authentik.endpoints.connectors.agent.models

View Source

  1from typing import TYPE_CHECKING
  2from uuid import uuid4
  3
  4from django.db import models
  5from django.templatetags.static import static
  6from django.utils.translation import gettext_lazy as _
  7from rest_framework.serializers import Serializer
  8
  9from authentik.core.models import ExpiringModel, User, default_token_key
 10from authentik.crypto.models import CertificateKeyPair
 11from authentik.endpoints.models import (
 12    Connector,
 13    Device,
 14    DeviceAccessGroup,
 15    DeviceConnection,
 16    DeviceUserBinding,
 17)
 18from authentik.flows.stage import StageView
 19from authentik.lib.generators import generate_key
 20from authentik.lib.models import InternallyManagedMixin, SerializerModel
 21from authentik.lib.utils.time import timedelta_string_validator
 22from authentik.stages.authenticator.models import Device as Authenticator
 23
 24if TYPE_CHECKING:
 25    from authentik.endpoints.connectors.agent.controller import AgentConnectorController
 26
 27
 28class AgentConnector(Connector):
 29    """Configure authentication and add device compliance using the authentik Agent."""
 30
 31    refresh_interval = models.TextField(
 32        default="minutes=30",
 33        validators=[timedelta_string_validator],
 34    )
 35
 36    auth_session_duration = models.TextField(
 37        default="hours=8", validators=[timedelta_string_validator]
 38    )
 39    auth_terminate_session_on_expiry = models.BooleanField(default=False)
 40    authorization_flow = models.ForeignKey(
 41        "authentik_flows.Flow", null=True, on_delete=models.SET_DEFAULT, default=None
 42    )
 43    jwt_federation_providers = models.ManyToManyField(
 44        "authentik_providers_oauth2.OAuth2Provider", blank=True, default=None
 45    )
 46
 47    nss_uid_offset = models.PositiveIntegerField(default=1000)
 48    nss_gid_offset = models.PositiveIntegerField(default=1000)
 49
 50    challenge_key = models.ForeignKey(CertificateKeyPair, on_delete=models.CASCADE, null=True)
 51    challenge_idle_timeout = models.TextField(
 52        validators=[timedelta_string_validator], default="seconds=5"
 53    )
 54    challenge_trigger_check_in = models.BooleanField(default=False)
 55
 56    @property
 57    def icon_url(self):
 58        return static("dist/assets/icons/icon.svg")
 59
 60    @property
 61    def serializer(self) -> type[Serializer]:
 62        from authentik.endpoints.connectors.agent.api.connectors import (
 63            AgentConnectorSerializer,
 64        )
 65
 66        return AgentConnectorSerializer
 67
 68    @property
 69    def stage(self) -> type[StageView] | None:
 70        from authentik.endpoints.connectors.agent.stage import (
 71            AuthenticatorEndpointStageView,
 72        )
 73
 74        return AuthenticatorEndpointStageView
 75
 76    @property
 77    def controller(self) -> type[AgentConnectorController]:
 78        from authentik.endpoints.connectors.agent.controller import AgentConnectorController
 79
 80        return AgentConnectorController
 81
 82    @property
 83    def component(self) -> str:
 84        return "ak-endpoints-connector-agent-form"
 85
 86    class Meta:
 87        verbose_name = _("Agent Connector")
 88        verbose_name_plural = _("Agent Connectors")
 89
 90
 91class AgentDeviceConnection(DeviceConnection):
 92
 93    apple_key_exchange_key = models.TextField()
 94    apple_encryption_key = models.TextField()
 95    apple_enc_key_id = models.TextField()
 96    apple_signing_key = models.TextField()
 97    apple_sign_key_id = models.TextField()
 98
 99
100class AgentDeviceUserBinding(DeviceUserBinding):
101
102    apple_secure_enclave_key = models.TextField()
103    apple_enclave_key_id = models.TextField()
104
105
106class DeviceToken(InternallyManagedMixin, ExpiringModel):
107    """Per-device token used for authentication."""
108
109    token_uuid = models.UUIDField(primary_key=True, default=uuid4)
110    device = models.ForeignKey(AgentDeviceConnection, on_delete=models.CASCADE)
111    key = models.TextField(default=generate_key)
112
113    class Meta:
114        verbose_name = _("Device Token")
115        verbose_name_plural = _("Device Tokens")
116        indexes = ExpiringModel.Meta.indexes + [
117            models.Index(fields=["key"]),
118        ]
119
120
121class EnrollmentToken(ExpiringModel, SerializerModel):
122    """Token used during enrollment, a device will receive
123    a device token for further authentication"""
124
125    token_uuid = models.UUIDField(primary_key=True, editable=False, default=uuid4)
126    name = models.TextField()
127    key = models.TextField(default=default_token_key)
128    connector = models.ForeignKey(AgentConnector, on_delete=models.CASCADE)
129    device_group = models.ForeignKey(
130        DeviceAccessGroup, on_delete=models.SET_DEFAULT, default=None, null=True
131    )
132
133    @property
134    def serializer(self) -> type[Serializer]:
135        from authentik.endpoints.connectors.agent.api.enrollment_tokens import (
136            EnrollmentTokenSerializer,
137        )
138
139        return EnrollmentTokenSerializer
140
141    class Meta:
142        verbose_name = _("Enrollment Token")
143        verbose_name_plural = _("Enrollment Tokens")
144        indexes = ExpiringModel.Meta.indexes + [
145            models.Index(fields=["key"]),
146        ]
147        permissions = [
148            ("view_enrollment_token_key", _("View token's key")),
149        ]
150
151
152class DeviceAuthenticationToken(InternallyManagedMixin, ExpiringModel):
153
154    identifier = models.UUIDField(default=uuid4, primary_key=True)
155    device = models.ForeignKey(Device, on_delete=models.CASCADE)
156    device_token = models.ForeignKey(DeviceToken, on_delete=models.CASCADE)
157    connector = models.ForeignKey(AgentConnector, on_delete=models.CASCADE)
158    user = models.ForeignKey(User, on_delete=models.CASCADE, null=True, default=None)
159    token = models.TextField()
160
161    def __str__(self):
162        return f"Device authentication token {self.identifier}"
163
164    class Meta(ExpiringModel.Meta):
165        verbose_name = _("Device authentication token")
166        verbose_name_plural = _("Device authentication tokens")
167
168
169class AppleNonce(InternallyManagedMixin, ExpiringModel):
170    nonce = models.TextField()
171    device_token = models.ForeignKey(DeviceToken, on_delete=models.CASCADE)
172
173    class Meta(ExpiringModel.Meta):
174        verbose_name = _("Apple Nonce")
175        verbose_name_plural = _("Apple Nonces")
176
177
178class AppleIndependentSecureEnclave(Authenticator):
179    """A device-independent secure enclave key, used by Tap-to-login"""
180
181    uuid = models.UUIDField(primary_key=True, default=uuid4)
182
183    apple_secure_enclave_key = models.TextField()
184    apple_enclave_key_id = models.TextField()
185    device_type = models.TextField()
186
187    class Meta:
188        verbose_name = _("Apple Independent Secure Enclave")
189        verbose_name_plural = _("Apple Independent Secure Enclaves")

