Skip to content

providers/oauth2: offline access#8026

Merged
BeryJu merged 10 commits intomainfrom
providers/oauth2/offline_access
Jan 4, 2024
Merged

providers/oauth2: offline access#8026
BeryJu merged 10 commits intomainfrom
providers/oauth2/offline_access

Conversation

@BeryJu
Copy link
Copy Markdown
Member

@BeryJu BeryJu commented Dec 31, 2023

Details

REPLACE ME

Checklist

  • Local tests pass (ak test authentik/)
  • The code has been formatted (make lint-fix)

If an API change has been made

  • The API schema has been updated (make gen-build)

If changes to the frontend have been made

  • The code has been formatted (make web)
  • The translation files have been updated (make i18n-extract)

If applicable

  • The documentation has been updated
  • The documentation has been formatted (make website)

@BeryJu BeryJu requested review from a team as code owners December 31, 2023 21:38
@netlify
Copy link
Copy Markdown

netlify bot commented Dec 31, 2023
edited
Loading

Deploy Preview for authentik-storybook canceled.

Name Link
🔨 Latest commit 52949c8
🔍 Latest deploy log https://app.netlify.com/sites/authentik-storybook/deploys/6596f8498ce8b20008dccf9e

@netlify
Copy link
Copy Markdown

netlify bot commented Dec 31, 2023
edited
Loading

Deploy Preview for authentik ready!

Name Link
🔨 Latest commit 16fe829
🔍 Latest deploy log https://app.netlify.com/sites/authentik/deploys/6593201915aa40000875da2c
😎 Deploy Preview https://deploy-preview-8026--authentik.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.

@codecov
Copy link
Copy Markdown

codecov bot commented Dec 31, 2023
edited
Loading

Codecov Report

Attention: 10 lines in your changes are missing coverage. Please review.

Comparison is base (d711713) 92.34% compared to head (52949c8) 92.31%.
Report is 11 commits behind head on main.

Files Patch % Lines
authentik/providers/oauth2/views/token.py 69.23% 8 Missing ⚠️
authentik/providers/oauth2/views/authorize.py 91.30% 2 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #8026      +/-   ##
==========================================
- Coverage   92.34%   92.31%   -0.03%     
==========================================
  Files         608      608              
  Lines       30156    30221      +65     
==========================================
+ Hits        27847    27900      +53     
- Misses       2309     2321      +12
Flag Coverage Δ
e2e 50.61% <52.94%> (+0.02%) ⬆️
integration 26.41% <4.41%> (+0.15%) ⬆️
unit 89.45% <67.64%> (-0.07%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@BeryJu BeryJu force-pushed the providers/oauth2/offline_access branch from 711b6f8 to 139f6e3 Compare January 1, 2024 20:12
BeryJu added 4 commits January 1, 2024 21:26
@BeryJu
improve scope check (log when application requests non-configured sco…
dfd12a7 
…pes)

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
@BeryJu
add offline_access special scope
afe9a7c 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
@BeryJu
ensure scope is set
4c9ed36 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
@BeryJu
update tests for refresh tokens
16fe829 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
@BeryJu BeryJu force-pushed the providers/oauth2/offline_access branch from 139f6e3 to 16fe829 Compare January 1, 2024 20:27
BeryJu added 6 commits January 1, 2024 23:40
@BeryJu
special handling of scopes for github compat
8b909d3 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
@BeryJu
fix spec
7ee8f24 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
@BeryJu
attempt to fix oidc tests
54d9c44 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
@BeryJu
remove hardcoded slug
b52c6c3 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
@BeryJu
check scope from authorization code instead of request
049ec9c 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
@BeryJu
fix injection for consent stage checking incorrectly
52949c8 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Jan 4, 2024

authentik PR Installation instructions

Instructions for docker-compose

Add the following block to your .env file:

AUTHENTIK_IMAGE=ghcr.io/goauthentik/dev-server
AUTHENTIK_TAG=gh-providers-oauth2-offline_access-1704394014-52949c8
AUTHENTIK_OUTPOSTS__CONTAINER_IMAGE_BASE=ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s

For arm64, use these values:

AUTHENTIK_IMAGE=ghcr.io/goauthentik/dev-server
AUTHENTIK_TAG=gh-providers-oauth2-offline_access-1704394014-52949c8-arm64
AUTHENTIK_OUTPOSTS__CONTAINER_IMAGE_BASE=ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s

Afterwards, run the upgrade commands from the latest release notes.

