mirrors
/
authentik
mirror of https://github.com/goauthentik/authentik.git
0
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
authentik/website/docs/releases/2024/v2024.12.md

2318 lines
53 KiB
Markdown
Raw Permalink Blame History

---
title: Release 2024.12
slug: "/releases/2024.12"
---
## Highlights
- **Redirect stage** Conditionally redirect users to other flows and URLs.
- **Application entitlements** <span class="badge badge--info">Preview</span> Additional granular permission configuration on an application-level basis.
- **CloudFormation** <span class="badge badge--info">Preview</span> One-click deploy on AWS.
- **Policies in the application wizard** Configure access restriction while creating an application.
## Breaking changes
- **Impersonation now requires providing a reason**
You can disable this behavior in the **Admin interface** under **System** > **Settings**.
- **Deprecated PostgreSQL `USE_PGBOUNCER` and `USE_PGPOOL` settings**
With this release, the `AUTHENTIK_POSTGRESQL__USE_PGBOUNCER` and `AUTHENTIK_POSTGRESQL__USE_PGPOOL` settings have been deprecated in favor of exposing the underlying database settings: `AUTHENTIK_POSTGRESQL__CONN_MAX_AGE` and `AUTHENTIK_POSTGRESQL__DISABLE_SERVER_SIDE_CURSORS`.
If you are using PgBouncer or PgPool as connection poolers and wish to maintain the same behavior as previous versions, `AUTHENTIK_POSTGRESQL__DISABLE_SERVER_SIDE_CURSORS` must be set to `true`. Moreover, if you are using PgBouncer `AUTHENTIK_POSTGRESQL__CONN_MAX_AGE` must be set to `null`.
The newly exposed settings allow supporting a wider set of connection pooler configurations. For details on how these settings interact with different configurations of connection poolers, please refer to the [PostgreSQL documentation](../../install-config/configuration/configuration.mdx#postgresql-settings).
These settings will be removed in a future version.
## New features
- **Redirect stage**
This new stage allows redirecting a user to another flow or external URL. This allows for dynamically choosing which flow runs depending on user attributes or other factors, or redirection to another URL.
- **Application entitlements** <span class="badge badge--info">Preview</span>
Centrally configure permissions by granting entitlements to groups and users on an application-level basis.
- **Policies in the application wizard**
In the application creation wizard, administrators can now configure policies bindings along with the other application settings.
- **CloudFormation** <span class="badge badge--info">Preview</span>
Deploy authentik in your own AWS environment with one click using our new [AWS CloudFormation template](../../install-config/install/aws.md).
- **OAuth2 provider federation**
Configure [OAuth2 provider federation](../../add-secure-apps/providers/oauth2/client_credentials.md#authentik-issued-jwts-authentik-202412) to allow exchanging authentication tokens between multiple providers.
- **Silent authorization flow**
When authorization flows don't require user interaction, authentik redirects the user directly back to the application, improving user experience.
## Upgrading
This release does not introduce any new requirements. You can follow the upgrade instructions below; for more detailed information about upgrading authentik, refer to our [Upgrade documentation](../../install-config/upgrade.mdx).
:::warning
When you upgrade, be aware that the version of the authentik instance and of any outposts must be the same. We recommended that you always upgrade any outposts at the same time you upgrade your authentik instance.
:::
### Docker Compose
To upgrade, download the new docker-compose file and update the Docker stack with the new version, using these commands:
```shell
wget -O docker-compose.yml https://goauthentik.io/version/2024.12/docker-compose.yml
docker compose up -d
```
The `-O` flag retains the downloaded file's name, overwriting any existing local file with the same name.
