authentik.endpoints.connectors.agent.models

View Source

  1from typing import TYPE_CHECKING
  2from uuid import uuid4
  3
  4from django.db import models
  5from django.templatetags.static import static
  6from django.utils.translation import gettext_lazy as _
  7from rest_framework.serializers import Serializer
  8
  9from authentik.core.models import ExpiringModel, User, default_token_key
 10from authentik.crypto.models import CertificateKeyPair
 11from authentik.endpoints.models import (
 12    Connector,
 13    Device,
 14    DeviceAccessGroup,
 15    DeviceConnection,
 16    DeviceUserBinding,
 17)
 18from authentik.flows.stage import StageView
 19from authentik.lib.generators import generate_key
 20from authentik.lib.models import InternallyManagedMixin, SerializerModel
 21from authentik.lib.utils.time import timedelta_string_validator
 22
 23if TYPE_CHECKING:
 24    from authentik.endpoints.connectors.agent.controller import AgentConnectorController
 25
 26
 27class AgentConnector(Connector):
 28    """Configure authentication and add device compliance using the authentik Agent."""
 29
 30    refresh_interval = models.TextField(
 31        default="minutes=30",
 32        validators=[timedelta_string_validator],
 33    )
 34
 35    auth_session_duration = models.TextField(
 36        default="hours=8", validators=[timedelta_string_validator]
 37    )
 38    auth_terminate_session_on_expiry = models.BooleanField(default=False)
 39    authorization_flow = models.ForeignKey(
 40        "authentik_flows.Flow", null=True, on_delete=models.SET_DEFAULT, default=None
 41    )
 42    jwt_federation_providers = models.ManyToManyField(
 43        "authentik_providers_oauth2.OAuth2Provider", blank=True, default=None
 44    )
 45
 46    nss_uid_offset = models.PositiveIntegerField(default=1000)
 47    nss_gid_offset = models.PositiveIntegerField(default=1000)
 48
 49    challenge_key = models.ForeignKey(CertificateKeyPair, on_delete=models.CASCADE, null=True)
 50    challenge_idle_timeout = models.TextField(
 51        validators=[timedelta_string_validator], default="seconds=5"
 52    )
 53    challenge_trigger_check_in = models.BooleanField(default=False)
 54
 55    @property
 56    def icon_url(self):
 57        return static("dist/assets/icons/icon.svg")
 58
 59    @property
 60    def serializer(self) -> type[Serializer]:
 61        from authentik.endpoints.connectors.agent.api.connectors import (
 62            AgentConnectorSerializer,
 63        )
 64
 65        return AgentConnectorSerializer
 66
 67    @property
 68    def stage(self) -> type[StageView] | None:
 69        from authentik.endpoints.connectors.agent.stage import (
 70            AuthenticatorEndpointStageView,
 71        )
 72
 73        return AuthenticatorEndpointStageView
 74
 75    @property
 76    def controller(self) -> type[AgentConnectorController]:
 77        from authentik.endpoints.connectors.agent.controller import AgentConnectorController
 78
 79        return AgentConnectorController
 80
 81    @property
 82    def component(self) -> str:
 83        return "ak-endpoints-connector-agent-form"
 84
 85    class Meta:
 86        verbose_name = _("Agent Connector")
 87        verbose_name_plural = _("Agent Connectors")
 88
 89
 90class AgentDeviceConnection(DeviceConnection):
 91
 92    apple_key_exchange_key = models.TextField()
 93    apple_encryption_key = models.TextField()
 94    apple_enc_key_id = models.TextField()
 95    apple_signing_key = models.TextField()
 96    apple_sign_key_id = models.TextField()
 97
 98
 99class AgentDeviceUserBinding(DeviceUserBinding):
100
101    apple_secure_enclave_key = models.TextField()
102    apple_enclave_key_id = models.TextField()
103
104
105class DeviceToken(InternallyManagedMixin, ExpiringModel):
106    """Per-device token used for authentication."""
107
108    token_uuid = models.UUIDField(primary_key=True, default=uuid4)
109    device = models.ForeignKey(AgentDeviceConnection, on_delete=models.CASCADE)
110    key = models.TextField(default=generate_key)
111
112    class Meta:
113        verbose_name = _("Device Token")
114        verbose_name_plural = _("Device Tokens")
115        indexes = ExpiringModel.Meta.indexes + [
116            models.Index(fields=["key"]),
117        ]
118
119
120class EnrollmentToken(ExpiringModel, SerializerModel):
121    """Token used during enrollment, a device will receive
122    a device token for further authentication"""
123
124    token_uuid = models.UUIDField(primary_key=True, editable=False, default=uuid4)
125    name = models.TextField()
126    key = models.TextField(default=default_token_key)
127    connector = models.ForeignKey(AgentConnector, on_delete=models.CASCADE)
128    device_group = models.ForeignKey(
129        DeviceAccessGroup, on_delete=models.SET_DEFAULT, default=None, null=True
130    )
131
132    @property
133    def serializer(self) -> type[Serializer]:
134        from authentik.endpoints.connectors.agent.api.enrollment_tokens import (
135            EnrollmentTokenSerializer,
136        )
137
138        return EnrollmentTokenSerializer
139
140    class Meta:
141        verbose_name = _("Enrollment Token")
142        verbose_name_plural = _("Enrollment Tokens")
143        indexes = ExpiringModel.Meta.indexes + [
144            models.Index(fields=["key"]),
145        ]
146        permissions = [
147            ("view_enrollment_token_key", _("View token's key")),
148        ]
149
150
151class DeviceAuthenticationToken(InternallyManagedMixin, ExpiringModel):
152
153    identifier = models.UUIDField(default=uuid4, primary_key=True)
154    device = models.ForeignKey(Device, on_delete=models.CASCADE)
155    device_token = models.ForeignKey(DeviceToken, on_delete=models.CASCADE)
156    connector = models.ForeignKey(AgentConnector, on_delete=models.CASCADE)
157    user = models.ForeignKey(User, on_delete=models.CASCADE, null=True, default=None)
158    token = models.TextField()
159
160    def __str__(self):
161        return f"Device authentication token {self.identifier}"
162
163    class Meta(ExpiringModel.Meta):
164        verbose_name = _("Device authentication token")
165        verbose_name_plural = _("Device authentication tokens")
166
167
168class AppleNonce(InternallyManagedMixin, ExpiringModel):
169    nonce = models.TextField()
170    device_token = models.ForeignKey(DeviceToken, on_delete=models.CASCADE)
171
172    class Meta(ExpiringModel.Meta):
173        verbose_name = _("Apple Nonce")
174        verbose_name_plural = _("Apple Nonces")

