mirrors
/
authentik
mirror of https://github.com/goauthentik/authentik.git
0
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
authentik/website/docs/releases/2024/v2024.10.md

3368 lines
86 KiB
Markdown
Raw Permalink Blame History

---
title: Release 2024.10
slug: "/releases/2024.10"
---
## Highlights
- **Chrome Device Trust** <span class="badge badge--primary">Enterprise</span> <span class="badge badge--info">Preview</span>: Verify that your users are logging in from managed devices and validate the devices' compliance with company policies.
- **FIPS/FAL3 for FedRAMP "very high" compliance** <span class="badge badge--primary">Enterprise+</span>: with support for SAML encryption and now JWE (JSON Web Encryption) support, authentik can now be configured for FIPS compliance at Federation Assurance Level (FAL) 3.
- **Captcha on Identification stage**: Run a CAPTCHA process in the background while the user is entering their identification.
- **Kerberos source**: authentik can now integrate with existing Kerberos environments by allowing users to log in with their Kerberos credentials, SPNEGO, or syncing users into authentik.
## Breaking changes
We have no breaking changes this release!
## New features
- **Chrome Device Trust** <span class="badge badge--primary">Enterprise</span> <span class="badge badge--info">Preview</span>
This is a new stage for Enterprise clients that verifies the user through the Chrome Verified Access API. This stage only works with Google Chrome. You'll need to bring your own [Verified Access API instance](https://developers.google.com/chrome/verified-access/overview) via Google Cloud.
- **JWE support for OAuth**
You can now configure JSON Web Encryption with the OAuth 2.0 Provider, which will encrypt all the tokens created by authentik, using the configured encryption key.
- **Captcha on identification stage**
We've added an optional Captcha stage baked into an Identification stage to run in the background while the user inputs their information. Using this will hopefully result in lower total time per flow for the end user.
- **Invalidation flows for providers**
The sign-out experience when the session in an application ends can be configured now. Previously where this was always a static page, any flow can be used now. This can be used for additional validation, or redirecting the user to a custom URL.
- **Autoselect 2FA device**
Users who configure multiple 2FA devices will now land on their last used device's prompt, skipping the device picker. This should result in lower total average time per flow for the end user.
- **New structure for authentik's technical documentation**
We've restructured the documentation in authentik to be more task-based, with sections, titles, and headings that follow the workflow of installing, configuring, and using the product. Previously, our docs were organized by components. This new focus on tasks increases findability within the Table of Contents, and provide a high-level guide of the typical workflows with authentik.
## Upgrading
This release does not introduce any new requirements. You can follow the upgrade instructions below; for more detailed information about upgrading authentik, refer to our [Upgrade documentation](../../install-config/upgrade.mdx).
:::warning
When you upgrade, be aware that the version of the authentik instance and of any outposts must be the same. We recommended that you always upgrade any outposts at the same time you upgrade your authentik instance.
:::
### Docker Compose
To upgrade, download the new docker-compose file and update the Docker stack with the new version, using these commands:
```shell
wget -O docker-compose.yml https://goauthentik.io/version/2024.10/docker-compose.yml
docker compose up -d
```
The `-O` flag retains the downloaded file's name, overwriting any existing local file with the same name.
### Kubernetes
Upgrade the Helm Chart to the new version, using the following commands:
```shell
helm repo update
helm upgrade authentik authentik/authentik -f values.yaml --version ^2024.10
```
## Minor changes/fixes
- \*: fix deprecated calls to sentry start_span (#11655)
- admin: refactor update check (#11272)
- admin: store version history (#11520)
- blueprints: fix validation error when using internal storage (#11654)
- core: ensure all providers have correct priority (#11280)
- core: ensure proxy provider is correctly looked up (#11267)
- core: extract object matching from flow manager (#11458)
- core: fix change_user_type always requiring usernames (#11177)
- core: fix missing argument name escaping for property mapping (#11231)
- core: fix permission check for scoped impersonation (#11315)
- core: fix permission check for scoped impersonation (#11603)
- enterprise: fix API mixin license validity check (#11331)
- enterprise: fix incorrect comparison for latest validity date (#11109)
- enterprise: show specific error if Install ID is invalid in license (#11317)
- events: always use expiry from current tenant for events, not only when creating from HTTP request (#11415)
- events: optimise marking events as seen (#11297)
- fix: proxy provider - docker traefik label (#11460)
- flows: include Outpost instance in flow context and save in login event (#11318)
- flows: provider invalidation (#5048)
- internal: fix go paginator not setting page correctly (#11253)
- internal: restore /ping behaviour for embedded outpost (#11568)
- policies/event_matcher: fix inconsistent behaviour (#11724)
- providers/ldap: fix incorrect permission check for search access (#11217)
- providers/ldap: fix migration assuming search group is set (#11170)
- providers/ldap: rework search_group migration to work with read replicas (#11228)
- providers/oauth2: add indexes on tokens (#11524)
- providers/oauth2: add initial JWE support (#11344)
- providers/oauth2: audit_ignore last_login change for generated service account (#11085)
- providers/oauth2: don't overwrite attributes when updating service account (#11709)
- providers/oauth2: improve indexes on tokens (#11543)
- providers/proxy: fix URL path getting lost when partial URL is given to rd= (#11354)
- providers/proxy: fix panic, keep session storages open (#11439)
- providers/saml: fix incorrect ds:Reference URI (#11699)
- providers/scim: add option to ignore SCIM server cert (#11437)
- root: fix ensure `outpost_connection_discovery runs on worker startup (#11260)
- schemas: fix XML Schema loading...for some reason?
- security: fix CVE-2024-47070 (#11536)
- security: fix CVE-2024-47077 (#11535)
- sources/ldap: fix mapping check, fix debug endpoint (#11442)
- sources/ldap: fix missing search attribute (#11125)
- sources/ldap: fix ms_ad userAccountControl not checking for lockout (#11532)
- sources/saml: fix NameIDFormat descriptor in metadata generation (#11614)
- stages/authenticator: use RBAC for devices API (#11482)
- stages/identification: dynamically find login challenges (#11571)
- stages/password: add error message when exceeding maximum tries (#11679)
- tests/e2e: add forward auth e2e test (#11374)
- web/admin: display webauthn device type (#11481)
- web/admin: fix Authentication flow being required (#11496)
- web/admin: fix duplicate flow labels (#11689)
- web/admin: fix error in Outpost creation form (#11173)
- web/admin: fix invalid create date shown for MFA registered before date was saved (#11728)
- web/admin: fix misc dual select on different forms (#11203)
- web/admin: fix missing Sync object button SCIM Provider (#11211)
- web/admin: fix notification property mapping forms (#11298)
- web/admin: fix sync single button throwing error (#11727)
- web/admin: improve error handling (#11212)
- web/users: show - if device was registered before we started saving the time (#11256)
- web: Adjust Wdio MaxInstances, add Knip (#11089)
- web: Fix css loading in unit tests, remove unneeded dot paths (#11629)
- web: add missing id attribute for button in ak-flow-input-password (#11413)
- web: audit and update package.json and associated test harness, with upgrade to WebdriverIO 9 (#11596)
- web: fix dual-select with dynamic selection (#11133)
- web: fix e2e tests to work with latest WebdriverIO and authentik 2024.8 (#11105)