class AgentConnector(authentik.endpoints.models.Connector): View Source

29class AgentConnector(Connector):
30    """Configure authentication and add device compliance using the authentik Agent."""
31
32    refresh_interval = models.TextField(
33        default="minutes=30",
34        validators=[timedelta_string_validator],
35    )
36
37    auth_session_duration = models.TextField(
38        default="hours=8", validators=[timedelta_string_validator]
39    )
40    auth_terminate_session_on_expiry = models.BooleanField(default=False)
41    authorization_flow = models.ForeignKey(
42        "authentik_flows.Flow", null=True, on_delete=models.SET_DEFAULT, default=None
43    )
44    jwt_federation_providers = models.ManyToManyField(
45        "authentik_providers_oauth2.OAuth2Provider", blank=True, default=None
46    )
47
48    nss_uid_offset = models.PositiveIntegerField(default=1000)
49    nss_gid_offset = models.PositiveIntegerField(default=1000)
50
51    challenge_key = models.ForeignKey(CertificateKeyPair, on_delete=models.CASCADE, null=True)
52    challenge_idle_timeout = models.TextField(
53        validators=[timedelta_string_validator], default="seconds=5"
54    )
55    challenge_trigger_check_in = models.BooleanField(default=False)
56
57    @property
58    def icon_url(self):
59        return static("dist/assets/icons/icon.svg")
60
61    @property
62    def serializer(self) -> type[Serializer]:
63        from authentik.endpoints.connectors.agent.api.connectors import (
64            AgentConnectorSerializer,
65        )
66
67        return AgentConnectorSerializer
68
69    @property
70    def stage(self) -> type[StageView] | None:
71        from authentik.endpoints.connectors.agent.stage import (
72            AuthenticatorEndpointStageView,
73        )
74
75        return AuthenticatorEndpointStageView
76
77    @property
78    def controller(self) -> type[AgentConnectorController]:
79        from authentik.endpoints.connectors.agent.controller import AgentConnectorController
80
81        return AgentConnectorController
82
83    @property
84    def component(self) -> str:
85        return "ak-endpoints-connector-agent-form"
86
87    class Meta:
88        verbose_name = _("Agent Connector")
89        verbose_name_plural = _("Agent Connectors")

