Release 2023.5
Breaking changes
-
Deprecation of PostgreSQL 11 support
The next release of authentik will only support PostgreSQL 12 and newer. Upgrading can be done with https://github.com/tianon/docker-postgres-upgrade or by exporting the database and re-importing the database into a new PostgreSQL instance.
-
Removal of deprecated LDAP fields
This version removes the deprecated LDAP fields
goauthentik.io/ldap/active
andgoauthentik.io/ldap/superuser
.Additionally, any custom fields based on user attributes will only be represented with their sanitized key, removing any slashes with dashes, and removing periods.
-
Renamed docker-compose environment variables
To better distinguish settings that configure authentik itself and settings that configure docker-compose, the environment variables
AUTHENTIK_PORT_HTTP
andAUTHENTIK_PORT_HTTPS
have been renamed toCOMPOSE_PORT_HTTP
andCOMPOSE_PORT_HTTPS
respectively.
New features
-
Backchannel providers
Backchannel providers can augment the functionality of applications by using additional protocols. The main provider of an application provides the SSO protocol that is used for logging into the application. Then, additional backchannel providers can be used for protocols such as SCIM and LDAP to provide directory syncing.
Access restrictions that are configured on an application apply to all of its backchannel providers.
-
Improved blueprint developer experience
The blueprint schema has been greatly expanded to make writing blueprints easier. Where previously only possible models would be autocompleted, with the new schema all model fields are suggested with their types and possible values.
Additionally, it is now possible to set Application and Source icons and Flow backgrounds via blueprints, by specifying their value as a URL.
Upgrading
This release does not introduce any new requirements.
docker-compose
To upgrade, download the new docker-compose file and update the Docker stack with the new version, using these commands:
wget -O docker-compose.yml https://goauthentik.io/version/2023.5/docker-compose.yml
docker-compose up -d
The -O
flag retains the downloaded file's name, overwriting any existing local file with the same name.
Kubernetes
Update your values to use the new images:
image:
repository: ghcr.io/goauthentik/server
tag: 2023.5.0
Minor changes/fixes
- api: modular urls (#5551)
- blueprints: adjust wording on managed field (#5558)
- blueprints: fix error when imported blueprint is invalid (#5414)
- blueprints: ignore hidden files in discovery (#5472)
- blueprints: improve schema generation by including model schema (#5503)
- blueprints: specify schema for blueprint metadata (#5509)
- blueprints: support setting file URLs in blueprints (#5510)
- cmd: use live endpoint instead of ready for inbuild healthcheck
- core: applications backchannel provider (#5449)
- crypto: make name field unique to prevent double certs (#5406)
- events: always run policies for notification rules even if no group is selected (#5353)
- events: cleanse http query string in events (#5508)
- events: include event user in webhook notification (#5524)
- internal: ignore insecure TLS certs (#5483)
- lifecycle: migrate internal healthcheck to use go (#5322)
- outposts: make state more consistent (#5403)
- policies: clear app cache when writing user, groups, policies (#5371)
- policies: make policy engine modes consistent with database values (#5462)
- providers/ldap: correctly use pagination in search results in both modes (#5492)
- providers/ldap: remove deprecated fields (#5154)
- providers/oauth2: use simpler charset for refresh tokens (#5502)
- providers/scim: correctly handle 404 by re-creating object (#5405)
- providers/scim: ensure scim group member isn't None (#5391)
- providers/scim: fix missing user/group filtering on SCIM direct save signals (#5473)
- providers/scim: improve compatibility (#5425)
- providers/scim: patch group name (#5564)
- root: Change docker-compose HTTP and HTTPS port variables (#5335)
- root: optimise healthchecks (#5337)
- sources/oauth: add patreon type (#5452)
- sources/oauth: fix reddit (#5557)
- stages/prompt: Add initial_data prompt field and ability to select a default choice for choice fields (#5095)
- web/admin: add example data for ldap property mapping (#5530)
- web/admin: add notes for users and groups (#5459)
- web/admin: add toggle to hide deactivated users (#5419)
- web/admin: disable generated proxy config by default (#5372)
- web/admin: fix blueprint instance list without metadata or labels (#5296)
- web/admin: fix cert expiry coloring (#5354)
- web/admin: fix error when prompt previewing fails when loading the page (#5290)
- web/admin: fix file path setting not saved properly (#5463)
- web/admin: fix flow stage binding update failing (#5287)
- web/admin: fix outpost integration list (#5418)
- web/admin: fix radius view page not imported (#5450)
- web/admin: fix state issue after clearIcon/Background is used and for… (#5423)
- web/admin: remove grouping (#5343)
- web/admin: use radio for client type (#5499)
- web/flow: render prompt inputs without unsafeHTML (#5404)
- web/flows: rework redirect logic (#5498)
- web/user: fix empty banner on application page not showing correctly (#5555)
- web: Fix label not clickable for checkbox and choice field in prompts (#5355)
- web: fix API browser error (#5402)
- web: fix loading text not being loaded (#5497)
Fixed in 2023.5.1
- lib: fix fallback_names migration not working when multiple objects with the same name exist (#5637)
- providers/radius: add warning message when radius provider is not used with outpost (#5656)
- providers/scim: default to None for fields instead of empty list (#5642)
- providers/scim: improve backchannel signalling (#5657)
- sources/ldap: improve error message (#5653)
- sources/ldap: log full exception when user password set fails (#5678)
- web/admin: fix radius provider page (#5651)
- web/flows: fix authenticator_validate device selection not sent to backend (#5638)
- web/flows: improve UI for TOTP code input (#5676)
- web/flows: update flow background (#5639)
Fixed in 2023.5.2
- blueprints: fix check for file path not being run on worker (#5703)
- blueprints: support custom ports for OCI blueprints (#5727)
- core: bump coverage from 7.2.5 to 7.2.6 (#5738)
- core: make groups field for user optional (#5702)
- events: fix ak_create_event using wrong request for event creation (#5731)
- lib: add tests for ak_create_event (#5710)
- outposts: fix missing radius outpost controller (#5730)
- web/user: fix MFA enroll dropdown broken when password stage has no configuration flow (#5744)
Fixed in 2023.5.3
- blueprints: fix API validation with OCI blueprint path (#5822)
- ci: build outpost binaries statically linked (#5823)
- ci: replace github bot account with github app (#5819)
- providers/ldap: fix LDAP Outpost application selection (#5812)
- web/flows: fix RedirectStage not detecting absolute URLs correctly (#5781)
Fixed in 2023.5.4
- security: Address pen-test findings from the 2023-06 Cure53 Code audit
Fixed in 2023.5.5
- *: fix CVE-2023-36456, Reported by @thijsa
Fixed in 2023.5.6
- *: fix CVE-2023-39522, Reported by @markrassamni
API Changes
What's Changed
GET
/crypto/certificatekeypairs/{kp_uuid}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
New required properties:
-
managed
- Changed property
managed
(string)Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update.
