authentik.sources.oauth.models
OAuth Client models
1"""OAuth Client models""" 2 3from typing import TYPE_CHECKING 4 5from django.db import models 6from django.http.request import HttpRequest 7from django.urls import reverse 8from django.utils.timezone import now 9from django.utils.translation import gettext_lazy as _ 10from rest_framework.serializers import Serializer 11 12from authentik.core.api.object_types import CreatableType, NonCreatableType 13from authentik.core.models import ( 14 GroupSourceConnection, 15 PropertyMapping, 16 Source, 17 UserSourceConnection, 18) 19from authentik.core.types import UILoginButton, UserSettingSerializer 20 21if TYPE_CHECKING: 22 from authentik.sources.oauth.types.registry import SourceType 23 24 25class AuthorizationCodeAuthMethod(models.TextChoices): 26 BASIC_AUTH = "basic_auth", _("HTTP Basic Authentication") 27 POST_BODY = "post_body", _("Include the client ID and secret as request parameters") 28 29 30class PKCEMethod(models.TextChoices): 31 NONE = "none", _("No PKCE") 32 PLAIN = "plain", _("Plain") 33 S256 = "S256", _("S256") 34 35 36class OAuthSource(NonCreatableType, Source): 37 """Login using a Generic OAuth provider.""" 38 39 provider_type = models.CharField(max_length=255) 40 request_token_url = models.CharField( 41 null=True, 42 max_length=255, 43 verbose_name=_("Request Token URL"), 44 help_text=_( 45 "URL used to request the initial token. This URL is only required for OAuth 1." 46 ), 47 ) 48 authorization_url = models.CharField( 49 max_length=255, 50 null=True, 51 verbose_name=_("Authorization URL"), 52 help_text=_("URL the user is redirect to to conest the flow."), 53 ) 54 access_token_url = models.CharField( 55 max_length=255, 56 null=True, 57 verbose_name=_("Access Token URL"), 58 help_text=_("URL used by authentik to retrieve tokens."), 59 ) 60 profile_url = models.CharField( 61 max_length=255, 62 null=True, 63 verbose_name=_("Profile URL"), 64 help_text=_("URL used by authentik to get user information."), 65 ) 66 additional_scopes = models.TextField( 67 default="", blank=True, verbose_name=_("Additional Scopes") 68 ) 69 consumer_key = models.TextField() 70 consumer_secret = models.TextField() 71 72 oidc_well_known_url = models.TextField(default="", blank=True) 73 oidc_jwks_url = models.TextField(default="", blank=True) 74 oidc_jwks = models.JSONField(default=dict, blank=True) 75 76 pkce = models.TextField( 77 choices=PKCEMethod.choices, default=PKCEMethod.NONE, verbose_name=_("PKCE") 78 ) 79 authorization_code_auth_method = models.TextField( 80 choices=AuthorizationCodeAuthMethod.choices, 81 default=AuthorizationCodeAuthMethod.BASIC_AUTH, 82 help_text=_( 83 "How to perform authentication during an authorization_code token request flow" 84 ), 85 ) 86 87 @property 88 def source_type(self) -> type[SourceType]: 89 """Return the provider instance for this source""" 90 from authentik.sources.oauth.types.registry import registry 91 92 return registry.find_type(self.provider_type) 93 94 @property 95 def component(self) -> str: 96 return "ak-source-oauth-form" 97 98 @property 99 def serializer(self) -> type[Serializer]: 100 from authentik.sources.oauth.api.source import OAuthSourceSerializer 101 102 return OAuthSourceSerializer 103 104 @property 105 def property_mapping_type(self) -> type[PropertyMapping]: 106 return OAuthSourcePropertyMapping 107 108 def get_base_user_properties(self, **kwargs): 109 return self.source_type().get_base_user_properties(source=self, **kwargs) 110 111 def get_base_group_properties(self, **kwargs): 112 return self.source_type().get_base_group_properties(source=self, **kwargs) 113 114 @property 115 def icon_url(self) -> str | None: 116 # When listing source types, this property might be retrieved from an abstract 117 # model. In that case we can't check self.provider_type or self.icon_url 118 # and as such we attempt to find the correct provider type based on the mode name 119 if self.Meta.abstract: 120 from authentik.sources.oauth.types.registry import registry 121 122 provider_type = registry.find_type( 123 self._meta.model_name.replace(OAuthSource._meta.model_name, "") 124 ) 125 return provider_type().icon_url() 126 icon = super().icon_url 127 if not icon: 128 provider_type = self.source_type 129 provider = provider_type() 130 icon = provider.icon_url() 131 return icon 132 133 def ui_login_button(self, request: HttpRequest) -> UILoginButton: 134 provider_type = self.source_type 135 provider = provider_type() 136 return UILoginButton( 137 name=self.name, 138 challenge=provider.login_challenge(self, request), 139 icon_url=self.icon_url, 140 promoted=self.promoted, 141 ) 142 143 def ui_user_settings(self) -> UserSettingSerializer | None: 144 return UserSettingSerializer( 145 data={ 146 "title": self.name, 147 "component": "ak-user-settings-source-oauth", 148 "configure_url": reverse( 149 "authentik_sources_oauth:oauth-client-login", 150 kwargs={"source_slug": self.slug}, 151 ), 152 "icon_url": self.icon_url, 153 } 154 ) 155 156 def __str__(self) -> str: 157 return f"OAuth Source {self.name}" 158 159 class Meta: 160 verbose_name = _("OAuth Source") 161 verbose_name_plural = _("OAuth Sources") 162 163 164class GitHubOAuthSource(CreatableType, OAuthSource): 165 """Social Login using GitHub.com or a GitHub-Enterprise Instance.""" 166 167 class Meta: 168 abstract = True 169 verbose_name = _("GitHub OAuth Source") 170 verbose_name_plural = _("GitHub OAuth Sources") 171 172 173class GitLabOAuthSource(CreatableType, OAuthSource): 174 """Social Login using GitLab.com or a GitLab Instance.""" 175 176 class Meta: 177 abstract = True 178 verbose_name = _("GitLab OAuth Source") 179 verbose_name_plural = _("GitLab OAuth Sources") 180 181 182class TwitchOAuthSource(CreatableType, OAuthSource): 183 """Social Login using Twitch.""" 184 185 class Meta: 186 abstract = True 187 verbose_name = _("Twitch OAuth Source") 188 verbose_name_plural = _("Twitch OAuth Sources") 189 190 191class MailcowOAuthSource(CreatableType, OAuthSource): 192 """Social Login using Mailcow.""" 