115 KiB
title | slug |
---|---|
Release 2024.8 | /releases/2024.8 |
Highlights
- Source property mappings for SCIM, OAuth, SAML, and Plex sources: All sources now support property mappings to configure how authentik interprets the incoming source's data. Additionally, groups can be synced from all sources that provide group info.
- RADIUS provider custom attribute support: Integrate RADIUS better into network infrastructure by sending vendor-specific attributes based on the user authenticating.
- SAML encryption support: SAML source and provider support encryption now, which prevents anyone from viewing the information of in-flight assertions.
- RBAC support for blueprints and Terraform: Permissions can now be assigned and automated using both blueprints and Terraform.
Breaking changes
Manual action is required
-
LDAP property mappings simplification
LDAP property mappings have been reworked to remove Object field. With this release, instead of returning a single user or group attribute for each property mapping, you can now return several of them. Here is an example of what new property mappings look like:
return { "username": ldap.get("uid"), # list_flatten is automatically applied to top-level attributes "attributes": { "phone": list_flatten(ldap.get("phoneNumber")), # but not for attributes! }, }
This property mapping populates the
username
andattributes.phone
attributes of a user at the same time, reducing the number of mappings that are run and thus improving performance. Additionally, they are more straightforward to read, and this change allowed us to implement property mappings for OAuth and SAML sources as well.authentik will automatically convert existing property mappings to this new format, by generating some Python code for each of the existing property mappings expressions. Property mappings that are managed by authentik will automatically get updated to the new format.
If you have any custom property mappings, we recommend converting them to this new format.
-
OAuth and SAML sources now sync groups by default
OAuth (specifically OpenID and Okta) sources now sync groups by default when a
groups
claim is available.SAML sources now sync groups by default when a
http://schemas.xmlsoap.org/claims/Group
attribute is available in the assertion.To disable that behavior, create an OAuth/SAML source property mapping with the expression below and assign it as a user property mapping on the source.
return { "groups": [], }
-
Terraform Resource rename
Several resources in the Terraform provider have been renamed to align with new functionality. This mainly applies to property mapping-related resources. With the authentik version 2024.8.1 of the Terraform provider, both the old and new resources are available, and resources can be moved to the new name using
terraform state mv
.These resources have been renamed:
authentik_property_mapping_google_workspace
authentik_property_mapping_ldap
authentik_property_mapping_microsoft_entra
authentik_property_mapping_rac
authentik_property_mapping_radius
authentik_property_mapping_saml
authentik_property_mapping_scim
Manual action may be required
-
Changes to the external user type
Since the introduction of user types with 2023.8, the main difference between internal and external users has mostly been relevant when using the Enterprise version of authentik.
With this release, authentik improves support for B2C use-cases, which external users are intended for. It is now possible to configure a default application. External users not attempting to access a specific application will always be redirected to this default application.
As part of this, external users will no longer have access to the User and Admin interfaces. If you're using the open-source version and you require this workflow, you can change users to be Internal, which will have no side-effects. For Enterprise customers, please reach out to us with any questions.
Bulk changing the user type
In the container, run the command `ak change_user_type --all --type internal` to change all users to Internal. Instead of using `--all` you can also pass usernames to the command to only change individual users to internal. -
Changed HTTP healthcheck endpoints status code
For increased compatibility, the
/-/health/live/
and/-/health/ready/
endpoints return 200 HTTP Status codes for successful checks. Previously these endpoints returned 204, which means in most cases no changes are required.
New features
-
Source property mappings for SCIM, OAuth, SAML and Plex sources
All source types now support property mappings to customize how authentik should interpret the data the source provides. In addition to that, it is also now possible to sync groups and group membership from sources that provide group information. See Property Mappings.
-
RADIUS provider custom attribute support
With 2024.8 it is possible to define custom attributes for the RADIUS provider, for example vendor-specific attributes like Cisco's
AV-Pair
attribute. These attributes are defined in property mappings which means they can be dynamically defined based on the user authenticating. See RADIUS Provider -
SAML encryption support
It is now possible to configure SAML sources and providers to decrypt and validate encrypted assertions. This can be configured by creating a Certificate-keypair and selecting it in the SAML source or provider.
-
GeoIP Policy
With the new GeoIP Policy it is possible to grant/deny access based on Country and ASN, without having to write an expression policy.
-
Simplification of LDAP Provider permissions
The LDAP provider now uses RBAC to assign the appropriate permission to search the full directory instead of requiring a dedicated group to be created. As part of the upgrade, existing search groups' users are migrated to grant the required permission to search the full directory.
-
RBAC support for blueprints and Terraform
RBAC permissions for global/object level permissions for users/roles can now be managed via blueprints and Terraform. This allows for the automatic configuration of permissions.
-
UX improvements
In previous versions of authentik, there were several places in the Admin interface where you could not select more than 100 items. With this change, it is now possible to search for items and select more than 100 items.
-
WebFinger support
With the addition of the default application setting, when the default application uses an OIDC provider, a WebFinger endpoint is available now.
Upgrading
This release does not introduce any new requirements. You can follow the upgrade instructions below; for more detailed information about upgrading authentik, refer to our Upgrade documentation.
:::warning When you upgrade, be aware that the version of the authentik instance and of any outposts must be the same. We recommended that you always upgrade any outposts at the same time you upgrade your authentik instance. :::
Docker Compose
To upgrade, download the new docker-compose file and update the Docker stack with the new version, using these commands:
wget -O docker-compose.yml https://goauthentik.io/version/2024.8/docker-compose.yml
docker compose up -d
The -O
flag retains the downloaded file's name, overwriting any existing local file with the same name.
Kubernetes
Upgrade the Helm Chart to the new version, using the following commands:
helm repo update
helm upgrade authentik authentik/authentik -f values.yaml --version ^2024.8
Minor changes/fixes
- api: use custom json renderer for speed (#9977)
- blueprints: handle model referencing non-existent app/model (#10796)
- brands: add OIDC webfinger support (#10400)
- core: add index on enabled field of sources (#10572)
- core: add primitives for source property mappings (#10651)
- core: b2c improvements p1 (#9257)
- core: fix error when raising SkipObject in mapping (#10153)
- core: fix migrations missing using db_alias (#10409)
- core: fix source flow_manager not resuming flow when linking (#10436)
- core: fix URLValidator regex to allow single digit port (#10280)
- core: remove deprecated sentry-sdk method usage (#10648)
- core: remove html language tag for pages that are translated (#10611)
- core: remove transitionary old JS urls (#10317)
- core: rework base for SkipObject exception to better support control flow exceptions (#10186)
- enterprise: add support for license flags (#10842)
- enterprise: UI improvements, better handling of expiry (#10828)
- enterprise/rac: fix error when listing connection tokens as non-superuser (#10771)
- events: associate login_failed events to a user if possible (#10270)
- events: fix race condition (#10602)
- flows: remove stage challenge type (#10476)
- internal: Use loop instead of recursion in NewAPIController (#10745)
- lib/sync: handle SkipObject in direct triggered tasks (#10590)
- lifecycle: only create tenant media root if needed (#10616)
- outposts: add better UI for showing mismatched versions (#10885)
- outposts: ensure minimum refresh interval (#10701)
- outposts: implement general paginator for list API requests (#10619)
- outposts: make refresh interval configurable (#10138)
- policies: add GeoIP policy (#10454)
- policies/reputation: fix existing reputation update (#10124)
- providers: add provider/ prefix for property mappings API (#10874)
- providers/ldap: fix missing using in migrations (#10906)
- providers/ldap: Remove search group (#10639)
- providers/proxy: avoid erroring on logout with session_id is None (#9119)
- providers/proxy: fix Traefik label generation for v3 (#10411)
- providers/radius: Add support for custom attributes (#10509)
- providers/radius: fix custom attribute (#10704)
- providers/radius: property mapping docs (#10908)
- providers/saml: encryption support (#10934)
- providers/saml: fix incorrect migration for sign_response (#10975)
- providers/saml: fix metadata import error handling (#10349)
- providers/saml: remove redundant ACSUrl in POST (#10707)
- providers/scim: Fix exception handling for missing ServiceProviderConfig (#10322)
- rbac: generate blueprint schema permissions from defined models not DB (#10962)
- rbac: rework API for terraform, add blueprint support (#10698)
- root: allow extra sentry settings (#10269)
- root: dependency maintenance (#10689)
- root: Make health checks compatible with cloud platform load balancers (#10554)
- root: make pyrad a standard dependency (#10649)
- root: makefile: add codespell to make-website (#10116)
