trustchain-oc1-orchestral
/
authentik
Archived
10
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

providers/oauth2: add access_code_validity (#795) 

closes #794

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens L 2021-04-28 21:03:43 +02:00 committed by GitHub
parent 43c87f87c3
commit c4e4e17f93
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
10 changed files with 184 additions and 93 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
authentik/providers/oauth2/api/provider.py
View File

@ -38,6 +38,7 @@ class OAuth2ProviderSerializer(ProviderSerializer):
"client_type",
"client_id",
"client_secret",
"access_code_validity",
"token_validity",
"include_claims_in_id_token",
"jwt_alg",

24
authentik/providers/oauth2/migrations/0012_oauth2provider_access_code_validity.py Normal file
View File

@ -0,0 +1,24 @@
# Generated by Django 3.2 on 2021-04-28 18:17
from django.db import migrations, models
import authentik.lib.utils.time
class Migration(migrations.Migration):
dependencies = [
("authentik_providers_oauth2", "0011_managed"),
]
operations = [
migrations.AddField(
model_name="oauth2provider",
name="access_code_validity",
field=models.TextField(
default="minutes=1",
help_text="Access codes not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3).",
validators=[authentik.lib.utils.time.timedelta_string_validator],
),
),
]

10
authentik/providers/oauth2/models.py
View File

@ -175,6 +175,16 @@ class OAuth2Provider(Provider):
),
)
access_code_validity = models.TextField(
default="minutes=1",
validators=[timedelta_string_validator],
help_text=_(
(
"Access codes not valid on or after current time + this value "
"(Format: hours=1;minutes=2;seconds=3)."
)
),
)
token_validity = models.TextField(
default="minutes=10",
validators=[timedelta_string_validator],

2
authentik/providers/oauth2/views/authorize.py
View File

@ -219,7 +219,7 @@ class OAuthAuthorizationParams:
code.code_challenge_method = self.code_challenge_method
code.expires_at = timezone.now() + timedelta_from_string(
self.provider.token_validity
self.provider.access_code_validity
)
code.scope = self.scope
code.nonce = self.nonce

6
swagger.yaml
View File

@ -15547,6 +15547,12 @@ definitions:
title: Client Secret
type: string
maxLength: 255
access_code_validity:
title: Access code validity
description: 'Access codes not valid on or after current time + this value
(Format: hours=1;minutes=2;seconds=3).'
type: string
minLength: 1
token_validity:
title: Token validity
description: 'Tokens not valid on or after current time + this value (Format:

109
web/src/locales/en.po
View File

@ -13,6 +13,13 @@ msgstr ""
"Language-Team: \n"
"Plural-Forms: \n"
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:141
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:149
#: src/pages/providers/saml/SAMLProviderForm.ts:202
#: src/pages/stages/user_login/UserLoginStageForm.ts:71
msgid "(Format: hours=-1;minutes=-2;seconds=-3)."
msgstr "(Format: hours=-1;minutes=-2;seconds=-3)."
#: src/pages/policies/BoundPoliciesList.ts:59
msgid "-"
msgstr "-"
@ -68,6 +75,10 @@ msgstr "API request failed"
msgid "Access Key"
msgstr "Access Key"
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:136
msgid "Access code validity"
msgstr "Access code validity"
#: src/pages/sources/oauth/OAuthSourceForm.ts:73
msgid "Access token URL"
msgstr "Access token URL"
@ -125,7 +136,7 @@ msgstr "Affected model:"
msgid "Alert"
msgstr "Alert"
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:153
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:163
msgid "Algorithm used to sign the JWT Tokens."
msgstr "Algorithm used to sign the JWT Tokens."
@ -220,7 +231,7 @@ msgstr "Are you sure you want to delete {0} {objName} ?"
msgid "Are you sure you want to update {0} \"{1}\"?"
msgstr "Are you sure you want to update {0} \"{1}\"?"
#: src/pages/providers/saml/SAMLProviderForm.ts:208
#: src/pages/providers/saml/SAMLProviderForm.ts:209
msgid "Assertion not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3)."
msgstr "Assertion not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3)."
@ -228,11 +239,7 @@ msgstr "Assertion not valid on or after current time + this value (Format: hours
msgid "Assertion valid not before"
msgstr "Assertion valid not before"
#: src/pages/providers/saml/SAMLProviderForm.ts:201
msgid "Assertion valid not before current time + this value (Format: hours=-1;minutes=-2;seconds=-3)."
msgstr "Assertion valid not before current time + this value (Format: hours=-1;minutes=-2;seconds=-3)."
#: src/pages/providers/saml/SAMLProviderForm.ts:204
#: src/pages/providers/saml/SAMLProviderForm.ts:205
msgid "Assertion valid not on or after"
msgstr "Assertion valid not on or after"
@ -342,19 +349,19 @@ msgstr "Backup status"
msgid "Base DN"
msgstr "Base DN"
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:203
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:213
msgid "Based on the Hashed User ID"
msgstr "Based on the Hashed User ID"
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:209
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:219
msgid "Based on the User's Email. This is recommended over the UPN method."
msgstr "Based on the User's Email. This is recommended over the UPN method."
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:212
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:222
msgid "Based on the User's UPN, only works if user has a 'upn' attribute set. Use this method only if you have different UPN and Mail domains."
msgstr "Based on the User's UPN, only works if user has a 'upn' attribute set. Use this method only if you have different UPN and Mail domains."
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:206
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:216
msgid "Based on the username"
msgstr "Based on the username"
@ -592,11 +599,19 @@ msgstr "Configuration flow"
msgid "Configure WebAuthn"
msgstr "Configure WebAuthn"
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:140
msgid "Configure how long access codes are valid for."
msgstr "Configure how long access codes are valid for."
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:148
msgid "Configure how long refresh tokens and their id_tokens are valid for."
msgstr "Configure how long refresh tokens and their id_tokens are valid for."
#: src/pages/providers/saml/SAMLProviderForm.ts:193
msgid "Configure how the NameID value will be created. When left empty, the NameIDPolicy of the incoming request will be respected."
msgstr "Configure how the NameID value will be created. When left empty, the NameIDPolicy of the incoming request will be respected."
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:241
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:251
msgid "Configure how the issuer field of the ID Token should be filled."
msgstr "Configure how the issuer field of the ID Token should be filled."
@ -604,7 +619,11 @@ msgstr "Configure how the issuer field of the ID Token should be filled."
msgid "Configure settings relevant to your user profile."
msgstr "Configure settings relevant to your user profile."
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:216
#: src/pages/providers/saml/SAMLProviderForm.ts:201
msgid "Configure the maximum allowed time drift for an asseration."
msgstr "Configure the maximum allowed time drift for an asseration."