### Kubernetes
Upgrade the Helm Chart to the new version, using the following commands:
```shell
helm repo update
helm upgrade authentik authentik/authentik -f values.yaml --version ^2024.12
```
## Minor changes/fixes
- blueprints: add AtIndex tag (#12386)
- blueprints: add default Password policy (#11793)
- core: add `None` check to a device's `extra_description` (#11904)
- core: add ability to provide reason for impersonation (#11951)
- core: add support to set policy bindings in transactional endpoint (#10399)
- core: app entitlements (#12090)
- core: fix source_flow_manager throwing error when authenticated user attempts to re-authenticate with existing link (#12080)
- core: use versioned_script for path only (#12003)
- crypto: validate that generated certificate's name is unique (#12015)
- enterprise/rac: fix API Schema for invalidation_flow (#11907)
- enterprise/stages/authenticator_endpoint_gdtc: don't set frame options globally (#12311)
- enterprise: allow deletion/modification of users when in read-only mode (#12289)
- events: notification_cleanup: avoid unnecessary loop (cherry-pick #12417) (#12418)
- flows: better test stage's challenge responses (#12316)
- flows: silent authz flow (#12213)
- internal: add CSP header to files in `/media` (#12092)
- lifecycle: fix ak exit status not being passed (#12024)
- lifecycle: fix kdc5-config missing (#11826)
- lifecycle: fix missing krb5 deps for full testing in image (#11815)
- providers/ldap: fix global search_full_directory permission not being sufficient (#12028)
- providers/oauth2: Add provider federation between OAuth2 Providers (#12083)
- providers/oauth2: allow m2m for JWKS without alg in keys (#12196)
- providers/oauth2: fix manual device code entry (#12017)
- providers/oauth2: fix migration (#12138)
- providers/oauth2: fix migration dependencies (#12123)
- providers/oauth2: fix redirect uri input (#12122)
- providers/oauth2: fix size limited index for tokens (#11879)
- providers/oauth2: make session deletion cascade to tokens (#12343)
- providers/proxy: fix Issuer when AUTHENTIK_HOST_BROWSER is set (#11968)
- providers/proxy: fix redirect_uri (#12121)
- providers/scim: accept string and int for SCIM IDs (#12093)
- rbac: fix incorrect object_description for object-level permissions (#12029)
- root: check remote IP for proxy protocol same as HTTP/etc (#12094)
- root: expose CONN_MAX_AGE, CONN_HEALTH_CHECKS and DISABLE_SERVER_SIDE_CURSORS for PostgreSQL config (cherry-pick #10159) (#12419)
- root: fix activation of locale not being scoped (#12091)
- root: fix database ssl options not set correctly (#12180)
- root: fix health status code (#12255)
- root: fix missing entries in codeowners (#12369)
- root: fix override locale only if it is not empty (#12283)
- root: fix ssl settings for read replicas not being applied (#12341)
- root: lock setuptools to prevent docker install issue
- root: support running authentik in subpath (#8675)
- root: use healthcheck in depends_on for postgres and redis (#12301)
- security: fix CVE 2024 52287 (#12114)
- security: fix CVE 2024 52289 (#12113)
- security: fix CVE 2024 52307 (#12115)
- sources/kerberos: add kadmin type setting, provide additional context to property mappings (#12286)
- sources/kerberos: add kiprop to ignored system principals (#11852)
- sources/kerberos: use new python-kadmin implementation (#11932)
- sources/oauth: allow creation of user connection objects with parameters (#12195)
- sources/saml: fix redirect not kept through SAML Source (#12372)
- stages/captcha: Run interactive captcha in Frame (#11857)
- stages/identification: fix invalid challenge warning when no captcha stage is set (#12312)
- stages/password: use recovery flow from brand (#11953)
- stages/redirect: create redirect stage (#12275)
- web/admin: add application bindings to the application wizard (#11462)
- web/admin: auto-prefill user path for new users based on selected path (#12070)
- web/admin: better footer links (#12004)
- web/admin: bugfix: dual select initialization revision (#12051)
- web/admin: fix brand title not respected in application list (#12068)
- web/admin: fix code-based MFA toggle not working in wizard (#11854)
- web/admin: fix prompt stage wording (#12384)
- web/admin: provide default invalidation flows for LDAP and Radius (#11861)
- web/flows: fix invisible captcha call (#12048)
- web/flows: resize captcha iframes (#12260)
- web/flows: update flow background (#12339)
- web: add italian locale (#11958)
- web: backport fix impersonate api (#12184)
- web: fix bug that prevented error reporting in current wizard. (#12033)
- web: fix missing status code on failed build (#11903)
- web: simplify `?inline` handler for Storybook (#12246)
- web: update tests for Chromedriver 131 (#12199)
## Fixed in 2024.12.1
- internal: fix URL generation for websocket connection (cherry-pick #12439) (#12440)
- website/docs: add content about bindings (cherry-pick #11787) (#12428)
- website/docs: add new section about impersonation (cherry-pick #12328) (#12424)
## Fixed in 2024.12.2
- core: fix error when creating new user with default path (cherry-pick #12609) (#12612)
- internal: fix missing trailing slash in outpost websocket (cherry-pick #12470) (#12471)
- providers/saml: fix invalid SAML Response when assertion and response are signed (cherry-pick #12611) (#12613)
- rbac: permissions endpoint: allow authenticated users (cherry-pick #12608) (#12610)
- sources/kerberos: authenticate with the user's username instead of the first username in authentik (cherry-pick #12497) (#12579)
- web: fix source selection and outpost integration health (#12530)
## API Changes
#### What's New
---
##### `GET` /core/application_entitlements/
##### `POST` /core/application_entitlements/
##### `GET` /core/application_entitlements/&#123;pbm_uuid&#125;/
##### `PUT` /core/application_entitlements/&#123;pbm_uuid&#125;/
##### `DELETE` /core/application_entitlements/&#123;pbm_uuid&#125;/
##### `PATCH` /core/application_entitlements/&#123;pbm_uuid&#125;/
##### `GET` /core/application_entitlements/&#123;pbm_uuid&#125;/used_by/
##### `GET` /stages/redirect/
##### `POST` /stages/redirect/
##### `GET` /stages/redirect/&#123;stage_uuid&#125;/
##### `PUT` /stages/redirect/&#123;stage_uuid&#125;/
##### `DELETE` /stages/redirect/&#123;stage_uuid&#125;/
##### `PATCH` /stages/redirect/&#123;stage_uuid&#125;/
##### `GET` /stages/redirect/&#123;stage_uuid&#125;/used_by/
#### What's Changed
---
##### `GET` /admin/settings/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Added property `impersonation_require_reason` (boolean)
> Require administrators to provide a reason for impersonating a user.
