The command's JSON response loaded into a dictionary object.
        """
        if not params:
            params = {}
        params["shadowId"] = self._id
>       return self.session.execute(command, params)

.venv/lib/python3.13.../webdriver/remote/shadowroot.py:133: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <selenium.webdriver.remote.webdriver.WebDriver (session="c521af4a08e120c5fa54b226336859b3")>
driver_command = 'findElementFromShadowRoot'
params = {'using': 'css selector', 'value': 'ak-stage-consent'}

    def execute(self, driver_command: str, params: dict = None) -> dict:
        """Sends a command to be executed by a command.CommandExecutor.
    
        Parameters:
        -----------
        driver_command : str
            - The name of the command to execute as a string.
    
        params : dict
            - A dictionary of named Parameters to send with the command.
    
        Returns:
        --------
          dict - The command's JSON response loaded into a dictionary object.
        """
        params = self._wrap_value(params)
    
        if self.session_id:
            if not params:
                params = {"sessionId": self.session_id}
            elif "sessionId" not in params:
                params["sessionId"] = self.session_id
    
        response = self.command_executor.execute(driver_command, params)
        if response:
>           self.error_handler.check_response(response)

.venv/lib/python3.13.../webdriver/remote/webdriver.py:448: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <selenium.webdriver.remote.errorhandler.ErrorHandler object at 0x7f8f9028a850>
response = {'status': 404, 'value': '{"value":{"error":"detached shadow root","message":"detached shadow root: detached shadow ro...\\n#27 0x55f5ba6f27f5 \\u003Cunknown>\\n#28 0x55f5ba704229 \\u003Cunknown>\\n#29 0x7fa8372c07db \\u003Cunknown>\\n"}}'}

    def check_response(self, response: Dict[str, Any]) -> None:
        """Checks that a JSON response from the WebDriver does not have an
        error.
    
        :Args:
         - response - The JSON response from the WebDriver server as a dictionary
           object.
    
        :Raises: If the response contains an error message.
        """
        status = response.get("status", None)
        if not status or status == ErrorCode.SUCCESS:
            return
        value = None
        message = response.get("message", "")
        screen: str = response.get("screen", "")
        stacktrace = None
        if isinstance(status, int):
            value_json = response.get("value", None)
            if value_json and isinstance(value_json, str):
                import json
    
                try:
                    value = json.loads(value_json)
                    if len(value) == 1:
                        value = value["value"]
                    status = value.get("error", None)
                    if not status:
                        status = value.get("status", ErrorCode.UNKNOWN_ERROR)
                        message = value.get("value") or value.get("message")
                        if not isinstance(message, str):
                            value = message
                            message = message.get("message")
                    else:
                        message = value.get("message", None)
                except ValueError:
                    pass
    
        exception_class: Type[WebDriverException]
        e = ErrorCode()
        error_codes = [item for item in dir(e) if not item.startswith("__")]
        for error_code in error_codes:
            error_info = getattr(ErrorCode, error_code)
            if isinstance(error_info, list) and status in error_info:
                exception_class = getattr(ExceptionMapping, error_code, WebDriverException)
                break
        else:
            exception_class = WebDriverException
    
        if not value:
            value = response["value"]
        if isinstance(value, str):
            raise exception_class(value)
        if message == "" and "message" in value:
            message = value["message"]
    
        screen = None  # type: ignore[assignment]
        if "screen" in value:
            screen = value["screen"]
    
        stacktrace = None
        st_value = value.get("stackTrace") or value.get("stacktrace")
        if st_value:
            if isinstance(st_value, str):
                stacktrace = st_value.split("\n")
            else:
                stacktrace = []
                try:
                    for frame in st_value:
                        line = frame.get("lineNumber", "")
                        file = frame.get("fileName", "<anonymous>")
                        if line:
                            file = f"{file}:{line}"
                        meth = frame.get("methodName", "<anonymous>")
                        if "className" in frame:
                            meth = f"{frame['className']}.{meth}"
                        msg = "    at %s (%s)"
                        msg = msg % (meth, file)
                        stacktrace.append(msg)
                except TypeError:
                    pass
        if exception_class == UnexpectedAlertPresentException:
            alert_text = None
            if "data" in value:
                alert_text = value["data"].get("text")
            elif "alert" in value:
                alert_text = value["alert"].get("text")
            raise exception_class(message, screen, stacktrace, alert_text)  # type: ignore[call-arg]  # mypy is not smart enough here
>       raise exception_class(message, screen, stacktrace)
E       selenium.common.exceptions.DetachedShadowRootException: Message: detached shadow root: detached shadow root not found
E         (Session info: chrome=143.0.7499.40)
E       Stacktrace:
E       #0 0x55f5ba704f52 <unknown>
E       #1 0x55f5ba14a21b <unknown>
E       #2 0x55f5ba15dd07 <unknown>
E       #3 0x55f5ba15c910 <unknown>
E       #4 0x55f5ba15e219 <unknown>
E       #5 0x55f5ba151764 <unknown>
E       #6 0x55f5ba150373 <unknown>
E       #7 0x55f5ba15386f <unknown>
E       #8 0x55f5ba153955 <unknown>
E       #9 0x55f5ba1998a4 <unknown>
E       #10 0x55f5ba19a2d5 <unknown>
E       #11 0x55f5ba18e7aa <unknown>
E       #12 0x55f5ba1be9e1 <unknown>
E       #13 0x55f5ba18e681 <unknown>
E       #14 0x55f5ba1beba2 <unknown>
E       #15 0x55f5ba1e0662 <unknown>
E       #16 0x55f5ba1be767 <unknown>
E       #17 0x55f5ba18cb47 <unknown>
E       #18 0x55f5ba18d915 <unknown>
E       #19 0x55f5ba6cfb84 <unknown>
E       #20 0x55f5ba6d2e74 <unknown>
E       #21 0x55f5ba6d292e <unknown>
E       #22 0x55f5ba6d3309 <unknown>
E       #23 0x55f5ba6b959a <unknown>
E       #24 0x55f5ba6d367a <unknown>
E       #25 0x55f5ba6a2149 <unknown>
E       #26 0x55f5ba6f2609 <unknown>
E       #27 0x55f5ba6f27f5 <unknown>
E       #28 0x55f5ba704229 <unknown>
E       #29 0x7fa8372c07db <unknown>

.venv/lib/python3.13.../webdriver/remote/errorhandler.py:232: DetachedShadowRootException

tests.e2e.test_provider_oidc_implicit.TestProviderOAuth2OIDCImplicit::test_authorization_consent_explicit

Stack Traces | 55.7s run time

self = <tests.e2e.test_provider_oidc_implicit.TestProviderOAuth2OIDCImplicit testMethod=test_authorization_consent_explicit>
args = (), kwargs = {}

    @wraps(func)
    def wrapper(self: TransactionTestCase, *args, **kwargs):
        """Run test again if we're below max_retries, including tearDown and
        setUp. Otherwise raise the error"""
        nonlocal count
        try:
>           return func(self, *args, **kwargs)

tests/e2e/utils.py:468: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

args = (<tests.e2e.test_provider_oidc_implicit.TestProviderOAuth2OIDCImplicit testMethod=test_authorization_consent_explicit>,)
kwargs = {}, file = 'default/flow-default-invalidation-flow.yaml'
content = 'version: 1\nmetadata:\n  name: Default - Invalidation flow\nentries:\n- attrs:\n    designation: invalidation\n    na...0\n    stage: !KeyOf default-invalidation-logout\n    target: !KeyOf flow\n  model: authentik_flows.flowstagebinding\n'

    @wraps(func)
    def wrapper(*args, **kwargs):
        for file in files:
            content = BlueprintInstance(path=file).retrieve()
            Importer.from_string(content).apply()
>       return func(*args, **kwargs)

.../blueprints/tests/__init__.py:25: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

args = (<tests.e2e.test_provider_oidc_implicit.TestProviderOAuth2OIDCImplicit testMethod=test_authorization_consent_explicit>,)
kwargs = {}
file = 'default/flow-default-provider-authorization-explicit-consent.yaml'
content = 'version: 1\nmetadata:\n  name: Default - Provider authorization flow (explicit consent)\nentries:\n- attrs:\n    desi...e: !KeyOf default-provider-authorization-consent\n    target: !KeyOf flow\n  model: authentik_flows.flowstagebinding\n'

    @wraps(func)
    def wrapper(*args, **kwargs):
        for file in files:
            content = BlueprintInstance(path=file).retrieve()
            Importer.from_string(content).apply()
>       return func(*args, **kwargs)

.../blueprints/tests/__init__.py:25: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

args = (<tests.e2e.test_provider_oidc_implicit.TestProviderOAuth2OIDCImplicit testMethod=test_authorization_consent_explicit>,)
kwargs = {}, file = 'system/providers-oauth2.yaml'
content = 'version: 1\nmetadata:\n  labels:\n    blueprints.goauthentik.io/system: "true"\n  name: System - OAuth2 Provider - Sc... application the ability to access the authentik API\n        # on behalf of the authorizing user\n        return {}\n'

    @wraps(func)
    def wrapper(*args, **kwargs):
        for file in files:
            content = BlueprintInstance(path=file).retrieve()
            Importer.from_string(content).apply()
>       return func(*args, **kwargs)

.../blueprints/tests/__init__.py:25: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

args = (<tests.e2e.test_provider_oidc_implicit.TestProviderOAuth2OIDCImplicit testMethod=test_authorization_consent_explicit>,)
kwargs = {}, config = <AuthentikCryptoConfig: authentik_crypto>

    @wraps(func)
    def wrapper(*args, **kwargs):
        config = apps.get_app_config(app_name)
        if isinstance(config, ManagedAppConfig):
            config._on_startup_callback(None)
>       return func(*args, **kwargs)

.../blueprints/tests/__init__.py:43: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <tests.e2e.test_provider_oidc_implicit.TestProviderOAuth2OIDCImplicit testMethod=test_authorization_consent_explicit>

    @retry()
    @apply_blueprint(
        "default/flow-default-authentication-flow.yaml",
        "default/flow-default-invalidation-flow.yaml",
    )
    @apply_blueprint("default/flow-default-provider-authorization-explicit-consent.yaml")
    @apply_blueprint("system/providers-oauth2.yaml")
    @reconcile_app("authentik_crypto")
    def test_authorization_consent_explicit(self):
        """test OpenID Provider flow (default authorization flow with explicit consent)"""
        sleep(1)
        # Bootstrap all needed objects
        authorization_flow = Flow.objects.get(
            slug="default-provider-authorization-explicit-consent"
        )
        provider = OAuth2Provider.objects.create(
            name=self.application_slug,
            authorization_flow=authorization_flow,
            client_type=ClientTypes.CONFIDENTIAL,
            client_id=self.client_id,
            client_secret=self.client_secret,
            signing_key=create_test_cert(),
            redirect_uris=[
                RedirectURI(RedirectURIMatchingMode.STRICT, "http://localhost:9009/implicit/")
            ],
        )
        provider.property_mappings.set(
            ScopeMapping.objects.filter(
                scope_name__in=[
                    SCOPE_OPENID,
                    SCOPE_OPENID_EMAIL,
                    SCOPE_OPENID_PROFILE,
                    SCOPE_OFFLINE_ACCESS,
                ]
            )
        )
        provider.save()
        app = Application.objects.create(
            name=self.application_slug,
            slug=self.application_slug,
            provider=provider,
        )
        self.setup_client()
    
        self.driver.get("http://localhost:9009/implicit/")
        self.wait.until(ec.title_contains("authentik"))
        self.login()
    
        self.wait.until(ec.presence_of_element_located((By.CSS_SELECTOR, "ak-flow-executor")))
    
        flow_executor = self.get_shadow_root("ak-flow-executor")
>       consent_stage = self.get_shadow_root("ak-stage-consent", flow_executor)

tests/e2e/test_provider_oidc_implicit.py:227: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <tests.e2e.test_provider_oidc_implicit.TestProviderOAuth2OIDCImplicit testMethod=test_authorization_consent_explicit>
selector = 'ak-stage-consent'
container = <selenium.webdriver.remote.shadowroot.ShadowRoot (session="6f81b29d44d0ad3e827333489abf29de", element="f.C65F58ECB53A0F27B1F447A26075085F.d.B131034784E76EC3436D0317B54BE848.e.7")>
timeout = 10

    def get_shadow_root(
        self, selector: str, container: WebElement | WebDriver | None = None, timeout: float = 10
    ) -> WebElement:
        """Get the shadow root of a web component specified by `selector`."""
        if not container:
            container = self.driver
        wait = WebDriverWait(container, timeout)
        host: WebElement | None = None
    
        try:
>           host = wait.until(lambda c: c.find_element(By.CSS_SELECTOR, selector))

tests/e2e/utils.py:323: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <[AttributeError("'ShadowRoot' object has no attribute 'session_id'") raised in repr()] WebDriverWait object at 0x7f8f9105b770>
method = <function SeleniumTestCase.get_shadow_root.<locals>.<lambda> at 0x7f8f906e1760>
message = ''

    def until(self, method: Callable[[D], Union[Literal[False], T]], message: str = "") -> T:
        """Wait until the method returns a value that is not False.
    
        Calls the method provided with the driver as an argument until the
        return value does not evaluate to ``False``.
    
        Parameters:
        -----------
        method: callable(WebDriver)
            - A callable object that takes a WebDriver instance as an argument.
    
        message: str
            - Optional message for :exc:`TimeoutException`
    
        Return:
        -------
        object: T
            - The result of the last call to `method`
    
        Raises:
        -------
        TimeoutException
            - If 'method' does not return a truthy value within the WebDriverWait
            object's timeout
    
        Example:
        --------
        >>> from selenium.webdriver.common.by import By
        >>> from selenium.webdriver.support.ui import WebDriverWait
        >>> from selenium.webdriver.support import expected_conditions as EC
    
        # Wait until an element is visible on the page
        >>> wait = WebDriverWait(driver, 10)
        >>> element = wait.until(EC.visibility_of_element_located((By.ID, "exampleId")))
        >>> print(element.text)
        """
        screen = None
        stacktrace = None
    
        end_time = time.monotonic() + self._timeout
        while True:
            try:
>               value = method(self._driver)

.venv/lib/python3.13.../webdriver/support/wait.py:137: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

c = <selenium.webdriver.remote.shadowroot.ShadowRoot (session="6f81b29d44d0ad3e827333489abf29de", element="f.C65F58ECB53A0F27B1F447A26075085F.d.B131034784E76EC3436D0317B54BE848.e.7")>

>   host = wait.until(lambda c: c.find_element(By.CSS_SELECTOR, selector))

tests/e2e/utils.py:323: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <selenium.webdriver.remote.shadowroot.ShadowRoot (session="6f81b29d44d0ad3e827333489abf29de", element="f.C65F58ECB53A0F27B1F447A26075085F.d.B131034784E76EC3436D0317B54BE848.e.7")>
by = 'css selector', value = 'ak-stage-consent'

    def find_element(self, by: str = By.ID, value: str = None):
        """Find an element inside a shadow root given a By strategy and
        locator.
    
        Parameters:
        -----------
        by : selenium.webdriver.common.by.By
            The locating strategy to use. Default is `By.ID`. Supported values include:
            - By.ID: Locate by element ID.
            - By.NAME: Locate by the `name` attribute.
            - By.XPATH: Locate by an XPath expression.
            - By.CSS_SELECTOR: Locate by a CSS selector.
            - By.CLASS_NAME: Locate by the `class` attribute.
            - By.TAG_NAME: Locate by the tag name (e.g., "input", "button").
            - By.LINK_TEXT: Locate a link element by its exact text.
            - By.PARTIAL_LINK_TEXT: Locate a link element by partial text match.
            - RelativeBy: Locate elements relative to a specified root element.
    
        Example:
        --------
        element = driver.find_element(By.ID, 'foo')
    
        Returns:
        -------
        WebElement
            The first matching `WebElement` found on the page.
        """
        if by == By.ID:
            by = By.CSS_SELECTOR
            value = f'[id="{value}"]'
        elif by == By.CLASS_NAME:
            by = By.CSS_SELECTOR
            value = f".{value}"
        elif by == By.NAME:
            by = By.CSS_SELECTOR
            value = f'[name="{value}"]'
    
>       return self._execute(Command.FIND_ELEMENT_FROM_SHADOW_ROOT, {"using": by, "value": value})["value"]

.venv/lib/python3.13.../webdriver/remote/shadowroot.py:79: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <selenium.webdriver.remote.shadowroot.ShadowRoot (session="6f81b29d44d0ad3e827333489abf29de", element="f.C65F58ECB53A0F27B1F447A26075085F.d.B131034784E76EC3436D0317B54BE848.e.7")>
command = 'findElementFromShadowRoot'
params = {'shadowId': 'f.C65F58ECB53A0F27B1F447A26075085F.d.B131034784E76EC3436D0317B54BE848.e.7', 'using': 'css selector', 'value': 'ak-stage-consent'}

    def _execute(self, command, params=None):
        """Executes a command against the underlying HTML element.
    
        Args:
          command: The name of the command to _execute as a string.
          params: A dictionary of named parameters to send with the command.
    
        Returns:
          The command's JSON response loaded into a dictionary object.
        """
        if not params:
            params = {}
        params["shadowId"] = self._id
>       return self.session.execute(command, params)

.venv/lib/python3.13.../webdriver/remote/shadowroot.py:133: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <selenium.webdriver.remote.webdriver.WebDriver (session="6f81b29d44d0ad3e827333489abf29de")>
driver_command = 'findElementFromShadowRoot'
params = {'using': 'css selector', 'value': 'ak-stage-consent'}

    def execute(self, driver_command: str, params: dict = None) -> dict:
        """Sends a command to be executed by a command.CommandExecutor.
    
        Parameters:
        -----------
        driver_command : str
            - The name of the command to execute as a string.
    
        params : dict
            - A dictionary of named Parameters to send with the command.
    
        Returns:
        --------
          dict - The command's JSON response loaded into a dictionary object.
        """
        params = self._wrap_value(params)
    
        if self.session_id:
            if not params:
                params = {"sessionId": self.session_id}
            elif "sessionId" not in params:
                params["sessionId"] = self.session_id
    
        response = self.command_executor.execute(driver_command, params)
        if response:
>           self.error_handler.check_response(response)

.venv/lib/python3.13.../webdriver/remote/webdriver.py:448: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <selenium.webdriver.remote.errorhandler.ErrorHandler object at 0x7f8f904f43e0>
response = {'status': 404, 'value': '{"value":{"error":"detached shadow root","message":"detached shadow root: detached shadow ro...\\n#27 0x559040f987f5 \\u003Cunknown>\\n#28 0x559040faa229 \\u003Cunknown>\\n#29 0x7f716a1007db \\u003Cunknown>\\n"}}'}

    def check_response(self, response: Dict[str, Any]) -> None:
        """Checks that a JSON response from the WebDriver does not have an
        error.
    
        :Args:
         - response - The JSON response from the WebDriver server as a dictionary
           object.
    
        :Raises: If the response contains an error message.
        """
        status = response.get("status", None)
        if not status or status == ErrorCode.SUCCESS:
            return
        value = None
        message = response.get("message", "")
        screen: str = response.get("screen", "")
        stacktrace = None
        if isinstance(status, int):
            value_json = response.get("value", None)
            if value_json and isinstance(value_json, str):
                import json
    
                try:
                    value = json.loads(value_json)
                    if len(value) == 1:
                        value = value["value"]
                    status = value.get("error", None)
                    if not status:
                        status = value.get("status", ErrorCode.UNKNOWN_ERROR)
                        message = value.get("value") or value.get("message")
                        if not isinstance(message, str):
                            value = message
                            message = message.get("message")
                    else:
                        message = value.get("message", None)
                except ValueError:
                    pass
    
        exception_class: Type[WebDriverException]
        e = ErrorCode()
        error_codes = [item for item in dir(e) if not item.startswith("__")]
        for error_code in error_codes:
            error_info = getattr(ErrorCode, error_code)
            if isinstance(error_info, list) and status in error_info:
                exception_class = getattr(ExceptionMapping, error_code, WebDriverException)
                break
        else:
            exception_class = WebDriverException
    
        if not value:
            value = response["value"]
        if isinstance(value, str):
            raise exception_class(value)
        if message == "" and "message" in value:
            message = value["message"]
    
        screen = None  # type: ignore[assignment]
        if "screen" in value:
            screen = value["screen"]
    
        stacktrace = None
        st_value = value.get("stackTrace") or value.get("stacktrace")
        if st_value:
            if isinstance(st_value, str):
                stacktrace = st_value.split("\n")
            else:
                stacktrace = []
                try:
                    for frame in st_value:
                        line = frame.get("lineNumber", "")
                        file = frame.get("fileName", "<anonymous>")
                        if line:
                            file = f"{file}:{line}"
                        meth = frame.get("methodName", "<anonymous>")
                        if "className" in frame:
                            meth = f"{frame['className']}.{meth}"
                        msg = "    at %s (%s)"
                        msg = msg % (meth, file)
                        stacktrace.append(msg)
                except TypeError:
                    pass
        if exception_class == UnexpectedAlertPresentException:
            alert_text = None
            if "data" in value:
                alert_text = value["data"].get("text")
            elif "alert" in value:
                alert_text = value["alert"].get("text")
            raise exception_class(message, screen, stacktrace, alert_text)  # type: ignore[call-arg]  # mypy is not smart enough here
>       raise exception_class(message, screen, stacktrace)
E       selenium.common.exceptions.DetachedShadowRootException: Message: detached shadow root: detached shadow root not found
E         (Session info: chrome=143.0.7499.40)
E       Stacktrace:
E       #0 0x559040faaf52 <unknown>
E       #1 0x5590409f021b <unknown>
E       #2 0x559040a03d07 <unknown>
E       #3 0x559040a02910 <unknown>
E       #4 0x559040a04219 <unknown>
E       #5 0x5590409f7764 <unknown>
E       #6 0x5590409f6373 <unknown>
E       #7 0x5590409f986f <unknown>
E       #8 0x5590409f9955 <unknown>
E       #9 0x559040a3f8a4 <unknown>
E       #10 0x559040a402d5 <unknown>
E       #11 0x559040a347aa <unknown>
E       #12 0x559040a649e1 <unknown>
E       #13 0x559040a34681 <unknown>
E       #14 0x559040a64ba2 <unknown>
E       #15 0x559040a86662 <unknown>
E       #16 0x559040a64767 <unknown>
E       #17 0x559040a32b47 <unknown>
E       #18 0x559040a33915 <unknown>
E       #19 0x559040f75b84 <unknown>
E       #20 0x559040f78e74 <unknown>
E       #21 0x559040f7892e <unknown>
E       #22 0x559040f79309 <unknown>
E       #23 0x559040f5f59a <unknown>
E       #24 0x559040f7967a <unknown>
E       #25 0x559040f48149 <unknown>
E       #26 0x559040f98609 <unknown>
E       #27 0x559040f987f5 <unknown>
E       #28 0x559040faa229 <unknown>
E       #29 0x7f716a1007db <unknown>

.venv/lib/python3.13.../webdriver/remote/errorhandler.py:232: DetachedShadowRootException

During handling of the above exception, another exception occurred:

self = <tests.e2e.test_provider_oidc_implicit.TestProviderOAuth2OIDCImplicit testMethod=test_authorization_consent_explicit>
args = (), kwargs = {}

    @wraps(func)
    def wrapper(self: TransactionTestCase, *args, **kwargs):
        """Run test again if we're below max_retries, including tearDown and
        setUp. Otherwise raise the error"""
        nonlocal count
        try:
>           return func(self, *args, **kwargs)

tests/e2e/utils.py:468: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

args = (<tests.e2e.test_provider_oidc_implicit.TestProviderOAuth2OIDCImplicit testMethod=test_authorization_consent_explicit>,)
kwargs = {}, file = 'default/flow-default-invalidation-flow.yaml'
content = 'version: 1\nmetadata:\n  name: Default - Invalidation flow\nentries:\n- attrs:\n    designation: invalidation\n    na...0\n    stage: !KeyOf default-invalidation-logout\n    target: !KeyOf flow\n  model: authentik_flows.flowstagebinding\n'

    @wraps(func)
    def wrapper(*args, **kwargs):
        for file in files:
            content = BlueprintInstance(path=file).retrieve()
            Importer.from_string(content).apply()
>       return func(*args, **kwargs)

.../blueprints/tests/__init__.py:25: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

args = (<tests.e2e.test_provider_oidc_implicit.TestProviderOAuth2OIDCImplicit testMethod=test_authorization_consent_explicit>,)
kwargs = {}
file = 'default/flow-default-provider-authorization-explicit-consent.yaml'
content = 'version: 1\nmetadata:\n  name: Default - Provider authorization flow (explicit consent)\nentries:\n- attrs:\n    desi...e: !KeyOf default-provider-authorization-consent\n    target: !KeyOf flow\n  model: authentik_flows.flowstagebinding\n'

    @wraps(func)
    def wrapper(*args, **kwargs):
        for file in files:
            content = BlueprintInstance(path=file).retrieve()
            Importer.from_string(content).apply()
>       return func(*args, **kwargs)

.../blueprints/tests/__init__.py:25: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

args = (<tests.e2e.test_provider_oidc_implicit.TestProviderOAuth2OIDCImplicit testMethod=test_authorization_consent_explicit>,)
kwargs = {}, file = 'system/providers-oauth2.yaml'
content = 'version: 1\nmetadata:\n  labels:\n    blueprints.goauthentik.io/system: "true"\n  name: System - OAuth2 Provider - Sc... application the ability to access the authentik API\n        # on behalf of the authorizing user\n        return {}\n'

    @wraps(func)
    def wrapper(*args, **kwargs):
        for file in files:
            content = BlueprintInstance(path=file).retrieve()
            Importer.from_string(content).apply()
>       return func(*args, **kwargs)

.../blueprints/tests/__init__.py:25: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

args = (<tests.e2e.test_provider_oidc_implicit.TestProviderOAuth2OIDCImplicit testMethod=test_authorization_consent_explicit>,)
kwargs = {}, config = <AuthentikCryptoConfig: authentik_crypto>

    @wraps(func)
    def wrapper(*args, **kwargs):
        config = apps.get_app_config(app_name)
        if isinstance(config, ManagedAppConfig):
            config._on_startup_callback(None)
>       return func(*args, **kwargs)

.../blueprints/tests/__init__.py:43: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <tests.e2e.test_provider_oidc_implicit.TestProviderOAuth2OIDCImplicit testMethod=test_authorization_consent_explicit>

    @retry()
    @apply_blueprint(
        "default/flow-default-authentication-flow.yaml",
        "default/flow-default-invalidation-flow.yaml",
    )
    @apply_blueprint("default/flow-default-provider-authorization-explicit-consent.yaml")
    @apply_blueprint("system/providers-oauth2.yaml")
    @reconcile_app("authentik_crypto")
    def test_authorization_consent_explicit(self):
        """test OpenID Provider flow (default authorization flow with explicit consent)"""
        sleep(1)
        # Bootstrap all needed objects
        authorization_flow = Flow.objects.get(
            slug="default-provider-authorization-explicit-consent"
        )
        provider = OAuth2Provider.objects.create(
            name=self.application_slug,
            authorization_flow=authorization_flow,
            client_type=ClientTypes.CONFIDENTIAL,
            client_id=self.client_id,
            client_secret=self.client_secret,
            signing_key=create_test_cert(),
            redirect_uris=[
                RedirectURI(RedirectURIMatchingMode.STRICT, "http://localhost:9009/implicit/")
            ],
        )
        provider.property_mappings.set(
            ScopeMapping.objects.filter(
                scope_name__in=[
                    SCOPE_OPENID,
                    SCOPE_OPENID_EMAIL,
                    SCOPE_OPENID_PROFILE,
                    SCOPE_OFFLINE_ACCESS,
                ]
            )
        )
        provider.save()
        app = Application.objects.create(
            name=self.application_slug,
            slug=self.application_slug,
            provider=provider,
        )
        self.setup_client()
    
        self.driver.get("http://localhost:9009/implicit/")
        self.wait.until(ec.title_contains("authentik"))
        self.login()
    
        self.wait.until(ec.presence_of_element_located((By.CSS_SELECTOR, "ak-flow-executor")))
    
        flow_executor = self.get_shadow_root("ak-flow-executor")
>       consent_stage = self.get_shadow_root("ak-stage-consent", flow_executor)

tests/e2e/test_provider_oidc_implicit.py:227: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <tests.e2e.test_provider_oidc_implicit.TestProviderOAuth2OIDCImplicit testMethod=test_authorization_consent_explicit>
selector = 'ak-stage-consent'
container = <selenium.webdriver.remote.shadowroot.ShadowRoot (session="79d3355870e1bdb62aab15e224bdac83", element="f.1C6A020F62F273D493EEA1B89930D01C.d.AFAD8D81ACD62FAB884064B23CA7EDBB.e.7")>
timeout = 10

    def get_shadow_root(
        self, selector: str, container: WebElement | WebDriver | None = None, timeout: float = 10
    ) -> WebElement:
        """Get the shadow root of a web component specified by `selector`."""
        if not container:
            container = self.driver
        wait = WebDriverWait(container, timeout)
        host: WebElement | None = None
    
        try:
>           host = wait.until(lambda c: c.find_element(By.CSS_SELECTOR, selector))

tests/e2e/utils.py:323: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <[AttributeError("'ShadowRoot' object has no attribute 'session_id'") raised in repr()] WebDriverWait object at 0x7f8f91b6d390>
method = <function SeleniumTestCase.get_shadow_root.<locals>.<lambda> at 0x7f8f91290360>
message = ''

    def until(self, method: Callable[[D], Union[Literal[False], T]], message: str = "") -> T:
        """Wait until the method returns a value that is not False.
    
        Calls the method provided with the driver as an argument until the
        return value does not evaluate to ``False``.
    