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:226
msgid "Configure what data should be used as unique User Identifier. For most cases, the default should be fine."
msgstr "Configure what data should be used as unique User Identifier. For most cases, the default should be fine."
@ -846,7 +865,7 @@ msgstr "Creation Date"
msgid "Customisation"
msgstr "Customisation"
#: src/pages/providers/saml/SAMLProviderForm.ts:255
#: src/pages/providers/saml/SAMLProviderForm.ts:256
#: src/pages/sources/saml/SAMLSourceForm.ts:212
msgid "DSA-SHA1"
msgstr "DSA-SHA1"
@ -956,8 +975,8 @@ msgid "Determines how authentik sends the response back to the Service Provider.
msgstr "Determines how authentik sends the response back to the Service Provider."
#: src/pages/stages/user_login/UserLoginStageForm.ts:70
msgid "Determines how long a session lasts. Default of 0 seconds means that the sessions lasts until the browser is closed. (Format: hours=-1;minutes=-2;seconds=-3)."
msgstr "Determines how long a session lasts. Default of 0 seconds means that the sessions lasts until the browser is closed. (Format: hours=-1;minutes=-2;seconds=-3)."
msgid "Determines how long a session lasts. Default of 0 seconds means that the sessions lasts until the browser is closed."
msgstr "Determines how long a session lasts. Default of 0 seconds means that the sessions lasts until the browser is closed."
#: src/pages/stages/authenticator_validate/AuthenticatorValidateStageForm.ts:113
msgid "Device classes which can be used to authenticate."
@ -967,7 +986,7 @@ msgstr "Device classes which can be used to authenticate."
msgid "Device name"
msgstr "Device name"
#: src/pages/providers/saml/SAMLProviderForm.ts:219
#: src/pages/providers/saml/SAMLProviderForm.ts:220
#: src/pages/sources/saml/SAMLSourceForm.ts:176
msgid "Digest algorithm"
msgstr "Digest algorithm"
@ -1010,7 +1029,7 @@ msgstr "Download"
msgid "Dummy stage used for testing. Shows a simple continue button and always passes."
msgstr "Dummy stage used for testing. Shows a simple continue button and always passes."
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:234
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:244
msgid "Each provider has a different issuer, based on the application slug."
msgstr "Each provider has a different issuer, based on the application slug."
@ -1451,7 +1470,7 @@ msgstr "Group {0}"
msgid "Groups"
msgstr "Groups"
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:150
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:160
msgid "HS256 (Symmetric Encryption)"
msgstr "HS256 (Symmetric Encryption)"
@ -1478,7 +1497,7 @@ msgstr "Hide managed mappings"
#: src/pages/events/RuleForm.ts:93
#: src/pages/groups/GroupForm.ts:131
#: src/pages/outposts/OutpostForm.ts:98
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:178
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:188
#: src/pages/providers/saml/SAMLProviderForm.ts:177
#: src/pages/sources/ldap/LDAPSourceForm.ts:167
#: src/pages/sources/ldap/LDAPSourceForm.ts:193
@ -1552,11 +1571,11 @@ msgstr "Import certificates of external providers or create certificates to sign
msgid "In case you can't access any other method."
msgstr "In case you can't access any other method."
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:226
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:236
msgid "Include User claims from scopes in the id_token, for applications that don't access the userinfo endpoint."
msgstr "Include User claims from scopes in the id_token, for applications that don't access the userinfo endpoint."
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:223
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:233
msgid "Include claims in id_token"
msgstr "Include claims in id_token"
@ -1600,15 +1619,15 @@ msgstr "Is superuser"
msgid "Issuer"
msgstr "Issuer"
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:229
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:239
msgid "Issuer mode"
msgstr "Issuer mode"
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:142
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:152
msgid "JWT Algorithm"
msgstr "JWT Algorithm"
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:195
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:205
msgid "Key used to sign the tokens. Only required when JWT Algorithm is set to RS256."
msgstr "Key used to sign the tokens. Only required when JWT Algorithm is set to RS256."
@ -1707,8 +1726,8 @@ msgstr "Loading"
#: src/pages/policies/event_matcher/EventMatcherPolicyForm.ts:108
#: src/pages/property-mappings/PropertyMappingTestForm.ts:61
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:74
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:175
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:193
