providers/oauth2: remove deprecated verification_keys (#3071)
remove verification_keys Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
parent
8dbb0bd2c6
commit
6821402fef
|
@ -34,7 +34,6 @@ class OAuth2ProviderSerializer(ProviderSerializer):
|
|||
"sub_mode",
|
||||
"property_mappings",
|
||||
"issuer_mode",
|
||||
"verification_keys",
|
||||
"jwks_sources",
|
||||
]
|
||||
|
||||
|
|
|
@ -0,0 +1,17 @@
|
|||
# Generated by Django 4.0.5 on 2022-06-04 21:26
|
||||
|
||||
from django.db import migrations
|
||||
|
||||
|
||||
class Migration(migrations.Migration):
|
||||
|
||||
dependencies = [
|
||||
("authentik_providers_oauth2", "0011_oauth2provider_jwks_sources_and_more"),
|
||||
]
|
||||
|
||||
operations = [
|
||||
migrations.RemoveField(
|
||||
model_name="oauth2provider",
|
||||
name="verification_keys",
|
||||
),
|
||||
]
|
|
@ -222,19 +222,6 @@ class OAuth2Provider(Provider):
|
|||
),
|
||||
)
|
||||
|
||||
verification_keys = models.ManyToManyField(
|
||||
CertificateKeyPair,
|
||||
verbose_name=_("Allowed certificates for JWT-based client_credentials"),
|
||||
help_text=_(
|
||||
(
|
||||
"DEPRECATED. JWTs created with the configured "
|
||||
"certificates can authenticate with this provider."
|
||||
)
|
||||
),
|
||||
related_name="oauth2_providers",
|
||||
default=None,
|
||||
blank=True,
|
||||
)
|
||||
jwks_sources = models.ManyToManyField(
|
||||
OAuthSource,
|
||||
verbose_name=_(
|
||||
|
|
|
@ -1,203 +0,0 @@
|
|||
"""Test token view"""
|
||||
from datetime import datetime, timedelta
|
||||
from json import loads
|
||||
|
||||
from django.test import RequestFactory
|
||||
from django.urls import reverse
|
||||
from jwt import decode
|
||||
|
||||
from authentik.core.models import Application, Group
|
||||
from authentik.core.tests.utils import create_test_cert, create_test_flow
|
||||
from authentik.lib.generators import generate_id, generate_key
|
||||
from authentik.managed.manager import ObjectManager
|
||||
from authentik.policies.models import PolicyBinding
|
||||
from authentik.providers.oauth2.constants import (
|
||||
GRANT_TYPE_CLIENT_CREDENTIALS,
|
||||
SCOPE_OPENID,
|
||||
SCOPE_OPENID_EMAIL,
|
||||
SCOPE_OPENID_PROFILE,
|
||||
)
|
||||
from authentik.providers.oauth2.models import OAuth2Provider, ScopeMapping
|
||||
from authentik.providers.oauth2.tests.utils import OAuthTestCase
|
||||
|
||||
|
||||
class TestTokenClientCredentialsJWT(OAuthTestCase):
|
||||
"""Test token (client_credentials, with JWT) view"""
|
||||
|
||||
def setUp(self) -> None:
|
||||
super().setUp()
|
||||
ObjectManager().run()
|
||||
self.factory = RequestFactory()
|
||||
self.cert = create_test_cert()
|
||||
self.provider: OAuth2Provider = OAuth2Provider.objects.create(
|
||||
name="test",
|
||||
client_id=generate_id(),
|
||||
client_secret=generate_key(),
|
||||
authorization_flow=create_test_flow(),
|
||||
redirect_uris="http://testserver",
|
||||
signing_key=self.cert,
|
||||
)
|
||||
self.provider.verification_keys.set([self.cert])
|
||||
self.provider.property_mappings.set(ScopeMapping.objects.all())
|
||||
self.app = Application.objects.create(name="test", slug="test", provider=self.provider)
|
||||
|
||||
def test_invalid_type(self):
|
||||
"""test invalid type"""
|
||||
response = self.client.post(
|
||||
reverse("authentik_providers_oauth2:token"),
|
||||
{
|
||||
"grant_type": GRANT_TYPE_CLIENT_CREDENTIALS,
|
||||
"scope": f"{SCOPE_OPENID} {SCOPE_OPENID_EMAIL} {SCOPE_OPENID_PROFILE}",
|
||||
"client_id": self.provider.client_id,
|
||||
"client_assertion_type": "foo",
|
||||
"client_assertion": "foo.bar",