- root: only load daphne django app in development (#10723)
- root: use custom model serializer that saves m2m without bulk (#10139)
- sources: add property mappings for all oauth and saml sources (#8771)
- sources: introduce new property mappings per user and group (#8750)
- sources: refactor user connection api (#10607)
- sources/ldap: Add enabled filter for ldap_password_validate signal (#10823)
- sources/ldap: fix migrations failing (#10588)
- sources/ldap: rename ldappropertymapping to ldapsourcepropertymapping (#10606)
- sources/oauth: fix link not being saved (#10374)
- sources/plex: add property mappings (#10772)
- sources/saml: Basic support for EncryptedAssertion element. (#10099)
- sources/saml: fix pickle error, add saml auth tests (#10348)
- sources/scim: add property mappings (#10650)
- sources/scim: fix duplicate service account users and changing token (#10735)
- sources/scim: fix schema loading with pwd is not set properly (#10574)
- stages/authenticator_validate: fix friendly_name being required (#10382)
- stages/authenticator: actually update last_used (#10813)
- stages/authenticator: add created, last_updated and last_used metadata (#10636)
- stages/prompt: fix prompt not editable with invalid expression (#10603)
- stages/user_login: fix ?next parameter not carried through broken session binding (#10301)
- web: disable reading dark mode out of the UI by default (#10256)
- web: enable custom-element-manifest and DOM/JS integration checking. (#10177)
- web: enhance search select with portal, overflow, and keyboard controls (#9517)
- web: fix bad name target that's breaking build (#10506)
- web: fix dark theme and theme switch (#10667)
- web: fix docker build for non-release versions (#10154)
- web: fix early modal stack depletion (#10068)
- web: fix mismatched button labels for boundpolicy and boundstage list (#10551)
- web: fix needed because recent upgrade to task breaks spinner button (#10142)
- web: fix theme not applying to document correctly (#10721)
- web: fixed missed internationalized strings (#10323)
- web: licenseStatus is not defined on initial render (#10894)
- web: provide 'show password' button (#10337)
- web: provide a test framework (#9681)
- web: provide better feedback on Application Library page about search results (#9386)
- web: provide default endpoint api configuration (#10319)
- web: replace all occurrences of the theme placeholder (#10749)
- web: replace multi-select with dual-select for all propertyMapping invocations (#9359)
- web: restore hasLaunchUrl to client-side criteria for filtering apps (#10291)
- web: search select with focus, autocomplete, and progressive search (#10728)
- web: set noopener and noreferrer on all external links (#10304)
- web/admin: fix access token list calling wrong API (#10434)
- web/admin: fix authentication/enrollment flow in sources being marked as required (#10911)
- web/admin: fix missing SAML Provider ECDSA options (#10612)
- web/admin: fix selectable card colour in dark theme (#10794)
- web/admin: refactor property mappings forms (#10810)
- web/admin: show matching user reputation scores in user details (#10276)
- web/admin: widen prompt form (#10615)
- web/elements: fix empty enterprise banner (#10882)
- web/flows: clean up loading, syntax and transitions (#10792)
- web/flows: don't grab focus for password input on identification stage (#10593)
- web/flows: remove background image link (#10318)
- web/flows: remove continue button from AutoSubmit stage (#10253)
- web/flows: Simplified flow executor (#10296)
Fixed in 2024.8.1
- core: bump cryptography from 43.0.0 to 43.0.1 (cherry-pick #11185) (#11202)
- core: fix change_user_type always requiring usernames (cherry-pick #11177) (#11178)
- core: fix missing argument name escaping for property mapping (cherry-pick #11231) (#11252)
- internal: fix go paginator not setting page correctly (cherry-pick #11253) (#11255)
- providers/ldap: fix incorrect permission check for search access (cherry-pick #11217) (#11218)
- providers/ldap: fix migration assuming search group is set (cherry-pick #11170) (#11172)
- providers/ldap: rework search_group migration to work with read replicas (cherry-pick #11228) (#11229)
- root: backport s3 storage changes (cherry-pick #11181) (#11183)
- web/admin: fix error in Outpost creation form (cherry-pick #11173) (#11175)
- web/admin: fix misc dual select on different forms (#11203)
- web/admin: fix missing Sync object button SCIM Provider (cherry-pick #11211) (#11213)
- web/admin: improve error handling (cherry-pick #11212) (#11219)
- web/users: show - if device was registered before we started saving the time (cherry-pick #11256) (#11257)
Fixed in 2024.8.2
- core: ensure all providers have correct priority (cherry-pick #11280) (#11281)
- core: ensure proxy provider is correctly looked up (cherry-pick #11267) (#11269)
- core: fix permission check for scoped impersonation (cherry-pick #11315) (#11316)
- enterprise: fix API mixin license validity check (cherry-pick #11331) (#11342)
- enterprise: show specific error if Install ID is invalid in license (cherry-pick #11317) (#11319)
- events: optimise marking events as seen (cherry-pick #11297) (#11299)
- providers/proxy: fix URL path getting lost when partial URL is given to rd= (cherry-pick #11354) (#11355)
- root: fix ensure
outpost_connection_discovery
runs on worker startup (cherry-pick #11260) (#11270) - sources/ldap: fix missing search attribute (cherry-pick #11125) (#11340)
- web: revert lockfile lint, re-add integrity (#11380)
- web/admin: fix notification property mapping forms (cherry-pick #11298) (#11300)
Fixed in 2024.8.3
- events: always use expiry from current tenant for events, not only when creating from HTTP request (cherry-pick #11415) (#11416)
- providers/proxy: fix traefik label generation (cherry-pick #11460) (#11480)
- security: CVE-2024-47070, reported by @efpi-bot from LogicalTrust (cherry-pick #11536) (#11539)
- security: CVE-2024-47077, reported by @quentinmit (cherry-pick #11535) (#11537)
- sources/ldap: fix mapping check, fix debug endpoint (cherry-pick #11442) (#11498)
- sources/ldap: fix ms_ad userAccountControl not checking for lockout (cherry-pick #11532) (#11534)
- web: Fix missing integrity fields in package-lock.json (#11509)
- web/admin: fix Authentication flow being required (cherry-pick #11496) (#11497)
Fixed in 2024.8.4
- blueprints: fix validation error when using internal storage (cherry-pick #11654) (#11656)
- core: fix permission check for scoped impersonation (cherry-pick #11603) (#11650)
- internal: restore /ping behaviour for embedded outpost (cherry-pick #11568) (#11570)
- policies/event_matcher: fix inconsistent behaviour (cherry-pick #11724) (#11726)
- providers/oauth2: don't overwrite attributes when updating service account (cherry-pick #11709) (#11723)
- providers/saml: fix incorrect ds:Reference URI (cherry-pick #11699) (#11701)
- providers/scim: add comparison with existing group on update and delta update users (cherry-pick #11414) (#11796)
- providers/scim: clamp batch size for patch requests (cherry-pick #11797) (#11802)
- providers/scim: handle no members in group in consistency check (cherry-pick #11801) (#11812)
- web/admin: fix invalid create date shown for MFA registered before date was saved (cherry-pick #11728) (#11729)
- web/admin: fix sync single button throwing error (cherry-pick #11727) (#11730)
Fixed in 2024.8.5
- security: fix CVE-2024-52287, reported by @matt1097 (#12114)
- security: fix CVE-2024-52289, reported by @PontusHanssen (#12113)
- security: fix CVE-2024-52307, reported by @mgerstner (#12115)
- web/admin: better footer links (#12004)
- web: bump API Client version (#12118)
Fixed in 2024.8.6
- providers/oauth2: fix migration (cherry-pick #12138) (#12140)
- providers/oauth2: fix redirect uri input (cherry-pick #12122) (#12128)
- providers/proxy: fix redirect_uri (cherry-pick #12121) (#12126)
- web: bump API Client version (cherry-pick #12129) (#12131)
API Changes
What's New
GET
/outposts/ldap/{id}/check_access/
GET
/outposts/radius/{id}/check_access/
GET
/policies/geoip/
POST
/policies/geoip/
GET
/policies/geoip/{policy_uuid}/
PUT
/policies/geoip/{policy_uuid}/
DELETE
/policies/geoip/{policy_uuid}/
PATCH
/policies/geoip/{policy_uuid}/
GET
/policies/geoip/{policy_uuid}/used_by/
GET
/policies/geoip_iso3166/
GET
/propertymappings/provider/rac/
POST
/propertymappings/provider/rac/
GET
/propertymappings/provider/rac/{pm_uuid}/
PUT
/propertymappings/provider/rac/{pm_uuid}/
DELETE
/propertymappings/provider/rac/{pm_uuid}/
PATCH
/propertymappings/provider/rac/{pm_uuid}/
GET
/propertymappings/provider/rac/{pm_uuid}/used_by/
GET
/propertymappings/provider/radius/
POST
/propertymappings/provider/radius/
GET
/propertymappings/provider/radius/{pm_uuid}/
PUT
/propertymappings/provider/radius/{pm_uuid}/
DELETE
/propertymappings/provider/radius/{pm_uuid}/
PATCH
/propertymappings/provider/radius/{pm_uuid}/
GET
/propertymappings/provider/radius/{pm_uuid}/used_by/
GET
/propertymappings/provider/saml/
POST
/propertymappings/provider/saml/
GET
/propertymappings/provider/saml/{pm_uuid}/
PUT
/propertymappings/provider/saml/{pm_uuid}/
DELETE
/propertymappings/provider/saml/{pm_uuid}/
PATCH
/propertymappings/provider/saml/{pm_uuid}/
GET
/propertymappings/provider/saml/{pm_uuid}/used_by/
GET
/propertymappings/provider/scim/
POST
/propertymappings/provider/scim/
GET
/propertymappings/provider/scim/{pm_uuid}/
PUT
/propertymappings/provider/scim/{pm_uuid}/
DELETE
/propertymappings/provider/scim/{pm_uuid}/
PATCH
/propertymappings/provider/scim/{pm_uuid}/
GET
/propertymappings/provider/scim/{pm_uuid}/used_by/
GET
/propertymappings/provider/scope/
POST
/propertymappings/provider/scope/
GET
/propertymappings/provider/scope/{pm_uuid}/
PUT
/propertymappings/provider/scope/{pm_uuid}/
DELETE
/propertymappings/provider/scope/{pm_uuid}/
PATCH
/propertymappings/provider/scope/{pm_uuid}/
GET
/propertymappings/provider/scope/{pm_uuid}/used_by/
GET
/propertymappings/source/ldap/
POST
/propertymappings/source/ldap/
GET
/propertymappings/source/ldap/{pm_uuid}/
PUT
/propertymappings/source/ldap/{pm_uuid}/
DELETE
/propertymappings/source/ldap/{pm_uuid}/
PATCH
/propertymappings/source/ldap/{pm_uuid}/
GET
/propertymappings/source/ldap/{pm_uuid}/used_by/
GET
/propertymappings/source/oauth/
POST
/propertymappings/source/oauth/
GET
/propertymappings/source/oauth/{pm_uuid}/
PUT
/propertymappings/source/oauth/{pm_uuid}/
DELETE