- web: fix readonly fields appearing white in dark theme (#11271)
- web: provide simple tables for API-less displays (#11028)
- web: provide storybook demos and docs for existing tests (#11651)
- web: revert lockfile lint, re-add integrity (#11380)
- web: small fixes for elements and forms (#11546)
## Fixed in 2024.10.1
- core: add `None` check to a device's `extra_description` (cherry-pick #11904) (#11906)
- enterprise/rac: fix API Schema for invalidation_flow (cherry-pick #11907) (#11908)
- providers/oauth2: fix size limited index for tokens (cherry-pick #11879) (#11905)
- web: fix missing status code on failed build (#11903)
## Fixed in 2024.10.2
- blueprints: add default Password policy (cherry-pick #11793) (#11993)
- core: use versioned_script for path only (cherry-pick #12003) (#12023)
- crypto: validate that generated certificate's name is unique (cherry-pick #12015) (#12016)
- providers/oauth2: fix manual device code entry (cherry-pick #12017) (#12019)
- providers/proxy: fix Issuer when AUTHENTIK_HOST_BROWSER is set (cherry-pick #11968) (#12005)
- stages/captcha: Run interactive captcha in Frame (cherry-pick #11857) (#11991)
- stages/password: use recovery flow from brand (cherry-pick #11953) (#11969)
- web: bump API Client version (#11992)
## Fixed in 2024.10.3
- core: fix source_flow_manager throwing error when authenticated user attempts to re-authenticate with existing link (cherry-pick #12080) (#12081)
- internal: add CSP header to files in `/media` (cherry-pick #12092) (#12108)
- providers/ldap: fix global search_full_directory permission not being sufficient (cherry-pick #12028) (#12030)
- providers/scim: accept string and int for SCIM IDs (cherry-pick #12093) (#12095)
- rbac: fix incorrect object_description for object-level permissions (cherry-pick #12029) (#12043)
- root: check remote IP for proxy protocol same as HTTP/etc (cherry-pick #12094) (#12097)
- root: fix activation of locale not being scoped (cherry-pick #12091) (#12096)
- security: fix [CVE-2024-52287](../../security/cves/CVE-2024-52287.md), reported by [@matt1097](https://github.com/matt1097) (#12117)
- security: fix [CVE-2024-52289](../../security/cves/CVE-2024-52289.md), reported by [@PontusHanssen](https://github.com/PontusHanssen) (#12113)
- security: fix [CVE-2024-52307](../../security/cves/CVE-2024-52307.md), reported by [@mgerstner](https://github.com/mgerstner) (#12115)
- web/admin: better footer links (#12004)
- web/flows: fix invisible captcha call (cherry-pick #12048) (#12049)
- website/docs: add CSP to hardening (cherry-pick #11970) (#12116)
## Fixed in 2024.10.4
- providers/oauth2: fix migration (cherry-pick #12138) (#12139)
- providers/oauth2: fix migration dependencies (cherry-pick #12123) (#12132)
- providers/oauth2: fix redirect uri input (cherry-pick #12122) (#12127)
- providers/proxy: fix redirect_uri (cherry-pick #12121) (#12125)
- web: bump API Client version (cherry-pick #12129) (#12130)
## API Changes
### API Changes in 2024.10.0
#### What's New
---
##### `GET` /admin/version/history/
##### `GET` /admin/version/history/&#123;id&#125;/
##### `GET` /authenticators/admin/endpoint/
##### `POST` /authenticators/admin/endpoint/
##### `GET` /authenticators/admin/endpoint/&#123;uuid&#125;/
##### `PUT` /authenticators/admin/endpoint/&#123;uuid&#125;/
##### `DELETE` /authenticators/admin/endpoint/&#123;uuid&#125;/
##### `PATCH` /authenticators/admin/endpoint/&#123;uuid&#125;/
##### `GET` /authenticators/endpoint/
##### `GET` /authenticators/endpoint/&#123;uuid&#125;/
##### `GET` /authenticators/endpoint/&#123;uuid&#125;/used_by/
##### `GET` /propertymappings/source/kerberos/
##### `POST` /propertymappings/source/kerberos/
##### `GET` /propertymappings/source/kerberos/&#123;pm_uuid&#125;/
##### `PUT` /propertymappings/source/kerberos/&#123;pm_uuid&#125;/
##### `DELETE` /propertymappings/source/kerberos/&#123;pm_uuid&#125;/
##### `PATCH` /propertymappings/source/kerberos/&#123;pm_uuid&#125;/
##### `GET` /propertymappings/source/kerberos/&#123;pm_uuid&#125;/used_by/
##### `GET` /sources/group_connections/kerberos/
##### `GET` /sources/group_connections/kerberos/&#123;id&#125;/
##### `PUT` /sources/group_connections/kerberos/&#123;id&#125;/
##### `DELETE` /sources/group_connections/kerberos/&#123;id&#125;/
##### `PATCH` /sources/group_connections/kerberos/&#123;id&#125;/
##### `GET` /sources/group_connections/kerberos/&#123;id&#125;/used_by/
##### `GET` /sources/kerberos/
##### `POST` /sources/kerberos/
##### `GET` /sources/kerberos/&#123;slug&#125;/
##### `PUT` /sources/kerberos/&#123;slug&#125;/
##### `DELETE` /sources/kerberos/&#123;slug&#125;/
##### `PATCH` /sources/kerberos/&#123;slug&#125;/
##### `GET` /sources/kerberos/&#123;slug&#125;/sync/status/
##### `GET` /sources/kerberos/&#123;slug&#125;/used_by/
##### `GET` /sources/user_connections/kerberos/
##### `POST` /sources/user_connections/kerberos/
##### `GET` /sources/user_connections/kerberos/&#123;id&#125;/
##### `PUT` /sources/user_connections/kerberos/&#123;id&#125;/
##### `DELETE` /sources/user_connections/kerberos/&#123;id&#125;/
##### `PATCH` /sources/user_connections/kerberos/&#123;id&#125;/
##### `GET` /sources/user_connections/kerberos/&#123;id&#125;/used_by/
##### `GET` /stages/authenticator/endpoint_gdtc/
##### `POST` /stages/authenticator/endpoint_gdtc/
##### `GET` /stages/authenticator/endpoint_gdtc/&#123;stage_uuid&#125;/
##### `PUT` /stages/authenticator/endpoint_gdtc/&#123;stage_uuid&#125;/
##### `DELETE` /stages/authenticator/endpoint_gdtc/&#123;stage_uuid&#125;/
##### `PATCH` /stages/authenticator/endpoint_gdtc/&#123;stage_uuid&#125;/
##### `GET` /stages/authenticator/endpoint_gdtc/&#123;stage_uuid&#125;/used_by/
#### What's Changed
---
##### `GET` /authenticators/admin/all/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
Changed items (object): > Serializer for Duo authenticator devices
New required properties:
- `extra_description`
* Added property `extra_description` (string)
> Get extra description
* Changed property `pk` (integer -> string)
##### `GET` /authenticators/all/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
Changed items (object): > Serializer for Duo authenticator devices
New required properties:
- `extra_description`
* Added property `extra_description` (string)
> Get extra description
* Changed property `pk` (integer -> string)
##### `GET` /policies/event_matcher/&#123;policy_uuid&#125;/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `app` (string)
> Match events created by selected application. When left empty, all applications are matched.
Added enum values:
- `authentik.sources.kerberos`
- `authentik.enterprise.stages.authenticator_endpoint_gdtc`
- Changed property `model` (string)
> Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched.
Added enum values:
- `authentik_sources_kerberos.kerberossource`
- `authentik_sources_kerberos.kerberossourcepropertymapping`
- `authentik_sources_kerberos.userkerberossourceconnection`
- `authentik_sources_kerberos.groupkerberossourceconnection`
- `authentik_stages_authenticator_endpoint_gdtc.authenticatorendpointgdtcstage`
##### `PUT` /policies/event_matcher/&#123;policy_uuid&#125;/
###### Request:
Changed content type : `application/json`
- Changed property `app` (string)
> Match events created by selected application. When left empty, all applications are matched.
Added enum values:
- `authentik.sources.kerberos`
- `authentik.enterprise.stages.authenticator_endpoint_gdtc`
- Changed property `model` (string)
> Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched.
Added enum values:
- `authentik_sources_kerberos.kerberossource`
- `authentik_sources_kerberos.kerberossourcepropertymapping`
- `authentik_sources_kerberos.userkerberossourceconnection`
- `authentik_sources_kerberos.groupkerberossourceconnection`
- `authentik_stages_authenticator_endpoint_gdtc.authenticatorendpointgdtcstage`
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `app` (string)
> Match events created by selected application. When left empty, all applications are matched.
Added enum values:
- `authentik.sources.kerberos`
- `authentik.enterprise.stages.authenticator_endpoint_gdtc`
- Changed property `model` (string)
> Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched.