-
PUT
/crypto/certificatekeypairs/{kp_uuid}/
Request:
Changed content type : application/json
- Deleted property
managed
(string)Objects which are managed by authentik. These objects are created and updated automatically. This is flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update.
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
New required properties:
-
managed
- Changed property
managed
(string)Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update.
-
PATCH
/crypto/certificatekeypairs/{kp_uuid}/
Request:
Changed content type : application/json
- Deleted property
managed
(string)Objects which are managed by authentik. These objects are created and updated automatically. This is flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update.
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
New required properties:
-
managed
- Changed property
managed
(string)Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update.
-
POST
/crypto/certificatekeypairs/generate/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
New required properties:
-
managed
- Changed property
managed
(string)Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update.
-
GET
/policies/event_matcher/{policy_uuid}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
app
(string)authentik.admin
- authentik Adminauthentik.api
- authentik APIauthentik.crypto
- authentik Cryptoauthentik.events
- authentik Eventsauthentik.flows
- authentik Flowsauthentik.lib
- authentik libauthentik.outposts
- authentik Outpostauthentik.policies.dummy
- authentik Policies.Dummyauthentik.policies.event_matcher
- authentik Policies.Event Matcherauthentik.policies.expiry
- authentik Policies.Expiryauthentik.policies.expression
- authentik Policies.Expressionauthentik.policies.password
- authentik Policies.Passwordauthentik.policies.reputation
- authentik Policies.Reputationauthentik.policies
- authentik Policiesauthentik.providers.ldap
- authentik Providers.LDAPauthentik.providers.oauth2
- authentik Providers.OAuth2authentik.providers.proxy
- authentik Providers.Proxyauthentik.providers.radius
- authentik Providers.Radiusauthentik.providers.saml
- authentik Providers.SAMLauthentik.providers.scim
- authentik Providers.SCIMauthentik.recovery
- authentik Recoveryauthentik.sources.ldap
- authentik Sources.LDAPauthentik.sources.oauth
- authentik Sources.OAuthauthentik.sources.plex
- authentik Sources.Plexauthentik.sources.saml
- authentik Sources.SAMLauthentik.stages.authenticator_duo
- authentik Stages.Authenticator.Duoauthentik.stages.authenticator_sms
- authentik Stages.Authenticator.SMSauthentik.stages.authenticator_static
- authentik Stages.Authenticator.Staticauthentik.stages.authenticator_totp
- authentik Stages.Authenticator.TOTPauthentik.stages.authenticator_validate
- authentik Stages.Authenticator.Validateauthentik.stages.authenticator_webauthn
- authentik Stages.Authenticator.WebAuthnauthentik.stages.captcha
- authentik Stages.Captchaauthentik.stages.consent
- authentik Stages.Consentauthentik.stages.deny
- authentik Stages.Denyauthentik.stages.dummy
- authentik Stages.Dummyauthentik.stages.email
- authentik Stages.Emailauthentik.stages.identification
- authentik Stages.Identificationauthentik.stages.invitation
- authentik Stages.User Invitationauthentik.stages.password
- authentik Stages.Passwordauthentik.stages.prompt
- authentik Stages.Promptauthentik.stages.user_delete
- authentik Stages.User Deleteauthentik.stages.user_login
- authentik Stages.User Loginauthentik.stages.user_logout
- authentik Stages.User Logoutauthentik.stages.user_write
- authentik Stages.User Writeauthentik.tenants
- authentik Tenantsauthentik.blueprints
- authentik Blueprintsauthentik.core
- authentik Coreauthentik.enterprise
- authentik Enterprise
Added enum value:
authentik.enterprise
-
PUT
/policies/event_matcher/{policy_uuid}/
Request:
Changed content type : application/json
-
Changed property
app
(string)authentik.admin
- authentik Adminauthentik.api
- authentik APIauthentik.crypto
- authentik Cryptoauthentik.events
- authentik Eventsauthentik.flows
- authentik Flowsauthentik.lib
- authentik libauthentik.outposts
- authentik Outpostauthentik.policies.dummy
- authentik Policies.Dummyauthentik.policies.event_matcher
- authentik Policies.Event Matcherauthentik.policies.expiry
- authentik Policies.Expiryauthentik.policies.expression
- authentik Policies.Expressionauthentik.policies.password
- authentik Policies.Passwordauthentik.policies.reputation
- authentik Policies.Reputationauthentik.policies
- authentik Policiesauthentik.providers.ldap
- authentik Providers.LDAPauthentik.providers.oauth2
- authentik Providers.OAuth2authentik.providers.proxy
- authentik Providers.Proxyauthentik.providers.radius
- authentik Providers.Radiusauthentik.providers.saml
- authentik Providers.SAMLauthentik.providers.scim
- authentik Providers.SCIMauthentik.recovery
- authentik Recoveryauthentik.sources.ldap
- authentik Sources.LDAPauthentik.sources.oauth
- authentik Sources.OAuthauthentik.sources.plex
- authentik Sources.Plexauthentik.sources.saml
- authentik Sources.SAMLauthentik.stages.authenticator_duo
- authentik Stages.Authenticator.Duoauthentik.stages.authenticator_sms
- authentik Stages.Authenticator.SMSauthentik.stages.authenticator_static
- authentik Stages.Authenticator.Staticauthentik.stages.authenticator_totp
- authentik Stages.Authenticator.TOTPauthentik.stages.authenticator_validate
- authentik Stages.Authenticator.Validateauthentik.stages.authenticator_webauthn
- authentik Stages.Authenticator.WebAuthnauthentik.stages.captcha
- authentik Stages.Captchaauthentik.stages.consent
- authentik Stages.Consentauthentik.stages.deny
- authentik Stages.Denyauthentik.stages.dummy
- authentik Stages.Dummyauthentik.stages.email
- authentik Stages.Emailauthentik.stages.identification
- authentik Stages.Identificationauthentik.stages.invitation
- authentik Stages.User Invitationauthentik.stages.password
- authentik Stages.Passwordauthentik.stages.prompt
- authentik Stages.Promptauthentik.stages.user_delete
- authentik Stages.User Deleteauthentik.stages.user_login
- authentik Stages.User Loginauthentik.stages.user_logout
- authentik Stages.User Logoutauthentik.stages.user_write
- authentik Stages.User Writeauthentik.tenants
- authentik Tenantsauthentik.blueprints
- authentik Blueprintsauthentik.core
- authentik Coreauthentik.enterprise
- authentik Enterprise
Added enum value:
authentik.enterprise
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
app
(string)authentik.admin
- authentik Adminauthentik.api
- authentik APIauthentik.crypto
- authentik Cryptoauthentik.events
- authentik Eventsauthentik.flows
- authentik Flowsauthentik.lib
- authentik libauthentik.outposts
- authentik Outpostauthentik.policies.dummy