        Parameters:
        -----------
        method: callable(WebDriver)
            - A callable object that takes a WebDriver instance as an argument.
    
        message: str
            - Optional message for :exc:`TimeoutException`
    
        Return:
        -------
        object: T
            - The result of the last call to `method`
    
        Raises:
        -------
        TimeoutException
            - If 'method' does not return a truthy value within the WebDriverWait
            object's timeout
    
        Example:
        --------
        >>> from selenium.webdriver.common.by import By
        >>> from selenium.webdriver.support.ui import WebDriverWait
        >>> from selenium.webdriver.support import expected_conditions as EC
    
        # Wait until an element is visible on the page
        >>> wait = WebDriverWait(driver, 10)
        >>> element = wait.until(EC.visibility_of_element_located((By.ID, "exampleId")))
        >>> print(element.text)
        """
        screen = None
        stacktrace = None
    
        end_time = time.monotonic() + self._timeout
        while True:
            try:
>               value = method(self._driver)

.venv/lib/python3.13.../webdriver/support/wait.py:137: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

c = <selenium.webdriver.remote.shadowroot.ShadowRoot (session="79d3355870e1bdb62aab15e224bdac83", element="f.1C6A020F62F273D493EEA1B89930D01C.d.AFAD8D81ACD62FAB884064B23CA7EDBB.e.7")>

>   host = wait.until(lambda c: c.find_element(By.CSS_SELECTOR, selector))

tests/e2e/utils.py:323: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <selenium.webdriver.remote.shadowroot.ShadowRoot (session="79d3355870e1bdb62aab15e224bdac83", element="f.1C6A020F62F273D493EEA1B89930D01C.d.AFAD8D81ACD62FAB884064B23CA7EDBB.e.7")>
by = 'css selector', value = 'ak-stage-consent'

    def find_element(self, by: str = By.ID, value: str = None):
        """Find an element inside a shadow root given a By strategy and
        locator.
    
        Parameters:
        -----------
        by : selenium.webdriver.common.by.By
            The locating strategy to use. Default is `By.ID`. Supported values include:
            - By.ID: Locate by element ID.
            - By.NAME: Locate by the `name` attribute.
            - By.XPATH: Locate by an XPath expression.
            - By.CSS_SELECTOR: Locate by a CSS selector.
            - By.CLASS_NAME: Locate by the `class` attribute.
            - By.TAG_NAME: Locate by the tag name (e.g., "input", "button").
            - By.LINK_TEXT: Locate a link element by its exact text.
            - By.PARTIAL_LINK_TEXT: Locate a link element by partial text match.
            - RelativeBy: Locate elements relative to a specified root element.
    
        Example:
        --------
        element = driver.find_element(By.ID, 'foo')
    
        Returns:
        -------
        WebElement
            The first matching `WebElement` found on the page.
        """
        if by == By.ID:
            by = By.CSS_SELECTOR
            value = f'[id="{value}"]'
        elif by == By.CLASS_NAME:
            by = By.CSS_SELECTOR
            value = f".{value}"
        elif by == By.NAME:
            by = By.CSS_SELECTOR
            value = f'[name="{value}"]'
    
>       return self._execute(Command.FIND_ELEMENT_FROM_SHADOW_ROOT, {"using": by, "value": value})["value"]

.venv/lib/python3.13.../webdriver/remote/shadowroot.py:79: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <selenium.webdriver.remote.shadowroot.ShadowRoot (session="79d3355870e1bdb62aab15e224bdac83", element="f.1C6A020F62F273D493EEA1B89930D01C.d.AFAD8D81ACD62FAB884064B23CA7EDBB.e.7")>
command = 'findElementFromShadowRoot'
params = {'shadowId': 'f.1C6A020F62F273D493EEA1B89930D01C.d.AFAD8D81ACD62FAB884064B23CA7EDBB.e.7', 'using': 'css selector', 'value': 'ak-stage-consent'}

    def _execute(self, command, params=None):
        """Executes a command against the underlying HTML element.
    
        Args:
          command: The name of the command to _execute as a string.
          params: A dictionary of named parameters to send with the command.
    
        Returns:
          The command's JSON response loaded into a dictionary object.
        """
        if not params:
            params = {}
        params["shadowId"] = self._id
>       return self.session.execute(command, params)

.venv/lib/python3.13.../webdriver/remote/shadowroot.py:133: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <selenium.webdriver.remote.webdriver.WebDriver (session="79d3355870e1bdb62aab15e224bdac83")>
driver_command = 'findElementFromShadowRoot'
params = {'using': 'css selector', 'value': 'ak-stage-consent'}

    def execute(self, driver_command: str, params: dict = None) -> dict:
        """Sends a command to be executed by a command.CommandExecutor.
    
        Parameters:
        -----------
        driver_command : str
            - The name of the command to execute as a string.
    
        params : dict
            - A dictionary of named Parameters to send with the command.
    
        Returns:
        --------
          dict - The command's JSON response loaded into a dictionary object.
        """
        params = self._wrap_value(params)
    
        if self.session_id:
            if not params:
                params = {"sessionId": self.session_id}
            elif "sessionId" not in params:
                params["sessionId"] = self.session_id
    
        response = self.command_executor.execute(driver_command, params)
        if response:
>           self.error_handler.check_response(response)

.venv/lib/python3.13.../webdriver/remote/webdriver.py:448: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <selenium.webdriver.remote.errorhandler.ErrorHandler object at 0x7f8f904f7ce0>
response = {'status': 404, 'value': '{"value":{"error":"detached shadow root","message":"detached shadow root: detached shadow ro...\\n#27 0x5632c0d397f5 \\u003Cunknown>\\n#28 0x5632c0d4b229 \\u003Cunknown>\\n#29 0x7f7e39b917db \\u003Cunknown>\\n"}}'}

    def check_response(self, response: Dict[str, Any]) -> None:
        """Checks that a JSON response from the WebDriver does not have an
        error.
    
        :Args:
         - response - The JSON response from the WebDriver server as a dictionary
           object.
    
        :Raises: If the response contains an error message.
        """
        status = response.get("status", None)
        if not status or status == ErrorCode.SUCCESS:
            return
        value = None
        message = response.get("message", "")
        screen: str = response.get("screen", "")
        stacktrace = None
        if isinstance(status, int):
            value_json = response.get("value", None)
            if value_json and isinstance(value_json, str):
                import json
    
                try:
                    value = json.loads(value_json)
                    if len(value) == 1:
                        value = value["value"]
                    status = value.get("error", None)
                    if not status:
                        status = value.get("status", ErrorCode.UNKNOWN_ERROR)
                        message = value.get("value") or value.get("message")
                        if not isinstance(message, str):
                            value = message
                            message = message.get("message")
                    else:
                        message = value.get("message", None)
                except ValueError:
                    pass
    
        exception_class: Type[WebDriverException]
        e = ErrorCode()
        error_codes = [item for item in dir(e) if not item.startswith("__")]
        for error_code in error_codes:
            error_info = getattr(ErrorCode, error_code)
            if isinstance(error_info, list) and status in error_info:
                exception_class = getattr(ExceptionMapping, error_code, WebDriverException)
                break
        else:
            exception_class = WebDriverException
    
        if not value:
            value = response["value"]
        if isinstance(value, str):
            raise exception_class(value)
        if message == "" and "message" in value:
            message = value["message"]
    
        screen = None  # type: ignore[assignment]
        if "screen" in value:
            screen = value["screen"]
    
        stacktrace = None
        st_value = value.get("stackTrace") or value.get("stacktrace")
        if st_value:
            if isinstance(st_value, str):
                stacktrace = st_value.split("\n")
            else:
                stacktrace = []
                try:
                    for frame in st_value:
                        line = frame.get("lineNumber", "")
                        file = frame.get("fileName", "<anonymous>")
                        if line:
                            file = f"{file}:{line}"
                        meth = frame.get("methodName", "<anonymous>")
                        if "className" in frame:
                            meth = f"{frame['className']}.{meth}"
                        msg = "    at %s (%s)"
                        msg = msg % (meth, file)
                        stacktrace.append(msg)
                except TypeError:
                    pass
        if exception_class == UnexpectedAlertPresentException:
            alert_text = None
            if "data" in value:
                alert_text = value["data"].get("text")
            elif "alert" in value:
                alert_text = value["alert"].get("text")
            raise exception_class(message, screen, stacktrace, alert_text)  # type: ignore[call-arg]  # mypy is not smart enough here
>       raise exception_class(message, screen, stacktrace)
E       selenium.common.exceptions.DetachedShadowRootException: Message: detached shadow root: detached shadow root not found
E         (Session info: chrome=143.0.7499.40)
E       Stacktrace:
E       #0 0x5632c0d4bf52 <unknown>
E       #1 0x5632c079121b <unknown>
E       #2 0x5632c07a4d07 <unknown>
E       #3 0x5632c07a3910 <unknown>
E       #4 0x5632c07a5219 <unknown>
E       #5 0x5632c0798764 <unknown>
E       #6 0x5632c0797373 <unknown>
E       #7 0x5632c079a86f <unknown>
E       #8 0x5632c079a955 <unknown>
E       #9 0x5632c07e08a4 <unknown>
E       #10 0x5632c07e12d5 <unknown>
E       #11 0x5632c07d57aa <unknown>
E       #12 0x5632c08059e1 <unknown>
E       #13 0x5632c07d5681 <unknown>
E       #14 0x5632c0805ba2 <unknown>
E       #15 0x5632c0827662 <unknown>
E       #16 0x5632c0805767 <unknown>
E       #17 0x5632c07d3b47 <unknown>
E       #18 0x5632c07d4915 <unknown>
E       #19 0x5632c0d16b84 <unknown>
E       #20 0x5632c0d19e74 <unknown>
E       #21 0x5632c0d1992e <unknown>
E       #22 0x5632c0d1a309 <unknown>
E       #23 0x5632c0d0059a <unknown>
E       #24 0x5632c0d1a67a <unknown>
E       #25 0x5632c0ce9149 <unknown>
E       #26 0x5632c0d39609 <unknown>
E       #27 0x5632c0d397f5 <unknown>
E       #28 0x5632c0d4b229 <unknown>
E       #29 0x7f7e39b917db <unknown>

.venv/lib/python3.13.../webdriver/remote/errorhandler.py:232: DetachedShadowRootException

During handling of the above exception, another exception occurred:

self = <unittest.case._Outcome object at 0x7f8f90262d70>
test_case = <tests.e2e.test_provider_oidc_implicit.TestProviderOAuth2OIDCImplicit testMethod=test_authorization_consent_explicit>
subTest = False

    @contextlib.contextmanager
    def testPartExecutor(self, test_case, subTest=False):
        old_success = self.success
        self.success = True
        try:
>           yield

.../hostedtoolcache/Python/3.13.11........./x64/lib/python3.13/unittest/case.py:58: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <tests.e2e.test_provider_oidc_implicit.TestProviderOAuth2OIDCImplicit testMethod=test_authorization_consent_explicit>
result = <TestCaseFunction test_authorization_consent_explicit>

    def run(self, result=None):
        if result is None:
            result = self.defaultTestResult()
            startTestRun = getattr(result, 'startTestRun', None)
            stopTestRun = getattr(result, 'stopTestRun', None)
            if startTestRun is not None:
                startTestRun()
        else:
            stopTestRun = None
    
        result.startTest(self)
        try:
            testMethod = getattr(self, self._testMethodName)
            if (getattr(self.__class__, "__unittest_skip__", False) or
                getattr(testMethod, "__unittest_skip__", False)):
                # If the class or method was skipped.
                skip_why = (getattr(self.__class__, '__unittest_skip_why__', '')
                            or getattr(testMethod, '__unittest_skip_why__', ''))
                _addSkip(result, self, skip_why)
                return result
    
            expecting_failure = (
                getattr(self, "__unittest_expecting_failure__", False) or
                getattr(testMethod, "__unittest_expecting_failure__", False)
            )
            outcome = _Outcome(result)
            start_time = time.perf_counter()
            try:
                self._outcome = outcome
    
                with outcome.testPartExecutor(self):
                    self._callSetUp()
                if outcome.success:
                    outcome.expecting_failure = expecting_failure
                    with outcome.testPartExecutor(self):
>                       self._callTestMethod(testMethod)

.../hostedtoolcache/Python/3.13.11........./x64/lib/python3.13/unittest/case.py:651: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <tests.e2e.test_provider_oidc_implicit.TestProviderOAuth2OIDCImplicit testMethod=test_authorization_consent_explicit>
method = <bound method TestProviderOAuth2OIDCImplicit.test_authorization_consent_explicit of <tests.e2e.test_provider_oidc_implicit.TestProviderOAuth2OIDCImplicit testMethod=test_authorization_consent_explicit>>

    def _callTestMethod(self, method):
>       if method() is not None:

.../hostedtoolcache/Python/3.13.11........./x64/lib/python3.13/unittest/case.py:606: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <tests.e2e.test_provider_oidc_implicit.TestProviderOAuth2OIDCImplicit testMethod=test_authorization_consent_explicit>
args = (), kwargs = {}

    @wraps(func)
    def wrapper(self: TransactionTestCase, *args, **kwargs):
        """Run test again if we're below max_retries, including tearDown and
        setUp. Otherwise raise the error"""
        nonlocal count
        try:
            return func(self, *args, **kwargs)
    
        except tuple(exceptions) as exc:
            count += 1
            if count > max_retires:
                logger.debug("Exceeded retry count", exc=exc, test=self)
    
                raise exc
            logger.debug("Retrying on error", exc=exc, test=self)
            self.tearDown()
            self._post_teardown()
            self._pre_setup()
            self.setUp()
>           return wrapper(self, *args, **kwargs)

tests/e2e/utils.py:481: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <tests.e2e.test_provider_oidc_implicit.TestProviderOAuth2OIDCImplicit testMethod=test_authorization_consent_explicit>
args = (), kwargs = {}

    @wraps(func)
    def wrapper(self: TransactionTestCase, *args, **kwargs):
        """Run test again if we're below max_retries, including tearDown and
        setUp. Otherwise raise the error"""
        nonlocal count
        try:
            return func(self, *args, **kwargs)
    
        except tuple(exceptions) as exc:
            count += 1
            if count > max_retires:
                logger.debug("Exceeded retry count", exc=exc, test=self)
    
                raise exc
            logger.debug("Retrying on error", exc=exc, test=self)
            self.tearDown()
            self._post_teardown()
            self._pre_setup()
            self.setUp()
>           return wrapper(self, *args, **kwargs)

tests/e2e/utils.py:481: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <tests.e2e.test_provider_oidc_implicit.TestProviderOAuth2OIDCImplicit testMethod=test_authorization_consent_explicit>
args = (), kwargs = {}

    @wraps(func)
    def wrapper(self: TransactionTestCase, *args, **kwargs):
        """Run test again if we're below max_retries, including tearDown and
        setUp. Otherwise raise the error"""
        nonlocal count
        try:
            return func(self, *args, **kwargs)
    
        except tuple(exceptions) as exc:
            count += 1
            if count > max_retires:
                logger.debug("Exceeded retry count", exc=exc, test=self)
    
>               raise exc

tests/e2e/utils.py:475: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <tests.e2e.test_provider_oidc_implicit.TestProviderOAuth2OIDCImplicit testMethod=test_authorization_consent_explicit>
args = (), kwargs = {}

    @wraps(func)
    def wrapper(self: TransactionTestCase, *args, **kwargs):
        """Run test again if we're below max_retries, including tearDown and
        setUp. Otherwise raise the error"""
        nonlocal count
        try:
>           return func(self, *args, **kwargs)

tests/e2e/utils.py:468: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

args = (<tests.e2e.test_provider_oidc_implicit.TestProviderOAuth2OIDCImplicit testMethod=test_authorization_consent_explicit>,)
kwargs = {}, file = 'default/flow-default-invalidation-flow.yaml'
content = 'version: 1\nmetadata:\n  name: Default - Invalidation flow\nentries:\n- attrs:\n    designation: invalidation\n    na...0\n    stage: !KeyOf default-invalidation-logout\n    target: !KeyOf flow\n  model: authentik_flows.flowstagebinding\n'

    @wraps(func)
    def wrapper(*args, **kwargs):
        for file in files:
            content = BlueprintInstance(path=file).retrieve()
            Importer.from_string(content).apply()
>       return func(*args, **kwargs)

.../blueprints/tests/__init__.py:25: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

args = (<tests.e2e.test_provider_oidc_implicit.TestProviderOAuth2OIDCImplicit testMethod=test_authorization_consent_explicit>,)
kwargs = {}
file = 'default/flow-default-provider-authorization-explicit-consent.yaml'
content = 'version: 1\nmetadata:\n  name: Default - Provider authorization flow (explicit consent)\nentries:\n- attrs:\n    desi...e: !KeyOf default-provider-authorization-consent\n    target: !KeyOf flow\n  model: authentik_flows.flowstagebinding\n'

    @wraps(func)
    def wrapper(*args, **kwargs):
        for file in files:
            content = BlueprintInstance(path=file).retrieve()
            Importer.from_string(content).apply()
>       return func(*args, **kwargs)

.../blueprints/tests/__init__.py:25: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

args = (<tests.e2e.test_provider_oidc_implicit.TestProviderOAuth2OIDCImplicit testMethod=test_authorization_consent_explicit>,)
kwargs = {}, file = 'system/providers-oauth2.yaml'
content = 'version: 1\nmetadata:\n  labels:\n    blueprints.goauthentik.io/system: "true"\n  name: System - OAuth2 Provider - Sc... application the ability to access the authentik API\n        # on behalf of the authorizing user\n        return {}\n'

    @wraps(func)
    def wrapper(*args, **kwargs):
        for file in files:
            content = BlueprintInstance(path=file).retrieve()
            Importer.from_string(content).apply()
>       return func(*args, **kwargs)

.../blueprints/tests/__init__.py:25: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

args = (<tests.e2e.test_provider_oidc_implicit.TestProviderOAuth2OIDCImplicit testMethod=test_authorization_consent_explicit>,)
kwargs = {}, config = <AuthentikCryptoConfig: authentik_crypto>

    @wraps(func)
    def wrapper(*args, **kwargs):
        config = apps.get_app_config(app_name)
        if isinstance(config, ManagedAppConfig):
            config._on_startup_callback(None)
>       return func(*args, **kwargs)

.../blueprints/tests/__init__.py:43: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <tests.e2e.test_provider_oidc_implicit.TestProviderOAuth2OIDCImplicit testMethod=test_authorization_consent_explicit>

    @retry()
    @apply_blueprint(
        "default/flow-default-authentication-flow.yaml",
        "default/flow-default-invalidation-flow.yaml",
    )
    @apply_blueprint("default/flow-default-provider-authorization-explicit-consent.yaml")
    @apply_blueprint("system/providers-oauth2.yaml")
    @reconcile_app("authentik_crypto")
    def test_authorization_consent_explicit(self):
        """test OpenID Provider flow (default authorization flow with explicit consent)"""
        sleep(1)
        # Bootstrap all needed objects
        authorization_flow = Flow.objects.get(
            slug="default-provider-authorization-explicit-consent"
        )
        provider = OAuth2Provider.objects.create(
            name=self.application_slug,
            authorization_flow=authorization_flow,
            client_type=ClientTypes.CONFIDENTIAL,
            client_id=self.client_id,
            client_secret=self.client_secret,
            signing_key=create_test_cert(),
            redirect_uris=[
                RedirectURI(RedirectURIMatchingMode.STRICT, "http://localhost:9009/implicit/")
            ],
        )
        provider.property_mappings.set(
            ScopeMapping.objects.filter(
                scope_name__in=[
                    SCOPE_OPENID,
                    SCOPE_OPENID_EMAIL,
                    SCOPE_OPENID_PROFILE,
                    SCOPE_OFFLINE_ACCESS,
                ]
            )
        )
        provider.save()
        app = Application.objects.create(
            name=self.application_slug,
            slug=self.application_slug,
            provider=provider,
        )
        self.setup_client()
    
        self.driver.get("http://localhost:9009/implicit/")
        self.wait.until(ec.title_contains("authentik"))
        self.login()
    
        self.wait.until(ec.presence_of_element_located((By.CSS_SELECTOR, "ak-flow-executor")))
    
        flow_executor = self.get_shadow_root("ak-flow-executor")
>       consent_stage = self.get_shadow_root("ak-stage-consent", flow_executor)

tests/e2e/test_provider_oidc_implicit.py:227: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <tests.e2e.test_provider_oidc_implicit.TestProviderOAuth2OIDCImplicit testMethod=test_authorization_consent_explicit>
selector = 'ak-stage-consent'
container = <selenium.webdriver.remote.shadowroot.ShadowRoot (session="2a3d7db9dc8c5740fc534b83156c1f53", element="f.902C94F5DDE69F588DDB92999DED1B63.d.AEC9470DEEC23D9947483490E86499B4.e.7")>
timeout = 10

    def get_shadow_root(
        self, selector: str, container: WebElement | WebDriver | None = None, timeout: float = 10
    ) -> WebElement:
        """Get the shadow root of a web component specified by `selector`."""
        if not container:
            container = self.driver
        wait = WebDriverWait(container, timeout)
        host: WebElement | None = None
    
        try:
>           host = wait.until(lambda c: c.find_element(By.CSS_SELECTOR, selector))

tests/e2e/utils.py:323: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <[AttributeError("'ShadowRoot' object has no attribute 'session_id'") raised in repr()] WebDriverWait object at 0x7f8f90251f60>
method = <function SeleniumTestCase.get_shadow_root.<locals>.<lambda> at 0x7f8f912cf920>
message = ''

    def until(self, method: Callable[[D], Union[Literal[False], T]], message: str = "") -> T:
        """Wait until the method returns a value that is not False.
    
        Calls the method provided with the driver as an argument until the
        return value does not evaluate to ``False``.
    
        Parameters:
        -----------
        method: callable(WebDriver)
            - A callable object that takes a WebDriver instance as an argument.
    
        message: str
            - Optional message for :exc:`TimeoutException`
    
        Return:
        -------
        object: T
            - The result of the last call to `method`
    
        Raises:
        -------
        TimeoutException
            - If 'method' does not return a truthy value within the WebDriverWait
            object's timeout
    
        Example:
        --------
        >>> from selenium.webdriver.common.by import By
        >>> from selenium.webdriver.support.ui import WebDriverWait
        >>> from selenium.webdriver.support import expected_conditions as EC
    
        # Wait until an element is visible on the page
        >>> wait = WebDriverWait(driver, 10)
        >>> element = wait.until(EC.visibility_of_element_located((By.ID, "exampleId")))
        >>> print(element.text)
        """
        screen = None
        stacktrace = None
    
        end_time = time.monotonic() + self._timeout
        while True:
            try:
>               value = method(self._driver)

.venv/lib/python3.13.../webdriver/support/wait.py:137: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

c = <selenium.webdriver.remote.shadowroot.ShadowRoot (session="2a3d7db9dc8c5740fc534b83156c1f53", element="f.902C94F5DDE69F588DDB92999DED1B63.d.AEC9470DEEC23D9947483490E86499B4.e.7")>

>   host = wait.until(lambda c: c.find_element(By.CSS_SELECTOR, selector))

tests/e2e/utils.py:323: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <selenium.webdriver.remote.shadowroot.ShadowRoot (session="2a3d7db9dc8c5740fc534b83156c1f53", element="f.902C94F5DDE69F588DDB92999DED1B63.d.AEC9470DEEC23D9947483490E86499B4.e.7")>
by = 'css selector', value = 'ak-stage-consent'

    def find_element(self, by: str = By.ID, value: str = None):
        """Find an element inside a shadow root given a By strategy and
        locator.
    
        Parameters:
        -----------
        by : selenium.webdriver.common.by.By
            The locating strategy to use. Default is `By.ID`. Supported values include:
            - By.ID: Locate by element ID.
            - By.NAME: Locate by the `name` attribute.
            - By.XPATH: Locate by an XPath expression.
            - By.CSS_SELECTOR: Locate by a CSS selector.
            - By.CLASS_NAME: Locate by the `class` attribute.
            - By.TAG_NAME: Locate by the tag name (e.g., "input", "button").
            - By.LINK_TEXT: Locate a link element by its exact text.
            - By.PARTIAL_LINK_TEXT: Locate a link element by partial text match.
            - RelativeBy: Locate elements relative to a specified root element.
    
        Example:
        --------
        element = driver.find_element(By.ID, 'foo')
    
        Returns:
        -------
        WebElement
            The first matching `WebElement` found on the page.
        """
        if by == By.ID:
            by = By.CSS_SELECTOR
            value = f'[id="{value}"]'
        elif by == By.CLASS_NAME:
            by = By.CSS_SELECTOR
            value = f".{value}"
        elif by == By.NAME:
            by = By.CSS_SELECTOR
            value = f'[name="{value}"]'
    
>       return self._execute(Command.FIND_ELEMENT_FROM_SHADOW_ROOT, {"using": by, "value": value})["value"]

.venv/lib/python3.13.../webdriver/remote/shadowroot.py:79: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <selenium.webdriver.remote.shadowroot.ShadowRoot (session="2a3d7db9dc8c5740fc534b83156c1f53", element="f.902C94F5DDE69F588DDB92999DED1B63.d.AEC9470DEEC23D9947483490E86499B4.e.7")>
command = 'findElementFromShadowRoot'
params = {'shadowId': 'f.902C94F5DDE69F588DDB92999DED1B63.d.AEC9470DEEC23D9947483490E86499B4.e.7', 'using': 'css selector', 'value': 'ak-stage-consent'}

    def _execute(self, command, params=None):
        """Executes a command against the underlying HTML element.
    
        Args:
          command: The name of the command to _execute as a string.
          params: A dictionary of named parameters to send with the command.
    
        Returns:
          The command's JSON response loaded into a dictionary object.
        """
        if not params:
            params = {}
        params["shadowId"] = self._id
>       return self.session.execute(command, params)

.venv/lib/python3.13.../webdriver/remote/shadowroot.py:133: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <selenium.webdriver.remote.webdriver.WebDriver (session="2a3d7db9dc8c5740fc534b83156c1f53")>
driver_command = 'findElementFromShadowRoot'
params = {'using': 'css selector', 'value': 'ak-stage-consent'}

    def execute(self, driver_command: str, params: dict = None) -> dict:
        """Sends a command to be executed by a command.CommandExecutor.
    
        Parameters:
        -----------
        driver_command : str
            - The name of the command to execute as a string.
    
        params : dict
            - A dictionary of named Parameters to send with the command.
    
        Returns:
        --------
          dict - The command's JSON response loaded into a dictionary object.
        """
        params = self._wrap_value(params)
    
        if self.session_id:
            if not params:
                params = {"sessionId": self.session_id}
            elif "sessionId" not in params:
                params["sessionId"] = self.session_id
    
        response = self.command_executor.execute(driver_command, params)
        if response:
>           self.error_handler.check_response(response)

.venv/lib/python3.13.../webdriver/remote/webdriver.py:448: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <selenium.webdriver.remote.errorhandler.ErrorHandler object at 0x7f8f90fa2d50>
response = {'status': 404, 'value': '{"value":{"error":"detached shadow root","message":"detached shadow root: detached shadow ro...\\n#27 0x563e2a22c7f5 \\u003Cunknown>\\n#28 0x563e2a23e229 \\u003Cunknown>\\n#29 0x7fbf6f6447db \\u003Cunknown>\\n"}}'}

    def check_response(self, response: Dict[str, Any]) -> None:
        """Checks that a JSON response from the WebDriver does not have an
        error.
    
        :Args:
         - response - The JSON response from the WebDriver server as a dictionary
           object.
    