Added enum values:
- `authentik_sources_kerberos.kerberossource`
- `authentik_sources_kerberos.kerberossourcepropertymapping`
- `authentik_sources_kerberos.userkerberossourceconnection`
- `authentik_sources_kerberos.groupkerberossourceconnection`
- `authentik_stages_authenticator_endpoint_gdtc.authenticatorendpointgdtcstage`
##### `PATCH` /policies/event_matcher/&#123;policy_uuid&#125;/
###### Request:
Changed content type : `application/json`
- Changed property `app` (string)
> Match events created by selected application. When left empty, all applications are matched.
Added enum values:
- `authentik.sources.kerberos`
- `authentik.enterprise.stages.authenticator_endpoint_gdtc`
- Changed property `model` (string)
> Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched.
Added enum values:
- `authentik_sources_kerberos.kerberossource`
- `authentik_sources_kerberos.kerberossourcepropertymapping`
- `authentik_sources_kerberos.userkerberossourceconnection`
- `authentik_sources_kerberos.groupkerberossourceconnection`
- `authentik_stages_authenticator_endpoint_gdtc.authenticatorendpointgdtcstage`
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `app` (string)
> Match events created by selected application. When left empty, all applications are matched.
Added enum values:
- `authentik.sources.kerberos`
- `authentik.enterprise.stages.authenticator_endpoint_gdtc`
- Changed property `model` (string)
> Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched.
Added enum values:
- `authentik_sources_kerberos.kerberossource`
- `authentik_sources_kerberos.kerberossourcepropertymapping`
- `authentik_sources_kerberos.userkerberossourceconnection`
- `authentik_sources_kerberos.groupkerberossourceconnection`
- `authentik_stages_authenticator_endpoint_gdtc.authenticatorendpointgdtcstage`
##### `GET` /providers/all/&#123;id&#125;/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
New required properties:
- `invalidation_flow`
* Added property `invalidation_flow` (string)
> Flow used ending the session from a provider.
##### `GET` /providers/oauth2/&#123;id&#125;/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
New required properties:
- `invalidation_flow`
* Added property `invalidation_flow` (string)
> Flow used ending the session from a provider.
* Added property `encryption_key` (string)
> Key used to encrypt the tokens. When set, tokens will be encrypted and returned as JWEs.
* Changed property `signing_key` (string)
> Key used to sign the tokens.
##### `PUT` /providers/oauth2/&#123;id&#125;/
###### Request:
Changed content type : `application/json`
New required properties:
- `invalidation_flow`
* Added property `invalidation_flow` (string)
> Flow used ending the session from a provider.
* Added property `encryption_key` (string)
> Key used to encrypt the tokens. When set, tokens will be encrypted and returned as JWEs.
* Changed property `signing_key` (string)
> Key used to sign the tokens.
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
New required properties:
- `invalidation_flow`
* Added property `invalidation_flow` (string)
> Flow used ending the session from a provider.
* Added property `encryption_key` (string)
> Key used to encrypt the tokens. When set, tokens will be encrypted and returned as JWEs.
* Changed property `signing_key` (string)
> Key used to sign the tokens.
##### `PATCH` /providers/oauth2/&#123;id&#125;/
###### Request:
Changed content type : `application/json`
- Added property `invalidation_flow` (string)
> Flow used ending the session from a provider.
- Added property `encryption_key` (string)
> Key used to encrypt the tokens. When set, tokens will be encrypted and returned as JWEs.
- Changed property `signing_key` (string)
> Key used to sign the tokens.
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
New required properties:
- `invalidation_flow`
* Added property `invalidation_flow` (string)
> Flow used ending the session from a provider.
* Added property `encryption_key` (string)
> Key used to encrypt the tokens. When set, tokens will be encrypted and returned as JWEs.
* Changed property `signing_key` (string)
> Key used to sign the tokens.
##### `GET` /providers/proxy/&#123;id&#125;/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
New required properties:
- `invalidation_flow`
* Added property `invalidation_flow` (string)
> Flow used ending the session from a provider.
##### `PUT` /providers/proxy/&#123;id&#125;/
###### Request:
Changed content type : `application/json`
New required properties:
- `invalidation_flow`
* Added property `invalidation_flow` (string)
> Flow used ending the session from a provider.
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
New required properties:
- `invalidation_flow`
* Added property `invalidation_flow` (string)
> Flow used ending the session from a provider.
##### `PATCH` /providers/proxy/&#123;id&#125;/
###### Request:
Changed content type : `application/json`
- Added property `invalidation_flow` (string)
> Flow used ending the session from a provider.
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
New required properties:
- `invalidation_flow`
* Added property `invalidation_flow` (string)
> Flow used ending the session from a provider.
##### `GET` /providers/rac/&#123;id&#125;/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
New required properties:
- `invalidation_flow`
* Added property `invalidation_flow` (string)
> Flow used ending the session from a provider.
##### `PUT` /providers/rac/&#123;id&#125;/
###### Request:
Changed content type : `application/json`
New required properties:
- `invalidation_flow`
* Added property `invalidation_flow` (string)
> Flow used ending the session from a provider.
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
New required properties:
- `invalidation_flow`
* Added property `invalidation_flow` (string)
> Flow used ending the session from a provider.
##### `PATCH` /providers/rac/&#123;id&#125;/
###### Request:
Changed content type : `application/json`
- Added property `invalidation_flow` (string)
> Flow used ending the session from a provider.
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
New required properties:
- `invalidation_flow`
* Added property `invalidation_flow` (string)
> Flow used ending the session from a provider.
##### `GET` /providers/radius/&#123;id&#125;/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
New required properties:
- `invalidation_flow`
* Added property `invalidation_flow` (string)
> Flow used ending the session from a provider.
##### `PUT` /providers/radius/&#123;id&#125;/
###### Request:
Changed content type : `application/json`
New required properties:
- `invalidation_flow`
* Added property `invalidation_flow` (string)
> Flow used ending the session from a provider.
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
New required properties:
- `invalidation_flow`
* Added property `invalidation_flow` (string)
> Flow used ending the session from a provider.
##### `PATCH` /providers/radius/&#123;id&#125;/
###### Request:
Changed content type : `application/json`
- Added property `invalidation_flow` (string)
> Flow used ending the session from a provider.
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
New required properties:
- `invalidation_flow`
* Added property `invalidation_flow` (string)
> Flow used ending the session from a provider.
##### `POST` /providers/saml/import_metadata/
###### Request:
Changed content type : `multipart/form-data`
New required properties:
- `invalidation_flow`
* Added property `invalidation_flow` (string)
##### `GET` /providers/scim/&#123;id&#125;/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Added property `verify_certificates` (boolean)
##### `PUT` /providers/scim/&#123;id&#125;/
###### Request:
Changed content type : `application/json`
- Added property `verify_certificates` (boolean)
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Added property `verify_certificates` (boolean)
##### `PATCH` /providers/scim/&#123;id&#125;/
###### Request:
Changed content type : `application/json`
- Added property `verify_certificates` (boolean)
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Added property `verify_certificates` (boolean)
##### `GET` /core/applications/&#123;slug&#125;/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `provider_obj` (object)
> Provider Serializer
New required properties:
- `invalidation_flow`
* Added property `invalidation_flow` (string)
> Flow used ending the session from a provider.
- Changed property `backchannel_providers_obj` (array)
Changed items (object): > Provider Serializer
New required properties:
- `invalidation_flow`
* Added property `invalidation_flow` (string)
> Flow used ending the session from a provider.
##### `PUT` /core/applications/&#123;slug&#125;/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `provider_obj` (object)
> Provider Serializer
New required properties:
- `invalidation_flow`
* Added property `invalidation_flow` (string)
> Flow used ending the session from a provider.
- Changed property `backchannel_providers_obj` (array)
Changed items (object): > Provider Serializer
New required properties:
- `invalidation_flow`
* Added property `invalidation_flow` (string)
> Flow used ending the session from a provider.
##### `PATCH` /core/applications/&#123;slug&#125;/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `provider_obj` (object)
> Provider Serializer
New required properties:
- `invalidation_flow`
* Added property `invalidation_flow` (string)
> Flow used ending the session from a provider.