|
||||
},
|
||||
)
|
||||
self.assertEqual(response.status_code, 400)
|
||||
body = loads(response.content.decode())
|
||||
self.assertEqual(body["error"], "invalid_grant")
|
||||
|
||||
def test_invalid_jwt(self):
|
||||
"""test invalid JWT"""
|
||||
response = self.client.post(
|
||||
reverse("authentik_providers_oauth2:token"),
|
||||
{
|
||||
"grant_type": GRANT_TYPE_CLIENT_CREDENTIALS,
|
||||
"scope": f"{SCOPE_OPENID} {SCOPE_OPENID_EMAIL} {SCOPE_OPENID_PROFILE}",
|
||||
"client_id": self.provider.client_id,
|
||||
"client_assertion_type": "urn:ietf:params:oauth:client-assertion-type:jwt-bearer",
|
||||
"client_assertion": "foo.bar",
|
||||
},
|
||||
)
|
||||
self.assertEqual(response.status_code, 400)
|
||||
body = loads(response.content.decode())
|
||||
self.assertEqual(body["error"], "invalid_grant")
|
||||
|
||||
def test_invalid_signature(self):
|
||||
"""test invalid JWT"""
|
||||
token = self.provider.encode(
|
||||
{
|
||||
"sub": "foo",
|
||||
"exp": datetime.now() + timedelta(hours=2),
|
||||
}
|
||||
)
|
||||
response = self.client.post(
|
||||
reverse("authentik_providers_oauth2:token"),
|
||||
{
|
||||
"grant_type": GRANT_TYPE_CLIENT_CREDENTIALS,
|
||||
"scope": f"{SCOPE_OPENID} {SCOPE_OPENID_EMAIL} {SCOPE_OPENID_PROFILE}",
|
||||
"client_id": self.provider.client_id,
|
||||
"client_assertion_type": "urn:ietf:params:oauth:client-assertion-type:jwt-bearer",
|
||||
"client_assertion": token + "foo",
|
||||
},
|
||||
)
|
||||
self.assertEqual(response.status_code, 400)
|
||||
body = loads(response.content.decode())
|
||||
self.assertEqual(body["error"], "invalid_grant")
|
||||
|
||||
def test_invalid_expired(self):
|
||||
"""test invalid JWT"""
|
||||
token = self.provider.encode(
|
||||
{
|
||||
"sub": "foo",
|
||||
"exp": datetime.now() - timedelta(hours=2),
|
||||
}
|
||||
)
|
||||
response = self.client.post(
|
||||
reverse("authentik_providers_oauth2:token"),
|
||||
{
|
||||
"grant_type": GRANT_TYPE_CLIENT_CREDENTIALS,
|
||||
"scope": f"{SCOPE_OPENID} {SCOPE_OPENID_EMAIL} {SCOPE_OPENID_PROFILE}",
|
||||
"client_id": self.provider.client_id,
|
||||
"client_assertion_type": "urn:ietf:params:oauth:client-assertion-type:jwt-bearer",
|
||||
"client_assertion": token,
|
||||
},
|
||||
)
|
||||
self.assertEqual(response.status_code, 400)
|
||||
body = loads(response.content.decode())
|
||||
self.assertEqual(body["error"], "invalid_grant")
|
||||
|
||||
def test_invalid_no_app(self):
|
||||
"""test invalid JWT"""
|
||||
self.app.provider = None
|
||||
self.app.save()
|
||||
token = self.provider.encode(
|
||||
{
|
||||
"sub": "foo",
|
||||
"exp": datetime.now() + timedelta(hours=2),
|
||||
}
|
||||
)
|
||||
response = self.client.post(
|
||||
reverse("authentik_providers_oauth2:token"),
|
||||
{
|
||||
"grant_type": GRANT_TYPE_CLIENT_CREDENTIALS,
|
||||
"scope": f"{SCOPE_OPENID} {SCOPE_OPENID_EMAIL} {SCOPE_OPENID_PROFILE}",
|
||||
"client_id": self.provider.client_id,
|
||||
"client_assertion_type": "urn:ietf:params:oauth:client-assertion-type:jwt-bearer",
|
||||
"client_assertion": token,
|
||||
},
|
||||
)
|
||||
self.assertEqual(response.status_code, 400)
|
||||
body = loads(response.content.decode())
|
||||
self.assertEqual(body["error"], "invalid_grant")
|
||||
|
||||
def test_invalid_access_denied(self):
|
||||
"""test invalid JWT"""
|
||||
group = Group.objects.create(name="foo")
|
||||
PolicyBinding.objects.create(
|
||||
group=group,
|
||||
target=self.app,
|
||||
order=0,
|
||||
)
|
||||
token = self.provider.encode(
|
||||
{
|
||||
"sub": "foo",
|
||||