        :Raises: If the response contains an error message.
        """
        status = response.get("status", None)
        if not status or status == ErrorCode.SUCCESS:
            return
        value = None
        message = response.get("message", "")
        screen: str = response.get("screen", "")
        stacktrace = None
        if isinstance(status, int):
            value_json = response.get("value", None)
            if value_json and isinstance(value_json, str):
                import json
    
                try:
                    value = json.loads(value_json)
                    if len(value) == 1:
                        value = value["value"]
                    status = value.get("error", None)
                    if not status:
                        status = value.get("status", ErrorCode.UNKNOWN_ERROR)
                        message = value.get("value") or value.get("message")
                        if not isinstance(message, str):
                            value = message
                            message = message.get("message")
                    else:
                        message = value.get("message", None)
                except ValueError:
                    pass
    
        exception_class: Type[WebDriverException]
        e = ErrorCode()
        error_codes = [item for item in dir(e) if not item.startswith("__")]
        for error_code in error_codes:
            error_info = getattr(ErrorCode, error_code)
            if isinstance(error_info, list) and status in error_info:
                exception_class = getattr(ExceptionMapping, error_code, WebDriverException)
                break
        else:
            exception_class = WebDriverException
    
        if not value:
            value = response["value"]
        if isinstance(value, str):
            raise exception_class(value)
        if message == "" and "message" in value:
            message = value["message"]
    
        screen = None  # type: ignore[assignment]
        if "screen" in value:
            screen = value["screen"]
    
        stacktrace = None
        st_value = value.get("stackTrace") or value.get("stacktrace")
        if st_value:
            if isinstance(st_value, str):
                stacktrace = st_value.split("\n")
            else:
                stacktrace = []
                try:
                    for frame in st_value:
                        line = frame.get("lineNumber", "")
                        file = frame.get("fileName", "<anonymous>")
                        if line:
                            file = f"{file}:{line}"
                        meth = frame.get("methodName", "<anonymous>")
                        if "className" in frame:
                            meth = f"{frame['className']}.{meth}"
                        msg = "    at %s (%s)"
                        msg = msg % (meth, file)
                        stacktrace.append(msg)
                except TypeError:
                    pass
        if exception_class == UnexpectedAlertPresentException:
            alert_text = None
            if "data" in value:
                alert_text = value["data"].get("text")
            elif "alert" in value:
                alert_text = value["alert"].get("text")
            raise exception_class(message, screen, stacktrace, alert_text)  # type: ignore[call-arg]  # mypy is not smart enough here
>       raise exception_class(message, screen, stacktrace)
E       selenium.common.exceptions.DetachedShadowRootException: Message: detached shadow root: detached shadow root not found
E         (Session info: chrome=143.0.7499.40)
E       Stacktrace:
E       #0 0x563e2a23ef52 <unknown>
E       #1 0x563e29c8421b <unknown>
E       #2 0x563e29c97d07 <unknown>
E       #3 0x563e29c96910 <unknown>
E       #4 0x563e29c98219 <unknown>
E       #5 0x563e29c8b764 <unknown>
E       #6 0x563e29c8a373 <unknown>
E       #7 0x563e29c8d86f <unknown>
E       #8 0x563e29c8d955 <unknown>
E       #9 0x563e29cd38a4 <unknown>
E       #10 0x563e29cd42d5 <unknown>
E       #11 0x563e29cc87aa <unknown>
E       #12 0x563e29cf89e1 <unknown>
E       #13 0x563e29cc8681 <unknown>
E       #14 0x563e29cf8ba2 <unknown>
E       #15 0x563e29d1a662 <unknown>
E       #16 0x563e29cf8767 <unknown>
E       #17 0x563e29cc6b47 <unknown>
E       #18 0x563e29cc7915 <unknown>
E       #19 0x563e2a209b84 <unknown>
E       #20 0x563e2a20ce74 <unknown>
E       #21 0x563e2a20c92e <unknown>
E       #22 0x563e2a20d309 <unknown>
E       #23 0x563e2a1f359a <unknown>
E       #24 0x563e2a20d67a <unknown>
E       #25 0x563e2a1dc149 <unknown>
E       #26 0x563e2a22c609 <unknown>
E       #27 0x563e2a22c7f5 <unknown>
E       #28 0x563e2a23e229 <unknown>
E       #29 0x7fbf6f6447db <unknown>

.venv/lib/python3.13.../webdriver/remote/errorhandler.py:232: DetachedShadowRootException

tests.e2e.test_provider_oidc.TestProviderOAuth2OIDC::test_authorization_consent_implied

Stack Traces | 55.8s run time

self = <tests.e2e.test_provider_oidc.TestProviderOAuth2OIDC testMethod=test_authorization_consent_implied>
args = (), kwargs = {}

    @wraps(func)
    def wrapper(self: TransactionTestCase, *args, **kwargs):
        """Run test again if we're below max_retries, including tearDown and
        setUp. Otherwise raise the error"""
        nonlocal count
        try:
>           return func(self, *args, **kwargs)

tests/e2e/utils.py:468: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

args = (<tests.e2e.test_provider_oidc.TestProviderOAuth2OIDC testMethod=test_authorization_consent_implied>,)
kwargs = {}, file = 'default/flow-default-invalidation-flow.yaml'
content = 'version: 1\nmetadata:\n  name: Default - Invalidation flow\nentries:\n- attrs:\n    designation: invalidation\n    na...0\n    stage: !KeyOf default-invalidation-logout\n    target: !KeyOf flow\n  model: authentik_flows.flowstagebinding\n'

    @wraps(func)
    def wrapper(*args, **kwargs):
        for file in files:
            content = BlueprintInstance(path=file).retrieve()
            Importer.from_string(content).apply()
>       return func(*args, **kwargs)

.../blueprints/tests/__init__.py:25: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

args = (<tests.e2e.test_provider_oidc.TestProviderOAuth2OIDC testMethod=test_authorization_consent_implied>,)
kwargs = {}
file = 'default/flow-default-provider-authorization-implicit-consent.yaml'
content = 'version: 1\nmetadata:\n  name: Default - Provider authorization flow (implicit consent)\nentries:\n- attrs:\n    desi...henticated\n  identifiers:\n    slug: default-provider-authorization-implicit-consent\n  model: authentik_flows.flow\n'

    @wraps(func)
    def wrapper(*args, **kwargs):
        for file in files:
            content = BlueprintInstance(path=file).retrieve()
            Importer.from_string(content).apply()
>       return func(*args, **kwargs)

.../blueprints/tests/__init__.py:25: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

args = (<tests.e2e.test_provider_oidc.TestProviderOAuth2OIDC testMethod=test_authorization_consent_implied>,)
kwargs = {}, file = 'system/providers-oauth2.yaml'
content = 'version: 1\nmetadata:\n  labels:\n    blueprints.goauthentik.io/system: "true"\n  name: System - OAuth2 Provider - Sc... application the ability to access the authentik API\n        # on behalf of the authorizing user\n        return {}\n'

    @wraps(func)
    def wrapper(*args, **kwargs):
        for file in files:
            content = BlueprintInstance(path=file).retrieve()
            Importer.from_string(content).apply()
>       return func(*args, **kwargs)

.../blueprints/tests/__init__.py:25: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

args = (<tests.e2e.test_provider_oidc.TestProviderOAuth2OIDC testMethod=test_authorization_consent_implied>,)
kwargs = {}, config = <AuthentikCryptoConfig: authentik_crypto>

    @wraps(func)
    def wrapper(*args, **kwargs):
        config = apps.get_app_config(app_name)
        if isinstance(config, ManagedAppConfig):
            config._on_startup_callback(None)
>       return func(*args, **kwargs)

.../blueprints/tests/__init__.py:43: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <tests.e2e.test_provider_oidc.TestProviderOAuth2OIDC testMethod=test_authorization_consent_implied>

    @retry()
    @apply_blueprint(
        "default/flow-default-authentication-flow.yaml",
        "default/flow-default-invalidation-flow.yaml",
    )
    @apply_blueprint("default/flow-default-provider-authorization-implicit-consent.yaml")
    @apply_blueprint("system/providers-oauth2.yaml")
    @reconcile_app("authentik_crypto")
    def test_authorization_consent_implied(self):
        """test OpenID Provider flow (default authorization flow with implied consent)
        (due to offline_access a consent will still be triggered)"""
        sleep(1)
        # Bootstrap all needed objects
        authorization_flow = Flow.objects.get(
            slug="default-provider-authorization-implicit-consent"
        )
        provider = OAuth2Provider.objects.create(
            name=self.application_slug,
            client_type=ClientTypes.CONFIDENTIAL,
            client_id=self.client_id,
            client_secret=self.client_secret,
            signing_key=create_test_cert(),
            redirect_uris=[
                RedirectURI(RedirectURIMatchingMode.STRICT, "http://localhost:9009/auth/callback")
            ],
            authorization_flow=authorization_flow,
        )
        provider.property_mappings.set(
            ScopeMapping.objects.filter(
                scope_name__in=[
                    SCOPE_OPENID,
                    SCOPE_OPENID_EMAIL,
                    SCOPE_OPENID_PROFILE,
                    SCOPE_OFFLINE_ACCESS,
                ]
            )
        )
        app = Application.objects.create(
            name=self.application_slug,
            slug=self.application_slug,
            provider=provider,
        )
        self.setup_client()
    
        self.driver.get("http://localhost:9009")
        self.login()
    
        self.wait.until(ec.presence_of_element_located((By.CSS_SELECTOR, "ak-flow-executor")))
    
        flow_executor = self.get_shadow_root("ak-flow-executor")
>       consent_stage = self.get_shadow_root("ak-stage-consent", flow_executor)

tests/e2e/test_provider_oidc.py:153: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <tests.e2e.test_provider_oidc.TestProviderOAuth2OIDC testMethod=test_authorization_consent_implied>
selector = 'ak-stage-consent'
container = <selenium.webdriver.remote.shadowroot.ShadowRoot (session="e89b172b45a8c7620f49bd01dcbd01fa", element="f.84F3E59615C2350FC4C98795D8857955.d.030C858032242B4CD88872824AFD003E.e.7")>
timeout = 10

    def get_shadow_root(
        self, selector: str, container: WebElement | WebDriver | None = None, timeout: float = 10
    ) -> WebElement:
        """Get the shadow root of a web component specified by `selector`."""
        if not container:
            container = self.driver
        wait = WebDriverWait(container, timeout)
        host: WebElement | None = None
    
        try:
>           host = wait.until(lambda c: c.find_element(By.CSS_SELECTOR, selector))

tests/e2e/utils.py:323: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <[AttributeError("'ShadowRoot' object has no attribute 'session_id'") raised in repr()] WebDriverWait object at 0x7f8f7f85a970>
method = <function SeleniumTestCase.get_shadow_root.<locals>.<lambda> at 0x7f8f7f7fd940>
message = ''

    def until(self, method: Callable[[D], Union[Literal[False], T]], message: str = "") -> T:
        """Wait until the method returns a value that is not False.
    
        Calls the method provided with the driver as an argument until the
        return value does not evaluate to ``False``.
    
        Parameters:
        -----------
        method: callable(WebDriver)
            - A callable object that takes a WebDriver instance as an argument.
    
        message: str
            - Optional message for :exc:`TimeoutException`
    
        Return:
        -------
        object: T
            - The result of the last call to `method`
    
        Raises:
        -------
        TimeoutException
            - If 'method' does not return a truthy value within the WebDriverWait
            object's timeout
    
        Example:
        --------
        >>> from selenium.webdriver.common.by import By
        >>> from selenium.webdriver.support.ui import WebDriverWait
        >>> from selenium.webdriver.support import expected_conditions as EC
    
        # Wait until an element is visible on the page
        >>> wait = WebDriverWait(driver, 10)
        >>> element = wait.until(EC.visibility_of_element_located((By.ID, "exampleId")))
        >>> print(element.text)
        """
        screen = None
        stacktrace = None
    
        end_time = time.monotonic() + self._timeout
        while True:
            try:
>               value = method(self._driver)

.venv/lib/python3.13.../webdriver/support/wait.py:137: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

c = <selenium.webdriver.remote.shadowroot.ShadowRoot (session="e89b172b45a8c7620f49bd01dcbd01fa", element="f.84F3E59615C2350FC4C98795D8857955.d.030C858032242B4CD88872824AFD003E.e.7")>

>   host = wait.until(lambda c: c.find_element(By.CSS_SELECTOR, selector))

tests/e2e/utils.py:323: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <selenium.webdriver.remote.shadowroot.ShadowRoot (session="e89b172b45a8c7620f49bd01dcbd01fa", element="f.84F3E59615C2350FC4C98795D8857955.d.030C858032242B4CD88872824AFD003E.e.7")>
by = 'css selector', value = 'ak-stage-consent'

    def find_element(self, by: str = By.ID, value: str = None):
        """Find an element inside a shadow root given a By strategy and
        locator.
    
        Parameters:
        -----------
        by : selenium.webdriver.common.by.By
            The locating strategy to use. Default is `By.ID`. Supported values include:
            - By.ID: Locate by element ID.
            - By.NAME: Locate by the `name` attribute.
            - By.XPATH: Locate by an XPath expression.
            - By.CSS_SELECTOR: Locate by a CSS selector.
            - By.CLASS_NAME: Locate by the `class` attribute.
            - By.TAG_NAME: Locate by the tag name (e.g., "input", "button").
            - By.LINK_TEXT: Locate a link element by its exact text.
            - By.PARTIAL_LINK_TEXT: Locate a link element by partial text match.
            - RelativeBy: Locate elements relative to a specified root element.
    
        Example:
        --------
        element = driver.find_element(By.ID, 'foo')
    
        Returns:
        -------
        WebElement
            The first matching `WebElement` found on the page.
        """
        if by == By.ID:
            by = By.CSS_SELECTOR
            value = f'[id="{value}"]'
        elif by == By.CLASS_NAME:
            by = By.CSS_SELECTOR
            value = f".{value}"
        elif by == By.NAME:
            by = By.CSS_SELECTOR
            value = f'[name="{value}"]'
    
>       return self._execute(Command.FIND_ELEMENT_FROM_SHADOW_ROOT, {"using": by, "value": value})["value"]

.venv/lib/python3.13.../webdriver/remote/shadowroot.py:79: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <selenium.webdriver.remote.shadowroot.ShadowRoot (session="e89b172b45a8c7620f49bd01dcbd01fa", element="f.84F3E59615C2350FC4C98795D8857955.d.030C858032242B4CD88872824AFD003E.e.7")>
command = 'findElementFromShadowRoot'
params = {'shadowId': 'f.84F3E59615C2350FC4C98795D8857955.d.030C858032242B4CD88872824AFD003E.e.7', 'using': 'css selector', 'value': 'ak-stage-consent'}

    def _execute(self, command, params=None):
        """Executes a command against the underlying HTML element.
    
        Args:
          command: The name of the command to _execute as a string.
          params: A dictionary of named parameters to send with the command.
    
        Returns:
          The command's JSON response loaded into a dictionary object.
        """
        if not params:
            params = {}
        params["shadowId"] = self._id
>       return self.session.execute(command, params)

.venv/lib/python3.13.../webdriver/remote/shadowroot.py:133: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <selenium.webdriver.remote.webdriver.WebDriver (session="e89b172b45a8c7620f49bd01dcbd01fa")>
driver_command = 'findElementFromShadowRoot'
params = {'using': 'css selector', 'value': 'ak-stage-consent'}

    def execute(self, driver_command: str, params: dict = None) -> dict:
        """Sends a command to be executed by a command.CommandExecutor.
    
        Parameters:
        -----------
        driver_command : str
            - The name of the command to execute as a string.
    
        params : dict
            - A dictionary of named Parameters to send with the command.
    
        Returns:
        --------
          dict - The command's JSON response loaded into a dictionary object.
        """
        params = self._wrap_value(params)
    
        if self.session_id:
            if not params:
                params = {"sessionId": self.session_id}
            elif "sessionId" not in params:
                params["sessionId"] = self.session_id
    
        response = self.command_executor.execute(driver_command, params)
        if response:
>           self.error_handler.check_response(response)

.venv/lib/python3.13.../webdriver/remote/webdriver.py:448: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <selenium.webdriver.remote.errorhandler.ErrorHandler object at 0x7f8f90438c80>
response = {'status': 404, 'value': '{"value":{"error":"detached shadow root","message":"detached shadow root: detached shadow ro...\\n#27 0x5588239fa7f5 \\u003Cunknown>\\n#28 0x558823a0c229 \\u003Cunknown>\\n#29 0x7f05002207db \\u003Cunknown>\\n"}}'}

    def check_response(self, response: Dict[str, Any]) -> None:
        """Checks that a JSON response from the WebDriver does not have an
        error.
    
        :Args:
         - response - The JSON response from the WebDriver server as a dictionary
           object.
    
        :Raises: If the response contains an error message.
        """
        status = response.get("status", None)
        if not status or status == ErrorCode.SUCCESS:
            return
        value = None
        message = response.get("message", "")
        screen: str = response.get("screen", "")
        stacktrace = None
        if isinstance(status, int):
            value_json = response.get("value", None)
            if value_json and isinstance(value_json, str):
                import json
    
                try:
                    value = json.loads(value_json)
                    if len(value) == 1:
                        value = value["value"]
                    status = value.get("error", None)
                    if not status:
                        status = value.get("status", ErrorCode.UNKNOWN_ERROR)
                        message = value.get("value") or value.get("message")
                        if not isinstance(message, str):
                            value = message
                            message = message.get("message")
                    else:
                        message = value.get("message", None)
                except ValueError:
                    pass
    
        exception_class: Type[WebDriverException]
        e = ErrorCode()
        error_codes = [item for item in dir(e) if not item.startswith("__")]
        for error_code in error_codes:
            error_info = getattr(ErrorCode, error_code)
            if isinstance(error_info, list) and status in error_info:
                exception_class = getattr(ExceptionMapping, error_code, WebDriverException)
                break
        else:
            exception_class = WebDriverException
    
        if not value:
            value = response["value"]
        if isinstance(value, str):
            raise exception_class(value)
        if message == "" and "message" in value:
            message = value["message"]
    
        screen = None  # type: ignore[assignment]
        if "screen" in value:
            screen = value["screen"]
    
        stacktrace = None
        st_value = value.get("stackTrace") or value.get("stacktrace")
        if st_value:
            if isinstance(st_value, str):
                stacktrace = st_value.split("\n")
            else:
                stacktrace = []
                try:
                    for frame in st_value:
                        line = frame.get("lineNumber", "")
                        file = frame.get("fileName", "<anonymous>")
                        if line:
                            file = f"{file}:{line}"
                        meth = frame.get("methodName", "<anonymous>")
                        if "className" in frame:
                            meth = f"{frame['className']}.{meth}"
                        msg = "    at %s (%s)"
                        msg = msg % (meth, file)
                        stacktrace.append(msg)
                except TypeError:
                    pass
        if exception_class == UnexpectedAlertPresentException:
            alert_text = None
            if "data" in value:
                alert_text = value["data"].get("text")
            elif "alert" in value:
                alert_text = value["alert"].get("text")
            raise exception_class(message, screen, stacktrace, alert_text)  # type: ignore[call-arg]  # mypy is not smart enough here
>       raise exception_class(message, screen, stacktrace)
E       selenium.common.exceptions.DetachedShadowRootException: Message: detached shadow root: detached shadow root not found
E         (Session info: chrome=143.0.7499.40)
E       Stacktrace:
E       #0 0x558823a0cf52 <unknown>
E       #1 0x55882345221b <unknown>
E       #2 0x558823465d07 <unknown>
E       #3 0x558823464910 <unknown>
E       #4 0x558823466219 <unknown>
E       #5 0x558823459764 <unknown>
E       #6 0x558823458373 <unknown>
E       #7 0x55882345b86f <unknown>
E       #8 0x55882345b955 <unknown>
E       #9 0x5588234a18a4 <unknown>
E       #10 0x5588234a22d5 <unknown>
E       #11 0x5588234967aa <unknown>
E       #12 0x5588234c69e1 <unknown>
E       #13 0x558823496681 <unknown>
E       #14 0x5588234c6ba2 <unknown>
E       #15 0x5588234e8662 <unknown>
E       #16 0x5588234c6767 <unknown>
E       #17 0x558823494b47 <unknown>
E       #18 0x558823495915 <unknown>
E       #19 0x5588239d7b84 <unknown>
E       #20 0x5588239dae74 <unknown>
E       #21 0x5588239da92e <unknown>
E       #22 0x5588239db309 <unknown>
E       #23 0x5588239c159a <unknown>
E       #24 0x5588239db67a <unknown>
E       #25 0x5588239aa149 <unknown>
E       #26 0x5588239fa609 <unknown>
E       #27 0x5588239fa7f5 <unknown>
E       #28 0x558823a0c229 <unknown>
E       #29 0x7f05002207db <unknown>

.venv/lib/python3.13.../webdriver/remote/errorhandler.py:232: DetachedShadowRootException

During handling of the above exception, another exception occurred:

self = <tests.e2e.test_provider_oidc.TestProviderOAuth2OIDC testMethod=test_authorization_consent_implied>
args = (), kwargs = {}

    @wraps(func)
    def wrapper(self: TransactionTestCase, *args, **kwargs):
        """Run test again if we're below max_retries, including tearDown and
        setUp. Otherwise raise the error"""
        nonlocal count
        try:
>           return func(self, *args, **kwargs)

tests/e2e/utils.py:468: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

args = (<tests.e2e.test_provider_oidc.TestProviderOAuth2OIDC testMethod=test_authorization_consent_implied>,)
kwargs = {}, file = 'default/flow-default-invalidation-flow.yaml'
content = 'version: 1\nmetadata:\n  name: Default - Invalidation flow\nentries:\n- attrs:\n    designation: invalidation\n    na...0\n    stage: !KeyOf default-invalidation-logout\n    target: !KeyOf flow\n  model: authentik_flows.flowstagebinding\n'

    @wraps(func)
    def wrapper(*args, **kwargs):
        for file in files:
            content = BlueprintInstance(path=file).retrieve()
            Importer.from_string(content).apply()
>       return func(*args, **kwargs)

.../blueprints/tests/__init__.py:25: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

args = (<tests.e2e.test_provider_oidc.TestProviderOAuth2OIDC testMethod=test_authorization_consent_implied>,)
kwargs = {}
file = 'default/flow-default-provider-authorization-implicit-consent.yaml'
content = 'version: 1\nmetadata:\n  name: Default - Provider authorization flow (implicit consent)\nentries:\n- attrs:\n    desi...henticated\n  identifiers:\n    slug: default-provider-authorization-implicit-consent\n  model: authentik_flows.flow\n'

    @wraps(func)
    def wrapper(*args, **kwargs):
        for file in files:
            content = BlueprintInstance(path=file).retrieve()
            Importer.from_string(content).apply()
>       return func(*args, **kwargs)

.../blueprints/tests/__init__.py:25: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

args = (<tests.e2e.test_provider_oidc.TestProviderOAuth2OIDC testMethod=test_authorization_consent_implied>,)
kwargs = {}, file = 'system/providers-oauth2.yaml'
content = 'version: 1\nmetadata:\n  labels:\n    blueprints.goauthentik.io/system: "true"\n  name: System - OAuth2 Provider - Sc... application the ability to access the authentik API\n        # on behalf of the authorizing user\n        return {}\n'

    @wraps(func)
    def wrapper(*args, **kwargs):
        for file in files:
            content = BlueprintInstance(path=file).retrieve()
            Importer.from_string(content).apply()
>       return func(*args, **kwargs)

.../blueprints/tests/__init__.py:25: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

args = (<tests.e2e.test_provider_oidc.TestProviderOAuth2OIDC testMethod=test_authorization_consent_implied>,)
kwargs = {}, config = <AuthentikCryptoConfig: authentik_crypto>

    @wraps(func)
    def wrapper(*args, **kwargs):
        config = apps.get_app_config(app_name)
        if isinstance(config, ManagedAppConfig):
            config._on_startup_callback(None)
>       return func(*args, **kwargs)

.../blueprints/tests/__init__.py:43: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <tests.e2e.test_provider_oidc.TestProviderOAuth2OIDC testMethod=test_authorization_consent_implied>

    @retry()
    @apply_blueprint(
        "default/flow-default-authentication-flow.yaml",
        "default/flow-default-invalidation-flow.yaml",
    )
    @apply_blueprint("default/flow-default-provider-authorization-implicit-consent.yaml")
    @apply_blueprint("system/providers-oauth2.yaml")
    @reconcile_app("authentik_crypto")
    def test_authorization_consent_implied(self):
        """test OpenID Provider flow (default authorization flow with implied consent)
        (due to offline_access a consent will still be triggered)"""
        sleep(1)
        # Bootstrap all needed objects
        authorization_flow = Flow.objects.get(
            slug="default-provider-authorization-implicit-consent"
        )
        provider = OAuth2Provider.objects.create(
            name=self.application_slug,
            client_type=ClientTypes.CONFIDENTIAL,
            client_id=self.client_id,
            client_secret=self.client_secret,
            signing_key=create_test_cert(),
            redirect_uris=[
                RedirectURI(RedirectURIMatchingMode.STRICT, "http://localhost:9009/auth/callback")
            ],
            authorization_flow=authorization_flow,
        )
        provider.property_mappings.set(
            ScopeMapping.objects.filter(
                scope_name__in=[
                    SCOPE_OPENID,
                    SCOPE_OPENID_EMAIL,
                    SCOPE_OPENID_PROFILE,
                    SCOPE_OFFLINE_ACCESS,
                ]
            )
        )
        app = Application.objects.create(
            name=self.application_slug,
            slug=self.application_slug,
            provider=provider,
        )
        self.setup_client()
    
        self.driver.get("http://localhost:9009")
        self.login()
    
        self.wait.until(ec.presence_of_element_located((By.CSS_SELECTOR, "ak-flow-executor")))
    
        flow_executor = self.get_shadow_root("ak-flow-executor")
>       consent_stage = self.get_shadow_root("ak-stage-consent", flow_executor)

tests/e2e/test_provider_oidc.py:153: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <tests.e2e.test_provider_oidc.TestProviderOAuth2OIDC testMethod=test_authorization_consent_implied>
selector = 'ak-stage-consent'
container = <selenium.webdriver.remote.shadowroot.ShadowRoot (session="ee8b8011712516c8a28ec651eb3ceedc", element="f.6A27E008301C6089970770EB77EC9970.d.0111E08F62C793D38E3E57AFF738987E.e.7")>
timeout = 10

    def get_shadow_root(
        self, selector: str, container: WebElement | WebDriver | None = None, timeout: float = 10
    ) -> WebElement:
        """Get the shadow root of a web component specified by `selector`."""
        if not container:
            container = self.driver
        wait = WebDriverWait(container, timeout)
        host: WebElement | None = None
    
        try:
>           host = wait.until(lambda c: c.find_element(By.CSS_SELECTOR, selector))

tests/e2e/utils.py:323: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <[AttributeError("'ShadowRoot' object has no attribute 'session_id'") raised in repr()] WebDriverWait object at 0x7f8f7f7cf5b0>
method = <function SeleniumTestCase.get_shadow_root.<locals>.<lambda> at 0x7f8f8f874d60>
message = ''

    def until(self, method: Callable[[D], Union[Literal[False], T]], message: str = "") -> T:
        """Wait until the method returns a value that is not False.
    
        Calls the method provided with the driver as an argument until the
        return value does not evaluate to ``False``.
    
        Parameters:
        -----------
        method: callable(WebDriver)
            - A callable object that takes a WebDriver instance as an argument.
    
        message: str
            - Optional message for :exc:`TimeoutException`
    
        Return:
        -------
        object: T
            - The result of the last call to `method`
    
        Raises:
        -------
        TimeoutException
            - If 'method' does not return a truthy value within the WebDriverWait
            object's timeout
    
        Example:
        --------
        >>> from selenium.webdriver.common.by import By
        >>> from selenium.webdriver.support.ui import WebDriverWait
        >>> from selenium.webdriver.support import expected_conditions as EC
    
        # Wait until an element is visible on the page
        >>> wait = WebDriverWait(driver, 10)
        >>> element = wait.until(EC.visibility_of_element_located((By.ID, "exampleId")))
        >>> print(element.text)
        """
        screen = None
        stacktrace = None
    
        end_time = time.monotonic() + self._timeout
        while True:
            try:
>               value = method(self._driver)

.venv/lib/python3.13.../webdriver/support/wait.py:137: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

c = <selenium.webdriver.remote.shadowroot.ShadowRoot (session="ee8b8011712516c8a28ec651eb3ceedc", element="f.6A27E008301C6089970770EB77EC9970.d.0111E08F62C793D38E3E57AFF738987E.e.7")>

>   host = wait.until(lambda c: c.find_element(By.CSS_SELECTOR, selector))

tests/e2e/utils.py:323: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <selenium.webdriver.remote.shadowroot.ShadowRoot (session="ee8b8011712516c8a28ec651eb3ceedc", element="f.6A27E008301C6089970770EB77EC9970.d.0111E08F62C793D38E3E57AFF738987E.e.7")>
by = 'css selector', value = 'ak-stage-consent'

    def find_element(self, by: str = By.ID, value: str = None):
        """Find an element inside a shadow root given a By strategy and
        locator.
    
        Parameters:
        -----------
        by : selenium.webdriver.common.by.By
            The locating strategy to use. Default is `By.ID`. Supported values include:
            - By.ID: Locate by element ID.
            - By.NAME: Locate by the `name` attribute.
            - By.XPATH: Locate by an XPath expression.
            - By.CSS_SELECTOR: Locate by a CSS selector.
            - By.CLASS_NAME: Locate by the `class` attribute.
            - By.TAG_NAME: Locate by the tag name (e.g., "input", "button").
            - By.LINK_TEXT: Locate a link element by its exact text.
            - By.PARTIAL_LINK_TEXT: Locate a link element by partial text match.
            - RelativeBy: Locate elements relative to a specified root element.
    
        Example:
        --------
        element = driver.find_element(By.ID, 'foo')
    
        Returns:
        -------
        WebElement
            The first matching `WebElement` found on the page.
        """
        if by == By.ID:
            by = By.CSS_SELECTOR
            value = f'[id="{value}"]'
        elif by == By.CLASS_NAME:
            by = By.CSS_SELECTOR
            value = f".{value}"
        elif by == By.NAME:
            by = By.CSS_SELECTOR
            value = f'[name="{value}"]'
    
>       return self._execute(Command.FIND_ELEMENT_FROM_SHADOW_ROOT, {"using": by, "value": value})["value"]

.venv/lib/python3.13.../webdriver/remote/shadowroot.py:79: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <selenium.webdriver.remote.shadowroot.ShadowRoot (session="ee8b8011712516c8a28ec651eb3ceedc", element="f.6A27E008301C6089970770EB77EC9970.d.0111E08F62C793D38E3E57AFF738987E.e.7")>
command = 'findElementFromShadowRoot'
params = {'shadowId': 'f.6A27E008301C6089970770EB77EC9970.d.0111E08F62C793D38E3E57AFF738987E.e.7', 'using': 'css selector', 'value': 'ak-stage-consent'}

    def _execute(self, command, params=None):
        """Executes a command against the underlying HTML element.
    
        Args:
          command: The name of the command to _execute as a string.
          params: A dictionary of named parameters to send with the command.
    
        Returns:
          The command's JSON response loaded into a dictionary object.
        """
        if not params:
            params = {}
        params["shadowId"] = self._id
>       return self.session.execute(command, params)

.venv/lib/python3.13.../webdriver/remote/shadowroot.py:133: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <selenium.webdriver.remote.webdriver.WebDriver (session="ee8b8011712516c8a28ec651eb3ceedc")>
driver_command = 'findElementFromShadowRoot'
params = {'using': 'css selector', 'value': 'ak-stage-consent'}

    def execute(self, driver_command: str, params: dict = None) -> dict:
        """Sends a command to be executed by a command.CommandExecutor.
    
        Parameters:
        -----------
        driver_command : str
            - The name of the command to execute as a string.
    
        params : dict
            - A dictionary of named Parameters to send with the command.
    
        Returns:
        --------
          dict - The command's JSON response loaded into a dictionary object.
        """
        params = self._wrap_value(params)
    
        if self.session_id:
            if not params:
                params = {"sessionId": self.session_id}
            elif "sessionId" not in params:
                params["sessionId"] = self.session_id
    
        response = self.command_executor.execute(driver_command, params)
        if response:
>           self.error_handler.check_response(response)

.venv/lib/python3.13.../webdriver/remote/webdriver.py:448: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <selenium.webdriver.remote.errorhandler.ErrorHandler object at 0x7f8f90439f40>
response = {'status': 404, 'value': '{"value":{"error":"detached shadow root","message":"detached shadow root: detached shadow ro...\\n#27 0x55b4771b77f5 \\u003Cunknown>\\n#28 0x55b4771c9229 \\u003Cunknown>\\n#29 0x7f94296177db \\u003Cunknown>\\n"}}'}

    def check_response(self, response: Dict[str, Any]) -> None:
        """Checks that a JSON response from the WebDriver does not have an
        error.
    
        :Args:
         - response - The JSON response from the WebDriver server as a dictionary
           object.
    