/propertymappings/source/oauth/{pm_uuid}/
PATCH
/propertymappings/source/oauth/{pm_uuid}/
GET
/propertymappings/source/oauth/{pm_uuid}/used_by/
GET
/propertymappings/source/plex/
POST
/propertymappings/source/plex/
GET
/propertymappings/source/plex/{pm_uuid}/
PUT
/propertymappings/source/plex/{pm_uuid}/
DELETE
/propertymappings/source/plex/{pm_uuid}/
PATCH
/propertymappings/source/plex/{pm_uuid}/
GET
/propertymappings/source/plex/{pm_uuid}/used_by/
GET
/propertymappings/source/saml/
POST
/propertymappings/source/saml/
GET
/propertymappings/source/saml/{pm_uuid}/
PUT
/propertymappings/source/saml/{pm_uuid}/
DELETE
/propertymappings/source/saml/{pm_uuid}/
PATCH
/propertymappings/source/saml/{pm_uuid}/
GET
/propertymappings/source/saml/{pm_uuid}/used_by/
GET
/propertymappings/source/scim/
POST
/propertymappings/source/scim/
GET
/propertymappings/source/scim/{pm_uuid}/
PUT
/propertymappings/source/scim/{pm_uuid}/
DELETE
/propertymappings/source/scim/{pm_uuid}/
PATCH
/propertymappings/source/scim/{pm_uuid}/
GET
/propertymappings/source/scim/{pm_uuid}/used_by/
GET
/rbac/permissions/roles/{id}/
PUT
/rbac/permissions/roles/{id}/
DELETE
/rbac/permissions/roles/{id}/
PATCH
/rbac/permissions/roles/{id}/
GET
/rbac/permissions/users/{id}/
PUT
/rbac/permissions/users/{id}/
DELETE
/rbac/permissions/users/{id}/
PATCH
/rbac/permissions/users/{id}/
GET
/sources/group_connections/oauth/
POST
/sources/group_connections/oauth/
GET
/sources/group_connections/oauth/{id}/
PUT
/sources/group_connections/oauth/{id}/
DELETE
/sources/group_connections/oauth/{id}/
PATCH
/sources/group_connections/oauth/{id}/
GET
/sources/group_connections/oauth/{id}/used_by/
GET
/sources/group_connections/plex/
POST
/sources/group_connections/plex/
GET
/sources/group_connections/plex/{id}/
PUT
/sources/group_connections/plex/{id}/
DELETE
/sources/group_connections/plex/{id}/
PATCH
/sources/group_connections/plex/{id}/
GET
/sources/group_connections/plex/{id}/used_by/
GET
/sources/group_connections/saml/
GET
/sources/group_connections/saml/{id}/
PUT
/sources/group_connections/saml/{id}/
DELETE
/sources/group_connections/saml/{id}/
PATCH
/sources/group_connections/saml/{id}/
GET
/sources/group_connections/saml/{id}/used_by/
What's Deleted
GET
/outposts/ldap/{id}/
GET
/outposts/proxy/{id}/
GET
/outposts/radius/{id}/
GET
/propertymappings/ldap/
POST
/propertymappings/ldap/
GET
/propertymappings/ldap/{pm_uuid}/
PUT
/propertymappings/ldap/{pm_uuid}/
DELETE
/propertymappings/ldap/{pm_uuid}/
PATCH
/propertymappings/ldap/{pm_uuid}/
GET
/propertymappings/ldap/{pm_uuid}/used_by/
GET
/propertymappings/rac/
POST
/propertymappings/rac/
GET
/propertymappings/rac/{pm_uuid}/
PUT
/propertymappings/rac/{pm_uuid}/
DELETE
/propertymappings/rac/{pm_uuid}/
PATCH
/propertymappings/rac/{pm_uuid}/
GET
/propertymappings/rac/{pm_uuid}/used_by/
GET
/propertymappings/saml/
POST
/propertymappings/saml/
GET
/propertymappings/saml/{pm_uuid}/
PUT
/propertymappings/saml/{pm_uuid}/
DELETE
/propertymappings/saml/{pm_uuid}/
PATCH
/propertymappings/saml/{pm_uuid}/
GET
/propertymappings/saml/{pm_uuid}/used_by/
GET
/propertymappings/scim/
POST
/propertymappings/scim/
GET
/propertymappings/scim/{pm_uuid}/
PUT
/propertymappings/scim/{pm_uuid}/
DELETE
/propertymappings/scim/{pm_uuid}/
PATCH
/propertymappings/scim/{pm_uuid}/
GET
/propertymappings/scim/{pm_uuid}/used_by/
GET
/propertymappings/scope/
POST
/propertymappings/scope/
GET
/propertymappings/scope/{pm_uuid}/
PUT
/propertymappings/scope/{pm_uuid}/
DELETE
/propertymappings/scope/{pm_uuid}/
PATCH
/propertymappings/scope/{pm_uuid}/
GET
/propertymappings/scope/{pm_uuid}/used_by/
What's Changed
GET
/admin/version/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
New required properties:
outpost_outdated
- Added property
outpost_outdated
(boolean)Check if any outpost is outdated/has a version mismatch
GET
/authenticators/admin/all/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
Changed items (object): > Serializer for Duo authenticator devices
New required properties:
created
last_updated
last_used
-
Added property
created
(string) -
Added property
last_updated
(string) -
Added property
last_used
(string)
GET
/authenticators/all/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
Changed items (object): > Serializer for Duo authenticator devices
New required properties:
created
last_updated
last_used
-
Added property
created
(string) -
Added property
last_updated
(string) -
Added property
last_used
(string)
GET
/core/brands/{brand_uuid}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
- Added property
default_application
(string)When set, external users will be redirected to this application after authenticating.
- Added property
PUT
/core/brands/{brand_uuid}/
Request:
Changed content type : application/json
- Added property
default_application
(string)When set, external users will be redirected to this application after authenticating.
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
- Added property
default_application
(string)When set, external users will be redirected to this application after authenticating.
- Added property
PATCH
/core/brands/{brand_uuid}/
Request:
Changed content type : application/json
- Added property
default_application
(string)When set, external users will be redirected to this application after authenticating.
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
- Added property
default_application
(string)When set, external users will be redirected to this application after authenticating.
- Added property
GET
/enterprise/license/summary/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
New required properties:
license_flags
status
New optional properties:
has_license
read_only
show_admin_warning
show_user_warning
valid
-
Added property
status
(string)Enum values:
unlicensed
valid
expired
expiry_soon
limit_exceeded_admin
limit_exceeded_user
read_only
-
Added property
license_flags
(array)Items (string):
Enum values:
trial
non_production
-
Deleted property
valid
(boolean) -
Deleted property
show_admin_warning
(boolean) -
Deleted property
show_user_warning
(boolean) -
Deleted property
read_only
(boolean) -
Deleted property
has_license
(boolean)
GET
/policies/event_matcher/{policy_uuid}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
app
(string)Match events created by selected application. When left empty, all applications are matched.
Added enum value:
authentik.policies.geoip
-
Changed property
model
(string)Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched.
Added enum values:
-
authentik_policies_geoip.geoippolicy
-
authentik_providers_radius.radiusproviderpropertymapping
-
authentik_sources_ldap.ldapsourcepropertymapping
-
authentik_sources_oauth.oauthsourcepropertymapping
-
authentik_sources_oauth.groupoauthsourceconnection
-
authentik_sources_plex.plexsourcepropertymapping
-
authentik_sources_plex.userplexsourceconnection
-
authentik_sources_plex.groupplexsourceconnection
-
authentik_sources_saml.samlsourcepropertymapping
-
authentik_sources_saml.groupsamlsourceconnection
-
authentik_sources_scim.scimsourcepropertymapping
Removed enum values: -
authentik_sources_ldap.ldappropertymapping
-
authentik_sources_plex.plexsourceconnection
-
-
PUT
/policies/event_matcher/{policy_uuid}/
Request:
Changed content type : application/json
-
Changed property
app
(string)Match events created by selected application. When left empty, all applications are matched.
Added enum value:
authentik.policies.geoip
-
Changed property
model
(string)Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched.
Added enum values:
-
authentik_policies_geoip.geoippolicy
-
authentik_providers_radius.radiusproviderpropertymapping
-
authentik_sources_ldap.ldapsourcepropertymapping
-
authentik_sources_oauth.oauthsourcepropertymapping
-
authentik_sources_oauth.groupoauthsourceconnection
-
authentik_sources_plex.plexsourcepropertymapping
-
authentik_sources_plex.userplexsourceconnection
-
authentik_sources_plex.groupplexsourceconnection
-
authentik_sources_saml.samlsourcepropertymapping
-
authentik_sources_saml.groupsamlsourceconnection
-
authentik_sources_scim.scimsourcepropertymapping
Removed enum values: -
authentik_sources_ldap.ldappropertymapping
-
authentik_sources_plex.plexsourceconnection
-
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
app
(string)Match events created by selected application. When left empty, all applications are matched.
Added enum value:
authentik.policies.geoip
-
Changed property
model
(string)Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched.
Added enum values:
-
authentik_policies_geoip.geoippolicy
-
authentik_providers_radius.radiusproviderpropertymapping
-
authentik_sources_ldap.ldapsourcepropertymapping
-
authentik_sources_oauth.oauthsourcepropertymapping
-
authentik_sources_oauth.groupoauthsourceconnection
-
authentik_sources_plex.plexsourcepropertymapping
-
authentik_sources_plex.userplexsourceconnection
-
authentik_sources_plex.groupplexsourceconnection
-
authentik_sources_saml.samlsourcepropertymapping
-
authentik_sources_saml.groupsamlsourceconnection
-
authentik_sources_scim.scimsourcepropertymapping
Removed enum values: -
authentik_sources_ldap.ldappropertymapping
-
authentik_sources_plex.plexsourceconnection
-
-
PATCH
/policies/event_matcher/{policy_uuid}/
Request:
Changed content type : application/json
-
Changed property
app
(string)Match events created by selected application. When left empty, all applications are matched.
Added enum value:
authentik.policies.geoip
-
Changed property
model
(string)Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched.
Added enum values:
-
authentik_policies_geoip.geoippolicy
-
authentik_providers_radius.radiusproviderpropertymapping
-
authentik_sources_ldap.ldapsourcepropertymapping
-
authentik_sources_oauth.oauthsourcepropertymapping
-
authentik_sources_oauth.groupoauthsourceconnection
-
authentik_sources_plex.plexsourcepropertymapping
-
authentik_sources_plex.userplexsourceconnection
-
authentik_sources_plex.groupplexsourceconnection
-
authentik_sources_saml.samlsourcepropertymapping
-
authentik_sources_saml.groupsamlsourceconnection
-
authentik_sources_scim.scimsourcepropertymapping
Removed enum values: -
authentik_sources_ldap.ldappropertymapping
-
authentik_sources_plex.plexsourceconnection
-
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
app
(string)Match events created by selected application. When left empty, all applications are matched.