##### `PUT` /admin/settings/
###### Request:
Changed content type : `application/json`
- Added property `impersonation_require_reason` (boolean)
> Require administrators to provide a reason for impersonating a user.
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Added property `impersonation_require_reason` (boolean)
> Require administrators to provide a reason for impersonating a user.
##### `PATCH` /admin/settings/
###### Request:
Changed content type : `application/json`
- Added property `impersonation_require_reason` (boolean)
> Require administrators to provide a reason for impersonating a user.
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Added property `impersonation_require_reason` (boolean)
> Require administrators to provide a reason for impersonating a user.
##### `POST` /core/users/&#123;id&#125;/impersonate/
###### Request:
New content type : `application/json`
##### `GET` /policies/event_matcher/&#123;policy_uuid&#125;/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `app` (string)
> Match events created by selected application. When left empty, all applications are matched.
Added enum value:
- `authentik.stages.redirect`
- Changed property `model` (string)
> Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched.
Added enum values:
- `authentik_stages_redirect.redirectstage`
- `authentik_core.applicationentitlement`
##### `PUT` /policies/event_matcher/&#123;policy_uuid&#125;/
###### Request:
Changed content type : `application/json`
- Changed property `app` (string)
> Match events created by selected application. When left empty, all applications are matched.
Added enum value:
- `authentik.stages.redirect`
- Changed property `model` (string)
> Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched.
Added enum values:
- `authentik_stages_redirect.redirectstage`
- `authentik_core.applicationentitlement`
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `app` (string)
> Match events created by selected application. When left empty, all applications are matched.
Added enum value:
- `authentik.stages.redirect`
- Changed property `model` (string)
> Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched.
Added enum values:
- `authentik_stages_redirect.redirectstage`
- `authentik_core.applicationentitlement`
##### `PATCH` /policies/event_matcher/&#123;policy_uuid&#125;/
###### Request:
Changed content type : `application/json`
- Changed property `app` (string)
> Match events created by selected application. When left empty, all applications are matched.
Added enum value:
- `authentik.stages.redirect`
- Changed property `model` (string)
> Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched.
Added enum values:
- `authentik_stages_redirect.redirectstage`
- `authentik_core.applicationentitlement`
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `app` (string)
> Match events created by selected application. When left empty, all applications are matched.
Added enum value:
- `authentik.stages.redirect`
- Changed property `model` (string)
> Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched.
Added enum values:
- `authentik_stages_redirect.redirectstage`
- `authentik_core.applicationentitlement`
##### `GET` /sources/group_connections/kerberos/&#123;id&#125;/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
New required properties:
- `source_obj`
* Added property `source_obj` (object)
- Property `pk` (string)
- Property `name` (string)
> Source's display Name.
- Property `slug` (string)
> Internal source name, used in URLs.
- Property `enabled` (boolean)
- Property `authentication_flow` (string)
> Flow to use when authenticating existing users.
- Property `enrollment_flow` (string)
> Flow to use when enrolling new users.
- Property `user_property_mappings` (array)
Items (string):
- Property `group_property_mappings` (array)
- Property `component` (string)
> Get object component so that we know how to edit the object
- Property `verbose_name` (string)
> Return object's verbose_name
- Property `verbose_name_plural` (string)
> Return object's plural verbose_name
- Property `meta_model_name` (string)
> Return internal model name
- Property `policy_engine_mode` (string)
Enum values:
- `all`
- `any`
- Property `user_matching_mode` (string)
> How the source determines if an existing user should be authenticated or a new user enrolled.
Enum values:
- `identifier`
- `email_link`
- `email_deny`
- `username_link`
- `username_deny`
- Property `managed` (string)
> Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update.