        :Raises: If the response contains an error message.
        """
        status = response.get("status", None)
        if not status or status == ErrorCode.SUCCESS:
            return
        value = None
        message = response.get("message", "")
        screen: str = response.get("screen", "")
        stacktrace = None
        if isinstance(status, int):
            value_json = response.get("value", None)
            if value_json and isinstance(value_json, str):
                import json
    
                try:
                    value = json.loads(value_json)
                    if len(value) == 1:
                        value = value["value"]
                    status = value.get("error", None)
                    if not status:
                        status = value.get("status", ErrorCode.UNKNOWN_ERROR)
                        message = value.get("value") or value.get("message")
                        if not isinstance(message, str):
                            value = message
                            message = message.get("message")
                    else:
                        message = value.get("message", None)
                except ValueError:
                    pass
    
        exception_class: Type[WebDriverException]
        e = ErrorCode()
        error_codes = [item for item in dir(e) if not item.startswith("__")]
        for error_code in error_codes:
            error_info = getattr(ErrorCode, error_code)
            if isinstance(error_info, list) and status in error_info:
                exception_class = getattr(ExceptionMapping, error_code, WebDriverException)
                break
        else:
            exception_class = WebDriverException
    
        if not value:
            value = response["value"]
        if isinstance(value, str):
            raise exception_class(value)
        if message == "" and "message" in value:
            message = value["message"]
    
        screen = None  # type: ignore[assignment]
        if "screen" in value:
            screen = value["screen"]
    
        stacktrace = None
        st_value = value.get("stackTrace") or value.get("stacktrace")
        if st_value:
            if isinstance(st_value, str):
                stacktrace = st_value.split("\n")
            else:
                stacktrace = []
                try:
                    for frame in st_value:
                        line = frame.get("lineNumber", "")
                        file = frame.get("fileName", "<anonymous>")
                        if line:
                            file = f"{file}:{line}"
                        meth = frame.get("methodName", "<anonymous>")
                        if "className" in frame:
                            meth = f"{frame['className']}.{meth}"
                        msg = "    at %s (%s)"
                        msg = msg % (meth, file)
                        stacktrace.append(msg)
                except TypeError:
                    pass
        if exception_class == UnexpectedAlertPresentException:
            alert_text = None
            if "data" in value:
                alert_text = value["data"].get("text")
            elif "alert" in value:
                alert_text = value["alert"].get("text")
            raise exception_class(message, screen, stacktrace, alert_text)  # type: ignore[call-arg]  # mypy is not smart enough here
>       raise exception_class(message, screen, stacktrace)
E       selenium.common.exceptions.DetachedShadowRootException: Message: detached shadow root: detached shadow root not found
E         (Session info: chrome=143.0.7499.40)
E       Stacktrace:
E       #0 0x55b4771c9f52 <unknown>
E       #1 0x55b476c0f21b <unknown>
E       #2 0x55b476c22d07 <unknown>
E       #3 0x55b476c21910 <unknown>
E       #4 0x55b476c23219 <unknown>
E       #5 0x55b476c16764 <unknown>
E       #6 0x55b476c15373 <unknown>
E       #7 0x55b476c1886f <unknown>
E       #8 0x55b476c18955 <unknown>
E       #9 0x55b476c5e8a4 <unknown>
E       #10 0x55b476c5f2d5 <unknown>
E       #11 0x55b476c537aa <unknown>
E       #12 0x55b476c839e1 <unknown>
E       #13 0x55b476c53681 <unknown>
E       #14 0x55b476c83ba2 <unknown>
E       #15 0x55b476ca5662 <unknown>
E       #16 0x55b476c83767 <unknown>
E       #17 0x55b476c51b47 <unknown>
E       #18 0x55b476c52915 <unknown>
E       #19 0x55b477194b84 <unknown>
E       #20 0x55b477197e74 <unknown>
E       #21 0x55b47719792e <unknown>
E       #22 0x55b477198309 <unknown>
E       #23 0x55b47717e59a <unknown>
E       #24 0x55b47719867a <unknown>
E       #25 0x55b477167149 <unknown>
E       #26 0x55b4771b7609 <unknown>
E       #27 0x55b4771b77f5 <unknown>
E       #28 0x55b4771c9229 <unknown>
E       #29 0x7f94296177db <unknown>

.venv/lib/python3.13.../webdriver/remote/errorhandler.py:232: DetachedShadowRootException

During handling of the above exception, another exception occurred:

self = <unittest.case._Outcome object at 0x7f8f90451370>
test_case = <tests.e2e.test_provider_oidc.TestProviderOAuth2OIDC testMethod=test_authorization_consent_implied>
subTest = False

    @contextlib.contextmanager
    def testPartExecutor(self, test_case, subTest=False):
        old_success = self.success
        self.success = True
        try:
>           yield

.../hostedtoolcache/Python/3.13.11........./x64/lib/python3.13/unittest/case.py:58: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <tests.e2e.test_provider_oidc.TestProviderOAuth2OIDC testMethod=test_authorization_consent_implied>
result = <TestCaseFunction test_authorization_consent_implied>

    def run(self, result=None):
        if result is None:
            result = self.defaultTestResult()
            startTestRun = getattr(result, 'startTestRun', None)
            stopTestRun = getattr(result, 'stopTestRun', None)
            if startTestRun is not None:
                startTestRun()
        else:
            stopTestRun = None
    
        result.startTest(self)
        try:
            testMethod = getattr(self, self._testMethodName)
            if (getattr(self.__class__, "__unittest_skip__", False) or
                getattr(testMethod, "__unittest_skip__", False)):
                # If the class or method was skipped.
                skip_why = (getattr(self.__class__, '__unittest_skip_why__', '')
                            or getattr(testMethod, '__unittest_skip_why__', ''))
                _addSkip(result, self, skip_why)
                return result
    
            expecting_failure = (
                getattr(self, "__unittest_expecting_failure__", False) or
                getattr(testMethod, "__unittest_expecting_failure__", False)
            )
            outcome = _Outcome(result)
            start_time = time.perf_counter()
            try:
                self._outcome = outcome
    
                with outcome.testPartExecutor(self):
                    self._callSetUp()
                if outcome.success:
                    outcome.expecting_failure = expecting_failure
                    with outcome.testPartExecutor(self):
>                       self._callTestMethod(testMethod)

.../hostedtoolcache/Python/3.13.11........./x64/lib/python3.13/unittest/case.py:651: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <tests.e2e.test_provider_oidc.TestProviderOAuth2OIDC testMethod=test_authorization_consent_implied>
method = <bound method TestProviderOAuth2OIDC.test_authorization_consent_implied of <tests.e2e.test_provider_oidc.TestProviderOAuth2OIDC testMethod=test_authorization_consent_implied>>

    def _callTestMethod(self, method):
>       if method() is not None:

.../hostedtoolcache/Python/3.13.11........./x64/lib/python3.13/unittest/case.py:606: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <tests.e2e.test_provider_oidc.TestProviderOAuth2OIDC testMethod=test_authorization_consent_implied>
args = (), kwargs = {}

    @wraps(func)
    def wrapper(self: TransactionTestCase, *args, **kwargs):
        """Run test again if we're below max_retries, including tearDown and
        setUp. Otherwise raise the error"""
        nonlocal count
        try:
            return func(self, *args, **kwargs)
    
        except tuple(exceptions) as exc:
            count += 1
            if count > max_retires:
                logger.debug("Exceeded retry count", exc=exc, test=self)
    
                raise exc
            logger.debug("Retrying on error", exc=exc, test=self)
            self.tearDown()
            self._post_teardown()
            self._pre_setup()
            self.setUp()
>           return wrapper(self, *args, **kwargs)

tests/e2e/utils.py:481: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <tests.e2e.test_provider_oidc.TestProviderOAuth2OIDC testMethod=test_authorization_consent_implied>
args = (), kwargs = {}

    @wraps(func)
    def wrapper(self: TransactionTestCase, *args, **kwargs):
        """Run test again if we're below max_retries, including tearDown and
        setUp. Otherwise raise the error"""
        nonlocal count
        try:
            return func(self, *args, **kwargs)
    
        except tuple(exceptions) as exc:
            count += 1
            if count > max_retires:
                logger.debug("Exceeded retry count", exc=exc, test=self)
    
                raise exc
            logger.debug("Retrying on error", exc=exc, test=self)
            self.tearDown()
            self._post_teardown()
            self._pre_setup()
            self.setUp()
>           return wrapper(self, *args, **kwargs)

tests/e2e/utils.py:481: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <tests.e2e.test_provider_oidc.TestProviderOAuth2OIDC testMethod=test_authorization_consent_implied>
args = (), kwargs = {}

    @wraps(func)
    def wrapper(self: TransactionTestCase, *args, **kwargs):
        """Run test again if we're below max_retries, including tearDown and
        setUp. Otherwise raise the error"""
        nonlocal count
        try:
            return func(self, *args, **kwargs)
    
        except tuple(exceptions) as exc:
            count += 1
            if count > max_retires:
                logger.debug("Exceeded retry count", exc=exc, test=self)
    
>               raise exc

tests/e2e/utils.py:475: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <tests.e2e.test_provider_oidc.TestProviderOAuth2OIDC testMethod=test_authorization_consent_implied>
args = (), kwargs = {}

    @wraps(func)
    def wrapper(self: TransactionTestCase, *args, **kwargs):
        """Run test again if we're below max_retries, including tearDown and
        setUp. Otherwise raise the error"""
        nonlocal count
        try:
>           return func(self, *args, **kwargs)

tests/e2e/utils.py:468: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

args = (<tests.e2e.test_provider_oidc.TestProviderOAuth2OIDC testMethod=test_authorization_consent_implied>,)
kwargs = {}, file = 'default/flow-default-invalidation-flow.yaml'
content = 'version: 1\nmetadata:\n  name: Default - Invalidation flow\nentries:\n- attrs:\n    designation: invalidation\n    na...0\n    stage: !KeyOf default-invalidation-logout\n    target: !KeyOf flow\n  model: authentik_flows.flowstagebinding\n'

    @wraps(func)
    def wrapper(*args, **kwargs):
        for file in files:
            content = BlueprintInstance(path=file).retrieve()
            Importer.from_string(content).apply()
>       return func(*args, **kwargs)

.../blueprints/tests/__init__.py:25: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

args = (<tests.e2e.test_provider_oidc.TestProviderOAuth2OIDC testMethod=test_authorization_consent_implied>,)
kwargs = {}
file = 'default/flow-default-provider-authorization-implicit-consent.yaml'
content = 'version: 1\nmetadata:\n  name: Default - Provider authorization flow (implicit consent)\nentries:\n- attrs:\n    desi...henticated\n  identifiers:\n    slug: default-provider-authorization-implicit-consent\n  model: authentik_flows.flow\n'

    @wraps(func)
    def wrapper(*args, **kwargs):
        for file in files:
            content = BlueprintInstance(path=file).retrieve()
            Importer.from_string(content).apply()
>       return func(*args, **kwargs)

.../blueprints/tests/__init__.py:25: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

args = (<tests.e2e.test_provider_oidc.TestProviderOAuth2OIDC testMethod=test_authorization_consent_implied>,)
kwargs = {}, file = 'system/providers-oauth2.yaml'
content = 'version: 1\nmetadata:\n  labels:\n    blueprints.goauthentik.io/system: "true"\n  name: System - OAuth2 Provider - Sc... application the ability to access the authentik API\n        # on behalf of the authorizing user\n        return {}\n'

    @wraps(func)
    def wrapper(*args, **kwargs):
        for file in files:
            content = BlueprintInstance(path=file).retrieve()
            Importer.from_string(content).apply()
>       return func(*args, **kwargs)

.../blueprints/tests/__init__.py:25: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

args = (<tests.e2e.test_provider_oidc.TestProviderOAuth2OIDC testMethod=test_authorization_consent_implied>,)
kwargs = {}, config = <AuthentikCryptoConfig: authentik_crypto>

    @wraps(func)
    def wrapper(*args, **kwargs):
        config = apps.get_app_config(app_name)
        if isinstance(config, ManagedAppConfig):
            config._on_startup_callback(None)
>       return func(*args, **kwargs)

.../blueprints/tests/__init__.py:43: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <tests.e2e.test_provider_oidc.TestProviderOAuth2OIDC testMethod=test_authorization_consent_implied>

    @retry()
    @apply_blueprint(
        "default/flow-default-authentication-flow.yaml",
        "default/flow-default-invalidation-flow.yaml",
    )
    @apply_blueprint("default/flow-default-provider-authorization-implicit-consent.yaml")
    @apply_blueprint("system/providers-oauth2.yaml")
    @reconcile_app("authentik_crypto")
    def test_authorization_consent_implied(self):
        """test OpenID Provider flow (default authorization flow with implied consent)
        (due to offline_access a consent will still be triggered)"""
        sleep(1)
        # Bootstrap all needed objects
        authorization_flow = Flow.objects.get(
            slug="default-provider-authorization-implicit-consent"
        )
        provider = OAuth2Provider.objects.create(
            name=self.application_slug,
            client_type=ClientTypes.CONFIDENTIAL,
            client_id=self.client_id,
            client_secret=self.client_secret,
            signing_key=create_test_cert(),
            redirect_uris=[
                RedirectURI(RedirectURIMatchingMode.STRICT, "http://localhost:9009/auth/callback")
            ],
            authorization_flow=authorization_flow,
        )
        provider.property_mappings.set(
            ScopeMapping.objects.filter(
                scope_name__in=[
                    SCOPE_OPENID,
                    SCOPE_OPENID_EMAIL,
                    SCOPE_OPENID_PROFILE,
                    SCOPE_OFFLINE_ACCESS,
                ]
            )
        )
        app = Application.objects.create(
            name=self.application_slug,
            slug=self.application_slug,
            provider=provider,
        )
        self.setup_client()
    
        self.driver.get("http://localhost:9009")
        self.login()
    
        self.wait.until(ec.presence_of_element_located((By.CSS_SELECTOR, "ak-flow-executor")))
    
        flow_executor = self.get_shadow_root("ak-flow-executor")
>       consent_stage = self.get_shadow_root("ak-stage-consent", flow_executor)

tests/e2e/test_provider_oidc.py:153: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <tests.e2e.test_provider_oidc.TestProviderOAuth2OIDC testMethod=test_authorization_consent_implied>
selector = 'ak-stage-consent'
container = <selenium.webdriver.remote.shadowroot.ShadowRoot (session="394eeaded2a78f7110ceef999db78ad6", element="f.635E750945673FBD0CB59A291A0C45D9.d.C9B978EA482B72FB9A9B1B0DEE7C11B7.e.7")>
timeout = 10

    def get_shadow_root(
        self, selector: str, container: WebElement | WebDriver | None = None, timeout: float = 10
    ) -> WebElement:
        """Get the shadow root of a web component specified by `selector`."""
        if not container:
            container = self.driver
        wait = WebDriverWait(container, timeout)
        host: WebElement | None = None
    
        try:
>           host = wait.until(lambda c: c.find_element(By.CSS_SELECTOR, selector))

tests/e2e/utils.py:323: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <[AttributeError("'ShadowRoot' object has no attribute 'session_id'") raised in repr()] WebDriverWait object at 0x7f8f7f7cf620>
method = <function SeleniumTestCase.get_shadow_root.<locals>.<lambda> at 0x7f8f9887d3a0>
message = ''

    def until(self, method: Callable[[D], Union[Literal[False], T]], message: str = "") -> T:
        """Wait until the method returns a value that is not False.
    
        Calls the method provided with the driver as an argument until the
        return value does not evaluate to ``False``.
    
        Parameters:
        -----------
        method: callable(WebDriver)
            - A callable object that takes a WebDriver instance as an argument.
    
        message: str
            - Optional message for :exc:`TimeoutException`
    
        Return:
        -------
        object: T
            - The result of the last call to `method`
    
        Raises:
        -------
        TimeoutException
            - If 'method' does not return a truthy value within the WebDriverWait
            object's timeout
    
        Example:
        --------
        >>> from selenium.webdriver.common.by import By
        >>> from selenium.webdriver.support.ui import WebDriverWait
        >>> from selenium.webdriver.support import expected_conditions as EC
    
        # Wait until an element is visible on the page
        >>> wait = WebDriverWait(driver, 10)
        >>> element = wait.until(EC.visibility_of_element_located((By.ID, "exampleId")))
        >>> print(element.text)
        """
        screen = None
        stacktrace = None
    
        end_time = time.monotonic() + self._timeout
        while True:
            try:
>               value = method(self._driver)

.venv/lib/python3.13.../webdriver/support/wait.py:137: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

c = <selenium.webdriver.remote.shadowroot.ShadowRoot (session="394eeaded2a78f7110ceef999db78ad6", element="f.635E750945673FBD0CB59A291A0C45D9.d.C9B978EA482B72FB9A9B1B0DEE7C11B7.e.7")>

>   host = wait.until(lambda c: c.find_element(By.CSS_SELECTOR, selector))

tests/e2e/utils.py:323: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <selenium.webdriver.remote.shadowroot.ShadowRoot (session="394eeaded2a78f7110ceef999db78ad6", element="f.635E750945673FBD0CB59A291A0C45D9.d.C9B978EA482B72FB9A9B1B0DEE7C11B7.e.7")>
by = 'css selector', value = 'ak-stage-consent'

    def find_element(self, by: str = By.ID, value: str = None):
        """Find an element inside a shadow root given a By strategy and
        locator.
    
        Parameters:
        -----------
        by : selenium.webdriver.common.by.By
            The locating strategy to use. Default is `By.ID`. Supported values include:
            - By.ID: Locate by element ID.
            - By.NAME: Locate by the `name` attribute.
            - By.XPATH: Locate by an XPath expression.
            - By.CSS_SELECTOR: Locate by a CSS selector.
            - By.CLASS_NAME: Locate by the `class` attribute.
            - By.TAG_NAME: Locate by the tag name (e.g., "input", "button").
            - By.LINK_TEXT: Locate a link element by its exact text.
            - By.PARTIAL_LINK_TEXT: Locate a link element by partial text match.
            - RelativeBy: Locate elements relative to a specified root element.
    
        Example:
        --------
        element = driver.find_element(By.ID, 'foo')
    
        Returns:
        -------
        WebElement
            The first matching `WebElement` found on the page.
        """
        if by == By.ID:
            by = By.CSS_SELECTOR
            value = f'[id="{value}"]'
        elif by == By.CLASS_NAME:
            by = By.CSS_SELECTOR
            value = f".{value}"
        elif by == By.NAME:
            by = By.CSS_SELECTOR
            value = f'[name="{value}"]'
    
>       return self._execute(Command.FIND_ELEMENT_FROM_SHADOW_ROOT, {"using": by, "value": value})["value"]

.venv/lib/python3.13.../webdriver/remote/shadowroot.py:79: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <selenium.webdriver.remote.shadowroot.ShadowRoot (session="394eeaded2a78f7110ceef999db78ad6", element="f.635E750945673FBD0CB59A291A0C45D9.d.C9B978EA482B72FB9A9B1B0DEE7C11B7.e.7")>
command = 'findElementFromShadowRoot'
params = {'shadowId': 'f.635E750945673FBD0CB59A291A0C45D9.d.C9B978EA482B72FB9A9B1B0DEE7C11B7.e.7', 'using': 'css selector', 'value': 'ak-stage-consent'}

    def _execute(self, command, params=None):
        """Executes a command against the underlying HTML element.
    
        Args:
          command: The name of the command to _execute as a string.
          params: A dictionary of named parameters to send with the command.
    
        Returns:
          The command's JSON response loaded into a dictionary object.
        """
        if not params:
            params = {}
        params["shadowId"] = self._id
>       return self.session.execute(command, params)

.venv/lib/python3.13.../webdriver/remote/shadowroot.py:133: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <selenium.webdriver.remote.webdriver.WebDriver (session="394eeaded2a78f7110ceef999db78ad6")>
driver_command = 'findElementFromShadowRoot'
params = {'using': 'css selector', 'value': 'ak-stage-consent'}

    def execute(self, driver_command: str, params: dict = None) -> dict:
        """Sends a command to be executed by a command.CommandExecutor.
    
        Parameters:
        -----------
        driver_command : str
            - The name of the command to execute as a string.
    
        params : dict
            - A dictionary of named Parameters to send with the command.
    
        Returns:
        --------
          dict - The command's JSON response loaded into a dictionary object.
        """
        params = self._wrap_value(params)
    
        if self.session_id:
            if not params:
                params = {"sessionId": self.session_id}
            elif "sessionId" not in params:
                params["sessionId"] = self.session_id
    
        response = self.command_executor.execute(driver_command, params)
        if response:
>           self.error_handler.check_response(response)

.venv/lib/python3.13.../webdriver/remote/webdriver.py:448: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <selenium.webdriver.remote.errorhandler.ErrorHandler object at 0x7f8f90a06c10>
response = {'status': 404, 'value': '{"value":{"error":"detached shadow root","message":"detached shadow root: detached shadow ro...\\n#27 0x55a7b00a67f5 \\u003Cunknown>\\n#28 0x55a7b00b8229 \\u003Cunknown>\\n#29 0x7faccd3017db \\u003Cunknown>\\n"}}'}

    def check_response(self, response: Dict[str, Any]) -> None:
        """Checks that a JSON response from the WebDriver does not have an
        error.
    
        :Args:
         - response - The JSON response from the WebDriver server as a dictionary
           object.
    
        :Raises: If the response contains an error message.
        """
        status = response.get("status", None)
        if not status or status == ErrorCode.SUCCESS:
            return
        value = None
        message = response.get("message", "")
        screen: str = response.get("screen", "")
        stacktrace = None
        if isinstance(status, int):
            value_json = response.get("value", None)
            if value_json and isinstance(value_json, str):
                import json
    
                try:
                    value = json.loads(value_json)
                    if len(value) == 1:
                        value = value["value"]
                    status = value.get("error", None)
                    if not status:
                        status = value.get("status", ErrorCode.UNKNOWN_ERROR)
                        message = value.get("value") or value.get("message")
                        if not isinstance(message, str):
                            value = message
                            message = message.get("message")
                    else:
                        message = value.get("message", None)
                except ValueError:
                    pass
    
        exception_class: Type[WebDriverException]
        e = ErrorCode()
        error_codes = [item for item in dir(e) if not item.startswith("__")]
        for error_code in error_codes:
            error_info = getattr(ErrorCode, error_code)
            if isinstance(error_info, list) and status in error_info:
                exception_class = getattr(ExceptionMapping, error_code, WebDriverException)
                break
        else:
            exception_class = WebDriverException
    
        if not value:
            value = response["value"]
        if isinstance(value, str):
            raise exception_class(value)
        if message == "" and "message" in value:
            message = value["message"]
    
        screen = None  # type: ignore[assignment]
        if "screen" in value:
            screen = value["screen"]
    
        stacktrace = None
        st_value = value.get("stackTrace") or value.get("stacktrace")
        if st_value:
            if isinstance(st_value, str):
                stacktrace = st_value.split("\n")
            else:
                stacktrace = []
                try:
                    for frame in st_value:
                        line = frame.get("lineNumber", "")
                        file = frame.get("fileName", "<anonymous>")
                        if line:
                            file = f"{file}:{line}"
                        meth = frame.get("methodName", "<anonymous>")
                        if "className" in frame:
                            meth = f"{frame['className']}.{meth}"
                        msg = "    at %s (%s)"
                        msg = msg % (meth, file)
                        stacktrace.append(msg)
                except TypeError:
                    pass
        if exception_class == UnexpectedAlertPresentException:
            alert_text = None
            if "data" in value:
                alert_text = value["data"].get("text")
            elif "alert" in value:
                alert_text = value["alert"].get("text")
            raise exception_class(message, screen, stacktrace, alert_text)  # type: ignore[call-arg]  # mypy is not smart enough here
>       raise exception_class(message, screen, stacktrace)
E       selenium.common.exceptions.DetachedShadowRootException: Message: detached shadow root: detached shadow root not found
E         (Session info: chrome=143.0.7499.40)
E       Stacktrace:
E       #0 0x55a7b00b8f52 <unknown>
E       #1 0x55a7afafe21b <unknown>
E       #2 0x55a7afb11d07 <unknown>
E       #3 0x55a7afb10910 <unknown>
E       #4 0x55a7afb12219 <unknown>
E       #5 0x55a7afb05764 <unknown>
E       #6 0x55a7afb04373 <unknown>
E       #7 0x55a7afb0786f <unknown>
E       #8 0x55a7afb07955 <unknown>
E       #9 0x55a7afb4d8a4 <unknown>
E       #10 0x55a7afb4e2d5 <unknown>
E       #11 0x55a7afb427aa <unknown>
E       #12 0x55a7afb729e1 <unknown>
E       #13 0x55a7afb42681 <unknown>
E       #14 0x55a7afb72ba2 <unknown>
E       #15 0x55a7afb94662 <unknown>
E       #16 0x55a7afb72767 <unknown>
E       #17 0x55a7afb40b47 <unknown>
E       #18 0x55a7afb41915 <unknown>
E       #19 0x55a7b0083b84 <unknown>
E       #20 0x55a7b0086e74 <unknown>
E       #21 0x55a7b008692e <unknown>
E       #22 0x55a7b0087309 <unknown>
E       #23 0x55a7b006d59a <unknown>
E       #24 0x55a7b008767a <unknown>
E       #25 0x55a7b0056149 <unknown>
E       #26 0x55a7b00a6609 <unknown>
E       #27 0x55a7b00a67f5 <unknown>
E       #28 0x55a7b00b8229 <unknown>
E       #29 0x7faccd3017db <unknown>

.venv/lib/python3.13.../webdriver/remote/errorhandler.py:232: DetachedShadowRootException

tests.e2e.test_provider_oidc_implicit.TestProviderOAuth2OIDCImplicit::test_authorization_consent_implied

Stack Traces | 131s run time

self = <unittest.case._Outcome object at 0x7f8f917a2510>
test_case = <tests.e2e.test_provider_oidc_implicit.TestProviderOAuth2OIDCImplicit testMethod=test_authorization_consent_implied>
subTest = False

    @contextlib.contextmanager
    def testPartExecutor(self, test_case, subTest=False):
        old_success = self.success
        self.success = True
        try:
>           yield

.../hostedtoolcache/Python/3.13.11............/x64/lib/python3.13/unittest/case.py:58: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <tests.e2e.test_provider_oidc_implicit.TestProviderOAuth2OIDCImplicit testMethod=test_authorization_consent_implied>
result = <TestCaseFunction test_authorization_consent_implied>

    def run(self, result=None):
        if result is None:
            result = self.defaultTestResult()
            startTestRun = getattr(result, 'startTestRun', None)
            stopTestRun = getattr(result, 'stopTestRun', None)
            if startTestRun is not None:
                startTestRun()
        else:
            stopTestRun = None
    
        result.startTest(self)
        try:
            testMethod = getattr(self, self._testMethodName)
            if (getattr(self.__class__, "__unittest_skip__", False) or
                getattr(testMethod, "__unittest_skip__", False)):
                # If the class or method was skipped.
                skip_why = (getattr(self.__class__, '__unittest_skip_why__', '')
                            or getattr(testMethod, '__unittest_skip_why__', ''))
                _addSkip(result, self, skip_why)
                return result
    
            expecting_failure = (
                getattr(self, "__unittest_expecting_failure__", False) or
                getattr(testMethod, "__unittest_expecting_failure__", False)
            )
            outcome = _Outcome(result)
            start_time = time.perf_counter()
            try:
                self._outcome = outcome
    
                with outcome.testPartExecutor(self):
                    self._callSetUp()
                if outcome.success:
                    outcome.expecting_failure = expecting_failure
                    with outcome.testPartExecutor(self):
>                       self._callTestMethod(testMethod)

.../hostedtoolcache/Python/3.13.11............/x64/lib/python3.13/unittest/case.py:651: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <tests.e2e.test_provider_oidc_implicit.TestProviderOAuth2OIDCImplicit testMethod=test_authorization_consent_implied>
method = <bound method TestProviderOAuth2OIDCImplicit.test_authorization_consent_implied of <tests.e2e.test_provider_oidc_implicit.TestProviderOAuth2OIDCImplicit testMethod=test_authorization_consent_implied>>

    def _callTestMethod(self, method):
>       if method() is not None:

.../hostedtoolcache/Python/3.13.11............/x64/lib/python3.13/unittest/case.py:606: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <tests.e2e.test_provider_oidc_implicit.TestProviderOAuth2OIDCImplicit testMethod=test_authorization_consent_implied>
args = (), kwargs = {}

    @wraps(func)
    def wrapper(self: TransactionTestCase, *args, **kwargs):
        """Run test again if we're below max_retries, including tearDown and
        setUp. Otherwise raise the error"""
        nonlocal count
        try:
>           return func(self, *args, **kwargs)

tests/e2e/utils.py:468: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

args = (<tests.e2e.test_provider_oidc_implicit.TestProviderOAuth2OIDCImplicit testMethod=test_authorization_consent_implied>,)
kwargs = {}, file = 'default/flow-default-invalidation-flow.yaml'
content = 'version: 1\nmetadata:\n  name: Default - Invalidation flow\nentries:\n- attrs:\n    designation: invalidation\n    na...0\n    stage: !KeyOf default-invalidation-logout\n    target: !KeyOf flow\n  model: authentik_flows.flowstagebinding\n'

    @wraps(func)
    def wrapper(*args, **kwargs):
        for file in files:
            content = BlueprintInstance(path=file).retrieve()
            Importer.from_string(content).apply()
>       return func(*args, **kwargs)

.../blueprints/tests/__init__.py:25: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

args = (<tests.e2e.test_provider_oidc_implicit.TestProviderOAuth2OIDCImplicit testMethod=test_authorization_consent_implied>,)
kwargs = {}
file = 'default/flow-default-provider-authorization-implicit-consent.yaml'
content = 'version: 1\nmetadata:\n  name: Default - Provider authorization flow (implicit consent)\nentries:\n- attrs:\n    desi...henticated\n  identifiers:\n    slug: default-provider-authorization-implicit-consent\n  model: authentik_flows.flow\n'

    @wraps(func)
    def wrapper(*args, **kwargs):
        for file in files:
            content = BlueprintInstance(path=file).retrieve()
            Importer.from_string(content).apply()
>       return func(*args, **kwargs)

.../blueprints/tests/__init__.py:25: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

args = (<tests.e2e.test_provider_oidc_implicit.TestProviderOAuth2OIDCImplicit testMethod=test_authorization_consent_implied>,)
kwargs = {}, file = 'system/providers-oauth2.yaml'
content = 'version: 1\nmetadata:\n  labels:\n    blueprints.goauthentik.io/system: "true"\n  name: System - OAuth2 Provider - Sc... application the ability to access the authentik API\n        # on behalf of the authorizing user\n        return {}\n'

    @wraps(func)
    def wrapper(*args, **kwargs):
        for file in files:
            content = BlueprintInstance(path=file).retrieve()
            Importer.from_string(content).apply()
>       return func(*args, **kwargs)

.../blueprints/tests/__init__.py:25: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

args = (<tests.e2e.test_provider_oidc_implicit.TestProviderOAuth2OIDCImplicit testMethod=test_authorization_consent_implied>,)
kwargs = {}, config = <AuthentikCryptoConfig: authentik_crypto>

    @wraps(func)
    def wrapper(*args, **kwargs):
        config = apps.get_app_config(app_name)
        if isinstance(config, ManagedAppConfig):
            config._on_startup_callback(None)
>       return func(*args, **kwargs)

.../blueprints/tests/__init__.py:43: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <tests.e2e.test_provider_oidc_implicit.TestProviderOAuth2OIDCImplicit testMethod=test_authorization_consent_implied>

    @retry()
    @apply_blueprint(
        "default/flow-default-authentication-flow.yaml",
        "default/flow-default-invalidation-flow.yaml",
    )
    @apply_blueprint("default/flow-default-provider-authorization-implicit-consent.yaml")
    @apply_blueprint("system/providers-oauth2.yaml")
    @reconcile_app("authentik_crypto")
    def test_authorization_consent_implied(self):
        """test OpenID Provider flow (default authorization flow with implied consent)"""
        sleep(1)
        # Bootstrap all needed objects
        authorization_flow = Flow.objects.get(
            slug="default-provider-authorization-implicit-consent"
        )
        provider = OAuth2Provider.objects.create(
            name=self.application_slug,
            client_type=ClientTypes.CONFIDENTIAL,
            client_id=self.client_id,
            client_secret=self.client_secret,
            signing_key=create_test_cert(),
            redirect_uris=[
                RedirectURI(RedirectURIMatchingMode.STRICT, "http://localhost:9009/implicit/")
            ],
            authorization_flow=authorization_flow,
        )
        provider.property_mappings.set(
            ScopeMapping.objects.filter(
                scope_name__in=[
                    SCOPE_OPENID,
                    SCOPE_OPENID_EMAIL,
                    SCOPE_OPENID_PROFILE,
                    SCOPE_OFFLINE_ACCESS,
                ]
            )
        )
        provider.save()
        Application.objects.create(
            name=self.application_slug,
            slug=self.application_slug,
            provider=provider,
        )
        self.setup_client()
    
        self.driver.get("http://localhost:9009/implicit/")
        self.wait.until(ec.title_contains("authentik"))
        self.login()
    
>       body = self.parse_json_content()

tests/e2e/test_provider_oidc_implicit.py:153: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <tests.e2e.test_provider_oidc_implicit.TestProviderOAuth2OIDCImplicit testMethod=test_authorization_consent_implied>
context = <selenium.webdriver.remote.webelement.WebElement (session="f123e18cffa418c06b099f9df265153b", element="f.8BE6253D6E3A8A89520AC61B5BF9043F.d.51AD7775A7F01F2A63FB5CBE9E0703C1.e.29")>
timeout = 10

    def parse_json_content(
        self, context: WebElement | None = None, timeout: float | None = 10
    ) -> JSONType:
        """
        Parse JSON from a Selenium element's text content.
    