Added enum value:
authentik.policies.geoip
-
Changed property
model
(string)Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched.
Added enum values:
-
authentik_policies_geoip.geoippolicy
-
authentik_providers_radius.radiusproviderpropertymapping
-
authentik_sources_ldap.ldapsourcepropertymapping
-
authentik_sources_oauth.oauthsourcepropertymapping
-
authentik_sources_oauth.groupoauthsourceconnection
-
authentik_sources_plex.plexsourcepropertymapping
-
authentik_sources_plex.userplexsourceconnection
-
authentik_sources_plex.groupplexsourceconnection
-
authentik_sources_saml.samlsourcepropertymapping
-
authentik_sources_saml.groupsamlsourceconnection
-
authentik_sources_scim.scimsourcepropertymapping
Removed enum values: -
authentik_sources_ldap.ldappropertymapping
-
authentik_sources_plex.plexsourceconnection
-
-
GET
/providers/google_workspace_groups/{id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
group_obj
(object)Simplified Group Serializer for user's groups
- Changed property
name
(string)
- Changed property
-
GET
/providers/microsoft_entra_groups/{id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
group_obj
(object)Simplified Group Serializer for user's groups
- Changed property
name
(string)
- Changed property
-
GET
/providers/scim_groups/{id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
group_obj
(object)Simplified Group Serializer for user's groups
- Changed property
name
(string)
- Changed property
-
GET
/sources/scim_groups/{id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
group_obj
(object)Simplified Group Serializer for user's groups
- Changed property
name
(string)
- Changed property
-
PUT
/sources/scim_groups/{id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
group_obj
(object)Simplified Group Serializer for user's groups
- Changed property
name
(string)
- Changed property
-
PATCH
/sources/scim_groups/{id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
group_obj
(object)Simplified Group Serializer for user's groups
- Changed property
name
(string)
- Changed property
-
POST
/core/brands/
Request:
Changed content type : application/json
- Added property
default_application
(string)When set, external users will be redirected to this application after authenticating.
Return Type:
Changed response : 201 Created
-
Changed content type :
application/json
- Added property
default_application
(string)When set, external users will be redirected to this application after authenticating.
- Added property
GET
/core/brands/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > Brand Serializer
- Added property
default_application
(string)When set, external users will be redirected to this application after authenticating.
- Added property
-
GET
/core/groups/{group_uuid}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
- Changed property
name
(string)
- Changed property
PUT
/core/groups/{group_uuid}/
Request:
Changed content type : application/json
- Changed property
name
(string)
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
- Changed property
name
(string)
- Changed property
PATCH
/core/groups/{group_uuid}/
Request:
Changed content type : application/json
- Changed property
name
(string)
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
- Changed property
name
(string)
- Changed property
GET
/core/tokens/{identifier}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
user_obj
(object)User Serializer
-
Changed property
groups_obj
(array)Changed items (object): > Simplified Group Serializer for user's groups
- Changed property
name
(string)
- Changed property
-
-
PUT
/core/tokens/{identifier}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
user_obj
(object)User Serializer
-
Changed property
groups_obj
(array)Changed items (object): > Simplified Group Serializer for user's groups
- Changed property
name
(string)
- Changed property
-
-
PATCH
/core/tokens/{identifier}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
user_obj
(object)User Serializer
-
Changed property
groups_obj
(array)Changed items (object): > Simplified Group Serializer for user's groups
- Changed property
name
(string)
- Changed property
-
-
GET
/core/users/{id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
groups_obj
(array)Changed items (object): > Simplified Group Serializer for user's groups
- Changed property
name
(string)
- Changed property
-
PUT
/core/users/{id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
groups_obj
(array)Changed items (object): > Simplified Group Serializer for user's groups
- Changed property
name
(string)
- Changed property
-
PATCH
/core/users/{id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
groups_obj
(array)Changed items (object): > Simplified Group Serializer for user's groups
- Changed property
name
(string)
- Changed property
-
GET
/events/rules/{pbm_uuid}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
group_obj
(object)Group Serializer
- Changed property
name
(string)
- Changed property
-
PUT
/events/rules/{pbm_uuid}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
group_obj
(object)Group Serializer
- Changed property
name
(string)
- Changed property
-
PATCH
/events/rules/{pbm_uuid}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
group_obj
(object)Group Serializer
- Changed property
name
(string)
- Changed property
-
GET
/policies/bindings/{policy_binding_uuid}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
group_obj
(object)Group Serializer
- Changed property
name
(string)
- Changed property
-
Changed property
user_obj
(object)User Serializer
-
Changed property
groups_obj
(array)Changed items (object): > Simplified Group Serializer for user's groups
- Changed property
name
(string)
- Changed property
-
-
PUT
/policies/bindings/{policy_binding_uuid}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
group_obj
(object)Group Serializer
- Changed property
name
(string)
- Changed property
-
Changed property
user_obj
(object)User Serializer
-
Changed property
groups_obj
(array)Changed items (object): > Simplified Group Serializer for user's groups
- Changed property
name
(string)
- Changed property
-
-
PATCH
/policies/bindings/{policy_binding_uuid}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
group_obj
(object)Group Serializer
- Changed property
name
(string)
- Changed property
-
Changed property
user_obj
(object)User Serializer
-
Changed property
groups_obj
(array)Changed items (object): > Simplified Group Serializer for user's groups
- Changed property
name
(string)
- Changed property
-
-
POST
/policies/event_matcher/
Request:
Changed content type : application/json
-
Changed property
app
(string)Match events created by selected application. When left empty, all applications are matched.
Added enum value:
authentik.policies.geoip
-
Changed property
model
(string)Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched.
Added enum values:
-
authentik_policies_geoip.geoippolicy
-
authentik_providers_radius.radiusproviderpropertymapping
-
authentik_sources_ldap.ldapsourcepropertymapping
-
authentik_sources_oauth.oauthsourcepropertymapping
-
authentik_sources_oauth.groupoauthsourceconnection
-
authentik_sources_plex.plexsourcepropertymapping
-
authentik_sources_plex.userplexsourceconnection
-
authentik_sources_plex.groupplexsourceconnection
-
authentik_sources_saml.samlsourcepropertymapping
-
authentik_sources_saml.groupsamlsourceconnection
-
authentik_sources_scim.scimsourcepropertymapping
Removed enum values: -
authentik_sources_ldap.ldappropertymapping
-
authentik_sources_plex.plexsourceconnection
-
Return Type:
Changed response : 201 Created
-
Changed content type :
application/json
-
Changed property
app
(string)Match events created by selected application. When left empty, all applications are matched.
Added enum value:
authentik.policies.geoip
-
Changed property
model
(string)Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched.
Added enum values:
-
authentik_policies_geoip.geoippolicy
-
authentik_providers_radius.radiusproviderpropertymapping
-
authentik_sources_ldap.ldapsourcepropertymapping
-
authentik_sources_oauth.oauthsourcepropertymapping
-
authentik_sources_oauth.groupoauthsourceconnection
-
authentik_sources_plex.plexsourcepropertymapping
-
authentik_sources_plex.userplexsourceconnection
-
authentik_sources_plex.groupplexsourceconnection
-
authentik_sources_saml.samlsourcepropertymapping
-
authentik_sources_saml.groupsamlsourceconnection
-
authentik_sources_scim.scimsourcepropertymapping
Removed enum values: -
authentik_sources_ldap.ldappropertymapping
-
authentik_sources_plex.plexsourceconnection
-
-
GET
/policies/event_matcher/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > Event Matcher Policy Serializer
-
Changed property
app
(string)Match events created by selected application. When left empty, all applications are matched.
Added enum value:
authentik.policies.geoip
-
Changed property
model
(string)Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched.
Added enum values:
-
authentik_policies_geoip.geoippolicy
-
authentik_providers_radius.radiusproviderpropertymapping
-
authentik_sources_ldap.ldapsourcepropertymapping
-
authentik_sources_oauth.oauthsourcepropertymapping
-
authentik_sources_oauth.groupoauthsourceconnection
-
authentik_sources_plex.plexsourcepropertymapping
-
authentik_sources_plex.userplexsourceconnection
-
authentik_sources_plex.groupplexsourceconnection
-
authentik_sources_saml.samlsourcepropertymapping
-
authentik_sources_saml.groupsamlsourceconnection
-
authentik_sources_scim.scimsourcepropertymapping
Removed enum values: -
authentik_sources_ldap.ldappropertymapping
-
authentik_sources_plex.plexsourceconnection
-
-
-
GET
/propertymappings/all/
Parameters:
Added: managed
in query
Added: name
in query
POST
/providers/google_workspace_groups/
Return Type:
Changed response : 201 Created
-
Changed content type :
application/json
-
Changed property
group_obj
(object)Simplified Group Serializer for user's groups
- Changed property
name
(string)
- Changed property
-
GET
/providers/google_workspace_groups/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > GoogleWorkspaceProviderGroup Serializer
-
Changed property
group_obj
(object)Simplified Group Serializer for user's groups
- Changed property
name
(string)
- Changed property
-
-
GET
/providers/ldap/{id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
- Deleted property
search_group
(string)Users in this group can do search queries. If not set, every user can execute search queries.
- Deleted property
PUT
/providers/ldap/{id}/
Request:
Changed content type : application/json
- Deleted property
search_group
(string)Users in this group can do search queries. If not set, every user can execute search queries.
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
- Deleted property
search_group
(string)Users in this group can do search queries. If not set, every user can execute search queries.
- Deleted property
PATCH
/providers/ldap/{id}/
Request:
Changed content type : application/json
- Deleted property
search_group
(string)Users in this group can do search queries. If not set, every user can execute search queries.
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
- Deleted property
search_group
(string)Users in this group can do search queries. If not set, every user can execute search queries.
- Deleted property
POST
/providers/microsoft_entra_groups/
Return Type:
Changed response : 201 Created
-
Changed content type :
application/json
-
Changed property
group_obj
(object)Simplified Group Serializer for user's groups
- Changed property
name
(string)
- Changed property
-
GET
/providers/microsoft_entra_groups/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > MicrosoftEntraProviderGroup Serializer
-
Changed property
group_obj
(object)Simplified Group Serializer for user's groups
- Changed property
name
(string)
- Changed property
-
-
GET
/providers/saml/{id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Added property
encryption_kp
(string)When selected, incoming assertions are encrypted by the IdP using the public key of the encryption keypair. The assertion is decrypted by the SP using the the private key.