"exp": datetime.now() + timedelta(hours=2),
|
||||
}
|
||||
)
|
||||
response = self.client.post(
|
||||
reverse("authentik_providers_oauth2:token"),
|
||||
{
|
||||
"grant_type": GRANT_TYPE_CLIENT_CREDENTIALS,
|
||||
"scope": f"{SCOPE_OPENID} {SCOPE_OPENID_EMAIL} {SCOPE_OPENID_PROFILE}",
|
||||
"client_id": self.provider.client_id,
|
||||
"client_assertion_type": "urn:ietf:params:oauth:client-assertion-type:jwt-bearer",
|
||||
"client_assertion": token,
|
||||
},
|
||||
)
|
||||
self.assertEqual(response.status_code, 400)
|
||||
body = loads(response.content.decode())
|
||||
self.assertEqual(body["error"], "invalid_grant")
|
||||
|
||||
def test_successful(self):
|
||||
"""test successful"""
|
||||
token = self.provider.encode(
|
||||
{
|
||||
"sub": "foo",
|
||||
"exp": datetime.now() + timedelta(hours=2),
|
||||
}
|
||||
)
|
||||
response = self.client.post(
|
||||
reverse("authentik_providers_oauth2:token"),
|
||||
{
|
||||
"grant_type": GRANT_TYPE_CLIENT_CREDENTIALS,
|
||||
"scope": f"{SCOPE_OPENID} {SCOPE_OPENID_EMAIL} {SCOPE_OPENID_PROFILE}",
|
||||
"client_id": self.provider.client_id,
|
||||
"client_assertion_type": "urn:ietf:params:oauth:client-assertion-type:jwt-bearer",
|
||||
"client_assertion": token,
|
||||
},
|
||||
)
|
||||
self.assertEqual(response.status_code, 200)
|
||||
body = loads(response.content.decode())
|
||||
self.assertEqual(body["token_type"], "bearer")
|
||||
_, alg = self.provider.get_jwt_key()
|
||||
jwt = decode(
|
||||
body["access_token"],
|
||||
key=self.provider.signing_key.public_key,
|
||||
algorithms=[alg],
|
||||
audience=self.provider.client_id,
|
||||
)
|
||||
self.assertEqual(
|
||||
jwt["given_name"], "Autogenerated user from application test (client credentials JWT)"
|
||||
)
|
||||
self.assertEqual(jwt["preferred_username"], "test-foo")
|
|
@ -21,7 +21,6 @@ from authentik.core.models import (
|
|||
TokenIntents,
|
||||
User,
|
||||
)
|
||||
from authentik.crypto.models import CertificateKeyPair
|
||||
from authentik.events.models import Event, EventAction
|
||||
from authentik.lib.utils.time import timedelta_from_string
|
||||
from authentik.policies.engine import PolicyEngine
|
||||
|
@ -38,7 +37,6 @@ from authentik.providers.oauth2.errors import TokenError, UserAuthError
|
|||
from authentik.providers.oauth2.models import (
|
||||
AuthorizationCode,
|
||||
ClientTypes,
|
||||
JWTAlgorithms,
|
||||
OAuth2Provider,
|
||||
RefreshToken,
|
||||
)
|
||||
|
@ -292,26 +290,6 @@ class TokenParams:
|
|||
|
||||
token = None
|
||||
|
||||
# TODO: Remove in 2022.7, deprecated field `verification_keys``
|
||||
for cert in self.provider.verification_keys.all():
|
||||
LOGGER.debug("verifying jwt with key", key=cert.name)
|
||||
cert: CertificateKeyPair
|
||||
public_key = cert.certificate.public_key()
|
||||
if cert.private_key:
|
||||
public_key = cert.private_key.public_key()
|
||||
try:
|
||||
token = decode(
|
||||
assertion,
|
||||
public_key,
|
||||
algorithms=[JWTAlgorithms.RS256, JWTAlgorithms.ES256],
|
||||
options={
|
||||
"verify_aud": False,
|
||||
},
|
||||
)
|
||||
except (PyJWTError, ValueError, TypeError) as exc:
|
||||
LOGGER.warning("failed to validate jwt", exc=exc)
|
||||
# TODO: End remove block
|
||||
|
||||
source: Optional[OAuthSource] = None
|
||||
parsed_key: Optional[PyJWK] = None
|
||||
for source in self.provider.jwks_sources.all():
|
||||
|
|
27
schema.yml
27
schema.yml
|
@ -23237,15 +23237,6 @@ components:
|
|||
allOf:
|
||||
- $ref: '#/components/schemas/IssuerModeEnum'
|
||||
description: Configure how the issuer field of the ID Token should be filled.