- authentik Policies.Dummyauthentik.policies.event_matcher
- authentik Policies.Event Matcherauthentik.policies.expiry
- authentik Policies.Expiryauthentik.policies.expression
- authentik Policies.Expressionauthentik.policies.password
- authentik Policies.Passwordauthentik.policies.reputation
- authentik Policies.Reputationauthentik.policies
- authentik Policiesauthentik.providers.ldap
- authentik Providers.LDAPauthentik.providers.oauth2
- authentik Providers.OAuth2authentik.providers.proxy
- authentik Providers.Proxyauthentik.providers.radius
- authentik Providers.Radiusauthentik.providers.saml
- authentik Providers.SAMLauthentik.providers.scim
- authentik Providers.SCIMauthentik.recovery
- authentik Recoveryauthentik.sources.ldap
- authentik Sources.LDAPauthentik.sources.oauth
- authentik Sources.OAuthauthentik.sources.plex
- authentik Sources.Plexauthentik.sources.saml
- authentik Sources.SAMLauthentik.stages.authenticator_duo
- authentik Stages.Authenticator.Duoauthentik.stages.authenticator_sms
- authentik Stages.Authenticator.SMSauthentik.stages.authenticator_static
- authentik Stages.Authenticator.Staticauthentik.stages.authenticator_totp
- authentik Stages.Authenticator.TOTPauthentik.stages.authenticator_validate
- authentik Stages.Authenticator.Validateauthentik.stages.authenticator_webauthn
- authentik Stages.Authenticator.WebAuthnauthentik.stages.captcha
- authentik Stages.Captchaauthentik.stages.consent
- authentik Stages.Consentauthentik.stages.deny
- authentik Stages.Denyauthentik.stages.dummy
- authentik Stages.Dummyauthentik.stages.email
- authentik Stages.Emailauthentik.stages.identification
- authentik Stages.Identificationauthentik.stages.invitation
- authentik Stages.User Invitationauthentik.stages.password
- authentik Stages.Passwordauthentik.stages.prompt
- authentik Stages.Promptauthentik.stages.user_delete
- authentik Stages.User Deleteauthentik.stages.user_login
- authentik Stages.User Loginauthentik.stages.user_logout
- authentik Stages.User Logoutauthentik.stages.user_write
- authentik Stages.User Writeauthentik.tenants
- authentik Tenantsauthentik.blueprints
- authentik Blueprintsauthentik.core
- authentik Coreauthentik.enterprise
- authentik Enterprise
Added enum value:
authentik.enterprise
-
PATCH
/policies/event_matcher/{policy_uuid}/
Request:
Changed content type : application/json
-
Changed property
app
(string)authentik.admin
- authentik Adminauthentik.api
- authentik APIauthentik.crypto
- authentik Cryptoauthentik.events
- authentik Eventsauthentik.flows
- authentik Flowsauthentik.lib
- authentik libauthentik.outposts
- authentik Outpostauthentik.policies.dummy
- authentik Policies.Dummyauthentik.policies.event_matcher
- authentik Policies.Event Matcherauthentik.policies.expiry
- authentik Policies.Expiryauthentik.policies.expression
- authentik Policies.Expressionauthentik.policies.password
- authentik Policies.Passwordauthentik.policies.reputation
- authentik Policies.Reputationauthentik.policies
- authentik Policiesauthentik.providers.ldap
- authentik Providers.LDAPauthentik.providers.oauth2
- authentik Providers.OAuth2authentik.providers.proxy
- authentik Providers.Proxyauthentik.providers.radius
- authentik Providers.Radiusauthentik.providers.saml
- authentik Providers.SAMLauthentik.providers.scim
- authentik Providers.SCIMauthentik.recovery
- authentik Recoveryauthentik.sources.ldap
- authentik Sources.LDAPauthentik.sources.oauth
- authentik Sources.OAuthauthentik.sources.plex
- authentik Sources.Plexauthentik.sources.saml
- authentik Sources.SAMLauthentik.stages.authenticator_duo
- authentik Stages.Authenticator.Duoauthentik.stages.authenticator_sms
- authentik Stages.Authenticator.SMSauthentik.stages.authenticator_static
- authentik Stages.Authenticator.Staticauthentik.stages.authenticator_totp
- authentik Stages.Authenticator.TOTPauthentik.stages.authenticator_validate
- authentik Stages.Authenticator.Validateauthentik.stages.authenticator_webauthn
- authentik Stages.Authenticator.WebAuthnauthentik.stages.captcha
- authentik Stages.Captchaauthentik.stages.consent
- authentik Stages.Consentauthentik.stages.deny
- authentik Stages.Denyauthentik.stages.dummy
- authentik Stages.Dummyauthentik.stages.email
- authentik Stages.Emailauthentik.stages.identification
- authentik Stages.Identificationauthentik.stages.invitation
- authentik Stages.User Invitationauthentik.stages.password
- authentik Stages.Passwordauthentik.stages.prompt
- authentik Stages.Promptauthentik.stages.user_delete
- authentik Stages.User Deleteauthentik.stages.user_login
- authentik Stages.User Loginauthentik.stages.user_logout
- authentik Stages.User Logoutauthentik.stages.user_write
- authentik Stages.User Writeauthentik.tenants
- authentik Tenantsauthentik.blueprints
- authentik Blueprintsauthentik.core
- authentik Coreauthentik.enterprise
- authentik Enterprise
Added enum value:
authentik.enterprise
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
app
(string)authentik.admin
- authentik Adminauthentik.api
- authentik APIauthentik.crypto
- authentik Cryptoauthentik.events
- authentik Eventsauthentik.flows
- authentik Flowsauthentik.lib
- authentik libauthentik.outposts
- authentik Outpostauthentik.policies.dummy
- authentik Policies.Dummyauthentik.policies.event_matcher
- authentik Policies.Event Matcherauthentik.policies.expiry
- authentik Policies.Expiryauthentik.policies.expression
- authentik Policies.Expressionauthentik.policies.password
- authentik Policies.Passwordauthentik.policies.reputation
- authentik Policies.Reputationauthentik.policies
- authentik Policiesauthentik.providers.ldap
- authentik Providers.LDAPauthentik.providers.oauth2
- authentik Providers.OAuth2authentik.providers.proxy
- authentik Providers.Proxyauthentik.providers.radius
- authentik Providers.Radiusauthentik.providers.saml
- authentik Providers.SAMLauthentik.providers.scim
- authentik Providers.SCIMauthentik.recovery
- authentik Recoveryauthentik.sources.ldap
- authentik Sources.LDAPauthentik.sources.oauth
- authentik Sources.OAuthauthentik.sources.plex
- authentik Sources.Plexauthentik.sources.saml
- authentik Sources.SAMLauthentik.stages.authenticator_duo
- authentik Stages.Authenticator.Duoauthentik.stages.authenticator_sms
- authentik Stages.Authenticator.SMSauthentik.stages.authenticator_static
- authentik Stages.Authenticator.Staticauthentik.stages.authenticator_totp
- authentik Stages.Authenticator.TOTPauthentik.stages.authenticator_validate
- authentik Stages.Authenticator.Validateauthentik.stages.authenticator_webauthn
- authentik Stages.Authenticator.WebAuthnauthentik.stages.captcha
- authentik Stages.Captchaauthentik.stages.consent
- authentik Stages.Consentauthentik.stages.deny
- authentik Stages.Denyauthentik.stages.dummy
