From 2a2e159a0d20d301c5fadcc227883a804fb1ae46 Mon Sep 17 00:00:00 2001 From: Jens L Date: Sun, 7 May 2023 12:32:01 +0200 Subject: [PATCH] blueprints: improve schema generation by including model schema (#5503) * blueprints: improve schema generation by including model schema Signed-off-by: Jens Langhammer * unset required Signed-off-by: Jens Langhammer * add deps Signed-off-by: Jens Langhammer --------- Signed-off-by: Jens Langhammer --- .../commands/make_blueprint_schema.py | 145 +- .../management/commands/schema_template.json | 105 - authentik/crypto/api.py | 1 + blueprints/schema.json | 8304 ++++++++++++++++- poetry.lock | 28 +- pyproject.toml | 1 + schema.yml | 20 +- .../developer-docs/blueprints/v1/structure.md | 1 + 8 files changed, 8348 insertions(+), 257 deletions(-) delete mode 100644 authentik/blueprints/management/commands/schema_template.json diff --git a/authentik/blueprints/management/commands/make_blueprint_schema.py b/authentik/blueprints/management/commands/make_blueprint_schema.py index d1cee1247..bd51128e0 100644 --- a/authentik/blueprints/management/commands/make_blueprint_schema.py +++ b/authentik/blueprints/management/commands/make_blueprint_schema.py @@ -1,12 +1,17 @@ """Generate JSON Schema for blueprints""" -from json import dumps, loads -from pathlib import Path +from json import dumps +from typing import Any from django.core.management.base import BaseCommand, no_translations +from django.db.models import Model +from drf_jsonschema_serializer.convert import field_to_converter +from rest_framework.fields import Field, JSONField, UUIDField +from rest_framework.serializers import Serializer from structlog.stdlib import get_logger from authentik.blueprints.v1.importer import is_model_allowed from authentik.blueprints.v1.meta.registry import registry +from authentik.lib.models import SerializerModel LOGGER = get_logger() @@ -16,21 +21,135 @@ class Command(BaseCommand): schema: dict + def __init__(self, *args, **kwargs): + super().__init__(*args, **kwargs) + self.schema = { + "$schema": "http://json-schema.org/draft-07/schema", + "$id": "https://goauthentik.io/blueprints/schema.json", + "type": "object", + "title": "authentik Blueprint schema", + "required": ["version", "entries"], + "properties": { + "version": { + "$id": "#/properties/version", + "type": "integer", + "title": "Blueprint version", + "default": 1, + }, + "metadata": { + "$id": "#/properties/metadata", + "type": "object", + "required": ["name"], + "properties": {"name": {"type": "string"}, "labels": {"type": "object"}}, + }, + "context": { + "$id": "#/properties/context", + "type": "object", + "additionalProperties": True, + }, + "entries": { + "type": "array", + "items": { + "oneOf": [], + }, + }, + }, + "$defs": {}, + } + @no_translations def handle(self, *args, **options): """Generate JSON Schema for blueprints""" - path = Path(__file__).parent.joinpath("./schema_template.json") - with open(path, "r", encoding="utf-8") as _template_file: - self.schema = loads(_template_file.read()) - self.set_model_allowed() - self.stdout.write(dumps(self.schema, indent=4)) + self.build() + self.stdout.write(dumps(self.schema, indent=4, default=Command.json_default)) - def set_model_allowed(self): - """Set model enum""" - model_names = [] + @staticmethod + def json_default(value: Any) -> Any: + """Helper that handles gettext_lazy strings that JSON doesn't handle""" + return str(value) + + def build(self): + """Build all models into the schema""" for model in registry.get_models(): + if model._meta.abstract: + continue if not is_model_allowed(model): continue - model_names.append(f"{model._meta.app_label}.{model._meta.model_name}") - model_names.sort() - self.schema["properties"]["entries"]["items"]["properties"]["model"]["enum"] = model_names + model_instance: Model = model() + if not isinstance(model_instance, SerializerModel): + continue + serializer = model_instance.serializer() + model_path = f"{model._meta.app_label}.{model._meta.model_name}" + self.schema["properties"]["entries"]["items"]["oneOf"].append( + self.template_entry(model_path, serializer) + ) + + def template_entry(self, model_path: str, serializer: Serializer) -> dict: + """Template entry for a single model""" + model_schema = self.to_jsonschema(serializer) + model_schema["required"] = [] + def_name = f"model_{model_path}" + def_path = f"#/$defs/{def_name}" + self.schema["$defs"][def_name] = model_schema + return { + "type": "object", + "required": ["model", "attrs"], + "properties": { + "model": {"const": model_path}, + "id": {"type": "string"}, + "state": { + "type": "string", + "enum": ["absent", "present", "created"], + "default": "present", + }, + "conditions": {"type": "array", "items": {"type": "boolean"}}, + "attrs": {"$ref": def_path}, + "identifiers": {"$ref": def_path}, + }, + } + + def field_to_jsonschema(self, field: Field) -> dict: + """Convert a single field to json schema""" + if isinstance(field, Serializer): + result = self.to_jsonschema(field) + else: + try: + converter = field_to_converter[field] + result = converter.convert(field) + except KeyError: + if isinstance(field, JSONField): + result = {"type": "object", "additionalProperties": True} + elif isinstance(field, UUIDField): + result = {"type": "string", "format": "uuid"} + else: + raise + if field.label: + result["title"] = field.label + if field.help_text: + result["description"] = field.help_text + return self.clean_result(result) + + def clean_result(self, result: dict) -> dict: + """Remove enumNames from result, recursively""" + result.pop("enumNames", None) + for key, value in result.items(): + if isinstance(value, dict): + result[key] = self.clean_result(value) + return result + + def to_jsonschema(self, serializer: Serializer) -> dict: + """Convert serializer to json schema""" + properties = {} + required = [] + for name, field in serializer.fields.items(): + if field.read_only: + continue + sub_schema = self.field_to_jsonschema(field) + if field.required: + required.append(name) + properties[name] = sub_schema + + result = {"type": "object", "properties": properties} + if required: + result["required"] = required + return result diff --git a/authentik/blueprints/management/commands/schema_template.json b/authentik/blueprints/management/commands/schema_template.json deleted file mode 100644 index 7605fd31e..000000000 --- a/authentik/blueprints/management/commands/schema_template.json +++ /dev/null @@ -1,105 +0,0 @@ -{ - "$schema": "http://json-schema.org/draft-07/schema", - "$id": "http://example.com/example.json", - "type": "object", - "title": "authentik Blueprint schema", - "default": {}, - "required": [ - "version", - "entries" - ], - "properties": { - "version": { - "$id": "#/properties/version", - "type": "integer", - "title": "Blueprint version", - "default": 1 - }, - "metadata": { - "$id": "#/properties/metadata", - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string" - }, - "labels": { - "type": "object" - } - } - }, - "context": { - "$id": "#/properties/context", - "type": "object", - "additionalProperties": true - }, - "entries": { - "type": "array", - "items": { - "$id": "#entry", - "type": "object", - "required": [ - "model" - ], - "properties": { - "model": { - "type": "string", - "enum": [ - "placeholder" - ] - }, - "id": { - "type": "string" - }, - "state": { - "type": "string", - "enum": [ - "absent", - "present", - "created" - ], - "default": "present" - }, - "conditions": { - "type": "array", - "items": { - "type": "boolean" - } - }, - "attrs": { - "type": "object", - "properties": { - "name": { - "type": "string", - "description": "Commonly available field, may not exist on all models" - } - }, - "default": {}, - "additionalProperties": true - }, - "identifiers": { - "type": "object", - "default": {}, - "properties": { - "pk": { - "description": "Commonly available field, may not exist on all models", - "anyOf": [ - { - "type": "number" - }, - { - "type": "string", - "format": "uuid" - } - ] - } - }, - "additionalProperties": true - } - } - } - } - } -} diff --git a/authentik/crypto/api.py b/authentik/crypto/api.py index f5c20ebf3..367e71740 100644 --- a/authentik/crypto/api.py +++ b/authentik/crypto/api.py @@ -160,6 +160,7 @@ class CertificateKeyPairSerializer(ModelSerializer): "managed", ] extra_kwargs = { + "managed": {"read_only": True}, "key_data": {"write_only": True}, "certificate_data": {"write_only": True}, } diff --git a/blueprints/schema.json b/blueprints/schema.json index 90cec2985..da66fb904 100644 --- a/blueprints/schema.json +++ b/blueprints/schema.json @@ -1,9 +1,8 @@ { "$schema": "http://json-schema.org/draft-07/schema", - "$id": "http://example.com/example.json", + "$id": "https://goauthentik.io/blueprints/schema.json", "type": "object", "title": "authentik Blueprint schema", - "default": {}, "required": [ "version", "entries" @@ -38,138 +37,8205 @@ "entries": { "type": "array", "items": { - "$id": "#entry", - "type": "object", - "required": [ - "model" - ], - "properties": { - "model": { - "type": "string", - "enum": [ - "authentik_blueprints.blueprintinstance", - "authentik_blueprints.metaapplyblueprint", - "authentik_core.application", - "authentik_core.group", - "authentik_core.token", - "authentik_core.user", - "authentik_crypto.certificatekeypair", - "authentik_events.event", - "authentik_events.notification", - "authentik_events.notificationrule", - "authentik_events.notificationtransport", - "authentik_events.notificationwebhookmapping", - "authentik_flows.flow", - "authentik_flows.flowstagebinding", - "authentik_outposts.dockerserviceconnection", - "authentik_outposts.kubernetesserviceconnection", - "authentik_outposts.outpost", - "authentik_policies.policybinding", - "authentik_policies_dummy.dummypolicy", - "authentik_policies_event_matcher.eventmatcherpolicy", - "authentik_policies_expiry.passwordexpirypolicy", - "authentik_policies_expression.expressionpolicy", - "authentik_policies_password.passwordpolicy", - "authentik_policies_reputation.reputation", - "authentik_policies_reputation.reputationpolicy", - "authentik_providers_ldap.ldapprovider", - "authentik_providers_oauth2.accesstoken", - "authentik_providers_oauth2.authorizationcode", - "authentik_providers_oauth2.oauth2provider", - "authentik_providers_oauth2.refreshtoken", - "authentik_providers_oauth2.scopemapping", - "authentik_providers_proxy.proxyprovider", - "authentik_providers_radius.radiusprovider", - "authentik_providers_saml.samlpropertymapping", - "authentik_providers_saml.samlprovider", - "authentik_providers_scim.scimmapping", - "authentik_providers_scim.scimprovider", - "authentik_sources_ldap.ldappropertymapping", - "authentik_sources_ldap.ldapsource", - "authentik_sources_oauth.oauthsource", - "authentik_sources_oauth.useroauthsourceconnection", - "authentik_sources_plex.plexsource", - "authentik_sources_plex.plexsourceconnection", - "authentik_sources_saml.samlsource", - "authentik_sources_saml.usersamlsourceconnection", - "authentik_stages_authenticator_duo.authenticatorduostage", - "authentik_stages_authenticator_duo.duodevice", - "authentik_stages_authenticator_sms.authenticatorsmsstage", - "authentik_stages_authenticator_sms.smsdevice", - "authentik_stages_authenticator_static.authenticatorstaticstage", - "authentik_stages_authenticator_totp.authenticatortotpstage", - "authentik_stages_authenticator_validate.authenticatorvalidatestage", - "authentik_stages_authenticator_webauthn.authenticatewebauthnstage", - "authentik_stages_authenticator_webauthn.webauthndevice", - "authentik_stages_captcha.captchastage", - "authentik_stages_consent.consentstage", - "authentik_stages_consent.userconsent", - "authentik_stages_deny.denystage", - "authentik_stages_dummy.dummystage", - "authentik_stages_email.emailstage", - "authentik_stages_identification.identificationstage", - "authentik_stages_invitation.invitation", - "authentik_stages_invitation.invitationstage", - "authentik_stages_password.passwordstage", - "authentik_stages_prompt.prompt", - "authentik_stages_prompt.promptstage", - "authentik_stages_user_delete.userdeletestage", - "authentik_stages_user_login.userloginstage", - "authentik_stages_user_logout.userlogoutstage", - "authentik_stages_user_write.userwritestage", - "authentik_tenants.tenant" - ] - }, - "id": { - "type": "string" - }, - "state": { - "type": "string", - "enum": [ - "absent", - "present", - "created" + "oneOf": [ + { + "type": "object", + "required": [ + "model", + "attrs" ], - "default": "present" - }, - "conditions": { - "type": "array", - "items": { - "type": "boolean" + "properties": { + "model": { + "const": "authentik_crypto.certificatekeypair" + }, + "id": { + "type": "string" + }, + "state": { + "type": "string", + "enum": [ + "absent", + "present", + "created" + ], + "default": "present" + }, + "conditions": { + "type": "array", + "items": { + "type": "boolean" + } + }, + "attrs": { + "$ref": "#/$defs/model_authentik_crypto.certificatekeypair" + }, + "identifiers": { + "$ref": "#/$defs/model_authentik_crypto.certificatekeypair" + } } }, - "attrs": { + { + "type": "object", + "required": [ + "model", + "attrs" + ], + "properties": { + "model": { + "const": "authentik_events.event" + }, + "id": { + "type": "string" + }, + "state": { + "type": "string", + "enum": [ + "absent", + "present", + "created" + ], + "default": "present" + }, + "conditions": { + "type": "array", + "items": { + "type": "boolean" + } + }, + "attrs": { + "$ref": "#/$defs/model_authentik_events.event" + }, + "identifiers": { + "$ref": "#/$defs/model_authentik_events.event" + } + } + }, + { + "type": "object", + "required": [ + "model", + "attrs" + ], + "properties": { + "model": { + "const": "authentik_events.notificationtransport" + }, + "id": { + "type": "string" + }, + "state": { + "type": "string", + "enum": [ + "absent", + "present", + "created" + ], + "default": "present" + }, + "conditions": { + "type": "array", + "items": { + "type": "boolean" + } + }, + "attrs": { + "$ref": "#/$defs/model_authentik_events.notificationtransport" + }, + "identifiers": { + "$ref": "#/$defs/model_authentik_events.notificationtransport" + } + } + }, + { + "type": "object", + "required": [ + "model", + "attrs" + ], + "properties": { + "model": { + "const": "authentik_events.notification" + }, + "id": { + "type": "string" + }, + "state": { + "type": "string", + "enum": [ + "absent", + "present", + "created" + ], + "default": "present" + }, + "conditions": { + "type": "array", + "items": { + "type": "boolean" + } + }, + "attrs": { + "$ref": "#/$defs/model_authentik_events.notification" + }, + "identifiers": { + "$ref": "#/$defs/model_authentik_events.notification" + } + } + }, + { + "type": "object", + "required": [ + "model", + "attrs" + ], + "properties": { + "model": { + "const": "authentik_events.notificationrule" + }, + "id": { + "type": "string" + }, + "state": { + "type": "string", + "enum": [ + "absent", + "present", + "created" + ], + "default": "present" + }, + "conditions": { + "type": "array", + "items": { + "type": "boolean" + } + }, + "attrs": { + "$ref": "#/$defs/model_authentik_events.notificationrule" + }, + "identifiers": { + "$ref": "#/$defs/model_authentik_events.notificationrule" + } + } + }, + { + "type": "object", + "required": [ + "model", + "attrs" + ], + "properties": { + "model": { + "const": "authentik_events.notificationwebhookmapping" + }, + "id": { + "type": "string" + }, + "state": { + "type": "string", + "enum": [ + "absent", + "present", + "created" + ], + "default": "present" + }, + "conditions": { + "type": "array", + "items": { + "type": "boolean" + } + }, + "attrs": { + "$ref": "#/$defs/model_authentik_events.notificationwebhookmapping" + }, + "identifiers": { + "$ref": "#/$defs/model_authentik_events.notificationwebhookmapping" + } + } + }, + { + "type": "object", + "required": [ + "model", + "attrs" + ], + "properties": { + "model": { + "const": "authentik_flows.flow" + }, + "id": { + "type": "string" + }, + "state": { + "type": "string", + "enum": [ + "absent", + "present", + "created" + ], + "default": "present" + }, + "conditions": { + "type": "array", + "items": { + "type": "boolean" + } + }, + "attrs": { + "$ref": "#/$defs/model_authentik_flows.flow" + }, + "identifiers": { + "$ref": "#/$defs/model_authentik_flows.flow" + } + } + }, + { + "type": "object", + "required": [ + "model", + "attrs" + ], + "properties": { + "model": { + "const": "authentik_flows.flowstagebinding" + }, + "id": { + "type": "string" + }, + "state": { + "type": "string", + "enum": [ + "absent", + "present", + "created" + ], + "default": "present" + }, + "conditions": { + "type": "array", + "items": { + "type": "boolean" + } + }, + "attrs": { + "$ref": "#/$defs/model_authentik_flows.flowstagebinding" + }, + "identifiers": { + "$ref": "#/$defs/model_authentik_flows.flowstagebinding" + } + } + }, + { + "type": "object", + "required": [ + "model", + "attrs" + ], + "properties": { + "model": { + "const": "authentik_outposts.dockerserviceconnection" + }, + "id": { + "type": "string" + }, + "state": { + "type": "string", + "enum": [ + "absent", + "present", + "created" + ], + "default": "present" + }, + "conditions": { + "type": "array", + "items": { + "type": "boolean" + } + }, + "attrs": { + "$ref": "#/$defs/model_authentik_outposts.dockerserviceconnection" + }, + "identifiers": { + "$ref": "#/$defs/model_authentik_outposts.dockerserviceconnection" + } + } + }, + { + "type": "object", + "required": [ + "model", + "attrs" + ], + "properties": { + "model": { + "const": "authentik_outposts.kubernetesserviceconnection" + }, + "id": { + "type": "string" + }, + "state": { + "type": "string", + "enum": [ + "absent", + "present", + "created" + ], + "default": "present" + }, + "conditions": { + "type": "array", + "items": { + "type": "boolean" + } + }, + "attrs": { + "$ref": "#/$defs/model_authentik_outposts.kubernetesserviceconnection" + }, + "identifiers": { + "$ref": "#/$defs/model_authentik_outposts.kubernetesserviceconnection" + } + } + }, + { + "type": "object", + "required": [ + "model", + "attrs" + ], + "properties": { + "model": { + "const": "authentik_outposts.outpost" + }, + "id": { + "type": "string" + }, + "state": { + "type": "string", + "enum": [ + "absent", + "present", + "created" + ], + "default": "present" + }, + "conditions": { + "type": "array", + "items": { + "type": "boolean" + } + }, + "attrs": { + "$ref": "#/$defs/model_authentik_outposts.outpost" + }, + "identifiers": { + "$ref": "#/$defs/model_authentik_outposts.outpost" + } + } + }, + { + "type": "object", + "required": [ + "model", + "attrs" + ], + "properties": { + "model": { + "const": "authentik_policies_dummy.dummypolicy" + }, + "id": { + "type": "string" + }, + "state": { + "type": "string", + "enum": [ + "absent", + "present", + "created" + ], + "default": "present" + }, + "conditions": { + "type": "array", + "items": { + "type": "boolean" + } + }, + "attrs": { + "$ref": "#/$defs/model_authentik_policies_dummy.dummypolicy" + }, + "identifiers": { + "$ref": "#/$defs/model_authentik_policies_dummy.dummypolicy" + } + } + }, + { + "type": "object", + "required": [ + "model", + "attrs" + ], + "properties": { + "model": { + "const": "authentik_policies_event_matcher.eventmatcherpolicy" + }, + "id": { + "type": "string" + }, + "state": { + "type": "string", + "enum": [ + "absent", + "present", + "created" + ], + "default": "present" + }, + "conditions": { + "type": "array", + "items": { + "type": "boolean" + } + }, + "attrs": { + "$ref": "#/$defs/model_authentik_policies_event_matcher.eventmatcherpolicy" + }, + "identifiers": { + "$ref": "#/$defs/model_authentik_policies_event_matcher.eventmatcherpolicy" + } + } + }, + { + "type": "object", + "required": [ + "model", + "attrs" + ], + "properties": { + "model": { + "const": "authentik_policies_expiry.passwordexpirypolicy" + }, + "id": { + "type": "string" + }, + "state": { + "type": "string", + "enum": [ + "absent", + "present", + "created" + ], + "default": "present" + }, + "conditions": { + "type": "array", + "items": { + "type": "boolean" + } + }, + "attrs": { + "$ref": "#/$defs/model_authentik_policies_expiry.passwordexpirypolicy" + }, + "identifiers": { + "$ref": "#/$defs/model_authentik_policies_expiry.passwordexpirypolicy" + } + } + }, + { + "type": "object", + "required": [ + "model", + "attrs" + ], + "properties": { + "model": { + "const": "authentik_policies_expression.expressionpolicy" + }, + "id": { + "type": "string" + }, + "state": { + "type": "string", + "enum": [ + "absent", + "present", + "created" + ], + "default": "present" + }, + "conditions": { + "type": "array", + "items": { + "type": "boolean" + } + }, + "attrs": { + "$ref": "#/$defs/model_authentik_policies_expression.expressionpolicy" + }, + "identifiers": { + "$ref": "#/$defs/model_authentik_policies_expression.expressionpolicy" + } + } + }, + { + "type": "object", + "required": [ + "model", + "attrs" + ], + "properties": { + "model": { + "const": "authentik_policies_password.passwordpolicy" + }, + "id": { + "type": "string" + }, + "state": { + "type": "string", + "enum": [ + "absent", + "present", + "created" + ], + "default": "present" + }, + "conditions": { + "type": "array", + "items": { + "type": "boolean" + } + }, + "attrs": { + "$ref": "#/$defs/model_authentik_policies_password.passwordpolicy" + }, + "identifiers": { + "$ref": "#/$defs/model_authentik_policies_password.passwordpolicy" + } + } + }, + { + "type": "object", + "required": [ + "model", + "attrs" + ], + "properties": { + "model": { + "const": "authentik_policies_reputation.reputationpolicy" + }, + "id": { + "type": "string" + }, + "state": { + "type": "string", + "enum": [ + "absent", + "present", + "created" + ], + "default": "present" + }, + "conditions": { + "type": "array", + "items": { + "type": "boolean" + } + }, + "attrs": { + "$ref": "#/$defs/model_authentik_policies_reputation.reputationpolicy" + }, + "identifiers": { + "$ref": "#/$defs/model_authentik_policies_reputation.reputationpolicy" + } + } + }, + { + "type": "object", + "required": [ + "model", + "attrs" + ], + "properties": { + "model": { + "const": "authentik_policies_reputation.reputation" + }, + "id": { + "type": "string" + }, + "state": { + "type": "string", + "enum": [ + "absent", + "present", + "created" + ], + "default": "present" + }, + "conditions": { + "type": "array", + "items": { + "type": "boolean" + } + }, + "attrs": { + "$ref": "#/$defs/model_authentik_policies_reputation.reputation" + }, + "identifiers": { + "$ref": "#/$defs/model_authentik_policies_reputation.reputation" + } + } + }, + { + "type": "object", + "required": [ + "model", + "attrs" + ], + "properties": { + "model": { + "const": "authentik_policies.policybinding" + }, + "id": { + "type": "string" + }, + "state": { + "type": "string", + "enum": [ + "absent", + "present", + "created" + ], + "default": "present" + }, + "conditions": { + "type": "array", + "items": { + "type": "boolean" + } + }, + "attrs": { + "$ref": "#/$defs/model_authentik_policies.policybinding" + }, + "identifiers": { + "$ref": "#/$defs/model_authentik_policies.policybinding" + } + } + }, + { + "type": "object", + "required": [ + "model", + "attrs" + ], + "properties": { + "model": { + "const": "authentik_providers_ldap.ldapprovider" + }, + "id": { + "type": "string" + }, + "state": { + "type": "string", + "enum": [ + "absent", + "present", + "created" + ], + "default": "present" + }, + "conditions": { + "type": "array", + "items": { + "type": "boolean" + } + }, + "attrs": { + "$ref": "#/$defs/model_authentik_providers_ldap.ldapprovider" + }, + "identifiers": { + "$ref": "#/$defs/model_authentik_providers_ldap.ldapprovider" + } + } + }, + { + "type": "object", + "required": [ + "model", + "attrs" + ], + "properties": { + "model": { + "const": "authentik_providers_oauth2.scopemapping" + }, + "id": { + "type": "string" + }, + "state": { + "type": "string", + "enum": [ + "absent", + "present", + "created" + ], + "default": "present" + }, + "conditions": { + "type": "array", + "items": { + "type": "boolean" + } + }, + "attrs": { + "$ref": "#/$defs/model_authentik_providers_oauth2.scopemapping" + }, + "identifiers": { + "$ref": "#/$defs/model_authentik_providers_oauth2.scopemapping" + } + } + }, + { + "type": "object", + "required": [ + "model", + "attrs" + ], + "properties": { + "model": { + "const": "authentik_providers_oauth2.oauth2provider" + }, + "id": { + "type": "string" + }, + "state": { + "type": "string", + "enum": [ + "absent", + "present", + "created" + ], + "default": "present" + }, + "conditions": { + "type": "array", + "items": { + "type": "boolean" + } + }, + "attrs": { + "$ref": "#/$defs/model_authentik_providers_oauth2.oauth2provider" + }, + "identifiers": { + "$ref": "#/$defs/model_authentik_providers_oauth2.oauth2provider" + } + } + }, + { + "type": "object", + "required": [ + "model", + "attrs" + ], + "properties": { + "model": { + "const": "authentik_providers_oauth2.authorizationcode" + }, + "id": { + "type": "string" + }, + "state": { + "type": "string", + "enum": [ + "absent", + "present", + "created" + ], + "default": "present" + }, + "conditions": { + "type": "array", + "items": { + "type": "boolean" + } + }, + "attrs": { + "$ref": "#/$defs/model_authentik_providers_oauth2.authorizationcode" + }, + "identifiers": { + "$ref": "#/$defs/model_authentik_providers_oauth2.authorizationcode" + } + } + }, + { + "type": "object", + "required": [ + "model", + "attrs" + ], + "properties": { + "model": { + "const": "authentik_providers_oauth2.accesstoken" + }, + "id": { + "type": "string" + }, + "state": { + "type": "string", + "enum": [ + "absent", + "present", + "created" + ], + "default": "present" + }, + "conditions": { + "type": "array", + "items": { + "type": "boolean" + } + }, + "attrs": { + "$ref": "#/$defs/model_authentik_providers_oauth2.accesstoken" + }, + "identifiers": { + "$ref": "#/$defs/model_authentik_providers_oauth2.accesstoken" + } + } + }, + { + "type": "object", + "required": [ + "model", + "attrs" + ], + "properties": { + "model": { + "const": "authentik_providers_oauth2.refreshtoken" + }, + "id": { + "type": "string" + }, + "state": { + "type": "string", + "enum": [ + "absent", + "present", + "created" + ], + "default": "present" + }, + "conditions": { + "type": "array", + "items": { + "type": "boolean" + } + }, + "attrs": { + "$ref": "#/$defs/model_authentik_providers_oauth2.refreshtoken" + }, + "identifiers": { + "$ref": "#/$defs/model_authentik_providers_oauth2.refreshtoken" + } + } + }, + { + "type": "object", + "required": [ + "model", + "attrs" + ], + "properties": { + "model": { + "const": "authentik_providers_proxy.proxyprovider" + }, + "id": { + "type": "string" + }, + "state": { + "type": "string", + "enum": [ + "absent", + "present", + "created" + ], + "default": "present" + }, + "conditions": { + "type": "array", + "items": { + "type": "boolean" + } + }, + "attrs": { + "$ref": "#/$defs/model_authentik_providers_proxy.proxyprovider" + }, + "identifiers": { + "$ref": "#/$defs/model_authentik_providers_proxy.proxyprovider" + } + } + }, + { + "type": "object", + "required": [ + "model", + "attrs" + ], + "properties": { + "model": { + "const": "authentik_providers_radius.radiusprovider" + }, + "id": { + "type": "string" + }, + "state": { + "type": "string", + "enum": [ + "absent", + "present", + "created" + ], + "default": "present" + }, + "conditions": { + "type": "array", + "items": { + "type": "boolean" + } + }, + "attrs": { + "$ref": "#/$defs/model_authentik_providers_radius.radiusprovider" + }, + "identifiers": { + "$ref": "#/$defs/model_authentik_providers_radius.radiusprovider" + } + } + }, + { + "type": "object", + "required": [ + "model", + "attrs" + ], + "properties": { + "model": { + "const": "authentik_providers_saml.samlprovider" + }, + "id": { + "type": "string" + }, + "state": { + "type": "string", + "enum": [ + "absent", + "present", + "created" + ], + "default": "present" + }, + "conditions": { + "type": "array", + "items": { + "type": "boolean" + } + }, + "attrs": { + "$ref": "#/$defs/model_authentik_providers_saml.samlprovider" + }, + "identifiers": { + "$ref": "#/$defs/model_authentik_providers_saml.samlprovider" + } + } + }, + { + "type": "object", + "required": [ + "model", + "attrs" + ], + "properties": { + "model": { + "const": "authentik_providers_saml.samlpropertymapping" + }, + "id": { + "type": "string" + }, + "state": { + "type": "string", + "enum": [ + "absent", + "present", + "created" + ], + "default": "present" + }, + "conditions": { + "type": "array", + "items": { + "type": "boolean" + } + }, + "attrs": { + "$ref": "#/$defs/model_authentik_providers_saml.samlpropertymapping" + }, + "identifiers": { + "$ref": "#/$defs/model_authentik_providers_saml.samlpropertymapping" + } + } + }, + { + "type": "object", + "required": [ + "model", + "attrs" + ], + "properties": { + "model": { + "const": "authentik_providers_scim.scimprovider" + }, + "id": { + "type": "string" + }, + "state": { + "type": "string", + "enum": [ + "absent", + "present", + "created" + ], + "default": "present" + }, + "conditions": { + "type": "array", + "items": { + "type": "boolean" + } + }, + "attrs": { + "$ref": "#/$defs/model_authentik_providers_scim.scimprovider" + }, + "identifiers": { + "$ref": "#/$defs/model_authentik_providers_scim.scimprovider" + } + } + }, + { + "type": "object", + "required": [ + "model", + "attrs" + ], + "properties": { + "model": { + "const": "authentik_providers_scim.scimmapping" + }, + "id": { + "type": "string" + }, + "state": { + "type": "string", + "enum": [ + "absent", + "present", + "created" + ], + "default": "present" + }, + "conditions": { + "type": "array", + "items": { + "type": "boolean" + } + }, + "attrs": { + "$ref": "#/$defs/model_authentik_providers_scim.scimmapping" + }, + "identifiers": { + "$ref": "#/$defs/model_authentik_providers_scim.scimmapping" + } + } + }, + { + "type": "object", + "required": [ + "model", + "attrs" + ], + "properties": { + "model": { + "const": "authentik_sources_ldap.ldapsource" + }, + "id": { + "type": "string" + }, + "state": { + "type": "string", + "enum": [ + "absent", + "present", + "created" + ], + "default": "present" + }, + "conditions": { + "type": "array", + "items": { + "type": "boolean" + } + }, + "attrs": { + "$ref": "#/$defs/model_authentik_sources_ldap.ldapsource" + }, + "identifiers": { + "$ref": "#/$defs/model_authentik_sources_ldap.ldapsource" + } + } + }, + { + "type": "object", + "required": [ + "model", + "attrs" + ], + "properties": { + "model": { + "const": "authentik_sources_ldap.ldappropertymapping" + }, + "id": { + "type": "string" + }, + "state": { + "type": "string", + "enum": [ + "absent", + "present", + "created" + ], + "default": "present" + }, + "conditions": { + "type": "array", + "items": { + "type": "boolean" + } + }, + "attrs": { + "$ref": "#/$defs/model_authentik_sources_ldap.ldappropertymapping" + }, + "identifiers": { + "$ref": "#/$defs/model_authentik_sources_ldap.ldappropertymapping" + } + } + }, + { + "type": "object", + "required": [ + "model", + "attrs" + ], + "properties": { + "model": { + "const": "authentik_sources_oauth.oauthsource" + }, + "id": { + "type": "string" + }, + "state": { + "type": "string", + "enum": [ + "absent", + "present", + "created" + ], + "default": "present" + }, + "conditions": { + "type": "array", + "items": { + "type": "boolean" + } + }, + "attrs": { + "$ref": "#/$defs/model_authentik_sources_oauth.oauthsource" + }, + "identifiers": { + "$ref": "#/$defs/model_authentik_sources_oauth.oauthsource" + } + } + }, + { + "type": "object", + "required": [ + "model", + "attrs" + ], + "properties": { + "model": { + "const": "authentik_sources_oauth.useroauthsourceconnection" + }, + "id": { + "type": "string" + }, + "state": { + "type": "string", + "enum": [ + "absent", + "present", + "created" + ], + "default": "present" + }, + "conditions": { + "type": "array", + "items": { + "type": "boolean" + } + }, + "attrs": { + "$ref": "#/$defs/model_authentik_sources_oauth.useroauthsourceconnection" + }, + "identifiers": { + "$ref": "#/$defs/model_authentik_sources_oauth.useroauthsourceconnection" + } + } + }, + { + "type": "object", + "required": [ + "model", + "attrs" + ], + "properties": { + "model": { + "const": "authentik_sources_plex.plexsource" + }, + "id": { + "type": "string" + }, + "state": { + "type": "string", + "enum": [ + "absent", + "present", + "created" + ], + "default": "present" + }, + "conditions": { + "type": "array", + "items": { + "type": "boolean" + } + }, + "attrs": { + "$ref": "#/$defs/model_authentik_sources_plex.plexsource" + }, + "identifiers": { + "$ref": "#/$defs/model_authentik_sources_plex.plexsource" + } + } + }, + { + "type": "object", + "required": [ + "model", + "attrs" + ], + "properties": { + "model": { + "const": "authentik_sources_plex.plexsourceconnection" + }, + "id": { + "type": "string" + }, + "state": { + "type": "string", + "enum": [ + "absent", + "present", + "created" + ], + "default": "present" + }, + "conditions": { + "type": "array", + "items": { + "type": "boolean" + } + }, + "attrs": { + "$ref": "#/$defs/model_authentik_sources_plex.plexsourceconnection" + }, + "identifiers": { + "$ref": "#/$defs/model_authentik_sources_plex.plexsourceconnection" + } + } + }, + { + "type": "object", + "required": [ + "model", + "attrs" + ], + "properties": { + "model": { + "const": "authentik_sources_saml.samlsource" + }, + "id": { + "type": "string" + }, + "state": { + "type": "string", + "enum": [ + "absent", + "present", + "created" + ], + "default": "present" + }, + "conditions": { + "type": "array", + "items": { + "type": "boolean" + } + }, + "attrs": { + "$ref": "#/$defs/model_authentik_sources_saml.samlsource" + }, + "identifiers": { + "$ref": "#/$defs/model_authentik_sources_saml.samlsource" + } + } + }, + { + "type": "object", + "required": [ + "model", + "attrs" + ], + "properties": { + "model": { + "const": "authentik_sources_saml.usersamlsourceconnection" + }, + "id": { + "type": "string" + }, + "state": { + "type": "string", + "enum": [ + "absent", + "present", + "created" + ], + "default": "present" + }, + "conditions": { + "type": "array", + "items": { + "type": "boolean" + } + }, + "attrs": { + "$ref": "#/$defs/model_authentik_sources_saml.usersamlsourceconnection" + }, + "identifiers": { + "$ref": "#/$defs/model_authentik_sources_saml.usersamlsourceconnection" + } + } + }, + { + "type": "object", + "required": [ + "model", + "attrs" + ], + "properties": { + "model": { + "const": "authentik_stages_authenticator_duo.authenticatorduostage" + }, + "id": { + "type": "string" + }, + "state": { + "type": "string", + "enum": [ + "absent", + "present", + "created" + ], + "default": "present" + }, + "conditions": { + "type": "array", + "items": { + "type": "boolean" + } + }, + "attrs": { + "$ref": "#/$defs/model_authentik_stages_authenticator_duo.authenticatorduostage" + }, + "identifiers": { + "$ref": "#/$defs/model_authentik_stages_authenticator_duo.authenticatorduostage" + } + } + }, + { + "type": "object", + "required": [ + "model", + "attrs" + ], + "properties": { + "model": { + "const": "authentik_stages_authenticator_duo.duodevice" + }, + "id": { + "type": "string" + }, + "state": { + "type": "string", + "enum": [ + "absent", + "present", + "created" + ], + "default": "present" + }, + "conditions": { + "type": "array", + "items": { + "type": "boolean" + } + }, + "attrs": { + "$ref": "#/$defs/model_authentik_stages_authenticator_duo.duodevice" + }, + "identifiers": { + "$ref": "#/$defs/model_authentik_stages_authenticator_duo.duodevice" + } + } + }, + { + "type": "object", + "required": [ + "model", + "attrs" + ], + "properties": { + "model": { + "const": "authentik_stages_authenticator_sms.authenticatorsmsstage" + }, + "id": { + "type": "string" + }, + "state": { + "type": "string", + "enum": [ + "absent", + "present", + "created" + ], + "default": "present" + }, + "conditions": { + "type": "array", + "items": { + "type": "boolean" + } + }, + "attrs": { + "$ref": "#/$defs/model_authentik_stages_authenticator_sms.authenticatorsmsstage" + }, + "identifiers": { + "$ref": "#/$defs/model_authentik_stages_authenticator_sms.authenticatorsmsstage" + } + } + }, + { + "type": "object", + "required": [ + "model", + "attrs" + ], + "properties": { + "model": { + "const": "authentik_stages_authenticator_sms.smsdevice" + }, + "id": { + "type": "string" + }, + "state": { + "type": "string", + "enum": [ + "absent", + "present", + "created" + ], + "default": "present" + }, + "conditions": { + "type": "array", + "items": { + "type": "boolean" + } + }, + "attrs": { + "$ref": "#/$defs/model_authentik_stages_authenticator_sms.smsdevice" + }, + "identifiers": { + "$ref": "#/$defs/model_authentik_stages_authenticator_sms.smsdevice" + } + } + }, + { + "type": "object", + "required": [ + "model", + "attrs" + ], + "properties": { + "model": { + "const": "authentik_stages_authenticator_static.authenticatorstaticstage" + }, + "id": { + "type": "string" + }, + "state": { + "type": "string", + "enum": [ + "absent", + "present", + "created" + ], + "default": "present" + }, + "conditions": { + "type": "array", + "items": { + "type": "boolean" + } + }, + "attrs": { + "$ref": "#/$defs/model_authentik_stages_authenticator_static.authenticatorstaticstage" + }, + "identifiers": { + "$ref": "#/$defs/model_authentik_stages_authenticator_static.authenticatorstaticstage" + } + } + }, + { + "type": "object", + "required": [ + "model", + "attrs" + ], + "properties": { + "model": { + "const": "authentik_stages_authenticator_totp.authenticatortotpstage" + }, + "id": { + "type": "string" + }, + "state": { + "type": "string", + "enum": [ + "absent", + "present", + "created" + ], + "default": "present" + }, + "conditions": { + "type": "array", + "items": { + "type": "boolean" + } + }, + "attrs": { + "$ref": "#/$defs/model_authentik_stages_authenticator_totp.authenticatortotpstage" + }, + "identifiers": { + "$ref": "#/$defs/model_authentik_stages_authenticator_totp.authenticatortotpstage" + } + } + }, + { + "type": "object", + "required": [ + "model", + "attrs" + ], + "properties": { + "model": { + "const": "authentik_stages_authenticator_validate.authenticatorvalidatestage" + }, + "id": { + "type": "string" + }, + "state": { + "type": "string", + "enum": [ + "absent", + "present", + "created" + ], + "default": "present" + }, + "conditions": { + "type": "array", + "items": { + "type": "boolean" + } + }, + "attrs": { + "$ref": "#/$defs/model_authentik_stages_authenticator_validate.authenticatorvalidatestage" + }, + "identifiers": { + "$ref": "#/$defs/model_authentik_stages_authenticator_validate.authenticatorvalidatestage" + } + } + }, + { + "type": "object", + "required": [ + "model", + "attrs" + ], + "properties": { + "model": { + "const": "authentik_stages_authenticator_webauthn.authenticatewebauthnstage" + }, + "id": { + "type": "string" + }, + "state": { + "type": "string", + "enum": [ + "absent", + "present", + "created" + ], + "default": "present" + }, + "conditions": { + "type": "array", + "items": { + "type": "boolean" + } + }, + "attrs": { + "$ref": "#/$defs/model_authentik_stages_authenticator_webauthn.authenticatewebauthnstage" + }, + "identifiers": { + "$ref": "#/$defs/model_authentik_stages_authenticator_webauthn.authenticatewebauthnstage" + } + } + }, + { + "type": "object", + "required": [ + "model", + "attrs" + ], + "properties": { + "model": { + "const": "authentik_stages_authenticator_webauthn.webauthndevice" + }, + "id": { + "type": "string" + }, + "state": { + "type": "string", + "enum": [ + "absent", + "present", + "created" + ], + "default": "present" + }, + "conditions": { + "type": "array", + "items": { + "type": "boolean" + } + }, + "attrs": { + "$ref": "#/$defs/model_authentik_stages_authenticator_webauthn.webauthndevice" + }, + "identifiers": { + "$ref": "#/$defs/model_authentik_stages_authenticator_webauthn.webauthndevice" + } + } + }, + { + "type": "object", + "required": [ + "model", + "attrs" + ], + "properties": { + "model": { + "const": "authentik_stages_captcha.captchastage" + }, + "id": { + "type": "string" + }, + "state": { + "type": "string", + "enum": [ + "absent", + "present", + "created" + ], + "default": "present" + }, + "conditions": { + "type": "array", + "items": { + "type": "boolean" + } + }, + "attrs": { + "$ref": "#/$defs/model_authentik_stages_captcha.captchastage" + }, + "identifiers": { + "$ref": "#/$defs/model_authentik_stages_captcha.captchastage" + } + } + }, + { + "type": "object", + "required": [ + "model", + "attrs" + ], + "properties": { + "model": { + "const": "authentik_stages_consent.consentstage" + }, + "id": { + "type": "string" + }, + "state": { + "type": "string", + "enum": [ + "absent", + "present", + "created" + ], + "default": "present" + }, + "conditions": { + "type": "array", + "items": { + "type": "boolean" + } + }, + "attrs": { + "$ref": "#/$defs/model_authentik_stages_consent.consentstage" + }, + "identifiers": { + "$ref": "#/$defs/model_authentik_stages_consent.consentstage" + } + } + }, + { + "type": "object", + "required": [ + "model", + "attrs" + ], + "properties": { + "model": { + "const": "authentik_stages_consent.userconsent" + }, + "id": { + "type": "string" + }, + "state": { + "type": "string", + "enum": [ + "absent", + "present", + "created" + ], + "default": "present" + }, + "conditions": { + "type": "array", + "items": { + "type": "boolean" + } + }, + "attrs": { + "$ref": "#/$defs/model_authentik_stages_consent.userconsent" + }, + "identifiers": { + "$ref": "#/$defs/model_authentik_stages_consent.userconsent" + } + } + }, + { + "type": "object", + "required": [ + "model", + "attrs" + ], + "properties": { + "model": { + "const": "authentik_stages_deny.denystage" + }, + "id": { + "type": "string" + }, + "state": { + "type": "string", + "enum": [ + "absent", + "present", + "created" + ], + "default": "present" + }, + "conditions": { + "type": "array", + "items": { + "type": "boolean" + } + }, + "attrs": { + "$ref": "#/$defs/model_authentik_stages_deny.denystage" + }, + "identifiers": { + "$ref": "#/$defs/model_authentik_stages_deny.denystage" + } + } + }, + { + "type": "object", + "required": [ + "model", + "attrs" + ], + "properties": { + "model": { + "const": "authentik_stages_dummy.dummystage" + }, + "id": { + "type": "string" + }, + "state": { + "type": "string", + "enum": [ + "absent", + "present", + "created" + ], + "default": "present" + }, + "conditions": { + "type": "array", + "items": { + "type": "boolean" + } + }, + "attrs": { + "$ref": "#/$defs/model_authentik_stages_dummy.dummystage" + }, + "identifiers": { + "$ref": "#/$defs/model_authentik_stages_dummy.dummystage" + } + } + }, + { + "type": "object", + "required": [ + "model", + "attrs" + ], + "properties": { + "model": { + "const": "authentik_stages_email.emailstage" + }, + "id": { + "type": "string" + }, + "state": { + "type": "string", + "enum": [ + "absent", + "present", + "created" + ], + "default": "present" + }, + "conditions": { + "type": "array", + "items": { + "type": "boolean" + } + }, + "attrs": { + "$ref": "#/$defs/model_authentik_stages_email.emailstage" + }, + "identifiers": { + "$ref": "#/$defs/model_authentik_stages_email.emailstage" + } + } + }, + { + "type": "object", + "required": [ + "model", + "attrs" + ], + "properties": { + "model": { + "const": "authentik_stages_identification.identificationstage" + }, + "id": { + "type": "string" + }, + "state": { + "type": "string", + "enum": [ + "absent", + "present", + "created" + ], + "default": "present" + }, + "conditions": { + "type": "array", + "items": { + "type": "boolean" + } + }, + "attrs": { + "$ref": "#/$defs/model_authentik_stages_identification.identificationstage" + }, + "identifiers": { + "$ref": "#/$defs/model_authentik_stages_identification.identificationstage" + } + } + }, + { + "type": "object", + "required": [ + "model", + "attrs" + ], + "properties": { + "model": { + "const": "authentik_stages_invitation.invitationstage" + }, + "id": { + "type": "string" + }, + "state": { + "type": "string", + "enum": [ + "absent", + "present", + "created" + ], + "default": "present" + }, + "conditions": { + "type": "array", + "items": { + "type": "boolean" + } + }, + "attrs": { + "$ref": "#/$defs/model_authentik_stages_invitation.invitationstage" + }, + "identifiers": { + "$ref": "#/$defs/model_authentik_stages_invitation.invitationstage" + } + } + }, + { + "type": "object", + "required": [ + "model", + "attrs" + ], + "properties": { + "model": { + "const": "authentik_stages_invitation.invitation" + }, + "id": { + "type": "string" + }, + "state": { + "type": "string", + "enum": [ + "absent", + "present", + "created" + ], + "default": "present" + }, + "conditions": { + "type": "array", + "items": { + "type": "boolean" + } + }, + "attrs": { + "$ref": "#/$defs/model_authentik_stages_invitation.invitation" + }, + "identifiers": { + "$ref": "#/$defs/model_authentik_stages_invitation.invitation" + } + } + }, + { + "type": "object", + "required": [ + "model", + "attrs" + ], + "properties": { + "model": { + "const": "authentik_stages_password.passwordstage" + }, + "id": { + "type": "string" + }, + "state": { + "type": "string", + "enum": [ + "absent", + "present", + "created" + ], + "default": "present" + }, + "conditions": { + "type": "array", + "items": { + "type": "boolean" + } + }, + "attrs": { + "$ref": "#/$defs/model_authentik_stages_password.passwordstage" + }, + "identifiers": { + "$ref": "#/$defs/model_authentik_stages_password.passwordstage" + } + } + }, + { + "type": "object", + "required": [ + "model", + "attrs" + ], + "properties": { + "model": { + "const": "authentik_stages_prompt.prompt" + }, + "id": { + "type": "string" + }, + "state": { + "type": "string", + "enum": [ + "absent", + "present", + "created" + ], + "default": "present" + }, + "conditions": { + "type": "array", + "items": { + "type": "boolean" + } + }, + "attrs": { + "$ref": "#/$defs/model_authentik_stages_prompt.prompt" + }, + "identifiers": { + "$ref": "#/$defs/model_authentik_stages_prompt.prompt" + } + } + }, + { + "type": "object", + "required": [ + "model", + "attrs" + ], + "properties": { + "model": { + "const": "authentik_stages_prompt.promptstage" + }, + "id": { + "type": "string" + }, + "state": { + "type": "string", + "enum": [ + "absent", + "present", + "created" + ], + "default": "present" + }, + "conditions": { + "type": "array", + "items": { + "type": "boolean" + } + }, + "attrs": { + "$ref": "#/$defs/model_authentik_stages_prompt.promptstage" + }, + "identifiers": { + "$ref": "#/$defs/model_authentik_stages_prompt.promptstage" + } + } + }, + { + "type": "object", + "required": [ + "model", + "attrs" + ], + "properties": { + "model": { + "const": "authentik_stages_user_delete.userdeletestage" + }, + "id": { + "type": "string" + }, + "state": { + "type": "string", + "enum": [ + "absent", + "present", + "created" + ], + "default": "present" + }, + "conditions": { + "type": "array", + "items": { + "type": "boolean" + } + }, + "attrs": { + "$ref": "#/$defs/model_authentik_stages_user_delete.userdeletestage" + }, + "identifiers": { + "$ref": "#/$defs/model_authentik_stages_user_delete.userdeletestage" + } + } + }, + { + "type": "object", + "required": [ + "model", + "attrs" + ], + "properties": { + "model": { + "const": "authentik_stages_user_login.userloginstage" + }, + "id": { + "type": "string" + }, + "state": { + "type": "string", + "enum": [ + "absent", + "present", + "created" + ], + "default": "present" + }, + "conditions": { + "type": "array", + "items": { + "type": "boolean" + } + }, + "attrs": { + "$ref": "#/$defs/model_authentik_stages_user_login.userloginstage" + }, + "identifiers": { + "$ref": "#/$defs/model_authentik_stages_user_login.userloginstage" + } + } + }, + { + "type": "object", + "required": [ + "model", + "attrs" + ], + "properties": { + "model": { + "const": "authentik_stages_user_logout.userlogoutstage" + }, + "id": { + "type": "string" + }, + "state": { + "type": "string", + "enum": [ + "absent", + "present", + "created" + ], + "default": "present" + }, + "conditions": { + "type": "array", + "items": { + "type": "boolean" + } + }, + "attrs": { + "$ref": "#/$defs/model_authentik_stages_user_logout.userlogoutstage" + }, + "identifiers": { + "$ref": "#/$defs/model_authentik_stages_user_logout.userlogoutstage" + } + } + }, + { + "type": "object", + "required": [ + "model", + "attrs" + ], + "properties": { + "model": { + "const": "authentik_stages_user_write.userwritestage" + }, + "id": { + "type": "string" + }, + "state": { + "type": "string", + "enum": [ + "absent", + "present", + "created" + ], + "default": "present" + }, + "conditions": { + "type": "array", + "items": { + "type": "boolean" + } + }, + "attrs": { + "$ref": "#/$defs/model_authentik_stages_user_write.userwritestage" + }, + "identifiers": { + "$ref": "#/$defs/model_authentik_stages_user_write.userwritestage" + } + } + }, + { + "type": "object", + "required": [ + "model", + "attrs" + ], + "properties": { + "model": { + "const": "authentik_tenants.tenant" + }, + "id": { + "type": "string" + }, + "state": { + "type": "string", + "enum": [ + "absent", + "present", + "created" + ], + "default": "present" + }, + "conditions": { + "type": "array", + "items": { + "type": "boolean" + } + }, + "attrs": { + "$ref": "#/$defs/model_authentik_tenants.tenant" + }, + "identifiers": { + "$ref": "#/$defs/model_authentik_tenants.tenant" + } + } + }, + { + "type": "object", + "required": [ + "model", + "attrs" + ], + "properties": { + "model": { + "const": "authentik_blueprints.blueprintinstance" + }, + "id": { + "type": "string" + }, + "state": { + "type": "string", + "enum": [ + "absent", + "present", + "created" + ], + "default": "present" + }, + "conditions": { + "type": "array", + "items": { + "type": "boolean" + } + }, + "attrs": { + "$ref": "#/$defs/model_authentik_blueprints.blueprintinstance" + }, + "identifiers": { + "$ref": "#/$defs/model_authentik_blueprints.blueprintinstance" + } + } + }, + { + "type": "object", + "required": [ + "model", + "attrs" + ], + "properties": { + "model": { + "const": "authentik_core.group" + }, + "id": { + "type": "string" + }, + "state": { + "type": "string", + "enum": [ + "absent", + "present", + "created" + ], + "default": "present" + }, + "conditions": { + "type": "array", + "items": { + "type": "boolean" + } + }, + "attrs": { + "$ref": "#/$defs/model_authentik_core.group" + }, + "identifiers": { + "$ref": "#/$defs/model_authentik_core.group" + } + } + }, + { + "type": "object", + "required": [ + "model", + "attrs" + ], + "properties": { + "model": { + "const": "authentik_core.user" + }, + "id": { + "type": "string" + }, + "state": { + "type": "string", + "enum": [ + "absent", + "present", + "created" + ], + "default": "present" + }, + "conditions": { + "type": "array", + "items": { + "type": "boolean" + } + }, + "attrs": { + "$ref": "#/$defs/model_authentik_core.user" + }, + "identifiers": { + "$ref": "#/$defs/model_authentik_core.user" + } + } + }, + { + "type": "object", + "required": [ + "model", + "attrs" + ], + "properties": { + "model": { + "const": "authentik_core.application" + }, + "id": { + "type": "string" + }, + "state": { + "type": "string", + "enum": [ + "absent", + "present", + "created" + ], + "default": "present" + }, + "conditions": { + "type": "array", + "items": { + "type": "boolean" + } + }, + "attrs": { + "$ref": "#/$defs/model_authentik_core.application" + }, + "identifiers": { + "$ref": "#/$defs/model_authentik_core.application" + } + } + }, + { + "type": "object", + "required": [ + "model", + "attrs" + ], + "properties": { + "model": { + "const": "authentik_core.token" + }, + "id": { + "type": "string" + }, + "state": { + "type": "string", + "enum": [ + "absent", + "present", + "created" + ], + "default": "present" + }, + "conditions": { + "type": "array", + "items": { + "type": "boolean" + } + }, + "attrs": { + "$ref": "#/$defs/model_authentik_core.token" + }, + "identifiers": { + "$ref": "#/$defs/model_authentik_core.token" + } + } + } + ] + } + } + }, + "$defs": { + "model_authentik_crypto.certificatekeypair": { + "type": "object", + "properties": { + "name": { + "type": "string", + "minLength": 1, + "title": "Name" + }, + "certificate_data": { + "type": "string", + "minLength": 1, + "title": "Certificate data", + "description": "PEM-encoded Certificate data" + }, + "key_data": { + "type": "string", + "title": "Key data", + "description": "Optional Private Key. If this is set, you can use this keypair for encryption." + } + }, + "required": [] + }, + "model_authentik_events.event": { + "type": "object", + "properties": { + "user": { + "type": "object", + "additionalProperties": true, + "title": "User" + }, + "action": { + "type": "string", + "enum": [ + "login", + "login_failed", + "logout", + "user_write", + "suspicious_request", + "password_set", + "secret_view", + "secret_rotate", + "invitation_used", + "authorize_application", + "source_linked", + "impersonation_started", + "impersonation_ended", + "flow_execution", + "policy_execution", + "policy_exception", + "property_mapping_exception", + "system_task_execution", + "system_task_exception", + "system_exception", + "configuration_error", + "model_created", + "model_updated", + "model_deleted", + "email_sent", + "update_available", + "custom_" + ], + "title": "Action" + }, + "app": { + "type": "string", + "minLength": 1, + "title": "App" + }, + "context": { + "type": "object", + "additionalProperties": true, + "title": "Context" + }, + "client_ip": { + "type": [ + "string", + "null" + ], + "minLength": 1, + "title": "Client ip" + }, + "expires": { + "type": "string", + "format": "date-time", + "title": "Expires" + }, + "tenant": { + "type": "object", + "additionalProperties": true, + "title": "Tenant" + } + }, + "required": [] + }, + "model_authentik_events.notificationtransport": { + "type": "object", + "properties": { + "name": { + "type": "string", + "minLength": 1, + "title": "Name" + }, + "mode": { + "type": "string", + "enum": [ + "local", + "webhook", + "webhook_slack", + "email" + ], + "title": "Mode" + }, + "webhook_url": { + "type": "string", + "title": "Webhook url" + }, + "webhook_mapping": { + "type": "integer", + "title": "Webhook mapping" + }, + "send_once": { + "type": "boolean", + "title": "Send once", + "description": "Only send notification once, for example when sending a webhook into a chat channel." + } + }, + "required": [] + }, + "model_authentik_events.notification": { + "type": "object", + "properties": { + "event": { + "type": "object", + "properties": { + "user": { + "type": "object", + "additionalProperties": true, + "title": "User" + }, + "action": { + "type": "string", + "enum": [ + "login", + "login_failed", + "logout", + "user_write", + "suspicious_request", + "password_set", + "secret_view", + "secret_rotate", + "invitation_used", + "authorize_application", + "source_linked", + "impersonation_started", + "impersonation_ended", + "flow_execution", + "policy_execution", + "policy_exception", + "property_mapping_exception", + "system_task_execution", + "system_task_exception", + "system_exception", + "configuration_error", + "model_created", + "model_updated", + "model_deleted", + "email_sent", + "update_available", + "custom_" + ], + "title": "Action" + }, + "app": { + "type": "string", + "minLength": 1, + "title": "App" + }, + "context": { + "type": "object", + "additionalProperties": true, + "title": "Context" + }, + "client_ip": { + "type": [ + "string", + "null" + ], + "minLength": 1, + "title": "Client ip" + }, + "expires": { + "type": "string", + "format": "date-time", + "title": "Expires" + }, + "tenant": { + "type": "object", + "additionalProperties": true, + "title": "Tenant" + } + }, + "required": [ + "action", + "app" + ], + "title": "Event" + }, + "seen": { + "type": "boolean", + "title": "Seen" + } + }, + "required": [] + }, + "model_authentik_events.notificationrule": { + "type": "object", + "properties": { + "name": { + "type": "string", + "minLength": 1, + "title": "Name" + }, + "transports": { + "type": "array", + "items": { + "type": "integer", + "description": "Select which transports should be used to notify the user. If none are selected, the notification will only be shown in the authentik UI." + }, + "title": "Transports", + "description": "Select which transports should be used to notify the user. If none are selected, the notification will only be shown in the authentik UI." + }, + "severity": { + "type": "string", + "enum": [ + "notice", + "warning", + "alert" + ], + "title": "Severity", + "description": "Controls which severity level the created notifications will have." + }, + "group": { + "type": "integer", + "title": "Group", + "description": "Define which group of users this notification should be sent and shown to. If left empty, Notification won't ben sent." + } + }, + "required": [] + }, + "model_authentik_events.notificationwebhookmapping": { + "type": "object", + "properties": { + "name": { + "type": "string", + "minLength": 1, + "title": "Name" + }, + "expression": { + "type": "string", + "minLength": 1, + "title": "Expression" + } + }, + "required": [] + }, + "model_authentik_flows.flow": { + "type": "object", + "properties": { + "name": { + "type": "string", + "minLength": 1, + "title": "Name" + }, + "slug": { + "type": "string", + "maxLength": 50, + "minLength": 1, + "pattern": "^[-a-zA-Z0-9_]+$", + "title": "Slug", + "description": "Visible in the URL." + }, + "title": { + "type": "string", + "minLength": 1, + "title": "Title", + "description": "Shown as the Title in Flow pages." + }, + "designation": { + "type": "string", + "enum": [ + "authentication", + "authorization", + "invalidation", + "enrollment", + "unenrollment", + "recovery", + "stage_configuration" + ], + "title": "Designation", + "description": "Decides what this Flow is used for. For example, the Authentication flow is redirect to when an un-authenticated user visits authentik." + }, + "policy_engine_mode": { + "type": "string", + "enum": [ + "all", + "any" + ], + "title": "Policy engine mode" + }, + "compatibility_mode": { + "type": "boolean", + "title": "Compatibility mode", + "description": "Enable compatibility mode, increases compatibility with password managers on mobile devices." + }, + "layout": { + "type": "string", + "enum": [ + "stacked", + "content_left", + "content_right", + "sidebar_left", + "sidebar_right" + ], + "title": "Layout" + }, + "denied_action": { + "type": "string", + "enum": [ + "message_continue", + "message", + "continue" + ], + "title": "Denied action", + "description": "Configure what should happen when a flow denies access to a user." + }, + "authentication": { + "type": "string", + "enum": [ + "none", + "require_authenticated", + "require_unauthenticated", + "require_superuser" + ], + "title": "Authentication", + "description": "Required level of authentication and authorization to access a flow." + } + }, + "required": [] + }, + "model_authentik_flows.flowstagebinding": { + "type": "object", + "properties": { + "target": { + "type": "integer", + "title": "Target" + }, + "stage": { + "type": "integer", + "title": "Stage" + }, + "evaluate_on_plan": { + "type": "boolean", + "title": "Evaluate on plan", + "description": "Evaluate policies during the Flow planning process." + }, + "re_evaluate_policies": { + "type": "boolean", + "title": "Re evaluate policies", + "description": "Evaluate policies when the Stage is present to the user." + }, + "order": { + "type": "integer", + "minimum": -2147483648, + "maximum": 2147483647, + "title": "Order" + }, + "policy_engine_mode": { + "type": "string", + "enum": [ + "all", + "any" + ], + "title": "Policy engine mode" + }, + "invalid_response_action": { + "type": "string", + "enum": [ + "retry", + "restart", + "restart_with_context" + ], + "title": "Invalid response action", + "description": "Configure how the flow executor should handle an invalid response to a challenge. RETRY returns the error message and a similar challenge to the executor. RESTART restarts the flow from the beginning, and RESTART_WITH_CONTEXT restarts the flow while keeping the current context." + } + }, + "required": [] + }, + "model_authentik_outposts.dockerserviceconnection": { + "type": "object", + "properties": { + "name": { + "type": "string", + "minLength": 1, + "title": "Name" + }, + "local": { + "type": "boolean", + "title": "Local", + "description": "If enabled, use the local connection. Required Docker socket/Kubernetes Integration" + }, + "url": { + "type": "string", + "minLength": 1, + "title": "Url", + "description": "Can be in the format of 'unix://' when connecting to a local docker daemon, or 'https://:2376' when connecting to a remote system." + }, + "tls_verification": { + "type": "integer", + "title": "Tls verification", + "description": "CA which the endpoint's Certificate is verified against. Can be left empty for no validation." + }, + "tls_authentication": { + "type": "integer", + "title": "Tls authentication", + "description": "Certificate/Key used for authentication. Can be left empty for no authentication." + } + }, + "required": [] + }, + "model_authentik_outposts.kubernetesserviceconnection": { + "type": "object", + "properties": { + "name": { + "type": "string", + "minLength": 1, + "title": "Name" + }, + "local": { + "type": "boolean", + "title": "Local", + "description": "If enabled, use the local connection. Required Docker socket/Kubernetes Integration" + }, + "kubeconfig": { + "type": "object", + "additionalProperties": true, + "title": "Kubeconfig", + "description": "Paste your kubeconfig here. authentik will automatically use the currently selected context." + }, + "verify_ssl": { + "type": "boolean", + "title": "Verify ssl", + "description": "Verify SSL Certificates of the Kubernetes API endpoint" + } + }, + "required": [] + }, + "model_authentik_outposts.outpost": { + "type": "object", + "properties": { + "name": { + "type": "string", + "minLength": 1, + "title": "Name" + }, + "type": { + "type": "string", + "enum": [ + "proxy", + "ldap", + "radius" + ], + "title": "Type" + }, + "providers": { + "type": "array", + "items": { + "type": "integer" + }, + "title": "Providers" + }, + "service_connection": { + "type": "integer", + "title": "Service connection", + "description": "Select Service-Connection authentik should use to manage this outpost. Leave empty if authentik should not handle the deployment." + }, + "config": { + "type": "object", + "additionalProperties": true, + "title": "Config" + }, + "managed": { + "type": [ + "string", + "null" + ], + "minLength": 1, + "title": "Managed by authentik", + "description": "Objects which are managed by authentik. These objects are created and updated automatically. This is flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update." + } + }, + "required": [] + }, + "model_authentik_policies_dummy.dummypolicy": { + "type": "object", + "properties": { + "name": { + "type": "string", + "minLength": 1, + "title": "Name" + }, + "execution_logging": { + "type": "boolean", + "title": "Execution logging", + "description": "When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged." + }, + "result": { + "type": "boolean", + "title": "Result" + }, + "wait_min": { + "type": "integer", + "minimum": -2147483648, + "maximum": 2147483647, + "title": "Wait min" + }, + "wait_max": { + "type": "integer", + "minimum": -2147483648, + "maximum": 2147483647, + "title": "Wait max" + } + }, + "required": [] + }, + "model_authentik_policies_event_matcher.eventmatcherpolicy": { + "type": "object", + "properties": { + "name": { + "type": "string", + "minLength": 1, + "title": "Name" + }, + "execution_logging": { + "type": "boolean", + "title": "Execution logging", + "description": "When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged." + }, + "action": { + "type": "string", + "enum": [ + "", + "login", + "login_failed", + "logout", + "user_write", + "suspicious_request", + "password_set", + "secret_view", + "secret_rotate", + "invitation_used", + "authorize_application", + "source_linked", + "impersonation_started", + "impersonation_ended", + "flow_execution", + "policy_execution", + "policy_exception", + "property_mapping_exception", + "system_task_execution", + "system_task_exception", + "system_exception", + "configuration_error", + "model_created", + "model_updated", + "model_deleted", + "email_sent", + "update_available", + "custom_" + ], + "title": "Action", + "description": "Match created events with this action type. When left empty, all action types will be matched." + }, + "client_ip": { + "type": "string", + "title": "Client ip", + "description": "Matches Event's Client IP (strict matching, for network matching use an Expression Policy)" + }, + "app": { + "type": "string", + "enum": [ + "", + "authentik.admin", + "authentik.api", + "authentik.crypto", + "authentik.events", + "authentik.flows", + "authentik.lib", + "authentik.outposts", + "authentik.policies.dummy", + "authentik.policies.event_matcher", + "authentik.policies.expiry", + "authentik.policies.expression", + "authentik.policies.password", + "authentik.policies.reputation", + "authentik.policies", + "authentik.providers.ldap", + "authentik.providers.oauth2", + "authentik.providers.proxy", + "authentik.providers.radius", + "authentik.providers.saml", + "authentik.providers.scim", + "authentik.recovery", + "authentik.sources.ldap", + "authentik.sources.oauth", + "authentik.sources.plex", + "authentik.sources.saml", + "authentik.stages.authenticator_duo", + "authentik.stages.authenticator_sms", + "authentik.stages.authenticator_static", + "authentik.stages.authenticator_totp", + "authentik.stages.authenticator_validate", + "authentik.stages.authenticator_webauthn", + "authentik.stages.captcha", + "authentik.stages.consent", + "authentik.stages.deny", + "authentik.stages.dummy", + "authentik.stages.email", + "authentik.stages.identification", + "authentik.stages.invitation", + "authentik.stages.password", + "authentik.stages.prompt", + "authentik.stages.user_delete", + "authentik.stages.user_login", + "authentik.stages.user_logout", + "authentik.stages.user_write", + "authentik.tenants", + "authentik.blueprints", + "authentik.core", + "authentik.enterprise" + ], + "title": "App", + "description": "Match events created by selected application. When left empty, all applications are matched." + } + }, + "required": [] + }, + "model_authentik_policies_expiry.passwordexpirypolicy": { + "type": "object", + "properties": { + "name": { + "type": "string", + "minLength": 1, + "title": "Name" + }, + "execution_logging": { + "type": "boolean", + "title": "Execution logging", + "description": "When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged." + }, + "days": { + "type": "integer", + "minimum": -2147483648, + "maximum": 2147483647, + "title": "Days" + }, + "deny_only": { + "type": "boolean", + "title": "Deny