class AgentConnector(authentik.endpoints.models.Connector): View Source

28class AgentConnector(Connector):
29    """Configure authentication and add device compliance using the authentik Agent."""
30
31    refresh_interval = models.TextField(
32        default="minutes=30",
33        validators=[timedelta_string_validator],
34    )
35
36    auth_session_duration = models.TextField(
37        default="hours=8", validators=[timedelta_string_validator]
38    )
39    auth_terminate_session_on_expiry = models.BooleanField(default=False)
40    authorization_flow = models.ForeignKey(
41        "authentik_flows.Flow", null=True, on_delete=models.SET_DEFAULT, default=None
42    )
43    jwt_federation_providers = models.ManyToManyField(
44        "authentik_providers_oauth2.OAuth2Provider", blank=True, default=None
45    )
46
47    nss_uid_offset = models.PositiveIntegerField(default=1000)
48    nss_gid_offset = models.PositiveIntegerField(default=1000)
49
50    challenge_key = models.ForeignKey(CertificateKeyPair, on_delete=models.CASCADE, null=True)
51    challenge_idle_timeout = models.TextField(
52        validators=[timedelta_string_validator], default="seconds=5"
53    )
54    challenge_trigger_check_in = models.BooleanField(default=False)
55
56    @property
57    def icon_url(self):
58        return static("dist/assets/icons/icon.svg")
59
60    @property
61    def serializer(self) -> type[Serializer]:
62        from authentik.endpoints.connectors.agent.api.connectors import (
63            AgentConnectorSerializer,
64        )
65
66        return AgentConnectorSerializer
67
68    @property
69    def stage(self) -> type[StageView] | None:
70        from authentik.endpoints.connectors.agent.stage import (
71            AuthenticatorEndpointStageView,
72        )
73
74        return AuthenticatorEndpointStageView
75
76    @property
77    def controller(self) -> type[AgentConnectorController]:
78        from authentik.endpoints.connectors.agent.controller import AgentConnectorController
79
80        return AgentConnectorController
81
82    @property
83    def component(self) -> str:
84        return "ak-endpoints-connector-agent-form"
85
86    class Meta:
87        verbose_name = _("Agent Connector")
88        verbose_name_plural = _("Agent Connectors")

Configure authentication and add device compliance using the authentik Agent.

def refresh_interval(unknown):

A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.

def auth_session_duration(unknown):

A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.

def auth_terminate_session_on_expiry(unknown):

A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.

authorization_flow

Accessor to the related object on the forward side of a many-to-one or one-to-one (via ForwardOneToOneDescriptor subclass) relation.

