53 KiB
title | slug |
---|---|
Release 2024.12 | /releases/2024.12 |
Highlights
- Redirect stage Conditionally redirect users to other flows and URLs.
- Application entitlements Preview Additional granular permission configuration on an application-level basis.
- CloudFormation Preview One-click deploy on AWS.
- Policies in the application wizard Configure access restriction while creating an application.
Breaking changes
-
Impersonation now requires providing a reason
You can disable this behavior in the Admin interface under System > Settings.
-
Deprecated PostgreSQL
USE_PGBOUNCER
andUSE_PGPOOL
settingsWith this release, the
AUTHENTIK_POSTGRESQL__USE_PGBOUNCER
andAUTHENTIK_POSTGRESQL__USE_PGPOOL
settings have been deprecated in favor of exposing the underlying database settings:AUTHENTIK_POSTGRESQL__CONN_MAX_AGE
andAUTHENTIK_POSTGRESQL__DISABLE_SERVER_SIDE_CURSORS
.If you are using PgBouncer or PgPool as connection poolers and wish to maintain the same behavior as previous versions,
AUTHENTIK_POSTGRESQL__DISABLE_SERVER_SIDE_CURSORS
must be set totrue
. Moreover, if you are using PgBouncerAUTHENTIK_POSTGRESQL__CONN_MAX_AGE
must be set tonull
.The newly exposed settings allow supporting a wider set of connection pooler configurations. For details on how these settings interact with different configurations of connection poolers, please refer to the PostgreSQL documentation.
These settings will be removed in a future version.
New features
-
Redirect stage
This new stage allows redirecting a user to another flow or external URL. This allows for dynamically choosing which flow runs depending on user attributes or other factors, or redirection to another URL.
-
Application entitlements Preview
Centrally configure permissions by granting entitlements to groups and users on an application-level basis.
-
Policies in the application wizard
In the application creation wizard, administrators can now configure policies bindings along with the other application settings.
-
CloudFormation Preview
Deploy authentik in your own AWS environment with one click using our new AWS CloudFormation template.
-
OAuth2 provider federation
Configure OAuth2 provider federation to allow exchanging authentication tokens between multiple providers.
-
Silent authorization flow
When authorization flows don't require user interaction, authentik redirects the user directly back to the application, improving user experience.
Upgrading
This release does not introduce any new requirements. You can follow the upgrade instructions below; for more detailed information about upgrading authentik, refer to our Upgrade documentation.
:::warning When you upgrade, be aware that the version of the authentik instance and of any outposts must be the same. We recommended that you always upgrade any outposts at the same time you upgrade your authentik instance. :::
Docker Compose
To upgrade, download the new docker-compose file and update the Docker stack with the new version, using these commands:
wget -O docker-compose.yml https://goauthentik.io/version/2024.12/docker-compose.yml
docker compose up -d
The -O
flag retains the downloaded file's name, overwriting any existing local file with the same name.
Kubernetes
Upgrade the Helm Chart to the new version, using the following commands:
helm repo update
helm upgrade authentik authentik/authentik -f values.yaml --version ^2024.12
Minor changes/fixes
- blueprints: add AtIndex tag (#12386)
- blueprints: add default Password policy (#11793)
- core: add
None
check to a device'sextra_description
(#11904) - core: add ability to provide reason for impersonation (#11951)
- core: add support to set policy bindings in transactional endpoint (#10399)
- core: app entitlements (#12090)
- core: fix source_flow_manager throwing error when authenticated user attempts to re-authenticate with existing link (#12080)
- core: use versioned_script for path only (#12003)
- crypto: validate that generated certificate's name is unique (#12015)
- enterprise/rac: fix API Schema for invalidation_flow (#11907)
- enterprise/stages/authenticator_endpoint_gdtc: don't set frame options globally (#12311)
- enterprise: allow deletion/modification of users when in read-only mode (#12289)
- events: notification_cleanup: avoid unnecessary loop (cherry-pick #12417) (#12418)
- flows: better test stage's challenge responses (#12316)
- flows: silent authz flow (#12213)
- internal: add CSP header to files in
/media
(#12092) - lifecycle: fix ak exit status not being passed (#12024)
- lifecycle: fix kdc5-config missing (#11826)
- lifecycle: fix missing krb5 deps for full testing in image (#11815)
- providers/ldap: fix global search_full_directory permission not being sufficient (#12028)
- providers/oauth2: Add provider federation between OAuth2 Providers (#12083)