only" + } + }, + "required": [] + }, + "model_authentik_policies_expression.expressionpolicy": { + "type": "object", + "properties": { + "name": { + "type": "string", + "minLength": 1, + "title": "Name" + }, + "execution_logging": { + "type": "boolean", + "title": "Execution logging", + "description": "When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged." + }, + "expression": { + "type": "string", + "minLength": 1, + "title": "Expression" + } + }, + "required": [] + }, + "model_authentik_policies_password.passwordpolicy": { + "type": "object", + "properties": { + "name": { + "type": "string", + "minLength": 1, + "title": "Name" + }, + "execution_logging": { + "type": "boolean", + "title": "Execution logging", + "description": "When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged." + }, + "password_field": { + "type": "string", + "minLength": 1, + "title": "Password field", + "description": "Field key to check, field keys defined in Prompt stages are available." + }, + "amount_digits": { + "type": "integer", + "minimum": 0, + "maximum": 2147483647, + "title": "Amount digits" + }, + "amount_uppercase": { + "type": "integer", + "minimum": 0, + "maximum": 2147483647, + "title": "Amount uppercase" + }, + "amount_lowercase": { + "type": "integer", + "minimum": 0, + "maximum": 2147483647, + "title": "Amount lowercase" + }, + "amount_symbols": { + "type": "integer", + "minimum": 0, + "maximum": 2147483647, + "title": "Amount symbols" + }, + "length_min": { + "type": "integer", + "minimum": 0, + "maximum": 2147483647, + "title": "Length min" + }, + "symbol_charset": { + "type": "string", + "minLength": 1, + "title": "Symbol charset" + }, + "error_message": { + "type": "string", + "title": "Error message" + }, + "check_static_rules": { + "type": "boolean", + "title": "Check static rules" + }, + "check_have_i_been_pwned": { + "type": "boolean", + "title": "Check have i been pwned" + }, + "check_zxcvbn": { + "type": "boolean", + "title": "Check zxcvbn" + }, + "hibp_allowed_count": { + "type": "integer", + "minimum": 0, + "maximum": 2147483647, + "title": "Hibp allowed count", + "description": "How many times the password hash is allowed to be on haveibeenpwned" + }, + "zxcvbn_score_threshold": { + "type": "integer", + "minimum": 0, + "maximum": 2147483647, + "title": "Zxcvbn score threshold", + "description": "If the zxcvbn score is equal or less than this value, the policy will fail." + } + }, + "required": [] + }, + "model_authentik_policies_reputation.reputationpolicy": { + "type": "object", + "properties": { + "name": { + "type": "string", + "minLength": 1, + "title": "Name" + }, + "execution_logging": { + "type": "boolean", + "title": "Execution logging", + "description": "When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged." + }, + "check_ip": { + "type": "boolean", + "title": "Check ip" + }, + "check_username": { + "type": "boolean", + "title": "Check username" + }, + "threshold": { + "type": "integer", + "minimum": -2147483648, + "maximum": 2147483647, + "title": "Threshold" + } + }, + "required": [] + }, + "model_authentik_policies_reputation.reputation": { + "type": "object", + "properties": { + "pk": { + "type": "string", + "format": "uuid", + "title": "Reputation uuid" + }, + "identifier": { + "type": "string", + "minLength": 1, + "title": "Identifier" + }, + "ip": { + "type": "string", + "minLength": 1, + "title": "Ip" + }, + "ip_geo_data": { + "type": "object", + "additionalProperties": true, + "title": "Ip geo data" + }, + "score": { + "type": "integer", + "minimum": -9223372036854775808, + "maximum": 9223372036854775807, + "title": "Score" + } + }, + "required": [] + }, + "model_authentik_policies.policybinding": { + "type": "object", + "properties": { + "policy": { + "type": "integer", + "title": "Policy" + }, + "group": { + "type": "integer", + "title": "Group" + }, + "user": { + "type": "integer", + "title": "User" + }, + "target": { + "type": "integer", + "title": "Target" + }, + "negate": { + "type": "boolean", + "title": "Negate", + "description": "Negates the outcome of the policy. Messages are unaffected." + }, + "enabled": { + "type": "boolean", + "title": "Enabled" + }, + "order": { + "type": "integer", + "minimum": -2147483648, + "maximum": 2147483647, + "title": "Order" + }, + "timeout": { + "type": "integer", + "minimum": -2147483648, + "maximum": 2147483647, + "title": "Timeout", + "description": "Timeout after which Policy execution is terminated." + } + }, + "required": [] + }, + "model_authentik_providers_ldap.ldapprovider": { + "type": "object", + "properties": { + "name": { + "type": "string", + "minLength": 1, + "title": "Name" + }, + "authentication_flow": { + "type": "integer", + "title": "Authentication flow", + "description": "Flow used for authentication when the associated application is accessed by an un-authenticated user." + }, + "authorization_flow": { + "type": "integer", + "title": "Authorization flow", + "description": "Flow used when authorizing this provider." + }, + "property_mappings": { + "type": "array", + "items": { + "type": "integer" + }, + "title": "Property mappings" + }, + "base_dn": { + "type": "string", + "minLength": 1, + "title": "Base dn", + "description": "DN under which objects are accessible." + }, + "search_group": { + "type": "integer", + "title": "Search group", + "description": "Users in this group can do search queries. If not set, every user can execute search queries." + }, + "certificate": { + "type": "integer", + "title": "Certificate" + }, + "tls_server_name": { + "type": "string", + "title": "Tls server name" + }, + "uid_start_number": { + "type": "integer", + "minimum": -2147483648, + "maximum": 2147483647, + "title": "Uid start number", + "description": "The start for uidNumbers, this number is added to the user.Pk to make sure that the numbers aren't too low for POSIX users. Default is 2000 to ensure that we don't collide with local users uidNumber" + }, + "gid_start_number": { + "type": "integer", + "minimum": -2147483648, + "maximum": 2147483647, + "title": "Gid start number", + "description": "The start for gidNumbers, this number is added to a number generated from the group.Pk to make sure that the numbers aren't too low for POSIX groups. Default is 4000 to ensure that we don't collide with local groups or users primary groups gidNumber" + }, + "search_mode": { + "type": "string", + "enum": [ + "direct", + "cached" + ], + "title": "Search mode" + }, + "bind_mode": { + "type": "string", + "enum": [ + "direct", + "cached" + ], + "title": "Bind mode" + } + }, + "required": [] + }, + "model_authentik_providers_oauth2.scopemapping": { + "type": "object", + "properties": { + "managed": { + "type": [ + "string", + "null" + ], + "minLength": 1, + "title": "Managed by authentik", + "description": "Objects which are managed by authentik. These objects are created and updated automatically. This is flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update." + }, + "name": { + "type": "string", + "minLength": 1, + "title": "Name" + }, + "expression": { + "type": "string", + "minLength": 1, + "title": "Expression" + }, + "scope_name": { + "type": "string", + "minLength": 1, + "title": "Scope name", + "description": "Scope name requested by the client" + }, + "description": { + "type": "string", + "title": "Description", + "description": "Description shown to the user when consenting. If left empty, the user won't be informed." + } + }, + "required": [] + }, + "model_authentik_providers_oauth2.oauth2provider": { + "type": "object", + "properties": { + "name": { + "type": "string", + "minLength": 1, + "title": "Name" + }, + "authentication_flow": { + "type": "integer", + "title": "Authentication flow", + "description": "Flow used for authentication when the associated application is accessed by an un-authenticated user." + }, + "authorization_flow": { + "type": "integer", + "title": "Authorization flow", + "description": "Flow used when authorizing this provider." + }, + "property_mappings": { + "type": "array", + "items": { + "type": "integer" + }, + "title": "Property mappings" + }, + "client_type": { + "type": "string", + "enum": [ + "confidential", + "public" + ], + "title": "Client Type", + "description": "Confidential clients are capable of maintaining the confidentiality of their credentials. Public clients are incapable" + }, + "client_id": { + "type": "string", + "maxLength": 255, + "minLength": 1, + "title": "Client ID" + }, + "client_secret": { + "type": "string", + "maxLength": 255, + "title": "Client Secret" + }, + "access_code_validity": { + "type": "string", + "minLength": 1, + "title": "Access code validity", + "description": "Access codes not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3)." + }, + "access_token_validity": { + "type": "string", + "minLength": 1, + "title": "Access token validity", + "description": "Tokens not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3)." + }, + "refresh_token_validity": { + "type": "string", + "minLength": 1, + "title": "Refresh token validity", + "description": "Tokens not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3)." + }, + "include_claims_in_id_token": { + "type": "boolean", + "title": "Include claims in id_token", + "description": "Include User claims from scopes in the id_token, for applications that don't access the userinfo endpoint." + }, + "signing_key": { + "type": "integer", + "title": "Signing Key", + "description": "Key used to sign the tokens. Only required when JWT Algorithm is set to RS256." + }, + "redirect_uris": { + "type": "string", + "title": "Redirect URIs", + "description": "Enter each URI on a new line." + }, + "sub_mode": { + "type": "string", + "enum": [ + "hashed_user_id", + "user_id", + "user_username", + "user_email", + "user_upn" + ], + "title": "Sub mode", + "description": "Configure what data should be used as unique User Identifier. For most cases, the default should be fine." + }, + "issuer_mode": { + "type": "string", + "enum": [ + "global", + "per_provider" + ], + "title": "Issuer mode", + "description": "Configure how the issuer field of the ID Token should be filled." + }, + "jwks_sources": { + "type": "array", + "items": { + "type": "integer", + "title": "Any JWT signed by the JWK of the selected source can be used to authenticate." + }, + "title": "Any JWT signed by the JWK of the selected source can be used to authenticate." + } + }, + "required": [] + }, + "model_authentik_providers_oauth2.authorizationcode": { + "type": "object", + "properties": { + "provider": { + "type": "object", + "properties": { + "name": { + "type": "string", + "minLength": 1, + "title": "Name" + }, + "authentication_flow": { + "type": "integer", + "title": "Authentication flow", + "description": "Flow used for authentication when the associated application is accessed by an un-authenticated user." + }, + "authorization_flow": { + "type": "integer", + "title": "Authorization flow", + "description": "Flow used when authorizing this provider." + }, + "property_mappings": { + "type": "array", + "items": { + "type": "integer" + }, + "title": "Property mappings" + }, + "client_type": { + "type": "string", + "enum": [ + "confidential", + "public" + ], + "title": "Client Type", + "description": "Confidential clients are capable of maintaining the confidentiality of their credentials. Public clients are incapable" + }, + "client_id": { + "type": "string", + "maxLength": 255, + "minLength": 1, + "title": "Client ID" + }, + "client_secret": { + "type": "string", + "maxLength": 255, + "title": "Client Secret" + }, + "access_code_validity": { + "type": "string", + "minLength": 1, + "title": "Access code validity", + "description": "Access codes not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3)." + }, + "access_token_validity": { + "type": "string", + "minLength": 1, + "title": "Access token validity", + "description": "Tokens not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3)." + }, + "refresh_token_validity": { + "type": "string", + "minLength": 1, + "title": "Refresh token validity", + "description": "Tokens not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3)." + }, + "include_claims_in_id_token": { + "type": "boolean", + "title": "Include claims in id_token", + "description": "Include User claims from scopes in the id_token, for applications that don't access the userinfo endpoint." + }, + "signing_key": { + "type": "integer", + "title": "Signing Key", + "description": "Key used to sign the tokens. Only required when JWT Algorithm is set to RS256." + }, + "redirect_uris": { + "type": "string", + "title": "Redirect URIs", + "description": "Enter each URI on a new line." + }, + "sub_mode": { + "type": "string", + "enum": [ + "hashed_user_id", + "user_id", + "user_username", + "user_email", + "user_upn" + ], + "title": "Sub mode", + "description": "Configure what data should be used as unique User Identifier. For most cases, the default should be fine." + }, + "issuer_mode": { + "type": "string", + "enum": [ + "global", + "per_provider" + ], + "title": "Issuer mode", + "description": "Configure how the issuer field of the ID Token should be filled." + }, + "jwks_sources": { + "type": "array", + "items": { + "type": "integer", + "title": "Any JWT signed by the JWK of the selected source can be used to authenticate." + }, + "title": "Any JWT signed by the JWK of the selected source can be used to authenticate." + } + }, + "required": [ + "name", + "authorization_flow" + ], + "title": "Provider" + }, + "user": { + "type": "object", + "properties": { + "username": { + "type": "string", + "maxLength": 150, + "minLength": 1, + "title": "Username" + }, + "name": { + "type": "string", + "title": "Name", + "description": "User's display name." + }, + "is_active": { + "type": "boolean", + "title": "Active", + "description": "Designates whether this user should be treated as active. Unselect this instead of deleting accounts." + }, + "last_login": { + "type": [ + "string", + "null" + ], + "format": "date-time", + "title": "Last login" + }, + "groups": { + "type": "array", + "items": { + "type": "integer" + }, + "title": "Groups" + }, + "email": { + "type": "string", + "format": "email", + "maxLength": 254, + "title": "Email address" + }, + "attributes": { + "type": "object", + "additionalProperties": true, + "title": "Attributes" + }, + "path": { + "type": "string", + "minLength": 1, + "title": "Path" + } + }, + "required": [ + "username", + "name", + "groups" + ], + "title": "User" + }, + "expires": { + "type": "string", + "format": "date-time", + "title": "Expires" + }, + "scope": { + "type": "array", + "items": { + "type": "string", + "minLength": 1 + }, + "title": "Scope" + } + }, + "required": [] + }, + "model_authentik_providers_oauth2.accesstoken": { + "type": "object", + "properties": { + "provider": { + "type": "object", + "properties": { + "name": { + "type": "string", + "minLength": 1, + "title": "Name" + }, + "authentication_flow": { + "type": "integer", + "title": "Authentication flow", + "description": "Flow used for authentication when the associated application is accessed by an un-authenticated user." + }, + "authorization_flow": { + "type": "integer", + "title": "Authorization flow", + "description": "Flow used when authorizing this provider." + }, + "property_mappings": { + "type": "array", + "items": { + "type": "integer" + }, + "title": "Property mappings" + }, + "client_type": { + "type": "string", + "enum": [ + "confidential", + "public" + ], + "title": "Client Type", + "description": "Confidential clients are capable of maintaining the confidentiality of their credentials. Public clients are incapable" + }, + "client_id": { + "type": "string", + "maxLength": 255, + "minLength": 1, + "title": "Client ID" + }, + "client_secret": { + "type": "string", + "maxLength": 255, + "title": "Client Secret" + }, + "access_code_validity": { + "type": "string", + "minLength": 1, + "title": "Access code validity", + "description": "Access codes not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3)." + }, + "access_token_validity": { + "type": "string", + "minLength": 1, + "title": "Access token validity", + "description": "Tokens not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3)." + }, + "refresh_token_validity": { + "type": "string", + "minLength": 1, + "title": "Refresh token validity", + "description": "Tokens not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3)." + }, + "include_claims_in_id_token": { + "type": "boolean", + "title": "Include claims in id_token", + "description": "Include User claims from scopes in the id_token, for applications that don't access the userinfo endpoint." + }, + "signing_key": { + "type": "integer", + "title": "Signing Key", + "description": "Key used to sign the tokens. Only required when JWT Algorithm is set to RS256." + }, + "redirect_uris": { + "type": "string", + "title": "Redirect URIs", + "description": "Enter each URI on a new line." + }, + "sub_mode": { + "type": "string", + "enum": [ + "hashed_user_id", + "user_id", + "user_username", + "user_email", + "user_upn" + ], + "title": "Sub mode", + "description": "Configure what data should be used as unique User Identifier. For most cases, the default should be fine." + }, + "issuer_mode": { + "type": "string", + "enum": [ + "global", + "per_provider" + ], + "title": "Issuer mode", + "description": "Configure how the issuer field of the ID Token should be filled." + }, + "jwks_sources": { + "type": "array", + "items": { + "type": "integer", + "title": "Any JWT signed by the JWK of the selected source can be used to authenticate." + }, + "title": "Any JWT signed by the JWK of the selected source can be used to authenticate." + } + }, + "required": [ + "name", + "authorization_flow" + ], + "title": "Provider" + }, + "user": { + "type": "object", + "properties": { + "username": { + "type": "string", + "maxLength": 150, + "minLength": 1, + "title": "Username" + }, + "name": { + "type": "string", + "title": "Name", + "description": "User's display name." + }, + "is_active": { + "type": "boolean", + "title": "Active", + "description": "Designates whether this user should be treated as active. Unselect this instead of deleting accounts." + }, + "last_login": { + "type": [ + "string", + "null" + ], + "format": "date-time", + "title": "Last login" + }, + "groups": { + "type": "array", + "items": { + "type": "integer" + }, + "title": "Groups" + }, + "email": { + "type": "string", + "format": "email", + "maxLength": 254, + "title": "Email address" + }, + "attributes": { + "type": "object", + "additionalProperties": true, + "title": "Attributes" + }, + "path": { + "type": "string", + "minLength": 1, + "title": "Path" + } + }, + "required": [ + "username", + "name", + "groups" + ], + "title": "User" + }, + "expires": { + "type": "string", + "format": "date-time", + "title": "Expires" + }, + "scope": { + "type": "array", + "items": { + "type": "string", + "minLength": 1 + }, + "title": "Scope" + }, + "revoked": { + "type": "boolean", + "title": "Revoked" + } + }, + "required": [] + }, + "model_authentik_providers_oauth2.refreshtoken": { + "type": "object", + "properties": { + "provider": { + "type": "object", + "properties": { + "name": { + "type": "string", + "minLength": 1, + "title": "Name" + }, + "authentication_flow": { + "type": "integer", + "title": "Authentication flow", + "description": "Flow used for authentication when the associated application is accessed by an un-authenticated user." + }, + "authorization_flow": { + "type": "integer", + "title": "Authorization flow", + "description": "Flow used when authorizing this provider." + }, + "property_mappings": { + "type": "array", + "items": { + "type": "integer" + }, + "title": "Property mappings" + }, + "client_type": { + "type": "string", + "enum": [ + "confidential", + "public" + ], + "title": "Client Type", + "description": "Confidential clients are capable of maintaining the confidentiality of their credentials. Public clients are incapable" + }, + "client_id": { + "type": "string", + "maxLength": 255, + "minLength": 1, + "title": "Client ID" + }, + "client_secret": { + "type": "string", + "maxLength": 255, + "title": "Client Secret" + }, + "access_code_validity": { + "type": "string", + "minLength": 1, + "title": "Access code validity", + "description": "Access codes not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3)." + }, + "access_token_validity": { + "type": "string", + "minLength": 1, + "title": "Access token validity", + "description": "Tokens not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3)." + }, + "refresh_token_validity": { + "type": "string", + "minLength": 1, + "title": "Refresh token validity", + "description": "Tokens not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3)." + }, + "include_claims_in_id_token": { + "type": "boolean", + "title": "Include claims in id_token", + "description": "Include User claims from scopes in the id_token, for applications that don't access the userinfo endpoint." + }, + "signing_key": { + "type": "integer", + "title": "Signing Key", + "description": "Key used to sign the tokens. Only required when JWT Algorithm is set to RS256." + }, + "redirect_uris": { + "type": "string", + "title": "Redirect URIs", + "description": "Enter each URI on a new line." + }, + "sub_mode": { + "type": "string", + "enum": [ + "hashed_user_id", + "user_id", + "user_username", + "user_email", + "user_upn" + ], + "title": "Sub mode", + "description": "Configure what data should be used as unique User Identifier. For most cases, the default should be fine." + }, + "issuer_mode": { + "type": "string", + "enum": [ + "global", + "per_provider" + ], + "title": "Issuer mode", + "description": "Configure how the issuer field of the ID Token should be filled." + }, + "jwks_sources": { + "type": "array", + "items": { + "type": "integer", + "title": "Any JWT signed by the JWK of the selected source can be used to authenticate." + }, + "title": "Any JWT signed by the JWK of the selected source can be used to authenticate." + } + }, + "required": [ + "name", + "authorization_flow" + ], + "title": "Provider" + }, + "user": { + "type": "object", + "properties": { + "username": { + "type": "string", + "maxLength": 150, + "minLength": 1, + "title": "Username" + }, + "name": { + "type": "string", + "title": "Name", + "description": "User's