authentik.providers.oauth2.migrations.0001_initial
1# Generated by Django 3.1 on 2020-08-18 15:59 2 3import django.db.models.deletion 4from django.conf import settings 5from django.db import migrations, models 6 7import authentik.core.models 8import authentik.lib.generators 9import authentik.lib.utils.time 10 11 12class Migration(migrations.Migration): 13 initial = True 14 15 dependencies = [ 16 migrations.swappable_dependency(settings.AUTH_USER_MODEL), 17 ("authentik_core", "0007_auto_20200815_1841"), 18 ("authentik_crypto", "0002_create_self_signed_kp"), 19 ] 20 21 operations = [ 22 migrations.RunSQL("DROP TABLE IF EXISTS authentik_providers_oauth_oauth2provider CASCADE;"), 23 migrations.RunSQL("DROP TABLE IF EXISTS authentik_providers_oidc_openidprovider CASCADE;"), 24 migrations.CreateModel( 25 name="OAuth2Provider", 26 fields=[ 27 ( 28 "provider_ptr", 29 models.OneToOneField( 30 auto_created=True, 31 on_delete=django.db.models.deletion.CASCADE, 32 parent_link=True, 33 primary_key=True, 34 serialize=False, 35 to="authentik_core.provider", 36 ), 37 ), 38 ("name", models.TextField()), 39 ( 40 "client_type", 41 models.CharField( 42 choices=[ 43 ("confidential", "Confidential"), 44 ("public", "Public"), 45 ], 46 default="confidential", 47 help_text=( 48 "<b>Confidential</b> clients are capable of maintaining the" 49 " confidentiality\n of their credentials. <b>Public</b> clients are" 50 " incapable." 51 ), 52 max_length=30, 53 verbose_name="Client Type", 54 ), 55 ), 56 ( 57 "client_id", 58 models.CharField( 59 default=authentik.lib.generators.generate_id, 60 max_length=255, 61 unique=True, 62 verbose_name="Client ID", 63 ), 64 ), 65 ( 66 "client_secret", 67 models.CharField( 68 blank=True, 69 default=authentik.lib.generators.generate_key, 70 max_length=255, 71 verbose_name="Client Secret", 72 ), 73 ), 74 ( 75 "response_type", 76 models.TextField( 77 choices=[ 78 ("code", "code (Authorization Code Flow)"), 79 ("id_token", "id_token (Implicit Flow)"), 80 ("id_token token", "id_token token (Implicit Flow)"), 81 ("code token", "code token (Hybrid Flow)"), 82 ("code id_token", "code id_token (Hybrid Flow)"), 83 ( 84 "code id_token token", 85 "code id_token token (Hybrid Flow)", 86 ), 87 ], 88 default="code", 89 help_text="Response Type required by the client.", 90 ), 91 ), 92 ( 93 "jwt_alg", 94 models.CharField( 95 choices=[ 96 ("HS256", "HS256 (Symmetric Encryption)"), 97 ("RS256", "RS256 (Asymmetric Encryption)"), 98 ], 99 default="RS256", 100 help_text="Algorithm used to sign the JWT Token", 101 max_length=10, 102 verbose_name="JWT Algorithm", 103 ), 104 ), 105 ( 106 "redirect_uris", 107 models.TextField( 108 default="", 109 blank=True, 110 help_text="Enter each URI on a new line.", 111 verbose_name="Redirect URIs", 112 ), 113 ), 114 ( 115 "post_logout_redirect_uris", 116 models.TextField( 117 blank=True, 118 default="", 119 help_text="Enter each URI on a new line.", 120 verbose_name="Post Logout Redirect URIs", 121 ), 122 ), 123 ( 124 "include_claims_in_id_token", 125 models.BooleanField( 126 default=True, 127 help_text=( 128 "Include User claims from scopes in the id_token, for applications that" 129 " don't access the userinfo endpoint." 130 ), 131 verbose_name="Include claims in id_token", 132 ), 133 ), 134 ( 135 "token_validity", 136 models.TextField( 137 default="minutes=10", 138 help_text=( 139 "Tokens not valid on or after current time + this value (Format:" 140 " hours=1;minutes=2;seconds=3)." 141 ), 142 validators=[authentik.lib.utils.time.timedelta_string_validator], 143 ), 144 ), 145 ( 146 "rsa_key", 147 models.ForeignKey( 148 help_text=( 149 "Key used to sign the tokens. Only required when JWT Algorithm is set" 150 " to RS256." 