193 194 class Meta: 195 abstract = True 196 verbose_name = _("Mailcow OAuth Source") 197 verbose_name_plural = _("Mailcow OAuth Sources") 198 199 200class TwitterOAuthSource(CreatableType, OAuthSource): 201 """Social Login using Twitter.com""" 202 203 class Meta: 204 abstract = True 205 verbose_name = _("Twitter OAuth Source") 206 verbose_name_plural = _("Twitter OAuth Sources") 207 208 209class FacebookOAuthSource(CreatableType, OAuthSource): 210 """Social Login using Facebook.com.""" 211 212 class Meta: 213 abstract = True 214 verbose_name = _("Facebook OAuth Source") 215 verbose_name_plural = _("Facebook OAuth Sources") 216 217 218class DiscordOAuthSource(CreatableType, OAuthSource): 219 """Social Login using Discord.""" 220 221 class Meta: 222 abstract = True 223 verbose_name = _("Discord OAuth Source") 224 verbose_name_plural = _("Discord OAuth Sources") 225 226 227class SlackOAuthSource(CreatableType, OAuthSource): 228 """Social Login using Slack.""" 229 230 class Meta: 231 abstract = True 232 verbose_name = _("Slack OAuth Source") 233 verbose_name_plural = _("Slack OAuth Sources") 234 235 236class PatreonOAuthSource(CreatableType, OAuthSource): 237 """Social Login using Patreon.""" 238 239 class Meta: 240 abstract = True 241 verbose_name = _("Patreon OAuth Source") 242 verbose_name_plural = _("Patreon OAuth Sources") 243 244 245class GoogleOAuthSource(CreatableType, OAuthSource): 246 """Social Login using Google or Google Workspace (GSuite).""" 247 248 class Meta: 249 abstract = True 250 verbose_name = _("Google OAuth Source") 251 verbose_name_plural = _("Google OAuth Sources") 252 253 254class AzureADOAuthSource(CreatableType, OAuthSource): 255 """(Deprecated) Social Login using Azure AD.""" 256 257 class Meta: 258 abstract = True 259 verbose_name = _("Azure AD OAuth Source") 260 verbose_name_plural = _("Azure AD OAuth Sources") 261 262 263# TODO: When removing this, add a migration for OAuthSource that sets 264# provider_type to `entraid` if it is currently `azuread` 265class EntraIDOAuthSource(CreatableType, OAuthSource): 266 """Social Login using Entra ID.""" 267 268 class Meta: 269 abstract = True 270 verbose_name = _("Entra ID OAuth Source") 271 verbose_name_plural = _("Entra ID OAuth Sources") 272 273 274class OpenIDConnectOAuthSource(CreatableType, OAuthSource): 275 """Login using a Generic OpenID-Connect compliant provider.""" 276 277 class Meta: 278 abstract = True 279 verbose_name = _("OpenID OAuth Source") 280 verbose_name_plural = _("OpenID OAuth Sources") 281 282 283class AppleOAuthSource(CreatableType, OAuthSource): 284 """Social Login using Apple.""" 285 286 class Meta: 287 abstract = True 288 verbose_name = _("Apple OAuth Source") 289 verbose_name_plural = _("Apple OAuth Sources") 290 291 292class OktaOAuthSource(CreatableType, OAuthSource): 293 """Social Login using Okta.""" 294 295 class Meta: 296 abstract = True 297 verbose_name = _("Okta OAuth Source") 298 verbose_name_plural = _("Okta OAuth Sources") 299 300 301class RedditOAuthSource(CreatableType, OAuthSource): 302 """Social Login using reddit.com.""" 303 304 class Meta: 305 abstract = True 306 verbose_name = _("Reddit OAuth Source") 307 verbose_name_plural = _("Reddit OAuth Sources") 308 309 310class WeChatOAuthSource(CreatableType, OAuthSource): 311 """Social Login using WeChat.""" 312 313 class Meta: 314 abstract = True 315 verbose_name = _("WeChat OAuth Source") 316 verbose_name_plural = _("WeChat OAuth Sources") 317 318 319class OAuthSourcePropertyMapping(PropertyMapping): 320 """Map OAuth properties to User or Group object attributes""" 321 322 @property 323 def component(self) -> str: 324 return "ak-property-mapping-source-oauth-form" 325 326 @property 327 def serializer(self) -> type[Serializer]: 328 from authentik.sources.oauth.api.property_mappings import ( 329 OAuthSourcePropertyMappingSerializer, 330 ) 331 332 return OAuthSourcePropertyMappingSerializer 333 334 class Meta: 335 verbose_name = _("OAuth Source Property Mapping") 336 verbose_name_plural = _("OAuth Source Property Mappings") 337 338 339class UserOAuthSourceConnection(UserSourceConnection): 340 """Authorized remote OAuth provider.""" 341 342 access_token = models.TextField(blank=True, null=True, default=None) 343 refresh_token = models.TextField(blank=True, null=True, default=None) 344 expires = models.DateTimeField(default=now) 345 346 @property 347 def is_valid(self): 348 return self.expires > now() 349 350 @property 351 def serializer(self) -> type[Serializer]: 352 from authentik.sources.oauth.api.source_connection import ( 353 UserOAuthSourceConnectionSerializer, 354 ) 355 356 return UserOAuthSourceConnectionSerializer 357 358 class Meta: 359 verbose_name = _("User OAuth Source Connection") 360 verbose_name_plural = _("User OAuth Source Connections") 361 362 363class GroupOAuthSourceConnection(GroupSourceConnection): 364 """Group-source connection""" 365 366 @property 367 def serializer(self) -> type[Serializer]: 368 from authentik.sources.oauth.api.source_connection import ( 369 GroupOAuthSourceConnectionSerializer, 370 ) 371 372 return GroupOAuthSourceConnectionSerializer 373 374 class Meta: 375 verbose_name = _("Group OAuth Source Connection") 376 verbose_name_plural = _("Group OAuth Source Connections")
class
AuthorizationCodeAuthMethod(django.db.models.enums.TextChoices):
26class AuthorizationCodeAuthMethod(models.TextChoices): 27 BASIC_AUTH = "basic_auth", _("HTTP Basic Authentication") 28 POST_BODY = "post_body", _("Include the client ID and secret as request parameters")
Class for creating enumerated string choices.
BASIC_AUTH =
AuthorizationCodeAuthMethod.BASIC_AUTH
POST_BODY =
AuthorizationCodeAuthMethod.POST_BODY
class
PKCEMethod(django.db.models.enums.TextChoices):
31class PKCEMethod(models.TextChoices): 32 NONE = "none", _("No PKCE") 33 PLAIN = "plain", _("Plain") 34 S256 = "S256", _("S256")
Class for creating enumerated string choices.