|
||||
verification_keys:
|
||||
type: array
|
||||
items:
|
||||
type: string
|
||||
format: uuid
|
||||
title: Allowed certificates for JWT-based client_credentials
|
||||
title: Allowed certificates for JWT-based client_credentials
|
||||
description: DEPRECATED. JWTs created with the configured certificates can
|
||||
authenticate with this provider.
|
||||
jwks_sources:
|
||||
type: array
|
||||
items:
|
||||
|
@ -23325,15 +23316,6 @@ components:
|
|||
allOf:
|
||||
- $ref: '#/components/schemas/IssuerModeEnum'
|
||||
description: Configure how the issuer field of the ID Token should be filled.
|
||||
verification_keys:
|
||||
type: array
|
||||
items:
|
||||
type: string
|
||||
format: uuid
|
||||
title: Allowed certificates for JWT-based client_credentials
|
||||
title: Allowed certificates for JWT-based client_credentials
|
||||
description: DEPRECATED. JWTs created with the configured certificates can
|
||||
authenticate with this provider.
|
||||
jwks_sources:
|
||||
type: array
|
||||
items:
|
||||
|
@ -27711,15 +27693,6 @@ components:
|
|||
allOf:
|
||||
- $ref: '#/components/schemas/IssuerModeEnum'
|
||||
description: Configure how the issuer field of the ID Token should be filled.
|
||||
verification_keys:
|
||||
type: array
|
||||
items:
|
||||
type: string
|
||||
format: uuid
|
||||
title: Allowed certificates for JWT-based client_credentials
|
||||
title: Allowed certificates for JWT-based client_credentials
|
||||
description: DEPRECATED. JWTs created with the configured certificates can
|
||||
authenticate with this provider.
|
||||
jwks_sources:
|
||||
type: array
|
||||
items:
|
||||
|
|
|
@ -1552,7 +1552,6 @@ msgstr "{0} löschen"
|
|||
msgid "Deny the user access"
|
||||
msgstr "Dem Benutzer den Zugang verweigern"
|
||||
|
||||
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
|
||||
msgid "Deprecated. Instead of using this field, configure the JWKS data/URL in Sources."
|
||||
msgstr ""
|
||||
|
@ -2471,7 +2470,6 @@ msgstr "Interne Konten ausblenden"
|
|||
#: src/pages/outposts/OutpostForm.ts
|
||||
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/pages/providers/proxy/ProxyProviderForm.ts
|
||||
#: src/pages/providers/saml/SAMLProviderForm.ts
|
||||
#: src/pages/sources/ldap/LDAPSourceForm.ts
|
||||
|
@ -2753,7 +2751,6 @@ msgstr ""
|
|||
#~ msgid "JWT Algorithm"
|
||||
#~ msgstr "JWT Algorithmus"
|
||||
|
||||
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
|
||||
msgid "JWTs signed by certificates configured here can be used to authenticate to the provider."
|
||||
msgstr ""
|
||||
|
@ -2937,7 +2934,6 @@ msgstr "Wird geladen"
|
|||
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/pages/providers/proxy/ProxyProviderForm.ts
|
||||
#: src/pages/providers/proxy/ProxyProviderForm.ts
|
||||
#: src/pages/providers/proxy/ProxyProviderForm.ts
|
||||
|
@ -6308,8 +6304,8 @@ msgid "Verification Certificate"
|
|||
msgstr "Zertifikat zur Überprüfung"
|
||||
|
||||
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
|
||||
msgid "Verification certificates"
|
||||
msgstr ""
|
||||
#~ msgid "Verification certificates"
|
||||
#~ msgstr ""
|
||||
|
||||
#: src/pages/stages/authenticator_sms/AuthenticatorSMSStageForm.ts
|
||||
#~ msgid "Verify only"
|
||||
|
|
|
@ -1570,7 +1570,6 @@ msgstr "Delete {0}"
|
|||
msgid "Deny the user access"
|
||||
msgstr "Deny the user access"
|
||||
|
||||
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
|
||||
msgid "Deprecated. Instead of using this field, configure the JWKS data/URL in Sources."