-
Added property
sign_assertion
(boolean) -
Added property
sign_response
(boolean)
-
PUT
/providers/saml/{id}/
Request:
Changed content type : application/json
-
Added property
encryption_kp
(string)When selected, incoming assertions are encrypted by the IdP using the public key of the encryption keypair. The assertion is decrypted by the SP using the the private key.
-
Added property
sign_assertion
(boolean) -
Added property
sign_response
(boolean)
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Added property
encryption_kp
(string)When selected, incoming assertions are encrypted by the IdP using the public key of the encryption keypair. The assertion is decrypted by the SP using the the private key.
-
Added property
sign_assertion
(boolean) -
Added property
sign_response
(boolean)
-
PATCH
/providers/saml/{id}/
Request:
Changed content type : application/json
-
Added property
encryption_kp
(string)When selected, incoming assertions are encrypted by the IdP using the public key of the encryption keypair. The assertion is decrypted by the SP using the the private key.
-
Added property
sign_assertion
(boolean) -
Added property
sign_response
(boolean)
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Added property
encryption_kp
(string)When selected, incoming assertions are encrypted by the IdP using the public key of the encryption keypair. The assertion is decrypted by the SP using the the private key.
-
Added property
sign_assertion
(boolean) -
Added property
sign_response
(boolean)
-
POST
/providers/scim_groups/
Return Type:
Changed response : 201 Created
-
Changed content type :
application/json
-
Changed property
group_obj
(object)Simplified Group Serializer for user's groups
- Changed property
name
(string)
- Changed property
-
GET
/providers/scim_groups/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > SCIMProviderGroup Serializer
-
Changed property
group_obj
(object)Simplified Group Serializer for user's groups
- Changed property
name
(string)
- Changed property
-
-
POST
/rbac/permissions/assigned_by_roles/{uuid}/assign/
Request:
Changed content type : application/json
-
Changed property
model
(string)Added enum values:
-
authentik_policies_geoip.geoippolicy
-
authentik_providers_radius.radiusproviderpropertymapping
-
authentik_sources_ldap.ldapsourcepropertymapping
-
authentik_sources_oauth.oauthsourcepropertymapping
-
authentik_sources_oauth.groupoauthsourceconnection
-
authentik_sources_plex.plexsourcepropertymapping
-
authentik_sources_plex.userplexsourceconnection
-
authentik_sources_plex.groupplexsourceconnection
-
authentik_sources_saml.samlsourcepropertymapping
-
authentik_sources_saml.groupsamlsourceconnection
-
authentik_sources_scim.scimsourcepropertymapping
Removed enum values: -
authentik_sources_ldap.ldappropertymapping
-
authentik_sources_plex.plexsourceconnection
-
Return Type:
New response : 200 OK Deleted response : 204 No Content
Successfully assigned
PATCH
/rbac/permissions/assigned_by_roles/{uuid}/unassign/
Request:
Changed content type : application/json
-
Changed property
model
(string)Added enum values:
-
authentik_policies_geoip.geoippolicy
-
authentik_providers_radius.radiusproviderpropertymapping
-
authentik_sources_ldap.ldapsourcepropertymapping
-
authentik_sources_oauth.oauthsourcepropertymapping
-
authentik_sources_oauth.groupoauthsourceconnection
-
authentik_sources_plex.plexsourcepropertymapping
-
authentik_sources_plex.userplexsourceconnection
-
authentik_sources_plex.groupplexsourceconnection
-
authentik_sources_saml.samlsourcepropertymapping
-
authentik_sources_saml.groupsamlsourceconnection
-
authentik_sources_scim.scimsourcepropertymapping
Removed enum values: -
authentik_sources_ldap.ldappropertymapping
-
authentik_sources_plex.plexsourceconnection
-
POST
/rbac/permissions/assigned_by_users/{id}/assign/
Request:
Changed content type : application/json
-
Changed property
model
(string)Added enum values:
-
authentik_policies_geoip.geoippolicy
-
authentik_providers_radius.radiusproviderpropertymapping
-
authentik_sources_ldap.ldapsourcepropertymapping
-
authentik_sources_oauth.oauthsourcepropertymapping
-
authentik_sources_oauth.groupoauthsourceconnection
-
authentik_sources_plex.plexsourcepropertymapping
-
authentik_sources_plex.userplexsourceconnection
-
authentik_sources_plex.groupplexsourceconnection
-
authentik_sources_saml.samlsourcepropertymapping
-
authentik_sources_saml.groupsamlsourceconnection
-
authentik_sources_scim.scimsourcepropertymapping
Removed enum values: -
authentik_sources_ldap.ldappropertymapping
-
authentik_sources_plex.plexsourceconnection
-
Return Type:
New response : 200 OK Deleted response : 204 No Content
Successfully assigned
PATCH
/rbac/permissions/assigned_by_users/{id}/unassign/
Request:
Changed content type : application/json
-
Changed property
model
(string)Added enum values:
-
authentik_policies_geoip.geoippolicy
-
authentik_providers_radius.radiusproviderpropertymapping
-
authentik_sources_ldap.ldapsourcepropertymapping
-
authentik_sources_oauth.oauthsourcepropertymapping
-
authentik_sources_oauth.groupoauthsourceconnection
-
authentik_sources_plex.plexsourcepropertymapping
-
authentik_sources_plex.userplexsourceconnection
-
authentik_sources_plex.groupplexsourceconnection
-
authentik_sources_saml.samlsourcepropertymapping
-
authentik_sources_saml.groupsamlsourceconnection
-
authentik_sources_scim.scimsourcepropertymapping
Removed enum values: -
authentik_sources_ldap.ldappropertymapping
-
authentik_sources_plex.plexsourceconnection
-
GET
/rbac/permissions/roles/
Parameters:
Changed: uuid
in query
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > User permission with additional object-related data
- Changed property
object_pk
(string)
- Changed property
-
GET
/rbac/permissions/users/
Parameters:
Changed: user_id
in query
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > User permission with additional object-related data
- Changed property
object_pk
(string)
- Changed property
-
GET
/sources/all/{slug}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Added property
user_property_mappings
(array)Items (string):
-
Added property
group_property_mappings
(array)
-
GET
/sources/ldap/{slug}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Added property
user_property_mappings
(array) -
Added property
group_property_mappings
(array) -
Deleted property
property_mappings
(array) -
Deleted property
property_mappings_group
(array)Property mappings used for group creation/updating.
-
PUT
/sources/ldap/{slug}/
Request:
Changed content type : application/json
-
Added property
user_property_mappings
(array) -
Added property
group_property_mappings
(array) -
Deleted property
property_mappings
(array) -
Deleted property
property_mappings_group
(array)Property mappings used for group creation/updating.
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Added property
user_property_mappings
(array) -
Added property
group_property_mappings
(array) -
Deleted property
property_mappings
(array) -
Deleted property
property_mappings_group
(array)Property mappings used for group creation/updating.
-
PATCH
/sources/ldap/{slug}/
Request:
Changed content type : application/json
-
Added property
user_property_mappings
(array) -
Added property
group_property_mappings
(array) -
Deleted property
property_mappings
(array) -
Deleted property
property_mappings_group
(array)Property mappings used for group creation/updating.
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Added property
user_property_mappings
(array) -
Added property
group_property_mappings
(array) -
Deleted property
property_mappings
(array) -
Deleted property
property_mappings_group
(array)Property mappings used for group creation/updating.
-
GET
/sources/oauth/{slug}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Added property
user_property_mappings
(array) -
Added property
group_property_mappings
(array) -
Added property
group_matching_mode
(object)How the source determines if an existing group should be used or a new group created.
Enum values:
identifier
name_link
name_deny
-
PUT
/sources/oauth/{slug}/
Request:
Changed content type : application/json
-
Added property
user_property_mappings
(array) -
Added property
group_property_mappings
(array) -
Added property
group_matching_mode
(object)How the source determines if an existing group should be used or a new group created.
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Added property
user_property_mappings
(array) -
Added property
group_property_mappings
(array) -
Added property
group_matching_mode
(object)How the source determines if an existing group should be used or a new group created.
-
PATCH
/sources/oauth/{slug}/
Request:
Changed content type : application/json
-
Added property
user_property_mappings
(array) -
Added property
group_property_mappings
(array) -
Added property
group_matching_mode
(object)How the source determines if an existing group should be used or a new group created.
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Added property
user_property_mappings
(array) -
Added property
group_property_mappings
(array) -
Added property
group_matching_mode
(object)How the source determines if an existing group should be used or a new group created.
-
GET
/sources/plex/{slug}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Added property
user_property_mappings
(array) -
Added property
group_property_mappings
(array) -
Added property
group_matching_mode
(object)How the source determines if an existing group should be used or a new group created.
-
PUT
/sources/plex/{slug}/
Request:
Changed content type : application/json
-
Added property
user_property_mappings
(array) -
Added property
group_property_mappings
(array) -
Added property
group_matching_mode
(object)How the source determines if an existing group should be used or a new group created.
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Added property
user_property_mappings
(array) -
Added property
group_property_mappings
(array) -
Added property
group_matching_mode
(object)How the source determines if an existing group should be used or a new group created.
-
PATCH
/sources/plex/{slug}/
Request:
Changed content type : application/json
-
Added property
user_property_mappings
(array) -
Added property
group_property_mappings
(array) -
Added property
group_matching_mode
(object)How the source determines if an existing group should be used or a new group created.
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Added property
user_property_mappings
(array) -
Added property
group_property_mappings
(array) -
Added property
group_matching_mode
(object)How the source determines if an existing group should be used or a new group created.
-
GET
/sources/saml/{slug}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Added property
user_property_mappings
(array) -
Added property
group_property_mappings
(array) -
Added property
group_matching_mode
(object)How the source determines if an existing group should be used or a new group created.
-
Added property
encryption_kp
(string)When selected, incoming assertions are encrypted by the IdP using the public key of the encryption keypair. The assertion is decrypted by the SP using the the private key.
