89c84f10d0
* managed: move flowexporter to managed Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * *: implement SerializerModel in all models Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * managed: add initial api Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * managed: start blueprint Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * managed: spec Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * version blueprint Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * yep Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * remove v2, improve v1 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * start custom tag, more rebrand Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add default flows Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * move blueprints out of website Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * try new things Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add !lookup, fix web Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * update and cleanup default Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix tags in lists Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * don't save field if its set to default value Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * more flow cleanup Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * format web Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix missing serializer for sms Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * ignore _set fields Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * remove custom file extension Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * migrate default flow to tenant Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * include blueprints Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
30 lines
1,012 B
Python
30 lines
1,012 B
Python
"""OAuth2 Provider managed objects"""
|
|
from authentik.blueprints.manager import EnsureExists, ObjectManager
|
|
from authentik.providers.oauth2.models import ScopeMapping
|
|
from authentik.providers.proxy.models import SCOPE_AK_PROXY
|
|
|
|
SCOPE_AK_PROXY_EXPRESSION = """
|
|
# This mapping is used by the authentik proxy. It passes extra user attributes,
|
|
# which are used for example for the HTTP-Basic Authentication mapping.
|
|
return {
|
|
"ak_proxy": {
|
|
"user_attributes": request.user.group_attributes(request),
|
|
"is_superuser": request.user.is_superuser,
|
|
}
|
|
}"""
|
|
|
|
|
|
class ProxyScopeMappingManager(ObjectManager):
|
|
"""OAuth2 Provider managed objects"""
|
|
|
|
def reconcile(self):
|
|
return [
|
|
EnsureExists(
|
|
ScopeMapping,
|
|
"goauthentik.io/providers/proxy/scope-proxy",
|
|
name="authentik default OAuth Mapping: Proxy outpost",
|
|
scope_name=SCOPE_AK_PROXY,
|
|
expression=SCOPE_AK_PROXY_EXPRESSION,
|
|
),
|
|
]
|