        If `context` is not provided, defaults to the <body> element.
        Raises a clear test failure if the element isn't found, the text doesn't appear
        within `timeout` seconds, or the text is not valid JSON.
        """
    
        try:
            if context is None:
                context = self.driver.find_element(By.TAG_NAME, "body")
        except NoSuchElementException:
            self.fail(
                f"No element found (defaulted to <body>). Current URL: {self.driver.current_url}"
            )
    
        wait_timeout = timeout or self.wait_timeout
        wait = WebDriverWait(context, wait_timeout)
    
        try:
            wait.until(lambda d: len(d.text.strip()) != 0)
        except TimeoutException:
            snippet = context.text.strip()[:500].replace("\n", " ")
            self.fail(
                f"Timed out waiting for element text to appear at {self.driver.current_url}. "
                f"Current content: {snippet or '<empty>'}"
            )
    
        body_text = context.text.strip()
        inner_html = context.get_attribute("innerHTML") or ""
    
        if "redirecting" in inner_html.lower():
            try:
                wait.until(lambda d: "redirecting" not in d.get_attribute("innerHTML").lower())
            except TimeoutException:
                snippet = context.text.strip()[:500].replace("\n", " ")
                inner_html = context.get_attribute("innerHTML") or ""
    
                self.fail(
                    f"Timed out waiting for redirect to finish at {self.driver.current_url}. "
                    f"Current content: {snippet or '<empty>'}"
                    f"{inner_html or '<empty>'}"
                )
    
            inner_html = context.get_attribute("innerHTML") or ""
            body_text = context.text.strip()
    
        snippet = body_text[:500].replace("\n", " ")
    
        if not body_text.startswith("{") and not body_text.startswith("["):
>           self.fail(
                f"Expected JSON content but got non-JSON text at {self.driver.current_url}: "
                f"{snippet or '<empty>'}"
                f"{inner_html or '<empty>'}"
            )

tests/e2e/utils.py:295: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <tests.e2e.test_provider_oidc_implicit.TestProviderOAuth2OIDCImplicit testMethod=test_authorization_consent_implied>
msg = 'Expected JSON content but got non-JSON text at http://localhost:9009/implicit/#access_token=eyJhbGciOiJSUzI1NiIsImtpZ...ntication-flow"></ak-flow-inspector>\n            </div>\n        </div>\n    </div>\n\n\n        \n        \n    \n\n'

    def fail(self, msg=None):
        """Fail immediately, with the given message."""
>       raise self.failureException(msg)
E       AssertionError: Expected JSON content but got non-JSON text at http://localhost:9009/implicit/#access_token=eyJhbGciOiJSUzI1NiIsImtpZCI6IjRRX0dpMGxsYm1XUWNndVdmeGx6SVhLNnBBQlFXeVBuY3ZFMXJoaHpzX19fWXhCTFJnZER5WW5rWVBoZlpyOVNoRHY5dTFUa0VBWE9hYUdRUzVIMHVRIiwidHlwIjoiSldUIn0.eyJpc3MiOiJodHRwOi8vMTAuMS4wLjg1OjUzNTMzL2FwcGxpY2F0aW9uL28vdGVzdC8iLCJzdWIiOiI2YTZhMjBkYzIwZTM5NmI5MDlhMmMwYTYxM2RmYTE0MjA0NjdkNWE4M2Y5NzczZjQ1YjdhYTkyYTVhODU0Njk1IiwiYXVkIjoiSGh1cFpQcVdCUGJFcXQweTFMbW1Sd3dTNTlLNTFVZ2Y1Rmt4elczdiIsImV4cCI6MTc2NTg4OTAzMCwiaWF0IjoxNzY1ODg1NDMwLCJhdXRoX3RpbWUiOjE3NjU4ODU0MzAsImFjciI6ImdvYXV0aGVudGlrLmlvL3Byb3ZpZGVycy9vYXV0aDIvZGVmYXVsdCIsImFtciI6WyJwd2QiXSwibm9uY2UiOiJjNTJmYzQ2YWQ1MDg0MTdjYjQ3MGNiNzg2ZmQ2OWVhMyIsInNpZCI6IjcyYzJhOTM3OTVjOTllN2RkYTljZDFiZjk1MTI5ZWNkNzFmN2M2MjIzYTBmNTgxYzE1Y2ZjMzNjYzg0YmY5NzgiLCJlbWFpbCI6IjNabFRyQ0FackREMnc1SVRJanVwQGdvYXV0aGVudGlrLmlvIiwiZW1haWxfdmVyaWZpZWQiOmZhbHNlLCJuYW1lIjoiM1psVHJDQVpyREQydzVJVElqdXAiLCJnaXZlbl9uYW1lIjoiM1psVHJDQVpyREQydzVJVElqdXAiLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiIzWmxUckNBWnJERDJ3NUlUSWp1cCIsIm5pY2tuYW1lIjoiM1psVHJDQVpyREQydzVJVElqdXAiLCJncm91cHMiOlsiM1psVHJDQVpyREQydzVJVElqdXAiXSwiYXpwIjoiSGh1cFpQcVdCUGJFcXQweTFMbW1Sd3dTNTlLNTFVZ2Y1Rmt4elczdiIsInVpZCI6InRXS3JvSm9wMHlkSVdGZXJ0cEtxTXpYejgwRHp3Wld4eHM1MngzSDYiLCJzY29wZSI6InByb2ZpbGUgZW1haWwgb3BlbmlkIn0.O8KKY3A7tqdtfIJVzYOVueYHA35FUu0F3Ac1O3g4fgmQyV3FMeRxKxSmrq7FlIKFbt5IWqBggKIazW8s2RcIrTv3LUCFNJR-z_d5pP7xNFgnYcY-tXsSK60-O27Ixb9_rD5O-lNkDA_c2gi_RVCFtUQ4ccX8Pik6Y-BlxgXPvBC5lOtILyNceBBN-hvc1yJRalP_7K25KKrkwZOnGANvXD4VsQ-wCLe8gU4q-G_GL6Krx66bk4_Y-PmDLkM5XvIjgwesQU-sGWsJsFMoyb2zSWuoxIWP5iLVhcdMg8uVGUmUxiPYU9cRNOks_p0WEB3qZ6sDaM4mN87kdsjybYAa-NXIT_b3FWQp5cVEXYOZ8hDWFkTpuWy0psvaZDX72oViGetw65e17zeHWMEqotCeX6OnPKWkdO4N9dFOcp0uag-nvK0p5VnyTagsAJkiBwR2OHl0-V-Xmq0thGujdaYiwLpeK-x0syC-aPL0E4xAWncZjqFbJVH0Sfs7SNf3sQKJxtAwaNcd426NiSrHsKh5emCMJB47WC1OYDUNvXiSSUdjBTDAnXaZWMAp7L0WG72Zg5cKqKI7BAbu9UDJjNh65eX0eIRPObvLQOF_EStYH_wvQ67ZbSR6kkYjnHxih_RJogqk-1FGUoi2gxVG6D3CLLDp07WPVIujT5cQaoixcI4&id_token=eyJhbGciOiJSUzI1NiIsImtpZCI6IjRRX0dpMGxsYm1XUWNndVdmeGx6SVhLNnBBQlFXeVBuY3ZFMXJoaHpzX19fWXhCTFJnZER5WW5rWVBoZlpyOVNoRHY5dTFUa0VBWE9hYUdRUzVIMHVRIiwidHlwIjoiSldUIn0.eyJpc3MiOiJodHRwOi8vMTAuMS4wLjg1OjUzNTMzL2FwcGxpY2F0aW9uL28vdGVzdC8iLCJzdWIiOiI2YTZhMjBkYzIwZTM5NmI5MDlhMmMwYTYxM2RmYTE0MjA0NjdkNWE4M2Y5NzczZjQ1YjdhYTkyYTVhODU0Njk1IiwiYXVkIjoiSGh1cFpQcVdCUGJFcXQweTFMbW1Sd3dTNTlLNTFVZ2Y1Rmt4elczdiIsImV4cCI6MTc2NTg4OTAzMCwiaWF0IjoxNzY1ODg1NDMwLCJhdXRoX3RpbWUiOjE3NjU4ODU0MzAsImFjciI6ImdvYXV0aGVudGlrLmlvL3Byb3ZpZGVycy9vYXV0aDIvZGVmYXVsdCIsImFtciI6WyJwd2QiXSwibm9uY2UiOiJjNTJmYzQ2YWQ1MDg0MTdjYjQ3MGNiNzg2ZmQ2OWVhMyIsImF0X2hhc2giOiJaYkFnbFBBN285TlExU0NCZi1nZXRRIiwic2lkIjoiNzJjMmE5Mzc5NWM5OWU3ZGRhOWNkMWJmOTUxMjllY2Q3MWY3YzYyMjNhMGY1ODFjMTVjZmMzM2NjODRiZjk3OCIsImVtYWlsIjoiM1psVHJDQVpyREQydzVJVElqdXBAZ29hdXRoZW50aWsuaW8iLCJlbWFpbF92ZXJpZmllZCI6ZmFsc2UsIm5hbWUiOiIzWmxUckNBWnJERDJ3NUlUSWp1cCIsImdpdmVuX25hbWUiOiIzWmxUckNBWnJERDJ3NUlUSWp1cCIsInByZWZlcnJlZF91c2VybmFtZSI6IjNabFRyQ0FackREMnc1SVRJanVwIiwibmlja25hbWUiOiIzWmxUckNBWnJERDJ3NUlUSWp1cCIsImdyb3VwcyI6WyIzWmxUckNBWnJERDJ3NUlUSWp1cCJdfQ.Xtoor7GPQ-cudAYAEPHJ4Or24hg2Swk2EZQTNzoiVFl8UkuhUgNkPten50-NVlhhOELgLcvD3R6v50UCCSOMKaYA_X2fUhMEawQ9iWrgimhJwcbj3xuOFrwLPa_W5AOU5KBBmk8Ckdm21Ref5x1IE5E3fa4CnK_9bcYPnJzsGY6KF-LKDbFPnd-yo5JlcN73gUDz_5PFnxj11M2yBZ2yRyaIBjruFJV23R2gfX5PGIDVwKuhwMH6OsAPhrq6q3c5Dsfb-1c5SDLWTbEflJ1GE4-O8yxTDjtP4nJhUvyHx5kC5XnsfPZB-qnMjarrAfSHRe7nNT7g4HKfVZsVvZSKxvCOL73SsFS6cNs0CYH8U1AqLuAdWNGPj2Vn9szQN3A7FxBlu4ZdAVbuh4fndKehZUzKR7r1NogevTiUM-2ctDiH_Wo0MFVCm8qVoP0am7Tq7IgdgBGILPgUJlzFMIKbwmrsdP42L0_8Isu5XqabatY1UYUei7t4dqwW-JUQj_4wdbN8xM0AuHcS0CKbRfF2gPoLT9C68Q8GSmERv5gO0HjBr6twDrdY51wqFb8Sb_1YdP0fRjmbgxLUwj4CHz9jH6lKwfTndLYvQANIdDTc9XPznpPMzFUDA0HZswElq2MzalQsdmF-NygTuHa7poWckv2U27kx0M_o5AaOJQbMQtI&token_type=Bearer&expires_in=3600&state=3cbf4c1684d243969ab46850ac3b93fe: Chinese Simplified (简体中文) Chinese Traditional (繁體中文) Czech (Čeština) Dutch (Nederlands) English Finnish (Suomi) French (Français) German (Deutsch) Italian (Italiano) Japanese (日本語) Korean (한국어) Polish (Polski) Portuguese (Português) Russian (Русский) Spanish (Español) Turkish (Türkçe) Welcome to authentik! 3ZlTrCAZrDD2w5ITIjup Not you? Password Form actions Continue Powered by authentik
E               
E       <ak-skip-to-content></ak-skip-to-content>
E       <ak-message-container theme="light"></ak-message-container>
E       
E       <div class="pf-c-page__drawer">
E           <div class="pf-c-drawer pf-m-collapsed" id="flow-drawer">
E               <div class="pf-c-drawer__main">
E                   <div class="pf-c-drawer__content">
E                       <div class="pf-c-drawer__body">
E                               <ak-flow-executor slug="default-authentication-flow" class="pf-c-login" data-layout="stacked" data-test-id="interface-root" theme="light">
E                                   
E       
E       <div class="ak-c-placeholder" id="ak-placeholder" slot="placeholder">
E           <span class="pf-c-spinner" role="progressbar" aria-valuetext="Loading...">
E               <span class="pf-c-spinner__clipper"></span>
E               <span class="pf-c-spinner__lead-ball"></span>
E               <span class="pf-c-spinner__tail-ball"></span>
E           </span>
E       </div>
E       
E       
E                                   <ak-brand-links slot="footer" exportparts="list:brand-links-list, list-item:brand-links-list-item" role="contentinfo" aria-label="Site footer" class="pf-c-login__footer pf-m-dark" theme="light"></ak-brand-links>
E                               </ak-flow-executor>
E                           </div>
E                       </div>
E       
E                       <ak-flow-inspector id="flow-inspector" data-registration="lazy" class="pf-c-drawer__panel pf-m-width-33" slug="default-authentication-flow"></ak-flow-inspector>
E                   </div>
E               </div>
E           </div>

.../hostedtoolcache/Python/3.13.11............/x64/lib/python3.13/unittest/case.py:732: AssertionError

To view more test analytics, go to the Test Analytics Dashboard
_{📋 Got 3 mins? Take this short survey to help us improve Test Analytics.}

* main: (54 commits) website/docs: 2025.10.3 release notes (#18868) website/docs: Add docs for passkey autofill (WebauthN Conditional UI) (#18805) website/docs: adjust RBAC-related details in 2025.12 release notes (#18863) outposts: fix permission errors for related certificates (#18861) web/admin/rbac: misc object permission fixes (#18859) core: bump library/golang from `5d35fb8` to `8e8f9c8` (#18855) rbac: alter migrated direct permission roles (#18860) core: add skip s3_test_server_available to TestResolveFileUrlS3Backend (#18858) ci: replace codecov test-results action (#18862) core: bump goauthentik/fips-debian from `c10cd2c` to `2f19fc1` (#18856) admin/files: fix get_objects_for_user queryset argument in FileUsedByView (#18845) core: skip s3 tests if endpoint isn't available (#18841) crypto: Store details parsed from includeDetails in database instead (#18013) website/docs: add jellyseer integration doc (#18812) admin/files: revert add check for /media existence (#18636) (#18829) core: bump goauthentik.io/api/v3 from 3.2025120.26 to 3.2026020.1 (#18815) packages/django-dramatiq-postgres: broker: close django connections on consumer close (#18833) core: remove superuser check from `Token` list (#18684) website/docs: add icon info to style guide (#18832) core: list applications fix (#18798) ...