-
PUT
/sources/saml/{slug}/
Request:
Changed content type : application/json
-
Added property
user_property_mappings
(array) -
Added property
group_property_mappings
(array) -
Added property
group_matching_mode
(object)How the source determines if an existing group should be used or a new group created.
-
Added property
encryption_kp
(string)When selected, incoming assertions are encrypted by the IdP using the public key of the encryption keypair. The assertion is decrypted by the SP using the the private key.
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Added property
user_property_mappings
(array) -
Added property
group_property_mappings
(array) -
Added property
group_matching_mode
(object)How the source determines if an existing group should be used or a new group created.
-
Added property
encryption_kp
(string)When selected, incoming assertions are encrypted by the IdP using the public key of the encryption keypair. The assertion is decrypted by the SP using the the private key.
-
PATCH
/sources/saml/{slug}/
Request:
Changed content type : application/json
-
Added property
user_property_mappings
(array) -
Added property
group_property_mappings
(array) -
Added property
group_matching_mode
(object)How the source determines if an existing group should be used or a new group created.
-
Added property
encryption_kp
(string)When selected, incoming assertions are encrypted by the IdP using the public key of the encryption keypair. The assertion is decrypted by the SP using the the private key.
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Added property
user_property_mappings
(array) -
Added property
group_property_mappings
(array) -
Added property
group_matching_mode
(object)How the source determines if an existing group should be used or a new group created.
-
Added property
encryption_kp
(string)When selected, incoming assertions are encrypted by the IdP using the public key of the encryption keypair. The assertion is decrypted by the SP using the the private key.
-
GET
/sources/scim/{slug}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Added property
user_property_mappings
(array) -
Added property
group_property_mappings
(array) -
Deleted property
user_matching_mode
(object)How the source determines if an existing user should be authenticated or a new user enrolled.
-
Changed property
token_obj
(object)Token Serializer
-
Changed property
user_obj
(object)User Serializer
-
Changed property
groups_obj
(array)Changed items (object): > Simplified Group Serializer for user's groups
- Changed property
name
(string)
- Changed property
-
-
-
PUT
/sources/scim/{slug}/
Request:
Changed content type : application/json
-
Added property
user_property_mappings
(array) -
Added property
group_property_mappings
(array) -
Deleted property
user_matching_mode
(object)How the source determines if an existing user should be authenticated or a new user enrolled.
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Added property
user_property_mappings
(array) -
Added property
group_property_mappings
(array) -
Deleted property
user_matching_mode
(object)How the source determines if an existing user should be authenticated or a new user enrolled.
-
Changed property
token_obj
(object)Token Serializer
-
Changed property
user_obj
(object)User Serializer
-
Changed property
groups_obj
(array)Changed items (object): > Simplified Group Serializer for user's groups
- Changed property
name
(string)
- Changed property
-
-
-
PATCH
/sources/scim/{slug}/
Request:
Changed content type : application/json
-
Added property
user_property_mappings
(array) -
Added property
group_property_mappings
(array) -
Deleted property
user_matching_mode
(object)How the source determines if an existing user should be authenticated or a new user enrolled.
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Added property
user_property_mappings
(array) -
Added property
group_property_mappings
(array) -
Deleted property
user_matching_mode
(object)How the source determines if an existing user should be authenticated or a new user enrolled.
-
Changed property
token_obj
(object)Token Serializer
-
Changed property
user_obj
(object)User Serializer
-
Changed property
groups_obj
(array)Changed items (object): > Simplified Group Serializer for user's groups
- Changed property
name
(string)
- Changed property
-
-
-
POST
/sources/scim_groups/
Return Type:
Changed response : 201 Created
-
Changed content type :
application/json
-
Changed property
group_obj
(object)Simplified Group Serializer for user's groups
- Changed property
name
(string)
- Changed property
-
GET
/sources/scim_groups/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > SCIMSourceGroup Serializer
-
Changed property
group_obj
(object)Simplified Group Serializer for user's groups
- Changed property
name
(string)
- Changed property
-
-
GET
/sources/user_connections/all/{id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
source
(object)Source Serializer
-
Added property
user_property_mappings
(array) -
Added property
group_property_mappings
(array)
-
-
PUT
/sources/user_connections/all/{id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
source
(object)Source Serializer
-
Added property
user_property_mappings
(array) -
Added property
group_property_mappings
(array)
-
-
PATCH
/sources/user_connections/all/{id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
source
(object)Source Serializer
-
Added property
user_property_mappings
(array) -
Added property
group_property_mappings
(array)
-
-
GET
/sources/user_connections/oauth/{id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
New required properties:
created
-
Added property
created
(string) -
Changed property
user
(integer) -
Changed property
source
(object)Source Serializer
-
Added property
user_property_mappings
(array) -
Added property
group_property_mappings
(array)
-
PUT
/sources/user_connections/oauth/{id}/
Request:
Changed content type : application/json
New optional properties:
user
- Deleted property
user
(integer)
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
New required properties:
created
-
Added property
created
(string) -
Changed property
user
(integer) -
Changed property
source
(object)Source Serializer
-
Added property
user_property_mappings
(array) -
Added property
group_property_mappings
(array)
-
PATCH
/sources/user_connections/oauth/{id}/
Request:
Changed content type : application/json
- Deleted property
user
(integer)
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
New required properties:
created
-
Added property
created
(string) -
Changed property
user
(integer) -
Changed property
source
(object)Source Serializer
-
Added property
user_property_mappings
(array) -
Added property
group_property_mappings
(array)
-
GET
/sources/user_connections/plex/{id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
New required properties:
created
New optional properties:
plex_token
-
Added property
created
(string) -
Deleted property
plex_token
(string) -
Changed property
source
(object)Source Serializer
-
Added property
user_property_mappings
(array) -
Added property
group_property_mappings
(array)
-
PUT
/sources/user_connections/plex/{id}/
Request:
Changed content type : application/json
- Changed property
plex_token
(string)
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
New required properties:
created
New optional properties:
plex_token
-
Added property
created
(string) -
Deleted property
plex_token
(string) -
Changed property
source
(object)Source Serializer
-
Added property
user_property_mappings
(array) -
Added property
group_property_mappings
(array)
-
PATCH
/sources/user_connections/plex/{id}/
Request:
Changed content type : application/json
- Changed property
plex_token
(string)
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
New required properties:
created
New optional properties:
plex_token
-
Added property
created
(string) -
Deleted property
plex_token
(string) -
Changed property
source
(object)Source Serializer
-
Added property
user_property_mappings
(array) -
Added property
group_property_mappings
(array)
-
GET
/sources/user_connections/saml/{id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
New required properties:
created
-
Added property
created
(string) -
Changed property
user
(integer) -
Changed property
source
(object)Source Serializer
-
Added property
user_property_mappings
(array) -
Added property
group_property_mappings
(array)
-
PUT
/sources/user_connections/saml/{id}/
Request:
Changed content type : application/json
New optional properties:
user
- Deleted property
user
(integer)
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
New required properties:
created
-
Added property
created
(string) -
Changed property
user
(integer) -
Changed property
source
(object)Source Serializer
-
Added property
user_property_mappings
(array) -
Added property
group_property_mappings
(array)
-
PATCH
/sources/user_connections/saml/{id}/
Request:
Changed content type : application/json
- Deleted property
user
(integer)
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
New required properties:
created
-
Added property
created
(string) -
Changed property
user
(integer) -
Changed property
source
(object)Source Serializer
-
Added property
user_property_mappings
(array) -
Added property
group_property_mappings
(array)
-
GET
/core/applications/
Parameters:
Added: only_with_launch_url
in query
POST
/core/groups/
Request:
Changed content type : application/json
- Changed property
name
(string)
Return Type:
Changed response : 201 Created
-
Changed content type :
application/json
- Changed property
name
(string)
- Changed property
GET
/core/groups/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > Group Serializer
- Changed property
name
(string)
- Changed property
-
POST
/core/tokens/
Return Type:
Changed response : 201 Created
-
Changed content type :
application/json
-
Changed property
user_obj
(object)User Serializer
-
Changed property
groups_obj
(array)Changed items (object): > Simplified Group Serializer for user's groups
- Changed property
name
(string)
- Changed property
-
-
GET
/core/tokens/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > Token Serializer
-
Changed property
user_obj
(object)User Serializer
-
Changed property
groups_obj
(array)Changed items (object): > Simplified Group Serializer for user's groups
- Changed property
name
(string)
- Changed property
-
-
-
GET
/core/user_consent/{id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
user
(object)User Serializer
-
Changed property
groups_obj
(array)Changed items (object): > Simplified Group Serializer for user's groups
- Changed property
name
(string)
- Changed property
-
-
POST
/core/users/
Return Type:
Changed response : 201 Created
-
Changed content type :
application/json
-
Changed property
groups_obj
(array)Changed items (object): > Simplified Group Serializer for user's groups
- Changed property
name
(string)
- Changed property
-
GET
/core/users/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > User Serializer
-
Changed property
groups_obj
(array)Changed items (object): > Simplified Group Serializer for user's groups
- Changed property
name
(string)
- Changed property
-
-
POST
/events/rules/
Return Type:
Changed response : 201 Created
-
Changed content type :
application/json
-
Changed property
group_obj
(object)Group Serializer
- Changed property
name
(string)
- Changed property
-
GET
/events/rules/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > NotificationRule Serializer
-
Changed property
group_obj
(object)Group Serializer
- Changed property
name
(string)
- Changed property
-
-
GET
/oauth2/access_tokens/{id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
user
(object)User Serializer
-
Changed property
groups_obj
(array)Changed items (object): > Simplified Group Serializer for user's groups
- Changed property
name
(string)
- Changed property
-
-
GET
/oauth2/authorization_codes/{id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
user
(object)User Serializer
-
Changed property
groups_obj
(array)Changed items (object): > Simplified Group Serializer for user's groups
- Changed property
name
(string)
- Changed property
-
-
GET
/oauth2/refresh_tokens/{id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
user
(object)User Serializer
-
Changed property
groups_obj
(array)Changed items (object): > Simplified Group Serializer for user's groups
- Changed property
name
(string)
- Changed property
-
-
GET
/outposts/ldap/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > LDAPProvider Serializer
- Deleted property
search_group
(string)Users in this group can do search queries. If not set, every user can execute search queries.