NONE =
PKCEMethod.NONE
PLAIN =
PKCEMethod.PLAIN
S256 =
PKCEMethod.S256
37class OAuthSource(NonCreatableType, Source): 38 """Login using a Generic OAuth provider.""" 39 40 provider_type = models.CharField(max_length=255) 41 request_token_url = models.CharField( 42 null=True, 43 max_length=255, 44 verbose_name=_("Request Token URL"), 45 help_text=_( 46 "URL used to request the initial token. This URL is only required for OAuth 1." 47 ), 48 ) 49 authorization_url = models.CharField( 50 max_length=255, 51 null=True, 52 verbose_name=_("Authorization URL"), 53 help_text=_("URL the user is redirect to to conest the flow."), 54 ) 55 access_token_url = models.CharField( 56 max_length=255, 57 null=True, 58 verbose_name=_("Access Token URL"), 59 help_text=_("URL used by authentik to retrieve tokens."), 60 ) 61 profile_url = models.CharField( 62 max_length=255, 63 null=True, 64 verbose_name=_("Profile URL"), 65 help_text=_("URL used by authentik to get user information."), 66 ) 67 additional_scopes = models.TextField( 68 default="", blank=True, verbose_name=_("Additional Scopes") 69 ) 70 consumer_key = models.TextField() 71 consumer_secret = models.TextField() 72 73 oidc_well_known_url = models.TextField(default="", blank=True) 74 oidc_jwks_url = models.TextField(default="", blank=True) 75 oidc_jwks = models.JSONField(default=dict, blank=True) 76 77 pkce = models.TextField( 78 choices=PKCEMethod.choices, default=PKCEMethod.NONE, verbose_name=_("PKCE") 79 ) 80 authorization_code_auth_method = models.TextField( 81 choices=AuthorizationCodeAuthMethod.choices, 82 default=AuthorizationCodeAuthMethod.BASIC_AUTH, 83 help_text=_( 84 "How to perform authentication during an authorization_code token request flow" 85 ), 86 ) 87 88 @property 89 def source_type(self) -> type[SourceType]: 90 """Return the provider instance for this source""" 91 from authentik.sources.oauth.types.registry import registry 92 93 return registry.find_type(self.provider_type) 94 95 @property 96 def component(self) -> str: 97 return "ak-source-oauth-form" 98 99 @property 100 def serializer(self) -> type[Serializer]: 101 from authentik.sources.oauth.api.source import OAuthSourceSerializer 102 103 return OAuthSourceSerializer 104 105 @property 106 def property_mapping_type(self) -> type[PropertyMapping]: 107 return OAuthSourcePropertyMapping 108 109 def get_base_user_properties(self, **kwargs): 110 return self.source_type().get_base_user_properties(source=self, **kwargs) 111 112 def get_base_group_properties(self, **kwargs): 113 return self.source_type().get_base_group_properties(source=self, **kwargs) 114 115 @property 116 def icon_url(self) -> str | None: 117 # When listing source types, this property might be retrieved from an abstract 118 # model. In that case we can't check self.provider_type or self.icon_url 119 # and as such we attempt to find the correct provider type based on the mode name 120 if self.Meta.abstract: 121 from authentik.sources.oauth.types.registry import registry 122 123 provider_type = registry.find_type( 124 self._meta.model_name.replace(OAuthSource._meta.model_name, "") 125 ) 126 return provider_type().icon_url() 127 icon = super().icon_url 128 if not icon: 129 provider_type = self.source_type 130 provider = provider_type() 131 icon = provider.icon_url() 132 return icon 133 134 def ui_login_button(self, request: HttpRequest) -> UILoginButton: 135 provider_type = self.source_type 136 provider = provider_type() 137 return UILoginButton( 138 name=self.name, 139 challenge=provider.login_challenge(self, request), 140 icon_url=self.icon_url, 141 promoted=self.promoted, 142 ) 143 144 def ui_user_settings(self) -> UserSettingSerializer | None: 145 return UserSettingSerializer( 146 data={ 147 "title": self.name, 148 "component": "ak-user-settings-source-oauth", 149 "configure_url": reverse( 150 "authentik_sources_oauth:oauth-client-login", 151 kwargs={"source_slug": self.slug}, 152 ), 153 "icon_url": self.icon_url, 154 } 155 ) 156 157 def __str__(self) -> str: 158 return f"OAuth Source {self.name}" 159 160 class Meta: 161 verbose_name = _("OAuth Source") 162 verbose_name_plural = _("OAuth Sources")
Login using a Generic OAuth provider.
def
provider_type(unknown):
A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.
def
request_token_url(unknown):
A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.
def
access_token_url(unknown):
A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.
def
profile_url(unknown):
A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.
def
additional_scopes(unknown):
A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.
def
consumer_key(unknown):
A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.
def
consumer_secret(unknown):
A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.
def
oidc_well_known_url(unknown):
A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.
def
oidc_jwks_url(unknown):
A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.
def
oidc_jwks(unknown):
A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.
def
pkce(unknown):
A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.
source_type
88 @property 89 def source_type(self) -> type[SourceType]: 90 """Return the provider instance for this source""" 91 from authentik.sources.oauth.types.registry import registry 92 93 return registry.find_type(self.provider_type)
Return the provider instance for this source
serializer: type[rest_framework.serializers.Serializer]
99 @property 100 def serializer(self) -> type[Serializer]: 101 from authentik.sources.oauth.api.source import OAuthSourceSerializer 102 103 return OAuthSourceSerializer
Get serializer for this model
property_mapping_type: type[authentik.core.models.PropertyMapping]
105 @property 106 def property_mapping_type(self) -> type[PropertyMapping]: 107 return OAuthSourcePropertyMapping
Return property mapping type used by this object
def
get_base_user_properties(self, **kwargs):
109 def get_base_user_properties(self, **kwargs): 110 return self.source_type().get_base_user_properties(source=self, **kwargs)
Get base properties for a user to build final properties upon.
def
get_base_group_properties(self, **kwargs):
112 def get_base_group_properties(self, **kwargs): 113 return self.source_type().get_base_group_properties(source=self, **kwargs)
Get base properties for a group to build final properties upon.
icon_url: str | None
115 @property 116 def icon_url(self) -> str | None: 117 # When listing source types, this property might be retrieved from an abstract 118 # model. In that case we can't check self.provider_type or self.icon_url 119 # and as such we attempt to find the correct provider type based on the mode name 120 if self.Meta.abstract: 121 from authentik.sources.oauth.types.registry import registry 122 123 provider_type = registry.find_type( 124 self._meta.model_name.replace(OAuthSource._meta.model_name, "") 125 ) 126 return provider_type().icon_url() 127 icon = super().icon_url 128 if not icon: 129 provider_type = self.source_type 130 provider = provider_type() 131 icon = provider.icon_url() 132 return icon
Get the URL to the source icon
144 def ui_user_settings(self) -> UserSettingSerializer | None: 145 return UserSettingSerializer( 146 data={ 147 "title": self.name, 148 "component": "ak-user-settings-source-oauth", 149 "configure_url": reverse( 150 "authentik_sources_oauth:oauth-client-login", 151 kwargs={"source_slug": self.slug}, 152 ), 153 "icon_url": self.icon_url, 154 } 155 )
Entrypoint to integrate with User settings. Can either return None if no user settings are available, or UserSettingSerializer.
def
get_pkce_display(unknown):
Method descriptor with partial application of the given arguments and keywords.
Supports wrapping existing descriptors and handles non-descriptor callables as instance methods.
source_ptr
Accessor to the related object on the forward side of a one-to-one relation.
In the example::
class Restaurant(Model):
place = OneToOneField(Place, related_name='restaurant')
Restaurant.place is a ForwardOneToOneDescriptor instance.
oauth2_providers
Accessor to the related objects manager on the forward and reverse sides of a many-to-many relation.
In the example::
class Pizza(Model):
toppings = ManyToManyField(Topping, related_name='pizzas')
Pizza.toppings and Topping.pizzas are ManyToManyDescriptor
instances.
Most of the implementation is delegated to a dynamically defined manager
class built by create_forward_many_to_many_manager() defined below.
scimprovider_set
Accessor to the related objects manager on the reverse side of a many-to-one relation.
In the example::
class Child(Model):
parent = ForeignKey(Parent, related_name='children')
Parent.children is a ReverseManyToOneDescriptor instance.
Most of the implementation is delegated to a dynamically defined manager
class built by create_forward_many_to_many_manager() defined below.
Inherited Members
- authentik.core.models.Source
- MANAGED_INBUILT
- name
- slug
- user_path_template
- enabled
- promoted
- user_property_mappings
- group_property_mappings
- icon
- authentication_flow
- enrollment_flow
- user_matching_mode
- group_matching_mode
- objects
- icon_themed_urls
- get_user_path
- managed
- authentication_flow_id
- enrollment_flow_id
- get_user_matching_mode_display
- get_group_matching_mode_display
- policybindingmodel_ptr_id
- policybindingmodel_ptr
- user_set
- usersourceconnection_set
- groupsourceconnection_set
- oauthsource
- samlsource
- kerberossource
- ldapsource
- identificationstage_set
- plexsource
- scimsource
- telegramsource
- sourcestage_set
The requested object does not exist
The query returned multiple objects when only one was expected.
165class GitHubOAuthSource(CreatableType, OAuthSource): 166 """Social Login using GitHub.com or a GitHub-Enterprise Instance.""" 167 168 class Meta: 169 abstract = True 170 verbose_name = _("GitHub OAuth Source") 171 verbose_name_plural = _("GitHub OAuth Sources")
Social Login using GitHub.com or a GitHub-Enterprise Instance.
oauthsource_ptr
Accessor to the related object on the forward side of a one-to-one relation.