Configure authentication and add device compliance using the authentik Agent.

def refresh_interval(unknown):

A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.

def auth_session_duration(unknown):

A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.

def auth_terminate_session_on_expiry(unknown):

A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.

authorization_flow

Accessor to the related object on the forward side of a many-to-one or one-to-one (via ForwardOneToOneDescriptor subclass) relation.

In the example::

class Child(Model):
    parent = ForeignKey(Parent, related_name='children')

Child.parent is a ForwardManyToOneDescriptor instance.

jwt_federation_providers

Accessor to the related objects manager on the forward and reverse sides of a many-to-many relation.

In the example::

class Pizza(Model):
    toppings = ManyToManyField(Topping, related_name='pizzas')

Pizza.toppings and Topping.pizzas are ManyToManyDescriptor instances.

Most of the implementation is delegated to a dynamically defined manager class built by create_forward_many_to_many_manager() defined below.

def nss_uid_offset(unknown):

A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.

def nss_gid_offset(unknown):

A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.

challenge_key

Accessor to the related object on the forward side of a many-to-one or one-to-one (via ForwardOneToOneDescriptor subclass) relation.

In the example::

class Child(Model):
    parent = ForeignKey(Parent, related_name='children')

Child.parent is a ForwardManyToOneDescriptor instance.

def challenge_idle_timeout(unknown):

A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.

def challenge_trigger_check_in(unknown):

A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.

icon_url View Source

57    @property
58    def icon_url(self):
59        return static("dist/assets/icons/icon.svg")

serializer: type[rest_framework.serializers.Serializer] View Source

61    @property
62    def serializer(self) -> type[Serializer]:
63        from authentik.endpoints.connectors.agent.api.connectors import (
64            AgentConnectorSerializer,
65        )
66
67        return AgentConnectorSerializer

Get serializer for this model

stage: type[authentik.flows.stage.StageView] | None View Source

69    @property
70    def stage(self) -> type[StageView] | None:
71        from authentik.endpoints.connectors.agent.stage import (
72            AuthenticatorEndpointStageView,
73        )
74
75        return AuthenticatorEndpointStageView

controller View Source

77    @property
78    def controller(self) -> type[AgentConnectorController]:
79        from authentik.endpoints.connectors.agent.controller import AgentConnectorController
80
81        return AgentConnectorController

component: str View Source

83    @property
84    def component(self) -> str:
85        return "ak-endpoints-connector-agent-form"

schedules

Accessor to the related objects manager on the one-to-many relation created by GenericRelation.

In the example::

class Post(Model):
    comments = GenericRelation(Comment)

post.comments is a ReverseGenericManyToOneDescriptor instance.

tasks

Accessor to the related objects manager on the one-to-many relation created by GenericRelation.

In the example::

class Post(Model):
    comments = GenericRelation(Comment)

post.comments is a ReverseGenericManyToOneDescriptor instance.

authorization_flow_id

challenge_key_id

connector_ptr_id

connector_ptr

Accessor to the related object on the forward side of a one-to-one relation.

In the example::

class Restaurant(Model):
    place = OneToOneField(Place, related_name='restaurant')

Restaurant.place is a ForwardOneToOneDescriptor instance.

enrollmenttoken_set

Accessor to the related objects manager on the reverse side of a many-to-one relation.