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:185
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:203
#: src/pages/providers/proxy/ProxyProviderForm.ts:92
#: src/pages/providers/proxy/ProxyProviderForm.ts:145
#: src/pages/providers/saml/SAMLProviderForm.ts:71
@ -2440,30 +2459,30 @@ msgstr "Public key, acquired from https://www.google.com/recaptcha/intro/v3.html
msgid "Publisher"
msgstr "Publisher"
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:147
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:157
msgid "RS256 (Asymmetric Encryption)"
msgstr "RS256 (Asymmetric Encryption)"
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:181
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:191
msgid "RSA Key"
msgstr "RSA Key"
#: src/pages/providers/saml/SAMLProviderForm.ts:243
#: src/pages/providers/saml/SAMLProviderForm.ts:244
#: src/pages/sources/saml/SAMLSourceForm.ts:200
msgid "RSA-SHA1"
msgstr "RSA-SHA1"
#: src/pages/providers/saml/SAMLProviderForm.ts:246
#: src/pages/providers/saml/SAMLProviderForm.ts:247
#: src/pages/sources/saml/SAMLSourceForm.ts:203
msgid "RSA-SHA256"
msgstr "RSA-SHA256"
#: src/pages/providers/saml/SAMLProviderForm.ts:249
#: src/pages/providers/saml/SAMLProviderForm.ts:250
#: src/pages/sources/saml/SAMLSourceForm.ts:206
msgid "RSA-SHA384"
msgstr "RSA-SHA384"
#: src/pages/providers/saml/SAMLProviderForm.ts:252
#: src/pages/providers/saml/SAMLProviderForm.ts:253
#: src/pages/sources/saml/SAMLSourceForm.ts:209
msgid "RSA-SHA512"
msgstr "RSA-SHA512"
@ -2591,22 +2610,22 @@ msgstr "Return to device picker"
msgid "SAML Attribute Name"
msgstr "SAML Attribute Name"
#: src/pages/providers/saml/SAMLProviderForm.ts:224
#: src/pages/providers/saml/SAMLProviderForm.ts:225
#: src/pages/sources/saml/SAMLSourceForm.ts:181
msgid "SHA1"
msgstr "SHA1"
#: src/pages/providers/saml/SAMLProviderForm.ts:227
#: src/pages/providers/saml/SAMLProviderForm.ts:228
#: src/pages/sources/saml/SAMLSourceForm.ts:184
msgid "SHA256"
msgstr "SHA256"
#: src/pages/providers/saml/SAMLProviderForm.ts:230
#: src/pages/providers/saml/SAMLProviderForm.ts:231
#: src/pages/sources/saml/SAMLSourceForm.ts:187
msgid "SHA384"
msgstr "SHA384"
#: src/pages/providers/saml/SAMLProviderForm.ts:233
#: src/pages/providers/saml/SAMLProviderForm.ts:234
#: src/pages/sources/saml/SAMLSourceForm.ts:190
msgid "SHA512"
msgstr "SHA512"
@ -2637,7 +2656,7 @@ msgstr "SMTP Username"
msgid "SSO URL"
msgstr "SSO URL"
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:237
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:247
msgid "Same identifier is used for all providers"
msgstr "Same identifier is used for all providers"
@ -2651,7 +2670,7 @@ msgstr "Scope which the client can specify to access these properties."
#: src/elements/oauth/UserCodeList.ts:31
#: src/elements/oauth/UserRefreshList.ts:31
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:156
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:166
msgid "Scopes"
msgstr "Scopes"
@ -2686,7 +2705,7 @@ msgstr "Select an identification method."
msgid "Select users to add"
msgstr "Select users to add"
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:177
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:187
msgid "Select which scopes can be used by the client. The client stil has to specify the scope to access the data."
msgstr "Select which scopes can be used by the client. The client stil has to specify the scope to access the data."
@ -2747,11 +2766,11 @@ msgstr "Service connection"
msgid "Session duration"
msgstr "Session duration"
#: src/pages/providers/saml/SAMLProviderForm.ts:215
#: src/pages/providers/saml/SAMLProviderForm.ts:216
msgid "Session not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3)."
msgstr "Session not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3)."
#: src/pages/providers/saml/SAMLProviderForm.ts:211
#: src/pages/providers/saml/SAMLProviderForm.ts:212
msgid "Session valid not on or after"
msgstr "Session valid not on or after"
@ -2792,7 +2811,7 @@ msgstr "Shown as the Title in Flow pages."
msgid "Sign up."
msgstr "Sign up."
#: src/pages/providers/saml/SAMLProviderForm.ts:238
#: src/pages/providers/saml/SAMLProviderForm.ts:239
#: src/pages/sources/saml/SAMLSourceForm.ts:195
msgid "Signature algorithm"
msgstr "Signature algorithm"
@ -2947,7 +2966,7 @@ msgstr "Stop impersonation"
msgid "Subject"
msgstr "Subject"
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:198
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:208
msgid "Subject mode"
msgstr "Subject mode"
@ -3395,7 +3414,7 @@ msgstr "Token count"
msgid "Token expiry"
msgstr "Token expiry"
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:136
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:144
msgid "Token validity"
msgstr "Token validity"

