From b19da6d774a0cf432c05518c08056b70b946155a Mon Sep 17 00:00:00 2001
From: Jens Langhammer <jens.langhammer@beryju.org>
Date: Sat, 25 Dec 2021 16:51:28 +0100
Subject: [PATCH] crypto: return private key's type (required for some oauth2
 providers)

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
---
 authentik/crypto/api.py                              | 11 +++++++++++
 schema.yml                                           |  5 +++++
 web/src/pages/providers/oauth2/OAuth2ProviderForm.ts |  2 +-
 3 files changed, 17 insertions(+), 1 deletion(-)

diff --git a/authentik/crypto/api.py b/authentik/crypto/api.py
index 6f14fc115..539e3c93e 100644
--- a/authentik/crypto/api.py
+++ b/authentik/crypto/api.py
@@ -1,4 +1,6 @@
 """Crypto API Views"""
+from typing import Optional
+
 from cryptography.hazmat.backends import default_backend
 from cryptography.hazmat.primitives.serialization import load_pem_private_key
 from cryptography.x509 import load_pem_x509_certificate
@@ -31,6 +33,7 @@ class CertificateKeyPairSerializer(ModelSerializer):
     cert_expiry = DateTimeField(source="certificate.not_valid_after", read_only=True)
     cert_subject = SerializerMethodField()
     private_key_available = SerializerMethodField()
+    private_key_type = SerializerMethodField()
 
     certificate_download_url = SerializerMethodField()
     private_key_download_url = SerializerMethodField()
@@ -43,6 +46,13 @@ class CertificateKeyPairSerializer(ModelSerializer):
         """Show if this keypair has a private key configured or not"""
         return instance.key_data != "" and instance.key_data is not None
 
+    def get_private_key_type(self, instance: CertificateKeyPair) -> Optional[str]:
+        """Get the private key's type, if set"""
+        key = instance.private_key
+        if key:
+            return key.__class__.__name__.replace("_", "").lower().replace("privatekey", "")
+        return None
+
     def get_certificate_download_url(self, instance: CertificateKeyPair) -> str:
         """Get URL to download certificate"""
         return (
@@ -98,6 +108,7 @@ class CertificateKeyPairSerializer(ModelSerializer):
             "cert_expiry",
             "cert_subject",
             "private_key_available",
+            "private_key_type",
             "certificate_download_url",
             "private_key_download_url",
             "managed",
diff --git a/schema.yml b/schema.yml
index 78ac85f86..6c23ce225 100644
--- a/schema.yml
+++ b/schema.yml
@@ -20221,6 +20221,10 @@ components:
         private_key_available:
           type: boolean
           readOnly: true
+        private_key_type:
+          type: string
+          nullable: true
+          readOnly: true
         certificate_download_url:
           type: string
           readOnly: true
@@ -20245,6 +20249,7 @@ components:
       - pk
       - private_key_available
       - private_key_download_url
+      - private_key_type
     CertificateKeyPairRequest:
       type: object
       description: CertificateKeyPair Serializer
diff --git a/web/src/pages/providers/oauth2/OAuth2ProviderForm.ts b/web/src/pages/providers/oauth2/OAuth2ProviderForm.ts
index cf42b3dcb..9af90b8fc 100644
--- a/web/src/pages/providers/oauth2/OAuth2ProviderForm.ts
+++ b/web/src/pages/providers/oauth2/OAuth2ProviderForm.ts
@@ -195,7 +195,7 @@ ${this.instance?.redirectUris}</textarea
                                                 value=${ifDefined(key.pk)}
                                                 ?selected=${selected}
                                             >
-                                                ${key.name}
+                                                ${key.name} (${key.privateKeyType?.toUpperCase()})
                                             </option>`;
                                         });
                                     }),