- Deleted property
-
POST
/policies/bindings/
Return Type:
Changed response : 201 Created
-
Changed content type :
application/json
-
Changed property
group_obj
(object)Group Serializer
- Changed property
name
(string)
- Changed property
-
Changed property
user_obj
(object)User Serializer
-
Changed property
groups_obj
(array)Changed items (object): > Simplified Group Serializer for user's groups
- Changed property
name
(string)
- Changed property
-
-
GET
/policies/bindings/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > PolicyBinding Serializer
-
Changed property
group_obj
(object)Group Serializer
- Changed property
name
(string)
- Changed property
-
Changed property
user_obj
(object)User Serializer
-
Changed property
groups_obj
(array)Changed items (object): > Simplified Group Serializer for user's groups
- Changed property
name
(string)
- Changed property
-
-
-
POST
/providers/ldap/
Request:
Changed content type : application/json
- Deleted property
search_group
(string)Users in this group can do search queries. If not set, every user can execute search queries.
Return Type:
Changed response : 201 Created
-
Changed content type :
application/json
- Deleted property
search_group
(string)Users in this group can do search queries. If not set, every user can execute search queries.
- Deleted property
GET
/providers/ldap/
Parameters:
Deleted: search_group__group_uuid__iexact
in query
Deleted: search_group__name__iexact
in query
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > LDAPProvider Serializer
- Deleted property
search_group
(string)Users in this group can do search queries. If not set, every user can execute search queries.
- Deleted property
-
POST
/providers/saml/
Request:
Changed content type : application/json
-
Added property
encryption_kp
(string)When selected, incoming assertions are encrypted by the IdP using the public key of the encryption keypair. The assertion is decrypted by the SP using the the private key.
-
Added property
sign_assertion
(boolean) -
Added property
sign_response
(boolean)
Return Type:
Changed response : 201 Created
-
Changed content type :
application/json
-
Added property
encryption_kp
(string)When selected, incoming assertions are encrypted by the IdP using the public key of the encryption keypair. The assertion is decrypted by the SP using the the private key.
-
Added property
sign_assertion
(boolean) -
Added property
sign_response
(boolean)
-
GET
/providers/saml/
Parameters:
Added: encryption_kp
in query
Added: sign_assertion
in query
Added: sign_response
in query
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > SAMLProvider Serializer
-
Added property
encryption_kp
(string)When selected, incoming assertions are encrypted by the IdP using the public key of the encryption keypair. The assertion is decrypted by the SP using the the private key.
-
Added property
sign_assertion
(boolean) -
Added property
sign_response
(boolean)
-
-
GET
/rbac/permissions/assigned_by_roles/
Parameters:
Changed: model
in query
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > Roles assigned object permission serializer
-
Changed property
permissions
(array)Changed items (object): > Role-bound object level permission
- Changed property
object_pk
(string)
- Changed property
-
-
GET
/rbac/permissions/assigned_by_users/
Parameters:
Changed: model
in query
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > Users assigned object permission serializer
-
Changed property
permissions
(array)Changed items (object): > User-bound object level permission
- Changed property
object_pk
(string)
- Changed property
-
-
GET
/sources/all/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > Source Serializer
-
Added property
user_property_mappings
(array) -
Added property
group_property_mappings
(array)
-
-
POST
/sources/ldap/
Request:
Changed content type : application/json
-
Added property
user_property_mappings
(array) -
Added property
group_property_mappings
(array) -
Deleted property
property_mappings
(array) -
Deleted property
property_mappings_group
(array)Property mappings used for group creation/updating.
Return Type:
Changed response : 201 Created
-
Changed content type :
application/json
-
Added property
user_property_mappings
(array) -
Added property
group_property_mappings
(array) -
Deleted property
property_mappings
(array) -
Deleted property
property_mappings_group
(array)Property mappings used for group creation/updating.
-
GET
/sources/ldap/
Parameters:
Added: group_property_mappings
in query
Added: user_property_mappings
in query
Deleted: property_mappings
in query
Deleted: property_mappings_group
in query
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > LDAP Source Serializer
-
Added property
user_property_mappings
(array) -
Added property
group_property_mappings
(array) -
Deleted property
property_mappings
(array) -
Deleted property
property_mappings_group
(array)Property mappings used for group creation/updating.
-
-
POST
/sources/oauth/
Request:
Changed content type : application/json
-
Added property
user_property_mappings
(array) -
Added property
group_property_mappings
(array) -
Added property
group_matching_mode
(object)How the source determines if an existing group should be used or a new group created.
Return Type:
Changed response : 201 Created
-
Changed content type :
application/json
-
Added property
user_property_mappings
(array) -
Added property
group_property_mappings
(array) -
Added property
group_matching_mode
(object)How the source determines if an existing group should be used or a new group created.
-
GET
/sources/oauth/
Parameters:
Added: group_matching_mode
in query
How the source determines if an existing group should be used or a new group created.
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > OAuth Source Serializer
-
Added property
user_property_mappings
(array) -
Added property
group_property_mappings
(array) -
Added property
group_matching_mode
(object)How the source determines if an existing group should be used or a new group created.
-
-
POST
/sources/plex/
Request:
Changed content type : application/json
-
Added property
user_property_mappings
(array) -
Added property
group_property_mappings
(array) -
Added property
group_matching_mode
(object)How the source determines if an existing group should be used or a new group created.
Return Type:
Changed response : 201 Created
-
Changed content type :
application/json
-
Added property
user_property_mappings
(array) -
Added property
group_property_mappings
(array) -
Added property
group_matching_mode
(object)How the source determines if an existing group should be used or a new group created.
-
GET
/sources/plex/
Parameters:
Added: group_matching_mode
in query
How the source determines if an existing group should be used or a new group created.
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > Plex Source Serializer
-
Added property
user_property_mappings
(array) -
Added property
group_property_mappings
(array) -
Added property
group_matching_mode
(object)How the source determines if an existing group should be used or a new group created.
-
-
POST
/sources/plex/redeem_token/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
New optional properties:
type
- Deleted property
type
(object)
POST
/sources/saml/
Request:
Changed content type : application/json
-
Added property
user_property_mappings
(array) -
Added property
group_property_mappings
(array) -
Added property
group_matching_mode
(object)How the source determines if an existing group should be used or a new group created.
-
Added property
encryption_kp
(string)When selected, incoming assertions are encrypted by the IdP using the public key of the encryption keypair. The assertion is decrypted by the SP using the the private key.
Return Type:
Changed response : 201 Created
-
Changed content type :
application/json
-
Added property
user_property_mappings
(array) -
Added property
group_property_mappings
(array) -
Added property
group_matching_mode
(object)How the source determines if an existing group should be used or a new group created.
-
Added property
encryption_kp
(string)When selected, incoming assertions are encrypted by the IdP using the public key of the encryption keypair. The assertion is decrypted by the SP using the the private key.
-
GET
/sources/saml/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > SAMLSource Serializer
-
Added property
user_property_mappings
(array) -
Added property
group_property_mappings
(array) -
Added property
group_matching_mode
(object)How the source determines if an existing group should be used or a new group created.
-
Added property
encryption_kp
(string)When selected, incoming assertions are encrypted by the IdP using the public key of the encryption keypair. The assertion is decrypted by the SP using the the private key.
-
-
POST
/sources/scim/
Request:
Changed content type : application/json
-
Added property
user_property_mappings
(array) -
Added property
group_property_mappings
(array) -
Deleted property
user_matching_mode
(object)How the source determines if an existing user should be authenticated or a new user enrolled.
Return Type:
Changed response : 201 Created
-
Changed content type :
application/json
-
Added property
user_property_mappings
(array) -
Added property
group_property_mappings
(array) -
Deleted property
user_matching_mode
(object)How the source determines if an existing user should be authenticated or a new user enrolled.
-
Changed property
token_obj
(object)Token Serializer
-
Changed property
user_obj
(object)User Serializer
-
Changed property
groups_obj
(array)Changed items (object): > Simplified Group Serializer for user's groups
- Changed property
name
(string)
- Changed property
-
-
-
GET
/sources/scim/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > SCIMSource Serializer
-
Added property
user_property_mappings
(array) -
Added property
group_property_mappings
(array) -
Deleted property
user_matching_mode
(object)How the source determines if an existing user should be authenticated or a new user enrolled.
-
Changed property
token_obj
(object)Token Serializer
-
Changed property
user_obj
(object)User Serializer
-
Changed property
groups_obj
(array)Changed items (object): > Simplified Group Serializer for user's groups
- Changed property
name
(string)
- Changed property
-
-
-
-
GET
/sources/user_connections/all/
Parameters:
Added: source__slug
in query
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > OAuth Source Serializer
-
Changed property
source
(object)Source Serializer
-
Added property
user_property_mappings
(array) -
Added property
group_property_mappings
(array)
-
-
-
POST
/sources/user_connections/oauth/
Request:
Changed content type : application/json
New optional properties:
user
- Deleted property
user
(integer)
Return Type:
Changed response : 201 Created
-
Changed content type :
application/json
New required properties:
created
-
Added property
created
(string) -
Changed property
user
(integer) -
Changed property
source
(object)Source Serializer
-
Added property
user_property_mappings
(array) -
Added property
group_property_mappings
(array)
-
GET
/sources/user_connections/oauth/
Parameters:
Added: user
in query
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > OAuth Source Serializer
New required properties:
created
-
Added property
created
(string) -
Changed property
user
(integer) -
Changed property
source
(object)Source Serializer
-
Added property
user_property_mappings
(array) -
Added property
group_property_mappings
(array)
-
-
POST
/sources/user_connections/plex/
Request:
Changed content type : application/json
- Changed property
plex_token
(string)
Return Type:
Changed response : 201 Created
-
Changed content type :
application/json
New required properties:
created
New optional properties:
plex_token
-
Added property
created
(string) -
Deleted property
plex_token
(string) -
Changed property
source
(object)Source Serializer
-
Added property
user_property_mappings
(array) -
Added property
group_property_mappings
(array)
-
GET
/sources/user_connections/plex/
Parameters:
Added: user
in query
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > Plex Source connection Serializer
New required properties:
created
New optional properties:
plex_token
-
Added property
created
(string) -
Deleted property
plex_token
(string) -
Changed property
source
(object)Source Serializer
-
Added property
user_property_mappings
(array) -
Added property
group_property_mappings
(array)
-
-
POST
/sources/user_connections/saml/
Request:
Changed content type : application/json
New optional properties:
user
- Deleted property
user
(integer)
Return Type:
Changed response : 201 Created
-
Changed content type :
application/json
New required properties:
created
-
Added property
created
(string) -
Changed property
user
(integer) -
Changed property
source
(object)Source Serializer
-
Added property
user_property_mappings
(array) -
Added property
group_property_mappings
(array)
-
GET
/sources/user_connections/saml/
Parameters:
Added: user
in query
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > SAML Source Serializer
New required properties:
created
-
Added property
created
(string) -
Changed property
user
(integer) -
Changed property
source
(object)Source Serializer
-
Added property
user_property_mappings
(array) -
Added property
group_property_mappings
(array)
-
-
GET
/stages/identification/{stage_uuid}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
- Changed property
password_stage
(string)When set, shows a password field, instead of showing the password field as separate step.