151 ), 152 on_delete=django.db.models.deletion.CASCADE, 153 to="authentik_crypto.certificatekeypair", 154 verbose_name="RSA Key", 155 blank=True, 156 null=True, 157 ), 158 ), 159 ], 160 options={ 161 "verbose_name": "OAuth2/OpenID Provider", 162 "verbose_name_plural": "OAuth2/OpenID Providers", 163 }, 164 bases=("authentik_core.provider",), 165 ), 166 migrations.CreateModel( 167 name="ScopeMapping", 168 fields=[ 169 ( 170 "propertymapping_ptr", 171 models.OneToOneField( 172 auto_created=True, 173 on_delete=django.db.models.deletion.CASCADE, 174 parent_link=True, 175 primary_key=True, 176 serialize=False, 177 to="authentik_core.propertymapping", 178 ), 179 ), 180 ("scope_name", models.TextField(help_text="Scope used by the client")), 181 ( 182 "description", 183 models.TextField( 184 blank=True, 185 help_text=( 186 "Description shown to the user when consenting. If left empty, the user" 187 " won't be informed." 188 ), 189 ), 190 ), 191 ], 192 options={ 193 "verbose_name": "Scope Mapping", 194 "verbose_name_plural": "Scope Mappings", 195 }, 196 bases=("authentik_core.propertymapping",), 197 ), 198 migrations.CreateModel( 199 name="RefreshToken", 200 fields=[ 201 ( 202 "id", 203 models.AutoField( 204 auto_created=True, 205 primary_key=True, 206 serialize=False, 207 verbose_name="ID", 208 ), 209 ), 210 ( 211 "expires", 212 models.DateTimeField(default=authentik.core.models.default_token_duration), 213 ), 214 ("expiring", models.BooleanField(default=True)), 215 ("_scope", models.TextField(default="", verbose_name="Scopes")), 216 ( 217 "access_token", 218 models.CharField(max_length=255, unique=True, verbose_name="Access Token"), 219 ), 220 ( 221 "refresh_token", 222 models.CharField(max_length=255, unique=True, verbose_name="Refresh Token"), 223 ), 224 ("_id_token", models.TextField(verbose_name="ID Token")), 225 ( 226 "provider", 227 models.ForeignKey( 228 on_delete=django.db.models.deletion.CASCADE, 229 to="authentik_providers_oauth2.oauth2provider", 230 ), 231 ), 232 ( 233 "user", 234 models.ForeignKey( 235 on_delete=django.db.models.deletion.CASCADE, 236 to=settings.AUTH_USER_MODEL, 237 verbose_name="User", 238 ), 239 ), 240 ], 241 options={ 242 "verbose_name": "Token", 243 "verbose_name_plural": "Tokens", 244 }, 245 ), 246 migrations.CreateModel( 247 name="AuthorizationCode", 248 fields=[ 249 ( 250 "id", 251 models.AutoField( 252 auto_created=True, 253 primary_key=True, 254 serialize=False, 255 verbose_name="ID", 256 ), 257 ), 258 ( 259 "expires", 260 models.DateTimeField(default=authentik.core.models.default_token_duration), 261 ), 262 ("expiring", models.BooleanField(default=True)), 263 ("_scope", models.TextField(default="", verbose_name="Scopes")), 264 ( 265 "code", 266 models.CharField(max_length=255, unique=True, verbose_name="Code"), 267 ), 268 ( 269 "nonce", 270 models.CharField(blank=True, default="", max_length=255, verbose_name="Nonce"), 271 ), 272 ( 273 "is_open_id", 274 models.BooleanField(default=False, verbose_name="Is Authentication?"), 275 ), 276 ( 277 "code_challenge", 278 models.CharField(max_length=255, null=True, verbose_name="Code Challenge"), 279 ), 280 ( 281 "code_challenge_method", 282 models.CharField( 283 max_length=255, null=True, verbose_name="Code Challenge Method" 284 ), 285 ), 286 ( 287 "provider", 288 models.ForeignKey( 289 on_delete=django.db.models.deletion.CASCADE, 290 to="authentik_providers_oauth2.oauth2provider", 291 ), 292 ), 293 ( 294 "user", 295 models.ForeignKey( 296 on_delete=django.db.models.deletion.CASCADE, 297 to=settings.AUTH_USER_MODEL, 298 verbose_name="User", 299 ), 300 ), 301 ], 302 options={ 303 "verbose_name": "Authorization Code", 304 "verbose_name_plural": "Authorization Codes", 305 }, 306 ), 307 ]
