Is your feature request related to a problem? Please describe.
I need users to permanently store their credentials in an Android app.
Currently the backend of the app does the authentication against authentik.
This app does not support 2fa (which is a problem, is users configure it in authentik) or any oauth / oidc protocol to authenticate against authentik directly.
Describe the solution you'd like
It would be great, if the user can create an "app password" or "token" in authentik, and restrict the usage of this token to one (or multiple) specific application(s).
So the backend of the app can then use username + token to authenticate against authentik, without getting access to anything else.
However, I do not know, what the difference between "app password" and "token" is, and what they are normally used for. The documentation does not provide any meaningful information either. Maybe you can tell me?
Describe alternatives you've considered
Continue storing the user's password in the Android app and sending it to the backend to ask authentik, if the user can access the app. This is a potential security risk and does not allow configuration of 2fa.
Is your feature request related to a problem? Please describe. I need users to permanently store their credentials in an Android app. Currently the backend of the app does the authentication against authentik. This app does not support 2fa (which is a problem, is users configure it in authentik) or any oauth / oidc protocol to authenticate against authentik directly.
Describe the solution you'd like It would be great, if the user can create an "app password" or "token" in authentik, and restrict the usage of this token to one (or multiple) specific application(s). So the backend of the app can then use username + token to authenticate against authentik, without getting access to anything else.
However, I do not know, what the difference between "app password" and "token" is, and what they are normally used for. The documentation does not provide any meaningful information either. Maybe you can tell me?
Describe alternatives you've considered Continue storing the user's password in the Android app and sending it to the backend to ask authentik, if the user can access the app. This is a potential security risk and does not allow configuration of 2fa.