In the example::

class Child(Model):
    parent = ForeignKey(Parent, related_name='children')

Parent.children is a ReverseManyToOneDescriptor instance.

Most of the implementation is delegated to a dynamically defined manager class built by create_forward_many_to_many_manager() defined below.

deviceauthenticationtoken_set

Accessor to the related objects manager on the reverse side of a many-to-one relation.

In the example::

class Child(Model):
    parent = ForeignKey(Parent, related_name='children')

Parent.children is a ReverseManyToOneDescriptor instance.

Most of the implementation is delegated to a dynamically defined manager class built by create_forward_many_to_many_manager() defined below.

Inherited Members

authentik.tasks.schedules.models.ScheduledModel: Meta; models
authentik.endpoints.models.Connector: connector_uuid; name; enabled; snapshot_expiry; objects; schedule_specs; device_set; deviceuserbinding_set; deviceconnection_set; endpointstage_set; agentconnector; fleetconnector; googlechromeconnector

class AgentConnector.DoesNotExist(authentik.endpoints.models.Connector.DoesNotExist):

The requested object does not exist

class AgentConnector.MultipleObjectsReturned(authentik.endpoints.models.Connector.MultipleObjectsReturned):

The query returned multiple objects when only one was expected.

class AgentDeviceConnection(authentik.endpoints.models.DeviceConnection): View Source

92class AgentDeviceConnection(DeviceConnection):
93
94    apple_key_exchange_key = models.TextField()
95    apple_encryption_key = models.TextField()
96    apple_enc_key_id = models.TextField()
97    apple_signing_key = models.TextField()
98    apple_sign_key_id = models.TextField()

AgentDeviceConnection(device_connection_uuid, device, connector, deviceconnection_ptr, apple_key_exchange_key, apple_encryption_key, apple_enc_key_id, apple_signing_key, apple_sign_key_id)

def apple_key_exchange_key(unknown):

A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.

def apple_encryption_key(unknown):

A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.

def apple_enc_key_id(unknown):

A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.

def apple_signing_key(unknown):

A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.

def apple_sign_key_id(unknown):

A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.

deviceconnection_ptr_id

deviceconnection_ptr

Accessor to the related object on the forward side of a one-to-one relation.

In the example::

class Restaurant(Model):
    place = OneToOneField(Place, related_name='restaurant')

Restaurant.place is a ForwardOneToOneDescriptor instance.

devicetoken_set

Accessor to the related objects manager on the reverse side of a many-to-one relation.

In the example::

class Child(Model):
    parent = ForeignKey(Parent, related_name='children')

Parent.children is a ReverseManyToOneDescriptor instance.

Most of the implementation is delegated to a dynamically defined manager class built by create_forward_many_to_many_manager() defined below.

Inherited Members

authentik.endpoints.models.DeviceConnection: device_connection_uuid; device; connector; create_snapshot; serializer; device_id; connector_id; objects; devicefactsnapshot_set; agentdeviceconnection
authentik.lib.models.SerializerModel: Meta

class AgentDeviceConnection.DoesNotExist(authentik.endpoints.models.DeviceConnection.DoesNotExist):

The requested object does not exist

class AgentDeviceConnection.MultipleObjectsReturned(authentik.endpoints.models.DeviceConnection.MultipleObjectsReturned):

The query returned multiple objects when only one was expected.

class AgentDeviceUserBinding(authentik.endpoints.models.DeviceUserBinding): View Source

101class AgentDeviceUserBinding(DeviceUserBinding):
102
103    apple_secure_enclave_key = models.TextField()
104    apple_enclave_key_id = models.TextField()

AgentDeviceUserBinding(policy_binding_uuid, enabled, policy, group, user, target, negate, timeout, failure_result, order, policybinding_ptr, is_primary, connector, deviceuserbinding_ptr, apple_secure_enclave_key, apple_enclave_key_id)

def apple_secure_enclave_key(unknown):

A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.

def apple_enclave_key_id(unknown):

A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.

deviceuserbinding_ptr_id

deviceuserbinding_ptr

Accessor to the related object on the forward side of a one-to-one relation.