- Property `user_path_template` (string)
- Property `icon` (string)
> Get the URL to the Icon. If the name is /static or
> starts with http it is returned as-is
* Changed property `group` (string)
* Changed property `source` (object -> string)
* Changed property `identifier` (string)
##### `PUT` /sources/group_connections/kerberos/&#123;id&#125;/
###### Request:
New content type : `application/json`
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
New required properties:
- `source_obj`
* Added property `source_obj` (object)
* Changed property `group` (string)
* Changed property `source` (object -> string)
* Changed property `identifier` (string)
##### `PATCH` /sources/group_connections/kerberos/&#123;id&#125;/
###### Request:
New content type : `application/json`
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
New required properties:
- `source_obj`
* Added property `source_obj` (object)
* Changed property `group` (string)
* Changed property `source` (object -> string)
* Changed property `identifier` (string)
##### `GET` /sources/group_connections/oauth/&#123;id&#125;/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
New required properties:
- `source_obj`
* Added property `source_obj` (object)
* Changed property `group` (string)
* Changed property `source` (object -> string)
* Changed property `identifier` (string)
##### `PUT` /sources/group_connections/oauth/&#123;id&#125;/
###### Request:
New content type : `application/json`
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
New required properties:
- `source_obj`
* Added property `source_obj` (object)
* Changed property `group` (string)
* Changed property `source` (object -> string)
* Changed property `identifier` (string)
##### `PATCH` /sources/group_connections/oauth/&#123;id&#125;/
###### Request:
New content type : `application/json`
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
New required properties:
- `source_obj`
* Added property `source_obj` (object)
* Changed property `group` (string)
* Changed property `source` (object -> string)
* Changed property `identifier` (string)
##### `GET` /sources/group_connections/plex/&#123;id&#125;/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
New required properties:
- `source_obj`
* Added property `source_obj` (object)
* Changed property `group` (string)
* Changed property `source` (object -> string)
* Changed property `identifier` (string)
##### `PUT` /sources/group_connections/plex/&#123;id&#125;/
###### Request:
New content type : `application/json`
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
New required properties:
- `source_obj`
* Added property `source_obj` (object)
* Changed property `group` (string)
* Changed property `source` (object -> string)
* Changed property `identifier` (string)
##### `PATCH` /sources/group_connections/plex/&#123;id&#125;/
###### Request:
New content type : `application/json`
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
New required properties:
- `source_obj`
* Added property `source_obj` (object)
* Changed property `group` (string)
* Changed property `source` (object -> string)
* Changed property `identifier` (string)
##### `GET` /sources/group_connections/saml/&#123;id&#125;/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
New required properties:
- `source_obj`
* Added property `source_obj` (object)
* Changed property `group` (string)
* Changed property `source` (object -> string)
* Changed property `identifier` (string)
##### `PUT` /sources/group_connections/saml/&#123;id&#125;/
###### Request:
New content type : `application/json`
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
New required properties:
- `source_obj`
* Added property `source_obj` (object)
* Changed property `group` (string)
* Changed property `source` (object -> string)
* Changed property `identifier` (string)
##### `PATCH` /sources/group_connections/saml/&#123;id&#125;/
###### Request:
New content type : `application/json`
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
New required properties:
- `source_obj`
* Added property `source_obj` (object)
* Changed property `group` (string)
* Changed property `source` (object -> string)
* Changed property `identifier` (string)
##### `GET` /sources/user_connections/all/&#123;id&#125;/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
New required properties:
- `source_obj`
* Added property `source_obj` (object)
* Changed property `user` (integer)
* Changed property `source` (object -> string)
##### `PUT` /sources/user_connections/all/&#123;id&#125;/
###### Request:
New content type : `application/json`
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
New required properties:
- `source_obj`
* Added property `source_obj` (object)
* Changed property `user` (integer)
* Changed property `source` (object -> string)
##### `PATCH` /sources/user_connections/all/&#123;id&#125;/
###### Request:
New content type : `application/json`
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
New required properties:
- `source_obj`
* Added property `source_obj` (object)
* Changed property `user` (integer)
* Changed property `source` (object -> string)
##### `GET` /sources/user_connections/kerberos/&#123;id&#125;/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
New required properties:
- `source_obj`
* Added property `source_obj` (object)
* Changed property `source` (object -> string)
##### `PUT` /sources/user_connections/kerberos/&#123;id&#125;/
###### Request:
Changed content type : `application/json`
New required properties:
- `source`
* Added property `source` (string)
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
New required properties:
- `source_obj`
* Added property `source_obj` (object)
* Changed property `source` (object -> string)
##### `PATCH` /sources/user_connections/kerberos/&#123;id&#125;/
###### Request:
Changed content type : `application/json`
- Added property `source` (string)
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
New required properties:
- `source_obj`
* Added property `source_obj` (object)
* Changed property `source` (object -> string)
##### `GET` /sources/user_connections/oauth/&#123;id&#125;/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
New required properties:
- `source_obj`
* Added property `source_obj` (object)
* Changed property `user` (integer)
* Changed property `source` (object -> string)
##### `PUT` /sources/user_connections/oauth/&#123;id&#125;/
###### Request:
Changed content type : `application/json`
New required properties:
- `source`
- `user`
* Added property `user` (integer)
* Added property `source` (string)
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
New required properties:
- `source_obj`
* Added property `source_obj` (object)
* Changed property `user` (integer)
* Changed property `source` (object -> string)
##### `PATCH` /sources/user_connections/oauth/&#123;id&#125;/
###### Request:
Changed content type : `application/json`
- Added property `user` (integer)
- Added property `source` (string)
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
New required properties:
- `source_obj`
* Added property `source_obj` (object)
* Changed property `user` (integer)
* Changed property `source` (object -> string)
##### `GET` /sources/user_connections/plex/&#123;id&#125;/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
New required properties:
- `source_obj`
* Added property `source_obj` (object)
* Changed property `user` (integer)
* Changed property `source` (object -> string)
##### `PUT` /sources/user_connections/plex/&#123;id&#125;/
###### Request:
Changed content type : `application/json`
New required properties:
- `source`
- `user`
* Added property `user` (integer)
* Added property `source` (string)
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
New required properties:
- `source_obj`
* Added property `source_obj` (object)
* Changed property `user` (integer)
* Changed property `source` (object -> string)
##### `PATCH` /sources/user_connections/plex/&#123;id&#125;/
###### Request:
Changed content type : `application/json`
- Added property `user` (integer)
- Added property `source` (string)
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
New required properties:
- `source_obj`
* Added property `source_obj` (object)
* Changed property `user` (integer)
* Changed property `source` (object -> string)
##### `GET` /sources/user_connections/saml/&#123;id&#125;/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
New required properties:
- `source_obj`
* Added property `source_obj` (object)
* Changed property `user` (integer)
* Changed property `source` (object -> string)
##### `PUT` /sources/user_connections/saml/&#123;id&#125;/
###### Request:
Changed content type : `application/json`
New required properties:
- `source`
- `user`
* Added property `user` (integer)
* Added property `source` (string)
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
New required properties:
- `source_obj`
* Added property `source_obj` (object)
* Changed property `user` (integer)
* Changed property `source` (object -> string)
##### `PATCH` /sources/user_connections/saml/&#123;id&#125;/
###### Request:
Changed content type : `application/json`
- Added property `user` (integer)
- Added property `source` (string)
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
New required properties:
- `source_obj`
* Added property `source_obj` (object)
* Changed property `user` (integer)
* Changed property `source` (object -> string)
##### `GET` /flows/instances/&#123;slug&#125;/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `authentication` (string)
> Required level of authentication and authorization to access a flow.
Added enum value:
- `require_redirect`
##### `PUT` /flows/instances/&#123;slug&#125;/
###### Request:
Changed content type : `application/json`
- Changed property `authentication` (string)
> Required level of authentication and authorization to access a flow.
Added enum value:
- `require_redirect`
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `authentication` (string)
> Required level of authentication and authorization to access a flow.
Added enum value:
- `require_redirect`
##### `PATCH` /flows/instances/&#123;slug&#125;/
###### Request:
Changed content type : `application/json`
- Changed property `authentication` (string)
> Required level of authentication and authorization to access a flow.
Added enum value:
- `require_redirect`
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `authentication` (string)
> Required level of authentication and authorization to access a flow.
Added enum value:
- `require_redirect`
##### `POST` /policies/event_matcher/
###### Request:
Changed content type : `application/json`
- Changed property `app` (string)
> Match events created by selected application. When left empty, all applications are matched.
Added enum value:
- `authentik.stages.redirect`
- Changed property `model` (string)
> Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched.
Added enum values:
- `authentik_stages_redirect.redirectstage`
- `authentik_core.applicationentitlement`
###### Return Type:
Changed response : **201 Created**
- Changed content type : `application/json`
- Changed property `app` (string)
> Match events created by selected application. When left empty, all applications are matched.
Added enum value:
- `authentik.stages.redirect`
- Changed property `model` (string)
> Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched.
Added enum values:
- `authentik_stages_redirect.redirectstage`
- `authentik_core.applicationentitlement`
##### `GET` /policies/event_matcher/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `results` (array)
Changed items (object): > Event Matcher Policy Serializer
- Changed property `app` (string)
> Match events created by selected application. When left empty, all applications are matched.
Added enum value:
- `authentik.stages.redirect`
- Changed property `model` (string)
> Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched.