Instructions for Kubernetes

Add the following block to your values.yml file:

authentik:
    outposts:
        container_image_base: ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s
image:
    repository: ghcr.io/goauthentik/dev-server
    tag: gh-providers-oauth2-offline_access-1704394014-52949c8

For arm64, use these values:

authentik:
    outposts:
        container_image_base: ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s
image:
    repository: ghcr.io/goauthentik/dev-server
    tag: gh-providers-oauth2-offline_access-1704394014-52949c8-arm64

Afterwards, run the upgrade commands from the latest release notes.

@BeryJu BeryJu merged commit 509b502 into main Jan 4, 2024
@BeryJu BeryJu deleted the providers/oauth2/offline_access branch January 4, 2024 18:57
kensternberg-authentik added a commit that referenced this pull request Jan 4, 2024
@kensternberg-authentik
Merge branch 'main' into web/issue-4880-multi-select-limitations
f30a253 
* main:
  website/docs: add link to our example flows (#8052)
  providers/oauth2: offline access (#8026)
  web: bump API Client version (#8059)
  Update index.md (#8056)
  enterprise/providers/rac: add option to limit concurrent connections to endpoint (#8053)
  web: bump API Client version (#8058)
  enterprise/providers/rac: add alert that enterprise is required for RAC (#8057)
  enterprise/providers/rac: create authorize_application event when creating token (#8050)
kensternberg-authentik added a commit that referenced this pull request Jan 8, 2024
@kensternberg-authentik
Merge branch 'main' into web/config-provider-2-tenant
0d30257 
* main: (146 commits)
  web: abstract `rootInterface()?.config?.capabilities.includes()` into `.can()` (#7737)
  web: update some locale details (#8090)
  web: bump the eslint group in /web with 2 updates (#8082)
  web: bump rollup from 4.9.2 to 4.9.4 in /web (#8083)
  core: bump github.com/redis/go-redis/v9 from 9.3.1 to 9.4.0 (#8085)
  web: bump the eslint group in /tests/wdio with 2 updates (#8086)
  website: bump @types/react from 18.2.46 to 18.2.47 in /website (#8088)
  stages/user_login: only set last_ip in session if a binding is given (#8074)
  providers/oauth2: fix missing nonce in token endpoint not being saved (#8073)
  core: bump goauthentik.io/api/v3 from 3.2023105.3 to 3.2023105.5 (#8066)
  providers/oauth2: fix missing nonce in id_token (#8072)
  rbac: fix error when looking up permissions for now uninstalled apps (#8068)
  web/flows: fix device picker incorrect foreground color (#8067)
  translate: Updates for file web/xliff/en.xlf in zh_CN (#8061)
  translate: Updates for file web/xliff/en.xlf in zh-Hans (#8062)
  website: bump postcss from 8.4.32 to 8.4.33 in /website (#8063)
  web: bump the sentry group in /web with 2 updates (#8064)
  core: bump golang.org/x/sync from 0.5.0 to 0.6.0 (#8065)
  website/docs: add link to our example flows (#8052)
  providers/oauth2: offline access (#8026)
  ...
kensternberg-authentik added a commit that referenced this pull request Jan 8, 2024
@kensternberg-authentik
Merge branch 'web/config-provider-2-tenant' into web/config-provider-…
ce761c4 
…2a-branded

* web/config-provider-2-tenant: (146 commits)
  web: abstract `rootInterface()?.config?.capabilities.includes()` into `.can()` (#7737)
  web: update some locale details (#8090)
  web: bump the eslint group in /web with 2 updates (#8082)
  web: bump rollup from 4.9.2 to 4.9.4 in /web (#8083)
  core: bump github.com/redis/go-redis/v9 from 9.3.1 to 9.4.0 (#8085)
  web: bump the eslint group in /tests/wdio with 2 updates (#8086)
  website: bump @types/react from 18.2.46 to 18.2.47 in /website (#8088)
  stages/user_login: only set last_ip in session if a binding is given (#8074)
  providers/oauth2: fix missing nonce in token endpoint not being saved (#8073)
  core: bump goauthentik.io/api/v3 from 3.2023105.3 to 3.2023105.5 (#8066)
  providers/oauth2: fix missing nonce in id_token (#8072)
  rbac: fix error when looking up permissions for now uninstalled apps (#8068)
  web/flows: fix device picker incorrect foreground color (#8067)
  translate: Updates for file web/xliff/en.xlf in zh_CN (#8061)
  translate: Updates for file web/xliff/en.xlf in zh-Hans (#8062)
  website: bump postcss from 8.4.32 to 8.4.33 in /website (#8063)
  web: bump the sentry group in /web with 2 updates (#8064)
  core: bump golang.org/x/sync from 0.5.0 to 0.6.0 (#8065)
  website/docs: add link to our example flows (#8052)
  providers/oauth2: offline access (#8026)
  ...
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@BeryJu