In the example::

class Restaurant(Model):
    place = OneToOneField(Place, related_name='restaurant')

Restaurant.place is a ForwardOneToOneDescriptor instance.

Inherited Members

authentik.endpoints.models.DeviceUserBinding: is_primary; connector; connector_id; policybinding_ptr_id; policybinding_ptr; agentdeviceuserbinding
authentik.lib.models.SerializerModel: Meta
authentik.policies.models.PolicyBinding: policy_binding_uuid; enabled; policy; group; user; target; negate; timeout; failure_result; order; passes; serializer; target_type; target_name; objects; in_use; policy_id; group_id; user_id; target_id; deviceuserbinding

class AgentDeviceUserBinding.DoesNotExist(authentik.endpoints.models.DeviceUserBinding.DoesNotExist):

The requested object does not exist

class AgentDeviceUserBinding.MultipleObjectsReturned(authentik.endpoints.models.DeviceUserBinding.MultipleObjectsReturned):

The query returned multiple objects when only one was expected.

class DeviceToken(authentik.lib.models.InternallyManagedMixin, authentik.core.models.ExpiringModel): View Source

107class DeviceToken(InternallyManagedMixin, ExpiringModel):
108    """Per-device token used for authentication."""
109
110    token_uuid = models.UUIDField(primary_key=True, default=uuid4)
111    device = models.ForeignKey(AgentDeviceConnection, on_delete=models.CASCADE)
112    key = models.TextField(default=generate_key)
113
114    class Meta:
115        verbose_name = _("Device Token")
116        verbose_name_plural = _("Device Tokens")
117        indexes = ExpiringModel.Meta.indexes + [
118            models.Index(fields=["key"]),
119        ]

Per-device token used for authentication.

def token_uuid(unknown):

A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.

device

Accessor to the related object on the forward side of a many-to-one or one-to-one (via ForwardOneToOneDescriptor subclass) relation.

In the example::

class Child(Model):
    parent = ForeignKey(Parent, related_name='children')

Child.parent is a ForwardManyToOneDescriptor instance.

def key(unknown):

A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.

def expires(unknown):

A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.

def expiring(unknown):

A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.

device_id

deviceauthenticationtoken_set

Accessor to the related objects manager on the reverse side of a many-to-one relation.

In the example::

class Child(Model):
    parent = ForeignKey(Parent, related_name='children')

Parent.children is a ReverseManyToOneDescriptor instance.

Most of the implementation is delegated to a dynamically defined manager class built by create_forward_many_to_many_manager() defined below.

applenonce_set

Accessor to the related objects manager on the reverse side of a many-to-one relation.

In the example::

class Child(Model):
    parent = ForeignKey(Parent, related_name='children')

Parent.children is a ReverseManyToOneDescriptor instance.

Most of the implementation is delegated to a dynamically defined manager class built by create_forward_many_to_many_manager() defined below.

Inherited Members

authentik.core.models.ExpiringModel: Meta; objects; expire_action; filter_not_expired; is_expired

class DeviceToken.DoesNotExist(django.core.exceptions.ObjectDoesNotExist):

The requested object does not exist

class DeviceToken.MultipleObjectsReturned(django.core.exceptions.MultipleObjectsReturned):

The query returned multiple objects when only one was expected.

class EnrollmentToken(authentik.core.models.ExpiringModel, authentik.lib.models.SerializerModel): View Source

122class EnrollmentToken(ExpiringModel, SerializerModel):
123    """Token used during enrollment, a device will receive
124    a device token for further authentication"""
125
126    token_uuid = models.UUIDField(primary_key=True, editable=False, default=uuid4)
127    name = models.TextField()
128    key = models.TextField(default=default_token_key)
129    connector = models.ForeignKey(AgentConnector, on_delete=models.CASCADE)
130    device_group = models.ForeignKey(
131        DeviceAccessGroup, on_delete=models.SET_DEFAULT, default=None, null=True
132    )
133
134    @property
135    def serializer(self) -> type[Serializer]:
136        from authentik.endpoints.connectors.agent.api.enrollment_tokens import (
137            EnrollmentTokenSerializer,
138        )
139
140        return EnrollmentTokenSerializer
141
142    class Meta:
143        verbose_name = _("Enrollment Token")
144        verbose_name_plural = _("Enrollment Tokens")
145        indexes = ExpiringModel.Meta.indexes + [
146            models.Index(fields=["key"]),
147        ]
148        permissions = [
149            ("view_enrollment_token_key", _("View token's key")),
150        ]

Token used during enrollment, a device will receive a device token for further authentication

def token_uuid(unknown):

A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.

def name(unknown):

A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.

def key(unknown):

A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.

connector

Accessor to the related object on the forward side of a many-to-one or one-to-one (via ForwardOneToOneDescriptor subclass) relation.