class
Migration(django.db.migrations.migration.Migration):
13class Migration(migrations.Migration): 14 initial = True 15 16 dependencies = [ 17 migrations.swappable_dependency(settings.AUTH_USER_MODEL), 18 ("authentik_core", "0007_auto_20200815_1841"), 19 ("authentik_crypto", "0002_create_self_signed_kp"), 20 ] 21 22 operations = [ 23 migrations.RunSQL("DROP TABLE IF EXISTS authentik_providers_oauth_oauth2provider CASCADE;"), 24 migrations.RunSQL("DROP TABLE IF EXISTS authentik_providers_oidc_openidprovider CASCADE;"), 25 migrations.CreateModel( 26 name="OAuth2Provider", 27 fields=[ 28 ( 29 "provider_ptr", 30 models.OneToOneField( 31 auto_created=True, 32 on_delete=django.db.models.deletion.CASCADE, 33 parent_link=True, 34 primary_key=True, 35 serialize=False, 36 to="authentik_core.provider", 37 ), 38 ), 39 ("name", models.TextField()), 40 ( 41 "client_type", 42 models.CharField( 43 choices=[ 44 ("confidential", "Confidential"), 45 ("public", "Public"), 46 ], 47 default="confidential", 48 help_text=( 49 "<b>Confidential</b> clients are capable of maintaining the" 50 " confidentiality\n of their credentials. <b>Public</b> clients are" 51 " incapable." 52 ), 53 max_length=30, 54 verbose_name="Client Type", 55 ), 56 ), 57 ( 58 "client_id", 59 models.CharField( 60 default=authentik.lib.generators.generate_id, 61 max_length=255, 62 unique=True, 63 verbose_name="Client ID", 64 ), 65 ), 66 ( 67 "client_secret", 68 models.CharField( 69 blank=True, 70 default=authentik.lib.generators.generate_key, 71 max_length=255, 72 verbose_name="Client Secret", 73 ), 74 ), 75 ( 76 "response_type", 77 models.TextField( 78 choices=[ 79 ("code", "code (Authorization Code Flow)"), 80 ("id_token", "id_token (Implicit Flow)"), 81 ("id_token token", "id_token token (Implicit Flow)"), 82 ("code token", "code token (Hybrid Flow)"), 83 ("code id_token", "code id_token (Hybrid Flow)"), 84 ( 85 "code id_token token", 86 "code id_token token (Hybrid Flow)", 87 ), 88 ], 89 default="code", 90 help_text="Response Type required by the client.", 91 ), 92 ), 93 ( 94 "jwt_alg", 95 models.CharField( 96 choices=[ 97 ("HS256", "HS256 (Symmetric Encryption)"), 98 ("RS256", "RS256 (Asymmetric Encryption)"), 99 ], 100 default="RS256", 101 help_text="Algorithm used to sign the JWT Token", 102 max_length=10, 103 verbose_name="JWT Algorithm", 104 ), 105 ), 106 ( 107 "redirect_uris", 108 models.TextField( 109 default="", 110 blank=True, 111 help_text="Enter each URI on a new line.", 112 verbose_name="Redirect URIs", 113 ), 114 ), 115 ( 116 "post_logout_redirect_uris", 117 models.TextField( 118 blank=True, 119 default="", 120 help_text="Enter each URI on a new line.", 121 verbose_name="Post Logout Redirect URIs", 122 ), 123 ), 124 ( 125 "include_claims_in_id_token", 126 models.BooleanField( 127 default=True, 128 help_text=( 129 "Include User claims from scopes in the id_token, for applications that" 130 " don't access the userinfo endpoint." 131 ), 132 verbose_name="Include claims in id_token", 133 ), 134 ), 135 ( 136 "token_validity", 137 models.TextField( 138 default="minutes=10", 139 help_text=( 140 "Tokens not valid on or after current time + this value (Format:" 141 " hours=1;minutes=2;seconds=3)." 142 ), 143 validators=[authentik.lib.utils.time.timedelta_string_validator], 144 ), 145 ), 146 ( 147 "rsa_key", 148 models.ForeignKey( 149 help_text=( 150 "Key used to sign the tokens. Only required when JWT Algorithm is set" 151 " to RS256." 