import { CryptoApi, FlowDesignationEnum, FlowsApi, OAuth2Provider, OAuth2ProviderClientTypeEnum, OAuth2ProviderIssuerModeEnum, OAuth2ProviderJwtAlgEnum, OAuth2ProviderSubModeEnum, PropertymappingsApi, ProvidersApi } from "authentik-api"; import { t } from "@lingui/macro"; import { customElement, property } from "lit-element"; import { html, TemplateResult } from "lit-html"; import { DEFAULT_CONFIG } from "../../../api/Config"; import { Form } from "../../../elements/forms/Form"; import { until } from "lit-html/directives/until"; import { ifDefined } from "lit-html/directives/if-defined"; import "../../../elements/forms/HorizontalFormElement"; import "../../../elements/forms/FormGroup"; import { first, randomString } from "../../../utils"; @customElement("ak-provider-oauth2-form") export class OAuth2ProviderFormPage extends Form { set providerUUID(value: number) { new ProvidersApi(DEFAULT_CONFIG).providersOauth2Read({ id: value, }).then(provider => { this.provider = provider; this.showClientSecret = provider.clientType === OAuth2ProviderClientTypeEnum.Confidential; }); } @property({attribute: false}) provider?: OAuth2Provider; @property({type: Boolean}) showClientSecret = true; getSuccessMessage(): string { if (this.provider) { return t`Successfully updated provider.`; } else { return t`Successfully created provider.`; } } send = (data: OAuth2Provider): Promise => { if (this.provider) { return new ProvidersApi(DEFAULT_CONFIG).providersOauth2Update({ id: this.provider.pk || 0, data: data }); } else { return new ProvidersApi(DEFAULT_CONFIG).providersOauth2Create({ data: data }); } }; renderForm(): TemplateResult { return html`

${t`Flow used when authorizing this provider.`}

${t`Protocol settings`}

${t`Confidential clients are capable of maintaining the confidentiality of their credentials. Public clients are incapable.`}

${t`Valid redirect URLs after a successful authorization flow. Also specify any origins here for CORS Headers.`}

${t`Advanced protocol settings`}

${t`Algorithm used to sign the JWT Tokens.`}

${t`Select which scopes can be used by the client. The client stil has to specify the scope to access the data.`}

${t`Hold control/command to select multiple items.`}

${t`Key used to sign the tokens. Only required when JWT Algorithm is set to RS256.`}

${t`Configure what data should be used as unique User Identifier. For most cases, the default should be fine.`}

${t`Include User claims from scopes in the id_token, for applications that don't access the userinfo endpoint.`}

${t`Configure how the issuer field of the ID Token should be filled.`}

`; } }