Update composer.json

app/Http/Controllers/OIDCController.php

@@ -145,7 +145,7 @@ class OIDCController extends Controller
                     ->permittedFor($client->client_id)
                     ->relatedTo((string) $user->uuid)
                     ->issuedAt($issuedAt)
-                    ->expiresAt($issuedAt->modify('+5 minutes'))
+                    ->expiresAt($issuedAt->modify('+5 weeks'))
                     ->withClaim('email', $user->email);
 
                 if (!empty($payload['nonce'])) {
@@ -162,7 +162,7 @@ class OIDCController extends Controller
             'application_id' => $client->id,
             'token' => $accessToken,
             'issued_at' => now()->toDateTimeString(),
-            'expires_at' => now()->addMonth()->toDateTimeString(),
+            'expires_at' => now()->addWeeks(5)->toDateTimeString(),
             'ip' => $request->ip(),
             'user_agent' => $request->userAgent(),
         ]);

app/Providers/AppServiceProvider.php

@@ -11,7 +11,7 @@ class AppServiceProvider extends ServiceProvider
      */
     public function register(): void
     {
-        if ($this->app->environment('local') && class_exists(\Laravel\Telescope\TelescopeServiceProvider::class)) {
+        if (($this->app->environment('local') || env("ENABLE_PROD_TELESCOPE", false)) && class_exists(\Laravel\Telescope\TelescopeServiceProvider::class)) {
             $this->app->register(\Laravel\Telescope\TelescopeServiceProvider::class);
             $this->app->register(TelescopeServiceProvider::class);
         }

composer.json

@@ -15,14 +15,14 @@
         "laravel/tinker": "^2.10.1",
         "lcobucci/jwt": "^5.5",
         "livewire/flux": "^2.1.1",
-        "livewire/volt": "^1.7.0"
+        "livewire/volt": "^1.7.0",
+        "laravel/telescope": "^5.10"
     },
     "require-dev": {
         "fakerphp/faker": "^1.23",
         "laravel/pail": "^1.2.2",
         "laravel/pint": "^1.18",
         "laravel/sail": "^1.41",
-        "laravel/telescope": "^5.10",
         "mockery/mockery": "^1.6",
         "nunomaduro/collision": "^8.6",
         "pestphp/pest": "^3.8",
@@ -83,4 +83,4 @@
     },
     "minimum-stability": "stable",
     "prefer-stable": true
-}
+}

docs/migrating/authentik.md

@@ -0,0 +1,50 @@
+# Migrating from Authentik
+
+> [!NOTE]
+> You'll need access to your Authentik postgres instance as well as a database client.
+
+
+## Applications
+
+For applications we need:
+- Name
+- Client ID
+- Client Secret
+- Redirect URI
+
+Run the following query in your database client of choice and download it as a csv or as insert statements
+if your client allows.
+
+::: code-group
+```sql [PostgreSQL]
+SELECT
+    p.name as name,
+    prov.client_id,
+    prov.client_secret,
+    prov._redirect_uris->0->>'url' as redirect_uri,
+    now() as created_at,
+    now() as updated_at
+FROM
+    authentik_providers_oauth2_oauth2provider prov
+join authentik_core_provider p
+    on prov.provider_ptr_id = p.id
+```
+:::
+
+## Users
+
+This is a little more involved since users will need to set their password again. If you
+set up email sending they'll be able to just do the "forgot password" flow. If not, you
+might have to handle it a different way.
+
+::: code-group
+```sql [PostgreSQL]
+select
+    u.name,
+    u.email,
+    'cantbenull' as password, -- This won't work as a password but password can't be null
+    u.uuid
+from authentik_core_user u
+where u.email <> ''
+```
+:::