> ℹ️ **Note** > > This PR body was truncated due to platform limits. This PR contains the following updates: | Package | Update | Change | |---|---|---| | [authentik](https://goauthentik.io) ([source](https://redirect.github.com/goauthentik/helm)) | major | `2025.12.4` → `2026.2.0` | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/1) for more information. --- ### Release Notes <details> <summary>goauthentik/helm (authentik)</summary> ### [`v2026.2.0`](https://redirect.github.com/goauthentik/helm/releases/tag/authentik-2026.2.0) [Compare Source](https://redirect.github.com/goauthentik/helm/compare/authentik-2025.12.4...authentik-2026.2.0) authentik is an open-source Identity Provider focused on flexibility and versatility #### What's Changed - charts/authentik: add fields auto-added by Kubernetes to httproute by [@cfi2017](https://redirect.github.com/cfi2017) in [#453](https://redirect.github.com/goauthentik/helm/pull/453) - chore(deps): update helm/kind-action action to v1.14.0 by [@renovate](https://redirect.github.com/renovate)\[bot] in [#454](https://redirect.github.com/goauthentik/helm/pull/454) - charts/authentik: add note how to set version by [@BeryJu](https://redirect.github.com/BeryJu) in [#456](https://redirect.github.com/goauthentik/helm/pull/456) - charts/authentik: bump to 2026.2.0 by [@authentik-automation](https://redirect.github.com/authentik-automation)\[bot] in [#457](https://redirect.github.com/goauthentik/helm/pull/457) #### New Contributors - [@cfi2017](https://redirect.github.com/cfi2017) made their first contribution in [#453](https://redirect.github.com/goauthentik/helm/pull/453) **Full Changelog**: <https://github.com/goauthentik/helm/compare/authentik-2025.12.4...authentik-2026.2.0> *** ### Full release notes for authentik See <https://docs.goauthentik.io/docs/releases/2026.2> #### What's Changed - root: bump version to 2026.2.0-rc1 by [@authentik-automation](https://redirect.github.com/authentik-automation)\[bot] in [goauthentik/authentik#18794](https://redirect.github.com/goauthentik/authentik/pull/18794) - tests/e2e: retry detached shadow roots by [@melizeche](https://redirect.github.com/melizeche) in [goauthentik/authentik#18796](https://redirect.github.com/goauthentik/authentik/pull/18796) - website/release notes: Update v2025.12 release notes by [@melizeche](https://redirect.github.com/melizeche) in [goauthentik/authentik#18797](https://redirect.github.com/goauthentik/authentik/pull/18797) - web/admin: fix read-only provider selection for application form by [@dominic-r](https://redirect.github.com/dominic-r) in [goauthentik/authentik#18768](https://redirect.github.com/goauthentik/authentik/pull/18768) - web: bump the react group across 1 directory with 2 updates by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#18775](https://redirect.github.com/goauthentik/authentik/pull/18775) - web: bump chromedriver from 143.0.0 to 143.0.1 in /web by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#18776](https://redirect.github.com/goauthentik/authentik/pull/18776) - web: bump the storybook group across 1 directory with 5 updates by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#18774](https://redirect.github.com/goauthentik/authentik/pull/18774) - internal: don't warn on empty outpost for embedded by [@BeryJu](https://redirect.github.com/BeryJu) in [goauthentik/authentik#18786](https://redirect.github.com/goauthentik/authentik/pull/18786) - lifecycle/aws: bump aws-cdk from 2.1033.0 to 2.1034.0 in /lifecycle/aws by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#18771](https://redirect.github.com/goauthentik/authentik/pull/18771) - core, web: update translations by [@authentik-automation](https://redirect.github.com/authentik-automation)\[bot] in [goauthentik/authentik#18804](https://redirect.github.com/goauthentik/authentik/pull/18804) - root: Add macOS support for sed in Makefile by [@melizeche](https://redirect.github.com/melizeche) in [goauthentik/authentik#18795](https://redirect.github.com/goauthentik/authentik/pull/18795) - ci: bump astral-sh/setup-uv from 7.1.5 to 7.1.6 in /.github/actions/setup by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#18826](https://redirect.github.com/goauthentik/authentik/pull/18826) - ci: bump actions/upload-artifact from 5.0.0 to 6.0.0 by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#18824](https://redirect.github.com/goauthentik/authentik/pull/18824) - core: bump goauthentik/fips-debian from `07f41ce` to `c10cd2c` by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#18822](https://redirect.github.com/goauthentik/authentik/pull/18822) - ci: bump actions/download-artifact from 6.0.0 to 7.0.0 by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#18825](https://redirect.github.com/goauthentik/authentik/pull/18825) - ci: bump actions/cache from 5.0.0 to 5.0.1 by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#18823](https://redirect.github.com/goauthentik/authentik/pull/18823) - core: list applications fix by [@ryanpesek](https://redirect.github.com/ryanpesek) in [goauthentik/authentik#18798](https://redirect.github.com/goauthentik/authentik/pull/18798) - website/docs: add icon info to style guide by [@dewi-tik](https://redirect.github.com/dewi-tik) in [goauthentik/authentik#18832](https://redirect.github.com/goauthentik/authentik/pull/18832) - core: remove superuser check from `Token` list by [@gergosimonyi](https://redirect.github.com/gergosimonyi) in [goauthentik/authentik#18684](https://redirect.github.com/goauthentik/authentik/pull/18684) - packages/django-dramatiq-postgres: broker: close django connections on consumer close by [@rissson](https://redirect.github.com/rissson) in [goauthentik/authentik#18833](https://redirect.github.com/goauthentik/authentik/pull/18833) - core: bump goauthentik.io/api/v3 from 3.2025120.26 to 3.2026020.1 by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#18815](https://redirect.github.com/goauthentik/authentik/pull/18815) - admin/files: revert add check for /media existence ([#18636](https://redirect.github.com/goauthentik/helm/issues/18636)) by [@rissson](https://redirect.github.com/rissson) in [goauthentik/authentik#18829](https://redirect.github.com/goauthentik/authentik/pull/18829) - website/docs: add jellyseer integration doc by [@gabay](https://redirect.github.com/gabay) in [goauthentik/authentik#18812](https://redirect.github.com/goauthentik/authentik/pull/18812) - crypto: Store details parsed from includeDetails in database instead by [@PeshekDotDev](https://redirect.github.com/PeshekDotDev) in [goauthentik/authentik#18013](https://redirect.github.com/goauthentik/authentik/pull/18013) - core: skip s3 tests if endpoint isn't available by [@melizeche](https://redirect.github.com/melizeche) in [goauthentik/authentik#18841](https://redirect.github.com/goauthentik/authentik/pull/18841) - admin/files: fix get\_objects\_for\_user queryset argument in FileUsedByView by [@dominic-r](https://redirect.github.com/dominic-r) in [goauthentik/authentik#18845](https://redirect.github.com/goauthentik/authentik/pull/18845) - core: bump goauthentik/fips-debian from `c10cd2c` to `2f19fc1` by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#18856](https://redirect.github.com/goauthentik/authentik/pull/18856) - ci: replace codecov test-results action by [@BeryJu](https://redirect.github.com/BeryJu) in [goauthentik/authentik#18862](https://redirect.github.com/goauthentik/authentik/pull/18862) - core: add skip s3\_test\_server\_available to TestResolveFileUrlS3Backend by [@melizeche](https://redirect.github.com/melizeche) in [goauthentik/authentik#18858](https://redirect.github.com/goauthentik/authentik/pull/18858) - rbac: alter migrated direct permission roles by [@gergosimonyi](https://redirect.github.com/gergosimonyi) in [goauthentik/authentik#18860](https://redirect.github.com/goauthentik/authentik/pull/18860) - core: bump library/golang from `5d35fb8` to `8e8f9c8` by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#18855](https://redirect.github.com/goauthentik/authentik/pull/18855) - web/admin/rbac: misc object permission fixes by [@gergosimonyi](https://redirect.github.com/gergosimonyi) in [goauthentik/authentik#18859](https://redirect.github.com/goauthentik/authentik/pull/18859) - outposts: fix permission errors for related certificates by [@BeryJu](https://redirect.github.com/BeryJu) in [goauthentik/authentik#18861](https://redirect.github.com/goauthentik/authentik/pull/18861) - website/docs: adjust RBAC-related details in 2025.12 release notes by [@gergosimonyi](https://redirect.github.com/gergosimonyi) in [goauthentik/authentik#18863](https://redirect.github.com/goauthentik/authentik/pull/18863) - website/docs: Add docs for passkey autofill (WebauthN Conditional UI) by [@melizeche](https://redirect.github.com/melizeche) in [goauthentik/authentik#18805](https://redirect.github.com/goauthentik/authentik/pull/18805) - website/docs: 2025.10.3 release notes by [@BeryJu](https://redirect.github.com/BeryJu) in [goauthentik/authentik#18868](https://redirect.github.com/goauthentik/authentik/pull/18868) - web: add custom message with links for empty data export list by [@atereshkin](https://redirect.github.com/atereshkin) in [goauthentik/authentik#18830](https://redirect.github.com/goauthentik/authentik/pull/18830) - web: fix notification counter by [@atereshkin](https://redirect.github.com/atereshkin) in [goauthentik/authentik#18781](https://redirect.github.com/goauthentik/authentik/pull/18781) - web: bump vite from 7.2.7 to 7.3.0 in /web by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#18854](https://redirect.github.com/goauthentik/authentik/pull/18854) - stages/authenticator\_\*: fix code input field not string by [@BeryJu](https://redirect.github.com/BeryJu) in [goauthentik/authentik#18875](https://redirect.github.com/goauthentik/authentik/pull/18875) - web: fix file upload form by [@dominic-r](https://redirect.github.com/dominic-r) in [goauthentik/authentik#18808](https://redirect.github.com/goauthentik/authentik/pull/18808) - web/admin: endpoint: change wording and add helper text by [@dewi-tik](https://redirect.github.com/dewi-tik) in [goauthentik/authentik#18871](https://redirect.github.com/goauthentik/authentik/pull/18871) - core, web: update translations by [@authentik-automation](https://redirect.github.com/authentik-automation)\[bot] in [goauthentik/authentik#18807](https://redirect.github.com/goauthentik/authentik/pull/18807) - website/integrations: bookstack: fix redir url by [@dominic-r](https://redirect.github.com/dominic-r) in [goauthentik/authentik#18891](https://redirect.github.com/goauthentik/authentik/pull/18891) - core: bump astral-sh/uv from 0.9.17 to 0.9.18 by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#18898](https://redirect.github.com/goauthentik/authentik/pull/18898) - core: bump goauthentik/fips-debian from `2f19fc1` to `189345a` by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#18897](https://redirect.github.com/goauthentik/authentik/pull/18897) - web: bump knip from 5.73.3 to 5.74.0 in /web by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#18896](https://redirect.github.com/goauthentik/authentik/pull/18896) - web: bump [@types/node](https://redirect.github.com/types/node) from 25.0.0 to 25.0.3 in /web by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#18895](https://redirect.github.com/goauthentik/authentik/pull/18895) - web: bump the rollup group across 1 directory with 4 updates by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#18852](https://redirect.github.com/goauthentik/authentik/pull/18852) - web: bump the bundler group across 1 directory with 7 updates by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#18894](https://redirect.github.com/goauthentik/authentik/pull/18894) - web: bump [@sentry/browser](https://redirect.github.com/sentry/browser) from 10.30.0 to 10.31.0 in /web in the sentry group across 1 directory by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#18893](https://redirect.github.com/goauthentik/authentik/pull/18893) - lifecycle/aws: bump aws-cdk from 2.1034.0 to 2.1100.0 in /lifecycle/aws by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#18850](https://redirect.github.com/goauthentik/authentik/pull/18850) - web: bump the goauthentik group across 1 directory with 3 updates by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#18819](https://redirect.github.com/goauthentik/authentik/pull/18819) - web: bump the swc group across 1 directory with 11 updates by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#18818](https://redirect.github.com/goauthentik/authentik/pull/18818) - web: bump the eslint group across 1 directory with 5 updates by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#18851](https://redirect.github.com/goauthentik/authentik/pull/18851) - core: bump goauthentik.io/api/v3 from 3.2026020.1 to 3.2026020.3 by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#18892](https://redirect.github.com/goauthentik/authentik/pull/18892) - tasks/middleware: close connections on worker status update database error by [@rissson](https://redirect.github.com/rissson) in [goauthentik/authentik#18881](https://redirect.github.com/goauthentik/authentik/pull/18881) - website/docs: added list of Int Guide contributors (also edited frontmatter) by [@tanberry](https://redirect.github.com/tanberry) in [goauthentik/authentik#18888](https://redirect.github.com/goauthentik/authentik/pull/18888) - api: fix page\_size with invalid query param by [@rissson](https://redirect.github.com/rissson) in [goauthentik/authentik#18879](https://redirect.github.com/goauthentik/authentik/pull/18879) - ci/release-tag: checkout correct branch for make test-docker by [@rissson](https://redirect.github.com/rissson) in [goauthentik/authentik#18880](https://redirect.github.com/goauthentik/authentik/pull/18880) - api: fix latest version for public schema by [@BeryJu](https://redirect.github.com/BeryJu) in [goauthentik/authentik#18902](https://redirect.github.com/goauthentik/authentik/pull/18902) - website/docs: 2025.12: remove superfluous changes by [@rissson](https://redirect.github.com/rissson) in [goauthentik/authentik#18910](https://redirect.github.com/goauthentik/authentik/pull/18910) - web/admin: reword some things on the device view page by [@BeryJu](https://redirect.github.com/BeryJu) in [goauthentik/authentik#18785](https://redirect.github.com/goauthentik/authentik/pull/18785) - core/groups: optimize prefetch queries to fetch only required fields by [@joaocfernandes](https://redirect.github.com/joaocfernandes) in [goauthentik/authentik#18448](https://redirect.github.com/goauthentik/authentik/pull/18448) - root: fix docker-compose data mount by [@rissson](https://redirect.github.com/rissson) in [goauthentik/authentik#18903](https://redirect.github.com/goauthentik/authentik/pull/18903) - web/admin: add UI copy to RBAC modal by [@tanberry](https://redirect.github.com/tanberry) in [goauthentik/authentik#18917](https://redirect.github.com/goauthentik/authentik/pull/18917) - tests/e2e: handle StaleElementReferenceException in parse\_json\_content by [@melizeche](https://redirect.github.com/melizeche) in [goauthentik/authentik#18842](https://redirect.github.com/goauthentik/authentik/pull/18842) - core: bump goauthentik/fips-debian from `189345a` to `10dadf1` by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#18927](https://redirect.github.com/goauthentik/authentik/pull/18927) - web: bump chromedriver from 143.0.1 to 143.0.2 in /web by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#18926](https://redirect.github.com/goauthentik/authentik/pull/18926) - web: bump knip from 5.74.0 to 5.75.1 in /web by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#18924](https://redirect.github.com/goauthentik/authentik/pull/18924) - core, web: update translations by [@authentik-automation](https://redirect.github.com/authentik-automation)\[bot] in [goauthentik/authentik#18920](https://redirect.github.com/goauthentik/authentik/pull/18920) - lifecycle/aws: bump aws-cdk from 2.1100.0 to 2.1100.1 in /lifecycle/aws by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#18922](https://redirect.github.com/goauthentik/authentik/pull/18922) - web: bump the swc group across 1 directory with 11 updates by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#18923](https://redirect.github.com/goauthentik/authentik/pull/18923) - web: bump the storybook group across 1 directory with 5 updates by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#18817](https://redirect.github.com/goauthentik/authentik/pull/18817) - stages: remove more global state by [@BeryJu](https://redirect.github.com/BeryJu) in [goauthentik/authentik#18641](https://redirect.github.com/goauthentik/authentik/pull/18641) - packages/ak-guardian: cast safely by [@gergosimonyi](https://redirect.github.com/gergosimonyi) in [goauthentik/authentik#18929](https://redirect.github.com/goauthentik/authentik/pull/18929) - web/flow: Fix spurious double submit on ak-stage-autosubmit by [@dminuoso](https://redirect.github.com/dminuoso) in [goauthentik/authentik#18727](https://redirect.github.com/goauthentik/authentik/pull/18727) - website/integrations: Add launch URL for Immich by [@optix2000](https://redirect.github.com/optix2000) in [goauthentik/authentik#18921](https://redirect.github.com/goauthentik/authentik/pull/18921) - crypto: fix extra cert data in db migration by [@rissson](https://redirect.github.com/rissson) in [goauthentik/authentik#18937](https://redirect.github.com/goauthentik/authentik/pull/18937) - web/elements: progress-bar and table loading header by [@BeryJu](https://redirect.github.com/BeryJu) in [goauthentik/authentik#18934](https://redirect.github.com/goauthentik/authentik/pull/18934) - stages/identification: replace sleep with make\_password by [@BeryJu](https://redirect.github.com/BeryJu) in [goauthentik/authentik#18883](https://redirect.github.com/goauthentik/authentik/pull/18883) - website/docs: endpoint devices by [@dewi-tik](https://redirect.github.com/dewi-tik) in [goauthentik/authentik#18634](https://redirect.github.com/goauthentik/authentik/pull/18634) - website/docs: Fix labels, Pre-Release detection by [@GirlBossRush](https://redirect.github.com/GirlBossRush) in [goauthentik/authentik#18945](https://redirect.github.com/goauthentik/authentik/pull/18945) - website/docs: release notes: add endpoint device links to 2025.12 notes by [@dewi-tik](https://redirect.github.com/dewi-tik) in [goauthentik/authentik#18940](https://redirect.github.com/goauthentik/authentik/pull/18940) - website/docs: Fix version parsing. by [@GirlBossRush](https://redirect.github.com/GirlBossRush) in [goauthentik/authentik#18948](https://redirect.github.com/goauthentik/authentik/pull/18948) - web/admin: fix endpoints user binding by [@BeryJu](https://redirect.github.com/BeryJu) in [goauthentik/authentik#18935](https://redirect.github.com/goauthentik/authentik/pull/18935) - flows/executor: fix KeyError when session has no existing plan by [@dominic-r](https://redirect.github.com/dominic-r) in [goauthentik/authentik#18951](https://redirect.github.com/goauthentik/authentik/pull/18951) - root: move docker files to lifecycle/containers and change docker-compose to compose by [@PeshekDotDev](https://redirect.github.com/PeshekDotDev) in [goauthentik/authentik#16624](https://redirect.github.com/goauthentik/authentik/pull/16624) - core: bump goauthentik.io/api/v3 from 3.2026020.3 to 3.2026020.4 by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#18956](https://redirect.github.com/goauthentik/authentik/pull/18956) - web: bump chromedriver from 143.0.2 to 143.0.3 in /web by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#18959](https://redirect.github.com/goauthentik/authentik/pull/18959) - web: bump the swc group across 1 directory with 11 updates by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#18958](https://redirect.github.com/goauthentik/authentik/pull/18958) - web: bump [@sentry/browser](https://redirect.github.com/sentry/browser) from 10.31.0 to 10.32.0 in /web in the sentry group across 1 directory by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#18957](https://redirect.github.com/goauthentik/authentik/pull/18957) - ci: bump actions/attest-build-provenance from 3.0.0 to 3.1.0 by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#18960](https://redirect.github.com/goauthentik/authentik/pull/18960) - website/docs: add note to active directory source doc by [@dewi-tik](https://redirect.github.com/dewi-tik) in [goauthentik/authentik#18787](https://redirect.github.com/goauthentik/authentik/pull/18787) - web/maintenance: fix missing custom web component imports by [@kensternberg-authentik](https://redirect.github.com/kensternberg-authentik) in [goauthentik/authentik#18942](https://redirect.github.com/goauthentik/authentik/pull/18942) - web/maintenance: no unknown tag names by [@kensternberg-authentik](https://redirect.github.com/kensternberg-authentik) in [goauthentik/authentik#18944](https://redirect.github.com/goauthentik/authentik/pull/18944) - website/integrations: Fix path for Cloudflare Access by [@stijn220](https://redirect.github.com/stijn220) in [goauthentik/authentik#18979](https://redirect.github.com/goauthentik/authentik/pull/18979) - blueprints: add InternallyManagedMixin instead of large list by [@BeryJu](https://redirect.github.com/BeryJu) in [goauthentik/authentik#18983](https://redirect.github.com/goauthentik/authentik/pull/18983) - web/admin: fix dark theme on map by [@BeryJu](https://redirect.github.com/BeryJu) in [goauthentik/authentik#18985](https://redirect.github.com/goauthentik/authentik/pull/18985) - web/admin: Fix haveibeenpwned link in PasswordPolicyForm by [@hskrtich](https://redirect.github.com/hskrtich) in [goauthentik/authentik#18984](https://redirect.github.com/goauthentik/authentik/pull/18984) - events: notifications live update by [@BeryJu](https://redirect.github.com/BeryJu) in [goauthentik/authentik#18980](https://redirect.github.com/goauthentik/authentik/pull/18980) - web: fix Open button selecting row instead of navigating by [@dominic-r](https://redirect.github.com/dominic-r) in [goauthentik/authentik#18992](https://redirect.github.com/goauthentik/authentik/pull/18992) - blueprints: fix flaky tests by [@BeryJu](https://redirect.github.com/BeryJu) in [goauthentik/authentik#19002](https://redirect.github.com/goauthentik/authentik/pull/19002) - ci: bump docker/setup-buildx-action from 3.11.1 to 3.12.0 by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#18999](https://redirect.github.com/goauthentik/authentik/pull/18999) - providers/oauth2: Automated OpenID Conformance tests by [@BeryJu](https://redirect.github.com/BeryJu) in [goauthentik/authentik#14785](https://redirect.github.com/goauthentik/authentik/pull/14785) - enterprise/reports: improve export list, confirmation by [@BeryJu](https://redirect.github.com/BeryJu) in [goauthentik/authentik#18981](https://redirect.github.com/goauthentik/authentik/pull/18981) - enterprise/search: add static autocomplete structure by [@BeryJu](https://redirect.github.com/BeryJu) in [goauthentik/authentik#19008](https://redirect.github.com/goauthentik/authentik/pull/19008) - website/docs: improve endpoint devices docs by [@dewi-tik](https://redirect.github.com/dewi-tik) in [goauthentik/authentik#19007](https://redirect.github.com/goauthentik/authentik/pull/19007) - web: bump the rollup group across 1 directory with 4 updates by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#18994](https://redirect.github.com/goauthentik/authentik/pull/18994) - core: bump openapitools/openapi-generator-cli from v7.16.0 to v7.18.0 in /scripts/api by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#19018](https://redirect.github.com/goauthentik/authentik/pull/19018) - web: bump globby from 16.0.0 to 16.1.0 in /web by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#18995](https://redirect.github.com/goauthentik/authentik/pull/18995) - api: rework schema generation by [@BeryJu](https://redirect.github.com/BeryJu) in [goauthentik/authentik#18977](https://redirect.github.com/goauthentik/authentik/pull/18977) - web/admin: prevent file upload attempt when backend not managed by [@BeryJu](https://redirect.github.com/BeryJu) in [goauthentik/authentik#18646](https://redirect.github.com/goauthentik/authentik/pull/18646) - web: bump the eslint group across 1 directory with 3 updates by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#19019](https://redirect.github.com/goauthentik/authentik/pull/19019) - core: bump goauthentik.io/api/v3 from 3.2026020.4 to 3.2026020.5 by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#19017](https://redirect.github.com/goauthentik/authentik/pull/19017) - website/docs: Prioritize "Release Candidate" over "Current Release" by [@GirlBossRush](https://redirect.github.com/GirlBossRush) in [goauthentik/authentik#18975](https://redirect.github.com/goauthentik/authentik/pull/18975) - web: Locale selector UI fixes by [@GirlBossRush](https://redirect.github.com/GirlBossRush) in [goauthentik/authentik#18972](https://redirect.github.com/goauthentik/authentik/pull/18972) - web: Fix Storybook package resolution with `npm link` by [@GirlBossRush](https://redirect.github.com/GirlBossRush) in [goauthentik/authentik#19016](https://redirect.github.com/goauthentik/authentik/pull/19016) - core: use chunked\_queryset for expired message deletion by [@BeryJu](https://redirect.github.com/BeryJu) in [goauthentik/authentik#19028](https://redirect.github.com/goauthentik/authentik/pull/19028) - web/admin: use consistent icon for inactive user status by [@dominic-r](https://redirect.github.com/dominic-r) in [goauthentik/authentik#19032](https://redirect.github.com/goauthentik/authentik/pull/19032) - web: bump lit from 3.3.1 to 3.3.2 in /web by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#19038](https://redirect.github.com/goauthentik/authentik/pull/19038) - web: bump [@lit/reactive-element](https://redirect.github.com/lit/reactive-element) from 2.1.1 to 2.1.2 in /web by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#19037](https://redirect.github.com/goauthentik/authentik/pull/19037) - web: bump knip from 5.75.1 to 5.77.0 in /web by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#19041](https://redirect.github.com/goauthentik/authentik/pull/19041) - core: bump goauthentik.io/api/v3 from 3.2026020.5 to 3.2026020.6 by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#19036](https://redirect.github.com/goauthentik/authentik/pull/19036) - docs/release notes: update 2025.12 release notes by [@melizeche](https://redirect.github.com/melizeche) in [goauthentik/authentik#19043](https://redirect.github.com/goauthentik/authentik/pull/19043) - lib/sync: fix sync\_dispatch by [@krejcar25](https://redirect.github.com/krejcar25) in [goauthentik/authentik#19053](https://redirect.github.com/goauthentik/authentik/pull/19053) - endpoints/devices: cleanup by [@BeryJu](https://redirect.github.com/BeryJu) in [goauthentik/authentik#19047](https://redirect.github.com/goauthentik/authentik/pull/19047) - blueprints: set enrollment token key by [@BeryJu](https://redirect.github.com/BeryJu) in [goauthentik/authentik#19061](https://redirect.github.com/goauthentik/authentik/pull/19061) - website/integrations: Add Wallos by [@0skater0](https://redirect.github.com/0skater0) in [goauthentik/authentik#19013](https://redirect.github.com/goauthentik/authentik/pull/19013) - website/docs: FreeIPA documentation updates by [@borutmrak](https://redirect.github.com/borutmrak) in [goauthentik/authentik#15183](https://redirect.github.com/goauthentik/authentik/pull/15183) - \*: Auto compress images by [@authentik-automation](https://redirect.github.com/authentik-automation)\[bot] in [goauthentik/authentik#19065](https://redirect.github.com/goauthentik/authentik/pull/19065) - blueprints: fix deadlock and task context error in MetaApplyBlueprint by [@dominic-r](https://redirect.github.com/dominic-r) in [goauthentik/authentik#19033](https://redirect.github.com/goauthentik/authentik/pull/19033) - web: fix file search input not resetting results properly by [@dominic-r](https://redirect.github.com/dominic-r) in [goauthentik/authentik#19034](https://redirect.github.com/goauthentik/authentik/pull/19034) - website/integrations: owncloud: fix php by [@ocmateusz](https://redirect.github.com/ocmateusz) in [goauthentik/authentik#19073](https://redirect.github.com/goauthentik/authentik/pull/19073) - tests/e2e: add endpoint tests by [@BeryJu](https://redirect.github.com/BeryJu) in [goauthentik/authentik#19072](https://redirect.github.com/goauthentik/authentik/pull/19072) - core, web: update translations by [@authentik-automation](https://redirect.github.com/authentik-automation)\[bot] in [goauthentik/authentik#18991](https://redirect.github.com/goauthentik/authentik/pull/18991) - web: bump knip from 5.77.0 to 5.77.1 in /web by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#19049](https://redirect.github.com/goauthentik/authentik/pull/19049) - web: bump [@lit/localize-tools](https://redirect.github.com/lit/localize-tools) from 0.8.0 to 0.8.1 in /web by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#19040](https://redirect.github.com/goauthentik/authentik/pull/19040) - internal: update TLS Suite by [@BeryJu](https://redirect.github.com/BeryJu) in [goauthentik/authentik#19076](https://redirect.github.com/goauthentik/authentik/pull/19076) - web: bump [@formatjs/intl-listformat](https://redirect.github.com/formatjs/intl-listformat) from 7.7.13 to 8.1.0 in /web by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#19054](https://redirect.github.com/goauthentik/authentik/pull/19054) - web/admin: fix button alignment on user view page by [@BeryJu](https://redirect.github.com/BeryJu) in [goauthentik/authentik#19079](https://redirect.github.com/goauthentik/authentik/pull/19079) - website/docs: endpoints: mention connector key required for stage to work by [@dominic-r](https://redirect.github.com/dominic-r) in [goauthentik/authentik#19084](https://redirect.github.com/goauthentik/authentik/pull/19084) - website/docs: rel notes .12: add wallos by [@dominic-r](https://redirect.github.com/dominic-r) in [goauthentik/authentik#19063](https://redirect.github.com/goauthentik/authentik/pull/19063) - website/docs: endpoint devices: update features table by [@dewi-tik](https://redirect.github.com/dewi-tik) in [goauthentik/authentik#19094](https://redirect.github.com/goauthentik/authentik/pull/19094) - website/docs: endpoint devices: add path to macos setup by [@dewi-tik](https://redirect.github.com/dewi-tik) in [goauthentik/authentik#19093](https://redirect.github.com/goauthentik/authentik/pull/19093) - web: bump knip from 5.77.1 to 5.78.0 in /web by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#19090](https://redirect.github.com/goauthentik/authentik/pull/19090) - web: fix promoted source button hover losing blue color by [@dominic-r](https://redirect.github.com/dominic-r) in [goauthentik/authentik#19048](https://redirect.github.com/goauthentik/authentik/pull/19048) - web: Fix stale flow background by [@dominic-r](https://redirect.github.com/dominic-r) in [goauthentik/authentik#19015](https://redirect.github.com/goauthentik/authentik/pull/19015) - Update Vaultwarden documentation by removing warning by [@austin-dudzik](https://redirect.github.com/austin-dudzik) in [goauthentik/authentik#19102](https://redirect.github.com/goauthentik/authentik/pull/19102) - web/maintenance/no unknown attributes (part 1) by [@kensternberg-authentik](https://redirect.github.com/kensternberg-authentik) in [goauthentik/authentik#18970](https://redirect.github.com/goauthentik/authentik/pull/18970) - website/integrations: Add Pulse by [@0skater0](https://redirect.github.com/0skater0) in [goauthentik/authentik#19105](https://redirect.github.com/goauthentik/authentik/pull/19105) - website/integrations: Add Audiobookshelf by [@0skater0](https://redirect.github.com/0skater0) in [goauthentik/authentik#19104](https://redirect.github.com/goauthentik/authentik/pull/19104) - website/docs: release notes: Add more integrations by [@dominic-r](https://redirect.github.com/dominic-r) in [goauthentik/authentik#19109](https://redirect.github.com/goauthentik/authentik/pull/19109) - web: bump the storybook group across 1 directory with 5 updates by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#19111](https://redirect.github.com/goauthentik/authentik/pull/19111) - core: bump library/nginx from `fb01117` to `ad85427` in /website by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#19112](https://redirect.github.com/goauthentik/authentik/pull/19112) - web: bump the eslint group across 1 directory with 3 updates by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#19110](https://redirect.github.com/goauthentik/authentik/pull/19110) - web: Fix Impersonation, Lit Reactive Controller Contexts by [@GirlBossRush](https://redirect.github.com/GirlBossRush) in [goauthentik/authentik#19114](https://redirect.github.com/goauthentik/authentik/pull/19114) - web: Capitalize language display names, code owner fix by [@GirlBossRush](https://redirect.github.com/GirlBossRush) in [goauthentik/authentik#19119](https://redirect.github.com/goauthentik/authentik/pull/19119) - core: bump library/nginx from `ad85427` to `ca871a8` in /website by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#19126](https://redirect.github.com/goauthentik/authentik/pull/19126) - web: bump the swc group across 1 directory with 11 updates by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#19124](https://redirect.github.com/goauthentik/authentik/pull/19124) - core: bump github.com/jackc/pgx/v5 from 5.7.6 to 5.8.0 by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#19088](https://redirect.github.com/goauthentik/authentik/pull/19088) - core: bump library/node from `ccfd9da` to `03729a7` in /website by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#19125](https://redirect.github.com/goauthentik/authentik/pull/19125) - core, web: bump qs from 6.14.0 to 6.14.1 in /packages/docusaurus-config by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#19130](https://redirect.github.com/goauthentik/authentik/pull/19130) - website/integrations: karakeep: don't hardcode wellknown's slug by [@pippo73](https://redirect.github.com/pippo73) in [goauthentik/authentik#19127](https://redirect.github.com/goauthentik/authentik/pull/19127) - web: disable user settings fields when changes are not allowed by [@dominic-r](https://redirect.github.com/dominic-r) in [goauthentik/authentik#19132](https://redirect.github.com/goauthentik/authentik/pull/19132) - website/docs: endpoint agent release notes by [@BeryJu](https://redirect.github.com/BeryJu) in [goauthentik/authentik#19042](https://redirect.github.com/goauthentik/authentik/pull/19042) - website/docs: fix build by [@BeryJu](https://redirect.github.com/BeryJu) in [goauthentik/authentik#19148](https://redirect.github.com/goauthentik/authentik/pull/19148) - web: Token Form Fixes by [@GirlBossRush](https://redirect.github.com/GirlBossRush) in [goauthentik/authentik#19121](https://redirect.github.com/goauthentik/authentik/pull/19121) - web/user: fix consent delete form missing details by [@BeryJu](https://redirect.github.com/BeryJu) in [goauthentik/authentik#19147](https://redirect.github.com/goauthentik/authentik/pull/19147) - web: bump globals from 16.5.0 to 17.0.0 in /web by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#19154](https://redirect.github.com/goauthentik/authentik/pull/19154) - core, web: update translations by [@authentik-automation](https://redirect.github.com/authentik-automation)\[bot] in [goauthentik/authentik#19135](https://redirect.github.com/goauthentik/authentik/pull/19135) - ci: bump int128/docker-manifest-create-action from 2.10.0 to 2.12.0 by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#19138](https://redirect.github.com/goauthentik/authentik/pull/19138) - website/integrations: vaultwarden: add custom email scope by [@williamkray](https://redirect.github.com/williamkray) in [goauthentik/authentik#19160](https://redirect.github.com/goauthentik/authentik/pull/19160) - stages/authenticator\_webauthn: Update FIDO MDS3 & Passkey aaguid blobs by [@authentik-automation](https://redirect.github.com/authentik-automation)\[bot] in [goauthentik/authentik#19137](https://redirect.github.com/goauthentik/authentik/pull/19137) - core: handle deserialization errors from FileField migration by [@dominic-r](https://redirect.github.com/dominic-r) in [goauthentik/authentik#19067](https://redirect.github.com/goauthentik/authentik/pull/19067) - web: fix slug auto-updating when editing existing applications by [@dominic-r](https://redirect.github.com/dominic-r) in [goauthentik/authentik#19169](https://redirect.github.com/goauthentik/authentik/pull/19169) - web: Fix user library colors, modal z-indexes, table progress bars by [@GirlBossRush](https://redirect.github.com/GirlBossRush) in [goauthentik/authentik#19152](https://redirect.github.com/goauthentik/authentik/pull/19152) - web/admin: adjust sync threshold, add tooltip by [@BeryJu](https://redirect.github.com/BeryJu) in [goauthentik/authentik#19131](https://redirect.github.com/goauthentik/authentik/pull/19131) - website/docs: remove duplicates in slo docs by [@nmasnadithya](https://redirect.github.com/nmasnadithya) in [goauthentik/authentik#19170](https://redirect.github.com/goauthentik/authentik/pull/19170) - lifecycle: fix migration conn\_options for psycopg connection by [@D-Tasker207](https://redirect.github.com/D-Tasker207) in [goauthentik/authentik#19134](https://redirect.github.com/goauthentik/authentik/pull/19134) - web: bump knip from 5.78.0 to 5.79.0 in /web by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#19181](https://redirect.github.com/goauthentik/authentik/pull/19181) - ci: bump getsentry/action-release from 3.4.0 to 3.5.0 by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#19183](https://redirect.github.com/goauthentik/authentik/pull/19183) - web: bump [@formatjs/intl-listformat](https://redirect.github.com/formatjs/intl-listformat) from 8.1.0 to 8.1.1 in /web by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#19182](https://redirect.github.com/goauthentik/authentik/pull/19182) - core, web: update translations by [@authentik-automation](https://redirect.github.com/authentik-automation)\[bot] in [goauthentik/authentik#19179](https://redirect.github.com/goauthentik/authentik/pull/19179) - lib: update error logging by [@PeshekDotDev](https://redirect.github.com/PeshekDotDev) in [goauthentik/authentik#18628](https://redirect.github.com/goauthentik/authentik/pull/18628) - website/integrations: make grafana terraform section expand by [@BeryJu](https://redirect.github.com/BeryJu) in [goauthentik/authentik#19192](https://redirect.github.com/goauthentik/authentik/pull/19192) - core: add prettier failure on duplicate group names by [@gergosimonyi](https://redirect.github.com/gergosimonyi) in [goauthentik/authentik#18941](https://redirect.github.com/goauthentik/authentik/pull/18941) - web/maintenance: no missing element type definitions by [@kensternberg-authentik](https://redirect.github.com/kensternberg-authentik) in [goauthentik/authentik#18950](https://redirect.github.com/goauthentik/authentik/pull/18950) - root: codespell: ignore Python virtual env, group patterns. by [@GirlBossRush](https://redirect.github.com/GirlBossRush) in [goauthentik/authentik#19180](https://redirect.github.com/goauthentik/authentik/pull/19180) - web: Merge branch -- Stale notifications, synchronized context objects, rendering fixes by [@GirlBossRush](https://redirect.github.com/GirlBossRush) in [goauthentik/authentik#19141](https://redirect.github.com/goauthentik/authentik/pull/19141) - website/docs: Add docs for roles by [@PeshekDotDev](https://redirect.github.com/PeshekDotDev) in [goauthentik/authentik#19196](https://redirect.github.com/goauthentik/authentik/pull/19196) - web: Defer table refresh, visibility checks. by [@GirlBossRush](https://redirect.github.com/GirlBossRush) in [goauthentik/authentik#19194](https://redirect.github.com/goauthentik/authentik/pull/19194) - rbac: Add show all to roles tab, add role tab to groups by [@PeshekDotDev](https://redirect.github.com/PeshekDotDev) in [goauthentik/authentik#19097](https://redirect.github.com/goauthentik/authentik/pull/19097) - website/docs: rewrite section about users and perms by [@tanberry](https://redirect.github.com/tanberry) in [goauthentik/authentik#19195](https://redirect.github.com/goauthentik/authentik/pull/19195) - core: add last\_login filter to users API by [@dominic-r](https://redirect.github.com/dominic-r) in [goauthentik/authentik#18993](https://redirect.github.com/goauthentik/authentik/pull/18993) - web: bump the eslint group across 1 directory with 3 updates by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#19205](https://redirect.github.com/goauthentik/authentik/pull/19205) - admin/files: support %(theme)s variable in media file paths by [@dominic-r](https://redirect.github.com/dominic-r) in [goauthentik/authentik#19108](https://redirect.github.com/goauthentik/authentik/pull/19108) - website/integrations: glpi: add step by [@dewi-tik](https://redirect.github.com/dewi-tik) in [goauthentik/authentik#19208](https://redirect.github.com/goauthentik/authentik/pull/19208) - web: bump knip from 5.79.0 to 5.80.0 in /web by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#19207](https://redirect.github.com/goauthentik/authentik/pull/19207) - core: bump axllent/mailpit from v1.28.0 to v1.28.1 in /tests/e2e by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#19204](https://redirect.github.com/goauthentik/authentik/pull/19204) - lifecycle/aws: bump aws-cdk from 2.1100.1 to 2.1100.2 in /lifecycle/aws by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#19203](https://redirect.github.com/goauthentik/authentik/pull/19203) - core: bump goauthentik.io/api/v3 from 3.2026020.6 to 3.2026020.7 by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#19202](https://redirect.github.com/goauthentik/authentik/pull/19202) - translate: Updates for project authentik and language pt\_BR by [@transifex-integration](https://redirect.github.com/transifex-integration)\[bot] in [goauthentik/authentik#19082](https://redirect.github.com/goauthentik/authentik/pull/19082) - web/maintenance: lint pass to add missing HTMLElementEventMap entries by [@kensternberg-authentik](https://redirect.github.com/kensternberg-authentik) in [goauthentik/authentik#18953](https://redirect.github.com/goauthentik/authentik/pull/18953) - outpost/proxyv2: reduce max number of postgres connections by [@rissson](https://redirect.github.com/rissson) in [goauthentik/authentik#19211](https://redirect.github.com/goauthentik/authentik/pull/19211) - core, web: update translations by [@authentik-automation](https://redirect.github.com/authentik-automation)\[bot] in [goauthentik/authentik#19200](https://redirect.github.com/goauthentik/authentik/pull/19200) - website/docs: revisit endpoint docs the nth by [@BeryJu](https://redirect.github.com/BeryJu) in [goauthentik/authentik#19116](https://redirect.github.com/goauthentik/authentik/pull/19116) - ci: bump astral-sh/setup-uv from 7.1.6 to 7.2.0 in /.github/actions/setup by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#19221](https://redirect.github.com/goauthentik/authentik/pull/19221) - endpoints: include license status in agent config by [@BeryJu](https://redirect.github.com/BeryJu) in [goauthentik/authentik#19227](https://redirect.github.com/goauthentik/authentik/pull/19227) - web: bump [@formatjs/intl-listformat](https://redirect.github.com/formatjs/intl-listformat) from 8.1.1 to 8.1.2 in /web by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#19220](https://redirect.github.com/goauthentik/authentik/pull/19220) - lifecycle/aws: bump aws-cdk from 2.1100.2 to 2.1100.3 in /lifecycle/aws by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#19219](https://redirect.github.com/goauthentik/authentik/pull/19219) - core: bump goauthentik.io/api/v3 from 3.2026020.7 to 3.2026020.8 by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#19218](https://redirect.github.com/goauthentik/authentik/pull/19218) - stages/authenticator\_static: set max token length to 100 chars by [@dominic-r](https://redirect.github.com/dominic-r) in [goauthentik/authentik#19162](https://redirect.github.com/goauthentik/authentik/pull/19162) - website/glossary: improve by [@dominic-r](https://redirect.github.com/dominic-r) in [goauthentik/authentik#18969](https://redirect.github.com/goauthentik/authentik/pull/18969) - core: fix read replica routing during transactions by [@dominic-r](https://redirect.github.com/dominic-r) in [goauthentik/authentik#19086](https://redirect.github.com/goauthentik/authentik/pull/19086) - website: Fix typos. by [@dominic-r](https://redirect.github.com/dominic-r) in [goauthentik/authentik#19243](https://redirect.github.com/goauthentik/authentik/pull/19243) - core: bump goauthentik.io/api/v3 from 3.2026020.8 to 3.2026020.10 by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#19242](https://redirect.github.com/goauthentik/authentik/pull/19242) - website/integrations: update AWS by [@dewi-tik](https://redirect.github.com/dewi-tik) in [goauthentik/authentik#17861](https://redirect.github.com/goauthentik/authentik/pull/17861) - website/docs: update github social login script example by [@busybox11](https://redirect.github.com/busybox11) in [goauthentik/authentik#19246](https://redirect.github.com/goauthentik/authentik/pull/19246) - web: bump vite from 7.3.0 to 7.3.1 in /web by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#19245](https://redirect.github.com/goauthentik/authentik/pull/19245) - web: bump the rollup group across 1 directory with 4 updates by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#19206](https://redirect.github.com/goauthentik/authentik/pull/19206) - stages/prompt: optimize API endpoints by [@rissson](https://redirect.github.com/rissson) in [goauthentik/authentik#19251](https://redirect.github.com/goauthentik/authentik/pull/19251) - website/docs: update entra id provider docs by [@dewi-tik](https://redirect.github.com/dewi-tik) in [goauthentik/authentik#18366](https://redirect.github.com/goauthentik/authentik/pull/18366) - website/integations: fix aws spelling by [@dewi-tik](https://redirect.github.com/dewi-tik) in [goauthentik/authentik#19253](https://redirect.github.com/goauthentik/authentik/pull/19253) - stages/password: replace session-based retries with reputation by [@BeryJu](https://redirect.github.com/BeryJu) in [goauthentik/authentik#18643](https://redirect.github.com/goauthentik/authentik/pull/18643) - web: bump chromedriver from 143.0.3 to 143.0.4 in /web by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#19244](https://redirect.github.com/goauthentik/authentik/pull/19244) - web/admin: add banner to flow import form by [@BeryJu](https://redirect.github.com/BeryJu) in [goauthentik/authentik#19288](https://redirect.github.com/goauthentik/authentik/pull/19288) - core: bump django from v5.2.9 to 5.2.10 by [@melizeche](https://redirect.github.com/melizeche) in [goauthentik/authentik#19290](https://redirect.github.com/goauthentik/authentik/pull/19290) - endpoints: show agent version by [@BeryJu](https://redirect.github.com/BeryJu) in [goauthentik/authentik#19239](https://redirect.github.com/goauthentik/authentik/pull/19239) - core: bump urllib3 from 2.5.0 to v2.6.3 by [@melizeche](https://redirect.github.com/melizeche) in [goauthentik/authentik#19287](https://redirect.github.com/goauthentik/authentik/pull/19287) - web: bump knip from 5.80.0 to 5.80.1 in /web by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#19301](https://redirect.github.com/goauthentik/authentik/pull/19301) - web: Fix flow inspector advancement event. by [@GirlBossRush](https://redirect.github.com/GirlBossRush) in [goauthentik/authentik#19309](https://redirect.github.com/goauthentik/authentik/pull/19309) - core, web: update translations by [@authentik-automation](https://redirect.github.com/authentik-automation)\[bot] in [goauthentik/authentik#19237](https://redirect.github.com/goauthentik/authentik/pull/19237) - website/docs: deprecate GCDT auth stage by [@dewi-tik](https://redirect.github.com/dewi-tik) in [goauthentik/authentik#19306](https://redirect.github.com/goauthentik/authentik/pull/19306) - website/docs: Fix typo in GitHub OAuth Source instructions by [@tcrasset](https://redirect.github.com/tcrasset) in [goauthentik/authentik#18936](https://redirect.github.com/goauthentik/authentik/pull/18936) - website/docs: update m2m doc by [@dewi-tik](https://redirect.github.com/dewi-tik) in [goauthentik/authentik#18963](https://redirect.github.com/goauthentik/authentik/pull/18963) - website/docs: Fix documentation example for `app_entitlements_attributes`. by [@sebastianw](https://redirect.github.com/sebastianw) in [goauthentik/authentik#19316](https://redirect.github.com/goauthentik/authentik/pull/19316) - website/docs: add flow import warnings by [@dewi-tik](https://redirect.github.com/dewi-tik) in [goauthentik/authentik#19307](https://redirect.github.com/goauthentik/authentik/pull/19307) - web: bump pino from 10.1.0 to 10.1.1 in /web by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#19333](https://redirect.github.com/goauthentik/authentik/pull/19333) - web: bump knip from 5.80.1 to 5.80.2 in /web by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#19332](https://redirect.github.com/goauthentik/authentik/pull/19332) - core: bump axllent/mailpit from v1.28.1 to v1.28.2 in /tests/e2e by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#19329](https://redirect.github.com/goauthentik/authentik/pull/19329) - web: bump [@types/node](https://redirect.github.com/types/node) from 25.0.3 to 25.0.6 in /web by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#19331](https://redirect.github.com/goauthentik/authentik/pull/19331) - core: bump library/nginx from `ca871a8` to `7272239` in /website by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#19334](https://redirect.github.com/goauthentik/authentik/pull/19334) - website/docs: update unique email policy by [@dewi-tik](https://redirect.github.com/dewi-tik) in [goauthentik/authentik#19305](https://redirect.github.com/goauthentik/authentik/pull/19305) - web: bump [@types/react](https://redirect.github.com/types/react) from 19.2.7 to 19.2.8 in /web in the react group across 1 directory by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#19330](https://redirect.github.com/goauthentik/authentik/pull/19330) - web: Images styles, theming by [@GirlBossRush](https://redirect.github.com/GirlBossRush) in [goauthentik/authentik#19233](https://redirect.github.com/goauthentik/authentik/pull/19233) - website/docs: update LDAP provider docs by [@dewi-tik](https://redirect.github.com/dewi-tik) in [goauthentik/authentik#18272](https://redirect.github.com/goauthentik/authentik/pull/18272) - web: Flow info, localization, back button. by [@GirlBossRush](https://redirect.github.com/GirlBossRush) in [goauthentik/authentik#19234](https://redirect.github.com/goauthentik/authentik/pull/19234) - web: bump type-fest from 5.3.1 to 5.4.0 in /web by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#19354](https://redirect.github.com/goauthentik/authentik/pull/19354) - core: bump goauthentik.io/api/v3 from 3.2026020.10 to 3.2026020.11 by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#19300](https://redirect.github.com/goauthentik/authentik/pull/19300) - ci: bump actions/setup-go from 6.1.0 to 6.2.0 in /.github/actions/setup by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#19352](https://redirect.github.com/goauthentik/authentik/pull/19352) - web: bump the bundler group across 1 directory with 3 updates by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#19349](https://redirect.github.com/goauthentik/authentik/pull/19349) - ci: bump actions/setup-go from 6.1.0 to 6.2.0 by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#19351](https://redirect. </details> --- ### Configuration 📅 **Schedule**: Branch creation - "every weekend" in timezone America/New_York, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/enchantednatures/HomeCluster).  --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

