Release 2024.10
Highlights
- Chrome Device Trust Enterprise Preview: Verify that your users are logging in from managed devices and validate the devices' compliance with company policies.
- FIPS/FAL3 for FedRAMP "very high" compliance Enterprise+: with support for SAML encryption and now JWE (JSON Web Encryption) support, authentik can now be configured for FIPS compliance at Federation Assurance Level (FAL) 3.
- Captcha on Identification stage: Run a CAPTCHA process in the background while the user is entering their identification.
- Kerberos source: authentik can now integrate with existing Kerberos environments by allowing users to log in with their Kerberos credentials, SPNEGO, or syncing users into authentik.
Breaking changes
We have no breaking changes this release!
New features
-
Chrome Device Trust Enterprise Preview
This is a new stage for Enterprise clients that verifies the user through the Chrome Verified Access API. This stage only works with Google Chrome. You'll need to bring your own Verified Access API instance via Google Cloud.
-
JWE support for OAuth
You can now configure JSON Web Encryption with the OAuth 2.0 Provider, which will encrypt all the tokens created by authentik, using the configured encryption key.
-
Captcha on identification stage
We've added an optional Captcha stage baked into an Identification stage to run in the background while the user inputs their information. Using this will hopefully result in lower total time per flow for the end user.
-
Invalidation flows for providers
The sign-out experience when the session in an application ends can be configured now. Previously where this was always a static page, any flow can be used now. This can be used for additional validation, or redirecting the user to a custom URL.
-
Autoselect 2FA device
Users who configure multiple 2FA devices will now land on their last used device's prompt, skipping the device picker. This should result in lower total average time per flow for the end user.
-
New structure for authentik's technical documentation
We've restructured the documentation in authentik to be more task-based, with sections, titles, and headings that follow the workflow of installing, configuring, and using the product. Previously, our docs were organized by components. This new focus on tasks increases findability within the Table of Contents, and provide a high-level guide of the typical workflows with authentik.
Upgrading
This release does not introduce any new requirements. You can follow the upgrade instructions below; for more detailed information about upgrading authentik, refer to our Upgrade documentation.
When you upgrade, be aware that the version of the authentik instance and of any outposts must be the same. We recommended that you always upgrade any outposts at the same time you upgrade your authentik instance.
Docker Compose
To upgrade, download the new docker-compose file and update the Docker stack with the new version, using these commands:
wget -O docker-compose.yml https://goauthentik.io/version/2024.10/docker-compose.yml
docker compose up -d
The -O
flag retains the downloaded file's name, overwriting any existing local file with the same name.
Kubernetes
Upgrade the Helm Chart to the new version, using the following commands:
helm repo update
helm upgrade authentik authentik/authentik -f values.yaml --version ^2024.10
Minor changes/fixes
- *: fix deprecated calls to sentry start_span (#11655)
- admin: refactor update check (#11272)
- admin: store version history (#11520)
- blueprints: fix validation error when using internal storage (#11654)
- core: ensure all providers have correct priority (#11280)
- core: ensure proxy provider is correctly looked up (#11267)
- core: extract object matching from flow manager (#11458)
- core: fix change_user_type always requiring usernames (#11177)
- core: fix missing argument name escaping for property mapping (#11231)
- core: fix permission check for scoped impersonation (#11315)
- core: fix permission check for scoped impersonation (#11603)
- enterprise: fix API mixin license validity check (#11331)
- enterprise: fix incorrect comparison for latest validity date (#11109)
- enterprise: show specific error if Install ID is invalid in license (#11317)
- events: always use expiry from current tenant for events, not only when creating from HTTP request (#11415)
- events: optimise marking events as seen (#11297)
- fix: proxy provider - docker traefik label (#11460)
- flows: include Outpost instance in flow context and save in login event (#11318)
- flows: provider invalidation (#5048)
- internal: fix go paginator not setting page correctly (#11253)
- internal: restore /ping behaviour for embedded outpost (#11568)
- policies/event_matcher: fix inconsistent behaviour (#11724)
- providers/ldap: fix incorrect permission check for search access (#11217)
- providers/ldap: fix migration assuming search group is set (#11170)
- providers/ldap: rework search_group migration to work with read replicas (#11228)
- providers/oauth2: add indexes on tokens (#11524)
- providers/oauth2: add initial JWE support (#11344)
- providers/oauth2: audit_ignore last_login change for generated service account (#11085)
- providers/oauth2: don't overwrite attributes when updating service account (#11709)
- providers/oauth2: improve indexes on tokens (#11543)
- providers/proxy: fix URL path getting lost when partial URL is given to rd= (#11354)
- providers/proxy: fix panic, keep session storages open (#11439)
- providers/saml: fix incorrect ds:Reference URI (#11699)
- providers/scim: add option to ignore SCIM server cert (#11437)
- root: fix ensure `outpost_connection_discovery runs on worker startup (#11260)
- schemas: fix XML Schema loading...for some reason?