display name." + }, + "is_active": { + "type": "boolean", + "title": "Active", + "description": "Designates whether this user should be treated as active. Unselect this instead of deleting accounts." + }, + "last_login": { + "type": [ + "string", + "null" + ], + "format": "date-time", + "title": "Last login" + }, + "groups": { + "type": "array", + "items": { + "type": "integer" + }, + "title": "Groups" + }, + "email": { + "type": "string", + "format": "email", + "maxLength": 254, + "title": "Email address" + }, + "attributes": { + "type": "object", + "additionalProperties": true, + "title": "Attributes" + }, + "path": { + "type": "string", + "minLength": 1, + "title": "Path" + } + }, + "required": [ + "username", + "name", + "groups" + ], + "title": "User" + }, + "expires": { + "type": "string", + "format": "date-time", + "title": "Expires" + }, + "scope": { + "type": "array", + "items": { + "type": "string", + "minLength": 1 + }, + "title": "Scope" + }, + "revoked": { + "type": "boolean", + "title": "Revoked" + } + }, + "required": [] + }, + "model_authentik_providers_proxy.proxyprovider": { + "type": "object", + "properties": { + "name": { + "type": "string", + "minLength": 1, + "title": "Name" + }, + "authentication_flow": { + "type": "integer", + "title": "Authentication flow", + "description": "Flow used for authentication when the associated application is accessed by an un-authenticated user." + }, + "authorization_flow": { + "type": "integer", + "title": "Authorization flow", + "description": "Flow used when authorizing this provider." + }, + "property_mappings": { + "type": "array", + "items": { + "type": "integer" + }, + "title": "Property mappings" + }, + "internal_host": { + "type": "string", + "title": "Internal host" + }, + "external_host": { + "type": "string", + "minLength": 1, + "title": "External host" + }, + "internal_host_ssl_validation": { + "type": "boolean", + "title": "Internal host SSL Validation", + "description": "Validate SSL Certificates of upstream servers" + }, + "certificate": { + "type": "integer", + "title": "Certificate" + }, + "skip_path_regex": { + "type": "string", + "title": "Skip path regex", + "description": "Regular expressions for which authentication is not required. Each new line is interpreted as a new Regular Expression." + }, + "basic_auth_enabled": { + "type": "boolean", + "title": "Set HTTP-Basic Authentication", + "description": "Set a custom HTTP-Basic Authentication header based on values from authentik." + }, + "basic_auth_password_attribute": { + "type": "string", + "title": "HTTP-Basic Password Key", + "description": "User/Group Attribute used for the password part of the HTTP-Basic Header." + }, + "basic_auth_user_attribute": { + "type": "string", + "title": "HTTP-Basic Username Key", + "description": "User/Group Attribute used for the user part of the HTTP-Basic Header. If not set, the user's Email address is used." + }, + "mode": { + "type": "string", + "enum": [ + "proxy", + "forward_single", + "forward_domain" + ], + "title": "Mode", + "description": "Enable support for forwardAuth in traefik and nginx auth_request. Exclusive with internal_host." + }, + "intercept_header_auth": { + "type": "boolean", + "title": "Intercept header auth", + "description": "When enabled, this provider will intercept the authorization header and authenticate requests based on its value." + }, + "cookie_domain": { + "type": "string", + "title": "Cookie domain" + }, + "jwks_sources": { + "type": "array", + "items": { + "type": "integer", + "title": "Any JWT signed by the JWK of the selected source can be used to authenticate." + }, + "title": "Any JWT signed by the JWK of the selected source can be used to authenticate." + }, + "access_token_validity": { + "type": "string", + "minLength": 1, + "title": "Access token validity", + "description": "Tokens not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3)." + }, + "refresh_token_validity": { + "type": "string", + "minLength": 1, + "title": "Refresh token validity", + "description": "Tokens not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3)." + } + }, + "required": [] + }, + "model_authentik_providers_radius.radiusprovider": { + "type": "object", + "properties": { + "name": { + "type": "string", + "minLength": 1, + "title": "Name" + }, + "authentication_flow": { + "type": "integer", + "title": "Authentication flow", + "description": "Flow used for authentication when the associated application is accessed by an un-authenticated user." + }, + "authorization_flow": { + "type": "integer", + "title": "Authorization flow", + "description": "Flow used when authorizing this provider." + }, + "property_mappings": { + "type": "array", + "items": { + "type": "integer" + }, + "title": "Property mappings" + }, + "client_networks": { + "type": "string", + "minLength": 1, + "title": "Client networks", + "description": "List of CIDRs (comma-separated) that clients can connect from. A more specific CIDR will match before a looser one. Clients connecting from a non-specified CIDR will be dropped." + }, + "shared_secret": { + "type": "string", + "minLength": 1, + "title": "Shared secret", + "description": "Shared secret between clients and server to hash packets." + } + }, + "required": [] + }, + "model_authentik_providers_saml.samlprovider": { + "type": "object", + "properties": { + "name": { + "type": "string", + "minLength": 1, + "title": "Name" + }, + "authentication_flow": { + "type": "integer", + "title": "Authentication flow", + "description": "Flow used for authentication when the associated application is accessed by an un-authenticated user." + }, + "authorization_flow": { + "type": "integer", + "title": "Authorization flow", + "description": "Flow used when authorizing this provider." + }, + "property_mappings": { + "type": "array", + "items": { + "type": "integer" + }, + "title": "Property mappings" + }, + "acs_url": { + "type": "string", + "format": "uri", + "maxLength": 200, + "minLength": 1, + "title": "ACS URL" + }, + "audience": { + "type": "string", + "title": "Audience", + "description": "Value of the audience restriction field of the assertion. When left empty, no audience restriction will be added." + }, + "issuer": { + "type": "string", + "minLength": 1, + "title": "Issuer", + "description": "Also known as EntityID" + }, + "assertion_valid_not_before": { + "type": "string", + "minLength": 1, + "title": "Assertion valid not before", + "description": "Assertion valid not before current time + this value (Format: hours=-1;minutes=-2;seconds=-3)." + }, + "assertion_valid_not_on_or_after": { + "type": "string", + "minLength": 1, + "title": "Assertion valid not on or after", + "description": "Assertion not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3)." + }, + "session_valid_not_on_or_after": { + "type": "string", + "minLength": 1, + "title": "Session valid not on or after", + "description": "Session not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3)." + }, + "name_id_mapping": { + "type": "integer", + "title": "NameID Property Mapping", + "description": "Configure how the NameID value will be created. When left empty, the NameIDPolicy of the incoming request will be considered" + }, + "digest_algorithm": { + "type": "string", + "enum": [ + "http://www.w3.org/2000/09/xmldsig#sha1", + "http://www.w3.org/2001/04/xmlenc#sha256", + "http://www.w3.org/2001/04/xmldsig-more#sha384", + "http://www.w3.org/2001/04/xmlenc#sha512" + ], + "title": "Digest algorithm" + }, + "signature_algorithm": { + "type": "string", + "enum": [ + "http://www.w3.org/2000/09/xmldsig#rsa-sha1", + "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256", + "http://www.w3.org/2001/04/xmldsig-more#rsa-sha384", + "http://www.w3.org/2001/04/xmldsig-more#rsa-sha512", + "http://www.w3.org/2000/09/xmldsig#dsa-sha1" + ], + "title": "Signature algorithm" + }, + "signing_kp": { + "type": "integer", + "title": "Signing Keypair", + "description": "Keypair used to sign outgoing Responses going to the Service Provider." + }, + "verification_kp": { + "type": "integer", + "title": "Verification Certificate", + "description": "When selected, incoming assertion's Signatures will be validated against this certificate. To allow unsigned Requests, leave on default." + }, + "sp_binding": { + "type": "string", + "enum": [ + "redirect", + "post" + ], + "title": "Service Provider Binding", + "description": "This determines how authentik sends the response back to the Service Provider." + } + }, + "required": [] + }, + "model_authentik_providers_saml.samlpropertymapping": { + "type": "object", + "properties": { + "managed": { + "type": [ + "string", + "null" + ], + "minLength": 1, + "title": "Managed by authentik", + "description": "Objects which are managed by authentik. These objects are created and updated automatically. This is flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update." + }, + "name": { + "type": "string", + "minLength": 1, + "title": "Name" + }, + "expression": { + "type": "string", + "minLength": 1, + "title": "Expression" + }, + "saml_name": { + "type": "string", + "minLength": 1, + "title": "SAML Name" + }, + "friendly_name": { + "type": [ + "string", + "null" + ], + "title": "Friendly name" + } + }, + "required": [] + }, + "model_authentik_providers_scim.scimprovider": { + "type": "object", + "properties": { + "name": { + "type": "string", + "minLength": 1, + "title": "Name" + }, + "property_mappings": { + "type": "array", + "items": { + "type": "integer" + }, + "title": "Property mappings" + }, + "property_mappings_group": { + "type": "array", + "items": { + "type": "integer", + "description": "Property mappings used for group creation/updating." + }, + "title": "Property mappings group", + "description": "Property mappings used for group creation/updating." + }, + "url": { + "type": "string", + "minLength": 1, + "title": "Url", + "description": "Base URL to SCIM requests, usually ends in /v2" + }, + "token": { + "type": "string", + "minLength": 1, + "title": "Token", + "description": "Authentication token" + }, + "exclude_users_service_account": { + "type": "boolean", + "title": "Exclude users service account" + }, + "filter_group": { + "type": "integer", + "title": "Filter group" + } + }, + "required": [] + }, + "model_authentik_providers_scim.scimmapping": { + "type": "object", + "properties": { + "managed": { + "type": [ + "string", + "null" + ], + "minLength": 1, + "title": "Managed by authentik", + "description": "Objects which are managed by authentik. These objects are created and updated automatically. This is flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update." + }, + "name": { + "type": "string", + "minLength": 1, + "title": "Name" + }, + "expression": { + "type": "string", + "minLength": 1, + "title": "Expression" + } + }, + "required": [] + }, + "model_authentik_sources_ldap.ldapsource": { + "type": "object", + "properties": { + "name": { + "type": "string", + "minLength": 1, + "title": "Name", + "description": "Source's display Name." + }, + "slug": { + "type": "string", + "maxLength": 50, + "minLength": 1, + "pattern": "^[-a-zA-Z0-9_]+$", + "title": "Slug", + "description": "Internal source name, used in URLs." + }, + "enabled": { + "type": "boolean", + "title": "Enabled" + }, + "authentication_flow": { + "type": "integer", + "title": "Authentication flow", + "description": "Flow to use when authenticating existing users." + }, + "enrollment_flow": { + "type": "integer", + "title": "Enrollment flow", + "description": "Flow to use when enrolling new users." + }, + "policy_engine_mode": { + "type": "string", + "enum": [ + "all", + "any" + ], + "title": "Policy engine mode" + }, + "user_matching_mode": { + "type": "string", + "enum": [ + "identifier", + "email_link", + "email_deny", + "username_link", + "username_deny" + ], + "title": "User matching mode", + "description": "How the source determines if an existing user should be authenticated or a new user enrolled." + }, + "user_path_template": { + "type": "string", + "minLength": 1, + "title": "User path template" + }, + "server_uri": { + "type": "string", + "minLength": 1, + "title": "Server URI" + }, + "peer_certificate": { + "type": "integer", + "title": "Peer certificate", + "description": "Optionally verify the LDAP Server's Certificate against the CA Chain in this keypair." + }, + "bind_cn": { + "type": "string", + "title": "Bind CN" + }, + "bind_password": { + "type": "string", + "title": "Bind password" + }, + "start_tls": { + "type": "boolean", + "title": "Enable Start TLS" + }, + "base_dn": { + "type": "string", + "minLength": 1, + "title": "Base DN" + }, + "additional_user_dn": { + "type": "string", + "title": "Addition User DN", + "description": "Prepended to Base DN for User-queries." + }, + "additional_group_dn": { + "type": "string", + "title": "Addition Group DN", + "description": "Prepended to Base DN for Group-queries." + }, + "user_object_filter": { + "type": "string", + "minLength": 1, + "title": "User object filter", + "description": "Consider Objects matching this filter to be Users." + }, + "group_object_filter": { + "type": "string", + "minLength": 1, + "title": "Group object filter", + "description": "Consider Objects matching this filter to be Groups." + }, + "group_membership_field": { + "type": "string", + "minLength": 1, + "title": "Group membership field", + "description": "Field which contains members of a group." + }, + "object_uniqueness_field": { + "type": "string", + "minLength": 1, + "title": "Object uniqueness field", + "description": "Field which contains a unique Identifier." + }, + "sync_users": { + "type": "boolean", + "title": "Sync users" + }, + "sync_users_password": { + "type": "boolean", + "title": "Sync users password", + "description": "When a user changes their password, sync it back to LDAP. This can only be enabled on a single LDAP source." + }, + "sync_groups": { + "type": "boolean", + "title": "Sync groups" + }, + "sync_parent_group": { + "type": "integer", + "title": "Sync parent group" + }, + "property_mappings": { + "type": "array", + "items": { + "type": "integer" + }, + "title": "Property mappings" + }, + "property_mappings_group": { + "type": "array", + "items": { + "type": "integer", + "description": "Property mappings used for group creation/updating." + }, + "title": "Property mappings group", + "description": "Property mappings used for group creation/updating." + } + }, + "required": [] + }, + "model_authentik_sources_ldap.ldappropertymapping": { + "type": "object", + "properties": { + "managed": { + "type": [ + "string", + "null" + ], + "minLength": 1, + "title": "Managed by authentik", + "description": "Objects which are managed by authentik. These objects are created and updated automatically. This is flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update." + }, + "name": { + "type": "string", + "minLength": 1, + "title": "Name" + }, + "expression": { + "type": "string", + "minLength": 1, + "title": "Expression" + }, + "object_field": { + "type": "string", + "minLength": 1, + "title": "Object field" + } + }, + "required": [] + }, + "model_authentik_sources_oauth.oauthsource": { + "type": "object", + "properties": { + "name": { + "type": "string", + "minLength": 1, + "title": "Name", + "description": "Source's display Name." + }, + "slug": { + "type": "string", + "maxLength": 50, + "minLength": 1, + "pattern": "^[-a-zA-Z0-9_]+$", + "title": "Slug", + "description": "Internal source name, used in URLs." + }, + "enabled": { + "type": "boolean", + "title": "Enabled" + }, + "authentication_flow": { + "type": "integer", + "title": "Authentication flow", + "description": "Flow to use when authenticating existing users." + }, + "enrollment_flow": { + "type": "integer", + "title": "Enrollment flow", + "description": "Flow to use when enrolling new users." + }, + "policy_engine_mode": { + "type": "string", + "enum": [ + "all", + "any" + ], + "title": "Policy engine mode" + }, + "user_matching_mode": { + "type": "string", + "enum": [ + "identifier", + "email_link", + "email_deny", + "username_link", + "username_deny" + ], + "title": "User matching mode", + "description": "How the source determines if an existing user should be authenticated or a new user enrolled." + }, + "user_path_template": { + "type": "string", + "minLength": 1, + "title": "User path template" + }, + "provider_type": { + "type": "string", + "enum": [ + "apple", + "azuread", + "discord", + "facebook", + "github", + "google", + "mailcow", + "openidconnect", + "okta", + "patreon", + "reddit", + "twitch", + "twitter" + ], + "title": "Provider type" + }, + "request_token_url": { + "type": [ + "string", + "null" + ], + "maxLength": 255, + "minLength": 1, + "title": "Request Token URL", + "description": "URL used to request the initial token. This URL is only required for OAuth 1." + }, + "authorization_url": { + "type": [ + "string", + "null" + ], + "maxLength": 255, + "minLength": 1, + "title": "Authorization URL", + "description": "URL the user is redirect to to conest the flow." + }, + "access_token_url": { + "type": [ + "string", + "null" + ], + "maxLength": 255, + "minLength": 1, + "title": "Access Token URL", + "description": "URL used by authentik to retrieve tokens." + }, + "profile_url": { + "type": [ + "string", + "null" + ], + "maxLength": 255, + "minLength": 1, + "title": "Profile URL", + "description": "URL used by authentik to get user information." + }, + "consumer_key": { + "type": "string", + "minLength": 1, + "title": "Consumer key" + }, + "consumer_secret": { + "type": "string", + "minLength": 1, + "title": "Consumer secret" + }, + "additional_scopes": { + "type": "string", + "title": "Additional Scopes" + }, + "oidc_well_known_url": { + "type": "string", + "title": "Oidc well known url" + }, + "oidc_jwks_url": { + "type": "string", + "title": "Oidc jwks url" + }, + "oidc_jwks": { + "type": "object", + "additionalProperties": true, + "title": "Oidc jwks" + } + }, + "required": [] + }, + "model_authentik_sources_oauth.useroauthsourceconnection": { + "type": "object", + "properties": { + "user": { + "type": "integer", + "title": "User" + }, + "identifier": { + "type": "string", + "maxLength": 255, + "minLength": 1, + "title": "Identifier" + }, + "access_token": { + "type": [ + "string", + "null" + ], + "title": "Access token" + } + }, + "required": [] + }, + "model_authentik_sources_plex.plexsource": { + "type": "object", + "properties": { + "name": { + "type": "string", + "minLength": 1, + "title": "Name", + "description": "Source's display Name." + }, + "slug": { + "type": "string", + "maxLength": 50, + "minLength": 1, + "pattern": "^[-a-zA-Z0-9_]+$", + "title": "Slug", + "description": "Internal source name, used in URLs." + }, + "enabled": { + "type": "boolean", + "title": "Enabled" + }, + "authentication_flow": { + "type": "integer", + "title": "Authentication flow", + "description": "Flow to use when authenticating existing users." + }, + "enrollment_flow": { + "type": "integer", + "title": "Enrollment flow", + "description": "Flow to use when enrolling new users." + }, + "policy_engine_mode": { + "type": "string", + "enum": [ + "all", + "any" + ], + "title": "Policy engine mode" + }, + "user_matching_mode": { + "type": "string", + "enum": [ + "identifier", + "email_link", + "email_deny", + "username_link", + "username_deny" + ], + "title": "User matching mode", + "description": "How the source determines if an existing user should be authenticated or a new user enrolled." + }, + "user_path_template": { + "type": "string", + "minLength": 1, + "title": "User path template" + }, + "client_id": { + "type": "string", + "minLength": 1, + "title": "Client id", + "description": "Client identifier used to talk to Plex." + }, + "allowed_servers": { + "type": "array", + "items": { + "type": "string", + "minLength": 1, + "title": "Allowed servers" + }, + "title": "Allowed servers", + "description": "Which servers a user has to be a member of to be granted access. Empty list allows every server." + }, + "allow_friends": { + "type": "boolean", + "title": "Allow friends", + "description": "Allow friends to authenticate, even if you don't share a server." + }, + "plex_token": { + "type": "string", + "minLength": 1, + "title": "Plex token", + "description": "Plex token used to check friends" + } + }, + "required": [] + }, + "model_authentik_sources_plex.plexsourceconnection": { + "type": "object", + "properties": { + "identifier": { + "type": "string", + "minLength": 1, + "title": "Identifier" + }, + "plex_token": { + "type": "string", + "minLength": 1, + "title": "Plex token" + } + }, + "required": [] + }, + "model_authentik_sources_saml.samlsource": { + "type": "object", + "properties": { + "name": { + "type": "string", + "minLength": 1, + "title": "Name", + "description": "Source's display Name." + }, + "slug": { + "type": "string", + "maxLength": 50, + "minLength": 1, + "pattern": "^[-a-zA-Z0-9_]+$", + "title": "Slug", + "description": "Internal source name, used in URLs." + }, + "enabled": { + "type": "boolean", + "title": "Enabled" + }, + "authentication_flow": { + "type": "integer", + "title": "Authentication flow", + "description": "Flow to use when authenticating existing users." + }, + "enrollment_flow": { + "type": "integer", + "title": "Enrollment flow", + "description": "Flow to use when enrolling new users." + }, + "policy_engine_mode": { + "type": "string", + "enum": [ + "all", + "any" + ], + "title": "Policy engine mode" + }, + "user_matching_mode": { + "type": "string", + "enum": [ + "identifier", + "email_link", + "email_deny", + "username_link", + "username_deny" + ], + "title": "User matching mode", + "description": "How the source determines if an existing user should be authenticated or a new user enrolled." + }, + "user_path_template": { + "type": "string", + "minLength": 1, + "title": "User path template" + }, + "pre_authentication_flow": { + "type": "integer", + "title": "Pre authentication flow", + "description": "Flow used before authentication." + }, + "issuer": { + "type": "string", + "title": "Issuer", + "description": "Also known as Entity ID. Defaults the Metadata URL." + }, + "sso_url": { + "type": "string", + "format": "uri", + "maxLength": 200, + "minLength": 1, + "title": "SSO URL", + "description": "URL that the