c5a2831665
* api: add basic jwt support with required scope Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * api: only set auth_via when actually authenticating via token Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * save consented permissions in user consent, re-prompt when new permissions are required Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * update locale Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * translate special scope map Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * more api auth tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add docs Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * build web api in e2e tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * link generated client instead of copying Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
938 B
| title |
|---|
| API |
Starting with 2021.3.5, every authentik instance has a built-in API browser, which can be accessed at https://authentik.company/api/v3/.
To generate an API client, you can use the OpenAPI v3 schema at https://authentik.company/api/v3/schema/.
While testing, the API requests are authenticated by your browser session.
Authentication
For any of the token-based methods, set the Authorization header to Bearer <token>.
Session
When authenticating with a flow, you'll get an authenticated Session cookie, that can be used for authentication. Keep in mind that in this context, a CSRF header is also required.
API Token
Superusers can create tokens to authenticate as any user with a static key, which can optionally be expiring and auto-rotate.
JWT Token
OAuth2 clients can request the scope goauthentik.io/api, which allows their OAuth Refresh token to be used to authenticate to the API.