- security: fix CVE-2024-47070 (#11536)
- security: fix CVE-2024-47077 (#11535)
- sources/ldap: fix mapping check, fix debug endpoint (#11442)
- sources/ldap: fix missing search attribute (#11125)
- sources/ldap: fix ms_ad userAccountControl not checking for lockout (#11532)
- sources/saml: fix NameIDFormat descriptor in metadata generation (#11614)
- stages/authenticator: use RBAC for devices API (#11482)
- stages/identification: dynamically find login challenges (#11571)
- stages/password: add error message when exceeding maximum tries (#11679)
- tests/e2e: add forward auth e2e test (#11374)
- web/admin: display webauthn device type (#11481)
- web/admin: fix Authentication flow being required (#11496)
- web/admin: fix duplicate flow labels (#11689)
- web/admin: fix error in Outpost creation form (#11173)
- web/admin: fix invalid create date shown for MFA registered before date was saved (#11728)
- web/admin: fix misc dual select on different forms (#11203)
- web/admin: fix missing Sync object button SCIM Provider (#11211)
- web/admin: fix notification property mapping forms (#11298)
- web/admin: fix sync single button throwing error (#11727)
- web/admin: improve error handling (#11212)
- web/users: show - if device was registered before we started saving the time (#11256)
- web: Adjust Wdio MaxInstances, add Knip (#11089)
- web: Fix css loading in unit tests, remove unneeded dot paths (#11629)
- web: add missing id attribute for button in ak-flow-input-password (#11413)
- web: audit and update package.json and associated test harness, with upgrade to WebdriverIO 9 (#11596)
- web: fix dual-select with dynamic selection (#11133)
- web: fix e2e tests to work with latest WebdriverIO and authentik 2024.8 (#11105)
- web: fix readonly fields appearing white in dark theme (#11271)
- web: provide simple tables for API-less displays (#11028)
- web: provide storybook demos and docs for existing tests (#11651)
- web: revert lockfile lint, re-add integrity (#11380)
- web: small fixes for elements and forms (#11546)
Fixed in 2024.10.1
- core: add
None
check to a device'sextra_description
(cherry-pick #11904) (#11906) - enterprise/rac: fix API Schema for invalidation_flow (cherry-pick #11907) (#11908)
- providers/oauth2: fix size limited index for tokens (cherry-pick #11879) (#11905)
- web: fix missing status code on failed build (#11903)
Fixed in 2024.10.2
- blueprints: add default Password policy (cherry-pick #11793) (#11993)
- core: use versioned_script for path only (cherry-pick #12003) (#12023)
- crypto: validate that generated certificate's name is unique (cherry-pick #12015) (#12016)
- providers/oauth2: fix manual device code entry (cherry-pick #12017) (#12019)
- providers/proxy: fix Issuer when AUTHENTIK_HOST_BROWSER is set (cherry-pick #11968) (#12005)
- stages/captcha: Run interactive captcha in Frame (cherry-pick #11857) (#11991)
- stages/password: use recovery flow from brand (cherry-pick #11953) (#11969)
- web: bump API Client version (#11992)
Fixed in 2024.10.3
- core: fix source_flow_manager throwing error when authenticated user attempts to re-authenticate with existing link (cherry-pick #12080) (#12081)
- internal: add CSP header to files in
/media
(cherry-pick #12092) (#12108) - providers/ldap: fix global search_full_directory permission not being sufficient (cherry-pick #12028) (#12030)
- providers/scim: accept string and int for SCIM IDs (cherry-pick #12093) (#12095)
- rbac: fix incorrect object_description for object-level permissions (cherry-pick #12029) (#12043)
- root: check remote IP for proxy protocol same as HTTP/etc (cherry-pick #12094) (#12097)