- Changed property `backchannel_providers_obj` (array)
Changed items (object): > Provider Serializer
New required properties:
- `invalidation_flow`
* Added property `invalidation_flow` (string)
> Flow used ending the session from a provider.
##### `GET` /outposts/instances/&#123;uuid&#125;/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `providers_obj` (array)
Changed items (object): > Provider Serializer
New required properties:
- `invalidation_flow`
* Added property `invalidation_flow` (string)
> Flow used ending the session from a provider.
##### `PUT` /outposts/instances/&#123;uuid&#125;/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `providers_obj` (array)
Changed items (object): > Provider Serializer
New required properties:
- `invalidation_flow`
* Added property `invalidation_flow` (string)
> Flow used ending the session from a provider.
##### `PATCH` /outposts/instances/&#123;uuid&#125;/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `providers_obj` (array)
Changed items (object): > Provider Serializer
New required properties:
- `invalidation_flow`
* Added property `invalidation_flow` (string)
> Flow used ending the session from a provider.
##### `POST` /policies/event_matcher/
###### Request:
Changed content type : `application/json`
- Changed property `app` (string)
> Match events created by selected application. When left empty, all applications are matched.
Added enum values:
- `authentik.sources.kerberos`
- `authentik.enterprise.stages.authenticator_endpoint_gdtc`
- Changed property `model` (string)
> Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched.
Added enum values:
- `authentik_sources_kerberos.kerberossource`
- `authentik_sources_kerberos.kerberossourcepropertymapping`
- `authentik_sources_kerberos.userkerberossourceconnection`
- `authentik_sources_kerberos.groupkerberossourceconnection`
- `authentik_stages_authenticator_endpoint_gdtc.authenticatorendpointgdtcstage`
###### Return Type:
Changed response : **201 Created**
- Changed content type : `application/json`
- Changed property `app` (string)
> Match events created by selected application. When left empty, all applications are matched.
Added enum values:
- `authentik.sources.kerberos`
- `authentik.enterprise.stages.authenticator_endpoint_gdtc`
- Changed property `model` (string)
> Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched.
Added enum values:
- `authentik_sources_kerberos.kerberossource`
- `authentik_sources_kerberos.kerberossourcepropertymapping`
- `authentik_sources_kerberos.userkerberossourceconnection`
- `authentik_sources_kerberos.groupkerberossourceconnection`
- `authentik_stages_authenticator_endpoint_gdtc.authenticatorendpointgdtcstage`
##### `GET` /policies/event_matcher/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `results` (array)
Changed items (object): > Event Matcher Policy Serializer
- Changed property `app` (string)
> Match events created by selected application. When left empty, all applications are matched.
Added enum values:
- `authentik.sources.kerberos`
- `authentik.enterprise.stages.authenticator_endpoint_gdtc`
- Changed property `model` (string)
> Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched.
Added enum values:
- `authentik_sources_kerberos.kerberossource`
- `authentik_sources_kerberos.kerberossourcepropertymapping`
- `authentik_sources_kerberos.userkerberossourceconnection`
- `authentik_sources_kerberos.groupkerberossourceconnection`
- `authentik_stages_authenticator_endpoint_gdtc.authenticatorendpointgdtcstage`
##### `GET` /providers/all/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `results` (array)
Changed items (object): > Provider Serializer
New required properties:
- `invalidation_flow`
* Added property `invalidation_flow` (string)
> Flow used ending the session from a provider.
##### `GET` /providers/ldap/&#123;id&#125;/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
New required properties:
- `invalidation_flow`
* Added property `invalidation_flow` (string)
> Flow used ending the session from a provider.
##### `PUT` /providers/ldap/&#123;id&#125;/
###### Request:
Changed content type : `application/json`
New required properties:
- `invalidation_flow`
* Added property `invalidation_flow` (string)
> Flow used ending the session from a provider.
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
New required properties:
- `invalidation_flow`
* Added property `invalidation_flow` (string)
> Flow used ending the session from a provider.
##### `PATCH` /providers/ldap/&#123;id&#125;/
###### Request:
Changed content type : `application/json`
- Added property `invalidation_flow` (string)
> Flow used ending the session from a provider.
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
New required properties:
- `invalidation_flow`
* Added property `invalidation_flow` (string)
> Flow used ending the session from a provider.
##### `POST` /providers/oauth2/
###### Request:
Changed content type : `application/json`
New required properties:
- `invalidation_flow`
* Added property `invalidation_flow` (string)
> Flow used ending the session from a provider.
* Added property `encryption_key` (string)
> Key used to encrypt the tokens. When set, tokens will be encrypted and returned as JWEs.
* Changed property `signing_key` (string)
> Key used to sign the tokens.
###### Return Type:
Changed response : **201 Created**
- Changed content type : `application/json`
New required properties:
- `invalidation_flow`
* Added property `invalidation_flow` (string)
> Flow used ending the session from a provider.
* Added property `encryption_key` (string)
> Key used to encrypt the tokens. When set, tokens will be encrypted and returned as JWEs.
* Changed property `signing_key` (string)
> Key used to sign the tokens.
##### `GET` /providers/oauth2/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `results` (array)
Changed items (object): > OAuth2Provider Serializer
New required properties:
- `invalidation_flow`
* Added property `invalidation_flow` (string)
> Flow used ending the session from a provider.
* Added property `encryption_key` (string)
> Key used to encrypt the tokens. When set, tokens will be encrypted and returned as JWEs.
* Changed property `signing_key` (string)
> Key used to sign the tokens.
##### `POST` /providers/proxy/
###### Request:
Changed content type : `application/json`
New required properties:
- `invalidation_flow`
* Added property `invalidation_flow` (string)
> Flow used ending the session from a provider.
###### Return Type:
Changed response : **201 Created**
- Changed content type : `application/json`
New required properties:
- `invalidation_flow`
* Added property `invalidation_flow` (string)
> Flow used ending the session from a provider.
##### `GET` /providers/proxy/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `results` (array)
Changed items (object): > ProxyProvider Serializer
New required properties:
- `invalidation_flow`
* Added property `invalidation_flow` (string)
> Flow used ending the session from a provider.
##### `POST` /providers/rac/
###### Request:
Changed content type : `application/json`
New required properties:
- `invalidation_flow`
* Added property `invalidation_flow` (string)
> Flow used ending the session from a provider.
###### Return Type:
Changed response : **201 Created**
- Changed content type : `application/json`
New required properties:
- `invalidation_flow`
* Added property `invalidation_flow` (string)
> Flow used ending the session from a provider.
##### `GET` /providers/rac/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `results` (array)
Changed items (object): > RACProvider Serializer
New required properties:
- `invalidation_flow`
* Added property `invalidation_flow` (string)
> Flow used ending the session from a provider.
##### `POST` /providers/radius/
###### Request:
Changed content type : `application/json`
New required properties:
- `invalidation_flow`
* Added property `invalidation_flow` (string)
> Flow used ending the session from a provider.
###### Return Type:
Changed response : **201 Created**
- Changed content type : `application/json`
New required properties:
- `invalidation_flow`
* Added property `invalidation_flow` (string)
> Flow used ending the session from a provider.
##### `GET` /providers/radius/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `results` (array)
Changed items (object): > RadiusProvider Serializer
New required properties:
- `invalidation_flow`
* Added property `invalidation_flow` (string)
> Flow used ending the session from a provider.
##### `GET` /providers/saml/&#123;id&#125;/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
New required properties:
- `invalidation_flow`
* Added property `invalidation_flow` (string)
> Flow used ending the session from a provider.
##### `PUT` /providers/saml/&#123;id&#125;/
###### Request:
Changed content type : `application/json`
New required properties:
- `invalidation_flow`
* Added property `invalidation_flow` (string)
> Flow used ending the session from a provider.
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
New required properties:
- `invalidation_flow`
* Added property `invalidation_flow` (string)
> Flow used ending the session from a provider.
##### `PATCH` /providers/saml/&#123;id&#125;/
###### Request:
Changed content type : `application/json`
- Added property `invalidation_flow` (string)
> Flow used ending the session from a provider.