107
web/src/locales/pseudo-LOCALE.po
View File

@ -13,6 +13,13 @@ msgstr ""
"Language-Team: \n"
"Plural-Forms: \n"
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:141
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:149
#: src/pages/providers/saml/SAMLProviderForm.ts:202
#: src/pages/stages/user_login/UserLoginStageForm.ts:71
msgid "(Format: hours=-1;minutes=-2;seconds=-3)."
msgstr ""
#: src/pages/policies/BoundPoliciesList.ts:59
msgid "-"
msgstr ""
@ -68,6 +75,10 @@ msgstr ""
msgid "Access Key"
msgstr ""
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:136
msgid "Access code validity"
msgstr ""
#: src/pages/sources/oauth/OAuthSourceForm.ts:73
msgid "Access token URL"
msgstr ""
@ -125,7 +136,7 @@ msgstr ""
msgid "Alert"
msgstr ""
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:153
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:163
msgid "Algorithm used to sign the JWT Tokens."
msgstr ""
@ -216,7 +227,7 @@ msgstr ""
msgid "Are you sure you want to update {0} \"{1}\"?"
msgstr ""
#: src/pages/providers/saml/SAMLProviderForm.ts:208
#: src/pages/providers/saml/SAMLProviderForm.ts:209
msgid "Assertion not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3)."
msgstr ""
@ -224,11 +235,7 @@ msgstr ""
msgid "Assertion valid not before"
msgstr ""
#: src/pages/providers/saml/SAMLProviderForm.ts:201
msgid "Assertion valid not before current time + this value (Format: hours=-1;minutes=-2;seconds=-3)."
msgstr ""
#: src/pages/providers/saml/SAMLProviderForm.ts:204
#: src/pages/providers/saml/SAMLProviderForm.ts:205
msgid "Assertion valid not on or after"
msgstr ""
@ -338,19 +345,19 @@ msgstr ""
msgid "Base DN"
msgstr ""
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:203
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:213
msgid "Based on the Hashed User ID"
msgstr ""
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:209
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:219
msgid "Based on the User's Email. This is recommended over the UPN method."
msgstr ""
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:212
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:222
msgid "Based on the User's UPN, only works if user has a 'upn' attribute set. Use this method only if you have different UPN and Mail domains."
msgstr ""
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:206
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:216
msgid "Based on the username"
msgstr ""
@ -586,11 +593,19 @@ msgstr ""
msgid "Configure WebAuthn"
msgstr ""
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:140
msgid "Configure how long access codes are valid for."
msgstr ""
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:148
msgid "Configure how long refresh tokens and their id_tokens are valid for."
msgstr ""
#: src/pages/providers/saml/SAMLProviderForm.ts:193
msgid "Configure how the NameID value will be created. When left empty, the NameIDPolicy of the incoming request will be respected."
msgstr ""
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:241
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:251
msgid "Configure how the issuer field of the ID Token should be filled."
msgstr ""
@ -598,7 +613,11 @@ msgstr ""
msgid "Configure settings relevant to your user profile."
msgstr ""
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:216
#: src/pages/providers/saml/SAMLProviderForm.ts:201
msgid "Configure the maximum allowed time drift for an asseration."
msgstr ""
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:226
msgid "Configure what data should be used as unique User Identifier. For most cases, the default should be fine."
msgstr ""
@ -840,7 +859,7 @@ msgstr ""
msgid "Customisation"
msgstr ""
#: src/pages/providers/saml/SAMLProviderForm.ts:255
#: src/pages/providers/saml/SAMLProviderForm.ts:256
#: src/pages/sources/saml/SAMLSourceForm.ts:212
msgid "DSA-SHA1"
msgstr ""
@ -948,7 +967,7 @@ msgid "Determines how authentik sends the response back to the Service Provider.
msgstr ""
#: src/pages/stages/user_login/UserLoginStageForm.ts:70
msgid "Determines how long a session lasts. Default of 0 seconds means that the sessions lasts until the browser is closed. (Format: hours=-1;minutes=-2;seconds=-3)."
msgid "Determines how long a session lasts. Default of 0 seconds means that the sessions lasts until the browser is closed."
msgstr ""
#: src/pages/stages/authenticator_validate/AuthenticatorValidateStageForm.ts:113
@ -959,7 +978,7 @@ msgstr ""
msgid "Device name"
msgstr ""
#: src/pages/providers/saml/SAMLProviderForm.ts:219
#: src/pages/providers/saml/SAMLProviderForm.ts:220
#: src/pages/sources/saml/SAMLSourceForm.ts:176
msgid "Digest algorithm"
msgstr ""
@ -1002,7 +1021,7 @@ msgstr ""
msgid "Dummy stage used for testing. Shows a simple continue button and always passes."
msgstr ""
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:234
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:244
msgid "Each provider has a different issuer, based on the application slug."
msgstr ""
@ -1443,7 +1462,7 @@ msgstr ""
msgid "Groups"
msgstr ""
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:150
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:160
msgid "HS256 (Symmetric Encryption)"
msgstr ""
@ -1470,7 +1489,7 @@ msgstr ""
#: src/pages/events/RuleForm.ts:93
#: src/pages/groups/GroupForm.ts:131
#: src/pages/outposts/OutpostForm.ts:98
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:178
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:188
#: src/pages/providers/saml/SAMLProviderForm.ts:177