- root: fix activation of locale not being scoped (cherry-pick #12091) (#12096)
- security: fix CVE-2024-52287, reported by @matt1097 (#12117)
- security: fix CVE-2024-52289, reported by @PontusHanssen (#12113)
- security: fix CVE-2024-52307, reported by @mgerstner (#12115)
- web/admin: better footer links (#12004)
- web/flows: fix invisible captcha call (cherry-pick #12048) (#12049)
- website/docs: add CSP to hardening (cherry-pick #11970) (#12116)
Fixed in 2024.10.4
- providers/oauth2: fix migration (cherry-pick #12138) (#12139)
- providers/oauth2: fix migration dependencies (cherry-pick #12123) (#12132)
- providers/oauth2: fix redirect uri input (cherry-pick #12122) (#12127)
- providers/proxy: fix redirect_uri (cherry-pick #12121) (#12125)
- web: bump API Client version (cherry-pick #12129) (#12130)
API Changes
API Changes in 2024.10.0
What's New
GET
/admin/version/history/
GET
/admin/version/history/{id}/
GET
/authenticators/admin/endpoint/
POST
/authenticators/admin/endpoint/
GET
/authenticators/admin/endpoint/{uuid}/
PUT
/authenticators/admin/endpoint/{uuid}/
DELETE
/authenticators/admin/endpoint/{uuid}/
PATCH
/authenticators/admin/endpoint/{uuid}/
GET
/authenticators/endpoint/
GET
/authenticators/endpoint/{uuid}/
GET
/authenticators/endpoint/{uuid}/used_by/
GET
/propertymappings/source/kerberos/
POST
/propertymappings/source/kerberos/
GET
/propertymappings/source/kerberos/{pm_uuid}/
PUT
/propertymappings/source/kerberos/{pm_uuid}/
DELETE
/propertymappings/source/kerberos/{pm_uuid}/
PATCH
/propertymappings/source/kerberos/{pm_uuid}/
GET
/propertymappings/source/kerberos/{pm_uuid}/used_by/
GET
/sources/group_connections/kerberos/
GET
/sources/group_connections/kerberos/{id}/
PUT
/sources/group_connections/kerberos/{id}/
DELETE
/sources/group_connections/kerberos/{id}/
PATCH
/sources/group_connections/kerberos/{id}/
GET
/sources/group_connections/kerberos/{id}/used_by/
GET
/sources/kerberos/
POST
/sources/kerberos/
GET
/sources/kerberos/{slug}/
PUT
/sources/kerberos/{slug}/
DELETE
/sources/kerberos/{slug}/
PATCH
/sources/kerberos/{slug}/
GET
/sources/kerberos/{slug}/sync/status/
GET
/sources/kerberos/{slug}/used_by/
GET
/sources/user_connections/kerberos/
POST
/sources/user_connections/kerberos/
GET
/sources/user_connections/kerberos/{id}/
PUT
/sources/user_connections/kerberos/{id}/
DELETE
/sources/user_connections/kerberos/{id}/
PATCH
/sources/user_connections/kerberos/{id}/
GET
/sources/user_connections/kerberos/{id}/used_by/
GET
/stages/authenticator/endpoint_gdtc/
POST
/stages/authenticator/endpoint_gdtc/
GET
/stages/authenticator/endpoint_gdtc/{stage_uuid}/
PUT
/stages/authenticator/endpoint_gdtc/{stage_uuid}/
DELETE
/stages/authenticator/endpoint_gdtc/{stage_uuid}/
PATCH
/stages/authenticator/endpoint_gdtc/{stage_uuid}/
GET
/stages/authenticator/endpoint_gdtc/{stage_uuid}/used_by/
What's Changed
GET
/authenticators/admin/all/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
Changed items (object): > Serializer for Duo authenticator devices
New required properties:
-
extra_description
-
Added property
extra_description
(string)Get extra description
-
Changed property
pk
(integer -> string)
-
GET
/authenticators/all/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
Changed items (object): > Serializer for Duo authenticator devices
New required properties:
-
extra_description
-
Added property
extra_description
(string)Get extra description
-
Changed property
pk
(integer -> string)
-
GET
/policies/event_matcher/{policy_uuid}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
app
(string)Match events created by selected application. When left empty, all applications are matched.