> ℹ️ **Note** > > This PR body was truncated due to platform limits. This PR contains the following updates: | Package | Update | Change | |---|---|---| | [authentik](https://goauthentik.io) ([source](https://redirect.github.com/goauthentik/helm)) | major | `^2025.0.0` → `^2026.0.0` | --- ### Release Notes <details> <summary>goauthentik/helm (authentik)</summary> ### [`v2026.2.1`](https://redirect.github.com/goauthentik/helm/releases/tag/authentik-2026.2.1) [Compare Source](https://redirect.github.com/goauthentik/helm/compare/authentik-2026.2.0...authentik-2026.2.1) authentik is an open-source Identity Provider focused on flexibility and versatility #### What's Changed - charts/authentik: Add weight to http route service by [@flipper](https://redirect.github.com/flipper) in [#458](https://redirect.github.com/goauthentik/helm/pull/458) - chore(deps): update docker.io/library/postgres docker tag to v17.9 by [@renovate](https://redirect.github.com/renovate)\[bot] in [#452](https://redirect.github.com/goauthentik/helm/pull/452) - chore(deps): update prometheuscommunity/postgres-exporter docker tag to v0.19.1 by [@renovate](https://redirect.github.com/renovate)\[bot] in [#445](https://redirect.github.com/goauthentik/helm/pull/445) - charts/authentik: bump to 2026.2.1 by [@authentik-automation](https://redirect.github.com/authentik-automation)\[bot] in [#459](https://redirect.github.com/goauthentik/helm/pull/459) #### New Contributors - [@flipper](https://redirect.github.com/flipper) made their first contribution in [#458](https://redirect.github.com/goauthentik/helm/pull/458) **Full Changelog**: <https://github.com/goauthentik/helm/compare/authentik-2026.2.0...authentik-2026.2.1> *** ### Full release notes for authentik See <https://docs.goauthentik.io/docs/releases/2026.2#fixed-in-202621> #### What's Changed - website/docs: update supported versions (cherry-pick [#20534](https://redirect.github.com/goauthentik/helm/issues/20534) to version-2026.2) by [@authentik-automation](https://redirect.github.com/authentik-automation)\[bot] in [goauthentik/authentik#20535](https://redirect.github.com/goauthentik/authentik/pull/20535) - website/docs: fix upgrade link in `2026.2` release notes (cherry-pick [#20539](https://redirect.github.com/goauthentik/helm/issues/20539) to version-2026.2) by [@authentik-automation](https://redirect.github.com/authentik-automation)\[bot] in [goauthentik/authentik#20542](https://redirect.github.com/goauthentik/authentik/pull/20542) - website/docs: remove bad logs redirect (cherry-pick [#20522](https://redirect.github.com/goauthentik/helm/issues/20522) to version-2026.2) by [@authentik-automation](https://redirect.github.com/authentik-automation)\[bot] in [goauthentik/authentik#20548](https://redirect.github.com/goauthentik/authentik/pull/20548) - website/docs: revamp enterprise section (cherry-pick [#20379](https://redirect.github.com/goauthentik/helm/issues/20379) to version-2026.2) by [@authentik-automation](https://redirect.github.com/authentik-automation)\[bot] in [goauthentik/authentik#20546](https://redirect.github.com/goauthentik/authentik/pull/20546) - docs: fix typos and wording in docs and integrations (cherry-pick [#20550](https://redirect.github.com/goauthentik/helm/issues/20550) to version-2026.2) by [@authentik-automation](https://redirect.github.com/authentik-automation)\[bot] in [goauthentik/authentik#20563](https://redirect.github.com/goauthentik/authentik/pull/20563) - ci: add `reason` change to versions repo bump (cherry-pick [#20562](https://redirect.github.com/goauthentik/helm/issues/20562) to version-2026.2) by [@gergosimonyi](https://redirect.github.com/gergosimonyi) in [goauthentik/authentik#20569](https://redirect.github.com/goauthentik/authentik/pull/20569) - internal: make http timeouts configurable (cherry-pick [#20472](https://redirect.github.com/goauthentik/helm/issues/20472) to version-2026.2) by [@authentik-automation](https://redirect.github.com/authentik-automation)\[bot] in [goauthentik/authentik#20567](https://redirect.github.com/goauthentik/authentik/pull/20567) - packages/django-dramatiq-postgres: use fork (cherry-pick [#20606](https://redirect.github.com/goauthentik/helm/issues/20606) to version-2026.2) by [@authentik-automation](https://redirect.github.com/authentik-automation)\[bot] in [goauthentik/authentik#20608](https://redirect.github.com/goauthentik/authentik/pull/20608) - web/flows: fix source icons being always inverted (cherry-pick [#20419](https://redirect.github.com/goauthentik/helm/issues/20419) to version-2026.2) by [@authentik-automation](https://redirect.github.com/authentik-automation)\[bot] in [goauthentik/authentik#20607](https://redirect.github.com/goauthentik/authentik/pull/20607) - crypto: fix kid legacy signal (cherry-pick [#20627](https://redirect.github.com/goauthentik/helm/issues/20627) to version-2026.2) by [@authentik-automation](https://redirect.github.com/authentik-automation)\[bot] in [goauthentik/authentik#20628](https://redirect.github.com/goauthentik/authentik/pull/20628) - sources/ldap: add connection logging & downgrade message (cherry-pick [#20519](https://redirect.github.com/goauthentik/helm/issues/20519) to version-2026.2) by [@authentik-automation](https://redirect.github.com/authentik-automation)\[bot] in [goauthentik/authentik#20636](https://redirect.github.com/goauthentik/authentik/pull/20636) - packages/django-dramatiq-postgres: fix worker startup on macos (cherry-pick [#20637](https://redirect.github.com/goauthentik/helm/issues/20637) to version-2026.2) by [@authentik-automation](https://redirect.github.com/authentik-automation)\[bot] in [goauthentik/authentik#20641](https://redirect.github.com/goauthentik/authentik/pull/20641) - enterprise/wsfed: Fix metadata export and signing logic (cherry-pick [#20643](https://redirect.github.com/goauthentik/helm/issues/20643) to version-2026.2) by [@authentik-automation](https://redirect.github.com/authentik-automation)\[bot] in [goauthentik/authentik#20649](https://redirect.github.com/goauthentik/authentik/pull/20649) - website/docs: entra id provider: add custom email domain info (cherry-pick [#20444](https://redirect.github.com/goauthentik/helm/issues/20444) to version-2026.2) by [@authentik-automation](https://redirect.github.com/authentik-automation)\[bot] in [goauthentik/authentik#20660](https://redirect.github.com/goauthentik/authentik/pull/20660) - website/docs: kerberos: add note about caching (cherry-pick [#20663](https://redirect.github.com/goauthentik/helm/issues/20663) to version-2026.2) by [@authentik-automation](https://redirect.github.com/authentik-automation)\[bot] in [goauthentik/authentik#20664](https://redirect.github.com/goauthentik/authentik/pull/20664) - core: fix get\_provider returning base Provider instead of subclass (cherry-pick [#19064](https://redirect.github.com/goauthentik/helm/issues/19064) to version-2026.2) by [@authentik-automation](https://redirect.github.com/authentik-automation)\[bot] in [goauthentik/authentik#20670](https://redirect.github.com/goauthentik/authentik/pull/20670) - packages/django-channels-postgres: eagerly delete messages (cherry-pick [#20687](https://redirect.github.com/goauthentik/helm/issues/20687) to version-2026.2) by [@authentik-automation](https://redirect.github.com/authentik-automation)\[bot] in [goauthentik/authentik#20688](https://redirect.github.com/goauthentik/authentik/pull/20688) - outpost/proxyv2: prevent panic in handleSignOut (cherry-pick [#20097](https://redirect.github.com/goauthentik/helm/issues/20097) to version-2026.2) by [@authentik-automation](https://redirect.github.com/authentik-automation)\[bot] in [goauthentik/authentik#20689](https://redirect.github.com/goauthentik/authentik/pull/20689) - website/docs: add 2025 pentest (cherry-pick [#20626](https://redirect.github.com/goauthentik/helm/issues/20626) to version-2026.2) by [@authentik-automation](https://redirect.github.com/authentik-automation)\[bot] in [goauthentik/authentik#20691](https://redirect.github.com/goauthentik/authentik/pull/20691) - web: fix identification stage styling in compatibility mode (cherry-pick [#20684](https://redirect.github.com/goauthentik/helm/issues/20684) to version-2026.2) by [@authentik-automation](https://redirect.github.com/authentik-automation)\[bot] in [goauthentik/authentik#20694](https://redirect.github.com/goauthentik/authentik/pull/20694) - providers/proxy: move search path to query instead of runtime parameter (cherry-pick [#20662](https://redirect.github.com/goauthentik/helm/issues/20662) to version-2026.2) by [@authentik-automation](https://redirect.github.com/authentik-automation)\[bot] in [goauthentik/authentik#20693](https://redirect.github.com/goauthentik/authentik/pull/20693) - website/docs: add release notes for `2026.2.1` (cherry-pick [#20659](https://redirect.github.com/goauthentik/helm/issues/20659) to version-2026.2) by [@authentik-automation](https://redirect.github.com/authentik-automation)\[bot] in [goauthentik/authentik#20695](https://redirect.github.com/goauthentik/authentik/pull/20695) **Full Changelog**: <https://github.com/goauthentik/authentik/compare/version/2026.2.0...version/2026.2.1> ### [`v2026.2.0`](https://redirect.github.com/goauthentik/helm/releases/tag/authentik-2026.2.0) [Compare Source](https://redirect.github.com/goauthentik/helm/compare/authentik-2025.12.4...authentik-2026.2.0) authentik is an open-source Identity Provider focused on flexibility and versatility #### What's Changed - charts/authentik: add fields auto-added by Kubernetes to httproute by [@cfi2017](https://redirect.github.com/cfi2017) in [#453](https://redirect.github.com/goauthentik/helm/pull/453) - chore(deps): update helm/kind-action action to v1.14.0 by [@renovate](https://redirect.github.com/renovate)\[bot] in [#454](https://redirect.github.com/goauthentik/helm/pull/454) - charts/authentik: add note how to set version by [@BeryJu](https://redirect.github.com/BeryJu) in [#456](https://redirect.github.com/goauthentik/helm/pull/456) - charts/authentik: bump to 2026.2.0 by [@authentik-automation](https://redirect.github.com/authentik-automation)\[bot] in [#457](https://redirect.github.com/goauthentik/helm/pull/457) #### New Contributors - [@cfi2017](https://redirect.github.com/cfi2017) made their first contribution in [#453](https://redirect.github.com/goauthentik/helm/pull/453) **Full Changelog**: <https://github.com/goauthentik/helm/compare/authentik-2025.12.4...authentik-2026.2.0> *** ### Full release notes for authentik See <https://docs.goauthentik.io/docs/releases/2026.2> #### What's Changed - root: bump version to 2026.2.0-rc1 by [@authentik-automation](https://redirect.github.com/authentik-automation)\[bot] in [goauthentik/authentik#18794](https://redirect.github.com/goauthentik/authentik/pull/18794) - tests/e2e: retry detached shadow roots by [@melizeche](https://redirect.github.com/melizeche) in [goauthentik/authentik#18796](https://redirect.github.com/goauthentik/authentik/pull/18796) - website/release notes: Update v2025.12 release notes by [@melizeche](https://redirect.github.com/melizeche) in [goauthentik/authentik#18797](https://redirect.github.com/goauthentik/authentik/pull/18797) - web/admin: fix read-only provider selection for application form by [@dominic-r](https://redirect.github.com/dominic-r) in [goauthentik/authentik#18768](https://redirect.github.com/goauthentik/authentik/pull/18768) - web: bump the react group across 1 directory with 2 updates by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#18775](https://redirect.github.com/goauthentik/authentik/pull/18775) - web: bump chromedriver from 143.0.0 to 143.0.1 in /web by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#18776](https://redirect.github.com/goauthentik/authentik/pull/18776) - web: bump the storybook group across 1 directory with 5 updates by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#18774](https://redirect.github.com/goauthentik/authentik/pull/18774) - internal: don't warn on empty outpost for embedded by [@BeryJu](https://redirect.github.com/BeryJu) in [goauthentik/authentik#18786](https://redirect.github.com/goauthentik/authentik/pull/18786) - lifecycle/aws: bump aws-cdk from 2.1033.0 to 2.1034.0 in /lifecycle/aws by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#18771](https://redirect.github.com/goauthentik/authentik/pull/18771) - core, web: update translations by [@authentik-automation](https://redirect.github.com/authentik-automation)\[bot] in [goauthentik/authentik#18804](https://redirect.github.com/goauthentik/authentik/pull/18804) - root: Add macOS support for sed in Makefile by [@melizeche](https://redirect.github.com/melizeche) in [goauthentik/authentik#18795](https://redirect.github.com/goauthentik/authentik/pull/18795) - ci: bump astral-sh/setup-uv from 7.1.5 to 7.1.6 in /.github/actions/setup by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#18826](https://redirect.github.com/goauthentik/authentik/pull/18826) - ci: bump actions/upload-artifact from 5.0.0 to 6.0.0 by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#18824](https://redirect.github.com/goauthentik/authentik/pull/18824) - core: bump goauthentik/fips-debian from `07f41ce` to `c10cd2c` by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#18822](https://redirect.github.com/goauthentik/authentik/pull/18822) - ci: bump actions/download-artifact from 6.0.0 to 7.0.0 by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#18825](https://redirect.github.com/goauthentik/authentik/pull/18825) - ci: bump actions/cache from 5.0.0 to 5.0.1 by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#18823](https://redirect.github.com/goauthentik/authentik/pull/18823) - core: list applications fix by [@ryanpesek](https://redirect.github.com/ryanpesek) in [goauthentik/authentik#18798](https://redirect.github.com/goauthentik/authentik/pull/18798) - website/docs: add icon info to style guide by [@dewi-tik](https://redirect.github.com/dewi-tik) in [goauthentik/authentik#18832](https://redirect.github.com/goauthentik/authentik/pull/18832) - core: remove superuser check from `Token` list by [@gergosimonyi](https://redirect.github.com/gergosimonyi) in [goauthentik/authentik#18684](https://redirect.github.com/goauthentik/authentik/pull/18684) - packages/django-dramatiq-postgres: broker: close django connections on consumer close by [@rissson](https://redirect.github.com/rissson) in [goauthentik/authentik#18833](https://redirect.github.com/goauthentik/authentik/pull/18833) - core: bump goauthentik.io/api/v3 from 3.2025120.26 to 3.2026020.1 by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#18815](https://redirect.github.com/goauthentik/authentik/pull/18815) - admin/files: revert add check for /media existence ([#18636](https://redirect.github.com/goauthentik/helm/issues/18636)) by [@rissson](https://redirect.github.com/rissson) in [goauthentik/authentik#18829](https://redirect.github.com/goauthentik/authentik/pull/18829) - website/docs: add jellyseer integration doc by [@gabay](https://redirect.github.com/gabay) in [goauthentik/authentik#18812](https://redirect.github.com/goauthentik/authentik/pull/18812) - crypto: Store details parsed from includeDetails in database instead by [@PeshekDotDev](https://redirect.github.com/PeshekDotDev) in [goauthentik/authentik#18013](https://redirect.github.com/goauthentik/authentik/pull/18013) - core: skip s3 tests if endpoint isn't available by [@melizeche](https://redirect.github.com/melizeche) in [goauthentik/authentik#18841](https://redirect.github.com/goauthentik/authentik/pull/18841) - admin/files: fix get\_objects\_for\_user queryset argument in FileUsedByView by [@dominic-r](https://redirect.github.com/dominic-r) in [goauthentik/authentik#18845](https://redirect.github.com/goauthentik/authentik/pull/18845) - core: bump goauthentik/fips-debian from `c10cd2c` to `2f19fc1` by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#18856](https://redirect.github.com/goauthentik/authentik/pull/18856) - ci: replace codecov test-results action by [@BeryJu](https://redirect.github.com/BeryJu) in [goauthentik/authentik#18862](https://redirect.github.com/goauthentik/authentik/pull/18862) - core: add skip s3\_test\_server\_available to TestResolveFileUrlS3Backend by [@melizeche](https://redirect.github.com/melizeche) in [goauthentik/authentik#18858](https://redirect.github.com/goauthentik/authentik/pull/18858) - rbac: alter migrated direct permission roles by [@gergosimonyi](https://redirect.github.com/gergosimonyi) in [goauthentik/authentik#18860](https://redirect.github.com/goauthentik/authentik/pull/18860) - core: bump library/golang from `5d35fb8` to `8e8f9c8` by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#18855](https://redirect.github.com/goauthentik/authentik/pull/18855) - web/admin/rbac: misc object permission fixes by [@gergosimonyi](https://redirect.github.com/gergosimonyi) in [goauthentik/authentik#18859](https://redirect.github.com/goauthentik/authentik/pull/18859) - outposts: fix permission errors for related certificates by [@BeryJu](https://redirect.github.com/BeryJu) in [goauthentik/authentik#18861](https://redirect.github.com/goauthentik/authentik/pull/18861) - website/docs: adjust RBAC-related details in 2025.12 release notes by [@gergosimonyi](https://redirect.github.com/gergosimonyi) in [goauthentik/authentik#18863](https://redirect.github.com/goauthentik/authentik/pull/18863) - website/docs: Add docs for passkey autofill (WebauthN Conditional UI) by [@melizeche](https://redirect.github.com/melizeche) in [goauthentik/authentik#18805](https://redirect.github.com/goauthentik/authentik/pull/18805) - website/docs: 2025.10.3 release notes by [@BeryJu](https://redirect.github.com/BeryJu) in [goauthentik/authentik#18868](https://redirect.github.com/goauthentik/authentik/pull/18868) - web: add custom message with links for empty data export list by [@atereshkin](https://redirect.github.com/atereshkin) in [goauthentik/authentik#18830](https://redirect.github.com/goauthentik/authentik/pull/18830) - web: fix notification counter by [@atereshkin](https://redirect.github.com/atereshkin) in [goauthentik/authentik#18781](https://redirect.github.com/goauthentik/authentik/pull/18781) - web: bump vite from 7.2.7 to 7.3.0 in /web by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#18854](https://redirect.github.com/goauthentik/authentik/pull/18854) - stages/authenticator\_\*: fix code input field not string by [@BeryJu](https://redirect.github.com/BeryJu) in [goauthentik/authentik#18875](https://redirect.github.com/goauthentik/authentik/pull/18875) - web: fix file upload form by [@dominic-r](https://redirect.github.com/dominic-r) in [goauthentik/authentik#18808](https://redirect.github.com/goauthentik/authentik/pull/18808) - web/admin: endpoint: change wording and add helper text by [@dewi-tik](https://redirect.github.com/dewi-tik) in [goauthentik/authentik#18871](https://redirect.github.com/goauthentik/authentik/pull/18871) - core, web: update translations by [@authentik-automation](https://redirect.github.com/authentik-automation)\[bot] in [goauthentik/authentik#18807](https://redirect.github.com/goauthentik/authentik/pull/18807) - website/integrations: bookstack: fix redir url by [@dominic-r](https://redirect.github.com/dominic-r) in [goauthentik/authentik#18891](https://redirect.github.com/goauthentik/authentik/pull/18891) - core: bump astral-sh/uv from 0.9.17 to 0.9.18 by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#18898](https://redirect.github.com/goauthentik/authentik/pull/18898) - core: bump goauthentik/fips-debian from `2f19fc1` to `189345a` by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#18897](https://redirect.github.com/goauthentik/authentik/pull/18897) - web: bump knip from 5.73.3 to 5.74.0 in /web by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#18896](https://redirect.github.com/goauthentik/authentik/pull/18896) - web: bump [@types/node](https://redirect.github.com/types/node) from 25.0.0 to 25.0.3 in /web by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#18895](https://redirect.github.com/goauthentik/authentik/pull/18895) - web: bump the rollup group across 1 directory with 4 updates by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#18852](https://redirect.github.com/goauthentik/authentik/pull/18852) - web: bump the bundler group across 1 directory with 7 updates by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#18894](https://redirect.github.com/goauthentik/authentik/pull/18894) - web: bump [@sentry/browser](https://redirect.github.com/sentry/browser) from 10.30.0 to 10.31.0 in /web in the sentry group across 1 directory by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#18893](https://redirect.github.com/goauthentik/authentik/pull/18893) - lifecycle/aws: bump aws-cdk from 2.1034.0 to 2.1100.0 in /lifecycle/aws by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#18850](https://redirect.github.com/goauthentik/authentik/pull/18850) - web: bump the goauthentik group across 1 directory with 3 updates by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#18819](https://redirect.github.com/goauthentik/authentik/pull/18819) - web: bump the swc group across 1 directory with 11 updates by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#18818](https://redirect.github.com/goauthentik/authentik/pull/18818) - web: bump the eslint group across 1 directory with 5 updates by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#18851](https://redirect.github.com/goauthentik/authentik/pull/18851) - core: bump goauthentik.io/api/v3 from 3.2026020.1 to 3.2026020.3 by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#18892](https://redirect.github.com/goauthentik/authentik/pull/18892) - tasks/middleware: close connections on worker status update database error by [@rissson](https://redirect.github.com/rissson) in [goauthentik/authentik#18881](https://redirect.github.com/goauthentik/authentik/pull/18881) - website/docs: added list of Int Guide contributors (also edited frontmatter) by [@tanberry](https://redirect.github.com/tanberry) in [goauthentik/authentik#18888](https://redirect.github.com/goauthentik/authentik/pull/18888) - api: fix page\_size with invalid query param by [@rissson](https://redirect.github.com/rissson) in [goauthentik/authentik#18879](https://redirect.github.com/goauthentik/authentik/pull/18879) - ci/release-tag: checkout correct branch for make test-docker by [@rissson](https://redirect.github.com/rissson) in [goauthentik/authentik#18880](https://redirect.github.com/goauthentik/authentik/pull/18880) - api: fix latest version for public schema by [@BeryJu](https://redirect.github.com/BeryJu) in [goauthentik/authentik#18902](https://redirect.github.com/goauthentik/authentik/pull/18902) - website/docs: 2025.12: remove superfluous changes by [@rissson](https://redirect.github.com/rissson) in [goauthentik/authentik#18910](https://redirect.github.com/goauthentik/authentik/pull/18910) - web/admin: reword some things on the device view page by [@BeryJu](https://redirect.github.com/BeryJu) in [goauthentik/authentik#18785](https://redirect.github.com/goauthentik/authentik/pull/18785) - core/groups: optimize prefetch queries to fetch only required fields by [@joaocfernandes](https://redirect.github.com/joaocfernandes) in [goauthentik/authentik#18448](https://redirect.github.com/goauthentik/authentik/pull/18448) - root: fix docker-compose data mount by [@rissson](https://redirect.github.com/rissson) in [goauthentik/authentik#18903](https://redirect.github.com/goauthentik/authentik/pull/18903) - web/admin: add UI copy to RBAC modal by [@tanberry](https://redirect.github.com/tanberry) in [goauthentik/authentik#18917](https://redirect.github.com/goauthentik/authentik/pull/18917) - tests/e2e: handle StaleElementReferenceException in parse\_json\_content by [@melizeche](https://redirect.github.com/melizeche) in [goauthentik/authentik#18842](https://redirect.github.com/goauthentik/authentik/pull/18842) - core: bump goauthentik/fips-debian from `189345a` to `10dadf1` by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#18927](https://redirect.github.com/goauthentik/authentik/pull/18927) - web: bump chromedriver from 143.0.1 to 143.0.2 in /web by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#18926](https://redirect.github.com/goauthentik/authentik/pull/18926) - web: bump knip from 5.74.0 to 5.75.1 in /web by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#18924](https://redirect.github.com/goauthentik/authentik/pull/18924) - core, web: update translations by [@authentik-automation](https://redirect.github.com/authentik-automation)\[bot] in [goauthentik/authentik#18920](https://redirect.github.com/goauthentik/authentik/pull/18920) - lifecycle/aws: bump aws-cdk from 2.1100.0 to 2.1100.1 in /lifecycle/aws by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#18922](https://redirect.github.com/goauthentik/authentik/pull/18922) - web: bump the swc group across 1 directory with 11 updates by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#18923](https://redirect.github.com/goauthentik/authentik/pull/18923) - web: bump the storybook group across 1 directory with 5 updates by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#18817](https://redirect.github.com/goauthentik/authentik/pull/18817) - stages: remove more global state by [@BeryJu](https://redirect.github.com/BeryJu) in [goauthentik/authentik#18641](https://redirect.github.com/goauthentik/authentik/pull/18641) - packages/ak-guardian: cast safely by [@gergosimonyi](https://redirect.github.com/gergosimonyi) in [goauthentik/authentik#18929](https://redirect.github.com/goauthentik/authentik/pull/18929) - web/flow: Fix spurious double submit on ak-stage-autosubmit by [@dminuoso](https://redirect.github.com/dminuoso) in [goauthentik/authentik#18727](https://redirect.github.com/goauthentik/authentik/pull/18727) - website/integrations: Add launch URL for Immich by [@optix2000](https://redirect.github.com/optix2000) in [goauthentik/authentik#18921](https://redirect.github.com/goauthentik/authentik/pull/18921) - crypto: fix extra cert data in db migration by [@rissson](https://redirect.github.com/rissson) in [goauthentik/authentik#18937](https://redirect.github.com/goauthentik/authentik/pull/18937) - web/elements: progress-bar and table loading header by [@BeryJu](https://redirect.github.com/BeryJu) in [goauthentik/authentik#18934](https://redirect.github.com/goauthentik/authentik/pull/18934) - stages/identification: replace sleep with make\_password by [@BeryJu](https://redirect.github.com/BeryJu) in [goauthentik/authentik#18883](https://redirect.github.com/goauthentik/authentik/pull/18883) - website/docs: endpoint devices by [@dewi-tik](https://redirect.github.com/dewi-tik) in [goauthentik/authentik#18634](https://redirect.github.com/goauthentik/authentik/pull/18634) - website/docs: Fix labels, Pre-Release detection by [@GirlBossRush](https://redirect.github.com/GirlBossRush) in [goauthentik/authentik#18945](https://redirect.github.com/goauthentik/authentik/pull/18945) - website/docs: release notes: add endpoint device links to 2025.12 notes by [@dewi-tik](https://redirect.github.com/dewi-tik) in [goauthentik/authentik#18940](https://redirect.github.com/goauthentik/authentik/pull/18940) - website/docs: Fix version parsing. by [@GirlBossRush](https://redirect.github.com/GirlBossRush) in [goauthentik/authentik#18948](https://redirect.github.com/goauthentik/authentik/pull/18948) - web/admin: fix endpoints user binding by [@BeryJu](https://redirect.github.com/BeryJu) in [goauthentik/authentik#18935](https://redirect.github.com/goauthentik/authentik/pull/18935) - flows/executor: fix KeyError when session has no existing plan by [@dominic-r](https://redirect.github.com/dominic-r) in [goauthentik/authentik#18951](https://redirect.github.com/goauthentik/authentik/pull/18951) - root: move docker files to lifecycle/containers and change docker-compose to compose by [@PeshekDotDev](https://redirect.github.com/PeshekDotDev) in [goauthentik/authentik#16624](https://redirect.github.com/goauthentik/authentik/pull/16624) - core: bump goauthentik.io/api/v3 from 3.2026020.3 to 3.2026020.4 by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#18956](https://redirect.github.com/goauthentik/authentik/pull/18956) - web: bump chromedriver from 143.0.2 to 143.0.3 in /web by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#18959](https://redirect.github.com/goauthentik/authentik/pull/18959) - web: bump the swc group across 1 directory with 11 updates by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#18958](https://redirect.github.com/goauthentik/authentik/pull/18958) - web: bump [@sentry/browser](https://redirect.github.com/sentry/browser) from 10.31.0 to 10.32.0 in /web in the sentry group across 1 directory by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#18957](https://redirect.github.com/goauthentik/authentik/pull/18957) - ci: bump actions/attest-build-provenance from 3.0.0 to 3.1.0 by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#18960](https://redirect.github.com/goauthentik/authentik/pull/18960) - website/docs: add note to active directory source doc by [@dewi-tik](https://redirect.github.com/dewi-tik) in [goauthentik/authentik#18787](https://redirect.github.com/goauthentik/authentik/pull/18787) - web/maintenance: fix missing custom web component imports by [@kensternberg-authentik](https://redirect.github.com/kensternberg-authentik) in [goauthentik/authentik#18942](https://redirect.github.com/goauthentik/authentik/pull/18942) - web/maintenance: no unknown tag names by [@kensternberg-authentik](https://redirect.github.com/kensternberg-authentik) in [goauthentik/authentik#18944](https://redirect.github.com/goauthentik/authentik/pull/18944) - website/integrations: Fix path for Cloudflare Access by [@stijn220](https://redirect.github.com/stijn220) in [goauthentik/authentik#18979](https://redirect.github.com/goauthentik/authentik/pull/18979) - blueprints: add InternallyManagedMixin instead of large list by [@BeryJu](https://redirect.github.com/BeryJu) in [goauthentik/authentik#18983](https://redirect.github.com/goauthentik/authentik/pull/18983) - web/admin: fix dark theme on map by [@BeryJu](https://redirect.github.com/BeryJu) in [goauthentik/authentik#18985](https://redirect.github.com/goauthentik/authentik/pull/18985) - web/admin: Fix haveibeenpwned link in PasswordPolicyForm by [@hskrtich](https://redirect.github.com/hskrtich) in [goauthentik/authentik#18984](https://redirect.github.com/goauthentik/authentik/pull/18984) - events: notifications live update by [@BeryJu](https://redirect.github.com/BeryJu) in [goauthentik/authentik#18980](https://redirect.github.com/goauthentik/authentik/pull/18980) - web: fix Open button selecting row instead of navigating by [@dominic-r](https://redirect.github.com/dominic-r) in [goauthentik/authentik#18992](https://redirect.github.com/goauthentik/authentik/pull/18992) - blueprints: fix flaky tests by [@BeryJu](https://redirect.github.com/BeryJu) in [goauthentik/authentik#19002](https://redirect.github.com/goauthentik/authentik/pull/19002) - ci: bump docker/setup-buildx-action from 3.11.1 to 3.12.0 by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#18999](https://redirect.github.com/goauthentik/authentik/pull/18999) - providers/oauth2: Automated OpenID Conformance tests by [@BeryJu](https://redirect.github.com/BeryJu) in [goauthentik/authentik#14785](https://redirect.github.com/goauthentik/authentik/pull/14785) - enterprise/reports: improve export list, confirmation by [@BeryJu](https://redirect.github.com/BeryJu) in [goauthentik/authentik#18981](https://redirect.github.com/goauthentik/authentik/pull/18981) - enterprise/search: add static autocomplete structure by [@BeryJu](https://redirect.github.com/BeryJu) in [goauthentik/authentik#19008](https://redirect.github.com/goauthentik/authentik/pull/19008) - website/docs: improve endpoint devices docs by [@dewi-tik](https://redirect.github.com/dewi-tik) in [goauthentik/authentik#19007](https://redirect.github.com/goauthentik/authentik/pull/19007) - web: bump the rollup group across 1 directory with 4 updates by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#18994](https://redirect.github.com/goauthentik/authentik/pull/18994) - core: bump openapitools/openapi-generator-cli from v7.16.0 to v7.18.0 in /scripts/api by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#19018](https://redirect.github.com/goauthentik/authentik/pull/19018) - web: bump globby from 16.0.0 to 16.1.0 in /web by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#18995](https://redirect.github.com/goauthentik/authentik/pull/18995) - api: rework schema generation by [@BeryJu](https://redirect.github.com/BeryJu) in [goauthentik/authentik#18977](https://redirect.github.com/goauthentik/authentik/pull/18977) - web/admin: prevent file upload attempt when backend not managed by [@BeryJu](https://redirect.github.com/BeryJu) in [goauthentik/authentik#18646](https://redirect.github.com/goauthentik/authentik/pull/18646) - web: bump the eslint group across 1 directory with 3 updates by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#19019](https://redirect.github.com/goauthentik/authentik/pull/19019) - core: bump goauthentik.io/api/v3 from 3.2026020.4 to 3.2026020.5 by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#19017](https://redirect.github.com/goauthentik/authentik/pull/19017) - website/docs: Prioritize "Release Candidate" over "Current Release" by [@GirlBossRush](https://redirect.github.com/GirlBossRush) in [goauthentik/authentik#18975](https://redirect.github.com/goauthentik/authentik/pull/18975) - web: Locale selector UI fixes by [@GirlBossRush](https://redirect.github.com/GirlBossRush) in [goauthentik/authentik#18972](https://redirect.github.com/goauthentik/authentik/pull/18972) - web: Fix Storybook package resolution with `npm link` by [@GirlBossRush](https://redirect.github.com/GirlBossRush) in [goauthentik/authentik#19016](https://redirect.github.com/goauthentik/authentik/pull/19016) - core: use chunked\_queryset for expired message deletion by [@BeryJu](https://redirect.github.com/BeryJu) in [goauthentik/authentik#19028](https://redirect.github.com/goauthentik/authentik/pull/19028) - web/admin: use consistent icon for inactive user status by [@dominic-r](https://redirect.github.com/dominic-r) in [goauthentik/authentik#19032](https://redirect.github.com/goauthentik/authentik/pull/19032) - web: bump lit from 3.3.1 to 3.3.2 in /web by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#19038](https://redirect.github.com/goauthentik/authentik/pull/19038) - web: bump [@lit/reactive-element](https://redirect.github.com/lit/reactive-element) from 2.1.1 to 2.1.2 in /web by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#19037](https://redirect.github.com/goauthentik/authentik/pull/19037) - web: bump knip from 5.75.1 to 5.77.0 in /web by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#19041](https://redirect.github.com/goauthentik/authentik/pull/19041) - core: bump goauthentik.io/api/v3 from 3.2026020.5 to 3.2026020.6 by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#19036](https://redirect.github.com/goauthentik/authentik/pull/19036) - docs/release notes: update 2025.12 release notes by [@melizeche](https://redirect.github.com/melizeche) in [goauthentik/authentik#19043](https://redirect.github.com/goauthentik/authentik/pull/19043) - lib/sync: fix sync\_dispatch by [@krejcar25](https://redirect.github.com/krejcar25) in [goauthentik/authentik#19053](https://redirect.github.com/goauthentik/authentik/pull/19053) - endpoints/devices: cleanup by [@BeryJu](https://redirect.github.com/BeryJu) in [goauthentik/authentik#19047](https://redirect.github.com/goauthentik/authentik/pull/19047) - blueprints: set enrollment token key by [@BeryJu](https://redirect.github.com/BeryJu) in [goauthentik/authentik#19061](https://redirect.github.com/goauthentik/authentik/pull/19061) - website/integrations: Add Wallos by [@0skater0](https://redirect.github.com/0skater0) in [goauthentik/authentik#19013](https://redirect.github.com/goauthentik/authentik/pull/19013) - website/docs: FreeIPA documentation updates by [@borutmrak](https://redirect.github.com/borutmrak) in [goauthentik/authentik#15183](https://redirect.github.com/goauthentik/authentik/pull/15183) - \*: Auto compress images by [@authentik-automation](https://redirect.github.com/authentik-automation)\[bot] in [goauthentik/authentik#19065](https://redirect.github.com/goauthentik/authentik/pull/19065) - blueprints: fix deadlock and task context error in MetaApplyBlueprint by [@dominic-r](https://redirect.github.com/dominic-r) in [goauthentik/authentik#19033](https://redirect.github.com/goauthentik/authentik/pull/19033) - web: fix file search input not resetting results properly by [@dominic-r](https://redirect.github.com/dominic-r) in [goauthentik/authentik#19034](https://redirect.github.com/goauthentik/authentik/pull/19034) - website/integrations: owncloud: fix php by [@ocmateusz](https://redirect.github.com/ocmateusz) in [goauthentik/authentik#19073](https://redirect.github.com/goauthentik/authentik/pull/19073) - tests/e2e: add endpoint tests by [@BeryJu](https://redirect.github.com/BeryJu) in [goauthentik/authentik#19072](https://redirect.github.com/goauthentik/authentik/pull/19072) - core, web: update translations by [@authentik-automation](https://redirect.github.com/authentik-automation)\[bot] in [goauthentik/authentik#18991](https://redirect.github.com/goauthentik/authentik/pull/18991) - web: bump knip from 5.77.0 to 5.77.1 in /web by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#19049](https://redirect.github.com/goauthentik/authentik/pull/19049) - web: bump [@lit/localize-tools](https://redirect.github.com/lit/localize-tools) from 0.8.0 to 0.8.1 in /web by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#19040](https://redirect.github.com/goauthentik/authentik/pull/19040) - internal: update TLS Suite by [@BeryJu](https://redirect.github.com/BeryJu) in [goauthentik/authentik#19076](https://redirect.github.com/goauthentik/authentik/pull/19076) - web: bump [@formatjs/intl-listformat](https://redirect.github.com/formatjs/intl-listformat) from 7.7.13 to 8.1.0 in /web by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#19054](https://redirect.github.com/goauthentik/authentik/pull/19054) - web/admin: fix button alignment on user view page by [@BeryJu](https://redirect.github.com/BeryJu) in [goauthentik/authentik#19079](https://redirect.github.com/goauthentik/authentik/pull/19079) - website/docs: endpoints: mention connector key required for stage to work by [@dominic-r](https://redirect.github.com/dominic-r) in [goauthentik/authentik#19084](https://redirect.github.com/goauthentik/authentik/pull/19084) - website/docs: rel notes .12: add wallos by [@dominic-r](https://redirect.github.com/dominic-r) in [goauthentik/authentik#19063](https://redirect.github.com/goauthentik/authentik/pull/19063) - website/docs: endpoint devices: update features table by [@dewi-tik](https://redirect.github.com/dewi-tik) in [goauthentik/authentik#19094](https://redirect.github.com/goauthentik/authentik/pull/19094) - website/docs: endpoint devices: add path to macos setup by [@dewi-tik](https://redirect.github.com/dewi-tik) in [goauthentik/authentik#19093](https://redirect.github.com/goauthentik/authentik/pull/19093) - web: bump knip from 5.77.1 to 5.78.0 in /web by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#19090](https://redirect.github.com/goauthentik/authentik/pull/19090) - web: fix promoted source button hover losing blue color by [@dominic-r](https://redirect.github.com/dominic-r) in [goauthentik/authentik#19048](https://redirect.github.com/goauthentik/authentik/pull/19048) - web: Fix stale flow background by [@dominic-r](https://redirect.github.com/dominic-r) in [goauthentik/authentik#19015](https://redirect.github.com/goauthentik/authentik/pull/19015) - Update Vaultwarden documentation by removing warning by [@austin-dudzik](https://redirect.github.com/austin-dudzik) in [goauthentik/authentik#19102](https://redirect.github.com/goauthentik/authentik/pull/19102) - web/maintenance/no unknown attributes (part 1) by [@kensternberg-authentik](https://redirect.github.com/kensternberg-authentik) in [goauthentik/authentik#18970](https://redirect.github.com/goauthentik/authentik/pull/18970) - website/integrations: Add Pulse by [@0skater0](https://redirect.github.com/0skater0) in [goauthentik/authentik#19105](https://redirect.github.com/goauthentik/authentik/pull/19105) - website/integrations: Add Audiobookshelf by [@0skater0](https://redirect.github.com/0skater0) in [goauthentik/authentik#19104](https://redirect.github.com/goauthentik/authentik/pull/19104) - website/docs: release notes: Add more integrations by [@dominic-r](https://redirect.github.com/dominic-r) in [goauthentik/authentik#19109](https://redirect.github.com/goauthentik/authentik/pull/19109) - web: bump the storybook group across 1 directory with 5 updates by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#19111](https://redirect.github.com/goauthentik/authentik/pull/19111) - core: bump library/nginx from `fb01117` to `ad85427` in /website by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#19112](https://redirect.github.com/goauthentik/authentik/pull/19112) - web: bump the eslint group across 1 directory with 3 updates by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#19110](https://redirect.github.com/goauthentik/authentik/pull/19110) - web: Fix Impersonation, Lit Reactive Controller Contexts by [@GirlBossRush](https://redirect.github.com/GirlBossRush) in [goauthentik/authentik#19114](https://redirect.github.com/goauthentik/authentik/pull/19114) - web: Capitalize language display names, code owner fix by [@GirlBossRush](https://redirect.github.com/GirlBossRush) in [goauthentik/authentik#19119](https://redirect.github.com/goauthentik/authentik/pull/19119) - core: bump library/nginx from `ad85427` to `ca871a8` in /website by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#19126](https://redirect.github.com/goauthentik/authentik/pull/19126) - web: bump the swc group across 1 directory with 11 updates by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#19124](https://redirect.github.com/goauthentik/authentik/pull/19124) - core: bump github.com/jackc/pgx/v5 from 5.7.6 to 5.8.0 by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#19088](https://redirect.github.com/goauthentik/authentik/pull/19088) - core: bump library/node from `ccfd9da` to `03729a7` in /website by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#19125](https://redirect.github.com/goauthentik/authentik/pull/19125) - core, web: bump qs from 6.14.0 to 6.14.1 in /packages/docusaurus-config by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#19130](https://redirect.github.com/goauthentik/authentik/pull/19130) - website/integrations: karakeep: don't hardcode wellknown's slug by [@pippo73](https://redirect.github.com/pippo73) in [goauthentik/authentik#19127](https://redirect.github.com/goauthentik/authentik/pull/19127) - web: disable user settings fields when changes are not allowed by [@dominic-r](https://redirect.github.com/dominic-r) in [goauthentik/authentik#19132](https://redirect.github.com/goauthentik/authentik/pull/19132) - website/docs: endpoint agent release notes by [@BeryJu](https://redirect.github.com/BeryJu) in [goauthentik/authentik#19042](https://redirect.github.com/goauthentik/authentik/pull/19042) - website/docs: fix build by [@BeryJu](https://redirect.github.com/BeryJu) in [goauthentik/authentik#19148](https://redirect.github.com/goauthentik/authentik/pull/19148) - web: Token Form Fixes by [@GirlBossRush](https://redirect.github.com/GirlBossRush) in [goauthentik/authentik#19121](https://redirect.github.com/goauthentik/authentik/pull/19121) - web/user: fix consent delete form missing details by [@BeryJu](https://redirect.github.com/BeryJu) in [goauthentik/authentik#19147](https://redirect.github.com/goauthentik/authentik/pull/19147) - web: bump globals from 16.5.0 to 17.0.0 in /web by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#19154](https://redirect.github.com/goauthentik/authentik/pull/19154) - core, web: update translations by [@authentik-automation](https://redirect.github.com/authentik-automation)\[bot] in [goauthentik/authentik#19135](https://redirect.github.com/goauthentik/authentik/pull/19135) - ci: bump int128/docker-manifest-create-action from 2.10.0 to 2.12.0 by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#19138](https://redirect.github.com/goauthentik/authentik/pull/19138) - website/integrations: vaultwarden: add custom email scope by [@williamkray](https://redirect.github.com/williamkray) in [goauthentik/authentik#19160](https://redirect.github.com/goauthentik/authentik/pull/19160) - stages/authenticator\_webauthn: Update FIDO MDS3 & Passkey aaguid blobs by [@authentik-automation](https://redirect.github.com/authentik-automation)\[bot] in [goauthentik/authentik#19137](https://redirect.github.com/goauthentik/authentik/pull/19137) - core: handle deserialization errors from FileField migration by [@dominic-r](https://redirect.github.com/dominic-r) in [goauthentik/authentik#19067](https://redirect.github.com/goauthentik/authentik/pull/19067) - web: fix slug auto-updating when editing existing applications by [@dominic-r](https://redirect.github.com/dominic-r) in [goauthentik/authentik#19169](https://redirect.github.com/goauthentik/authentik/pull/19169) - web: Fix user library colors, modal z-indexes, table progress bars by [@GirlBossRush](https://redirect.github.com/GirlBossRush) in [goauthentik/authentik#19152](https://redirect.github.com/goauthentik/authentik/pull/19152) - web/admin: adjust sync threshold, add tooltip by [@BeryJu](https://redirect.github.com/BeryJu) in [goauthentik/authentik#19131](https://redirect.github.com/goauthentik/authentik/pull/19131) - website/docs: remove duplicates in slo docs by [@nmasnadithya](https://redirect.github.com/nmasnadithya) in [goauthentik/authentik#19170](https://redirect.github.com/goauthentik/authentik/pull/19170) - lifecycle: fix migration conn\_options for psycopg connection by [@D-Tasker207](https://redirect.github.com/D-Tasker207) in [goauthentik/authentik#19134](https://redirect.github.com/goauthentik/authentik/pull/19134) - web: bump knip from 5.78.0 to 5.79.0 in /web by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#19181](https://redirect.github.com/goauthentik/authentik/pull/19181) - ci: bump getsentry/action-release from 3.4.0 to 3.5.0 by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#19183](https://redirect.github.com/goauthentik/authentik/pull/19183) - web: bump [@formatjs/intl-listformat](https://redirect.github.com/formatjs/intl-listformat) from 8.1.0 to 8.1.1 in /web by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#19182](https://redirect.github.com/goauthentik/authentik/pull/19182) - core, web: update translations by [@authentik-automation](https://redirect.github.com/authentik-automation)\[bot] in [goauthentik/authentik#19179](https://redirect.github.com/goauthentik/authentik/pull/19179) - lib: update error logging by [@PeshekDotDev](https://redirect.github.com/PeshekDotDev) in [goauthentik/authentik#18628](https://redirect.github.com/goauthentik/authentik/pull/18628) - website/integrations: make grafana terraform section expand by [@BeryJu](https://redirect.github.com/BeryJu) in [goauthentik/authentik#19192](https://redirect.github.com/goauthentik/authentik/pull/19192) - core: add prettier failure on duplicate group names by [@gergosimonyi](https://redirect.github.com/gergosimonyi) in [goauthentik/authentik#18941](https://redirect.github.com/goauthentik/authentik/pull/18941) - web/maintenance: no missing element type definitions by [@kensternberg-authentik](https://redirect.github.com/kensternberg-authentik) in [goauthentik/authentik#18950](https://redirect.github.com/goauthentik/authentik/pull/18950) - root: codespell: ignore Python virtual env, group patterns. by [@GirlBossRush](https://redirect.github.com/GirlBossRush) in [goauthentik/authentik#19180](https://redirect.github.com/goauthentik/authentik/pull/19180) - web: Merge branch -- Stale notifications, synchronized context objects, rendering fixes by [@GirlBossRush](https://redirect.github.com/GirlBossRush) in [goauthentik/authentik#19141](https://redirect.github.com/goauthentik/authentik/pull/19141) - website/docs: Add docs for roles by [@PeshekDotDev](https://redirect.github.com/PeshekDotDev) in [goauthentik/authentik#19196](https://redirect.github.com/goauthentik/authentik/pull/19196) - web: Defer table refresh, visibility checks. by [@GirlBossRush](https://redirect.github.com/GirlBossRush) in [goauthentik/authentik#19194](https://redirect.github.com/goauthentik/authentik/pull/19194) - rbac: Add show all to roles tab, add role tab to groups by [@PeshekDotDev](https://redirect.github.com/PeshekDotDev) in [goauthentik/authentik#19097](https://redirect.github.com/goauthentik/authentik/pull/19097) - website/docs: rewrite section about users and perms by [@tanberry](https://redirect.github.com/tanberry) in [goauthentik/authentik#19195](https://redirect.github.com/goauthentik/authentik/pull/19195) - core: add last\_login filter to users API by [@dominic-r](https://redirect.github.com/dominic-r) in [goauthentik/authentik#18993](https://redirect.github.com/goauthentik/authentik/pull/18993) - web: bump the eslint group across 1 directory with 3 updates by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#19205](https://redirect.github.com/goauthentik/authentik/pull/19205) - admin/files: support %(theme)s variable in media file paths by [@dominic-r](https://redirect.github.com/dominic-r) in [goauthentik/authentik#19108](https://redirect.github.com/goauthentik/authentik/pull/19108) - website/integrations: glpi: add step by [@dewi-tik](https://redirect.github.com/dewi-tik) in [goauthentik/authentik#19208](https://redirect.github.com/goauthentik/authentik/pull/19208) - web: bump knip from 5.79.0 to 5.80.0 in /web by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#19207](https://redirect.github.com/goauthentik/authentik/pull/19207) - core: bump axllent/mailpit from v1.28.0 to v1.28.1 in /tests/e2e by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#19204](https://redirect.github.com/goauthentik/authentik/pull/19204) - lifecycle/aws: bump aws-cdk from 2.1100.1 to 2.1100.2 in /lifecycle/aws by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#19203](https://redirect.github.com/goauthentik/authentik/pull/19203) - core: bump goauthentik.io/api/v3 from 3.2026020.6 to 3.2026020.7 by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#19202](https://redirect.github.com/goauthentik/authentik/pull/19202) - translate: Updates for project authentik and language pt\_BR by [@transifex-integration](https://redirect.github.com/transifex-integration)\[bot] in [goauthentik/authentik#19082](https://redirect.github.com/goauthentik/authentik/pull/19082) - web/maintenance: lint pass to add missing HTMLElementEventMap entries by [@kensternberg-authentik](https://redirect.github.com/kensternberg-authentik) in [goauthentik/authentik#18953](https://redirect.github.com/goauthentik/authentik/pull/18953) - outpost/proxyv2: reduce max number of postgres connections by [@rissson](https://redirect.github.com/rissson) in [goauthentik/authentik#19211](https://redirect.github.com/goauthentik/authentik/pull/19211) - core, web: update translations by [@authentik-automation](https://redirect.github.com/authentik-automation)\[bot] in [goauthentik/authentik#19200](https://redirect.github.com/goauthentik/authentik/pull/19200) - website/docs: revisit endpoint docs the nth by [@BeryJu](https://redirect.github.com/BeryJu) in [goauthentik/authentik#19116](https://redirect.github.com/goauthentik/authentik/pull/19116) - ci: bump astral-sh/setup-uv from 7.1.6 to 7.2.0 in /.github/actions/setup by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#19221](https://redirect.github.com/goauthentik/authentik/pull/19221) - endpoints: include license status in agent config by [@BeryJu](https://redirect.github.com/BeryJu) in [goauthentik/authentik#19227](https://redirect.github.com/goauthentik/authentik/pull/19227) - web: bump [@formatjs/intl-listformat](https://redirect.github.com/formatjs/intl-listformat) from 8.1.1 to 8.1.2 in /web by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [goauthentik/authentik#19220](https://redirect.github.com/goauthentik/authentik/pull/19220) - lifecycle/aws: bump aws-cdk from 2.1100.2 to 2.1100.3 in /lifecycle/aws by [@ </details> --- ### Configuration 📅 **Schedule**: Branch creation - Only on Sunday and Saturday ( * * * * 0,6 ) (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/fgeck/homelab-k3s).  Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

