9a261c52d1
* providers/oauth2: remember session_id original token was created with for future access/refresh tokens Signed-off-by: Jens Langhammer <jens@goauthentik.io> * providers/proxy: use hashed session as `sid` Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>
24 lines
831 B
YAML
24 lines
831 B
YAML
version: 1
|
|
metadata:
|
|
labels:
|
|
blueprints.goauthentik.io/system: "true"
|
|
name: System - Proxy Provider - Scopes
|
|
entries:
|
|
- identifiers:
|
|
managed: goauthentik.io/providers/proxy/scope-proxy
|
|
model: authentik_providers_oauth2.scopemapping
|
|
attrs:
|
|
name: "authentik default OAuth Mapping: Proxy outpost"
|
|
scope_name: ak_proxy
|
|
description: authentik Proxy - User information
|
|
expression: |
|
|
# This mapping is used by the authentik proxy. It passes extra user attributes,
|
|
# which are used for example for the HTTP-Basic Authentication mapping.
|
|
return {
|
|
"sid": token.session_id,
|
|
"ak_proxy": {
|
|
"user_attributes": request.user.group_attributes(request),
|
|
"is_superuser": request.user.is_superuser,
|
|
}
|
|
}
|