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
New required properties:
- `invalidation_flow`
* Added property `invalidation_flow` (string)
> Flow used ending the session from a provider.
##### `POST` /providers/scim/
###### Request:
Changed content type : `application/json`
- Added property `verify_certificates` (boolean)
###### Return Type:
Changed response : **201 Created**
- Changed content type : `application/json`
- Added property `verify_certificates` (boolean)
##### `GET` /providers/scim/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `results` (array)
Changed items (object): > SCIMProvider Serializer
- Added property `verify_certificates` (boolean)
##### `GET` /rac/connection_tokens/&#123;connection_token_uuid&#125;/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `provider_obj` (object)
> RACProvider Serializer
New required properties:
- `invalidation_flow`
* Added property `invalidation_flow` (string)
> Flow used ending the session from a provider.
- Changed property `endpoint_obj` (object)
> Endpoint Serializer
- Changed property `provider_obj` (object)
> RACProvider Serializer
New required properties:
- `invalidation_flow`
* Added property `invalidation_flow` (string)
> Flow used ending the session from a provider.
##### `PUT` /rac/connection_tokens/&#123;connection_token_uuid&#125;/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `provider_obj` (object)
> RACProvider Serializer
New required properties:
- `invalidation_flow`
* Added property `invalidation_flow` (string)
> Flow used ending the session from a provider.
- Changed property `endpoint_obj` (object)
> Endpoint Serializer
- Changed property `provider_obj` (object)
> RACProvider Serializer
New required properties:
- `invalidation_flow`
* Added property `invalidation_flow` (string)
> Flow used ending the session from a provider.
##### `PATCH` /rac/connection_tokens/&#123;connection_token_uuid&#125;/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `provider_obj` (object)
> RACProvider Serializer
New required properties:
- `invalidation_flow`
* Added property `invalidation_flow` (string)
> Flow used ending the session from a provider.
- Changed property `endpoint_obj` (object)
> Endpoint Serializer
- Changed property `provider_obj` (object)
> RACProvider Serializer
New required properties:
- `invalidation_flow`
* Added property `invalidation_flow` (string)
> Flow used ending the session from a provider.
##### `GET` /rac/endpoints/&#123;pbm_uuid&#125;/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `provider_obj` (object)
> RACProvider Serializer
New required properties:
- `invalidation_flow`
* Added property `invalidation_flow` (string)
> Flow used ending the session from a provider.
##### `PUT` /rac/endpoints/&#123;pbm_uuid&#125;/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `provider_obj` (object)
> RACProvider Serializer
New required properties:
- `invalidation_flow`
* Added property `invalidation_flow` (string)
> Flow used ending the session from a provider.
##### `PATCH` /rac/endpoints/&#123;pbm_uuid&#125;/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `provider_obj` (object)
> RACProvider Serializer
New required properties:
- `invalidation_flow`
* Added property `invalidation_flow` (string)
> Flow used ending the session from a provider.
##### `POST` /rbac/permissions/assigned_by_roles/&#123;uuid&#125;/assign/
###### Request:
Changed content type : `application/json`
- Changed property `model` (string)
Added enum values:
- `authentik_sources_kerberos.kerberossource`
- `authentik_sources_kerberos.kerberossourcepropertymapping`
- `authentik_sources_kerberos.userkerberossourceconnection`
- `authentik_sources_kerberos.groupkerberossourceconnection`
- `authentik_stages_authenticator_endpoint_gdtc.authenticatorendpointgdtcstage`
##### `PATCH` /rbac/permissions/assigned_by_roles/&#123;uuid&#125;/unassign/
###### Request:
Changed content type : `application/json`
- Changed property `model` (string)
Added enum values:
- `authentik_sources_kerberos.kerberossource`
- `authentik_sources_kerberos.kerberossourcepropertymapping`
- `authentik_sources_kerberos.userkerberossourceconnection`
- `authentik_sources_kerberos.groupkerberossourceconnection`
- `authentik_stages_authenticator_endpoint_gdtc.authenticatorendpointgdtcstage`
##### `POST` /rbac/permissions/assigned_by_users/&#123;id&#125;/assign/
###### Request:
Changed content type : `application/json`
- Changed property `model` (string)
Added enum values:
- `authentik_sources_kerberos.kerberossource`
- `authentik_sources_kerberos.kerberossourcepropertymapping`
- `authentik_sources_kerberos.userkerberossourceconnection`
- `authentik_sources_kerberos.groupkerberossourceconnection`
- `authentik_stages_authenticator_endpoint_gdtc.authenticatorendpointgdtcstage`
##### `PATCH` /rbac/permissions/assigned_by_users/&#123;id&#125;/unassign/
###### Request:
Changed content type : `application/json`
- Changed property `model` (string)
Added enum values:
- `authentik_sources_kerberos.kerberossource`
- `authentik_sources_kerberos.kerberossourcepropertymapping`
- `authentik_sources_kerberos.userkerberossourceconnection`
- `authentik_sources_kerberos.groupkerberossourceconnection`
- `authentik_stages_authenticator_endpoint_gdtc.authenticatorendpointgdtcstage`
##### `GET` /sources/saml/&#123;slug&#125;/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `name_id_policy` (string)
> NameID Policy sent to the IdP. Can be unset, in which case no Policy is sent.
Added enum value:
- `urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName`
Removed enum value:
- `urn:oasis:names:tc:SAML:2.0:nameid-format:X509SubjectName`
##### `PUT` /sources/saml/&#123;slug&#125;/
###### Request:
Changed content type : `application/json`
- Changed property `name_id_policy` (string)
> NameID Policy sent to the IdP. Can be unset, in which case no Policy is sent.
Added enum value:
- `urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName`
Removed enum value:
- `urn:oasis:names:tc:SAML:2.0:nameid-format:X509SubjectName`
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `name_id_policy` (string)
> NameID Policy sent to the IdP. Can be unset, in which case no Policy is sent.
Added enum value:
- `urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName`
Removed enum value:
- `urn:oasis:names:tc:SAML:2.0:nameid-format:X509SubjectName`
##### `PATCH` /sources/saml/&#123;slug&#125;/
###### Request:
Changed content type : `application/json`
- Changed property `name_id_policy` (string)
> NameID Policy sent to the IdP. Can be unset, in which case no Policy is sent.
Added enum value:
- `urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName`
Removed enum value:
- `urn:oasis:names:tc:SAML:2.0:nameid-format:X509SubjectName`
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `name_id_policy` (string)
> NameID Policy sent to the IdP. Can be unset, in which case no Policy is sent.
Added enum value:
- `urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName`
Removed enum value:
- `urn:oasis:names:tc:SAML:2.0:nameid-format:X509SubjectName`
##### `POST` /core/applications/
###### Return Type:
Changed response : **201 Created**
- Changed content type : `application/json`
- Changed property `provider_obj` (object)
> Provider Serializer
New required properties:
- `invalidation_flow`
* Added property `invalidation_flow` (string)
> Flow used ending the session from a provider.
- Changed property `backchannel_providers_obj` (array)
Changed items (object): > Provider Serializer
New required properties:
- `invalidation_flow`
* Added property `invalidation_flow` (string)
> Flow used ending the session from a provider.
##### `GET` /core/applications/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `results` (array)
Changed items (object): > Application Serializer
- Changed property `provider_obj` (object)
> Provider Serializer
New required properties:
- `invalidation_flow`
* Added property `invalidation_flow` (string)
> Flow used ending the session from a provider.
- Changed property `backchannel_providers_obj` (array)
Changed items (object): > Provider Serializer
New required properties:
- `invalidation_flow`
* Added property `invalidation_flow` (string)
> Flow used ending the session from a provider.
##### `GET` /core/user_consent/&#123;id&#125;/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `application` (object)
> Application Serializer
- Changed property `provider_obj` (object)
> Provider Serializer
New required properties:
- `invalidation_flow`
* Added property `invalidation_flow` (string)
> Flow used ending the session from a provider.
- Changed property `backchannel_providers_obj` (array)
Changed items (object): > Provider Serializer
New required properties:
- `invalidation_flow`
* Added property `invalidation_flow` (string)
> Flow used ending the session from a provider.