Added enum values:
authentik.sources.kerberos
authentik.enterprise.stages.authenticator_endpoint_gdtc
-
Changed property
model
(string)Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched.
Added enum values:
authentik_sources_kerberos.kerberossource
authentik_sources_kerberos.kerberossourcepropertymapping
authentik_sources_kerberos.userkerberossourceconnection
authentik_sources_kerberos.groupkerberossourceconnection
authentik_stages_authenticator_endpoint_gdtc.authenticatorendpointgdtcstage
-
PUT
/policies/event_matcher/{policy_uuid}/
Request:
Changed content type : application/json
-
Changed property
app
(string)Match events created by selected application. When left empty, all applications are matched.
Added enum values:
authentik.sources.kerberos
authentik.enterprise.stages.authenticator_endpoint_gdtc
-
Changed property
model
(string)Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched.
Added enum values:
authentik_sources_kerberos.kerberossource
authentik_sources_kerberos.kerberossourcepropertymapping
authentik_sources_kerberos.userkerberossourceconnection
authentik_sources_kerberos.groupkerberossourceconnection
authentik_stages_authenticator_endpoint_gdtc.authenticatorendpointgdtcstage
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
app
(string)Match events created by selected application. When left empty, all applications are matched.
Added enum values:
authentik.sources.kerberos
authentik.enterprise.stages.authenticator_endpoint_gdtc
-
Changed property
model
(string)Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched.
Added enum values:
authentik_sources_kerberos.kerberossource
authentik_sources_kerberos.kerberossourcepropertymapping
authentik_sources_kerberos.userkerberossourceconnection
authentik_sources_kerberos.groupkerberossourceconnection
authentik_stages_authenticator_endpoint_gdtc.authenticatorendpointgdtcstage
-
PATCH
/policies/event_matcher/{policy_uuid}/
Request:
Changed content type : application/json
-
Changed property
app
(string)Match events created by selected application. When left empty, all applications are matched.
Added enum values:
authentik.sources.kerberos
authentik.enterprise.stages.authenticator_endpoint_gdtc
-
Changed property
model
(string)Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched.
Added enum values:
authentik_sources_kerberos.kerberossource
authentik_sources_kerberos.kerberossourcepropertymapping
authentik_sources_kerberos.userkerberossourceconnection
authentik_sources_kerberos.groupkerberossourceconnection
authentik_stages_authenticator_endpoint_gdtc.authenticatorendpointgdtcstage
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
app
(string)Match events created by selected application. When left empty, all applications are matched.
Added enum values:
authentik.sources.kerberos
authentik.enterprise.stages.authenticator_endpoint_gdtc
-
Changed property
model
(string)Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched.
Added enum values:
authentik_sources_kerberos.kerberossource
authentik_sources_kerberos.kerberossourcepropertymapping
authentik_sources_kerberos.userkerberossourceconnection
authentik_sources_kerberos.groupkerberossourceconnection
authentik_stages_authenticator_endpoint_gdtc.authenticatorendpointgdtcstage
-
GET
/providers/all/{id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
New required properties:
-
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
GET
/providers/oauth2/{id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
New required properties:
-
invalidation_flow
-
Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
Added property
encryption_key
(string)Key used to encrypt the tokens. When set, tokens will be encrypted and returned as JWEs.
-
Changed property
signing_key
(string)Key used to sign the tokens.
-
PUT
/providers/oauth2/{id}/
Request:
Changed content type : application/json
New required properties:
invalidation_flow
-
Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
Added property
encryption_key
(string)Key used to encrypt the tokens. When set, tokens will be encrypted and returned as JWEs.
-
Changed property
signing_key
(string)Key used to sign the tokens.
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
New required properties:
-
invalidation_flow
-
Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
Added property
encryption_key
(string)Key used to encrypt the tokens. When set, tokens will be encrypted and returned as JWEs.
-
Changed property
signing_key
(string)Key used to sign the tokens.
-
PATCH
/providers/oauth2/{id}/
Request:
Changed content type : application/json
-
Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
Added property
encryption_key
(string)Key used to encrypt the tokens. When set, tokens will be encrypted and returned as JWEs.
-
Changed property
signing_key
(string)Key used to sign the tokens.