In the example::
class Restaurant(Model):
place = OneToOneField(Place, related_name='restaurant')
Restaurant.place is a ForwardOneToOneDescriptor instance.
Inherited Members
- OAuthSource
- provider_type
- request_token_url
- access_token_url
- profile_url
- additional_scopes
- consumer_key
- consumer_secret
- oidc_well_known_url
- oidc_jwks_url
- oidc_jwks
- pkce
- source_type
- component
- serializer
- property_mapping_type
- get_base_user_properties
- get_base_group_properties
- icon_url
- ui_user_settings
- DoesNotExist
- MultipleObjectsReturned
- get_pkce_display
- source_ptr_id
- source_ptr
- oauth2_providers
- scimprovider_set
- authentik.core.models.Source
- MANAGED_INBUILT
- name
- slug
- user_path_template
- enabled
- promoted
- user_property_mappings
- group_property_mappings
- icon
- authentication_flow
- enrollment_flow
- user_matching_mode
- group_matching_mode
- objects
- icon_themed_urls
- get_user_path
- managed
- authentication_flow_id
- enrollment_flow_id
- get_user_matching_mode_display
- get_group_matching_mode_display
- policybindingmodel_ptr_id
- policybindingmodel_ptr
- user_set
- usersourceconnection_set
- groupsourceconnection_set
- oauthsource
- samlsource
- kerberossource
- ldapsource
- identificationstage_set
- plexsource
- scimsource
- telegramsource
- sourcestage_set
class
GitHubOAuthSource.Meta:
174class GitLabOAuthSource(CreatableType, OAuthSource): 175 """Social Login using GitLab.com or a GitLab Instance.""" 176 177 class Meta: 178 abstract = True 179 verbose_name = _("GitLab OAuth Source") 180 verbose_name_plural = _("GitLab OAuth Sources")
Social Login using GitLab.com or a GitLab Instance.
oauthsource_ptr
Accessor to the related object on the forward side of a one-to-one relation.
In the example::
class Restaurant(Model):
place = OneToOneField(Place, related_name='restaurant')
Restaurant.place is a ForwardOneToOneDescriptor instance.
Inherited Members
- OAuthSource
- provider_type
- request_token_url
- access_token_url
- profile_url
- additional_scopes
- consumer_key
- consumer_secret
- oidc_well_known_url
- oidc_jwks_url
- oidc_jwks
- pkce
- source_type
- component
- serializer
- property_mapping_type
- get_base_user_properties
- get_base_group_properties
- icon_url
- ui_user_settings
- DoesNotExist
- MultipleObjectsReturned
- get_pkce_display
- source_ptr_id
- source_ptr
- oauth2_providers
- scimprovider_set
- authentik.core.models.Source
- MANAGED_INBUILT
- name
- slug
- user_path_template
- enabled
- promoted
- user_property_mappings
- group_property_mappings
- icon
- authentication_flow
- enrollment_flow
- user_matching_mode
- group_matching_mode
- objects
- icon_themed_urls
- get_user_path
- managed
- authentication_flow_id
- enrollment_flow_id
- get_user_matching_mode_display
- get_group_matching_mode_display
- policybindingmodel_ptr_id
- policybindingmodel_ptr
- user_set
- usersourceconnection_set
- groupsourceconnection_set
- oauthsource
- samlsource
- kerberossource
- ldapsource
- identificationstage_set
- plexsource
- scimsource
- telegramsource
- sourcestage_set
class
GitLabOAuthSource.Meta:
183class TwitchOAuthSource(CreatableType, OAuthSource): 184 """Social Login using Twitch.""" 185 186 class Meta: 187 abstract = True 188 verbose_name = _("Twitch OAuth Source") 189 verbose_name_plural = _("Twitch OAuth Sources")
Social Login using Twitch.
oauthsource_ptr
Accessor to the related object on the forward side of a one-to-one relation.
In the example::
class Restaurant(Model):
place = OneToOneField(Place, related_name='restaurant')
Restaurant.place is a ForwardOneToOneDescriptor instance.
Inherited Members
- OAuthSource
- provider_type
- request_token_url
- access_token_url
- profile_url
- additional_scopes
- consumer_key
- consumer_secret
- oidc_well_known_url
- oidc_jwks_url
- oidc_jwks
- pkce
- source_type
- component
- serializer
- property_mapping_type
- get_base_user_properties
- get_base_group_properties
- icon_url
- ui_user_settings
- DoesNotExist
- MultipleObjectsReturned
- get_pkce_display
- source_ptr_id
- source_ptr
- oauth2_providers
- scimprovider_set
- authentik.core.models.Source
- MANAGED_INBUILT
- name
- slug
- user_path_template
- enabled
- promoted
- user_property_mappings
- group_property_mappings
- icon
- authentication_flow
- enrollment_flow
- user_matching_mode
- group_matching_mode
- objects
- icon_themed_urls
- get_user_path
- managed
- authentication_flow_id
- enrollment_flow_id
- get_user_matching_mode_display
- get_group_matching_mode_display
- policybindingmodel_ptr_id
- policybindingmodel_ptr
- user_set
- usersourceconnection_set
- groupsourceconnection_set
- oauthsource
- samlsource
- kerberossource
- ldapsource
- identificationstage_set
- plexsource
- scimsource
- telegramsource
- sourcestage_set
class
TwitchOAuthSource.Meta:
192class MailcowOAuthSource(CreatableType, OAuthSource): 193 """Social Login using Mailcow.""" 194 195 class Meta: 196 abstract = True 197 verbose_name = _("Mailcow OAuth Source") 198 verbose_name_plural = _("Mailcow OAuth Sources")
Social Login using Mailcow.
oauthsource_ptr
Accessor to the related object on the forward side of a one-to-one relation.
In the example::
class Restaurant(Model):
place = OneToOneField(Place, related_name='restaurant')
Restaurant.place is a ForwardOneToOneDescriptor instance.
Inherited Members
- OAuthSource
- provider_type
- request_token_url
- access_token_url
- profile_url
- additional_scopes
- consumer_key
- consumer_secret
- oidc_well_known_url
- oidc_jwks_url
- oidc_jwks
- pkce
- source_type
- component
- serializer
- property_mapping_type
- get_base_user_properties
- get_base_group_properties
- icon_url
- ui_user_settings
- DoesNotExist
- MultipleObjectsReturned
- get_pkce_display
- source_ptr_id
- source_ptr
- oauth2_providers
- scimprovider_set
- authentik.core.models.Source
- MANAGED_INBUILT
- name
- slug
- user_path_template
- enabled
- promoted
- user_property_mappings
- group_property_mappings
- icon
- authentication_flow
- enrollment_flow
- user_matching_mode
- group_matching_mode
- objects
- icon_themed_urls
- get_user_path
- managed
- authentication_flow_id
- enrollment_flow_id
- get_user_matching_mode_display
- get_group_matching_mode_display
- policybindingmodel_ptr_id
- policybindingmodel_ptr
- user_set
- usersourceconnection_set
- groupsourceconnection_set
- oauthsource
- samlsource
- kerberossource
- ldapsource
- identificationstage_set
- plexsource
- scimsource
- telegramsource
- sourcestage_set
class
MailcowOAuthSource.Meta:
201class TwitterOAuthSource(CreatableType, OAuthSource): 202 """Social Login using Twitter.com""" 203 204 class Meta: 205 abstract = True 206 verbose_name = _("Twitter OAuth Source") 207 verbose_name_plural = _("Twitter OAuth Sources")
Social Login using Twitter.com
oauthsource_ptr
Accessor to the related object on the forward side of a one-to-one relation.
In the example::
class Restaurant(Model):
place = OneToOneField(Place, related_name='restaurant')
Restaurant.place is a ForwardOneToOneDescriptor instance.