##### `GET` /oauth2/access_tokens/&#123;id&#125;/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `provider` (object)
> OAuth2Provider Serializer
New required properties:
- `invalidation_flow`
* Added property `invalidation_flow` (string)
> Flow used ending the session from a provider.
* Added property `encryption_key` (string)
> Key used to encrypt the tokens. When set, tokens will be encrypted and returned as JWEs.
* Changed property `signing_key` (string)
> Key used to sign the tokens.
##### `GET` /oauth2/authorization_codes/&#123;id&#125;/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `provider` (object)
> OAuth2Provider Serializer
New required properties:
- `invalidation_flow`
* Added property `invalidation_flow` (string)
> Flow used ending the session from a provider.
* Added property `encryption_key` (string)
> Key used to encrypt the tokens. When set, tokens will be encrypted and returned as JWEs.
* Changed property `signing_key` (string)
> Key used to sign the tokens.
##### `GET` /oauth2/refresh_tokens/&#123;id&#125;/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `provider` (object)
> OAuth2Provider Serializer
New required properties:
- `invalidation_flow`
* Added property `invalidation_flow` (string)
> Flow used ending the session from a provider.
* Added property `encryption_key` (string)
> Key used to encrypt the tokens. When set, tokens will be encrypted and returned as JWEs.
* Changed property `signing_key` (string)
> Key used to sign the tokens.
##### `POST` /outposts/instances/
###### Return Type:
Changed response : **201 Created**
- Changed content type : `application/json`
- Changed property `providers_obj` (array)
Changed items (object): > Provider Serializer
New required properties:
- `invalidation_flow`
* Added property `invalidation_flow` (string)
> Flow used ending the session from a provider.
##### `GET` /outposts/instances/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `results` (array)
Changed items (object): > Outpost Serializer
- Changed property `providers_obj` (array)
Changed items (object): > Provider Serializer
New required properties:
- `invalidation_flow`
* Added property `invalidation_flow` (string)
> Flow used ending the session from a provider.
##### `GET` /outposts/ldap/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `results` (array)
Changed items (object): > LDAPProvider Serializer
New required properties:
- `unbind_flow_slug`
* Added property `unbind_flow_slug` (string)
> Get slug for unbind flow, defaulting to brand's default flow.
##### `POST` /providers/ldap/
###### Request:
Changed content type : `application/json`
New required properties:
- `invalidation_flow`
* Added property `invalidation_flow` (string)
> Flow used ending the session from a provider.
###### Return Type:
Changed response : **201 Created**
- Changed content type : `application/json`
New required properties:
- `invalidation_flow`
* Added property `invalidation_flow` (string)
> Flow used ending the session from a provider.
##### `GET` /providers/ldap/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `results` (array)
Changed items (object): > LDAPProvider Serializer
New required properties:
- `invalidation_flow`
* Added property `invalidation_flow` (string)
> Flow used ending the session from a provider.
##### `POST` /providers/saml/
###### Request:
Changed content type : `application/json`
New required properties:
- `invalidation_flow`
* Added property `invalidation_flow` (string)
> Flow used ending the session from a provider.
###### Return Type:
Changed response : **201 Created**
- Changed content type : `application/json`
New required properties:
- `invalidation_flow`
* Added property `invalidation_flow` (string)
> Flow used ending the session from a provider.
##### `GET` /providers/saml/
###### Parameters:
Added: `invalidation_flow` in `query`
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `results` (array)
Changed items (object): > SAMLProvider Serializer
New required properties:
- `invalidation_flow`
* Added property `invalidation_flow` (string)
> Flow used ending the session from a provider.
##### `GET` /rac/connection_tokens/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `results` (array)
Changed items (object): > ConnectionToken Serializer
- Changed property `provider_obj` (object)
> RACProvider Serializer
New required properties:
- `invalidation_flow`
* Added property `invalidation_flow` (string)
> Flow used ending the session from a provider.
- Changed property `endpoint_obj` (object)
> Endpoint Serializer
- Changed property `provider_obj` (object)
> RACProvider Serializer
New required properties:
- `invalidation_flow`
* Added property `invalidation_flow` (string)
> Flow used ending the session from a provider.
##### `POST` /rac/endpoints/
###### Return Type:
Changed response : **201 Created**
- Changed content type : `application/json`
- Changed property `provider_obj` (object)
> RACProvider Serializer
New required properties:
- `invalidation_flow`
* Added property `invalidation_flow` (string)
> Flow used ending the session from a provider.
##### `GET` /rac/endpoints/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `results` (array)
Changed items (object): > Endpoint Serializer
- Changed property `provider_obj` (object)
> RACProvider Serializer
New required properties:
- `invalidation_flow`
* Added property `invalidation_flow` (string)
> Flow used ending the session from a provider.
##### `GET` /rbac/permissions/assigned_by_roles/
###### Parameters:
Changed: `model` in `query`
##### `GET` /rbac/permissions/assigned_by_users/
###### Parameters:
Changed: `model` in `query`
##### `POST` /sources/saml/
###### Request:
Changed content type : `application/json`
- Changed property `name_id_policy` (string)
> NameID Policy sent to the IdP. Can be unset, in which case no Policy is sent.
Added enum value:
- `urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName`
Removed enum value:
- `urn:oasis:names:tc:SAML:2.0:nameid-format:X509SubjectName`
###### Return Type:
Changed response : **201 Created**
- Changed content type : `application/json`
- Changed property `name_id_policy` (string)
> NameID Policy sent to the IdP. Can be unset, in which case no Policy is sent.
Added enum value:
- `urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName`
Removed enum value:
- `urn:oasis:names:tc:SAML:2.0:nameid-format:X509SubjectName`
##### `GET` /sources/saml/
###### Parameters:
Changed: `name_id_policy` in `query`
> NameID Policy sent to the IdP. Can be unset, in which case no Policy is sent.
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `results` (array)
Changed items (object): > SAMLSource Serializer
- Changed property `name_id_policy` (string)
> NameID Policy sent to the IdP. Can be unset, in which case no Policy is sent.
Added enum value:
- `urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName`
Removed enum value:
- `urn:oasis:names:tc:SAML:2.0:nameid-format:X509SubjectName`
##### `GET` /stages/identification/&#123;stage_uuid&#125;/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Added property `captcha_stage` (string)
> When set, adds functionality exactly like a Captcha stage, but baked into the Identification stage.
##### `PUT` /stages/identification/&#123;stage_uuid&#125;/
###### Request:
Changed content type : `application/json`
- Added property `captcha_stage` (string)
> When set, adds functionality exactly like a Captcha stage, but baked into the Identification stage.
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Added property `captcha_stage` (string)
> When set, adds functionality exactly like a Captcha stage, but baked into the Identification stage.
##### `PATCH` /stages/identification/&#123;stage_uuid&#125;/
###### Request:
Changed content type : `application/json`
- Added property `captcha_stage` (string)
> When set, adds functionality exactly like a Captcha stage, but baked into the Identification stage.
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Added property `captcha_stage` (string)
> When set, adds functionality exactly like a Captcha stage, but baked into the Identification stage.
##### `GET` /stages/password/&#123;stage_uuid&#125;/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `backends` (array)
> Selection of backends to test the password against.
Changed items (string):
Added enum value:
- `authentik.sources.kerberos.auth.KerberosBackend`
##### `PUT` /stages/password/&#123;stage_uuid&#125;/
###### Request:
Changed content type : `application/json`
- Changed property `backends` (array)
> Selection of backends to test the password against.
Changed items (string):
Added enum value:
- `authentik.sources.kerberos.auth.KerberosBackend`
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `backends` (array)
> Selection of backends to test the password against.
Changed items (string):
Added enum value:
- `authentik.sources.kerberos.auth.KerberosBackend`
##### `PATCH` /stages/password/&#123;stage_uuid&#125;/
###### Request:
Changed content type : `application/json`
- Changed property `backends` (array)
> Selection of backends to test the password against.
Changed items (string):
Added enum value:
- `authentik.sources.kerberos.auth.KerberosBackend`
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `backends` (array)
> Selection of backends to test the password against.