- providers/oauth2: allow m2m for JWKS without alg in keys (#12196)
- providers/oauth2: fix manual device code entry (#12017)
- providers/oauth2: fix migration (#12138)
- providers/oauth2: fix migration dependencies (#12123)
- providers/oauth2: fix redirect uri input (#12122)
- providers/oauth2: fix size limited index for tokens (#11879)
- providers/oauth2: make session deletion cascade to tokens (#12343)
- providers/proxy: fix Issuer when AUTHENTIK_HOST_BROWSER is set (#11968)
- providers/proxy: fix redirect_uri (#12121)
- providers/scim: accept string and int for SCIM IDs (#12093)
- rbac: fix incorrect object_description for object-level permissions (#12029)
- root: check remote IP for proxy protocol same as HTTP/etc (#12094)
- root: expose CONN_MAX_AGE, CONN_HEALTH_CHECKS and DISABLE_SERVER_SIDE_CURSORS for PostgreSQL config (cherry-pick #10159) (#12419)
- root: fix activation of locale not being scoped (#12091)
- root: fix database ssl options not set correctly (#12180)
- root: fix health status code (#12255)
- root: fix missing entries in codeowners (#12369)
- root: fix override locale only if it is not empty (#12283)
- root: fix ssl settings for read replicas not being applied (#12341)
- root: lock setuptools to prevent docker install issue
- root: support running authentik in subpath (#8675)
- root: use healthcheck in depends_on for postgres and redis (#12301)
- security: fix CVE 2024 52287 (#12114)
- security: fix CVE 2024 52289 (#12113)
- security: fix CVE 2024 52307 (#12115)
- sources/kerberos: add kadmin type setting, provide additional context to property mappings (#12286)
- sources/kerberos: add kiprop to ignored system principals (#11852)
- sources/kerberos: use new python-kadmin implementation (#11932)
- sources/oauth: allow creation of user connection objects with parameters (#12195)
- sources/saml: fix redirect not kept through SAML Source (#12372)
- stages/captcha: Run interactive captcha in Frame (#11857)
- stages/identification: fix invalid challenge warning when no captcha stage is set (#12312)
- stages/password: use recovery flow from brand (#11953)
- stages/redirect: create redirect stage (#12275)
- web/admin: add application bindings to the application wizard (#11462)
- web/admin: auto-prefill user path for new users based on selected path (#12070)
- web/admin: better footer links (#12004)
- web/admin: bugfix: dual select initialization revision (#12051)
- web/admin: fix brand title not respected in application list (#12068)
- web/admin: fix code-based MFA toggle not working in wizard (#11854)
- web/admin: fix prompt stage wording (#12384)
- web/admin: provide default invalidation flows for LDAP and Radius (#11861)
- web/flows: fix invisible captcha call (#12048)
- web/flows: resize captcha iframes (#12260)
- web/flows: update flow background (#12339)
- web: add italian locale (#11958)
- web: backport fix impersonate api (#12184)
- web: fix bug that prevented error reporting in current wizard. (#12033)
- web: fix missing status code on failed build (#11903)
- web: simplify
?inline
handler for Storybook (#12246) - web: update tests for Chromedriver 131 (#12199)
Fixed in 2024.12.1
- internal: fix URL generation for websocket connection (cherry-pick #12439) (#12440)
- website/docs: add content about bindings (cherry-pick #11787) (#12428)
- website/docs: add new section about impersonation (cherry-pick #12328) (#12424)
Fixed in 2024.12.2
- core: fix error when creating new user with default path (cherry-pick #12609) (#12612)
- internal: fix missing trailing slash in outpost websocket (cherry-pick #12470) (#12471)
- providers/saml: fix invalid SAML Response when assertion and response are signed (cherry-pick #12611) (#12613)
- rbac: permissions endpoint: allow authenticated users (cherry-pick #12608) (#12610)
- sources/kerberos: authenticate with the user's username instead of the first username in authentik (cherry-pick #12497) (#12579)
- web: fix source selection and outpost integration health (#12530)
API Changes
What's New
GET
/core/application_entitlements/
POST
/core/application_entitlements/
GET
/core/application_entitlements/{pbm_uuid}/
PUT
/core/application_entitlements/{pbm_uuid}/
DELETE
/core/application_entitlements/{pbm_uuid}/
PATCH
/core/application_entitlements/{pbm_uuid}/
GET
/core/application_entitlements/{pbm_uuid}/used_by/
GET
/stages/redirect/
POST
/stages/redirect/
GET
/stages/redirect/{stage_uuid}/
PUT
/stages/redirect/{stage_uuid}/
DELETE
/stages/redirect/{stage_uuid}/
PATCH
/stages/redirect/{stage_uuid}/
GET
/stages/redirect/{stage_uuid}/used_by/
What's Changed
GET
/admin/settings/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
- Added property
impersonation_require_reason
(boolean)Require administrators to provide a reason for impersonating a user.