Added enum values:
- `authentik_stages_redirect.redirectstage`
- `authentik_core.applicationentitlement`
##### `POST` /rbac/permissions/assigned_by_roles/&#123;uuid&#125;/assign/
###### Request:
Changed content type : `application/json`
- Changed property `model` (string)
Added enum values:
- `authentik_stages_redirect.redirectstage`
- `authentik_core.applicationentitlement`
##### `PATCH` /rbac/permissions/assigned_by_roles/&#123;uuid&#125;/unassign/
###### Request:
Changed content type : `application/json`
- Changed property `model` (string)
Added enum values:
- `authentik_stages_redirect.redirectstage`
- `authentik_core.applicationentitlement`
##### `POST` /rbac/permissions/assigned_by_users/&#123;id&#125;/assign/
###### Request:
Changed content type : `application/json`
- Changed property `model` (string)
Added enum values:
- `authentik_stages_redirect.redirectstage`
- `authentik_core.applicationentitlement`
##### `PATCH` /rbac/permissions/assigned_by_users/&#123;id&#125;/unassign/
###### Request:
Changed content type : `application/json`
- Changed property `model` (string)
Added enum values:
- `authentik_stages_redirect.redirectstage`
- `authentik_core.applicationentitlement`
##### `GET` /sources/group_connections/kerberos/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `results` (array)
Changed items (object): > OAuth Group-Source connection Serializer
New required properties:
- `source_obj`
* Added property `source_obj` (object)
* Changed property `group` (string)
* Changed property `source` (object -> string)
* Changed property `identifier` (string)
##### `POST` /sources/group_connections/oauth/
###### Request:
New content type : `application/json`
###### Return Type:
Changed response : **201 Created**
- Changed content type : `application/json`
New required properties:
- `source_obj`
* Added property `source_obj` (object)
* Changed property `group` (string)
* Changed property `source` (object -> string)
* Changed property `identifier` (string)
##### `GET` /sources/group_connections/oauth/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `results` (array)
Changed items (object): > OAuth Group-Source connection Serializer
New required properties:
- `source_obj`
* Added property `source_obj` (object)
* Changed property `group` (string)
* Changed property `source` (object -> string)
* Changed property `identifier` (string)
##### `POST` /sources/group_connections/plex/
###### Request:
New content type : `application/json`
###### Return Type:
Changed response : **201 Created**
- Changed content type : `application/json`
New required properties:
- `source_obj`
* Added property `source_obj` (object)
* Changed property `group` (string)
* Changed property `source` (object -> string)
* Changed property `identifier` (string)
##### `GET` /sources/group_connections/plex/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `results` (array)
Changed items (object): > Plex Group-Source connection Serializer
New required properties:
- `source_obj`
* Added property `source_obj` (object)
* Changed property `group` (string)
* Changed property `source` (object -> string)
* Changed property `identifier` (string)
##### `GET` /sources/group_connections/saml/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `results` (array)
Changed items (object): > OAuth Group-Source connection Serializer
New required properties:
- `source_obj`
* Added property `source_obj` (object)
* Changed property `group` (string)
* Changed property `source` (object -> string)
* Changed property `identifier` (string)
##### `GET` /sources/kerberos/&#123;slug&#125;/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Added property `kadmin_type` (object)
> KAdmin server type
Enum values:
- `MIT`
- `Heimdal`
- `other`
##### `PUT` /sources/kerberos/&#123;slug&#125;/
###### Request:
Changed content type : `application/json`
- Added property `kadmin_type` (object)
> KAdmin server type
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Added property `kadmin_type` (object)
> KAdmin server type
##### `PATCH` /sources/kerberos/&#123;slug&#125;/
###### Request:
Changed content type : `application/json`
- Added property `kadmin_type` (object)
> KAdmin server type
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Added property `kadmin_type` (object)
> KAdmin server type
##### `GET` /sources/user_connections/all/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `results` (array)
Changed items (object): > User source connection
New required properties:
- `source_obj`
* Added property `source_obj` (object)
* Changed property `user` (integer)
* Changed property `source` (object -> string)
##### `POST` /sources/user_connections/kerberos/
###### Request:
Changed content type : `application/json`
New required properties:
- `source`
* Added property `source` (string)
###### Return Type:
Changed response : **201 Created**
- Changed content type : `application/json`
New required properties:
- `source_obj`
* Added property `source_obj` (object)
* Changed property `source` (object -> string)
##### `GET` /sources/user_connections/kerberos/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `results` (array)
Changed items (object): > Kerberos Source Serializer
New required properties:
- `source_obj`
* Added property `source_obj` (object)
* Changed property `source` (object -> string)
##### `POST` /sources/user_connections/oauth/
###### Request:
Changed content type : `application/json`
New required properties:
- `source`
- `user`
* Added property `user` (integer)
* Added property `source` (string)
###### Return Type:
Changed response : **201 Created**
- Changed content type : `application/json`
New required properties:
- `source_obj`
* Added property `source_obj` (object)
* Changed property `user` (integer)
* Changed property `source` (object -> string)
##### `GET` /sources/user_connections/oauth/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `results` (array)
Changed items (object): > OAuth Source Serializer
New required properties:
- `source_obj`
* Added property `source_obj` (object)
* Changed property `user` (integer)
* Changed property `source` (object -> string)
##### `POST` /sources/user_connections/plex/
###### Request:
Changed content type : `application/json`
New required properties:
- `source`
- `user`
* Added property `user` (integer)
* Added property `source` (string)
###### Return Type:
Changed response : **201 Created**
- Changed content type : `application/json`
New required properties:
- `source_obj`
* Added property `source_obj` (object)
* Changed property `user` (integer)
* Changed property `source` (object -> string)
##### `GET` /sources/user_connections/plex/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `results` (array)
Changed items (object): > Plex Source connection Serializer
New required properties:
- `source_obj`
* Added property `source_obj` (object)
* Changed property `user` (integer)
* Changed property `source` (object -> string)
##### `POST` /sources/user_connections/saml/
###### Request:
Changed content type : `application/json`
New required properties:
- `source`
- `user`
* Added property `user` (integer)
* Added property `source` (string)
###### Return Type:
Changed response : **201 Created**
- Changed content type : `application/json`
New required properties:
- `source_obj`
* Added property `source_obj` (object)
* Changed property `user` (integer)
* Changed property `source` (object -> string)
##### `GET` /sources/user_connections/saml/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `results` (array)
Changed items (object): > SAML Source Serializer
New required properties:
- `source_obj`
* Added property `source_obj` (object)
* Changed property `user` (integer)
* Changed property `source` (object -> string)
##### `GET` /stages/invitation/invitations/&#123;invite_uuid&#125;/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `flow_obj` (object)
> Flow Serializer
- Changed property `authentication` (string)
> Required level of authentication and authorization to access a flow.