Changed items (string):
Added enum value:
- `authentik.sources.kerberos.auth.KerberosBackend`
##### `PUT` /core/transactional/applications/
###### Request:
Changed content type : `application/json`
- Changed property `provider` (object)
Updated `authentik_providers_oauth2.oauth2provider` provider_model:
New required properties:
- `invalidation_flow`
* Added property `invalidation_flow` (string)
> Flow used ending the session from a provider.
* Added property `encryption_key` (string)
> Key used to encrypt the tokens. When set, tokens will be encrypted and returned as JWEs.
* Changed property `signing_key` (string)
> Key used to sign the tokens.
Updated `authentik_providers_radius.radiusprovider` provider_model:
New required properties:
- `invalidation_flow`
* Added property `invalidation_flow` (string)
> Flow used ending the session from a provider.
Updated `authentik_providers_scim.scimprovider` provider_model:
- Added property `verify_certificates` (boolean)
Updated `authentik_providers_proxy.proxyprovider` provider_model:
New required properties:
- `invalidation_flow`
* Added property `invalidation_flow` (string)
> Flow used ending the session from a provider.
Updated `authentik_providers_rac.racprovider` provider_model:
New required properties:
- `invalidation_flow`
* Added property `invalidation_flow` (string)
> Flow used ending the session from a provider.
Updated `authentik_providers_saml.samlprovider` provider_model:
New required properties:
- `invalidation_flow`
* Added property `invalidation_flow` (string)
> Flow used ending the session from a provider.
Updated `authentik_providers_ldap.ldapprovider` provider_model:
New required properties:
- `invalidation_flow`
* Added property `invalidation_flow` (string)
> Flow used ending the session from a provider.
##### `GET` /core/user_consent/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `results` (array)
Changed items (object): > UserConsent Serializer
- Changed property `application` (object)
> Application Serializer
- Changed property `provider_obj` (object)
> Provider Serializer
New required properties:
- `invalidation_flow`
* Added property `invalidation_flow` (string)
> Flow used ending the session from a provider.
- Changed property `backchannel_providers_obj` (array)
Changed items (object): > Provider Serializer
New required properties:
- `invalidation_flow`
* Added property `invalidation_flow` (string)
> Flow used ending the session from a provider.
##### `GET` /flows/executor/&#123;flow_slug&#125;/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
Added 'ak-stage-session-end' component:
- Property `flow_info` (object)
> Contextual flow information for a challenge
- Property `title` (string)
- Property `background` (string)
- Property `cancel_url` (string)
- Property `layout` (string)
Enum values:
- `stacked`
- `content_left`
- `content_right`
- `sidebar_left`
- `sidebar_right`
- Property `component` (string)
- Property `response_errors` (object)
- Property `pending_user` (string)
- Property `pending_user_avatar` (string)
- Property `application_name` (string)
- Property `application_launch_url` (string)
- Property `invalidation_flow_url` (string)
- Property `brand_name` (string)
Added 'xak-flow-frame' component:
- Property `flow_info` (object)
> Contextual flow information for a challenge
- Property `component` (string)
- Property `response_errors` (object)
- Property `url` (string)
- Property `loading_overlay` (boolean)
- Property `loading_text` (string)
Updated `ak-stage-authenticator-validate` component:
- Changed property `device_challenges` (array)
Changed items (object): > Single device challenge
New required properties:
- `last_used`
* Added property `last_used` (string)
Updated `ak-stage-identification` component:
- Added property `captcha_stage` (object)
> Site public key
- Property `flow_info` (object)
> Contextual flow information for a challenge
- Property `component` (string)
- Property `response_errors` (object)
- Property `pending_user` (string)
- Property `pending_user_avatar` (string)
- Property `site_key` (string)
- Property `js_url` (string)
##### `POST` /flows/executor/&#123;flow_slug&#125;/
###### Request:
Changed content type : `application/json`
Added 'xak-flow-frame' component:
- Property `component` (string)
Updated `ak-stage-identification` component:
- Added property `captcha_token` (string)
Updated `ak-stage-authenticator-validate` component:
- Changed property `selected_challenge` (object)
> Single device challenge
New required properties:
- `last_used`
* Added property `last_used` (string)
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
Added 'ak-stage-session-end' component:
Added 'xak-flow-frame' component:
Updated `ak-stage-authenticator-validate` component:
- Changed property `device_challenges` (array)
Changed items (object): > Single device challenge
New required properties:
- `last_used`
* Added property `last_used` (string)
Updated `ak-stage-identification` component:
- Added property `captcha_stage` (object)
> Site public key
##### `GET` /oauth2/access_tokens/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `results` (array)
Changed items (object): > Serializer for BaseGrantModel and RefreshToken
- Changed property `provider` (object)
> OAuth2Provider Serializer
New required properties:
- `invalidation_flow`
* Added property `invalidation_flow` (string)
> Flow used ending the session from a provider.
* Added property `encryption_key` (string)
> Key used to encrypt the tokens. When set, tokens will be encrypted and returned as JWEs.
* Changed property `signing_key` (string)
> Key used to sign the tokens.
##### `GET` /oauth2/authorization_codes/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `results` (array)
Changed items (object): > Serializer for BaseGrantModel and ExpiringBaseGrant
- Changed property `provider` (object)
> OAuth2Provider Serializer
New required properties:
- `invalidation_flow`
* Added property `invalidation_flow` (string)
> Flow used ending the session from a provider.
* Added property `encryption_key` (string)
> Key used to encrypt the tokens. When set, tokens will be encrypted and returned as JWEs.
* Changed property `signing_key` (string)
> Key used to sign the tokens.
##### `GET` /oauth2/refresh_tokens/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `results` (array)
Changed items (object): > Serializer for BaseGrantModel and RefreshToken
- Changed property `provider` (object)
> OAuth2Provider Serializer
New required properties:
- `invalidation_flow`
* Added property `invalidation_flow` (string)
> Flow used ending the session from a provider.
* Added property `encryption_key` (string)
> Key used to encrypt the tokens. When set, tokens will be encrypted and returned as JWEs.
* Changed property `signing_key` (string)
> Key used to sign the tokens.
##### `POST` /stages/identification/
###### Request:
Changed content type : `application/json`
- Added property `captcha_stage` (string)
> When set, adds functionality exactly like a Captcha stage, but baked into the Identification stage.
###### Return Type:
Changed response : **201 Created**
- Changed content type : `application/json`
- Added property `captcha_stage` (string)
> When set, adds functionality exactly like a Captcha stage, but baked into the Identification stage.
##### `GET` /stages/identification/
###### Parameters:
Added: `captcha_stage` in `query`
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `results` (array)
Changed items (object): > IdentificationStage Serializer
- Added property `captcha_stage` (string)
> When set, adds functionality exactly like a Captcha stage, but baked into the Identification stage.
##### `POST` /stages/password/
###### Request:
Changed content type : `application/json`
- Changed property `backends` (array)
> Selection of backends to test the password against.
Changed items (string):
Added enum value:
- `authentik.sources.kerberos.auth.KerberosBackend`
###### Return Type:
Changed response : **201 Created**
- Changed content type : `application/json`
- Changed property `backends` (array)
> Selection of backends to test the password against.
Changed items (string):
Added enum value:
- `authentik.sources.kerberos.auth.KerberosBackend`
##### `GET` /stages/password/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `results` (array)
Changed items (object): > PasswordStage Serializer
- Changed property `backends` (array)
> Selection of backends to test the password against.
Changed items (string):
Added enum value:
- `authentik.sources.kerberos.auth.KerberosBackend`
### API Changes in 2024.10.1
#### What's Changed
---
##### `GET` /providers/rac/&#123;id&#125;/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
New optional properties:
- `invalidation_flow`
* Deleted property `invalidation_flow` (string)
> Flow used ending the session from a provider.
##### `PUT` /providers/rac/&#123;id&#125;/
###### Request:
Changed content type : `application/json`
New optional properties:
- `invalidation_flow`
* Deleted property `invalidation_flow` (string)
> Flow used ending the session from a provider.