- Added property
PUT
/admin/settings/
Request:
Changed content type : application/json
- Added property
impersonation_require_reason
(boolean)Require administrators to provide a reason for impersonating a user.
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
- Added property
impersonation_require_reason
(boolean)Require administrators to provide a reason for impersonating a user.
- Added property
PATCH
/admin/settings/
Request:
Changed content type : application/json
- Added property
impersonation_require_reason
(boolean)Require administrators to provide a reason for impersonating a user.
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
- Added property
impersonation_require_reason
(boolean)Require administrators to provide a reason for impersonating a user.
- Added property
POST
/core/users/{id}/impersonate/
Request:
New content type : application/json
GET
/policies/event_matcher/{policy_uuid}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
app
(string)Match events created by selected application. When left empty, all applications are matched.
Added enum value:
authentik.stages.redirect
-
Changed property
model
(string)Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched.
Added enum values:
authentik_stages_redirect.redirectstage
authentik_core.applicationentitlement
-
PUT
/policies/event_matcher/{policy_uuid}/
Request:
Changed content type : application/json
-
Changed property
app
(string)Match events created by selected application. When left empty, all applications are matched.
Added enum value:
authentik.stages.redirect
-
Changed property
model
(string)Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched.
Added enum values:
authentik_stages_redirect.redirectstage
authentik_core.applicationentitlement
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
app
(string)Match events created by selected application. When left empty, all applications are matched.
Added enum value:
authentik.stages.redirect
-
Changed property
model
(string)Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched.
Added enum values:
authentik_stages_redirect.redirectstage
authentik_core.applicationentitlement
-
PATCH
/policies/event_matcher/{policy_uuid}/
Request:
Changed content type : application/json
-
Changed property
app
(string)Match events created by selected application. When left empty, all applications are matched.
Added enum value:
authentik.stages.redirect
-
Changed property
model
(string)Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched.
Added enum values:
authentik_stages_redirect.redirectstage
authentik_core.applicationentitlement
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
app
(string)Match events created by selected application. When left empty, all applications are matched.
Added enum value:
authentik.stages.redirect
-
Changed property
model
(string)Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched.
Added enum values:
authentik_stages_redirect.redirectstage
authentik_core.applicationentitlement
-
GET
/sources/group_connections/kerberos/{id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
New required properties:
source_obj
-
Added property
source_obj
(object)-
Property
pk
(string) -
Property
name
(string)Source's display Name.
-
Property
slug
(string)Internal source name, used in URLs.
-
Property
enabled
(boolean) -
Property
authentication_flow
(string)Flow to use when authenticating existing users.
-
Property
enrollment_flow
(string)Flow to use when enrolling new users.
-
Property
user_property_mappings
(array)Items (string):
-
Property
group_property_mappings
(array) -
Property
component
(string)Get object component so that we know how to edit the object
-
Property
verbose_name
(string)Return object's verbose_name
-
Property
verbose_name_plural
(string)Return object's plural verbose_name
-
Property
meta_model_name
(string)Return internal model name
-
Property
policy_engine_mode
(string)Enum values:
all
any
-
Property
user_matching_mode
(string)How the source determines if an existing user should be authenticated or a new user enrolled.
Enum values:
identifier
email_link
email_deny
username_link
username_deny
-
Property
managed
(string)Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update.