In the example::

class Child(Model):
    parent = ForeignKey(Parent, related_name='children')

Child.parent is a ForwardManyToOneDescriptor instance.

device_group

Accessor to the related object on the forward side of a many-to-one or one-to-one (via ForwardOneToOneDescriptor subclass) relation.

In the example::

class Child(Model):
    parent = ForeignKey(Parent, related_name='children')

Child.parent is a ForwardManyToOneDescriptor instance.

serializer: type[rest_framework.serializers.Serializer] View Source

134    @property
135    def serializer(self) -> type[Serializer]:
136        from authentik.endpoints.connectors.agent.api.enrollment_tokens import (
137            EnrollmentTokenSerializer,
138        )
139
140        return EnrollmentTokenSerializer

Get serializer for this model

def expires(unknown):

A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.

def expiring(unknown):

A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.

connector_id

device_group_id

Inherited Members

authentik.core.models.ExpiringModel: Meta; objects; expire_action; filter_not_expired; is_expired

class EnrollmentToken.DoesNotExist(django.core.exceptions.ObjectDoesNotExist):

The requested object does not exist

class EnrollmentToken.MultipleObjectsReturned(django.core.exceptions.MultipleObjectsReturned):

The query returned multiple objects when only one was expected.

class DeviceAuthenticationToken(authentik.lib.models.InternallyManagedMixin, authentik.core.models.ExpiringModel): View Source

153class DeviceAuthenticationToken(InternallyManagedMixin, ExpiringModel):
154
155    identifier = models.UUIDField(default=uuid4, primary_key=True)
156    device = models.ForeignKey(Device, on_delete=models.CASCADE)
157    device_token = models.ForeignKey(DeviceToken, on_delete=models.CASCADE)
158    connector = models.ForeignKey(AgentConnector, on_delete=models.CASCADE)
159    user = models.ForeignKey(User, on_delete=models.CASCADE, null=True, default=None)
160    token = models.TextField()
161
162    def __str__(self):
163        return f"Device authentication token {self.identifier}"
164
165    class Meta(ExpiringModel.Meta):
166        verbose_name = _("Device authentication token")
167        verbose_name_plural = _("Device authentication tokens")

DeviceAuthenticationToken(expires, expiring, identifier, device, device_token, connector, user, token)

def identifier(unknown):

A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.

device

Accessor to the related object on the forward side of a many-to-one or one-to-one (via ForwardOneToOneDescriptor subclass) relation.

In the example::

class Child(Model):
    parent = ForeignKey(Parent, related_name='children')

Child.parent is a ForwardManyToOneDescriptor instance.

device_token

Accessor to the related object on the forward side of a many-to-one or one-to-one (via ForwardOneToOneDescriptor subclass) relation.

In the example::

class Child(Model):
    parent = ForeignKey(Parent, related_name='children')

Child.parent is a ForwardManyToOneDescriptor instance.

connector

Accessor to the related object on the forward side of a many-to-one or one-to-one (via ForwardOneToOneDescriptor subclass) relation.

In the example::

class Child(Model):
    parent = ForeignKey(Parent, related_name='children')

Child.parent is a ForwardManyToOneDescriptor instance.

user

Accessor to the related object on the forward side of a many-to-one or one-to-one (via ForwardOneToOneDescriptor subclass) relation.