Inherited Members
- OAuthSource
- provider_type
- request_token_url
- access_token_url
- profile_url
- additional_scopes
- consumer_key
- consumer_secret
- oidc_well_known_url
- oidc_jwks_url
- oidc_jwks
- pkce
- source_type
- component
- serializer
- property_mapping_type
- get_base_user_properties
- get_base_group_properties
- icon_url
- ui_user_settings
- DoesNotExist
- MultipleObjectsReturned
- get_pkce_display
- source_ptr_id
- source_ptr
- oauth2_providers
- scimprovider_set
- authentik.core.models.Source
- MANAGED_INBUILT
- name
- slug
- user_path_template
- enabled
- promoted
- user_property_mappings
- group_property_mappings
- icon
- authentication_flow
- enrollment_flow
- user_matching_mode
- group_matching_mode
- objects
- icon_themed_urls
- get_user_path
- managed
- authentication_flow_id
- enrollment_flow_id
- get_user_matching_mode_display
- get_group_matching_mode_display
- policybindingmodel_ptr_id
- policybindingmodel_ptr
- user_set
- usersourceconnection_set
- groupsourceconnection_set
- oauthsource
- samlsource
- kerberossource
- ldapsource
- identificationstage_set
- plexsource
- scimsource
- telegramsource
- sourcestage_set
class
TwitterOAuthSource.Meta:
210class FacebookOAuthSource(CreatableType, OAuthSource): 211 """Social Login using Facebook.com.""" 212 213 class Meta: 214 abstract = True 215 verbose_name = _("Facebook OAuth Source") 216 verbose_name_plural = _("Facebook OAuth Sources")
Social Login using Facebook.com.
oauthsource_ptr
Accessor to the related object on the forward side of a one-to-one relation.
In the example::
class Restaurant(Model):
place = OneToOneField(Place, related_name='restaurant')
Restaurant.place is a ForwardOneToOneDescriptor instance.
Inherited Members
- OAuthSource
- provider_type
- request_token_url
- access_token_url
- profile_url
- additional_scopes
- consumer_key
- consumer_secret
- oidc_well_known_url
- oidc_jwks_url
- oidc_jwks
- pkce
- source_type
- component
- serializer
- property_mapping_type
- get_base_user_properties
- get_base_group_properties
- icon_url
- ui_user_settings
- DoesNotExist
- MultipleObjectsReturned
- get_pkce_display
- source_ptr_id
- source_ptr
- oauth2_providers
- scimprovider_set
- authentik.core.models.Source
- MANAGED_INBUILT
- name
- slug
- user_path_template
- enabled
- promoted
- user_property_mappings
- group_property_mappings
- icon
- authentication_flow
- enrollment_flow
- user_matching_mode
- group_matching_mode
- objects
- icon_themed_urls
- get_user_path
- managed
- authentication_flow_id
- enrollment_flow_id
- get_user_matching_mode_display
- get_group_matching_mode_display
- policybindingmodel_ptr_id
- policybindingmodel_ptr
- user_set
- usersourceconnection_set
- groupsourceconnection_set
- oauthsource
- samlsource
- kerberossource
- ldapsource
- identificationstage_set
- plexsource
- scimsource
- telegramsource
- sourcestage_set
class
FacebookOAuthSource.Meta:
219class DiscordOAuthSource(CreatableType, OAuthSource): 220 """Social Login using Discord.""" 221 222 class Meta: 223 abstract = True 224 verbose_name = _("Discord OAuth Source") 225 verbose_name_plural = _("Discord OAuth Sources")
Social Login using Discord.
oauthsource_ptr
Accessor to the related object on the forward side of a one-to-one relation.
In the example::
class Restaurant(Model):
place = OneToOneField(Place, related_name='restaurant')
Restaurant.place is a ForwardOneToOneDescriptor instance.
Inherited Members
- OAuthSource
- provider_type
- request_token_url
- access_token_url
- profile_url
- additional_scopes
- consumer_key
- consumer_secret
- oidc_well_known_url
- oidc_jwks_url
- oidc_jwks
- pkce
- source_type
- component
- serializer
- property_mapping_type
- get_base_user_properties
- get_base_group_properties
- icon_url
- ui_user_settings
- DoesNotExist
- MultipleObjectsReturned
- get_pkce_display
- source_ptr_id
- source_ptr
- oauth2_providers
- scimprovider_set
- authentik.core.models.Source
- MANAGED_INBUILT
- name
- slug
- user_path_template
- enabled
- promoted
- user_property_mappings
- group_property_mappings
- icon
- authentication_flow
- enrollment_flow
- user_matching_mode
- group_matching_mode
- objects
- icon_themed_urls
- get_user_path
- managed
- authentication_flow_id
- enrollment_flow_id
- get_user_matching_mode_display
- get_group_matching_mode_display
- policybindingmodel_ptr_id
- policybindingmodel_ptr
- user_set
- usersourceconnection_set
- groupsourceconnection_set
- oauthsource
- samlsource
- kerberossource
- ldapsource
- identificationstage_set
- plexsource
- scimsource
- telegramsource
- sourcestage_set
class
DiscordOAuthSource.Meta:
228class SlackOAuthSource(CreatableType, OAuthSource): 229 """Social Login using Slack.""" 230 231 class Meta: 232 abstract = True 233 verbose_name = _("Slack OAuth Source") 234 verbose_name_plural = _("Slack OAuth Sources")
Social Login using Slack.
oauthsource_ptr
Accessor to the related object on the forward side of a one-to-one relation.
In the example::
class Restaurant(Model):
place = OneToOneField(Place, related_name='restaurant')
Restaurant.place is a ForwardOneToOneDescriptor instance.
Inherited Members
- OAuthSource
- provider_type
- request_token_url
- access_token_url
- profile_url
- additional_scopes
- consumer_key
- consumer_secret
- oidc_well_known_url
- oidc_jwks_url
- oidc_jwks
- pkce
- source_type
- component
- serializer
- property_mapping_type
- get_base_user_properties
- get_base_group_properties
- icon_url
- ui_user_settings
- DoesNotExist
- MultipleObjectsReturned
- get_pkce_display
- source_ptr_id
- source_ptr
- oauth2_providers
- scimprovider_set
- authentik.core.models.Source
- MANAGED_INBUILT
- name
- slug
- user_path_template
- enabled
- promoted
- user_property_mappings
- group_property_mappings
- icon
- authentication_flow
- enrollment_flow
- user_matching_mode
- group_matching_mode
- objects
- icon_themed_urls
- get_user_path
- managed
- authentication_flow_id
- enrollment_flow_id
- get_user_matching_mode_display
- get_group_matching_mode_display
- policybindingmodel_ptr_id
- policybindingmodel_ptr
- user_set
- usersourceconnection_set
- groupsourceconnection_set
- oauthsource
- samlsource
- kerberossource
- ldapsource
- identificationstage_set
- plexsource
- scimsource
- telegramsource
- sourcestage_set
class
SlackOAuthSource.Meta:
237class PatreonOAuthSource(CreatableType, OAuthSource): 238 """Social Login using Patreon.""" 239 240 class Meta: 241 abstract = True 242 verbose_name = _("Patreon OAuth Source") 243 verbose_name_plural = _("Patreon OAuth Sources")
Social Login using Patreon.
oauthsource_ptr
Accessor to the related object on the forward side of a one-to-one relation.
In the example::
class Restaurant(Model):
place = OneToOneField(Place, related_name='restaurant')
Restaurant.place is a ForwardOneToOneDescriptor instance.