- authentik Stages.Dummyauthentik.stages.email
- authentik Stages.Emailauthentik.stages.identification
- authentik Stages.Identificationauthentik.stages.invitation
- authentik Stages.User Invitationauthentik.stages.password
- authentik Stages.Passwordauthentik.stages.prompt
- authentik Stages.Promptauthentik.stages.user_delete
- authentik Stages.User Deleteauthentik.stages.user_login
- authentik Stages.User Loginauthentik.stages.user_logout
- authentik Stages.User Logoutauthentik.stages.user_write
- authentik Stages.User Writeauthentik.tenants
- authentik Tenantsauthentik.blueprints
- authentik Blueprintsauthentik.core
- authentik Coreauthentik.enterprise
- authentik Enterprise
Added enum value:
authentik.enterprise
-
GET
/propertymappings/all/{pm_uuid}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
- Changed property
managed
(string)Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update.
- Changed property
GET
/propertymappings/ldap/{pm_uuid}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
- Changed property
managed
(string)Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update.
- Changed property
PUT
/propertymappings/ldap/{pm_uuid}/
Request:
Changed content type : application/json
- Changed property
managed
(string)Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update.
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
- Changed property
managed
(string)Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update.
- Changed property
PATCH
/propertymappings/ldap/{pm_uuid}/
Request:
Changed content type : application/json
- Changed property
managed
(string)Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update.
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
- Changed property
managed
(string)Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update.
- Changed property
GET
/propertymappings/saml/{pm_uuid}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
- Changed property
managed
(string)Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update.
- Changed property
PUT
/propertymappings/saml/{pm_uuid}/
Request:
Changed content type : application/json
- Changed property
managed
(string)Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update.
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
- Changed property
managed
(string)Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update.
- Changed property
PATCH
/propertymappings/saml/{pm_uuid}/
Request:
Changed content type : application/json
- Changed property
managed
(string)Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update.
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
- Changed property
managed
(string)Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update.
- Changed property
GET
/propertymappings/scim/{pm_uuid}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
- Changed property
managed
(string)Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update.
- Changed property
PUT
/propertymappings/scim/{pm_uuid}/
Request:
Changed content type : application/json
- Changed property
managed
(string)Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update.
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
- Changed property
managed
(string)Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update.
- Changed property
PATCH
/propertymappings/scim/{pm_uuid}/
Request:
Changed content type : application/json
- Changed property
managed
(string)Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update.
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
- Changed property
managed
(string)Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update.
- Changed property
GET
/propertymappings/scope/{pm_uuid}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
- Changed property
managed
(string)Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update.
- Changed property
PUT
/propertymappings/scope/{pm_uuid}/
Request:
Changed content type : application/json
- Changed property
managed
(string)Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update.
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
- Changed property
managed
(string)Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update.
- Changed property
PATCH
/propertymappings/scope/{pm_uuid}/
Request:
Changed content type : application/json
- Changed property
managed
(string)Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update.
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
- Changed property
managed
(string)Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update.
- Changed property
GET
/providers/all/{id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
New required properties:
-
assigned_backchannel_application_name
-
assigned_backchannel_application_slug
-
Added property
assigned_backchannel_application_slug
(string)Internal application name, used in URLs.
-
Added property
assigned_backchannel_application_name
(string)Application's display Name.
-
GET
/providers/oauth2/{id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
New required properties:
-
assigned_backchannel_application_name
-
assigned_backchannel_application_slug
-
Added property
assigned_backchannel_application_slug
(string)Internal application name, used in URLs.
-
Added property
assigned_backchannel_application_name
(string)Application's display Name.
-
PUT
/providers/oauth2/{id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
New required properties:
-
assigned_backchannel_application_name
-
assigned_backchannel_application_slug
-
Added property
assigned_backchannel_application_slug
(string)Internal application name, used in URLs.
-
Added property
assigned_backchannel_application_name
(string)Application's display Name.
-
PATCH
/providers/oauth2/{id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
New required properties:
-
assigned_backchannel_application_name
-
assigned_backchannel_application_slug
-
Added property
assigned_backchannel_application_slug
(string)Internal application name, used in URLs.
-
Added property
assigned_backchannel_application_name
(string)Application's display Name.
-
GET
/providers/proxy/{id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
New required properties:
-
assigned_backchannel_application_name
-
assigned_backchannel_application_slug
-
Added property
assigned_backchannel_application_slug
(string)Internal application name, used in URLs.
-
Added property
assigned_backchannel_application_name
(string)Application's display Name.
-
PUT
/providers/proxy/{id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
New required properties:
-
assigned_backchannel_application_name
-
assigned_backchannel_application_slug
-
Added property
assigned_backchannel_application_slug
(string)Internal application name, used in URLs.