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
New required properties:
-
invalidation_flow
-
Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
Added property
encryption_key
(string)Key used to encrypt the tokens. When set, tokens will be encrypted and returned as JWEs.
-
Changed property
signing_key
(string)Key used to sign the tokens.
-
GET
/providers/proxy/{id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
New required properties:
-
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
PUT
/providers/proxy/{id}/
Request:
Changed content type : application/json
New required properties:
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
New required properties:
-
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
PATCH
/providers/proxy/{id}/
Request:
Changed content type : application/json
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
New required properties:
-
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
GET
/providers/rac/{id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
New required properties:
-
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
PUT
/providers/rac/{id}/
Request:
Changed content type : application/json
New required properties:
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
New required properties:
-
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
PATCH
/providers/rac/{id}/
Request:
Changed content type : application/json
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
New required properties:
-
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
GET
/providers/radius/{id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
New required properties:
-
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
PUT
/providers/radius/{id}/
Request:
Changed content type : application/json
New required properties:
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
New required properties:
-
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
PATCH
/providers/radius/{id}/
Request:
Changed content type : application/json
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
New required properties:
-
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
POST
/providers/saml/import_metadata/
Request:
Changed content type : multipart/form-data
New required properties:
invalidation_flow
- Added property
invalidation_flow
(string)
GET
/providers/scim/{id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
- Added property
verify_certificates
(boolean)
- Added property
PUT
/providers/scim/{id}/
Request:
Changed content type : application/json
- Added property
verify_certificates
(boolean)
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
- Added property
verify_certificates
(boolean)
- Added property
PATCH
/providers/scim/{id}/
Request:
Changed content type : application/json
- Added property
verify_certificates
(boolean)
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
- Added property
verify_certificates
(boolean)
- Added property
GET
/core/applications/{slug}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
provider_obj
(object)Provider Serializer
New required properties:
-
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
-
Changed property
backchannel_providers_obj
(array)Changed items (object): > Provider Serializer
New required properties:
-
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
-
PUT
/core/applications/{slug}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
provider_obj
(object)Provider Serializer
New required properties:
-
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
-
Changed property
backchannel_providers_obj
(array)Changed items (object): > Provider Serializer
New required properties:
-
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
-
PATCH
/core/applications/{slug}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
provider_obj
(object)Provider Serializer
New required properties:
-
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
-
Changed property
backchannel_providers_obj
(array)Changed items (object): > Provider Serializer
New required properties:
-
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
-
GET
/outposts/instances/{uuid}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
providers_obj
(array)Changed items (object): > Provider Serializer
New required properties:
-
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
-
PUT
/outposts/instances/{uuid}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
providers_obj
(array)Changed items (object): > Provider Serializer
New required properties:
-
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
-
PATCH
/outposts/instances/{uuid}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
providers_obj
(array)Changed items (object): > Provider Serializer
New required properties:
-
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
-
POST
/policies/event_matcher/
Request:
Changed content type : application/json
-
Changed property
app
(string)Match events created by selected application. When left empty, all applications are matched.
Added enum values:
authentik.sources.kerberos
authentik.enterprise.stages.authenticator_endpoint_gdtc
-
Changed property
model
(string)Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched.
Added enum values:
authentik_sources_kerberos.kerberossource
authentik_sources_kerberos.kerberossourcepropertymapping
authentik_sources_kerberos.userkerberossourceconnection
authentik_sources_kerberos.groupkerberossourceconnection
authentik_stages_authenticator_endpoint_gdtc.authenticatorendpointgdtcstage
Return Type:
Changed response : 201 Created
-
Changed content type :
application/json
-
Changed property
app
(string)Match events created by selected application. When left empty, all applications are matched.
Added enum values:
authentik.sources.kerberos
authentik.enterprise.stages.authenticator_endpoint_gdtc
-
Changed property
model
(string)Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched.
Added enum values:
authentik_sources_kerberos.kerberossource
authentik_sources_kerberos.kerberossourcepropertymapping
authentik_sources_kerberos.userkerberossourceconnection
authentik_sources_kerberos.groupkerberossourceconnection
authentik_stages_authenticator_endpoint_gdtc.authenticatorendpointgdtcstage
-
GET
/policies/event_matcher/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > Event Matcher Policy Serializer
-
Changed property
app
(string)Match events created by selected application. When left empty, all applications are matched.