In the example::

class Child(Model):
    parent = ForeignKey(Parent, related_name='children')

Child.parent is a ForwardManyToOneDescriptor instance.

jwt_federation_providers

Accessor to the related objects manager on the forward and reverse sides of a many-to-many relation.

In the example::

class Pizza(Model):
    toppings = ManyToManyField(Topping, related_name='pizzas')

Pizza.toppings and Topping.pizzas are ManyToManyDescriptor instances.

Most of the implementation is delegated to a dynamically defined manager class built by create_forward_many_to_many_manager() defined below.

def nss_uid_offset(unknown):

A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.

def nss_gid_offset(unknown):

A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.

challenge_key

Accessor to the related object on the forward side of a many-to-one or one-to-one (via ForwardOneToOneDescriptor subclass) relation.

In the example::

class Child(Model):
    parent = ForeignKey(Parent, related_name='children')

Child.parent is a ForwardManyToOneDescriptor instance.

def challenge_idle_timeout(unknown):

A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.

def challenge_trigger_check_in(unknown):

A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.

icon_url View Source

56    @property
57    def icon_url(self):
58        return static("dist/assets/icons/icon.svg")

serializer: type[rest_framework.serializers.Serializer] View Source

60    @property
61    def serializer(self) -> type[Serializer]:
62        from authentik.endpoints.connectors.agent.api.connectors import (
63            AgentConnectorSerializer,
64        )
65
66        return AgentConnectorSerializer

Get serializer for this model

stage: type[authentik.flows.stage.StageView] | None View Source

68    @property
69    def stage(self) -> type[StageView] | None:
70        from authentik.endpoints.connectors.agent.stage import (
71            AuthenticatorEndpointStageView,
72        )
73
74        return AuthenticatorEndpointStageView

controller View Source

76    @property
77    def controller(self) -> type[AgentConnectorController]:
78        from authentik.endpoints.connectors.agent.controller import AgentConnectorController
79
80        return AgentConnectorController

component: str View Source

82    @property
83    def component(self) -> str:
84        return "ak-endpoints-connector-agent-form"

schedules

Accessor to the related objects manager on the one-to-many relation created by GenericRelation.

In the example::

class Post(Model):
    comments = GenericRelation(Comment)

post.comments is a ReverseGenericManyToOneDescriptor instance.

tasks

Accessor to the related objects manager on the one-to-many relation created by GenericRelation.

In the example::

class Post(Model):
    comments = GenericRelation(Comment)

post.comments is a ReverseGenericManyToOneDescriptor instance.

authorization_flow_id

challenge_key_id

connector_ptr_id

connector_ptr

Accessor to the related object on the forward side of a one-to-one relation.

In the example::

class Restaurant(Model):
    place = OneToOneField(Place, related_name='restaurant')

Restaurant.place is a ForwardOneToOneDescriptor instance.

enrollmenttoken_set

Accessor to the related objects manager on the reverse side of a many-to-one relation.

In the example::

class Child(Model):
    parent = ForeignKey(Parent, related_name='children')

Parent.children is a ReverseManyToOneDescriptor instance.

Most of the implementation is delegated to a dynamically defined manager class built by create_forward_many_to_many_manager() defined below.

deviceauthenticationtoken_set

Accessor to the related objects manager on the reverse side of a many-to-one relation.

In the example::

class Child(Model):
    parent = ForeignKey(Parent, related_name='children')

Parent.children is a ReverseManyToOneDescriptor instance.

Most of the implementation is delegated to a dynamically defined manager class built by create_forward_many_to_many_manager() defined below.