Inherited Members
- OAuthSource
- provider_type
- request_token_url
- access_token_url
- profile_url
- additional_scopes
- consumer_key
- consumer_secret
- oidc_well_known_url
- oidc_jwks_url
- oidc_jwks
- pkce
- source_type
- component
- serializer
- property_mapping_type
- get_base_user_properties
- get_base_group_properties
- icon_url
- ui_user_settings
- DoesNotExist
- MultipleObjectsReturned
- get_pkce_display
- source_ptr_id
- source_ptr
- oauth2_providers
- scimprovider_set
- authentik.core.models.Source
- MANAGED_INBUILT
- name
- slug
- user_path_template
- enabled
- promoted
- user_property_mappings
- group_property_mappings
- icon
- authentication_flow
- enrollment_flow
- user_matching_mode
- group_matching_mode
- objects
- icon_themed_urls
- get_user_path
- managed
- authentication_flow_id
- enrollment_flow_id
- get_user_matching_mode_display
- get_group_matching_mode_display
- policybindingmodel_ptr_id
- policybindingmodel_ptr
- user_set
- usersourceconnection_set
- groupsourceconnection_set
- oauthsource
- samlsource
- kerberossource
- ldapsource
- identificationstage_set
- plexsource
- scimsource
- telegramsource
- sourcestage_set
class
PatreonOAuthSource.Meta:
246class GoogleOAuthSource(CreatableType, OAuthSource): 247 """Social Login using Google or Google Workspace (GSuite).""" 248 249 class Meta: 250 abstract = True 251 verbose_name = _("Google OAuth Source") 252 verbose_name_plural = _("Google OAuth Sources")
Social Login using Google or Google Workspace (GSuite).
oauthsource_ptr
Accessor to the related object on the forward side of a one-to-one relation.
In the example::
class Restaurant(Model):
place = OneToOneField(Place, related_name='restaurant')
Restaurant.place is a ForwardOneToOneDescriptor instance.
Inherited Members
- OAuthSource
- provider_type
- request_token_url
- access_token_url
- profile_url
- additional_scopes
- consumer_key
- consumer_secret
- oidc_well_known_url
- oidc_jwks_url
- oidc_jwks
- pkce
- source_type
- component
- serializer
- property_mapping_type
- get_base_user_properties
- get_base_group_properties
- icon_url
- ui_user_settings
- DoesNotExist
- MultipleObjectsReturned
- get_pkce_display
- source_ptr_id
- source_ptr
- oauth2_providers
- scimprovider_set
- authentik.core.models.Source
- MANAGED_INBUILT
- name
- slug
- user_path_template
- enabled
- promoted
- user_property_mappings
- group_property_mappings
- icon
- authentication_flow
- enrollment_flow
- user_matching_mode
- group_matching_mode
- objects
- icon_themed_urls
- get_user_path
- managed
- authentication_flow_id
- enrollment_flow_id
- get_user_matching_mode_display
- get_group_matching_mode_display
- policybindingmodel_ptr_id
- policybindingmodel_ptr
- user_set
- usersourceconnection_set
- groupsourceconnection_set
- oauthsource
- samlsource
- kerberossource
- ldapsource
- identificationstage_set
- plexsource
- scimsource
- telegramsource
- sourcestage_set
class
GoogleOAuthSource.Meta:
255class AzureADOAuthSource(CreatableType, OAuthSource): 256 """(Deprecated) Social Login using Azure AD.""" 257 258 class Meta: 259 abstract = True 260 verbose_name = _("Azure AD OAuth Source") 261 verbose_name_plural = _("Azure AD OAuth Sources")
(Deprecated) Social Login using Azure AD.
oauthsource_ptr
Accessor to the related object on the forward side of a one-to-one relation.
In the example::
class Restaurant(Model):
place = OneToOneField(Place, related_name='restaurant')
Restaurant.place is a ForwardOneToOneDescriptor instance.
Inherited Members
- OAuthSource
- provider_type
- request_token_url
- access_token_url
- profile_url
- additional_scopes
- consumer_key
- consumer_secret
- oidc_well_known_url
- oidc_jwks_url
- oidc_jwks
- pkce
- source_type
- component
- serializer
- property_mapping_type
- get_base_user_properties
- get_base_group_properties
- icon_url
- ui_user_settings
- DoesNotExist
- MultipleObjectsReturned
- get_pkce_display
- source_ptr_id
- source_ptr
- oauth2_providers
- scimprovider_set
- authentik.core.models.Source
- MANAGED_INBUILT
- name
- slug
- user_path_template
- enabled
- promoted
- user_property_mappings
- group_property_mappings
- icon
- authentication_flow
- enrollment_flow
- user_matching_mode
- group_matching_mode
- objects
- icon_themed_urls
- get_user_path
- managed
- authentication_flow_id
- enrollment_flow_id
- get_user_matching_mode_display
- get_group_matching_mode_display
- policybindingmodel_ptr_id
- policybindingmodel_ptr
- user_set
- usersourceconnection_set
- groupsourceconnection_set
- oauthsource
- samlsource
- kerberossource
- ldapsource
- identificationstage_set
- plexsource
- scimsource
- telegramsource
- sourcestage_set
class
AzureADOAuthSource.Meta:
266class EntraIDOAuthSource(CreatableType, OAuthSource): 267 """Social Login using Entra ID.""" 268 269 class Meta: 270 abstract = True 271 verbose_name = _("Entra ID OAuth Source") 272 verbose_name_plural = _("Entra ID OAuth Sources")
Social Login using Entra ID.
oauthsource_ptr
Accessor to the related object on the forward side of a one-to-one relation.
In the example::
class Restaurant(Model):
place = OneToOneField(Place, related_name='restaurant')
Restaurant.place is a ForwardOneToOneDescriptor instance.
Inherited Members
- OAuthSource
- provider_type
- request_token_url
- access_token_url
- profile_url
- additional_scopes
- consumer_key
- consumer_secret
- oidc_well_known_url
- oidc_jwks_url
- oidc_jwks
- pkce
- source_type
- component
- serializer
- property_mapping_type
- get_base_user_properties
- get_base_group_properties
- icon_url
- ui_user_settings
- DoesNotExist
- MultipleObjectsReturned
- get_pkce_display
- source_ptr_id
- source_ptr
- oauth2_providers
- scimprovider_set
- authentik.core.models.Source
- MANAGED_INBUILT
- name
- slug
- user_path_template
- enabled
- promoted
- user_property_mappings
- group_property_mappings
- icon
- authentication_flow
- enrollment_flow
- user_matching_mode
- group_matching_mode
- objects
- icon_themed_urls
- get_user_path
- managed
- authentication_flow_id
- enrollment_flow_id
- get_user_matching_mode_display
- get_group_matching_mode_display
- policybindingmodel_ptr_id
- policybindingmodel_ptr
- user_set
- usersourceconnection_set
- groupsourceconnection_set
- oauthsource
- samlsource
- kerberossource
- ldapsource
- identificationstage_set
- plexsource
- scimsource
- telegramsource
- sourcestage_set
class
EntraIDOAuthSource.Meta:
275class OpenIDConnectOAuthSource(CreatableType, OAuthSource): 276 """Login using a Generic OpenID-Connect compliant provider.""" 277 278 class Meta: 279 abstract = True 280 verbose_name = _("OpenID OAuth Source") 281 verbose_name_plural = _("OpenID OAuth Sources")
Login using a Generic OpenID-Connect compliant provider.
oauthsource_ptr
Accessor to the related object on the forward side of a one-to-one relation.
In the example::
class Restaurant(Model):
place = OneToOneField(Place, related_name='restaurant')
Restaurant.place is a ForwardOneToOneDescriptor instance.