Added enum value:
- `require_redirect`
##### `PUT` /stages/invitation/invitations/&#123;invite_uuid&#125;/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `flow_obj` (object)
> Flow Serializer
- Changed property `authentication` (string)
> Required level of authentication and authorization to access a flow.
Added enum value:
- `require_redirect`
##### `PATCH` /stages/invitation/invitations/&#123;invite_uuid&#125;/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `flow_obj` (object)
> Flow Serializer
- Changed property `authentication` (string)
> Required level of authentication and authorization to access a flow.
Added enum value:
- `require_redirect`
##### `POST` /flows/instances/
###### Request:
Changed content type : `application/json`
- Changed property `authentication` (string)
> Required level of authentication and authorization to access a flow.
Added enum value:
- `require_redirect`
###### Return Type:
Changed response : **201 Created**
- Changed content type : `application/json`
- Changed property `authentication` (string)
> Required level of authentication and authorization to access a flow.
Added enum value:
- `require_redirect`
##### `GET` /flows/instances/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `results` (array)
Changed items (object): > Flow Serializer
- Changed property `authentication` (string)
> Required level of authentication and authorization to access a flow.
Added enum value:
- `require_redirect`
##### `GET` /providers/oauth2/&#123;id&#125;/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Added property `jwt_federation_sources` (array)
Items (string):
- Added property `jwt_federation_providers` (array)
Items (integer):
- Deleted property `jwks_sources` (array)
##### `PUT` /providers/oauth2/&#123;id&#125;/
###### Request:
Changed content type : `application/json`
- Added property `jwt_federation_sources` (array)
- Added property `jwt_federation_providers` (array)
- Deleted property `jwks_sources` (array)
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Added property `jwt_federation_sources` (array)
- Added property `jwt_federation_providers` (array)
- Deleted property `jwks_sources` (array)
##### `PATCH` /providers/oauth2/&#123;id&#125;/
###### Request:
Changed content type : `application/json`
- Added property `jwt_federation_sources` (array)
- Added property `jwt_federation_providers` (array)
- Deleted property `jwks_sources` (array)
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Added property `jwt_federation_sources` (array)
- Added property `jwt_federation_providers` (array)
- Deleted property `jwks_sources` (array)
##### `GET` /providers/proxy/&#123;id&#125;/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Added property `jwt_federation_sources` (array)
- Added property `jwt_federation_providers` (array)
- Deleted property `jwks_sources` (array)
##### `PUT` /providers/proxy/&#123;id&#125;/
###### Request:
Changed content type : `application/json`
- Added property `jwt_federation_sources` (array)
- Added property `jwt_federation_providers` (array)
- Deleted property `jwks_sources` (array)
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Added property `jwt_federation_sources` (array)
- Added property `jwt_federation_providers` (array)
- Deleted property `jwks_sources` (array)
##### `PATCH` /providers/proxy/&#123;id&#125;/
###### Request:
Changed content type : `application/json`
- Added property `jwt_federation_sources` (array)
- Added property `jwt_federation_providers` (array)
- Deleted property `jwks_sources` (array)
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Added property `jwt_federation_sources` (array)
- Added property `jwt_federation_providers` (array)
- Deleted property `jwks_sources` (array)
##### `GET` /rbac/permissions/assigned_by_roles/
###### Parameters:
Changed: `model` in `query`
##### `GET` /rbac/permissions/assigned_by_users/
###### Parameters:
Changed: `model` in `query`
##### `POST` /sources/kerberos/
###### Request:
Changed content type : `application/json`
- Added property `kadmin_type` (object)
> KAdmin server type
###### Return Type:
Changed response : **201 Created**
- Changed content type : `application/json`
- Added property `kadmin_type` (object)
> KAdmin server type
##### `GET` /sources/kerberos/
###### Parameters:
Added: `kadmin_type` in `query`
> KAdmin server type
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `results` (array)
Changed items (object): > Kerberos Source Serializer
- Added property `kadmin_type` (object)
> KAdmin server type
##### `POST` /stages/invitation/invitations/
###### Return Type:
Changed response : **201 Created**
- Changed content type : `application/json`
- Changed property `flow_obj` (object)
> Flow Serializer
- Changed property `authentication` (string)
> Required level of authentication and authorization to access a flow.
Added enum value:
- `require_redirect`
##### `GET` /stages/invitation/invitations/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `results` (array)
Changed items (object): > Invitation Serializer
- Changed property `flow_obj` (object)
> Flow Serializer
- Changed property `authentication` (string)
> Required level of authentication and authorization to access a flow.
