Allow enabling telescope in prod for debugging

2025-08-05 22:58:07 -04:00 · 2025-08-05 22:58:07 -04:00 · 958ec5f539
commit 958ec5f539
parent 098927e770
3 changed files with 53 additions and 3 deletions
--- a/app/Http/Controllers/OIDCController.php
+++ b/app/Http/Controllers/OIDCController.php
@ -145,7 +145,7 @@ class OIDCController extends Controller
                    ->permittedFor($client->client_id)
                    ->relatedTo((string) $user->uuid)
                    ->issuedAt($issuedAt)
-                    ->expiresAt($issuedAt->modify('+5 minutes'))
+                    ->expiresAt($issuedAt->modify('+5 weeks'))
                    ->withClaim('email', $user->email);

                if (!empty($payload['nonce'])) {
@ -162,7 +162,7 @@ class OIDCController extends Controller
            'application_id' => $client->id,
            'token' => $accessToken,
            'issued_at' => now()->toDateTimeString(),
-            'expires_at' => now()->addMonth()->toDateTimeString(),
+            'expires_at' => now()->addWeeks(5)->toDateTimeString(),
            'ip' => $request->ip(),
            'user_agent' => $request->userAgent(),
        ]);
--- a/app/Providers/AppServiceProvider.php
+++ b/app/Providers/AppServiceProvider.php
@ -11,7 +11,7 @@ class AppServiceProvider extends ServiceProvider
     */
    public function register(): void
    {
-        if ($this->app->environment('local') && class_exists(\Laravel\Telescope\TelescopeServiceProvider::class)) {
+        if (($this->app->environment('local') || env("ENABLE_PROD_TELESCOPE", false)) && class_exists(\Laravel\Telescope\TelescopeServiceProvider::class)) {
            $this->app->register(\Laravel\Telescope\TelescopeServiceProvider::class);
            $this->app->register(TelescopeServiceProvider::class);
        }
--- a/docs/migrating/authentik.md
+++ b/docs/migrating/authentik.md
@ -0,0 +1,50 @@
+# Migrating from Authentik
+
+> [!NOTE]
+> You'll need access to your Authentik postgres instance as well as a database client.
+
+
+## Applications
+
+For applications we need:
+- Name
+- Client ID
+- Client Secret
+- Redirect URI
+
+Run the following query in your database client of choice and download it as a csv or as insert statements
+if your client allows.
+
+::: code-group
+```sql [PostgreSQL]
+SELECT
+    p.name as name,
+    prov.client_id,
+    prov.client_secret,
+    prov._redirect_uris->0->>'url' as redirect_uri,
+    now() as created_at,
+    now() as updated_at
+FROM
+    authentik_providers_oauth2_oauth2provider prov
+join authentik_core_provider p
+    on prov.provider_ptr_id = p.id
+```
+:::
+
+## Users
+
+This is a little more involved since users will need to set their password again. If you
+set up email sending they'll be able to just do the "forgot password" flow. If not, you
+might have to handle it a different way.
+
+::: code-group
+```sql [PostgreSQL]
+select
+    u.name,
+    u.email,
+    'cantbenull' as password, -- This won't work as a password but password can't be null
+    u.uuid
+from authentik_core_user u
+where u.email <> ''
+```
+:::