152 ), 153 on_delete=django.db.models.deletion.CASCADE, 154 to="authentik_crypto.certificatekeypair", 155 verbose_name="RSA Key", 156 blank=True, 157 null=True, 158 ), 159 ), 160 ], 161 options={ 162 "verbose_name": "OAuth2/OpenID Provider", 163 "verbose_name_plural": "OAuth2/OpenID Providers", 164 }, 165 bases=("authentik_core.provider",), 166 ), 167 migrations.CreateModel( 168 name="ScopeMapping", 169 fields=[ 170 ( 171 "propertymapping_ptr", 172 models.OneToOneField( 173 auto_created=True, 174 on_delete=django.db.models.deletion.CASCADE, 175 parent_link=True, 176 primary_key=True, 177 serialize=False, 178 to="authentik_core.propertymapping", 179 ), 180 ), 181 ("scope_name", models.TextField(help_text="Scope used by the client")), 182 ( 183 "description", 184 models.TextField( 185 blank=True, 186 help_text=( 187 "Description shown to the user when consenting. If left empty, the user" 188 " won't be informed." 189 ), 190 ), 191 ), 192 ], 193 options={ 194 "verbose_name": "Scope Mapping", 195 "verbose_name_plural": "Scope Mappings", 196 }, 197 bases=("authentik_core.propertymapping",), 198 ), 199 migrations.CreateModel( 200 name="RefreshToken", 201 fields=[ 202 ( 203 "id", 204 models.AutoField( 205 auto_created=True, 206 primary_key=True, 207 serialize=False, 208 verbose_name="ID", 209 ), 210 ), 211 ( 212 "expires", 213 models.DateTimeField(default=authentik.core.models.default_token_duration), 214 ), 215 ("expiring", models.BooleanField(default=True)), 216 ("_scope", models.TextField(default="", verbose_name="Scopes")), 217 ( 218 "access_token", 219 models.CharField(max_length=255, unique=True, verbose_name="Access Token"), 220 ), 221 ( 222 "refresh_token", 223 models.CharField(max_length=255, unique=True, verbose_name="Refresh Token"), 224 ), 225 ("_id_token", models.TextField(verbose_name="ID Token")), 226 ( 227 "provider", 228 models.ForeignKey( 229 on_delete=django.db.models.deletion.CASCADE, 230 to="authentik_providers_oauth2.oauth2provider", 231 ), 232 ), 233 ( 234 "user", 235 models.ForeignKey( 236 on_delete=django.db.models.deletion.CASCADE, 237 to=settings.AUTH_USER_MODEL, 238 verbose_name="User", 239 ), 240 ), 241 ], 242 options={ 243 "verbose_name": "Token", 244 "verbose_name_plural": "Tokens", 245 }, 246 ), 247 migrations.CreateModel( 248 name="AuthorizationCode", 249 fields=[ 250 ( 251 "id", 252 models.AutoField( 253 auto_created=True, 254 primary_key=True, 255 serialize=False, 256 verbose_name="ID", 257 ), 258 ), 259 ( 260 "expires", 261 models.DateTimeField(default=authentik.core.models.default_token_duration), 262 ), 263 ("expiring", models.BooleanField(default=True)), 264 ("_scope", models.TextField(default="", verbose_name="Scopes")), 265 ( 266 "code", 267 models.CharField(max_length=255, unique=True, verbose_name="Code"), 268 ), 269 ( 270 "nonce", 271 models.CharField(blank=True, default="", max_length=255, verbose_name="Nonce"), 272 ), 273 ( 274 "is_open_id", 275 models.BooleanField(default=False, verbose_name="Is Authentication?"), 276 ), 277 ( 278 "code_challenge", 279 models.CharField(max_length=255, null=True, verbose_name="Code Challenge"), 280 ), 281 ( 282 "code_challenge_method", 283 models.CharField( 284 max_length=255, null=True, verbose_name="Code Challenge Method" 285 ), 286 ), 287 ( 288 "provider", 289 models.ForeignKey( 290 on_delete=django.db.models.deletion.CASCADE, 291 to="authentik_providers_oauth2.oauth2provider", 292 ), 293 ), 294 ( 295 "user", 296 models.ForeignKey( 297 on_delete=django.db.models.deletion.CASCADE, 298 to=settings.AUTH_USER_MODEL, 299 verbose_name="User", 300 ), 301 ), 302 ], 303 options={ 304 "verbose_name": "Authorization Code", 305 "verbose_name_plural": "Authorization Codes", 306 }, 307 ), 308 ]
The base class for all migrations.