-
Property
user_path_template
(string) -
Property
icon
(string)Get the URL to the Icon. If the name is /static or starts with http it is returned as-is
-
-
Changed property
group
(string) -
Changed property
source
(object -> string) -
Changed property
identifier
(string)
PUT
/sources/group_connections/kerberos/{id}/
Request:
New content type : application/json
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
New required properties:
source_obj
-
Added property
source_obj
(object) -
Changed property
group
(string) -
Changed property
source
(object -> string) -
Changed property
identifier
(string)
PATCH
/sources/group_connections/kerberos/{id}/
Request:
New content type : application/json
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
New required properties:
source_obj
-
Added property
source_obj
(object) -
Changed property
group
(string) -
Changed property
source
(object -> string) -
Changed property
identifier
(string)
GET
/sources/group_connections/oauth/{id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
New required properties:
source_obj
-
Added property
source_obj
(object) -
Changed property
group
(string) -
Changed property
source
(object -> string) -
Changed property
identifier
(string)
PUT
/sources/group_connections/oauth/{id}/
Request:
New content type : application/json
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
New required properties:
source_obj
-
Added property
source_obj
(object) -
Changed property
group
(string) -
Changed property
source
(object -> string) -
Changed property
identifier
(string)
PATCH
/sources/group_connections/oauth/{id}/
Request:
New content type : application/json
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
New required properties:
source_obj
-
Added property
source_obj
(object) -
Changed property
group
(string) -
Changed property
source
(object -> string) -
Changed property
identifier
(string)
GET
/sources/group_connections/plex/{id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
New required properties:
source_obj
-
Added property
source_obj
(object) -
Changed property
group
(string) -
Changed property
source
(object -> string) -
Changed property
identifier
(string)
PUT
/sources/group_connections/plex/{id}/
Request:
New content type : application/json
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
New required properties:
source_obj
-
Added property
source_obj
(object) -
Changed property
group
(string) -
Changed property
source
(object -> string) -
Changed property
identifier
(string)
PATCH
/sources/group_connections/plex/{id}/
Request:
New content type : application/json
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
New required properties:
source_obj
-
Added property
source_obj
(object) -
Changed property
group
(string) -
Changed property
source
(object -> string) -
Changed property
identifier
(string)
GET
/sources/group_connections/saml/{id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
New required properties:
source_obj
-
Added property
source_obj
(object) -
Changed property
group
(string) -
Changed property
source
(object -> string) -
Changed property
identifier
(string)
PUT
/sources/group_connections/saml/{id}/
Request:
New content type : application/json
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
New required properties:
source_obj
-
Added property
source_obj
(object) -
Changed property
group
(string) -
Changed property
source
(object -> string) -
Changed property
identifier
(string)
PATCH
/sources/group_connections/saml/{id}/
Request:
New content type : application/json
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
New required properties:
source_obj
-
Added property
source_obj
(object) -
Changed property
group
(string) -
Changed property
source
(object -> string) -
Changed property
identifier
(string)
GET
/sources/user_connections/all/{id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
New required properties:
source_obj
-
Added property
source_obj
(object) -
Changed property
user
(integer) -
Changed property
source
(object -> string)
PUT
/sources/user_connections/all/{id}/
Request:
New content type : application/json
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
New required properties:
source_obj
-
Added property
source_obj
(object) -
Changed property
user
(integer) -
Changed property
source
(object -> string)
PATCH
/sources/user_connections/all/{id}/
Request:
New content type : application/json
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
New required properties:
source_obj
-
Added property
source_obj
(object) -
Changed property
user
(integer) -
Changed property
source
(object -> string)
GET
/sources/user_connections/kerberos/{id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
New required properties:
source_obj
-
Added property
source_obj
(object) -
Changed property
source
(object -> string)
PUT
/sources/user_connections/kerberos/{id}/
Request:
Changed content type : application/json
New required properties:
source
- Added property
source
(string)
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
New required properties:
source_obj
-
Added property
source_obj
(object) -
Changed property
source
(object -> string)
PATCH
/sources/user_connections/kerberos/{id}/
Request:
Changed content type : application/json
- Added property
source
(string)
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
New required properties:
source_obj