Inherited Members
- OAuthSource
- provider_type
- request_token_url
- access_token_url
- profile_url
- additional_scopes
- consumer_key
- consumer_secret
- oidc_well_known_url
- oidc_jwks_url
- oidc_jwks
- pkce
- source_type
- component
- serializer
- property_mapping_type
- get_base_user_properties
- get_base_group_properties
- icon_url
- ui_user_settings
- DoesNotExist
- MultipleObjectsReturned
- get_pkce_display
- source_ptr_id
- source_ptr
- oauth2_providers
- scimprovider_set
- authentik.core.models.Source
- MANAGED_INBUILT
- name
- slug
- user_path_template
- enabled
- promoted
- user_property_mappings
- group_property_mappings
- icon
- authentication_flow
- enrollment_flow
- user_matching_mode
- group_matching_mode
- objects
- icon_themed_urls
- get_user_path
- managed
- authentication_flow_id
- enrollment_flow_id
- get_user_matching_mode_display
- get_group_matching_mode_display
- policybindingmodel_ptr_id
- policybindingmodel_ptr
- user_set
- usersourceconnection_set
- groupsourceconnection_set
- oauthsource
- samlsource
- kerberossource
- ldapsource
- identificationstage_set
- plexsource
- scimsource
- telegramsource
- sourcestage_set
class
OpenIDConnectOAuthSource.Meta:
284class AppleOAuthSource(CreatableType, OAuthSource): 285 """Social Login using Apple.""" 286 287 class Meta: 288 abstract = True 289 verbose_name = _("Apple OAuth Source") 290 verbose_name_plural = _("Apple OAuth Sources")
Social Login using Apple.
oauthsource_ptr
Accessor to the related object on the forward side of a one-to-one relation.
In the example::
class Restaurant(Model):
place = OneToOneField(Place, related_name='restaurant')
Restaurant.place is a ForwardOneToOneDescriptor instance.
Inherited Members
- OAuthSource
- provider_type
- request_token_url
- access_token_url
- profile_url
- additional_scopes
- consumer_key
- consumer_secret
- oidc_well_known_url
- oidc_jwks_url
- oidc_jwks
- pkce
- source_type
- component
- serializer
- property_mapping_type
- get_base_user_properties
- get_base_group_properties
- icon_url
- ui_user_settings
- DoesNotExist
- MultipleObjectsReturned
- get_pkce_display
- source_ptr_id
- source_ptr
- oauth2_providers
- scimprovider_set
- authentik.core.models.Source
- MANAGED_INBUILT
- name
- slug
- user_path_template
- enabled
- promoted
- user_property_mappings
- group_property_mappings
- icon
- authentication_flow
- enrollment_flow
- user_matching_mode
- group_matching_mode
- objects
- icon_themed_urls
- get_user_path
- managed
- authentication_flow_id
- enrollment_flow_id
- get_user_matching_mode_display
- get_group_matching_mode_display
- policybindingmodel_ptr_id
- policybindingmodel_ptr
- user_set
- usersourceconnection_set
- groupsourceconnection_set
- oauthsource
- samlsource
- kerberossource
- ldapsource
- identificationstage_set
- plexsource
- scimsource
- telegramsource
- sourcestage_set
class
AppleOAuthSource.Meta:
293class OktaOAuthSource(CreatableType, OAuthSource): 294 """Social Login using Okta.""" 295 296 class Meta: 297 abstract = True 298 verbose_name = _("Okta OAuth Source") 299 verbose_name_plural = _("Okta OAuth Sources")
Social Login using Okta.
oauthsource_ptr
Accessor to the related object on the forward side of a one-to-one relation.
In the example::
class Restaurant(Model):
place = OneToOneField(Place, related_name='restaurant')
Restaurant.place is a ForwardOneToOneDescriptor instance.
Inherited Members
- OAuthSource
- provider_type
- request_token_url
- access_token_url
- profile_url
- additional_scopes
- consumer_key
- consumer_secret
- oidc_well_known_url
- oidc_jwks_url
- oidc_jwks
- pkce
- source_type
- component
- serializer
- property_mapping_type
- get_base_user_properties
- get_base_group_properties
- icon_url
- ui_user_settings
- DoesNotExist
- MultipleObjectsReturned
- get_pkce_display
- source_ptr_id
- source_ptr
- oauth2_providers
- scimprovider_set
- authentik.core.models.Source
- MANAGED_INBUILT
- name
- slug
- user_path_template
- enabled
- promoted
- user_property_mappings
- group_property_mappings
- icon
- authentication_flow
- enrollment_flow
- user_matching_mode
- group_matching_mode
- objects
- icon_themed_urls
- get_user_path
- managed
- authentication_flow_id
- enrollment_flow_id
- get_user_matching_mode_display
- get_group_matching_mode_display
- policybindingmodel_ptr_id
- policybindingmodel_ptr
- user_set
- usersourceconnection_set
- groupsourceconnection_set
- oauthsource
- samlsource
- kerberossource
- ldapsource
- identificationstage_set
- plexsource
- scimsource
- telegramsource
- sourcestage_set
class
OktaOAuthSource.Meta:
302class RedditOAuthSource(CreatableType, OAuthSource): 303 """Social Login using reddit.com.""" 304 305 class Meta: 306 abstract = True 307 verbose_name = _("Reddit OAuth Source") 308 verbose_name_plural = _("Reddit OAuth Sources")
Social Login using reddit.com.
oauthsource_ptr
Accessor to the related object on the forward side of a one-to-one relation.
In the example::
class Restaurant(Model):
place = OneToOneField(Place, related_name='restaurant')
Restaurant.place is a ForwardOneToOneDescriptor instance.
Inherited Members
- OAuthSource
- provider_type
- request_token_url
- access_token_url
- profile_url
- additional_scopes
- consumer_key
- consumer_secret
- oidc_well_known_url
- oidc_jwks_url
- oidc_jwks
- pkce
- source_type
- component
- serializer
- property_mapping_type
- get_base_user_properties
- get_base_group_properties
- icon_url
- ui_user_settings
- DoesNotExist
- MultipleObjectsReturned
- get_pkce_display
- source_ptr_id
- source_ptr
- oauth2_providers
- scimprovider_set
- authentik.core.models.Source
- MANAGED_INBUILT
- name
- slug
- user_path_template
- enabled
- promoted
- user_property_mappings
- group_property_mappings
- icon
- authentication_flow
- enrollment_flow
- user_matching_mode
- group_matching_mode
- objects
- icon_themed_urls
- get_user_path
- managed
- authentication_flow_id
- enrollment_flow_id
- get_user_matching_mode_display
- get_group_matching_mode_display
- policybindingmodel_ptr_id
- policybindingmodel_ptr
- user_set
- usersourceconnection_set
- groupsourceconnection_set
- oauthsource
- samlsource
- kerberossource
- ldapsource
- identificationstage_set
- plexsource
- scimsource
- telegramsource
- sourcestage_set
class
RedditOAuthSource.Meta:
311class WeChatOAuthSource(CreatableType, OAuthSource): 312 """Social Login using WeChat.""" 313 314 class Meta: 315 abstract = True 316 verbose_name = _("WeChat OAuth Source") 317 verbose_name_plural = _("WeChat OAuth Sources")
Social Login using WeChat.
oauthsource_ptr
Accessor to the related object on the forward side of a one-to-one relation.
In the example::
class Restaurant(Model):
place = OneToOneField(Place, related_name='restaurant')
Restaurant.place is a ForwardOneToOneDescriptor instance.