-
Added property
assigned_backchannel_application_name
(string)Application's display Name.
-
PATCH
/providers/proxy/{id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
New required properties:
-
assigned_backchannel_application_name
-
assigned_backchannel_application_slug
-
Added property
assigned_backchannel_application_slug
(string)Internal application name, used in URLs.
-
Added property
assigned_backchannel_application_name
(string)Application's display Name.
-
GET
/providers/radius/{id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
New required properties:
-
assigned_backchannel_application_name
-
assigned_backchannel_application_slug
-
Added property
assigned_backchannel_application_slug
(string)Internal application name, used in URLs.
-
Added property
assigned_backchannel_application_name
(string)Application's display Name.
-
PUT
/providers/radius/{id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
New required properties:
-
assigned_backchannel_application_name
-
assigned_backchannel_application_slug
-
Added property
assigned_backchannel_application_slug
(string)Internal application name, used in URLs.
-
Added property
assigned_backchannel_application_name
(string)Application's display Name.
-
PATCH
/providers/radius/{id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
New required properties:
-
assigned_backchannel_application_name
-
assigned_backchannel_application_slug
-
Added property
assigned_backchannel_application_slug
(string)Internal application name, used in URLs.
-
Added property
assigned_backchannel_application_name
(string)Application's display Name.
-
GET
/core/applications/{slug}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
New required properties:
-
backchannel_providers_obj
-
Added property
backchannel_providers
(array)Items (integer):
-
Added property
backchannel_providers_obj
(array)Items (object): > Provider Serializer
-
Property
pk
(integer) -
Property
name
(string) -
Property
authentication_flow
(string)Flow used for authentication when the associated application is accessed by an un-authenticated user.
-
Property
authorization_flow
(string)Flow used when authorizing this provider.
-
Property
property_mappings
(array)Items (string):
-
Property
component
(string)Get object component so that we know how to edit the object
-
Property
assigned_application_slug
(string)Internal application name, used in URLs.
-
Property
assigned_application_name
(string)Application's display Name.
-
Property
assigned_backchannel_application_slug
(string)Internal application name, used in URLs.
-
Property
assigned_backchannel_application_name
(string)Application's display Name.
-
Property
verbose_name
(string)Return object's verbose_name
-
Property
verbose_name_plural
(string)Return object's plural verbose_name
-
Property
meta_model_name
(string)Return internal model name
-
-
Changed property
provider_obj
(object)Provider Serializer
New required properties:
-
assigned_backchannel_application_name
-
assigned_backchannel_application_slug
-
Added property
assigned_backchannel_application_slug
(string)Internal application name, used in URLs.
-
Added property
assigned_backchannel_application_name
(string)Application's display Name.
-
-
Changed property
policy_engine_mode
(string)all
- all, all policies must passany
- any, any policy must pass
-
PUT
/core/applications/{slug}/
Request:
Changed content type : application/json
-
Added property
backchannel_providers
(array) -
Changed property
policy_engine_mode
(string)all
- all, all policies must passany
- any, any policy must pass
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
New required properties:
-
backchannel_providers_obj
-
Added property
backchannel_providers
(array) -
Added property
backchannel_providers_obj
(array) -
Changed property
provider_obj
(object)Provider Serializer
New required properties:
-
assigned_backchannel_application_name
-
assigned_backchannel_application_slug
-
Added property
assigned_backchannel_application_slug
(string)Internal application name, used in URLs.
-
Added property
assigned_backchannel_application_name
(string)Application's display Name.
-
-
Changed property
policy_engine_mode
(string)all
- all, all policies must passany
- any, any policy must pass
-
PATCH
/core/applications/{slug}/
Request:
Changed content type : application/json
-
Added property
backchannel_providers
(array) -
Changed property
policy_engine_mode
(string)all
- all, all policies must passany
- any, any policy must pass
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
New required properties:
-
backchannel_providers_obj
-
Added property
backchannel_providers
(array) -
Added property
backchannel_providers_obj
(array) -
Changed property
provider_obj
(object)Provider Serializer
New required properties:
-
assigned_backchannel_application_name
-
assigned_backchannel_application_slug
-
Added property
assigned_backchannel_application_slug
(string)Internal application name, used in URLs.
-
Added property
assigned_backchannel_application_name
(string)Application's display Name.
-
-
Changed property
policy_engine_mode
(string)all
- all, all policies must passany
- any, any policy must pass
-
GET
/core/tokens/{identifier}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
- Changed property
managed
(string)Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update.
- Changed property
PUT
/core/tokens/{identifier}/
Request:
Changed content type : application/json
- Changed property
managed
(string)Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update.
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
- Changed property
managed
(string)Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update.
- Changed property
PATCH
/core/tokens/{identifier}/
Request:
Changed content type : application/json
- Changed property
managed
(string)Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update.
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
- Changed property
managed
(string)Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update.
- Changed property
POST
/crypto/certificatekeypairs/
Request:
Changed content type : application/json
- Deleted property
managed
(string)Objects which are managed by authentik. These objects are created and updated automatically. This is flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update.
Return Type:
Changed response : 201 Created
-
Changed content type :
application/json
New required properties:
-
managed
- Changed property
managed
(string)Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update.
-
GET
/crypto/certificatekeypairs/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > CertificateKeyPair Serializer
New required properties:
-
managed
- Changed property
managed
(string)Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update.
-
-
GET
/flows/instances/{slug}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
- Changed property
policy_engine_mode
(string)all
- all, all policies must passany
- any, any policy must pass
- Changed property
PUT
/flows/instances/{slug}/
Request:
Changed content type : application/json
- Changed property
policy_engine_mode
(string)all
- all, all policies must passany
- any, any policy must pass
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
- Changed property
policy_engine_mode
(string)all
- all, all policies must passany
- any, any policy must pass
- Changed property
PATCH
/flows/instances/{slug}/
Request:
Changed content type : application/json
- Changed property
policy_engine_mode
(string)all
- all, all policies must passany
- any, any policy must pass
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
- Changed property
policy_engine_mode
(string)all
- all, all policies must passany
- any, any policy must pass
- Changed property
GET
/outposts/instances/{uuid}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
managed
(string)Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update.
-
Changed property
providers_obj
(array)Changed items (object): > Provider Serializer
New required properties:
-
assigned_backchannel_application_name
-
assigned_backchannel_application_slug
-
Added property
assigned_backchannel_application_slug
(string)Internal application name, used in URLs.
