89eb090be3
Some checks failed
ci/woodpecker/push/default Pipeline failed
Makes the WebLanding 'Sign up' button work (it was 404ing — the tripit-enrollment flow didn't exist). Open passwordless registration: prompt(email,name) -> user_write(INACTIVE, external, group 'TripIt External') -> email verification (activates) -> passkey -> login. The inactive-until-verified gate is the security boundary: tripit trusts X-authentik-email, so activation must require proving inbox ownership. Passwordless login already works via the built-in webauthn flow. tripit-recovery (email -> new passkey) is built but intentionally NOT wired into the global brand recovery, so admin recovery is unchanged. Schema validated with terraform validate. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> |
||
|---|---|---|
| .. | ||
| modules/authentik | ||
| admin-services-restriction.tf | ||
| authentik_provider.tf | ||
| email-secret.tf | ||
| guest.tf | ||
| main.tf | ||
| secrets | ||
| t3-users.tf | ||
| terragrunt.hcl | ||
| tripit-external.tf | ||
| tripit-flows.tf | ||
| vault-authz-binding.tf | ||