-
Added property
source_obj
(object) -
Changed property
source
(object -> string)
GET
/sources/user_connections/oauth/{id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
New required properties:
source_obj
-
Added property
source_obj
(object) -
Changed property
user
(integer) -
Changed property
source
(object -> string)
PUT
/sources/user_connections/oauth/{id}/
Request:
Changed content type : application/json
New required properties:
source
user
-
Added property
user
(integer) -
Added property
source
(string)
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
New required properties:
source_obj
-
Added property
source_obj
(object) -
Changed property
user
(integer) -
Changed property
source
(object -> string)
PATCH
/sources/user_connections/oauth/{id}/
Request:
Changed content type : application/json
-
Added property
user
(integer) -
Added property
source
(string)
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
New required properties:
source_obj
-
Added property
source_obj
(object) -
Changed property
user
(integer) -
Changed property
source
(object -> string)
GET
/sources/user_connections/plex/{id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
New required properties:
source_obj
-
Added property
source_obj
(object) -
Changed property
user
(integer) -
Changed property
source
(object -> string)
PUT
/sources/user_connections/plex/{id}/
Request:
Changed content type : application/json
New required properties:
source
user
-
Added property
user
(integer) -
Added property
source
(string)
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
New required properties:
source_obj
-
Added property
source_obj
(object) -
Changed property
user
(integer) -
Changed property
source
(object -> string)
PATCH
/sources/user_connections/plex/{id}/
Request:
Changed content type : application/json
-
Added property
user
(integer) -
Added property
source
(string)
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
New required properties:
source_obj
-
Added property
source_obj
(object) -
Changed property
user
(integer) -
Changed property
source
(object -> string)
GET
/sources/user_connections/saml/{id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
New required properties:
source_obj
-
Added property
source_obj
(object) -
Changed property
user
(integer) -
Changed property
source
(object -> string)
PUT
/sources/user_connections/saml/{id}/
Request:
Changed content type : application/json
New required properties:
source
user
-
Added property
user
(integer) -
Added property
source
(string)
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
New required properties:
source_obj
-
Added property
source_obj
(object) -
Changed property
user
(integer) -
Changed property
source
(object -> string)
PATCH
/sources/user_connections/saml/{id}/
Request:
Changed content type : application/json
-
Added property
user
(integer) -
Added property
source
(string)
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
New required properties:
source_obj
-
Added property
source_obj
(object) -
Changed property
user
(integer) -
Changed property
source
(object -> string)
GET
/flows/instances/{slug}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
authentication
(string)Required level of authentication and authorization to access a flow.
Added enum value:
require_redirect
-
PUT
/flows/instances/{slug}/
Request:
Changed content type : application/json
-
Changed property
authentication
(string)Required level of authentication and authorization to access a flow.
Added enum value:
require_redirect
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
authentication
(string)Required level of authentication and authorization to access a flow.
Added enum value:
require_redirect
-
PATCH
/flows/instances/{slug}/
Request:
Changed content type : application/json
-
Changed property
authentication
(string)Required level of authentication and authorization to access a flow.
Added enum value:
require_redirect
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
authentication
(string)Required level of authentication and authorization to access a flow.
Added enum value:
require_redirect
-
POST
/policies/event_matcher/
Request:
Changed content type : application/json
-
Changed property
app
(string)Match events created by selected application. When left empty, all applications are matched.
Added enum value:
authentik.stages.redirect
-
Changed property
model
(string)Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched.
Added enum values:
authentik_stages_redirect.redirectstage
authentik_core.applicationentitlement
Return Type:
Changed response : 201 Created
-
Changed content type :
application/json
-
Changed property
app
(string)Match events created by selected application. When left empty, all applications are matched.
Added enum value:
authentik.stages.redirect
-
Changed property
model
(string)Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched.
Added enum values:
authentik_stages_redirect.redirectstage
authentik_core.applicationentitlement
-
GET
/policies/event_matcher/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > Event Matcher Policy Serializer
-
Changed property
app
(string)Match events created by selected application. When left empty, all applications are matched.
Added enum value:
authentik.stages.redirect
-
Changed property
model
(string)Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched.