-
Added property
assigned_backchannel_application_name
(string)Application's display Name.
-
-
PUT
/outposts/instances/{uuid}/
Request:
Changed content type : application/json
- Changed property
managed
(string)Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update.
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
managed
(string)Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update.
-
Changed property
providers_obj
(array)Changed items (object): > Provider Serializer
New required properties:
-
assigned_backchannel_application_name
-
assigned_backchannel_application_slug
-
Added property
assigned_backchannel_application_slug
(string)Internal application name, used in URLs.
-
Added property
assigned_backchannel_application_name
(string)Application's display Name.
-
-
PATCH
/outposts/instances/{uuid}/
Request:
Changed content type : application/json
- Changed property
managed
(string)Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update.
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
managed
(string)Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update.
-
Changed property
providers_obj
(array)Changed items (object): > Provider Serializer
New required properties:
-
assigned_backchannel_application_name
-
assigned_backchannel_application_slug
-
Added property
assigned_backchannel_application_slug
(string)Internal application name, used in URLs.
-
Added property
assigned_backchannel_application_name
(string)Application's display Name.
-
-
GET
/outposts/ldap/{id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
- Changed property
application_slug
(string)Prioritise backchannel slug over direct application slug
- Changed property
POST
/policies/event_matcher/
Request:
Changed content type : application/json
-
Changed property
app
(string)authentik.admin
- authentik Adminauthentik.api
- authentik APIauthentik.crypto
- authentik Cryptoauthentik.events
- authentik Eventsauthentik.flows
- authentik Flowsauthentik.lib
- authentik libauthentik.outposts
- authentik Outpostauthentik.policies.dummy
- authentik Policies.Dummyauthentik.policies.event_matcher
- authentik Policies.Event Matcherauthentik.policies.expiry
- authentik Policies.Expiryauthentik.policies.expression
- authentik Policies.Expressionauthentik.policies.password
- authentik Policies.Passwordauthentik.policies.reputation
- authentik Policies.Reputationauthentik.policies
- authentik Policiesauthentik.providers.ldap
- authentik Providers.LDAPauthentik.providers.oauth2
- authentik Providers.OAuth2authentik.providers.proxy
- authentik Providers.Proxyauthentik.providers.radius
- authentik Providers.Radiusauthentik.providers.saml
- authentik Providers.SAMLauthentik.providers.scim
- authentik Providers.SCIMauthentik.recovery
- authentik Recoveryauthentik.sources.ldap
- authentik Sources.LDAPauthentik.sources.oauth
- authentik Sources.OAuthauthentik.sources.plex
- authentik Sources.Plexauthentik.sources.saml
- authentik Sources.SAMLauthentik.stages.authenticator_duo
- authentik Stages.Authenticator.Duoauthentik.stages.authenticator_sms
- authentik Stages.Authenticator.SMSauthentik.stages.authenticator_static
- authentik Stages.Authenticator.Staticauthentik.stages.authenticator_totp
- authentik Stages.Authenticator.TOTPauthentik.stages.authenticator_validate
- authentik Stages.Authenticator.Validateauthentik.stages.authenticator_webauthn
- authentik Stages.Authenticator.WebAuthnauthentik.stages.captcha
- authentik Stages.Captchaauthentik.stages.consent
- authentik Stages.Consentauthentik.stages.deny
- authentik Stages.Denyauthentik.stages.dummy
- authentik Stages.Dummyauthentik.stages.email
- authentik Stages.Emailauthentik.stages.identification
- authentik Stages.Identificationauthentik.stages.invitation
- authentik Stages.User Invitationauthentik.stages.password
- authentik Stages.Passwordauthentik.stages.prompt
- authentik Stages.Promptauthentik.stages.user_delete
- authentik Stages.User Deleteauthentik.stages.user_login
- authentik Stages.User Loginauthentik.stages.user_logout
- authentik Stages.User Logoutauthentik.stages.user_write
- authentik Stages.User Writeauthentik.tenants
- authentik Tenantsauthentik.blueprints
- authentik Blueprintsauthentik.core
- authentik Coreauthentik.enterprise
- authentik Enterprise
Added enum value:
authentik.enterprise
Return Type:
Changed response : 201 Created
-
Changed content type :
application/json
-
Changed property
app
(string)authentik.admin
- authentik Adminauthentik.api
- authentik APIauthentik.crypto
- authentik Cryptoauthentik.events
- authentik Eventsauthentik.flows
- authentik Flowsauthentik.lib
- authentik libauthentik.outposts
- authentik Outpostauthentik.policies.dummy
- authentik Policies.Dummyauthentik.policies.event_matcher
- authentik Policies.Event Matcherauthentik.policies.expiry
- authentik Policies.Expiryauthentik.policies.expression
- authentik Policies.Expressionauthentik.policies.password
- authentik Policies.Passwordauthentik.policies.reputation
- authentik Policies.Reputationauthentik.policies
- authentik Policiesauthentik.providers.ldap
- authentik Providers.LDAPauthentik.providers.oauth2
- authentik Providers.OAuth2authentik.providers.proxy
- authentik Providers.Proxyauthentik.providers.radius
- authentik Providers.Radiusauthentik.providers.saml
- authentik Providers.SAMLauthentik.providers.scim
- authentik Providers.SCIMauthentik.recovery
- authentik Recoveryauthentik.sources.ldap
- authentik Sources.LDAPauthentik.sources.oauth
- authentik Sources.OAuthauthentik.sources.plex
- authentik Sources.Plexauthentik.sources.saml
- authentik Sources.SAMLauthentik.stages.authenticator_duo
- authentik Stages.Authenticator.Duoauthentik.stages.authenticator_sms
- authentik Stages.Authenticator.SMSauthentik.stages.authenticator_static
- authentik Stages.Authenticator.Staticauthentik.stages.authenticator_totp
- authentik Stages.Authenticator.TOTPauthentik.stages.authenticator_validate
- authentik Stages.Authenticator.Validateauthentik.stages.authenticator_webauthn
- authentik Stages.Authenticator.WebAuthnauthentik.stages.captcha
- authentik Stages.Captchaauthentik.stages.consent
- authentik Stages.Consentauthentik.stages.deny
- authentik Stages.Denyauthentik.stages.dummy
- authentik Stages.Dummyauthentik.stages.email
- authentik Stages.Emailauthentik.stages.identification
- authentik Stages.Identificationauthentik.stages.invitation
- authentik Stages.User Invitationauthentik.stages.password
- authentik Stages.Passwordauthentik.stages.prompt
- authentik Stages.Promptauthentik.stages.user_delete
- authentik Stages.User Deleteauthentik.stages.user_login
- authentik Stages.User Loginauthentik.stages.user_logout
- authentik Stages.User Logoutauthentik.stages.user_write
- authentik Stages.User Writeauthentik.tenants
- authentik Tenantsauthentik.blueprints
- authentik Blueprintsauthentik.core
- authentik Coreauthentik.enterprise
- authentik Enterprise
