enterprise/providers/scim: add support for interactive OAuth2

[BeryJu]

We added initial OAuth support in #16903 but that only supports client_credentials based of a client_id + client_secret.

This adds the ability to use interactive OAuth where a single user needs to interactive authorize SCIM.

New URLS:

• https://authentik.company/application/scim/<slug>/oauth2/start/ Starts this SCIM-OAuth flow
• https://authentik.company/application/scim/<slug>/oauth2/callback/ new callback URL for SCIM OAuth flow

TODOs:

• Link start URL in UI
• Probably have a different option in the provider for {token, oauth_client_credentials, oauth_interactive}
• Logic to refresh the token we get from interactive
• More testing (tested with Apple business/school manager)
• Docs

[netlify]

✅ Deploy Preview for authentik-docs ready!

Name	Link
🔨 Latest commit	067bb44
🔍 Latest deploy log	https://app.netlify.com/projects/authentik-docs/deploys/69fcc6e444c16f00081b3c52
😎 Deploy Preview	https://deploy-preview-22072--authentik-docs.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[codecov]

Codecov Report

❌ Patch coverage is 90.32258% with 21 lines in your changes missing coverage. Please review.
✅ Project coverage is 93.23%. Comparing base (b420e4f) to head (067bb44).
⚠️ Report is 42 commits behind head on main.
✅ All tests successful. No failed tests found.

Files with missing lines	Patch %	Lines
authentik/enterprise/providers/scim/api.py	72.41%	8 Missing ⚠️
authentik/sources/oauth/views/callback.py	46.15%	7 Missing ⚠️
authentik/enterprise/providers/scim/views.py	88.63%	5 Missing ⚠️
authentik/enterprise/providers/scim/auth_oauth2.py	94.73%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main   #22072      +/-   ##
==========================================
- Coverage   93.24%   93.23%   -0.02%     
==========================================
  Files        1026     1030       +4     
  Lines       59410    59573     +163     
  Branches      400      400              
==========================================
+ Hits        55397    55540     +143     
- Misses       4013     4033      +20     

Flag	Coverage Δ
conformance	36.82% <20.27%> (-0.04%)	⬇️
e2e	42.01% <21.65%> (-0.05%)	⬇️
integration	33.23% <20.27%> (-0.03%)	⬇️
rust	0.00% <ø> (ø)
unit	92.17% <90.32%> (+0.01%)	⬆️
unit-migrate	92.21% <90.32%> (+0.01%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[github-actions]

authentik PR Installation instructions

Instructions for docker-compose

Add the following block to your .env file:

AUTHENTIK_IMAGE=ghcr.io/goauthentik/dev-server
AUTHENTIK_TAG=gh-067bb4427d0531543a0f9efee607bc6ebc0b579e
AUTHENTIK_OUTPOSTS__CONTAINER_IMAGE_BASE=ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s

Afterwards, run the upgrade commands from the latest release notes.

Instructions for Kubernetes

Add the following block to your values.yml file:

authentik:
    outposts:
        container_image_base: ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s
global:
    image:
        repository: ghcr.io/goauthentik/dev-server
        tag: gh-067bb4427d0531543a0f9efee607bc6ebc0b579e

Afterwards, run the upgrade commands from the latest release notes.

[netlify]

✅ Deploy Preview for authentik-storybook ready!

Name	Link
🔨 Latest commit	067bb44
🔍 Latest deploy log	https://app.netlify.com/projects/authentik-storybook/deploys/69fcc6e498b7110008251b5e
😎 Deploy Preview	https://deploy-preview-22072--authentik-storybook.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[netlify]

✅ Deploy Preview for authentik-integrations ready!

Name	Link
🔨 Latest commit	067bb44
🔍 Latest deploy log	https://app.netlify.com/projects/authentik-integrations/deploys/69fcc6e4d7f900000818e9a8
😎 Deploy Preview	https://deploy-preview-22072--authentik-integrations.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.