Added enum values:
authentik_stages_redirect.redirectstage
authentik_core.applicationentitlement
-
-
POST
/rbac/permissions/assigned_by_roles/{uuid}/assign/
Request:
Changed content type : application/json
-
Changed property
model
(string)Added enum values:
authentik_stages_redirect.redirectstage
authentik_core.applicationentitlement
PATCH
/rbac/permissions/assigned_by_roles/{uuid}/unassign/
Request:
Changed content type : application/json
-
Changed property
model
(string)Added enum values:
authentik_stages_redirect.redirectstage
authentik_core.applicationentitlement
POST
/rbac/permissions/assigned_by_users/{id}/assign/
Request:
Changed content type : application/json
-
Changed property
model
(string)Added enum values:
authentik_stages_redirect.redirectstage
authentik_core.applicationentitlement
PATCH
/rbac/permissions/assigned_by_users/{id}/unassign/
Request:
Changed content type : application/json
-
Changed property
model
(string)Added enum values:
authentik_stages_redirect.redirectstage
authentik_core.applicationentitlement
GET
/sources/group_connections/kerberos/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > OAuth Group-Source connection Serializer
New required properties:
source_obj
-
Added property
source_obj
(object) -
Changed property
group
(string) -
Changed property
source
(object -> string) -
Changed property
identifier
(string)
-
POST
/sources/group_connections/oauth/
Request:
New content type : application/json
Return Type:
Changed response : 201 Created
-
Changed content type :
application/json
New required properties:
source_obj
-
Added property
source_obj
(object) -
Changed property
group
(string) -
Changed property
source
(object -> string) -
Changed property
identifier
(string)
GET
/sources/group_connections/oauth/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > OAuth Group-Source connection Serializer
New required properties:
source_obj
-
Added property
source_obj
(object) -
Changed property
group
(string) -
Changed property
source
(object -> string) -
Changed property
identifier
(string)
-
POST
/sources/group_connections/plex/
Request:
New content type : application/json
Return Type:
Changed response : 201 Created
-
Changed content type :
application/json
New required properties:
source_obj
-
Added property
source_obj
(object) -
Changed property
group
(string) -
Changed property
source
(object -> string) -
Changed property
identifier
(string)
GET
/sources/group_connections/plex/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > Plex Group-Source connection Serializer
New required properties:
source_obj
-
Added property
source_obj
(object) -
Changed property
group
(string) -
Changed property
source
(object -> string) -
Changed property
identifier
(string)
-
GET
/sources/group_connections/saml/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > OAuth Group-Source connection Serializer
New required properties:
source_obj
-
Added property
source_obj
(object) -
Changed property
group
(string) -
Changed property
source
(object -> string) -
Changed property
identifier
(string)
-
GET
/sources/kerberos/{slug}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Added property
kadmin_type
(object)KAdmin server type
Enum values:
MIT
Heimdal
other
-
PUT
/sources/kerberos/{slug}/
Request:
Changed content type : application/json
- Added property
kadmin_type
(object)KAdmin server type
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
- Added property
kadmin_type
(object)KAdmin server type
- Added property
PATCH
/sources/kerberos/{slug}/
Request:
Changed content type : application/json
- Added property
kadmin_type
(object)KAdmin server type
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
- Added property
kadmin_type
(object)KAdmin server type
- Added property
GET
/sources/user_connections/all/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > User source connection
New required properties:
source_obj
-
Added property
source_obj
(object) -
Changed property
user
(integer) -
Changed property
source
(object -> string)
-
POST
/sources/user_connections/kerberos/
Request:
Changed content type : application/json
New required properties:
source
- Added property
source
(string)
Return Type:
Changed response : 201 Created
-
Changed content type :
application/json
New required properties:
source_obj
-
Added property
source_obj
(object) -
Changed property
source
(object -> string)
GET
/sources/user_connections/kerberos/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > Kerberos Source Serializer
New required properties:
source_obj
-
Added property
source_obj
(object) -
Changed property
source
(object -> string)
-
POST
/sources/user_connections/oauth/
Request:
Changed content type : application/json
New required properties:
source
user
-
Added property
user
(integer) -
Added property
source
(string)
Return Type:
Changed response : 201 Created
-
Changed content type :
application/json
New required properties:
source_obj
-
Added property
source_obj
(object) -
Changed property
user
(integer) -
Changed property
source
(object -> string)
GET
/sources/user_connections/oauth/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > OAuth Source Serializer
New required properties:
source_obj
-
Added property
source_obj
(object) -
Changed property
user
(integer) -
Changed property
source
(object -> string)
-
POST
/sources/user_connections/plex/
Request:
Changed content type : application/json
New required properties:
source
user
-
Added property
user
(integer) -
Added property
source
(string)
Return Type:
Changed response : 201 Created
-
Changed content type :
application/json
New required properties:
source_obj
-
Added property
source_obj
(object) -
Changed property
user
(integer) -
Changed property
source
(object -> string)
GET
/sources/user_connections/plex/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > Plex Source connection Serializer
New required properties:
source_obj
-
Added property
source_obj
(object) -
Changed property
user
(integer) -
Changed property
source
(object -> string)
-
POST
/sources/user_connections/saml/
Request:
Changed content type : application/json
New required properties:
source
user
-
Added property
user
(integer) -
Added property
source
(string)
Return Type:
Changed response : 201 Created
-
Changed content type :
application/json
New required properties:
source_obj
-
Added property
source_obj
(object) -
Changed property
user
(integer) -
Changed property
source
(object -> string)
GET
/sources/user_connections/saml/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > SAML Source Serializer
New required properties:
source_obj
-
Added property
source_obj
(object) -
Changed property
user
(integer) -
Changed property
source
(object -> string)
-
GET
/stages/invitation/invitations/{invite_uuid}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
flow_obj
(object)Flow Serializer
-
Changed property
authentication
(string)Required level of authentication and authorization to access a flow.