Added enum value:
authentik.enterprise
-
GET
/policies/event_matcher/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > Event Matcher Policy Serializer
-
Changed property
app
(string)authentik.admin
- authentik Adminauthentik.api
- authentik APIauthentik.crypto
- authentik Cryptoauthentik.events
- authentik Eventsauthentik.flows
- authentik Flowsauthentik.lib
- authentik libauthentik.outposts
- authentik Outpostauthentik.policies.dummy
- authentik Policies.Dummyauthentik.policies.event_matcher
- authentik Policies.Event Matcherauthentik.policies.expiry
- authentik Policies.Expiryauthentik.policies.expression
- authentik Policies.Expressionauthentik.policies.password
- authentik Policies.Passwordauthentik.policies.reputation
- authentik Policies.Reputationauthentik.policies
- authentik Policiesauthentik.providers.ldap
- authentik Providers.LDAPauthentik.providers.oauth2
- authentik Providers.OAuth2authentik.providers.proxy
- authentik Providers.Proxyauthentik.providers.radius
- authentik Providers.Radiusauthentik.providers.saml
- authentik Providers.SAMLauthentik.providers.scim
- authentik Providers.SCIMauthentik.recovery
- authentik Recoveryauthentik.sources.ldap
- authentik Sources.LDAPauthentik.sources.oauth
- authentik Sources.OAuthauthentik.sources.plex
- authentik Sources.Plexauthentik.sources.saml
- authentik Sources.SAMLauthentik.stages.authenticator_duo
- authentik Stages.Authenticator.Duoauthentik.stages.authenticator_sms
- authentik Stages.Authenticator.SMSauthentik.stages.authenticator_static
- authentik Stages.Authenticator.Staticauthentik.stages.authenticator_totp
- authentik Stages.Authenticator.TOTPauthentik.stages.authenticator_validate
- authentik Stages.Authenticator.Validateauthentik.stages.authenticator_webauthn
- authentik Stages.Authenticator.WebAuthnauthentik.stages.captcha
- authentik Stages.Captchaauthentik.stages.consent
- authentik Stages.Consentauthentik.stages.deny
- authentik Stages.Denyauthentik.stages.dummy
- authentik Stages.Dummyauthentik.stages.email
- authentik Stages.Emailauthentik.stages.identification
- authentik Stages.Identificationauthentik.stages.invitation
- authentik Stages.User Invitationauthentik.stages.password
- authentik Stages.Passwordauthentik.stages.prompt
- authentik Stages.Promptauthentik.stages.user_delete
- authentik Stages.User Deleteauthentik.stages.user_login
- authentik Stages.User Loginauthentik.stages.user_logout
- authentik Stages.User Logoutauthentik.stages.user_write
- authentik Stages.User Writeauthentik.tenants
- authentik Tenantsauthentik.blueprints
- authentik Blueprintsauthentik.core
- authentik Coreauthentik.enterprise
- authentik Enterprise
Added enum value:
authentik.enterprise
-
-
GET
/propertymappings/all/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > PropertyMapping Serializer
- Changed property
managed
(string)Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update.
- Changed property
-
POST
/propertymappings/ldap/
Request:
Changed content type : application/json
- Changed property
managed
(string)Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update.
Return Type:
Changed response : 201 Created
-
Changed content type :
application/json
- Changed property
managed
(string)Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update.
- Changed property
GET
/propertymappings/ldap/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > LDAP PropertyMapping Serializer
- Changed property
managed
(string)Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update.
- Changed property
-
POST
/propertymappings/saml/
Request:
Changed content type : application/json
- Changed property
managed
(string)Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update.
Return Type:
Changed response : 201 Created
-
Changed content type :
application/json
- Changed property
managed
(string)Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update.
- Changed property
GET
/propertymappings/saml/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > SAMLPropertyMapping Serializer
- Changed property
managed
(string)Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update.
- Changed property
-
POST
/propertymappings/scim/
Request:
Changed content type : application/json
- Changed property
managed
(string)Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update.
Return Type:
Changed response : 201 Created
-
Changed content type :
application/json
- Changed property
managed
(string)Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update.
- Changed property
GET
/propertymappings/scim/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > SCIMMapping Serializer
- Changed property
managed
(string)Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update.
- Changed property
-
POST
/propertymappings/scope/
Request:
Changed content type : application/json
- Changed property
managed
(string)Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update.
Return Type:
Changed response : 201 Created
-
Changed content type :
application/json
- Changed property
managed
(string)Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update.
- Changed property
GET
/propertymappings/scope/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > ScopeMapping Serializer
- Changed property
managed
(string)Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update.
- Changed property
-
GET
/providers/all/
Parameters:
Added: backchannel_only
in query
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > Provider Serializer
New required properties:
-
assigned_backchannel_application_name
-
assigned_backchannel_application_slug
-
Added property
assigned_backchannel_application_slug
(string)Internal application name, used in URLs.
-
Added property
assigned_backchannel_application_name
(string)Application's display Name.
-
-
GET
/providers/ldap/{id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
New required properties:
-
assigned_backchannel_application_name
-
assigned_backchannel_application_slug
-
Added property
assigned_backchannel_application_slug
(string)Internal application name, used in URLs.
-
Added property
assigned_backchannel_application_name
(string)Application's display Name.
-
PUT
/providers/ldap/{id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
New required properties:
-
assigned_backchannel_application_name
-
assigned_backchannel_application_slug
-
Added property
assigned_backchannel_application_slug
(string)Internal application name, used in URLs.
-
Added property
assigned_backchannel_application_name
(string)Application's display Name.
-
PATCH
/providers/ldap/{id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
New required properties:
-
assigned_backchannel_application_name
-
assigned_backchannel_application_slug
-
Added property
assigned_backchannel_application_slug
(string)Internal application name, used in URLs.
-
Added property
assigned_backchannel_application_name
(string)Application's display Name.