Added enum value:
- `require_redirect`
##### `GET` /flows/executor/&#123;flow_slug&#125;/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
Updated `ak-stage-identification` component:
- Changed property `captcha_stage` (object -> object)
> Site public key
##### `POST` /flows/executor/&#123;flow_slug&#125;/
###### Request:
Changed content type : `application/json`
Added 'xak-flow-redirect' component:
- Property `component` (string)
- Property `to` (string)
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
Updated `ak-stage-identification` component:
- Changed property `captcha_stage` (object -> object)
> Site public key
##### `GET` /oauth2/access_tokens/&#123;id&#125;/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `provider` (object)
> OAuth2Provider Serializer
- Added property `jwt_federation_sources` (array)
- Added property `jwt_federation_providers` (array)
- Deleted property `jwks_sources` (array)
##### `GET` /oauth2/authorization_codes/&#123;id&#125;/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `provider` (object)
> OAuth2Provider Serializer
- Added property `jwt_federation_sources` (array)
- Added property `jwt_federation_providers` (array)
- Deleted property `jwks_sources` (array)
##### `GET` /oauth2/refresh_tokens/&#123;id&#125;/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `provider` (object)
> OAuth2Provider Serializer
- Added property `jwt_federation_sources` (array)
- Added property `jwt_federation_providers` (array)
- Deleted property `jwks_sources` (array)
##### `POST` /providers/oauth2/
###### Request:
Changed content type : `application/json`
- Added property `jwt_federation_sources` (array)
- Added property `jwt_federation_providers` (array)
- Deleted property `jwks_sources` (array)
###### Return Type:
Changed response : **201 Created**
- Changed content type : `application/json`
- Added property `jwt_federation_sources` (array)
- Added property `jwt_federation_providers` (array)
- Deleted property `jwks_sources` (array)
##### `GET` /providers/oauth2/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `results` (array)
Changed items (object): > OAuth2Provider Serializer
- Added property `jwt_federation_sources` (array)
- Added property `jwt_federation_providers` (array)
- Deleted property `jwks_sources` (array)
##### `POST` /providers/proxy/
###### Request:
Changed content type : `application/json`
- Added property `jwt_federation_sources` (array)
- Added property `jwt_federation_providers` (array)
- Deleted property `jwks_sources` (array)
###### Return Type:
Changed response : **201 Created**
- Changed content type : `application/json`
- Added property `jwt_federation_sources` (array)
- Added property `jwt_federation_providers` (array)
- Deleted property `jwks_sources` (array)
##### `GET` /providers/proxy/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `results` (array)
Changed items (object): > ProxyProvider Serializer
- Added property `jwt_federation_sources` (array)
- Added property `jwt_federation_providers` (array)
- Deleted property `jwks_sources` (array)
##### `PUT` /core/transactional/applications/
###### Request:
Changed content type : `application/json`
- Added property `policy_bindings` (array)
Items (object): > PolicyBindingSerializer which does not require target as target is set implicitly
- Property `policy` (string)
- Property `group` (string)
- Property `user` (integer)
- Property `negate` (boolean)
> Negates the outcome of the policy. Messages are unaffected.
- Property `enabled` (boolean)
- Property `order` (integer)
- Property `timeout` (integer)
> Timeout after which Policy execution is terminated.
- Property `failure_result` (boolean)
> Result if the Policy execution fails.
- Changed property `provider` (object)
Updated `authentik_providers_proxy.proxyprovider` provider_model:
- Added property `jwt_federation_sources` (array)
- Added property `jwt_federation_providers` (array)
- Deleted property `jwks_sources` (array)
Updated `authentik_providers_oauth2.oauth2provider` provider_model:
- Added property `jwt_federation_sources` (array)
- Added property `jwt_federation_providers` (array)
- Deleted property `jwks_sources` (array)
##### `GET` /oauth2/access_tokens/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `results` (array)
Changed items (object): > Serializer for BaseGrantModel and RefreshToken
- Changed property `provider` (object)
> OAuth2Provider Serializer
- Added property `jwt_federation_sources` (array)
- Added property `jwt_federation_providers` (array)
- Deleted property `jwks_sources` (array)
##### `GET` /oauth2/authorization_codes/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `results` (array)
Changed items (object): > Serializer for BaseGrantModel and ExpiringBaseGrant
- Changed property `provider` (object)
> OAuth2Provider Serializer
- Added property `jwt_federation_sources` (array)
- Added property `jwt_federation_providers` (array)
- Deleted property `jwks_sources` (array)
##### `GET` /oauth2/refresh_tokens/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `results` (array)
Changed items (object): > Serializer for BaseGrantModel and RefreshToken
- Changed property `provider` (object)
> OAuth2Provider Serializer
- Added property `jwt_federation_sources` (array)
- Added property `jwt_federation_providers` (array)
- Deleted property `jwks_sources` (array)
Reference in New Issue View Git Blame Copy Permalink