-
-
Notifications
You must be signed in to change notification settings - Fork 889
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
providers/oauth2: fix amr claim not set due to login event not associated #11780
Conversation
…ated Signed-off-by: Jens Langhammer <[email protected]>
✅ Deploy Preview for authentik-storybook canceled.
|
✅ Deploy Preview for authentik-docs canceled.
|
Codecov ReportAll modified and coverable lines are covered by tests ✅
✅ All tests successful. No failed tests found. Additional details and impacted files@@ Coverage Diff @@
## main #11780 +/- ##
==========================================
- Coverage 92.69% 92.55% -0.14%
==========================================
Files 745 760 +15
Lines 37003 37731 +728
==========================================
+ Hits 34299 34922 +623
- Misses 2704 2809 +105
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
Signed-off-by: Jens Langhammer <[email protected]>
7347468
to
efb6da3
Compare
Signed-off-by: Jens Langhammer <[email protected]>
…ashing more obvious Signed-off-by: Jens Langhammer <[email protected]>
Signed-off-by: Jens Langhammer <[email protected]>
Signed-off-by: Jens Langhammer <[email protected]>
Signed-off-by: Jens Langhammer <[email protected]>
authentik PR Installation instructions Instructions for docker-composeAdd the following block to your AUTHENTIK_IMAGE=ghcr.io/goauthentik/dev-server
AUTHENTIK_TAG=gh-0ddbc9f58cc8921109f0a89d9fa99f37188b79d0
AUTHENTIK_OUTPOSTS__CONTAINER_IMAGE_BASE=ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s For arm64, use these values: AUTHENTIK_IMAGE=ghcr.io/goauthentik/dev-server
AUTHENTIK_TAG=gh-0ddbc9f58cc8921109f0a89d9fa99f37188b79d0-arm64
AUTHENTIK_OUTPOSTS__CONTAINER_IMAGE_BASE=ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s Afterwards, run the upgrade commands from the latest release notes. Instructions for KubernetesAdd the following block to your authentik:
outposts:
container_image_base: ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s
global:
image:
repository: ghcr.io/goauthentik/dev-server
tag: gh-0ddbc9f58cc8921109f0a89d9fa99f37188b79d0 For arm64, use these values: authentik:
outposts:
container_image_base: ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s
global:
image:
repository: ghcr.io/goauthentik/dev-server
tag: gh-0ddbc9f58cc8921109f0a89d9fa99f37188b79d0-arm64 Afterwards, run the upgrade commands from the latest release notes. |
Details
The
amr
claim (authentication methods) relies to looking up the login event from the session where we store which methods the user used. However for OAuth since requests are sent server-to-server, the session for that request does not have alogin_event
saved in the session and as such cannot look up the methods used.This changes OAuth Tokens (Access/Refresh/Device) and Codes to have a reference to the AuthenticatedSession (we previously just kept a hashed version of the session key) so we can use the data from that session.
Checklist
ak test authentik/
)make lint-fix
)If an API change has been made
make gen-build
)If changes to the frontend have been made
make web
)If applicable
make website
)