#: src/pages/sources/ldap/LDAPSourceForm.ts:167
#: src/pages/sources/ldap/LDAPSourceForm.ts:193
@ -1544,11 +1563,11 @@ msgstr ""
msgid "In case you can't access any other method."
msgstr ""
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:226
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:236
msgid "Include User claims from scopes in the id_token, for applications that don't access the userinfo endpoint."
msgstr ""
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:223
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:233
msgid "Include claims in id_token"
msgstr ""
@ -1592,15 +1611,15 @@ msgstr ""
msgid "Issuer"
msgstr ""
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:229
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:239
msgid "Issuer mode"
msgstr ""
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:142
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:152
msgid "JWT Algorithm"
msgstr ""
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:195
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:205
msgid "Key used to sign the tokens. Only required when JWT Algorithm is set to RS256."
msgstr ""
@ -1699,8 +1718,8 @@ msgstr ""
#: src/pages/policies/event_matcher/EventMatcherPolicyForm.ts:108
#: src/pages/property-mappings/PropertyMappingTestForm.ts:61
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:74
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:175
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:193
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:185
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:203
#: src/pages/providers/proxy/ProxyProviderForm.ts:92
#: src/pages/providers/proxy/ProxyProviderForm.ts:145
#: src/pages/providers/saml/SAMLProviderForm.ts:71
@ -2432,30 +2451,30 @@ msgstr ""
msgid "Publisher"
msgstr ""
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:147
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:157
msgid "RS256 (Asymmetric Encryption)"
msgstr ""
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:181
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:191
msgid "RSA Key"
msgstr ""
#: src/pages/providers/saml/SAMLProviderForm.ts:243
#: src/pages/providers/saml/SAMLProviderForm.ts:244
#: src/pages/sources/saml/SAMLSourceForm.ts:200
msgid "RSA-SHA1"
msgstr ""
#: src/pages/providers/saml/SAMLProviderForm.ts:246
#: src/pages/providers/saml/SAMLProviderForm.ts:247
#: src/pages/sources/saml/SAMLSourceForm.ts:203
msgid "RSA-SHA256"
msgstr ""
#: src/pages/providers/saml/SAMLProviderForm.ts:249
#: src/pages/providers/saml/SAMLProviderForm.ts:250
#: src/pages/sources/saml/SAMLSourceForm.ts:206
msgid "RSA-SHA384"
msgstr ""
#: src/pages/providers/saml/SAMLProviderForm.ts:252
#: src/pages/providers/saml/SAMLProviderForm.ts:253
#: src/pages/sources/saml/SAMLSourceForm.ts:209
msgid "RSA-SHA512"
msgstr ""
@ -2583,22 +2602,22 @@ msgstr ""
msgid "SAML Attribute Name"
msgstr ""
#: src/pages/providers/saml/SAMLProviderForm.ts:224
#: src/pages/providers/saml/SAMLProviderForm.ts:225
#: src/pages/sources/saml/SAMLSourceForm.ts:181
msgid "SHA1"
msgstr ""
#: src/pages/providers/saml/SAMLProviderForm.ts:227
#: src/pages/providers/saml/SAMLProviderForm.ts:228
#: src/pages/sources/saml/SAMLSourceForm.ts:184
msgid "SHA256"
msgstr ""
#: src/pages/providers/saml/SAMLProviderForm.ts:230
#: src/pages/providers/saml/SAMLProviderForm.ts:231
#: src/pages/sources/saml/SAMLSourceForm.ts:187
msgid "SHA384"
msgstr ""
#: src/pages/providers/saml/SAMLProviderForm.ts:233
#: src/pages/providers/saml/SAMLProviderForm.ts:234
#: src/pages/sources/saml/SAMLSourceForm.ts:190
msgid "SHA512"
msgstr ""
@ -2629,7 +2648,7 @@ msgstr ""
msgid "SSO URL"
msgstr ""
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:237
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:247
msgid "Same identifier is used for all providers"
msgstr ""
@ -2643,7 +2662,7 @@ msgstr ""
#: src/elements/oauth/UserCodeList.ts:31
#: src/elements/oauth/UserRefreshList.ts:31
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:156
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:166
msgid "Scopes"
msgstr ""
@ -2678,7 +2697,7 @@ msgstr ""
msgid "Select users to add"
msgstr ""
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:177
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:187
msgid "Select which scopes can be used by the client. The client stil has to specify the scope to access the data."
msgstr ""
@ -2739,11 +2758,11 @@ msgstr ""
msgid "Session duration"
msgstr ""
#: src/pages/providers/saml/SAMLProviderForm.ts:215
#: src/pages/providers/saml/SAMLProviderForm.ts:216
msgid "Session not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3)."
msgstr ""
#: src/pages/providers/saml/SAMLProviderForm.ts:211
#: src/pages/providers/saml/SAMLProviderForm.ts:212
msgid "Session valid not on or after"
msgstr ""
@ -2784,7 +2803,7 @@ msgstr ""
msgid "Sign up."
msgstr ""
#: src/pages/providers/saml/SAMLProviderForm.ts:238
#: src/pages/providers/saml/SAMLProviderForm.ts:239
#: src/pages/sources/saml/SAMLSourceForm.ts:195
msgid "Signature algorithm"
msgstr ""
@ -2939,7 +2958,7 @@ msgstr ""
msgid "Subject"
msgstr ""
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:198
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:208
msgid "Subject mode"
msgstr ""
@ -3383,7 +3402,7 @@ msgstr ""
msgid "Token expiry"
msgstr ""
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:136
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:144
msgid "Token validity"
msgstr ""