|
||||
msgstr "Deprecated. Instead of using this field, configure the JWKS data/URL in Sources."
|
||||
|
@ -2510,7 +2509,6 @@ msgstr "Hide service-accounts"
|
|||
#: src/pages/outposts/OutpostForm.ts
|
||||
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/pages/providers/proxy/ProxyProviderForm.ts
|
||||
#: src/pages/providers/saml/SAMLProviderForm.ts
|
||||
#: src/pages/sources/ldap/LDAPSourceForm.ts
|
||||
|
@ -2803,7 +2801,6 @@ msgstr "JWKS URL"
|
|||
#~ msgid "JWT Algorithm"
|
||||
#~ msgstr "JWT Algorithm"
|
||||
|
||||
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
|
||||
msgid "JWTs signed by certificates configured here can be used to authenticate to the provider."
|
||||
msgstr "JWTs signed by certificates configured here can be used to authenticate to the provider."
|
||||
|
@ -2989,7 +2986,6 @@ msgstr "Loading"
|
|||
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/pages/providers/proxy/ProxyProviderForm.ts
|
||||
#: src/pages/providers/proxy/ProxyProviderForm.ts
|
||||
#: src/pages/providers/proxy/ProxyProviderForm.ts
|
||||
|
@ -6434,8 +6430,8 @@ msgid "Verification Certificate"
|
|||
msgstr "Verification Certificate"
|
||||
|
||||
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
|
||||
msgid "Verification certificates"
|
||||
msgstr "Verification certificates"
|
||||
#~ msgid "Verification certificates"
|
||||
#~ msgstr "Verification certificates"
|
||||
|
||||
#: src/pages/stages/authenticator_sms/AuthenticatorSMSStageForm.ts
|
||||
#~ msgid "Verify only"
|
||||
|
|
|
@ -1543,7 +1543,6 @@ msgstr "Eliminar {0}"
|
|||
msgid "Deny the user access"
|
||||
msgstr "Denegar el acceso al usuario"
|
||||
|
||||
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
|
||||
msgid "Deprecated. Instead of using this field, configure the JWKS data/URL in Sources."
|
||||
msgstr ""
|
||||
|
@ -2462,7 +2461,6 @@ msgstr "Ocultar cuentas de servicio"
|
|||
#: src/pages/outposts/OutpostForm.ts
|
||||
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/pages/providers/proxy/ProxyProviderForm.ts
|
||||
#: src/pages/providers/saml/SAMLProviderForm.ts
|
||||
#: src/pages/sources/ldap/LDAPSourceForm.ts
|
||||
|
@ -2746,7 +2744,6 @@ msgstr ""
|
|||
#~ msgid "JWT Algorithm"
|
||||
#~ msgstr "algoritmo JWT"
|
||||
|
||||
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
|
||||
msgid "JWTs signed by certificates configured here can be used to authenticate to the provider."
|
||||
msgstr ""
|
||||
|
@ -2930,7 +2927,6 @@ msgstr "Cargando"
|
|||
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/pages/providers/proxy/ProxyProviderForm.ts
|
||||
#: src/pages/providers/proxy/ProxyProviderForm.ts
|
||||
#: src/pages/providers/proxy/ProxyProviderForm.ts
|
||||
|
@ -6302,8 +6298,8 @@ msgid "Verification Certificate"
|
|||
msgstr "Certificado de verificación"
|
||||
|
||||
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
|
||||
msgid "Verification certificates"
|
||||
msgstr ""
|
||||
#~ msgid "Verification certificates"
|
||||
#~ msgstr ""
|
||||
|
||||
#: src/pages/stages/authenticator_sms/AuthenticatorSMSStageForm.ts
|
||||
#~ msgid "Verify only"
|
||||
|
|
|
@ -1555,7 +1555,6 @@ msgstr "Supprimer {0}"
|
|||
msgid "Deny the user access"
|
||||
msgstr "Refuser l'accès à l'utilisateu"
|
||||
|
||||
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
|
||||
msgid "Deprecated. Instead of using this field, configure the JWKS data/URL in Sources."