Inherited Members

authentik.tasks.schedules.models.ScheduledModel: Meta; models
authentik.endpoints.models.Connector: connector_uuid; name; enabled; snapshot_expiry; objects; schedule_specs; device_set; deviceuserbinding_set; deviceconnection_set; endpointstage_set; agentconnector; fleetconnector; googlechromeconnector

class AgentConnector.DoesNotExist(authentik.endpoints.models.Connector.DoesNotExist):

The requested object does not exist

class AgentConnector.MultipleObjectsReturned(authentik.endpoints.models.Connector.MultipleObjectsReturned):

The query returned multiple objects when only one was expected.

class AgentDeviceConnection(authentik.endpoints.models.DeviceConnection): View Source

91class AgentDeviceConnection(DeviceConnection):
92
93    apple_key_exchange_key = models.TextField()
94    apple_encryption_key = models.TextField()
95    apple_enc_key_id = models.TextField()
96    apple_signing_key = models.TextField()
97    apple_sign_key_id = models.TextField()

AgentDeviceConnection(device_connection_uuid, device, connector, deviceconnection_ptr, apple_key_exchange_key, apple_encryption_key, apple_enc_key_id, apple_signing_key, apple_sign_key_id)

def apple_key_exchange_key(unknown):

A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.

def apple_encryption_key(unknown):

A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.

def apple_enc_key_id(unknown):

A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.

def apple_signing_key(unknown):

A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.

def apple_sign_key_id(unknown):

A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.

deviceconnection_ptr_id

deviceconnection_ptr

Accessor to the related object on the forward side of a one-to-one relation.

In the example::

class Restaurant(Model):
    place = OneToOneField(Place, related_name='restaurant')

Restaurant.place is a ForwardOneToOneDescriptor instance.

devicetoken_set

Accessor to the related objects manager on the reverse side of a many-to-one relation.

In the example::

class Child(Model):
    parent = ForeignKey(Parent, related_name='children')

Parent.children is a ReverseManyToOneDescriptor instance.

Most of the implementation is delegated to a dynamically defined manager class built by create_forward_many_to_many_manager() defined below.

Inherited Members

authentik.endpoints.models.DeviceConnection: device_connection_uuid; device; connector; create_snapshot; serializer; device_id; connector_id; objects; devicefactsnapshot_set; agentdeviceconnection
authentik.lib.models.SerializerModel: Meta

class AgentDeviceConnection.DoesNotExist(authentik.endpoints.models.DeviceConnection.DoesNotExist):

The requested object does not exist

class AgentDeviceConnection.MultipleObjectsReturned(authentik.endpoints.models.DeviceConnection.MultipleObjectsReturned):

The query returned multiple objects when only one was expected.

class AgentDeviceUserBinding(authentik.endpoints.models.DeviceUserBinding): View Source

100class AgentDeviceUserBinding(DeviceUserBinding):
101
102    apple_secure_enclave_key = models.TextField()
103    apple_enclave_key_id = models.TextField()

AgentDeviceUserBinding(policy_binding_uuid, enabled, policy, group, user, target, negate, timeout, failure_result, order, policybinding_ptr, is_primary, connector, deviceuserbinding_ptr, apple_secure_enclave_key, apple_enclave_key_id)

def apple_secure_enclave_key(unknown):

A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.

def apple_enclave_key_id(unknown):

A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.

deviceuserbinding_ptr_id

deviceuserbinding_ptr

Accessor to the related object on the forward side of a one-to-one relation.

In the example::

class Restaurant(Model):
    place = OneToOneField(Place, related_name='restaurant')

Restaurant.place is a ForwardOneToOneDescriptor instance.

Inherited Members

authentik.endpoints.models.DeviceUserBinding: is_primary; connector; connector_id; policybinding_ptr_id; policybinding_ptr; agentdeviceuserbinding
authentik.lib.models.SerializerModel: Meta
authentik.policies.models.PolicyBinding: policy_binding_uuid; enabled; policy; group; user; target; negate; timeout; failure_result; order; passes; serializer; target_type; target_name; objects; in_use; policy_id; group_id; user_id; target_id; deviceuserbinding

class AgentDeviceUserBinding.DoesNotExist(authentik.endpoints.models.DeviceUserBinding.DoesNotExist):

The requested object does not exist

class AgentDeviceUserBinding.MultipleObjectsReturned(authentik.endpoints.models.DeviceUserBinding.MultipleObjectsReturned):

The query returned multiple objects when only one was expected.

class DeviceToken(authentik.lib.models.InternallyManagedMixin, authentik.core.models.ExpiringModel): View Source

106class DeviceToken(InternallyManagedMixin, ExpiringModel):
107    """Per-device token used for authentication."""
108
109    token_uuid = models.UUIDField(primary_key=True, default=uuid4)
110    device = models.ForeignKey(AgentDeviceConnection, on_delete=models.CASCADE)
111    key = models.TextField(default=generate_key)
112
113    class Meta:
114        verbose_name = _("Device Token")
115        verbose_name_plural = _("Device Tokens")
116        indexes = ExpiringModel.Meta.indexes + [
117            models.Index(fields=["key"]),
118        ]

Per-device token used for authentication.

def token_uuid(unknown):

A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.

device

Accessor to the related object on the forward side of a many-to-one or one-to-one (via ForwardOneToOneDescriptor subclass) relation.