12
web/src/pages/providers/oauth2/OAuth2ProviderForm.ts
View File

@ -129,11 +129,21 @@ export class OAuth2ProviderFormPage extends Form<OAuth2Provider> {
${t`Advanced protocol settings`}
</span>
<div slot="body" class="pf-c-form">
<ak-form-element-horizontal
label=${t`Access code validity`}
?required=${true}
name="accessCodeValidity">
<input type="text" value="${first(this.provider?.accessCodeValidity, "minutes=1")}" class="pf-c-form-control" required>
<p class="pf-c-form__helper-text">${t`Configure how long access codes are valid for.`}</p>
<p class="pf-c-form__helper-text">${t`(Format: hours=-1;minutes=-2;seconds=-3).`}</p>
</ak-form-element-horizontal>
<ak-form-element-horizontal
label=${t`Token validity`}
?required=${true}
name="tokenValidity">
<input type="text" value="${this.provider?.tokenValidity || "minutes=10"}" class="pf-c-form-control" required>
<input type="text" value="${first(this.provider?.tokenValidity, "minutes=10")}" class="pf-c-form-control" required>
<p class="pf-c-form__helper-text">${t`Configure how long refresh tokens and their id_tokens are valid for.`}</p>
<p class="pf-c-form__helper-text">${t`(Format: hours=-1;minutes=-2;seconds=-3).`}</p>
</ak-form-element-horizontal>
<ak-form-element-horizontal
label=${t`JWT Algorithm`}

3
web/src/pages/providers/saml/SAMLProviderForm.ts
View File

@ -189,7 +189,8 @@ export class SAMLProviderFormPage extends Form<SAMLProvider> {
?required=${true}
name="assertionValidNotBefore">
<input type="text" value="${this.provider?.assertionValidNotBefore || "minutes=-5"}" class="pf-c-form-control" required>
<p class="pf-c-form__helper-text">${t`Assertion valid not before current time + this value (Format: hours=-1;minutes=-2;seconds=-3).`}</p>
<p class="pf-c-form__helper-text">${t`Configure the maximum allowed time drift for an asseration.`}</p>
<p class="pf-c-form__helper-text">${t`(Format: hours=-1;minutes=-2;seconds=-3).`}</p>
</ak-form-element-horizontal>
<ak-form-element-horizontal
label=${t`Assertion valid not on or after`}

3
web/src/pages/stages/user_login/UserLoginStageForm.ts
View File

@ -64,7 +64,8 @@ export class UserLoginStageForm extends Form<UserLoginStage> {
?required=${true}
name="sessionDuration">
<input type="text" value="${first(this.stage?.sessionDuration, "seconds=0")}" class="pf-c-form-control" required>
<p class="pf-c-form__helper-text">${t`Determines how long a session lasts. Default of 0 seconds means that the sessions lasts until the browser is closed. (Format: hours=-1;minutes=-2;seconds=-3).`}</p>
<p class="pf-c-form__helper-text">${t`Determines how long a session lasts. Default of 0 seconds means that the sessions lasts until the browser is closed.`}</p>
<p class="pf-c-form__helper-text">${t`(Format: hours=-1;minutes=-2;seconds=-3).`}</p>
</ak-form-element-horizontal>
</div>
</ak-form-group>