|
||||
msgstr ""
|
||||
|
@ -2488,7 +2487,6 @@ msgstr "Cacher les comptes de service"
|
|||
#: src/pages/outposts/OutpostForm.ts
|
||||
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/pages/providers/proxy/ProxyProviderForm.ts
|
||||
#: src/pages/providers/saml/SAMLProviderForm.ts
|
||||
#: src/pages/sources/ldap/LDAPSourceForm.ts
|
||||
|
@ -2776,7 +2774,6 @@ msgstr ""
|
|||
#~ msgid "JWT Algorithm"
|
||||
#~ msgstr "Algorithme JWT"
|
||||
|
||||
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
|
||||
msgid "JWTs signed by certificates configured here can be used to authenticate to the provider."
|
||||
msgstr ""
|
||||
|
@ -2961,7 +2958,6 @@ msgstr "Chargement en cours"
|
|||
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/pages/providers/proxy/ProxyProviderForm.ts
|
||||
#: src/pages/providers/proxy/ProxyProviderForm.ts
|
||||
#: src/pages/providers/proxy/ProxyProviderForm.ts
|
||||
|
@ -6363,8 +6359,8 @@ msgid "Verification Certificate"
|
|||
msgstr "Certificat de validation"
|
||||
|
||||
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
|
||||
msgid "Verification certificates"
|
||||
msgstr ""
|
||||
#~ msgid "Verification certificates"
|
||||
#~ msgstr ""
|
||||
|
||||
#: src/pages/stages/authenticator_sms/AuthenticatorSMSStageForm.ts
|
||||
#~ msgid "Verify only"
|
||||
|
|
|
@ -1540,7 +1540,6 @@ msgstr "Usuń {0}"
|
|||
msgid "Deny the user access"
|
||||
msgstr "Odmów użytkownikowi dostępu"
|
||||
|
||||
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
|
||||
msgid "Deprecated. Instead of using this field, configure the JWKS data/URL in Sources."
|
||||
msgstr ""
|
||||
|
@ -2459,7 +2458,6 @@ msgstr "Ukryj konta serwisowe"
|
|||
#: src/pages/outposts/OutpostForm.ts
|
||||
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/pages/providers/proxy/ProxyProviderForm.ts
|
||||
#: src/pages/providers/saml/SAMLProviderForm.ts
|
||||
#: src/pages/sources/ldap/LDAPSourceForm.ts
|
||||
|
@ -2743,7 +2741,6 @@ msgstr ""
|
|||
#~ msgid "JWT Algorithm"
|
||||
#~ msgstr "Algorytm JWT"
|
||||
|
||||
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
|
||||
msgid "JWTs signed by certificates configured here can be used to authenticate to the provider."
|
||||
msgstr ""
|
||||
|
@ -2927,7 +2924,6 @@ msgstr "Ładowanie"
|
|||
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/pages/providers/proxy/ProxyProviderForm.ts
|
||||
#: src/pages/providers/proxy/ProxyProviderForm.ts
|
||||
#: src/pages/providers/proxy/ProxyProviderForm.ts
|
||||
|
@ -6299,8 +6295,8 @@ msgid "Verification Certificate"
|
|||
msgstr "Certyfikat weryfikacji"
|
||||
|
||||
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
|
||||
msgid "Verification certificates"
|
||||
msgstr ""
|
||||
#~ msgid "Verification certificates"
|
||||
#~ msgstr ""
|
||||
|
||||
#: src/pages/stages/authenticator_sms/AuthenticatorSMSStageForm.ts
|
||||
#~ msgid "Verify only"
|
||||
|
|
|
@ -1556,7 +1556,6 @@ msgstr ""
|
|||
msgid "Deny the user access"
|
||||
msgstr ""
|
||||
|
||||
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
|
||||
msgid "Deprecated. Instead of using this field, configure the JWKS data/URL in Sources."
|
||||
msgstr ""
|
||||
|
@ -2496,7 +2495,6 @@ msgstr ""
|
|||
#: src/pages/outposts/OutpostForm.ts
|
||||
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/pages/providers/proxy/ProxyProviderForm.ts
|
||||
#: src/pages/providers/saml/SAMLProviderForm.ts
|
||||
#: src/pages/sources/ldap/LDAPSourceForm.ts
|
||||
|
@ -2785,7 +2783,6 @@ msgstr ""
|
|||
#~ msgid "JWT Algorithm"
|
||||
#~ msgstr ""
|
||||
|
||||
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
|
||||
msgid "JWTs signed by certificates configured here can be used to authenticate to the provider."