In the example::

class Child(Model):
    parent = ForeignKey(Parent, related_name='children')

Child.parent is a ForwardManyToOneDescriptor instance.

def token(unknown):

A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.

def expires(unknown):

A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.

def expiring(unknown):

A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.

device_id

device_token_id

connector_id

user_id

Inherited Members

authentik.core.models.ExpiringModel: Meta; objects; expire_action; filter_not_expired; is_expired

class DeviceAuthenticationToken.DoesNotExist(django.core.exceptions.ObjectDoesNotExist):

The requested object does not exist

class DeviceAuthenticationToken.MultipleObjectsReturned(django.core.exceptions.MultipleObjectsReturned):

The query returned multiple objects when only one was expected.

class AppleNonce(authentik.lib.models.InternallyManagedMixin, authentik.core.models.ExpiringModel): View Source

170class AppleNonce(InternallyManagedMixin, ExpiringModel):
171    nonce = models.TextField()
172    device_token = models.ForeignKey(DeviceToken, on_delete=models.CASCADE)
173
174    class Meta(ExpiringModel.Meta):
175        verbose_name = _("Apple Nonce")
176        verbose_name_plural = _("Apple Nonces")

AppleNonce(id, expires, expiring, nonce, device_token)

def nonce(unknown):

A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.

device_token

Accessor to the related object on the forward side of a many-to-one or one-to-one (via ForwardOneToOneDescriptor subclass) relation.

In the example::

class Child(Model):
    parent = ForeignKey(Parent, related_name='children')

Child.parent is a ForwardManyToOneDescriptor instance.

def expires(unknown):

A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.

def expiring(unknown):

A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.

device_token_id

def id(unknown):

A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.

Inherited Members

authentik.core.models.ExpiringModel: Meta; objects; expire_action; filter_not_expired; is_expired

class AppleNonce.DoesNotExist(django.core.exceptions.ObjectDoesNotExist):

The requested object does not exist

class AppleNonce.MultipleObjectsReturned(django.core.exceptions.MultipleObjectsReturned):

The query returned multiple objects when only one was expected.

class AppleIndependentSecureEnclave(authentik.stages.authenticator.models.Device): View Source

179class AppleIndependentSecureEnclave(Authenticator):
180    """A device-independent secure enclave key, used by Tap-to-login"""
181
182    uuid = models.UUIDField(primary_key=True, default=uuid4)
183
184    apple_secure_enclave_key = models.TextField()
185    apple_enclave_key_id = models.TextField()
186    device_type = models.TextField()
187
188    class Meta:
189        verbose_name = _("Apple Independent Secure Enclave")
190        verbose_name_plural = _("Apple Independent Secure Enclaves")

A device-independent secure enclave key, used by Tap-to-login

def uuid(unknown):

A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.

def apple_secure_enclave_key(unknown):

A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.

def apple_enclave_key_id(unknown):

A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.

def device_type(unknown):

A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.

user

Accessor to the related object on the forward side of a many-to-one or one-to-one (via ForwardOneToOneDescriptor subclass) relation.

In the example::

class Child(Model):
    parent = ForeignKey(Parent, related_name='children')

Child.parent is a ForwardManyToOneDescriptor instance.

def name(unknown):

A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.

def confirmed(unknown):

A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.

def last_used(unknown):

A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.

def created(unknown):

A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.

def last_updated(unknown):

A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.

def get_next_by_created(unknown):

Method descriptor with partial application of the given arguments and keywords.

Supports wrapping existing descriptors and handles non-descriptor callables as instance methods.

def get_previous_by_created(unknown):

Method descriptor with partial application of the given arguments and keywords.

Supports wrapping existing descriptors and handles non-descriptor callables as instance methods.

def get_next_by_last_updated(unknown):

Method descriptor with partial application of the given arguments and keywords.

Supports wrapping existing descriptors and handles non-descriptor callables as instance methods.

def get_previous_by_last_updated(unknown):

Method descriptor with partial application of the given arguments and keywords.

Supports wrapping existing descriptors and handles non-descriptor callables as instance methods.

user_id

Inherited Members

authentik.stages.authenticator.models.Device: Meta; objects; persistent_id; model_label; from_persistent_id; is_interactive; generate_challenge; verify_is_allowed; verify_token

class AppleIndependentSecureEnclave.DoesNotExist(django.core.exceptions.ObjectDoesNotExist):

The requested object does not exist

class AppleIndependentSecureEnclave.MultipleObjectsReturned(django.core.exceptions.MultipleObjectsReturned):

The query returned multiple objects when only one was expected.