Added enum value:
require_redirect
-
-
PUT
/stages/invitation/invitations/{invite_uuid}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
flow_obj
(object)Flow Serializer
-
Changed property
authentication
(string)Required level of authentication and authorization to access a flow.
Added enum value:
require_redirect
-
-
PATCH
/stages/invitation/invitations/{invite_uuid}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
flow_obj
(object)Flow Serializer
-
Changed property
authentication
(string)Required level of authentication and authorization to access a flow.
Added enum value:
require_redirect
-
-
POST
/flows/instances/
Request:
Changed content type : application/json
-
Changed property
authentication
(string)Required level of authentication and authorization to access a flow.
Added enum value:
require_redirect
Return Type:
Changed response : 201 Created
-
Changed content type :
application/json
-
Changed property
authentication
(string)Required level of authentication and authorization to access a flow.
Added enum value:
require_redirect
-
GET
/flows/instances/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > Flow Serializer
-
Changed property
authentication
(string)Required level of authentication and authorization to access a flow.
Added enum value:
require_redirect
-
-
GET
/providers/oauth2/{id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Added property
jwt_federation_sources
(array)Items (string):
-
Added property
jwt_federation_providers
(array)Items (integer):
-
Deleted property
jwks_sources
(array)
-
PUT
/providers/oauth2/{id}/
Request:
Changed content type : application/json
-
Added property
jwt_federation_sources
(array) -
Added property
jwt_federation_providers
(array) -
Deleted property
jwks_sources
(array)
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Added property
jwt_federation_sources
(array) -
Added property
jwt_federation_providers
(array) -
Deleted property
jwks_sources
(array)
-
PATCH
/providers/oauth2/{id}/
Request:
Changed content type : application/json
-
Added property
jwt_federation_sources
(array) -
Added property
jwt_federation_providers
(array) -
Deleted property
jwks_sources
(array)
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Added property
jwt_federation_sources
(array) -
Added property
jwt_federation_providers
(array) -
Deleted property
jwks_sources
(array)
-
GET
/providers/proxy/{id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Added property
jwt_federation_sources
(array) -
Added property
jwt_federation_providers
(array) -
Deleted property
jwks_sources
(array)
-
PUT
/providers/proxy/{id}/
Request:
Changed content type : application/json
-
Added property
jwt_federation_sources
(array) -
Added property
jwt_federation_providers
(array) -
Deleted property
jwks_sources
(array)
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Added property
jwt_federation_sources
(array) -
Added property
jwt_federation_providers
(array) -
Deleted property
jwks_sources
(array)
-
PATCH
/providers/proxy/{id}/
Request:
Changed content type : application/json
-
Added property
jwt_federation_sources
(array) -
Added property
jwt_federation_providers
(array) -
Deleted property
jwks_sources
(array)
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Added property
jwt_federation_sources
(array) -
Added property
jwt_federation_providers
(array) -
Deleted property
jwks_sources
(array)
-
GET
/rbac/permissions/assigned_by_roles/
Parameters:
Changed: model
in query
GET
/rbac/permissions/assigned_by_users/
Parameters:
Changed: model
in query
POST
/sources/kerberos/
Request:
Changed content type : application/json
- Added property
kadmin_type
(object)KAdmin server type
Return Type:
Changed response : 201 Created
-
Changed content type :
application/json
- Added property
kadmin_type
(object)KAdmin server type
- Added property
GET
/sources/kerberos/
Parameters:
Added: kadmin_type
in query
KAdmin server type
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > Kerberos Source Serializer
- Added property
kadmin_type
(object)KAdmin server type
- Added property
-
POST
/stages/invitation/invitations/
Return Type:
Changed response : 201 Created
-
Changed content type :
application/json
-
Changed property
flow_obj
(object)Flow Serializer
-
Changed property
authentication
(string)Required level of authentication and authorization to access a flow.
Added enum value:
require_redirect
-
-
GET
/stages/invitation/invitations/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > Invitation Serializer
-
Changed property
flow_obj
(object)Flow Serializer
-
Changed property
authentication
(string)Required level of authentication and authorization to access a flow.