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
New optional properties:
- `invalidation_flow`
* Deleted property `invalidation_flow` (string)
> Flow used ending the session from a provider.
##### `PATCH` /providers/rac/&#123;id&#125;/
###### Request:
Changed content type : `application/json`
- Deleted property `invalidation_flow` (string)
> Flow used ending the session from a provider.
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
New optional properties:
- `invalidation_flow`
* Deleted property `invalidation_flow` (string)
> Flow used ending the session from a provider.
##### `POST` /providers/rac/
###### Request:
Changed content type : `application/json`
New optional properties:
- `invalidation_flow`
* Deleted property `invalidation_flow` (string)
> Flow used ending the session from a provider.
###### Return Type:
Changed response : **201 Created**
- Changed content type : `application/json`
New optional properties:
- `invalidation_flow`
* Deleted property `invalidation_flow` (string)
> Flow used ending the session from a provider.
##### `GET` /providers/rac/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `results` (array)
Changed items (object): > RACProvider Serializer
New optional properties:
- `invalidation_flow`
* Deleted property `invalidation_flow` (string)
> Flow used ending the session from a provider.
##### `GET` /rac/connection_tokens/&#123;connection_token_uuid&#125;/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `provider_obj` (object)
> RACProvider Serializer
New optional properties:
- `invalidation_flow`
* Deleted property `invalidation_flow` (string)
> Flow used ending the session from a provider.
- Changed property `endpoint_obj` (object)
> Endpoint Serializer
- Changed property `provider_obj` (object)
> RACProvider Serializer
New optional properties:
- `invalidation_flow`
* Deleted property `invalidation_flow` (string)
> Flow used ending the session from a provider.
##### `PUT` /rac/connection_tokens/&#123;connection_token_uuid&#125;/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `provider_obj` (object)
> RACProvider Serializer
New optional properties:
- `invalidation_flow`
* Deleted property `invalidation_flow` (string)
> Flow used ending the session from a provider.
- Changed property `endpoint_obj` (object)
> Endpoint Serializer
- Changed property `provider_obj` (object)
> RACProvider Serializer
New optional properties:
- `invalidation_flow`
* Deleted property `invalidation_flow` (string)
> Flow used ending the session from a provider.
##### `PATCH` /rac/connection_tokens/&#123;connection_token_uuid&#125;/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `provider_obj` (object)
> RACProvider Serializer
New optional properties:
- `invalidation_flow`
* Deleted property `invalidation_flow` (string)
> Flow used ending the session from a provider.
- Changed property `endpoint_obj` (object)
> Endpoint Serializer
- Changed property `provider_obj` (object)
> RACProvider Serializer
New optional properties:
- `invalidation_flow`
* Deleted property `invalidation_flow` (string)
> Flow used ending the session from a provider.
##### `GET` /rac/endpoints/&#123;pbm_uuid&#125;/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `provider_obj` (object)
> RACProvider Serializer
New optional properties:
- `invalidation_flow`
* Deleted property `invalidation_flow` (string)
> Flow used ending the session from a provider.
##### `PUT` /rac/endpoints/&#123;pbm_uuid&#125;/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `provider_obj` (object)
> RACProvider Serializer
New optional properties:
- `invalidation_flow`
* Deleted property `invalidation_flow` (string)
> Flow used ending the session from a provider.
##### `PATCH` /rac/endpoints/&#123;pbm_uuid&#125;/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `provider_obj` (object)
> RACProvider Serializer
New optional properties:
- `invalidation_flow`
* Deleted property `invalidation_flow` (string)
> Flow used ending the session from a provider.
##### `GET` /sources/kerberos/&#123;slug&#125;/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `spnego_server_name` (string)
> Force the use of a specific server name for SPNEGO. Must be in the form HTTP@hostname
##### `PUT` /sources/kerberos/&#123;slug&#125;/
###### Request:
Changed content type : `application/json`
- Changed property `spnego_server_name` (string)
> Force the use of a specific server name for SPNEGO. Must be in the form HTTP@hostname
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `spnego_server_name` (string)
> Force the use of a specific server name for SPNEGO. Must be in the form HTTP@hostname
##### `PATCH` /sources/kerberos/&#123;slug&#125;/
###### Request:
Changed content type : `application/json`
- Changed property `spnego_server_name` (string)
> Force the use of a specific server name for SPNEGO. Must be in the form HTTP@hostname
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `spnego_server_name` (string)
> Force the use of a specific server name for SPNEGO. Must be in the form HTTP@hostname
##### `GET` /rac/connection_tokens/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `results` (array)
Changed items (object): > ConnectionToken Serializer
- Changed property `provider_obj` (object)
> RACProvider Serializer
New optional properties:
- `invalidation_flow`
* Deleted property `invalidation_flow` (string)
> Flow used ending the session from a provider.
- Changed property `endpoint_obj` (object)
> Endpoint Serializer
- Changed property `provider_obj` (object)
> RACProvider Serializer
New optional properties:
- `invalidation_flow`
* Deleted property `invalidation_flow` (string)
> Flow used ending the session from a provider.
##### `POST` /rac/endpoints/
###### Return Type:
Changed response : **201 Created**
- Changed content type : `application/json`
- Changed property `provider_obj` (object)
> RACProvider Serializer
New optional properties:
- `invalidation_flow`
* Deleted property `invalidation_flow` (string)
> Flow used ending the session from a provider.
##### `GET` /rac/endpoints/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `results` (array)
Changed items (object): > Endpoint Serializer
- Changed property `provider_obj` (object)
> RACProvider Serializer
New optional properties:
- `invalidation_flow`
* Deleted property `invalidation_flow` (string)
> Flow used ending the session from a provider.
##### `POST` /sources/kerberos/
###### Request:
Changed content type : `application/json`
- Changed property `spnego_server_name` (string)
> Force the use of a specific server name for SPNEGO. Must be in the form HTTP@hostname
###### Return Type:
Changed response : **201 Created**
- Changed content type : `application/json`
- Changed property `spnego_server_name` (string)
> Force the use of a specific server name for SPNEGO. Must be in the form HTTP@hostname
##### `GET` /sources/kerberos/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `results` (array)
Changed items (object): > Kerberos Source Serializer
- Changed property `spnego_server_name` (string)
> Force the use of a specific server name for SPNEGO. Must be in the form HTTP@hostname
##### `PUT` /core/transactional/applications/
###### Request:
Changed content type : `application/json`
- Changed property `provider` (object)
Updated `authentik_providers_rac.racprovider` provider_model:
New optional properties:
- `invalidation_flow`
* Deleted property `invalidation_flow` (string)
> Flow used ending the session from a provider.
### API Changes in 2024.10.2
#### What's Changed
---
##### `GET` /stages/captcha/&#123;stage_uuid&#125;/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Added property `interactive` (boolean)
##### `PUT` /stages/captcha/&#123;stage_uuid&#125;/
###### Request:
Changed content type : `application/json`
- Added property `interactive` (boolean)
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Added property `interactive` (boolean)
##### `PATCH` /stages/captcha/&#123;stage_uuid&#125;/
###### Request:
Changed content type : `application/json`
- Added property `interactive` (boolean)
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Added property `interactive` (boolean)
##### `GET` /flows/executor/&#123;flow_slug&#125;/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
Updated `ak-stage-captcha` component:
New required properties:
- `interactive`
* Added property `interactive` (boolean)
##### `POST` /flows/executor/&#123;flow_slug&#125;/
###### Request:
Changed content type : `application/json`
Updated `ak-provider-oauth2-device-code` component:
- Changed property `code` (integer -> string)
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
Updated `ak-stage-captcha` component:
New required properties:
- `interactive`
* Added property `interactive` (boolean)
##### `POST` /stages/captcha/
###### Request:
Changed content type : `application/json`
- Added property `interactive` (boolean)
###### Return Type:
Changed response : **201 Created**
- Changed content type : `application/json`
- Added property `interactive` (boolean)
##### `GET` /stages/captcha/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `results` (array)
Changed items (object): > CaptchaStage Serializer
- Added property `interactive` (boolean)
Reference in New Issue View Git Blame Copy Permalink