initial Login request is sent to." + }, + "slo_url": { + "type": [ + "string", + "null" + ], + "format": "uri", + "maxLength": 200, + "title": "SLO URL", + "description": "Optional URL if your IDP supports Single-Logout." + }, + "allow_idp_initiated": { + "type": "boolean", + "title": "Allow idp initiated", + "description": "Allows authentication flows initiated by the IdP. This can be a security risk, as no validation of the request ID is done." + }, + "name_id_policy": { + "type": "string", + "enum": [ + "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", + "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", + "urn:oasis:names:tc:SAML:2.0:nameid-format:X509SubjectName", + "urn:oasis:names:tc:SAML:2.0:nameid-format:WindowsDomainQualifiedName", + "urn:oasis:names:tc:SAML:2.0:nameid-format:transient" + ], + "title": "Name id policy", + "description": "NameID Policy sent to the IdP. Can be unset, in which case no Policy is sent." + }, + "binding_type": { + "type": "string", + "enum": [ + "REDIRECT", + "POST", + "POST_AUTO" + ], + "title": "Binding type" + }, + "signing_kp": { + "type": "integer", + "title": "Signing Keypair", + "description": "Keypair which is used to sign outgoing requests. Leave empty to disable signing." + }, + "digest_algorithm": { + "type": "string", + "enum": [ + "http://www.w3.org/2000/09/xmldsig#sha1", + "http://www.w3.org/2001/04/xmlenc#sha256", + "http://www.w3.org/2001/04/xmldsig-more#sha384", + "http://www.w3.org/2001/04/xmlenc#sha512" + ], + "title": "Digest algorithm" + }, + "signature_algorithm": { + "type": "string", + "enum": [ + "http://www.w3.org/2000/09/xmldsig#rsa-sha1", + "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256", + "http://www.w3.org/2001/04/xmldsig-more#rsa-sha384", + "http://www.w3.org/2001/04/xmldsig-more#rsa-sha512", + "http://www.w3.org/2000/09/xmldsig#dsa-sha1" + ], + "title": "Signature algorithm" + }, + "temporary_user_delete_after": { + "type": "string", + "minLength": 1, + "title": "Delete temporary users after", + "description": "Time offset when temporary users should be deleted. This only applies if your IDP uses the NameID Format 'transient', and the user doesn't log out manually. (Format: hours=1;minutes=2;seconds=3)." + } + }, + "required": [] + }, + "model_authentik_sources_saml.usersamlsourceconnection": { + "type": "object", + "properties": { + "user": { + "type": "integer", + "title": "User" + }, + "identifier": { + "type": "string", + "minLength": 1, + "title": "Identifier" + } + }, + "required": [] + }, + "model_authentik_stages_authenticator_duo.authenticatorduostage": { + "type": "object", + "properties": { + "name": { + "type": "string", + "minLength": 1, + "title": "Name" + }, + "flow_set": { + "type": "array", + "items": { "type": "object", "properties": { "name": { "type": "string", - "description": "Commonly available field, may not exist on all models" + "minLength": 1, + "title": "Name" + }, + "slug": { + "type": "string", + "maxLength": 50, + "minLength": 1, + "pattern": "^[-a-zA-Z0-9_]+$", + "title": "Slug", + "description": "Visible in the URL." + }, + "title": { + "type": "string", + "minLength": 1, + "title": "Title", + "description": "Shown as the Title in Flow pages." + }, + "designation": { + "type": "string", + "enum": [ + "authentication", + "authorization", + "invalidation", + "enrollment", + "unenrollment", + "recovery", + "stage_configuration" + ], + "title": "Designation", + "description": "Decides what this Flow is used for. For example, the Authentication flow is redirect to when an un-authenticated user visits authentik." + }, + "policy_engine_mode": { + "type": "string", + "enum": [ + "all", + "any" + ], + "title": "Policy engine mode" + }, + "compatibility_mode": { + "type": "boolean", + "title": "Compatibility mode", + "description": "Enable compatibility mode, increases compatibility with password managers on mobile devices." + }, + "layout": { + "type": "string", + "enum": [ + "stacked", + "content_left", + "content_right", + "sidebar_left", + "sidebar_right" + ], + "title": "Layout" + }, + "denied_action": { + "type": "string", + "enum": [ + "message_continue", + "message", + "continue" + ], + "title": "Denied action", + "description": "Configure what should happen when a flow denies access to a user." } }, - "default": {}, - "additionalProperties": true + "required": [ + "name", + "slug", + "title", + "designation" + ] }, - "identifiers": { + "title": "Flow set" + }, + "configure_flow": { + "type": "integer", + "title": "Configure flow", + "description": "Flow used by an authenticated user to configure this Stage. If empty, user will not be able to configure this stage." + }, + "friendly_name": { + "type": [ + "string", + "null" + ], + "minLength": 1, + "title": "Friendly name" + }, + "client_id": { + "type": "string", + "minLength": 1, + "title": "Client id" + }, + "client_secret": { + "type": "string", + "minLength": 1, + "title": "Client secret" + }, + "api_hostname": { + "type": "string", + "minLength": 1, + "title": "Api hostname" + }, + "admin_integration_key": { + "type": "string", + "title": "Admin integration key" + }, + "admin_secret_key": { + "type": "string", + "title": "Admin secret key" + } + }, + "required": [] + }, + "model_authentik_stages_authenticator_duo.duodevice": { + "type": "object", + "properties": { + "name": { + "type": "string", + "maxLength": 64, + "minLength": 1, + "title": "Name", + "description": "The human-readable name of this device." + } + }, + "required": [] + }, + "model_authentik_stages_authenticator_sms.authenticatorsmsstage": { + "type": "object", + "properties": { + "name": { + "type": "string", + "minLength": 1, + "title": "Name" + }, + "flow_set": { + "type": "array", + "items": { "type": "object", - "default": {}, "properties": { - "pk": { - "description": "Commonly available field, may not exist on all models", - "anyOf": [ - { - "type": "number" - }, - { - "type": "string", - "format": "uuid" - } - ] + "name": { + "type": "string", + "minLength": 1, + "title": "Name" + }, + "slug": { + "type": "string", + "maxLength": 50, + "minLength": 1, + "pattern": "^[-a-zA-Z0-9_]+$", + "title": "Slug", + "description": "Visible in the URL." + }, + "title": { + "type": "string", + "minLength": 1, + "title": "Title", + "description": "Shown as the Title in Flow pages." + }, + "designation": { + "type": "string", + "enum": [ + "authentication", + "authorization", + "invalidation", + "enrollment", + "unenrollment", + "recovery", + "stage_configuration" + ], + "title": "Designation", + "description": "Decides what this Flow is used for. For example, the Authentication flow is redirect to when an un-authenticated user visits authentik." + }, + "policy_engine_mode": { + "type": "string", + "enum": [ + "all", + "any" + ], + "title": "Policy engine mode" + }, + "compatibility_mode": { + "type": "boolean", + "title": "Compatibility mode", + "description": "Enable compatibility mode, increases compatibility with password managers on mobile devices." + }, + "layout": { + "type": "string", + "enum": [ + "stacked", + "content_left", + "content_right", + "sidebar_left", + "sidebar_right" + ], + "title": "Layout" + }, + "denied_action": { + "type": "string", + "enum": [ + "message_continue", + "message", + "continue" + ], + "title": "Denied action", + "description": "Configure what should happen when a flow denies access to a user." } }, - "additionalProperties": true - } + "required": [ + "name", + "slug", + "title", + "designation" + ] + }, + "title": "Flow set" + }, + "configure_flow": { + "type": "integer", + "title": "Configure flow", + "description": "Flow used by an authenticated user to configure this Stage. If empty, user will not be able to configure this stage." + }, + "friendly_name": { + "type": [ + "string", + "null" + ], + "minLength": 1, + "title": "Friendly name" + }, + "provider": { + "type": "string", + "enum": [ + "twilio", + "generic" + ], + "title": "Provider" + }, + "from_number": { + "type": "string", + "minLength": 1, + "title": "From number" + }, + "account_sid": { + "type": "string", + "minLength": 1, + "title": "Account sid" + }, + "auth": { + "type": "string", + "minLength": 1, + "title": "Auth" + }, + "auth_password": { + "type": "string", + "title": "Auth password" + }, + "auth_type": { + "type": "string", + "enum": [ + "basic", + "bearer" + ], + "title": "Auth type" + }, + "verify_only": { + "type": "boolean", + "title": "Verify only", + "description": "When enabled, the Phone number is only used during enrollment to verify the users authenticity. Only a hash of the phone number is saved to ensure it is not re-used in the future." + }, + "mapping": { + "type": "integer", + "title": "Mapping", + "description": "Optionally modify the payload being sent to custom providers." } - } + }, + "required": [] + }, + "model_authentik_stages_authenticator_sms.smsdevice": { + "type": "object", + "properties": { + "name": { + "type": "string", + "maxLength": 64, + "minLength": 1, + "title": "Name", + "description": "The human-readable name of this device." + } + }, + "required": [] + }, + "model_authentik_stages_authenticator_static.authenticatorstaticstage": { + "type": "object", + "properties": { + "name": { + "type": "string", + "minLength": 1, + "title": "Name" + }, + "flow_set": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "minLength": 1, + "title": "Name" + }, + "slug": { + "type": "string", + "maxLength": 50, + "minLength": 1, + "pattern": "^[-a-zA-Z0-9_]+$", + "title": "Slug", + "description": "Visible in the URL." + }, + "title": { + "type": "string", + "minLength": 1, + "title": "Title", + "description": "Shown as the Title in Flow pages." + }, + "designation": { + "type": "string", + "enum": [ + "authentication", + "authorization", + "invalidation", + "enrollment", + "unenrollment", + "recovery", + "stage_configuration" + ], + "title": "Designation", + "description": "Decides what this Flow is used for. For example, the Authentication flow is redirect to when an un-authenticated user visits authentik." + }, + "policy_engine_mode": { + "type": "string", + "enum": [ + "all", + "any" + ], + "title": "Policy engine mode" + }, + "compatibility_mode": { + "type": "boolean", + "title": "Compatibility mode", + "description": "Enable compatibility mode, increases compatibility with password managers on mobile devices." + }, + "layout": { + "type": "string", + "enum": [ + "stacked", + "content_left", + "content_right", + "sidebar_left", + "sidebar_right" + ], + "title": "Layout" + }, + "denied_action": { + "type": "string", + "enum": [ + "message_continue", + "message", + "continue" + ], + "title": "Denied action", + "description": "Configure what should happen when a flow denies access to a user." + } + }, + "required": [ + "name", + "slug", + "title", + "designation" + ] + }, + "title": "Flow set" + }, + "configure_flow": { + "type": "integer", + "title": "Configure flow", + "description": "Flow used by an authenticated user to configure this Stage. If empty, user will not be able to configure this stage." + }, + "friendly_name": { + "type": [ + "string", + "null" + ], + "minLength": 1, + "title": "Friendly name" + }, + "token_count": { + "type": "integer", + "minimum": -2147483648, + "maximum": 2147483647, + "title": "Token count" + } + }, + "required": [] + }, + "model_authentik_stages_authenticator_totp.authenticatortotpstage": { + "type": "object", + "properties": { + "name": { + "type": "string", + "minLength": 1, + "title": "Name" + }, + "flow_set": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "minLength": 1, + "title": "Name" + }, + "slug": { + "type": "string", + "maxLength": 50, + "minLength": 1, + "pattern": "^[-a-zA-Z0-9_]+$", + "title": "Slug", + "description": "Visible in the URL." + }, + "title": { + "type": "string", + "minLength": 1, + "title": "Title", + "description": "Shown as the Title in Flow pages." + }, + "designation": { + "type": "string", + "enum": [ + "authentication", + "authorization", + "invalidation", + "enrollment", + "unenrollment", + "recovery", + "stage_configuration" + ], + "title": "Designation", + "description": "Decides what this Flow is used for. For example, the Authentication flow is redirect to when an un-authenticated user visits authentik." + }, + "policy_engine_mode": { + "type": "string", + "enum": [ + "all", + "any" + ], + "title": "Policy engine mode" + }, + "compatibility_mode": { + "type": "boolean", + "title": "Compatibility mode", + "description": "Enable compatibility mode, increases compatibility with password managers on mobile devices." + }, + "layout": { + "type": "string", + "enum": [ + "stacked", + "content_left", + "content_right", + "sidebar_left", + "sidebar_right" + ], + "title": "Layout" + }, + "denied_action": { + "type": "string", + "enum": [ + "message_continue", + "message", + "continue" + ], + "title": "Denied action", + "description": "Configure what should happen when a flow denies access to a user." + } + }, + "required": [ + "name", + "slug", + "title", + "designation" + ] + }, + "title": "Flow set" + }, + "configure_flow": { + "type": "integer", + "title": "Configure flow", + "description": "Flow used by an authenticated user to configure this Stage. If empty, user will not be able to configure this stage." + }, + "friendly_name": { + "type": [ + "string", + "null" + ], + "minLength": 1, + "title": "Friendly name" + }, + "digits": { + "type": "integer", + "enum": [ + 6, + 8 + ], + "title": "Digits" + } + }, + "required": [] + }, + "model_authentik_stages_authenticator_validate.authenticatorvalidatestage": { + "type": "object", + "properties": { + "name": { + "type": "string", + "minLength": 1, + "title": "Name" + }, + "flow_set": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "minLength": 1, + "title": "Name" + }, + "slug": { + "type": "string", + "maxLength": 50, + "minLength": 1, + "pattern": "^[-a-zA-Z0-9_]+$", + "title": "Slug", + "description": "Visible in the URL." + }, + "title": { + "type": "string", + "minLength": 1, + "title": "Title", + "description": "Shown as the Title in Flow pages." + }, + "designation": { + "type": "string", + "enum": [ + "authentication", + "authorization", + "invalidation", + "enrollment", + "unenrollment", + "recovery", + "stage_configuration" + ], + "title": "Designation", + "description": "Decides what this Flow is used for. For example, the Authentication flow is redirect to when an un-authenticated user visits authentik." + }, + "policy_engine_mode": { + "type": "string", + "enum": [ + "all", + "any" + ], + "title": "Policy engine mode" + }, + "compatibility_mode": { + "type": "boolean", + "title": "Compatibility mode", + "description": "Enable compatibility mode, increases compatibility with password managers on mobile devices." + }, + "layout": { + "type": "string", + "enum": [ + "stacked", + "content_left", + "content_right", + "sidebar_left", + "sidebar_right" + ], + "title": "Layout" + }, + "denied_action": { + "type": "string", + "enum": [ + "message_continue", + "message", + "continue" + ], + "title": "Denied action", + "description": "Configure what should happen when a flow denies access to a user." + } + }, + "required": [ + "name", + "slug", + "title", + "designation" + ] + }, + "title": "Flow set" + }, + "not_configured_action": { + "type": "string", + "enum": [ + "skip", + "deny", + "configure" + ], + "title": "Not configured action" + }, + "device_classes": { + "type": "array", + "items": { + "type": "string", + "enum": [ + "static", + "totp", + "webauthn", + "duo", + "sms" + ], + "title": "Device classes" + }, + "title": "Device classes", + "description": "Device classes which can be used to authenticate" + }, + "configuration_stages": { + "type": "array", + "items": { + "type": "integer", + "description": "Stages used to configure Authenticator when user doesn't have any compatible devices. After this configuration Stage passes, the user is not prompted again." + }, + "title": "Configuration stages", + "description": "Stages used to configure Authenticator when user doesn't have any compatible devices. After this configuration Stage passes, the user is not prompted again." + }, + "last_auth_threshold": { + "type": "string", + "minLength": 1, + "title": "Last auth threshold", + "description": "If any of the user's device has been used within this threshold, this stage will be skipped" + }, + "webauthn_user_verification": { + "type": "string", + "enum": [ + "required", + "preferred", + "discouraged" + ], + "title": "Webauthn user verification", + "description": "Enforce user verification for WebAuthn devices." + } + }, + "required": [] + }, + "model_authentik_stages_authenticator_webauthn.authenticatewebauthnstage": { + "type": "object", + "properties": { + "name": { + "type": "string", + "minLength": 1, + "title": "Name" + }, + "flow_set": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "minLength": 1, + "title": "Name" + }, + "slug": { + "type": "string", + "maxLength": 50, + "minLength": 1, + "pattern": "^[-a-zA-Z0-9_]+$", + "title": "Slug", + "description": "Visible in the URL." + }, + "title": { + "type": "string", + "minLength": 1, + "title": "Title", + "description": "Shown as the Title in Flow pages." + }, + "designation": { + "type": "string", + "enum": [ + "authentication", + "authorization", + "invalidation", + "enrollment", + "unenrollment", + "recovery", + "stage_configuration" + ], + "title": "Designation", + "description": "Decides what this Flow is used for. For example, the Authentication flow is redirect to when an un-authenticated user visits authentik." + }, + "policy_engine_mode": { + "type": "string", + "enum": [ + "all", + "any" + ], + "title": "Policy engine mode" + }, + "compatibility_mode": { + "type": "boolean", + "title": "Compatibility mode", + "description": "Enable compatibility mode, increases compatibility with password managers on mobile devices." + }, + "layout": { + "type": "string", + "enum": [ + "stacked", + "content_left", + "content_right", + "sidebar_left", + "sidebar_right" + ], + "title": "Layout" + }, + "denied_action": { + "type": "string", + "enum": [ + "message_continue", + "message", + "continue" + ], + "title": "Denied action", + "description": "Configure what should happen when a flow denies access to a user." + } + }, + "required": [ + "name", + "slug", + "title", + "designation" + ] + }, + "title": "Flow set" + }, + "configure_flow": { + "type": "integer", + "title": "Configure flow", + "description": "Flow used by an authenticated user to configure this Stage. If empty, user will not be able to configure this stage." + }, + "friendly_name": { + "type": [ + "string", + "null" + ], + "minLength": 1, + "title": "Friendly name" + }, + "user_verification": { + "type": "string", + "enum": [ + "required", + "preferred", + "discouraged" + ], + "title": "User verification" + }, + "authenticator_attachment": { + "type": [ + "null", + "string" + ], + "enum": [ + null, + "platform", + "cross-platform" + ], + "title": "Authenticator attachment" + }, + "resident_key_requirement": { + "type": "string", + "enum": [ + "discouraged", + "preferred", + "required" + ], + "title": "Resident key requirement" + } + }, + "required": [] + }, + "model_authentik_stages_authenticator_webauthn.webauthndevice": { + "type": "object", + "properties": { + "name": { + "type": "string", + "maxLength": 200, + "minLength": 1, + "title": "Name" + } + }, + "required": [] + }, + "model_authentik_stages_captcha.captchastage": { + "type": "object", + "properties": { + "name": { + "type": "string", + "minLength": 1, + "title": "Name" + }, + "flow_set": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "minLength": 1, + "title": "Name" + }, + "slug": { + "type": "string", + "maxLength": 50, + "minLength": 1, + "pattern": "^[-a-zA-Z0-9_]+$", + "title": "Slug", + "description": "Visible in the URL." + }, + "title": { + "type": "string", + "minLength": 1, + "title": "Title", + "description": "Shown as the Title in Flow pages." + }, + "designation": { + "type": "string", + "enum": [ + "authentication", + "authorization", + "invalidation", + "enrollment", + "unenrollment", + "recovery", + "stage_configuration" + ], + "title": "Designation", + "description": "Decides what this Flow is used for. For example, the Authentication flow is redirect to when an un-authenticated user visits authentik." + }, + "policy_engine_mode": { + "type": "string", + "enum": [ + "all", + "any" + ], + "title": "Policy engine mode" + }, + "compatibility_mode": { + "type": "boolean", + "title": "Compatibility mode", + "description": "Enable compatibility mode, increases compatibility with password managers on mobile devices." + }, + "layout": { + "type": "string", + "enum": [ + "stacked", + "content_left", + "content_right", + "sidebar_left", + "sidebar_right" + ], + "title": "Layout" + }, + "denied_action": { + "type": "string", + "enum": [ + "message_continue", + "message", + "continue" + ], + "title": "Denied action", + "description": "Configure what should happen when a flow denies access to a user." + } + }, + "required": [ + "name", + "slug", + "title", + "designation" + ] + }, + "title": "Flow set" + }, + "public_key": { + "type": "string", + "minLength": 1, + "title": "Public key", + "description": "Public key, acquired your captcha Provider." + }, + "private_key": { + "type": "string", + "minLength": 1, + "title": "Private key", + "description": "Private key, acquired your captcha Provider." + }, + "js_url": { + "type": "string", + "minLength": 1, + "title": "Js url" + }, + "api_url": { + "type": "string", + "minLength": 1, + "title": "Api url" + } + }, + "required": [] + }, + "model_authentik_stages_consent.consentstage": { + "type": "object", + "properties": { + "name": { + "type": "string", + "minLength": 1, + "title": "Name" + }, + "flow_set": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "minLength": 1, + "title": "Name" + }, + "slug": { + "type": "string", + "maxLength": 50, + "minLength": 1, + "pattern": "^[-a-zA-Z0-9_]+$", + "title": "Slug", + "description": "Visible in the URL." + }, + "title": { + "type": "string", + "minLength": 1, + "title": "Title", + "description": "Shown as the Title in Flow pages." + }, + "designation": { + "type": "string", + "enum": [ + "authentication", + "authorization", + "invalidation", + "enrollment", + "unenrollment", + "recovery", + "stage_configuration" + ], + "title": "Designation", + "description": "Decides what this Flow is used for. For example, the Authentication flow is redirect to when an un-authenticated user visits authentik." + }, + "policy_engine_mode": { + "type": "string", + "enum": [ + "all", + "any" + ], + "title": "Policy engine mode" + }, + "compatibility_mode": { + "type": "boolean", + "title": "Compatibility mode", + "description": "Enable compatibility mode, increases compatibility with password managers on mobile devices." + }, + "layout": { + "type": "string", + "enum": [ + "stacked", + "content_left", + "content_right", + "sidebar_left", + "sidebar_right" + ], + "title": "Layout" + }, + "denied_action": { + "type": "string", + "enum": [ + "message_continue", + "message", + "continue" + ], + "title": "Denied action", + "description": "Configure what should happen when a flow denies access to a user." + } + }, + "required": [ + "name", + "slug", + "title", + "designation" + ] + }, + "title": "Flow set" + }, + "mode": { + "type": "string", + "enum": [ + "always_require", + "permanent", + "expiring" + ], + "title": "Mode" + }, + "consent_expire_in": { + "type": "string", + "minLength": 1, + "title": "Consent expires in", + "description": "Offset after which consent expires. (Format: hours=1;minutes=2;seconds=3)." + } + }, + "required": [] + }, + "model_authentik_stages_consent.userconsent": { + "type": "object", + "properties": { + "expires": { + "type": "string", + "format": "date-time", + "title": "Expires" + }, + "user": { + "type": "object", + "properties": { + "username": { + "type": "string", + "maxLength": 150, + "minLength": 1, + "title": "Username" + }, + "name": { + "type": "string", + "title": "Name", + "description": "User's display name." + }, + "is_active": { + "type": "boolean", + "title": "Active", + "description": "Designates whether this user should be treated as active. Unselect this instead of deleting accounts." + }, + "last_login": { + "type": [ + "string", + "null" + ], + "format": "date-time", + "title": "Last login" + }, + "groups": { + "type": "array", + "items": { + "type": "integer" + }, + "title": "Groups" + }, + "email": { + "type": "string", + "format": "email", + "maxLength": 254, + "title": "Email address" + }, + "attributes": { + "type": "object", + "additionalProperties": true, + "title": "Attributes" + }, + "path": { + "type": "string", + "minLength": 1, + "title": "Path" + } + }, + "required": [ + "username", + "name", + "groups" + ], + "title": "User" + }, + "application": { + "type": "object", + "properties": { + "name": { + "type": "string", + "minLength": 1, + "title": "Name", + "description": "Application's display Name." + }, + "slug": { + "type": "string", + "maxLength": 50, + "minLength": 1, + "pattern": "^[-a-zA-Z0-9_]+$", + "title": "Slug", + "description": "Internal application name, used in URLs." + }, + "provider": { + "type": "integer", + "title": "Provider" + }, + "open_in_new_tab": { + "type": "boolean", + "title": "Open in new tab", + "description": "Open launch URL in a new browser tab or window." + }, + "meta_launch_url": { + "type": "string", + "title": "Meta launch url" + }, + "meta_description": { + "type": "string", + "title": "Meta description" + }, + "meta_publisher": { + "type": "string", + "title": "Meta publisher" + }, + "policy_engine_mode": { + "type": "string", + "enum": [ + "all", + "any" + ], + "title": "Policy engine mode" + }, + "group": { + "type": "string", + "title": "Group" + } + }, + "required": [ + "name", + "slug" + ], + "title": "Application" + }, + "permissions": { + "type": "string", + "minLength": 1, + "title": "Permissions" + } + }, + "required": [] + }, + "model_authentik_stages_deny.denystage": { + "type": "object", + "properties": { + "name": { + "type": "string", + "minLength": 1, + "title": "Name" + }, + "flow_set": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "minLength": 1, + "title": "Name" + }, + "slug": { + "type": "string", + "maxLength": 50, + "minLength": 1, + "pattern": "^[-a-zA-Z0-9_]+$", + "title": "Slug", + "description": "Visible in the URL." + }, + "title": { + "type": "string", + "minLength": 1, + "title": "Title", + "description": "Shown as the Title in Flow pages." + }, + "designation": { + "type": "string", + "enum": [ + "authentication", + "authorization", + "invalidation", + "enrollment", + "unenrollment", + "recovery", + "stage_configuration" + ], + "title": "Designation", + "description": "Decides what this Flow is used for. For example, the Authentication flow is redirect to when an un-authenticated user visits authentik." + }, + "policy_engine_mode": { + "type": "string", + "enum": [ + "all", + "any" + ], + "title": "Policy engine mode" + }, + "compatibility_mode": { + "type": "boolean", + "title": "Compatibility mode", + "description": "Enable compatibility mode, increases compatibility with password managers on mobile devices." + }, + "layout": { + "type": "string", + "enum": [ + "stacked", + "content_left", + "content_right", + "sidebar_left", + "sidebar_right" + ], + "title": "Layout" + }, + "denied_action": { + "type": "string", + "enum": [ + "message_continue", + "message", + "continue" + ], + "title": "Denied action", + "description": "Configure what should happen when a flow denies access to a user." + } + }, + "required": [ + "name", + "slug", + "title", + "designation" + ] + }, + "title": "Flow set" + } + }, + "required": [] + }, + "model_authentik_stages_dummy.dummystage": { + "type": "object", + "properties": { + "name": { + "type": "string", + "minLength": 1, + "title": "Name" + }, + "flow_set": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "minLength": 1, + "title": "Name" + }, + "slug": { + "type": "string", + "maxLength": 50, + "minLength": 1, + "pattern": "^[-a-zA-Z0-9_]+$", + "title": "Slug", + "description": "Visible in the URL." + }, + "title": { + "type": "string", + "minLength": 1, + "title": "Title", + "description": "Shown as the Title in Flow pages." + }, + "designation": { + "type": "string", + "enum": [ + "authentication", + "authorization", + "invalidation", + "enrollment", + "unenrollment", + "recovery", + "stage_configuration" + ], + "title": "Designation", + "description": "Decides what this Flow is used for. For example, the Authentication flow is redirect to when an un-authenticated user visits authentik." + }, + "policy_engine_mode": { + "type": "string", + "enum": [ + "all", + "any" + ], + "title": "Policy engine mode" + }, + "compatibility_mode": { + "type": "boolean", + "title": "Compatibility mode", + "description": "Enable compatibility mode, increases compatibility with password managers on mobile devices." + }, + "layout": { + "type": "string", + "enum": [ + "stacked", + "content_left", + "content_right", + "sidebar_left", + "sidebar_right" + ], + "title": "Layout" + }, + "denied_action": { + "type": "string", + "enum": [ + "message_continue", + "message", + "continue" + ], + "title": "Denied action", + "description": "Configure what should happen when a flow denies access to a user." + } + }, + "required": [ + "name", + "slug", + "title", + "designation" + ] + }, + "title": "Flow set" + }, + "throw_error": { + "type": "boolean", + "title": "Throw error" + } + }, + "required": [] + }, + "model_authentik_stages_email.emailstage": { + "type": "object", + "properties": { + "name": { + "type": "string", + "minLength": 1, + "title": "Name" + }, + "flow_set": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "minLength": 1, + "title": "Name" + }, + "slug": { + "type": "string", + "maxLength": 50, + "minLength": 1, + "pattern": "^[-a-zA-Z0-9_]+$", + "title": "Slug", + "description": "Visible in the URL." + }, + "title": { + "type": "string", + "minLength": 1, + "title": "Title", + "description": "Shown as the Title in Flow pages." + }, + "designation": { + "type": "string", + "enum": [ + "authentication", + "authorization", + "invalidation", + "enrollment", + "unenrollment", + "recovery", + "stage_configuration" + ], + "title": "Designation", + "description": "Decides what this Flow is used for. For example, the Authentication flow is redirect to when an un-authenticated user visits authentik." + }, + "policy_engine_mode": { + "type": "string", + "enum": [ + "all", + "any" + ], + "title": "Policy engine mode" + }, + "compatibility_mode": { + "type": "boolean", + "title": "Compatibility mode", + "description": "Enable compatibility mode, increases compatibility with password managers on mobile devices." + }, + "layout": { + "type": "string", + "enum": [ + "stacked", + "content_left", + "content_right", + "sidebar_left", + "sidebar_right" + ], + "title": "Layout" + }, + "denied_action": { + "type": "string", + "enum": [ + "message_continue", + "message", + "continue" + ], + "title": "Denied action", + "description": "Configure what should happen when a flow denies access to a user." + } + }, + "required": [ + "name", + "slug", + "title", + "designation" + ] + }, + "title": "Flow set" + }, + "use_global_settings": { + "type": "boolean", + "title": "Use global settings", + "description": "When enabled, global Email connection settings will be used and connection settings below will be ignored." + }, + "host": { + "type": "string", + "minLength": 1, + "title": "Host" + }, + "port": { + "type": "integer", + "minimum": -2147483648, + "maximum": 2147483647, + "title": "Port" + }, + "username": { + "type": "string", + "title": "Username" + }, + "password": { + "type": "string", + "title": "Password" + }, + "use_tls": { + "type": "boolean", + "title": "Use tls" + }, + "use_ssl": { + "type": "boolean", + "title": "Use ssl" + }, + "timeout": { + "type": "integer", + "minimum": -2147483648, + "maximum": 2147483647, + "title": "Timeout" + }, + "from_address": { + "type": "string", + "format": "email", + "maxLength": 254, + "minLength": 1, + "title": "From address" + }, + "token_expiry": { + "type": "integer", + "minimum": -2147483648, + "maximum": 2147483647, + "title": "Token expiry", + "description": "Time in minutes the token sent is valid." + }, + "subject": { + "type": "string", + "minLength": 1, + "title": "Subject" + }, + "template": { + "type": "string", + "minLength": 1, + "title": "Template" + }, + "activate_user_on_success": { + "type": "boolean", + "title": "Activate user on success", + "description": "Activate users upon completion of stage." + } + }, + "required": [] + }, + "model_authentik_stages_identification.identificationstage": { + "type": "object", + "properties": { + "name": { + "type": "string", + "minLength": 1, + "title": "Name" + }, + "flow_set": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "minLength": 1, + "title": "Name" + }, + "slug": { + "type": "string", + "maxLength": 50, + "minLength": 1, + "pattern": "^[-a-zA-Z0-9_]+$", + "title": "Slug", + "description": "Visible in the URL." + }, + "title": { + "type": "string", + "minLength": 1, + "title": "Title", + "description": "Shown as the Title in Flow pages." + }, + "designation": { + "type": "string", + "enum": [ + "authentication", + "authorization", + "invalidation", + "enrollment", + "unenrollment", + "recovery", + "stage_configuration" + ], + "title": "Designation", + "description": "Decides what this Flow is used for. For example, the Authentication flow is redirect to when an un-authenticated user visits authentik." + }, + "policy_engine_mode": { + "type": "string", + "enum": [ + "all", + "any" + ], + "title": "Policy engine mode" + }, + "compatibility_mode": { + "type": "boolean", + "title": "Compatibility mode", + "description": "Enable compatibility mode, increases compatibility with password managers on mobile devices." + }, + "layout": { + "type": "string", + "enum": [ + "stacked", + "content_left", + "content_right", + "sidebar_left", + "sidebar_right" + ], + "title": "Layout" + }, + "denied_action": { + "type": "string", + "enum": [ + "message_continue", + "message", + "continue" + ], + "title": "Denied action", + "description": "Configure what should happen when a flow denies access to a user." + } + }, + "required": [ + "name", + "slug", + "title", + "designation" + ] + }, + "title": "Flow set" + }, + "user_fields": { + "type": "array", + "items": { + "type": "string", + "enum": [ + "email", + "username", + "upn" + ], + "title": "User fields" + }, + "title": "User fields", + "description": "Fields of the user object to match against. (Hold shift to select multiple options)" + }, + "password_stage": { + "type": "integer", + "title": "Password stage", + "description": "When set, shows a password field, instead of showing the password field as seaprate step." + }, + "case_insensitive_matching": { + "type": "boolean", + "title": "Case insensitive matching", + "description": "When enabled, user fields are matched regardless of their casing." + }, + "show_matched_user": { + "type": "boolean", + "title": "Show matched user", + "description": "When a valid username/email has been entered, and this option is enabled, the user's username and avatar will be shown. Otherwise, the text that the user entered will be shown" + }, + "enrollment_flow": { + "type": "integer", + "title": "Enrollment flow", + "description": "Optional enrollment flow, which is linked at the bottom of the page." + }, + "recovery_flow": { + "type": "integer", + "title": "Recovery flow", + "description": "Optional recovery flow, which is linked at the bottom of the page." + }, + "passwordless_flow": { + "type": "integer", + "title": "Passwordless flow", + "description": "Optional passwordless flow, which is linked at the bottom of the page." + }, + "sources": { + "type": "array", + "items": { + "type": "integer", + "description": "Specify which sources should be shown." + }, + "title": "Sources", + "description": "Specify which sources should be shown." + }, + "show_source_labels": { + "type": "boolean", + "title": "Show source labels" + } + }, + "required": [] + }, + "model_authentik_stages_invitation.invitationstage": { + "type": "object", + "properties": { + "name": { + "type": "string", + "minLength": 1, + "title": "Name" + }, + "flow_set": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "minLength": 1, + "title": "Name" + }, + "slug": { + "type": "string", + "maxLength": 50, + "minLength": 1, + "pattern": "^[-a-zA-Z0-9_]+$", + "title": "Slug", + "description": "Visible in the URL." + }, + "title": { + "type": "string", + "minLength": 1, + "title": "Title", + "description": "Shown as the Title in Flow pages." + }, + "designation": { + "type": "string", + "enum": [ + "authentication", + "authorization", + "invalidation", + "enrollment", + "unenrollment", + "recovery", + "stage_configuration" + ], + "title": "Designation", + "description": "Decides what this Flow is used for. For example, the Authentication flow is redirect to when an un-authenticated user visits authentik." + }, + "policy_engine_mode": { + "type": "string", + "enum": [ + "all", + "any" + ], + "title": "Policy engine mode" + }, + "compatibility_mode": { + "type": "boolean", + "title": "Compatibility mode", + "description": "Enable compatibility mode, increases compatibility with password managers on mobile devices." + }, + "layout": { + "type": "string", + "enum": [ + "stacked", + "content_left", + "content_right", + "sidebar_left", + "sidebar_right" + ], + "title": "Layout" + }, + "denied_action": { + "type": "string", + "enum": [ + "message_continue", + "message", + "continue" + ], + "title": "Denied action", + "description": "Configure what should happen when a flow denies access to a user." + } + }, + "required": [ + "name", + "slug", + "title", + "designation" + ] + }, + "title": "Flow set" + }, + "continue_flow_without_invitation": { + "type": "boolean", + "title": "Continue flow without invitation", + "description": "If this flag is set, this Stage will jump to the next Stage when no Invitation is given. By default this Stage will cancel the Flow when no invitation is given." + } + }, + "required": [] + }, + "model_authentik_stages_invitation.invitation": { + "type": "object", + "properties": { + "expires": { + "type": "string", + "format": "date-time", + "title": "Expires" + }, + "user": { + "type": "object", + "properties": { + "username": { + "type": "string", + "maxLength": 150, + "minLength": 1, + "title": "Username" + }, + "name": { + "type": "string", + "title": "Name", + "description": "User's display name." + }, + "is_active": { + "type": "boolean", + "title": "Active", + "description": "Designates whether this user should be treated as active. Unselect this instead of deleting accounts." + }, + "last_login": { + "type": [ + "string", + "null" + ], + "format": "date-time", + "title": "Last login" + }, + "groups": { + "type": "array", + "items": { + "type": "integer" + }, + "title": "Groups" + }, + "email": { + "type": "string", + "format": "email", + "maxLength": 254, + "title": "Email address" + }, + "attributes": { + "type": "object", + "additionalProperties": true, + "title": "Attributes" + }, + "path": { + "type": "string", + "minLength": 1, + "title": "Path" + } + }, + "required": [ + "username", + "name", + "groups" + ], + "title": "User" + }, + "application": { + "type": "object", + "properties": { + "name": { + "type": "string", + "minLength": 1, + "title": "Name", + "description": "Application's display Name." + }, + "slug": { + "type": "string", + "maxLength": 50, + "minLength": 1, + "pattern": "^[-a-zA-Z0-9_]+$", + "title": "Slug", + "description": "Internal application name, used in URLs." + }, + "provider": { + "type": "integer", + "title": "Provider" + }, + "open_in_new_tab": { + "type": "boolean", + "title": "Open in new tab", + "description": "Open launch URL in a new browser tab or window." + }, + "meta_launch_url": { + "type": "string", + "title": "Meta launch url" + }, + "meta_description": { + "type": "string", + "title": "Meta description" + }, + "meta_publisher": { + "type": "string", + "title": "Meta publisher" + }, + "policy_engine_mode": { + "type": "string", + "enum": [ + "all", + "any" + ], + "title": "Policy engine mode" + }, + "group": { + "type": "string", + "title": "Group" + } + }, + "required": [ + "name", + "slug" + ], + "title": "Application" + }, + "permissions": { + "type": "string", + "minLength": 1, + "title": "Permissions" + } + }, + "required": [] + }, + "model_authentik_stages_password.passwordstage": { + "type": "object", + "properties": { + "name": { + "type": "string", + "minLength": 1, + "title": "Name" + }, + "flow_set": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "minLength": 1, + "title": "Name" + }, + "slug": { + "type": "string", + "maxLength": 50, + "minLength": 1, + "pattern": "^[-a-zA-Z0-9_]+$", + "title": "Slug", + "description": "Visible in the URL." + }, + "title": { + "type": "string", + "minLength": 1, + "title": "Title", + "description": "Shown as the Title in Flow pages." + }, + "designation": { + "type": "string", + "enum": [ + "authentication", + "authorization", + "invalidation", + "enrollment", + "unenrollment", + "recovery", + "stage_configuration" + ], + "title": "Designation", + "description": "Decides what this Flow is used for. For example, the Authentication flow is redirect to when an un-authenticated user visits authentik." + }, + "policy_engine_mode": { + "type": "string", + "enum": [ + "all", + "any" + ], + "title": "Policy engine mode" + }, + "compatibility_mode": { + "type": "boolean", + "title": "Compatibility mode", + "description": "Enable compatibility mode, increases compatibility with password managers on mobile devices." + }, + "layout": { + "type": "string", + "enum": [ + "stacked", + "content_left", + "content_right", + "sidebar_left", + "sidebar_right" + ], + "title": "Layout" + }, + "denied_action": { + "type": "string", + "enum": [ + "message_continue", + "message", + "continue" + ], + "title": "Denied action", + "description": "Configure what should happen when a flow denies access to a user." + } + }, + "required": [ + "name", + "slug", + "title", + "designation" + ] + }, + "title": "Flow set" + }, + "backends": { + "type": "array", + "items": { + "type": "string", + "enum": [ + "authentik.core.auth.InbuiltBackend", + "authentik.core.auth.TokenBackend", + "authentik.sources.ldap.auth.LDAPBackend" + ], + "title": "Backends" + }, + "title": "Backends", + "description": "Selection of backends to test the password against." + }, + "configure_flow": { + "type": "integer", + "title": "Configure flow", + "description": "Flow used by an authenticated user to configure this Stage. If empty, user will not be able to configure this stage." + }, + "failed_attempts_before_cancel": { + "type": "integer", + "minimum": -2147483648, + "maximum": 2147483647, + "title": "Failed attempts before cancel", + "description": "How many attempts a user has before the flow is canceled. To lock the user out, use a reputation policy and a user_write stage." + } + }, + "required": [] + }, + "model_authentik_stages_prompt.prompt": { + "type": "object", + "properties": { + "name": { + "type": "string", + "minLength": 1, + "title": "Name" + }, + "field_key": { + "type": "string", + "minLength": 1, + "title": "Field key", + "description": "Name of the form field, also used to store the value" + }, + "label": { + "type": "string", + "minLength": 1, + "title": "Label" + }, + "type": { + "type": "string", + "enum": [ + "text", + "text_area", + "text_read_only", + "text_area_read_only", + "username", + "email", + "password", + "number", + "checkbox", + "radio-button-group", + "dropdown", + "date", + "date-time", + "file", + "separator", + "hidden", + "static", + "ak-locale" + ], + "title": "Type" + }, + "required": { + "type": "boolean", + "title": "Required" + }, + "placeholder": { + "type": "string", + "title": "Placeholder", + "description": "Optionally provide a short hint that describes the expected input value. When creating a fixed choice field, enable interpreting as expression and return a list to return multiple choices." + }, + "initial_value": { + "type": "string", + "title": "Initial value", + "description": "Optionally pre-fill the input with an initial value. When creating a fixed choice field, enable interpreting as expression and return a list to return multiple default choices." + }, + "order": { + "type": "integer", + "minimum": -2147483648, + "maximum": 