In the example::

class Child(Model):
    parent = ForeignKey(Parent, related_name='children')

Child.parent is a ForwardManyToOneDescriptor instance.

def key(unknown):

A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.

def expires(unknown):

A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.

def expiring(unknown):

A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.

device_id

deviceauthenticationtoken_set

Accessor to the related objects manager on the reverse side of a many-to-one relation.

In the example::

class Child(Model):
    parent = ForeignKey(Parent, related_name='children')

Parent.children is a ReverseManyToOneDescriptor instance.

Most of the implementation is delegated to a dynamically defined manager class built by create_forward_many_to_many_manager() defined below.

applenonce_set

Accessor to the related objects manager on the reverse side of a many-to-one relation.

In the example::

class Child(Model):
    parent = ForeignKey(Parent, related_name='children')

Parent.children is a ReverseManyToOneDescriptor instance.

Most of the implementation is delegated to a dynamically defined manager class built by create_forward_many_to_many_manager() defined below.

Inherited Members

authentik.core.models.ExpiringModel: Meta; objects; expire_action; filter_not_expired; is_expired

class DeviceToken.DoesNotExist(django.core.exceptions.ObjectDoesNotExist):

The requested object does not exist

class DeviceToken.MultipleObjectsReturned(django.core.exceptions.MultipleObjectsReturned):

The query returned multiple objects when only one was expected.

class EnrollmentToken(authentik.core.models.ExpiringModel, authentik.lib.models.SerializerModel): View Source

121class EnrollmentToken(ExpiringModel, SerializerModel):
122    """Token used during enrollment, a device will receive
123    a device token for further authentication"""
124
125    token_uuid = models.UUIDField(primary_key=True, editable=False, default=uuid4)
126    name = models.TextField()
127    key = models.TextField(default=default_token_key)
128    connector = models.ForeignKey(AgentConnector, on_delete=models.CASCADE)
129    device_group = models.ForeignKey(
130        DeviceAccessGroup, on_delete=models.SET_DEFAULT, default=None, null=True
131    )
132
133    @property
134    def serializer(self) -> type[Serializer]:
135        from authentik.endpoints.connectors.agent.api.enrollment_tokens import (
136            EnrollmentTokenSerializer,
137        )
138
139        return EnrollmentTokenSerializer
140
141    class Meta:
142        verbose_name = _("Enrollment Token")
143        verbose_name_plural = _("Enrollment Tokens")
144        indexes = ExpiringModel.Meta.indexes + [
145            models.Index(fields=["key"]),
146        ]
147        permissions = [
148            ("view_enrollment_token_key", _("View token's key")),
149        ]

Token used during enrollment, a device will receive a device token for further authentication

def token_uuid(unknown):

A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.

def name(unknown):

A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.

def key(unknown):

A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.

connector

Accessor to the related object on the forward side of a many-to-one or one-to-one (via ForwardOneToOneDescriptor subclass) relation.

In the example::

class Child(Model):
    parent = ForeignKey(Parent, related_name='children')

Child.parent is a ForwardManyToOneDescriptor instance.

device_group

Accessor to the related object on the forward side of a many-to-one or one-to-one (via ForwardOneToOneDescriptor subclass) relation.

In the example::

class Child(Model):
    parent = ForeignKey(Parent, related_name='children')

Child.parent is a ForwardManyToOneDescriptor instance.

serializer: type[rest_framework.serializers.Serializer] View Source

133    @property
134    def serializer(self) -> type[Serializer]:
135        from authentik.endpoints.connectors.agent.api.enrollment_tokens import (
136            EnrollmentTokenSerializer,
137        )
138
139        return EnrollmentTokenSerializer

Get serializer for this model

def expires(unknown):

A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.

def expiring(unknown):

A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.