- Changed property
PUT
/stages/identification/{stage_uuid}/
Request:
Changed content type : application/json
- Changed property
password_stage
(string)When set, shows a password field, instead of showing the password field as separate step.
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
- Changed property
password_stage
(string)When set, shows a password field, instead of showing the password field as separate step.
- Changed property
PATCH
/stages/identification/{stage_uuid}/
Request:
Changed content type : application/json
- Changed property
password_stage
(string)When set, shows a password field, instead of showing the password field as separate step.
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
- Changed property
password_stage
(string)When set, shows a password field, instead of showing the password field as separate step.
- Changed property
GET
/stages/password/{stage_uuid}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
- Added property
allow_show_password
(boolean)When enabled, provides a 'show password' button with the password input field.
- Added property
PUT
/stages/password/{stage_uuid}/
Request:
Changed content type : application/json
- Added property
allow_show_password
(boolean)When enabled, provides a 'show password' button with the password input field.
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
- Added property
allow_show_password
(boolean)When enabled, provides a 'show password' button with the password input field.
- Added property
PATCH
/stages/password/{stage_uuid}/
Request:
Changed content type : application/json
- Added property
allow_show_password
(boolean)When enabled, provides a 'show password' button with the password input field.
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
- Added property
allow_show_password
(boolean)When enabled, provides a 'show password' button with the password input field.
- Added property
PUT
/core/transactional/applications/
Request:
Changed content type : application/json
-
Changed property
provider
(object)Updated
authentik_providers_saml.samlprovider
provider_model:-
Added property
encryption_kp
(string)When selected, incoming assertions are encrypted by the IdP using the public key of the encryption keypair. The assertion is decrypted by the SP using the the private key.
-
Added property
sign_assertion
(boolean) -
Added property
sign_response
(boolean)
Updated
authentik_providers_ldap.ldapprovider
provider_model:- Deleted property
search_group
(string)Users in this group can do search queries. If not set, every user can execute search queries.
-
GET
/core/user_consent/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > UserConsent Serializer
-
Changed property
user
(object)User Serializer
-
Changed property
groups_obj
(array)Changed items (object): > Simplified Group Serializer for user's groups
- Changed property
name
(string)
- Changed property
-
-
-
GET
/flows/executor/{flow_slug}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
Updated
ak-stage-flow-error
component:- Deleted property
type
(string)
Updated
ak-stage-authenticator-totp
component: New optional properties:type
- Deleted property
type
(object)
Updated
ak-stage-captcha
component: New optional properties:type
- Deleted property
type
(object)
Updated
ak-source-oauth-apple
component: New optional properties:type
- Deleted property
type
(object)
Updated
ak-stage-user-login
component: New optional properties:type
- Deleted property
type
(object)
Updated
ak-stage-access-denied
component: New optional properties:type
- Deleted property
type
(object)
Updated
ak-source-plex
component: New optional properties:type
- Deleted property
type
(object)
Updated
ak-stage-authenticator-duo
component: New optional properties:type
- Deleted property
type
(object)
Updated
ak-stage-password
component: New optional properties:type
-
Added property
allow_show_password
(boolean) -
Deleted property
type
(object)
Updated
ak-stage-authenticator-static
component: New optional properties:type
- Deleted property
type
(object)
Updated
ak-stage-autosubmit
component: New optional properties:type
- Deleted property
type
(object)
Updated
xak-flow-shell
component: New optional properties:type
- Deleted property
type
(object)
Updated
ak-provider-oauth2-device-code-finish
component: New optional properties:type
- Deleted property
type
(object)
Updated
ak-stage-authenticator-sms
component: New optional properties:type
- Deleted property
type
(object)
Updated
ak-stage-email
component: New optional properties:type
- Deleted property
type
(object)
Updated
ak-stage-authenticator-webauthn
component: New optional properties:type
- Deleted property
type
(object)
Updated
xak-flow-redirect
component: New optional properties:type
- Deleted property
type
(object)
Updated
ak-stage-dummy
component: New optional properties:type
- Deleted property
type
(object)
Updated
ak-stage-authenticator-validate
component: New optional properties:type
- Deleted property
type
(object)
Updated
ak-stage-consent
component: New optional properties:type
- Deleted property
type
(object)
Updated
ak-provider-oauth2-device-code
component: New optional properties:type
- Deleted property
type
(object)
Updated
ak-stage-prompt
component: New optional properties:type
- Deleted property
type
(object)
Updated
ak-stage-identification
component: New optional properties:type
-
Added property
allow_show_password
(boolean) -
Deleted property
type
(object)
- Deleted property
POST
/flows/executor/{flow_slug}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
Updated
ak-stage-flow-error
component:- Deleted property
type
(string)
Updated
ak-stage-authenticator-totp
component: New optional properties:type
- Deleted property
type
(object)
Updated
ak-stage-captcha
component: New optional properties:type
- Deleted property
type
(object)
Updated
ak-source-oauth-apple
component: New optional properties:type
- Deleted property
type
(object)
Updated
ak-stage-user-login
component: New optional properties:type
- Deleted property
type
(object)
Updated
ak-stage-access-denied
component: New optional properties:type
- Deleted property
type
(object)
Updated
ak-source-plex
component: New optional properties:type
- Deleted property
type
(object)
Updated
ak-stage-authenticator-duo
component: New optional properties:type
- Deleted property
type
(object)
Updated
ak-stage-password
component: New optional properties:type
-
Added property
allow_show_password
(boolean) -
Deleted property
type
(object)
Updated
ak-stage-authenticator-static
component: New optional properties:type
- Deleted property
type
(object)
Updated
ak-stage-autosubmit
component: New optional properties:type
- Deleted property
type
(object)
Updated
xak-flow-shell
component: New optional properties:type
- Deleted property
type
(object)
Updated
ak-provider-oauth2-device-code-finish
component: New optional properties:type
- Deleted property
type
(object)
Updated
ak-stage-authenticator-sms
component: New optional properties:type
- Deleted property
type
(object)
Updated
ak-stage-email
component: New optional properties:type
- Deleted property
type
(object)
Updated
ak-stage-authenticator-webauthn
component: New optional properties:type
- Deleted property
type
(object)
Updated
xak-flow-redirect
component: New optional properties:type
- Deleted property
type
(object)
Updated
ak-stage-dummy
component: New optional properties:type
- Deleted property
type
(object)
Updated
ak-stage-authenticator-validate
component: New optional properties:type
- Deleted property
type
(object)
Updated
ak-stage-consent
component: New optional properties:type
- Deleted property
type
(object)
Updated
ak-provider-oauth2-device-code
component: New optional properties:type
- Deleted property
type
(object)
Updated
ak-stage-prompt
component: New optional properties:type
- Deleted property
type
(object)
Updated
ak-stage-identification
component: New optional properties:type
-
Added property
allow_show_password
(boolean) -
Deleted property
type
(object)
- Deleted property
GET
/oauth2/access_tokens/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > Serializer for BaseGrantModel and RefreshToken
-
Changed property
user
(object)User Serializer
-
Changed property
groups_obj
(array)Changed items (object): > Simplified Group Serializer for user's groups
- Changed property
name
(string)
- Changed property
-
-
-
GET
/oauth2/authorization_codes/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > Serializer for BaseGrantModel and ExpiringBaseGrant
-
Changed property
user
(object)User Serializer
-
Changed property
groups_obj
(array)Changed items (object): > Simplified Group Serializer for user's groups
- Changed property
name
(string)
- Changed property
-
-
-
GET
/oauth2/refresh_tokens/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > Serializer for BaseGrantModel and RefreshToken
-
Changed property
user
(object)User Serializer
-
Changed property
groups_obj
(array)Changed items (object): > Simplified Group Serializer for user's groups
- Changed property
name
(string)
- Changed property
-
-
-
POST
/stages/identification/
Request:
Changed content type : application/json
- Changed property
password_stage
(string)When set, shows a password field, instead of showing the password field as separate step.
Return Type:
Changed response : 201 Created
-
Changed content type :
application/json
- Changed property
password_stage
(string)When set, shows a password field, instead of showing the password field as separate step.
- Changed property
GET
/stages/identification/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > IdentificationStage Serializer
- Changed property
password_stage
(string)When set, shows a password field, instead of showing the password field as separate step.
- Changed property
-
POST
/stages/password/
Request:
Changed content type : application/json
- Added property
allow_show_password
(boolean)When enabled, provides a 'show password' button with the password input field.
Return Type:
Changed response : 201 Created
-
Changed content type :
application/json
- Added property
allow_show_password
(boolean)When enabled, provides a 'show password' button with the password input field.
- Added property
GET
/stages/password/
Parameters:
Added: allow_show_password
in query
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > PasswordStage Serializer
- Added property
allow_show_password
(boolean)When enabled, provides a 'show password' button with the password input field.
- Added property
-
POST
/stages/prompt/prompts/preview/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
New optional properties:
type
- Deleted property
type
(object)