Commit Graph

4 Commits

Author SHA1 Message Date
56d279a8e6 Use basic auth for Authelia token exchange
Some checks failed
Build and Publish Container Image / build-and-push (push) Has been cancelled
2026-05-24 18:04:28 +02:00
7e22fcf3c7 bootrapping support
Some checks failed
Build and Publish Container Image / build-and-push (push) Has been cancelled
2026-05-24 17:03:01 +02:00
a6af43b332 fix(authelia): use adapter's own client_id/redirect_uri in AuthorizeURL
Some checks failed
Build and Publish Container Image / build-and-push (push) Has been cancelled
The adapter was forwarding the downstream client's client_id and
redirect_uri to Authelia, which would always be rejected — Authelia
only recognises client_id=keycape and its registered callback URI.
Also removed downstream PKCE forwarding: KeyCape is a confidential
OIDC client to Authelia and authenticates via client_secret instead.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-25 03:15:36 +00:00
d05c73dc19 feat: implement T11, T12 — Authelia adapter, privacyIDEA adapter
- T11: AutheliaAdapter delegating login UI and session; Authelia tokens never leak to profile layer
- T12: PrivacyIDEAAdapter delegating MFA 100% — no MFA logic in KeyCape

21 adapter tests pass, vet clean.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-13 01:50:31 +01:00