connector_id

device_group_id

Inherited Members

authentik.core.models.ExpiringModel: Meta; objects; expire_action; filter_not_expired; is_expired

class EnrollmentToken.DoesNotExist(django.core.exceptions.ObjectDoesNotExist):

The requested object does not exist

class EnrollmentToken.MultipleObjectsReturned(django.core.exceptions.MultipleObjectsReturned):

The query returned multiple objects when only one was expected.

class DeviceAuthenticationToken(authentik.lib.models.InternallyManagedMixin, authentik.core.models.ExpiringModel): View Source

152class DeviceAuthenticationToken(InternallyManagedMixin, ExpiringModel):
153
154    identifier = models.UUIDField(default=uuid4, primary_key=True)
155    device = models.ForeignKey(Device, on_delete=models.CASCADE)
156    device_token = models.ForeignKey(DeviceToken, on_delete=models.CASCADE)
157    connector = models.ForeignKey(AgentConnector, on_delete=models.CASCADE)
158    user = models.ForeignKey(User, on_delete=models.CASCADE, null=True, default=None)
159    token = models.TextField()
160
161    def __str__(self):
162        return f"Device authentication token {self.identifier}"
163
164    class Meta(ExpiringModel.Meta):
165        verbose_name = _("Device authentication token")
166        verbose_name_plural = _("Device authentication tokens")

DeviceAuthenticationToken(expires, expiring, identifier, device, device_token, connector, user, token)

def identifier(unknown):

A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.

device

Accessor to the related object on the forward side of a many-to-one or one-to-one (via ForwardOneToOneDescriptor subclass) relation.

In the example::

class Child(Model):
    parent = ForeignKey(Parent, related_name='children')

Child.parent is a ForwardManyToOneDescriptor instance.

device_token

Accessor to the related object on the forward side of a many-to-one or one-to-one (via ForwardOneToOneDescriptor subclass) relation.

In the example::

class Child(Model):
    parent = ForeignKey(Parent, related_name='children')

Child.parent is a ForwardManyToOneDescriptor instance.

connector

Accessor to the related object on the forward side of a many-to-one or one-to-one (via ForwardOneToOneDescriptor subclass) relation.

In the example::

class Child(Model):
    parent = ForeignKey(Parent, related_name='children')

Child.parent is a ForwardManyToOneDescriptor instance.

user

Accessor to the related object on the forward side of a many-to-one or one-to-one (via ForwardOneToOneDescriptor subclass) relation.

In the example::

class Child(Model):
    parent = ForeignKey(Parent, related_name='children')

Child.parent is a ForwardManyToOneDescriptor instance.

def token(unknown):

A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.

def expires(unknown):

A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.

def expiring(unknown):

A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.

device_id

device_token_id

connector_id

user_id

Inherited Members

authentik.core.models.ExpiringModel: Meta; objects; expire_action; filter_not_expired; is_expired

class DeviceAuthenticationToken.DoesNotExist(django.core.exceptions.ObjectDoesNotExist):

The requested object does not exist

class DeviceAuthenticationToken.MultipleObjectsReturned(django.core.exceptions.MultipleObjectsReturned):

The query returned multiple objects when only one was expected.

class AppleNonce(authentik.lib.models.InternallyManagedMixin, authentik.core.models.ExpiringModel): View Source

169class AppleNonce(InternallyManagedMixin, ExpiringModel):
170    nonce = models.TextField()
171    device_token = models.ForeignKey(DeviceToken, on_delete=models.CASCADE)
172
173    class Meta(ExpiringModel.Meta):
174        verbose_name = _("Apple Nonce")
175        verbose_name_plural = _("Apple Nonces")

AppleNonce(id, expires, expiring, nonce, device_token)

def nonce(unknown):

A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.

device_token

Accessor to the related object on the forward side of a many-to-one or one-to-one (via ForwardOneToOneDescriptor subclass) relation.

In the example::

class Child(Model):
    parent = ForeignKey(Parent, related_name='children')

Child.parent is a ForwardManyToOneDescriptor instance.

def expires(unknown):

A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.

def expiring(unknown):

A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.

device_token_id

def id(unknown):

A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.

Inherited Members

authentik.core.models.ExpiringModel: Meta; objects; expire_action; filter_not_expired; is_expired

class AppleNonce.DoesNotExist(django.core.exceptions.ObjectDoesNotExist):

The requested object does not exist

class AppleNonce.MultipleObjectsReturned(django.core.exceptions.MultipleObjectsReturned):

The query returned multiple objects when only one was expected.