|
||||
msgstr ""
|
||||
|
@ -2971,7 +2968,6 @@ msgstr ""
|
|||
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/pages/providers/proxy/ProxyProviderForm.ts
|
||||
#: src/pages/providers/proxy/ProxyProviderForm.ts
|
||||
#: src/pages/providers/proxy/ProxyProviderForm.ts
|
||||
|
@ -6404,8 +6400,8 @@ msgid "Verification Certificate"
|
|||
msgstr ""
|
||||
|
||||
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
|
||||
msgid "Verification certificates"
|
||||
msgstr ""
|
||||
#~ msgid "Verification certificates"
|
||||
#~ msgstr ""
|
||||
|
||||
#: src/pages/stages/authenticator_sms/AuthenticatorSMSStageForm.ts
|
||||
#~ msgid "Verify only"
|
||||
|
|
|
@ -1543,7 +1543,6 @@ msgstr "{0} Sil"
|
|||
msgid "Deny the user access"
|
||||
msgstr "Kullanıcı erişimini engelle"
|
||||
|
||||
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
|
||||
msgid "Deprecated. Instead of using this field, configure the JWKS data/URL in Sources."
|
||||
msgstr ""
|
||||
|
@ -2462,7 +2461,6 @@ msgstr "Hizmet hesaplarını gizle"
|
|||
#: src/pages/outposts/OutpostForm.ts
|
||||
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/pages/providers/proxy/ProxyProviderForm.ts
|
||||
#: src/pages/providers/saml/SAMLProviderForm.ts
|
||||
#: src/pages/sources/ldap/LDAPSourceForm.ts
|
||||
|
@ -2747,7 +2745,6 @@ msgstr ""
|
|||
#~ msgid "JWT Algorithm"
|
||||
#~ msgstr "JWT Algoritması"
|
||||
|
||||
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
|
||||
msgid "JWTs signed by certificates configured here can be used to authenticate to the provider."
|
||||
msgstr ""
|
||||
|
@ -2931,7 +2928,6 @@ msgstr "Yükleniyor"
|
|||
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/pages/providers/proxy/ProxyProviderForm.ts
|
||||
#: src/pages/providers/proxy/ProxyProviderForm.ts
|
||||
#: src/pages/providers/proxy/ProxyProviderForm.ts
|
||||
|
@ -6304,8 +6300,8 @@ msgid "Verification Certificate"
|
|||
msgstr "Doğrulama Sertifikası"
|
||||
|
||||
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
|
||||
msgid "Verification certificates"
|
||||
msgstr ""
|
||||
#~ msgid "Verification certificates"
|
||||
#~ msgstr ""
|
||||
|
||||
#: src/pages/stages/authenticator_sms/AuthenticatorSMSStageForm.ts
|
||||
#~ msgid "Verify only"
|
||||
|
|
|
@ -1540,7 +1540,6 @@ msgstr "删除 {0}"
|
|||
msgid "Deny the user access"
|
||||
msgstr "拒绝用户访问"
|
||||
|
||||
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
|
||||
msgid "Deprecated. Instead of using this field, configure the JWKS data/URL in Sources."
|
||||
msgstr ""
|
||||
|
@ -2451,7 +2450,6 @@ msgstr "隐藏服务账户"
|
|||
#: src/pages/outposts/OutpostForm.ts
|
||||
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/pages/providers/proxy/ProxyProviderForm.ts
|
||||
#: src/pages/providers/saml/SAMLProviderForm.ts
|
||||
#: src/pages/sources/ldap/LDAPSourceForm.ts
|
||||
|
@ -2734,7 +2732,6 @@ msgstr ""
|
|||
#~ msgid "JWT Algorithm"
|
||||
#~ msgstr "JWT 算法"
|
||||
|
||||
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
|
||||
msgid "JWTs signed by certificates configured here can be used to authenticate to the provider."