ci: replace codecov test-results action

e1339b6

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

BeryJu requested a review from a team as a code owner December 16, 2025 11:34

BeryJu merged commit 06e7335 into main Dec 16, 2025
85 of 90 checks passed

BeryJu deleted the ci/replace-test-results-action branch December 16, 2025 11:50

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

ci: replace codecov test-results action#18862

ci: replace codecov test-results action#18862
BeryJu merged 1 commit intomainfrom
ci/replace-test-results-action

BeryJu commented Dec 16, 2025

Uh oh!

netlify bot commented Dec 16, 2025 •

edited

Loading

Uh oh!

netlify bot commented Dec 16, 2025 •

edited

Loading

Uh oh!

netlify bot commented Dec 16, 2025 •

edited

Loading

Uh oh!

codecov bot commented Dec 16, 2025 •

edited

Loading

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Uh oh!

Conversation

BeryJu commented Dec 16, 2025

Uh oh!

netlify bot commented Dec 16, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

✅ Deploy Preview for authentik-integrations canceled.

Uh oh!

netlify bot commented Dec 16, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

✅ Deploy Preview for authentik-storybook canceled.

Uh oh!

netlify bot commented Dec 16, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

❌ Deploy Preview for authentik-docs failed. Why did it fail? →

Uh oh!

codecov bot commented Dec 16, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

❌ 4 Tests Failed:

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

netlify bot commented Dec 16, 2025 •

edited

Loading

netlify bot commented Dec 16, 2025 •

edited

Loading

netlify bot commented Dec 16, 2025 •

edited

Loading

codecov bot commented Dec 16, 2025 •

edited

Loading