2147483647, + "title": "Order" + }, + "promptstage_set": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "minLength": 1, + "title": "Name" + }, + "flow_set": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "minLength": 1, + "title": "Name" + }, + "slug": { + "type": "string", + "maxLength": 50, + "minLength": 1, + "pattern": "^[-a-zA-Z0-9_]+$", + "title": "Slug", + "description": "Visible in the URL." + }, + "title": { + "type": "string", + "minLength": 1, + "title": "Title", + "description": "Shown as the Title in Flow pages." + }, + "designation": { + "type": "string", + "enum": [ + "authentication", + "authorization", + "invalidation", + "enrollment", + "unenrollment", + "recovery", + "stage_configuration" + ], + "title": "Designation", + "description": "Decides what this Flow is used for. For example, the Authentication flow is redirect to when an un-authenticated user visits authentik." + }, + "policy_engine_mode": { + "type": "string", + "enum": [ + "all", + "any" + ], + "title": "Policy engine mode" + }, + "compatibility_mode": { + "type": "boolean", + "title": "Compatibility mode", + "description": "Enable compatibility mode, increases compatibility with password managers on mobile devices." + }, + "layout": { + "type": "string", + "enum": [ + "stacked", + "content_left", + "content_right", + "sidebar_left", + "sidebar_right" + ], + "title": "Layout" + }, + "denied_action": { + "type": "string", + "enum": [ + "message_continue", + "message", + "continue" + ], + "title": "Denied action", + "description": "Configure what should happen when a flow denies access to a user." + } + }, + "required": [ + "name", + "slug", + "title", + "designation" + ] + }, + "title": "Flow set" + } + }, + "required": [ + "name" + ] + }, + "title": "Promptstage set" + }, + "sub_text": { + "type": "string", + "title": "Sub text" + }, + "placeholder_expression": { + "type": "boolean", + "title": "Placeholder expression" + }, + "initial_value_expression": { + "type": "boolean", + "title": "Initial value expression" + } + }, + "required": [] + }, + "model_authentik_stages_prompt.promptstage": { + "type": "object", + "properties": { + "name": { + "type": "string", + "minLength": 1, + "title": "Name" + }, + "flow_set": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "minLength": 1, + "title": "Name" + }, + "slug": { + "type": "string", + "maxLength": 50, + "minLength": 1, + "pattern": "^[-a-zA-Z0-9_]+$", + "title": "Slug", + "description": "Visible in the URL." + }, + "title": { + "type": "string", + "minLength": 1, + "title": "Title", + "description": "Shown as the Title in Flow pages." + }, + "designation": { + "type": "string", + "enum": [ + "authentication", + "authorization", + "invalidation", + "enrollment", + "unenrollment", + "recovery", + "stage_configuration" + ], + "title": "Designation", + "description": "Decides what this Flow is used for. For example, the Authentication flow is redirect to when an un-authenticated user visits authentik." + }, + "policy_engine_mode": { + "type": "string", + "enum": [ + "all", + "any" + ], + "title": "Policy engine mode" + }, + "compatibility_mode": { + "type": "boolean", + "title": "Compatibility mode", + "description": "Enable compatibility mode, increases compatibility with password managers on mobile devices." + }, + "layout": { + "type": "string", + "enum": [ + "stacked", + "content_left", + "content_right", + "sidebar_left", + "sidebar_right" + ], + "title": "Layout" + }, + "denied_action": { + "type": "string", + "enum": [ + "message_continue", + "message", + "continue" + ], + "title": "Denied action", + "description": "Configure what should happen when a flow denies access to a user." + } + }, + "required": [ + "name", + "slug", + "title", + "designation" + ] + }, + "title": "Flow set" + }, + "fields": { + "type": "array", + "items": { + "type": "integer" + }, + "title": "Fields" + }, + "validation_policies": { + "type": "array", + "items": { + "type": "integer" + }, + "title": "Validation policies" + } + }, + "required": [] + }, + "model_authentik_stages_user_delete.userdeletestage": { + "type": "object", + "properties": { + "name": { + "type": "string", + "minLength": 1, + "title": "Name" + }, + "flow_set": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "minLength": 1, + "title": "Name" + }, + "slug": { + "type": "string", + "maxLength": 50, + "minLength": 1, + "pattern": "^[-a-zA-Z0-9_]+$", + "title": "Slug", + "description": "Visible in the URL." + }, + "title": { + "type": "string", + "minLength": 1, + "title": "Title", + "description": "Shown as the Title in Flow pages." + }, + "designation": { + "type": "string", + "enum": [ + "authentication", + "authorization", + "invalidation", + "enrollment", + "unenrollment", + "recovery", + "stage_configuration" + ], + "title": "Designation", + "description": "Decides what this Flow is used for. For example, the Authentication flow is redirect to when an un-authenticated user visits authentik." + }, + "policy_engine_mode": { + "type": "string", + "enum": [ + "all", + "any" + ], + "title": "Policy engine mode" + }, + "compatibility_mode": { + "type": "boolean", + "title": "Compatibility mode", + "description": "Enable compatibility mode, increases compatibility with password managers on mobile devices." + }, + "layout": { + "type": "string", + "enum": [ + "stacked", + "content_left", + "content_right", + "sidebar_left", + "sidebar_right" + ], + "title": "Layout" + }, + "denied_action": { + "type": "string", + "enum": [ + "message_continue", + "message", + "continue" + ], + "title": "Denied action", + "description": "Configure what should happen when a flow denies access to a user." + } + }, + "required": [ + "name", + "slug", + "title", + "designation" + ] + }, + "title": "Flow set" + } + }, + "required": [] + }, + "model_authentik_stages_user_login.userloginstage": { + "type": "object", + "properties": { + "name": { + "type": "string", + "minLength": 1, + "title": "Name" + }, + "flow_set": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "minLength": 1, + "title": "Name" + }, + "slug": { + "type": "string", + "maxLength": 50, + "minLength": 1, + "pattern": "^[-a-zA-Z0-9_]+$", + "title": "Slug", + "description": "Visible in the URL." + }, + "title": { + "type": "string", + "minLength": 1, + "title": "Title", + "description": "Shown as the Title in Flow pages." + }, + "designation": { + "type": "string", + "enum": [ + "authentication", + "authorization", + "invalidation", + "enrollment", + "unenrollment", + "recovery", + "stage_configuration" + ], + "title": "Designation", + "description": "Decides what this Flow is used for. For example, the Authentication flow is redirect to when an un-authenticated user visits authentik." + }, + "policy_engine_mode": { + "type": "string", + "enum": [ + "all", + "any" + ], + "title": "Policy engine mode" + }, + "compatibility_mode": { + "type": "boolean", + "title": "Compatibility mode", + "description": "Enable compatibility mode, increases compatibility with password managers on mobile devices." + }, + "layout": { + "type": "string", + "enum": [ + "stacked", + "content_left", + "content_right", + "sidebar_left", + "sidebar_right" + ], + "title": "Layout" + }, + "denied_action": { + "type": "string", + "enum": [ + "message_continue", + "message", + "continue" + ], + "title": "Denied action", + "description": "Configure what should happen when a flow denies access to a user." + } + }, + "required": [ + "name", + "slug", + "title", + "designation" + ] + }, + "title": "Flow set" + }, + "session_duration": { + "type": "string", + "minLength": 1, + "title": "Session duration", + "description": "Determines how long a session lasts. Default of 0 means that the sessions lasts until the browser is closed. (Format: hours=-1;minutes=-2;seconds=-3)" + }, + "terminate_other_sessions": { + "type": "boolean", + "title": "Terminate other sessions", + "description": "Terminate all other sessions of the user logging in." + }, + "remember_me_offset": { + "type": "string", + "minLength": 1, + "title": "Remember me offset", + "description": "Offset the session will be extended by when the user picks the remember me option. Default of 0 means that the remember me option will not be shown. (Format: hours=-1;minutes=-2;seconds=-3)" + } + }, + "required": [] + }, + "model_authentik_stages_user_logout.userlogoutstage": { + "type": "object", + "properties": { + "name": { + "type": "string", + "minLength": 1, + "title": "Name" + }, + "flow_set": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "minLength": 1, + "title": "Name" + }, + "slug": { + "type": "string", + "maxLength": 50, + "minLength": 1, + "pattern": "^[-a-zA-Z0-9_]+$", + "title": "Slug", + "description": "Visible in the URL." + }, + "title": { + "type": "string", + "minLength": 1, + "title": "Title", + "description": "Shown as the Title in Flow pages." + }, + "designation": { + "type": "string", + "enum": [ + "authentication", + "authorization", + "invalidation", + "enrollment", + "unenrollment", + "recovery", + "stage_configuration" + ], + "title": "Designation", + "description": "Decides what this Flow is used for. For example, the Authentication flow is redirect to when an un-authenticated user visits authentik." + }, + "policy_engine_mode": { + "type": "string", + "enum": [ + "all", + "any" + ], + "title": "Policy engine mode" + }, + "compatibility_mode": { + "type": "boolean", + "title": "Compatibility mode", + "description": "Enable compatibility mode, increases compatibility with password managers on mobile devices." + }, + "layout": { + "type": "string", + "enum": [ + "stacked", + "content_left", + "content_right", + "sidebar_left", + "sidebar_right" + ], + "title": "Layout" + }, + "denied_action": { + "type": "string", + "enum": [ + "message_continue", + "message", + "continue" + ], + "title": "Denied action", + "description": "Configure what should happen when a flow denies access to a user." + } + }, + "required": [ + "name", + "slug", + "title", + "designation" + ] + }, + "title": "Flow set" + } + }, + "required": [] + }, + "model_authentik_stages_user_write.userwritestage": { + "type": "object", + "properties": { + "name": { + "type": "string", + "minLength": 1, + "title": "Name" + }, + "flow_set": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "minLength": 1, + "title": "Name" + }, + "slug": { + "type": "string", + "maxLength": 50, + "minLength": 1, + "pattern": "^[-a-zA-Z0-9_]+$", + "title": "Slug", + "description": "Visible in the URL." + }, + "title": { + "type": "string", + "minLength": 1, + "title": "Title", + "description": "Shown as the Title in Flow pages." + }, + "designation": { + "type": "string", + "enum": [ + "authentication", + "authorization", + "invalidation", + "enrollment", + "unenrollment", + "recovery", + "stage_configuration" + ], + "title": "Designation", + "description": "Decides what this Flow is used for. For example, the Authentication flow is redirect to when an un-authenticated user visits authentik." + }, + "policy_engine_mode": { + "type": "string", + "enum": [ + "all", + "any" + ], + "title": "Policy engine mode" + }, + "compatibility_mode": { + "type": "boolean", + "title": "Compatibility mode", + "description": "Enable compatibility mode, increases compatibility with password managers on mobile devices." + }, + "layout": { + "type": "string", + "enum": [ + "stacked", + "content_left", + "content_right", + "sidebar_left", + "sidebar_right" + ], + "title": "Layout" + }, + "denied_action": { + "type": "string", + "enum": [ + "message_continue", + "message", + "continue" + ], + "title": "Denied action", + "description": "Configure what should happen when a flow denies access to a user." + } + }, + "required": [ + "name", + "slug", + "title", + "designation" + ] + }, + "title": "Flow set" + }, + "user_creation_mode": { + "type": "string", + "enum": [ + "never_create", + "create_when_required", + "always_create" + ], + "title": "User creation mode" + }, + "create_users_as_inactive": { + "type": "boolean", + "title": "Create users as inactive", + "description": "When set, newly created users are inactive and cannot login." + }, + "create_users_group": { + "type": "integer", + "title": "Create users group", + "description": "Optionally add newly created users to this group." + }, + "user_path_template": { + "type": "string", + "title": "User path template" + } + }, + "required": [] + }, + "model_authentik_tenants.tenant": { + "type": "object", + "properties": { + "domain": { + "type": "string", + "minLength": 1, + "title": "Domain", + "description": "Domain that activates this tenant. Can be a superset, i.e. `a.b` for `aa.b` and `ba.b`" + }, + "default": { + "type": "boolean", + "title": "Default" + }, + "branding_title": { + "type": "string", + "minLength": 1, + "title": "Branding title" + }, + "branding_logo": { + "type": "string", + "minLength": 1, + "title": "Branding logo" + }, + "branding_favicon": { + "type": "string", + "minLength": 1, + "title": "Branding favicon" + }, + "flow_authentication": { + "type": "integer", + "title": "Flow authentication" + }, + "flow_invalidation": { + "type": "integer", + "title": "Flow invalidation" + }, + "flow_recovery": { + "type": "integer", + "title": "Flow recovery" + }, + "flow_unenrollment": { + "type": "integer", + "title": "Flow unenrollment" + }, + "flow_user_settings": { + "type": "integer", + "title": "Flow user settings" + }, + "flow_device_code": { + "type": "integer", + "title": "Flow device code" + }, + "event_retention": { + "type": "string", + "minLength": 1, + "title": "Event retention", + "description": "Events will be deleted after this duration.(Format: weeks=3;days=2;hours=3,seconds=2)." + }, + "web_certificate": { + "type": "integer", + "title": "Web certificate", + "description": "Web Certificate used by the authentik Core webserver." + }, + "attributes": { + "type": "object", + "additionalProperties": true, + "title": "Attributes" + } + }, + "required": [] + }, + "model_authentik_blueprints.blueprintinstance": { + "type": "object", + "properties": { + "name": { + "type": "string", + "minLength": 1, + "title": "Name" + }, + "path": { + "type": "string", + "title": "Path" + }, + "context": { + "type": "object", + "additionalProperties": true, + "title": "Context" + }, + "enabled": { + "type": "boolean", + "title": "Enabled" + }, + "content": { + "type": "string", + "title": "Content" + } + }, + "required": [] + }, + "model_authentik_core.group": { + "type": "object", + "properties": { + "name": { + "type": "string", + "maxLength": 80, + "minLength": 1, + "title": "Name" + }, + "is_superuser": { + "type": "boolean", + "title": "Is superuser", + "description": "Users added to this group will be superusers." + }, + "parent": { + "type": "integer", + "title": "Parent" + }, + "users": { + "type": "array", + "items": { + "type": "integer" + }, + "title": "Users" + }, + "attributes": { + "type": "object", + "additionalProperties": true, + "title": "Attributes" + } + }, + "required": [] + }, + "model_authentik_core.user": { + "type": "object", + "properties": { + "username": { + "type": "string", + "maxLength": 150, + "minLength": 1, + "title": "Username" + }, + "name": { + "type": "string", + "title": "Name", + "description": "User's display name." + }, + "is_active": { + "type": "boolean", + "title": "Active", + "description": "Designates whether this user should be treated as active. Unselect this instead of deleting accounts." + }, + "last_login": { + "type": [ + "string", + "null" + ], + "format": "date-time", + "title": "Last login" + }, + "groups": { + "type": "array", + "items": { + "type": "integer" + }, + "title": "Groups" + }, + "email": { + "type": "string", + "format": "email", + "maxLength": 254, + "title": "Email address" + }, + "attributes": { + "type": "object", + "additionalProperties": true, + "title": "Attributes" + }, + "path": { + "type": "string", + "minLength": 1, + "title": "Path" + } + }, + "required": [] + }, + "model_authentik_core.application": { + "type": "object", + "properties": { + "name": { + "type": "string", + "minLength": 1, + "title": "Name", + "description": "Application's display Name." + }, + "slug": { + "type": "string", + "maxLength": 50, + "minLength": 1, + "pattern": "^[-a-zA-Z0-9_]+$", + "title": "Slug", + "description": "Internal application name, used in URLs." + }, + "provider": { + "type": "integer", + "title": "Provider" + }, + "open_in_new_tab": { + "type": "boolean", + "title": "Open in new tab", + "description": "Open launch URL in a new browser tab or window." + }, + "meta_launch_url": { + "type": "string", + "title": "Meta launch url" + }, + "meta_description": { + "type": "string", + "title": "Meta description" + }, + "meta_publisher": { + "type": "string", + "title": "Meta publisher" + }, + "policy_engine_mode": { + "type": "string", + "enum": [ + "all", + "any" + ], + "title": "Policy engine mode" + }, + "group": { + "type": "string", + "title": "Group" + } + }, + "required": [] + }, + "model_authentik_core.token": { + "type": "object", + "properties": { + "managed": { + "type": [ + "string", + "null" + ], + "minLength": 1, + "title": "Managed by authentik", + "description": "Objects which are managed by authentik. These objects are created and updated automatically. This is flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update." + }, + "identifier": { + "type": "string", + "maxLength": 255, + "minLength": 1, + "pattern": "^[-a-zA-Z0-9_]+$", + "title": "Identifier" + }, + "intent": { + "type": "string", + "enum": [ + "verification", + "api", + "recovery", + "app_password" + ], + "title": "Intent" + }, + "user": { + "type": "integer", + "title": "User" + }, + "description": { + "type": "string", + "title": "Description" + }, + "expires": { + "type": "string", + "format": "date-time", + "title": "Expires" + }, + "expiring": { + "type": "boolean", + "title": "Expiring" + } + }, + "required": [] } } } diff --git a/poetry.lock b/poetry.lock index 7228b5600..09a921e9f 100644 --- a/poetry.lock +++ b/poetry.lock @@ -1,4 +1,4 @@ -# This file is automatically @generated by Poetry and should not be changed by hand. +# This file is automatically @generated by Poetry 1.4.2 and should not be changed by hand. [[package]] name = "aiohttp" @@ -1272,6 +1272,30 @@ websocket-client = ">=0.32.0" [package.extras] ssh = ["paramiko (>=2.4.3)"] +[[package]] +name = "drf-jsonschema-serializer" +version = "1.0.0" +description = "JSON Schema support for Django REST Framework" +category = "dev" +optional = false +python-versions = "*" +files = [ + {file = "drf-jsonschema-serializer-1.0.0.tar.gz", hash = "sha256:aa58d03deba5a936bc0b0dbca4b69ee902886b7a0be130797f1d5e741b92e42b"}, + {file = "drf_jsonschema_serializer-1.0.0-py3-none-any.whl", hash = "sha256:06401c94f1a2610797a26c390b701504b90b6b44683932daccbc250ea2aad3b1"}, +] + +[package.dependencies] +django = ">=3.2" +djangorestframework = ">=3.13" +jsonschema = ">=4.0.0" + +[package.extras] +all-format-validators = ["fqdn", "idna", "isoduration", "jsonpointer", "rfc3339-validator", "rfc3987", "uri-template", "webcolors"] +coverage = ["pytest-cov"] +docs = ["sphinx", "sphinx-rtd-theme"] +release = ["bump2version", "twine"] +tests = ["black", "django-stubs[compatible-mypy]", "djangorestframework-stubs[compatible-mypy]", "flake8", "fqdn", "idna", "isoduration", "isort", "jsonpointer", "mypy", "pytest", "pytest-django", "rfc3339-validator", "rfc3987", "tox", "types-jsonschema", "uri-template", "webcolors"] + [[package]] name = "drf-spectacular" version = "0.26.2" @@ -4152,4 +4176,4 @@ files = [ [metadata] lock-version = "2.0" python-versions = "^3.11" -content-hash = "82fc267d6041997d1410a951033cdb9f6c57d91df7d48acaecdbab320daab58e" +content-hash = "da0f14183137ec5d4fcd7df877f1488860bc26f795f8aaa19c78655f77e3f409" diff --git a/pyproject.toml b/pyproject.toml index 7220ef986..4d77d6b57 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -179,6 +179,7 @@ bump2version = "*" colorama = "*" coverage = { extras = ["toml"], version = "*" } django-silk = "*" +drf-jsonschema-serializer = "*" importlib-metadata = "*" pylint = "*" pylint-django = "*" diff --git a/schema.yml b/schema.yml index 89f06dda7..233014767 100644 --- a/schema.yml +++ b/schema.yml @@ -27912,6 +27912,7 @@ components: readOnly: true managed: type: string + readOnly: true nullable: true title: Managed by authentik description: Objects which are managed by authentik. These objects are created @@ -27924,6 +27925,7 @@ components: - certificate_download_url - fingerprint_sha1 - fingerprint_sha256 + - managed - name - pk - private_key_available @@ -27946,15 +27948,6 @@ components: writeOnly: true description: Optional Private Key. If this is set, you can use this keypair for encryption. - managed: - type: string - nullable: true - minLength: 1 - title: Managed by authentik - description: Objects which are managed by authentik. These objects are created - and updated automatically. This is flag only indicates that an object - can be overwritten by migrations. You can still modify the objects via - the API, but expect changes to be overwritten in a later update. required: - certificate_data - name @@ -35649,15 +35642,6 @@ components: writeOnly: true description: Optional Private Key. If this is set, you can use this keypair for encryption. - managed: - type: string - nullable: true - minLength: 1 - title: Managed by authentik - description: Objects which are managed by authentik. These objects are created - and updated automatically. This is flag only indicates that an object - can be overwritten by migrations. You can still modify the objects via - the API, but expect changes to be overwritten in a later update. PatchedConsentStageRequest: type: object description: ConsentStage Serializer diff --git a/website/developer-docs/blueprints/v1/structure.md b/website/developer-docs/blueprints/v1/structure.md index 47394c817..0b2e4d6d7 100644 --- a/website/developer-docs/blueprints/v1/structure.md +++ b/website/developer-docs/blueprints/v1/structure.md @@ -5,6 +5,7 @@ Blueprints are YAML files, which can use some additional tags to ease blueprint ## Structure ```yaml +# yaml-language-server: $schema=https://goauthentik.io/blueprints/schema.json # The version of this blueprint, currently 1 version: 1 # Optional block of metadata, name is required if metadata is set