|
||||
msgstr "此处配置的证书签名的 JWT 可以用于此提供程序的身份验证。"
|
||||
|
@ -2917,7 +2914,6 @@ msgstr "正在加载"
|
|||
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/pages/providers/proxy/ProxyProviderForm.ts
|
||||
#: src/pages/providers/proxy/ProxyProviderForm.ts
|
||||
#: src/pages/providers/proxy/ProxyProviderForm.ts
|
||||
|
@ -6270,8 +6266,8 @@ msgid "Verification Certificate"
|
|||
msgstr "验证证书"
|
||||
|
||||
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
|
||||
msgid "Verification certificates"
|
||||
msgstr "验证证书"
|
||||
#~ msgid "Verification certificates"
|
||||
#~ msgstr "验证证书"
|
||||
|
||||
#: src/pages/stages/authenticator_sms/AuthenticatorSMSStageForm.ts
|
||||
#~ msgid "Verify only"
|
||||
|
|
|
@ -1540,7 +1540,6 @@ msgstr "删除 {0}"
|
|||
msgid "Deny the user access"
|
||||
msgstr "拒绝用户访问"
|
||||
|
||||
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
|
||||
msgid "Deprecated. Instead of using this field, configure the JWKS data/URL in Sources."
|
||||
msgstr ""
|
||||
|
@ -2451,7 +2450,6 @@ msgstr "隐藏服务账户"
|
|||
#: src/pages/outposts/OutpostForm.ts
|
||||
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/pages/providers/proxy/ProxyProviderForm.ts
|
||||
#: src/pages/providers/saml/SAMLProviderForm.ts
|
||||
#: src/pages/sources/ldap/LDAPSourceForm.ts
|
||||
|
@ -2734,7 +2732,6 @@ msgstr ""
|
|||
#~ msgid "JWT Algorithm"
|
||||
#~ msgstr "JWT 算法"
|
||||
|
||||
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
|
||||
msgid "JWTs signed by certificates configured here can be used to authenticate to the provider."
|
||||
msgstr "此处配置的证书签名的 JWT 可以用于此提供程序的身份验证。"
|
||||
|
@ -2917,7 +2914,6 @@ msgstr "正在加载"
|
|||
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/pages/providers/proxy/ProxyProviderForm.ts
|
||||
#: src/pages/providers/proxy/ProxyProviderForm.ts
|
||||
#: src/pages/providers/proxy/ProxyProviderForm.ts
|
||||
|
@ -6270,8 +6266,8 @@ msgid "Verification Certificate"
|
|||
msgstr "验证证书"
|
||||
|
||||
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
|
||||
msgid "Verification certificates"
|
||||
msgstr "验证证书"
|
||||
#~ msgid "Verification certificates"
|
||||
#~ msgstr "验证证书"
|
||||
|
||||
#: src/pages/stages/authenticator_sms/AuthenticatorSMSStageForm.ts
|
||||
#~ msgid "Verify only"
|
||||
|
|
|
@ -405,44 +405,6 @@ ${this.instance?.redirectUris}</textarea
|
|||
${t`Hold control/command to select multiple items.`}
|
||||
</p>
|
||||
</ak-form-element-horizontal>
|
||||
<ak-form-element-horizontal
|
||||
label=${t`Verification certificates`}
|
||||
name="verificationKeys"
|
||||
>
|
||||
<select class="pf-c-form-control" multiple>
|
||||
${until(
|
||||
new CryptoApi(DEFAULT_CONFIG)
|
||||
.cryptoCertificatekeypairsList({
|
||||
ordering: "name",
|
||||
})
|
||||
.then((keys) => {
|
||||
return keys.results.map((key) => {
|
||||
const selected = (
|
||||
this.instance?.verificationKeys || []
|
||||
).some((su) => {
|
||||
return su == key.pk;
|
||||
});
|
||||
return html`<option
|
||||
value=${key.pk}
|
||||
?selected=${selected}
|
||||
>
|
||||
${key.name} (${key.privateKeyType?.toUpperCase()})
|
||||
</option>`;
|
||||
});
|
||||
}),
|
||||
html`<option>${t`Loading...`}</option>`,
|
||||
)}
|
||||
</select>
|
||||
<p class="pf-c-form__helper-text">
|
||||
${t`Deprecated. Instead of using this field, configure the JWKS data/URL in Sources.`}
|
||||
</p>
|
||||
<p class="pf-c-form__helper-text">
|
||||
${t`JWTs signed by certificates configured here can be used to authenticate to the provider.`}
|
||||
</p>
|
||||
<p class="pf-c-form__helper-text">
|
||||
${t`Hold control/command to select multiple items.`}
|
||||
</p>
|
||||
</ak-form-element-horizontal>
|
||||
</div>
|
||||
</ak-form-group>
|
||||
</form>`;
|
||||
|
|
Reference in New Issue