Inherited Members
- OAuthSource
- provider_type
- request_token_url
- access_token_url
- profile_url
- additional_scopes
- consumer_key
- consumer_secret
- oidc_well_known_url
- oidc_jwks_url
- oidc_jwks
- pkce
- source_type
- component
- serializer
- property_mapping_type
- get_base_user_properties
- get_base_group_properties
- icon_url
- ui_user_settings
- DoesNotExist
- MultipleObjectsReturned
- get_pkce_display
- source_ptr_id
- source_ptr
- oauth2_providers
- scimprovider_set
- authentik.core.models.Source
- MANAGED_INBUILT
- name
- slug
- user_path_template
- enabled
- promoted
- user_property_mappings
- group_property_mappings
- icon
- authentication_flow
- enrollment_flow
- user_matching_mode
- group_matching_mode
- objects
- icon_themed_urls
- get_user_path
- managed
- authentication_flow_id
- enrollment_flow_id
- get_user_matching_mode_display
- get_group_matching_mode_display
- policybindingmodel_ptr_id
- policybindingmodel_ptr
- user_set
- usersourceconnection_set
- groupsourceconnection_set
- oauthsource
- samlsource
- kerberossource
- ldapsource
- identificationstage_set
- plexsource
- scimsource
- telegramsource
- sourcestage_set
class
WeChatOAuthSource.Meta:
320class OAuthSourcePropertyMapping(PropertyMapping): 321 """Map OAuth properties to User or Group object attributes""" 322 323 @property 324 def component(self) -> str: 325 return "ak-property-mapping-source-oauth-form" 326 327 @property 328 def serializer(self) -> type[Serializer]: 329 from authentik.sources.oauth.api.property_mappings import ( 330 OAuthSourcePropertyMappingSerializer, 331 ) 332 333 return OAuthSourcePropertyMappingSerializer 334 335 class Meta: 336 verbose_name = _("OAuth Source Property Mapping") 337 verbose_name_plural = _("OAuth Source Property Mappings")
Map OAuth properties to User or Group object attributes
serializer: type[rest_framework.serializers.Serializer]
327 @property 328 def serializer(self) -> type[Serializer]: 329 from authentik.sources.oauth.api.property_mappings import ( 330 OAuthSourcePropertyMappingSerializer, 331 ) 332 333 return OAuthSourcePropertyMappingSerializer
Get serializer for this model
propertymapping_ptr
Accessor to the related object on the forward side of a one-to-one relation.
In the example::
class Restaurant(Model):
place = OneToOneField(Place, related_name='restaurant')
Restaurant.place is a ForwardOneToOneDescriptor instance.
Inherited Members
- authentik.core.models.PropertyMapping
- pm_uuid
- name
- expression
- objects
- evaluate
- managed
- provider_set
- source_userpropertymappings_set
- source_grouppropertymappings_set
- notificationwebhookmapping
- oauthsourcepropertymapping
- scopemapping
- endpoint_set
- racpropertymapping
- radiusproviderpropertymapping
- samlsourcepropertymapping
- samlpropertymapping
- scimprovider_set
- scimmapping
- kerberossourcepropertymapping
- ldapsourcepropertymapping
- plexsourcepropertymapping
- scimsourcepropertymapping
- telegramsourcepropertymapping
- googleworkspaceprovider_set
- googleworkspaceprovidermapping
- microsoftentraprovider_set
- microsoftentraprovidermapping
The requested object does not exist
class
OAuthSourcePropertyMapping.MultipleObjectsReturned(authentik.core.models.PropertyMapping.MultipleObjectsReturned):
The query returned multiple objects when only one was expected.
340class UserOAuthSourceConnection(UserSourceConnection): 341 """Authorized remote OAuth provider.""" 342 343 access_token = models.TextField(blank=True, null=True, default=None) 344 refresh_token = models.TextField(blank=True, null=True, default=None) 345 expires = models.DateTimeField(default=now) 346 347 @property 348 def is_valid(self): 349 return self.expires > now() 350 351 @property 352 def serializer(self) -> type[Serializer]: 353 from authentik.sources.oauth.api.source_connection import ( 354 UserOAuthSourceConnectionSerializer, 355 ) 356 357 return UserOAuthSourceConnectionSerializer 358 359 class Meta: 360 verbose_name = _("User OAuth Source Connection") 361 verbose_name_plural = _("User OAuth Source Connections")
Authorized remote OAuth provider.
def
access_token(unknown):
A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.
def
refresh_token(unknown):
A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.
def
expires(unknown):
A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.
serializer: type[rest_framework.serializers.Serializer]
351 @property 352 def serializer(self) -> type[Serializer]: 353 from authentik.sources.oauth.api.source_connection import ( 354 UserOAuthSourceConnectionSerializer, 355 ) 356 357 return UserOAuthSourceConnectionSerializer
Get serializer for this model
def
get_next_by_expires(unknown):
Method descriptor with partial application of the given arguments and keywords.
Supports wrapping existing descriptors and handles non-descriptor callables as instance methods.
def
get_previous_by_expires(unknown):
Method descriptor with partial application of the given arguments and keywords.
Supports wrapping existing descriptors and handles non-descriptor callables as instance methods.
usersourceconnection_ptr
Accessor to the related object on the forward side of a one-to-one relation.
In the example::
class Restaurant(Model):
place = OneToOneField(Place, related_name='restaurant')
Restaurant.place is a ForwardOneToOneDescriptor instance.
Inherited Members
- authentik.core.models.UserSourceConnection
- user
- source
- identifier
- objects
- created
- last_updated
- user_id
- source_id
- get_next_by_created
- get_previous_by_created
- get_next_by_last_updated
- get_previous_by_last_updated
- id
- useroauthsourceconnection
- usersamlsourceconnection
- userkerberossourceconnection
- userldapsourceconnection
- userplexsourceconnection
- usertelegramsourceconnection
class
UserOAuthSourceConnection.DoesNotExist(authentik.core.models.UserSourceConnection.DoesNotExist):
The requested object does not exist
class
UserOAuthSourceConnection.MultipleObjectsReturned(authentik.core.models.UserSourceConnection.MultipleObjectsReturned):
The query returned multiple objects when only one was expected.
364class GroupOAuthSourceConnection(GroupSourceConnection): 365 """Group-source connection""" 366 367 @property 368 def serializer(self) -> type[Serializer]: 369 from authentik.sources.oauth.api.source_connection import ( 370 GroupOAuthSourceConnectionSerializer, 371 ) 372 373 return GroupOAuthSourceConnectionSerializer 374 375 class Meta: 376 verbose_name = _("Group OAuth Source Connection") 377 verbose_name_plural = _("Group OAuth Source Connections")
Group-source connection
serializer: type[rest_framework.serializers.Serializer]
367 @property 368 def serializer(self) -> type[Serializer]: 369 from authentik.sources.oauth.api.source_connection import ( 370 GroupOAuthSourceConnectionSerializer, 371 ) 372 373 return GroupOAuthSourceConnectionSerializer
Get serializer for this model
groupsourceconnection_ptr
Accessor to the related object on the forward side of a one-to-one relation.
In the example::
class Restaurant(Model):
place = OneToOneField(Place, related_name='restaurant')
Restaurant.place is a ForwardOneToOneDescriptor instance.
Inherited Members
- authentik.core.models.GroupSourceConnection
- group
- source
- identifier
- objects
- created
- last_updated
- group_id
- source_id
- get_next_by_created
- get_previous_by_created
- get_next_by_last_updated
- get_previous_by_last_updated
- id
- groupoauthsourceconnection
- groupsamlsourceconnection
- groupkerberossourceconnection
- groupldapsourceconnection
- groupplexsourceconnection
- grouptelegramsourceconnection
class
GroupOAuthSourceConnection.DoesNotExist(authentik.core.models.GroupSourceConnection.DoesNotExist):
The requested object does not exist
class
GroupOAuthSourceConnection.MultipleObjectsReturned(authentik.core.models.GroupSourceConnection.MultipleObjectsReturned):
The query returned multiple objects when only one was expected.