-
POST
/providers/oauth2/
Return Type:
Changed response : 201 Created
-
Changed content type :
application/json
New required properties:
-
assigned_backchannel_application_name
-
assigned_backchannel_application_slug
-
Added property
assigned_backchannel_application_slug
(string)Internal application name, used in URLs.
-
Added property
assigned_backchannel_application_name
(string)Application's display Name.
-
GET
/providers/oauth2/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > OAuth2Provider Serializer
New required properties:
-
assigned_backchannel_application_name
-
assigned_backchannel_application_slug
-
Added property
assigned_backchannel_application_slug
(string)Internal application name, used in URLs.
-
Added property
assigned_backchannel_application_name
(string)Application's display Name.
-
-
POST
/providers/proxy/
Return Type:
Changed response : 201 Created
-
Changed content type :
application/json
New required properties:
-
assigned_backchannel_application_name
-
assigned_backchannel_application_slug
-
Added property
assigned_backchannel_application_slug
(string)Internal application name, used in URLs.
-
Added property
assigned_backchannel_application_name
(string)Application's display Name.
-
GET
/providers/proxy/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > ProxyProvider Serializer
New required properties:
-
assigned_backchannel_application_name
-
assigned_backchannel_application_slug
-
Added property
assigned_backchannel_application_slug
(string)Internal application name, used in URLs.
-
Added property
assigned_backchannel_application_name
(string)Application's display Name.
-
-
POST
/providers/radius/
Return Type:
Changed response : 201 Created
-
Changed content type :
application/json
New required properties:
-
assigned_backchannel_application_name
-
assigned_backchannel_application_slug
-
Added property
assigned_backchannel_application_slug
(string)Internal application name, used in URLs.
-
Added property
assigned_backchannel_application_name
(string)Application's display Name.
-
GET
/providers/radius/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > RadiusProvider Serializer
New required properties:
-
assigned_backchannel_application_name
-
assigned_backchannel_application_slug
-
Added property
assigned_backchannel_application_slug
(string)Internal application name, used in URLs.
-
Added property
assigned_backchannel_application_name
(string)Application's display Name.
-
-
GET
/providers/saml/{id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
New required properties:
-
assigned_backchannel_application_name
-
assigned_backchannel_application_slug
-
Added property
assigned_backchannel_application_slug
(string)Internal application name, used in URLs.
-
Added property
assigned_backchannel_application_name
(string)Application's display Name.
-
PUT
/providers/saml/{id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
New required properties:
-
assigned_backchannel_application_name
-
assigned_backchannel_application_slug
-
Added property
assigned_backchannel_application_slug
(string)Internal application name, used in URLs.
-
Added property
assigned_backchannel_application_name
(string)Application's display Name.
-
PATCH
/providers/saml/{id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
New required properties:
-
assigned_backchannel_application_name
-
assigned_backchannel_application_slug
-
Added property
assigned_backchannel_application_slug
(string)Internal application name, used in URLs.
-
Added property
assigned_backchannel_application_name
(string)Application's display Name.
-
GET
/root/config/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
capabilities
(array)Changed items (string): > _
can_save_media
- Can Save Media > _can_geo_ip
- Can Geo Ip > _can_impersonate
- Can Impersonate > _can_debug
- Can Debug > *is_enterprise
- Is EnterpriseAdded enum value:
is_enterprise
-
GET
/sources/all/{slug}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
managed
(string)Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update.
-
Changed property
policy_engine_mode
(string)all
- all, all policies must passany
- any, any policy must pass
-
GET
/sources/ldap/{slug}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
managed
(string)Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update.
-
Changed property
policy_engine_mode
(string)all
- all, all policies must passany
- any, any policy must pass
-
PUT
/sources/ldap/{slug}/
Request:
Changed content type : application/json
- Changed property
policy_engine_mode
(string)all
- all, all policies must passany
- any, any policy must pass
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
managed
(string)Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update.
-
Changed property
policy_engine_mode
(string)all
- all, all policies must passany
- any, any policy must pass
-
PATCH
/sources/ldap/{slug}/
Request:
Changed content type : application/json
- Changed property
policy_engine_mode
(string)all
- all, all policies must passany
- any, any policy must pass
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
managed
(string)Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update.
-
Changed property
policy_engine_mode
(string)all
- all, all policies must passany
- any, any policy must pass
-
GET
/sources/oauth/{slug}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
managed
(string)Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update.
-
Changed property
policy_engine_mode
(string)all
- all, all policies must passany
- any, any policy must pass
-
Changed property
provider_type
(string)apple
- Appleazuread
- Azure ADdiscord
- Discordfacebook
- Facebookgithub
- GitHubgoogle
- Googlemailcow
- Mailcowopenidconnect
- OpenID Connectokta
- Oktapatreon
- Patreonreddit
- Reddittwitch
- Twitchtwitter
- Twitter
Added enum value:
patreon
-
PUT
/sources/oauth/{slug}/
Request:
Changed content type : application/json
-
Changed property
policy_engine_mode
(string)all
- all, all policies must passany
- any, any policy must pass
-
Changed property
provider_type
(string)apple
- Appleazuread
- Azure ADdiscord
- Discordfacebook
- Facebookgithub
- GitHubgoogle
- Googlemailcow
- Mailcowopenidconnect
- OpenID Connectokta
- Oktapatreon
- Patreonreddit
- Reddittwitch
- Twitchtwitter
- Twitter
Added enum value:
patreon
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
managed
(string)Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update.
-
Changed property
policy_engine_mode
(string)all
- all, all policies must passany
- any, any policy must pass
-
Changed property
provider_type
(string)apple
- Appleazuread
- Azure ADdiscord
- Discordfacebook
- Facebookgithub
- GitHubgoogle
- Googlemailcow
- Mailcowopenidconnect
- OpenID Connectokta
- Oktapatreon
- Patreonreddit
- Reddittwitch
- Twitchtwitter
- Twitter
Added enum value:
patreon
-
PATCH
/sources/oauth/{slug}/
Request:
Changed content type : application/json
-
Changed property
policy_engine_mode
(string)all
- all, all policies must passany
- any, any policy must pass
-
Changed property
provider_type
(string)apple
- Appleazuread
- Azure ADdiscord
- Discordfacebook
- Facebookgithub
- GitHubgoogle
- Googlemailcow
- Mailcowopenidconnect
- OpenID Connectokta
- Oktapatreon
- Patreonreddit
- Reddittwitch
- Twitchtwitter
- Twitter
Added enum value:
patreon