Migration files will import this from django.db.migrations.Migration and subclass it as a class called Migration. It will have one or more of the following attributes:
- operations: A list of Operation instances, probably from django.db.migrations.operations
- dependencies: A list of tuples of (app_path, migration_name)
- run_before: A list of tuples of (app_path, migration_name)
- replaces: A list of migration_names
Note that all migrations come out of migrations and into the Loader or Graph as instances, having been initialized with their app label and name.
dependencies =
[('authentik_core', '__first__'), ('authentik_core', '0007_auto_20200815_1841'), ('authentik_crypto', '0002_create_self_signed_kp')]
operations =
[<RunSQL 'DROP TABLE IF EXISTS authentik_providers_oauth_oauth2provider CASCADE;'>, <RunSQL 'DROP TABLE IF EXISTS authentik_providers_oidc_openidprovider CASCADE;'>, <CreateModel name='OAuth2Provider', fields=[('provider_ptr', <django.db.models.fields.related.OneToOneField>), ('name', <django.db.models.fields.TextField>), ('client_type', <django.db.models.fields.CharField>), ('client_id', <django.db.models.fields.CharField>), ('client_secret', <django.db.models.fields.CharField>), ('response_type', <django.db.models.fields.TextField>), ('jwt_alg', <django.db.models.fields.CharField>), ('redirect_uris', <django.db.models.fields.TextField>), ('post_logout_redirect_uris', <django.db.models.fields.TextField>), ('include_claims_in_id_token', <django.db.models.fields.BooleanField>), ('token_validity', <django.db.models.fields.TextField>), ('rsa_key', <django.db.models.fields.related.ForeignKey>)], options={'verbose_name': 'OAuth2/OpenID Provider', 'verbose_name_plural': 'OAuth2/OpenID Providers'}, bases=('authentik_core.provider',)>, <CreateModel name='ScopeMapping', fields=[('propertymapping_ptr', <django.db.models.fields.related.OneToOneField>), ('scope_name', <django.db.models.fields.TextField>), ('description', <django.db.models.fields.TextField>)], options={'verbose_name': 'Scope Mapping', 'verbose_name_plural': 'Scope Mappings'}, bases=('authentik_core.propertymapping',)>, <CreateModel name='RefreshToken', fields=[('id', <django.db.models.fields.AutoField>), ('expires', <django.db.models.fields.DateTimeField>), ('expiring', <django.db.models.fields.BooleanField>), ('_scope', <django.db.models.fields.TextField>), ('access_token', <django.db.models.fields.CharField>), ('refresh_token', <django.db.models.fields.CharField>), ('_id_token', <django.db.models.fields.TextField>), ('provider', <django.db.models.fields.related.ForeignKey>), ('user', <django.db.models.fields.related.ForeignKey>)], options={'verbose_name': 'Token', 'verbose_name_plural': 'Tokens'}>, <CreateModel name='AuthorizationCode', fields=[('id', <django.db.models.fields.AutoField>), ('expires', <django.db.models.fields.DateTimeField>), ('expiring', <django.db.models.fields.BooleanField>), ('_scope', <django.db.models.fields.TextField>), ('code', <django.db.models.fields.CharField>), ('nonce', <django.db.models.fields.CharField>), ('is_open_id', <django.db.models.fields.BooleanField>), ('code_challenge', <django.db.models.fields.CharField>), ('code_challenge_method', <django.db.models.fields.CharField>), ('provider', <django.db.models.fields.related.ForeignKey>), ('user', <django.db.models.fields.related.ForeignKey>)], options={'verbose_name': 'Authorization Code', 'verbose_name_plural': 'Authorization Codes'}>]