Added enum values:
authentik.sources.kerberos
authentik.enterprise.stages.authenticator_endpoint_gdtc
-
Changed property
model
(string)Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched.
Added enum values:
authentik_sources_kerberos.kerberossource
authentik_sources_kerberos.kerberossourcepropertymapping
authentik_sources_kerberos.userkerberossourceconnection
authentik_sources_kerberos.groupkerberossourceconnection
authentik_stages_authenticator_endpoint_gdtc.authenticatorendpointgdtcstage
-
-
GET
/providers/all/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > Provider Serializer
New required properties:
-
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
-
GET
/providers/ldap/{id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
New required properties:
-
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
PUT
/providers/ldap/{id}/
Request:
Changed content type : application/json
New required properties:
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
New required properties:
-
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
PATCH
/providers/ldap/{id}/
Request:
Changed content type : application/json
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
New required properties:
-
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
POST
/providers/oauth2/
Request:
Changed content type : application/json
New required properties:
invalidation_flow
-
Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
Added property
encryption_key
(string)Key used to encrypt the tokens. When set, tokens will be encrypted and returned as JWEs.
-
Changed property
signing_key
(string)Key used to sign the tokens.
Return Type:
Changed response : 201 Created
-
Changed content type :
application/json
New required properties:
-
invalidation_flow
-
Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
Added property
encryption_key
(string)Key used to encrypt the tokens. When set, tokens will be encrypted and returned as JWEs.
-
Changed property
signing_key
(string)Key used to sign the tokens.
-
GET
/providers/oauth2/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > OAuth2Provider Serializer
New required properties:
-
invalidation_flow
-
Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
Added property
encryption_key
(string)Key used to encrypt the tokens. When set, tokens will be encrypted and returned as JWEs.
-
Changed property
signing_key
(string)Key used to sign the tokens.
-
-
POST
/providers/proxy/
Request:
Changed content type : application/json
New required properties:
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
Return Type:
Changed response : 201 Created
-
Changed content type :
application/json
New required properties:
-
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
GET
/providers/proxy/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > ProxyProvider Serializer
New required properties:
-
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
-
POST
/providers/rac/
Request:
Changed content type : application/json
New required properties:
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
Return Type:
Changed response : 201 Created
-
Changed content type :
application/json
New required properties:
-
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
GET
/providers/rac/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > RACProvider Serializer
New required properties:
-
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
-
POST
/providers/radius/
Request:
Changed content type : application/json
New required properties:
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
Return Type:
Changed response : 201 Created
-
Changed content type :
application/json
New required properties:
-
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
GET
/providers/radius/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > RadiusProvider Serializer
New required properties:
-
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
-
GET
/providers/saml/{id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
New required properties:
-
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
PUT
/providers/saml/{id}/
Request:
Changed content type : application/json
New required properties:
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
New required properties:
-
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
PATCH
/providers/saml/{id}/
Request:
Changed content type : application/json
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
New required properties:
-
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
POST
/providers/scim/
Request:
Changed content type : application/json
- Added property
verify_certificates
(boolean)
Return Type:
Changed response : 201 Created
-
Changed content type :
application/json
- Added property
verify_certificates
(boolean)
- Added property
GET
/providers/scim/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > SCIMProvider Serializer
- Added property
verify_certificates
(boolean)
- Added property
-
GET
/rac/connection_tokens/{connection_token_uuid}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
provider_obj
(object)RACProvider Serializer
New required properties:
-
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
-
Changed property
endpoint_obj
(object)Endpoint Serializer
-
Changed property
provider_obj
(object)RACProvider Serializer
New required properties:
-
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
-
-
PUT
/rac/connection_tokens/{connection_token_uuid}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
provider_obj
(object)RACProvider Serializer
New required properties:
-
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
-
Changed property
endpoint_obj
(object)Endpoint Serializer
-
Changed property
provider_obj
(object)RACProvider Serializer
New required properties:
-
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
-
-
PATCH
/rac/connection_tokens/{connection_token_uuid}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
provider_obj
(object)RACProvider Serializer
New required properties:
-