Added enum value:
require_redirect
-
-
-
GET
/flows/executor/{flow_slug}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
Updated
ak-stage-identification
component:- Changed property
captcha_stage
(object -> object)Site public key
- Changed property
POST
/flows/executor/{flow_slug}/
Request:
Changed content type : application/json
Added 'xak-flow-redirect' component:
-
Property
component
(string) -
Property
to
(string)
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
Updated
ak-stage-identification
component:- Changed property
captcha_stage
(object -> object)Site public key
- Changed property
GET
/oauth2/access_tokens/{id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
provider
(object)OAuth2Provider Serializer
-
Added property
jwt_federation_sources
(array) -
Added property
jwt_federation_providers
(array) -
Deleted property
jwks_sources
(array)
-
-
GET
/oauth2/authorization_codes/{id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
provider
(object)OAuth2Provider Serializer
-
Added property
jwt_federation_sources
(array) -
Added property
jwt_federation_providers
(array) -
Deleted property
jwks_sources
(array)
-
-
GET
/oauth2/refresh_tokens/{id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
provider
(object)OAuth2Provider Serializer
-
Added property
jwt_federation_sources
(array) -
Added property
jwt_federation_providers
(array) -
Deleted property
jwks_sources
(array)
-
-
POST
/providers/oauth2/
Request:
Changed content type : application/json
-
Added property
jwt_federation_sources
(array) -
Added property
jwt_federation_providers
(array) -
Deleted property
jwks_sources
(array)
Return Type:
Changed response : 201 Created
-
Changed content type :
application/json
-
Added property
jwt_federation_sources
(array) -
Added property
jwt_federation_providers
(array) -
Deleted property
jwks_sources
(array)
-
GET
/providers/oauth2/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > OAuth2Provider Serializer
-
Added property
jwt_federation_sources
(array) -
Added property
jwt_federation_providers
(array) -
Deleted property
jwks_sources
(array)
-
-
POST
/providers/proxy/
Request:
Changed content type : application/json
-
Added property
jwt_federation_sources
(array) -
Added property
jwt_federation_providers
(array) -
Deleted property
jwks_sources
(array)
Return Type:
Changed response : 201 Created
-
Changed content type :
application/json
-
Added property
jwt_federation_sources
(array) -
Added property
jwt_federation_providers
(array) -
Deleted property
jwks_sources
(array)
-
GET
/providers/proxy/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > ProxyProvider Serializer
-
Added property
jwt_federation_sources
(array) -
Added property
jwt_federation_providers
(array) -
Deleted property
jwks_sources
(array)
-
-
PUT
/core/transactional/applications/
Request:
Changed content type : application/json
-
Added property
policy_bindings
(array)Items (object): > PolicyBindingSerializer which does not require target as target is set implicitly
-
Property
policy
(string) -
Property
group
(string) -
Property
user
(integer) -
Property
negate
(boolean)Negates the outcome of the policy. Messages are unaffected.
-
Property
enabled
(boolean) -
Property
order
(integer) -
Property
timeout
(integer)Timeout after which Policy execution is terminated.
-
Property
failure_result
(boolean)Result if the Policy execution fails.
-
-
Changed property
provider
(object)Updated
authentik_providers_proxy.proxyprovider
provider_model:-
Added property
jwt_federation_sources
(array) -
Added property
jwt_federation_providers
(array) -
Deleted property
jwks_sources
(array)
Updated
authentik_providers_oauth2.oauth2provider
provider_model:-
Added property
jwt_federation_sources
(array) -
Added property
jwt_federation_providers
(array) -
Deleted property
jwks_sources
(array)
-
GET
/oauth2/access_tokens/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > Serializer for BaseGrantModel and RefreshToken
-
Changed property
provider
(object)OAuth2Provider Serializer
-
Added property
jwt_federation_sources
(array) -
Added property
jwt_federation_providers
(array) -
Deleted property
jwks_sources
(array)
-
-
-
GET
/oauth2/authorization_codes/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > Serializer for BaseGrantModel and ExpiringBaseGrant
-
Changed property
provider
(object)OAuth2Provider Serializer
-
Added property
jwt_federation_sources
(array) -
Added property
jwt_federation_providers
(array) -
Deleted property
jwks_sources
(array)
-
-
-
GET
/oauth2/refresh_tokens/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > Serializer for BaseGrantModel and RefreshToken
-
Changed property
provider
(object)OAuth2Provider Serializer
-
Added property
jwt_federation_sources
(array) -
Added property
jwt_federation_providers
(array) -
Deleted property
jwks_sources
(array)
-
-
-