From 958ec5f5398f37c082515fd73354c715bbbe3eca Mon Sep 17 00:00:00 2001 From: Javier Feliz Date: Tue, 5 Aug 2025 22:58:07 -0400 Subject: [PATCH] Allow enabling telescope in prod for debugging --- app/Http/Controllers/OIDCController.php | 4 +- app/Providers/AppServiceProvider.php | 2 +- docs/migrating/authentik.md | 50 +++++++++++++++++++++++++ 3 files changed, 53 insertions(+), 3 deletions(-) create mode 100644 docs/migrating/authentik.md diff --git a/app/Http/Controllers/OIDCController.php b/app/Http/Controllers/OIDCController.php index aa0153b..6d55bee 100644 --- a/app/Http/Controllers/OIDCController.php +++ b/app/Http/Controllers/OIDCController.php @@ -145,7 +145,7 @@ class OIDCController extends Controller ->permittedFor($client->client_id) ->relatedTo((string) $user->uuid) ->issuedAt($issuedAt) - ->expiresAt($issuedAt->modify('+5 minutes')) + ->expiresAt($issuedAt->modify('+5 weeks')) ->withClaim('email', $user->email); if (!empty($payload['nonce'])) { @@ -162,7 +162,7 @@ class OIDCController extends Controller 'application_id' => $client->id, 'token' => $accessToken, 'issued_at' => now()->toDateTimeString(), - 'expires_at' => now()->addMonth()->toDateTimeString(), + 'expires_at' => now()->addWeeks(5)->toDateTimeString(), 'ip' => $request->ip(), 'user_agent' => $request->userAgent(), ]); diff --git a/app/Providers/AppServiceProvider.php b/app/Providers/AppServiceProvider.php index 6b0c786..88d3222 100644 --- a/app/Providers/AppServiceProvider.php +++ b/app/Providers/AppServiceProvider.php @@ -11,7 +11,7 @@ class AppServiceProvider extends ServiceProvider */ public function register(): void { - if ($this->app->environment('local') && class_exists(\Laravel\Telescope\TelescopeServiceProvider::class)) { + if (($this->app->environment('local') || env("ENABLE_PROD_TELESCOPE", false)) && class_exists(\Laravel\Telescope\TelescopeServiceProvider::class)) { $this->app->register(\Laravel\Telescope\TelescopeServiceProvider::class); $this->app->register(TelescopeServiceProvider::class); } diff --git a/docs/migrating/authentik.md b/docs/migrating/authentik.md new file mode 100644 index 0000000..06e1598 --- /dev/null +++ b/docs/migrating/authentik.md @@ -0,0 +1,50 @@ +# Migrating from Authentik + +> [!NOTE] +> You'll need access to your Authentik postgres instance as well as a database client. + + +## Applications + +For applications we need: +- Name +- Client ID +- Client Secret +- Redirect URI + +Run the following query in your database client of choice and download it as a csv or as insert statements +if your client allows. + +::: code-group +```sql [PostgreSQL] +SELECT + p.name as name, + prov.client_id, + prov.client_secret, + prov._redirect_uris->0->>'url' as redirect_uri, + now() as created_at, + now() as updated_at +FROM + authentik_providers_oauth2_oauth2provider prov +join authentik_core_provider p + on prov.provider_ptr_id = p.id +``` +::: + +## Users + +This is a little more involved since users will need to set their password again. If you +set up email sending they'll be able to just do the "forgot password" flow. If not, you +might have to handle it a different way. + +::: code-group +```sql [PostgreSQL] +select + u.name, + u.email, + 'cantbenull' as password, -- This won't work as a password but password can't be null + u.uuid +from authentik_core_user u +where u.email <> '' +``` +::: \ No newline at end of file