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
-
Changed property
endpoint_obj
(object)Endpoint Serializer
-
Changed property
provider_obj
(object)RACProvider Serializer
New required properties:
-
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
-
-
GET
/rac/endpoints/{pbm_uuid}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
provider_obj
(object)RACProvider Serializer
New required properties:
-
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
-
PUT
/rac/endpoints/{pbm_uuid}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
provider_obj
(object)RACProvider Serializer
New required properties:
-
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
-
PATCH
/rac/endpoints/{pbm_uuid}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
provider_obj
(object)RACProvider Serializer
New required properties:
-
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
-
POST
/rbac/permissions/assigned_by_roles/{uuid}/assign/
Request:
Changed content type : application/json
-
Changed property
model
(string)Added enum values:
authentik_sources_kerberos.kerberossource
authentik_sources_kerberos.kerberossourcepropertymapping
authentik_sources_kerberos.userkerberossourceconnection
authentik_sources_kerberos.groupkerberossourceconnection
authentik_stages_authenticator_endpoint_gdtc.authenticatorendpointgdtcstage
PATCH
/rbac/permissions/assigned_by_roles/{uuid}/unassign/
Request:
Changed content type : application/json
-
Changed property
model
(string)Added enum values:
authentik_sources_kerberos.kerberossource
authentik_sources_kerberos.kerberossourcepropertymapping
authentik_sources_kerberos.userkerberossourceconnection
authentik_sources_kerberos.groupkerberossourceconnection
authentik_stages_authenticator_endpoint_gdtc.authenticatorendpointgdtcstage
POST
/rbac/permissions/assigned_by_users/{id}/assign/
Request:
Changed content type : application/json
-
Changed property
model
(string)Added enum values:
authentik_sources_kerberos.kerberossource
authentik_sources_kerberos.kerberossourcepropertymapping
authentik_sources_kerberos.userkerberossourceconnection
authentik_sources_kerberos.groupkerberossourceconnection
authentik_stages_authenticator_endpoint_gdtc.authenticatorendpointgdtcstage
PATCH
/rbac/permissions/assigned_by_users/{id}/unassign/
Request:
Changed content type : application/json
-
Changed property
model
(string)Added enum values:
authentik_sources_kerberos.kerberossource
authentik_sources_kerberos.kerberossourcepropertymapping
authentik_sources_kerberos.userkerberossourceconnection
authentik_sources_kerberos.groupkerberossourceconnection
authentik_stages_authenticator_endpoint_gdtc.authenticatorendpointgdtcstage
GET
/sources/saml/{slug}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
name_id_policy
(string)NameID Policy sent to the IdP. Can be unset, in which case no Policy is sent.
Added enum value:
-
urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName
Removed enum value: -
urn:oasis:names:tc:SAML:2.0:nameid-format:X509SubjectName
-
-
PUT
/sources/saml/{slug}/
Request:
Changed content type : application/json
-
Changed property
name_id_policy
(string)NameID Policy sent to the IdP. Can be unset, in which case no Policy is sent.
Added enum value:
-
urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName
Removed enum value: -
urn:oasis:names:tc:SAML:2.0:nameid-format:X509SubjectName
-
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
name_id_policy
(string)NameID Policy sent to the IdP. Can be unset, in which case no Policy is sent.
Added enum value:
-
urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName
Removed enum value: -
urn:oasis:names:tc:SAML:2.0:nameid-format:X509SubjectName
-
-
PATCH
/sources/saml/{slug}/
Request:
Changed content type : application/json
-
Changed property
name_id_policy
(string)NameID Policy sent to the IdP. Can be unset, in which case no Policy is sent.
Added enum value:
-
urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName
Removed enum value: -
urn:oasis:names:tc:SAML:2.0:nameid-format:X509SubjectName
-
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
name_id_policy
(string)NameID Policy sent to the IdP. Can be unset, in which case no Policy is sent.
Added enum value:
-
urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName
Removed enum value: -
urn:oasis:names:tc:SAML:2.0:nameid-format:X509SubjectName
-
-
POST
/core/applications/
Return Type:
Changed response : 201 Created
-
Changed content type :
application/json
-
Changed property
provider_obj
(object)Provider Serializer
New required properties:
-
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
-
Changed property
backchannel_providers_obj
(array)Changed items (object): > Provider Serializer
New required properties:
-
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
-
GET
/core/applications/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > Application Serializer
-
Changed property
provider_obj
(object)Provider Serializer
New required properties:
-
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
-
Changed property
backchannel_providers_obj
(array)Changed items (object): > Provider Serializer
New required properties:
-
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
-
-
GET
/core/user_consent/{id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
application
(object)Application Serializer
-
Changed property
provider_obj
(object)Provider Serializer
New required properties:
-
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
-
Changed property
backchannel_providers_obj
(array)Changed items (object): > Provider Serializer
New required properties:
-
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
-
-
GET
/oauth2/access_tokens/{id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
provider
(object)OAuth2Provider Serializer
New required properties:
-
invalidation_flow
-
Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
Added property
encryption_key
(string)Key used to encrypt the tokens. When set, tokens will be encrypted and returned as JWEs.
-
Changed property
signing_key
(string)Key used to sign the tokens.
-
-
GET
/oauth2/authorization_codes/{id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
provider
(object)OAuth2Provider Serializer
New required properties:
-
invalidation_flow
-
Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
Added property
encryption_key
(string)Key used to encrypt the tokens. When set, tokens will be encrypted and returned as JWEs.
-
Changed property
signing_key
(string)Key used to sign the tokens.
-
-
GET
/oauth2/refresh_tokens/{id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
provider
(object)OAuth2Provider Serializer
New required properties:
-
invalidation_flow
-
Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
Added property
encryption_key
(string)Key used to encrypt the tokens. When set, tokens will be encrypted and returned as JWEs.
-
Changed property
signing_key
(string)Key used to sign the tokens.
-
-
POST
/outposts/instances/
Return Type:
Changed response : 201 Created
-
Changed content type :
application/json
-
Changed property
providers_obj
(array)Changed items (object): > Provider Serializer
New required properties:
-
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
-
GET
/outposts/instances/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > Outpost Serializer
-
Changed property
providers_obj
(array)Changed items (object): > Provider Serializer
New required properties:
-
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
-
-
GET
/outposts/ldap/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > LDAPProvider Serializer
New required properties:
-
unbind_flow_slug
- Added property
unbind_flow_slug
(string)Get slug for unbind flow, defaulting to brand's default flow.
-
-
POST
/providers/ldap/
Request:
Changed content type : application/json
New required properties:
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
Return Type:
Changed response : 201 Created
-
Changed content type :
application/json
New required properties:
-
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
GET
/providers/ldap/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > LDAPProvider Serializer
New required properties:
-
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
-
POST
/providers/saml/
Request:
Changed content type : application/json
New required properties:
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
Return Type:
Changed response : 201 Created
-
Changed content type :
application/json
New required properties:
-
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
GET
/providers/saml/
Parameters:
Added: invalidation_flow
in query
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > SAMLProvider Serializer
New required properties:
-
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
-
GET
/rac/connection_tokens/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > ConnectionToken Serializer
-
Changed property
provider_obj
(object)RACProvider Serializer
New required properties:
-
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
-
Changed property
endpoint_obj
(object)Endpoint Serializer
-
Changed property
provider_obj
(object)RACProvider Serializer
New required properties:
-
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
-
-
-
POST
/rac/endpoints/
Return Type:
Changed response : 201 Created
-
Changed content type :
application/json
-
Changed property
provider_obj
(object)RACProvider Serializer
New required properties:
-
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
-
GET
/rac/endpoints/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > Endpoint Serializer
-
Changed property
provider_obj
(object)RACProvider Serializer
New required properties:
-
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
-
-
GET
/rbac/permissions/assigned_by_roles/
Parameters:
Changed: model
in query
GET
/rbac/permissions/assigned_by_users/
Parameters:
Changed: model
in query
POST
/sources/saml/
Request:
Changed content type : application/json
-
Changed property
name_id_policy
(string)NameID Policy sent to the IdP. Can be unset, in which case no Policy is sent.
Added enum value:
-
urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName
Removed enum value: -
urn:oasis:names:tc:SAML:2.0:nameid-format:X509SubjectName
-
Return Type:
Changed response : 201 Created
-
Changed content type :
application/json
-
Changed property
name_id_policy
(string)NameID Policy sent to the IdP. Can be unset, in which case no Policy is sent.
Added enum value:
-
urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName
Removed enum value: -
urn:oasis:names:tc:SAML:2.0:nameid-format:X509SubjectName
-
-
GET
/sources/saml/
Parameters:
Changed: name_id_policy
in query
NameID Policy sent to the IdP. Can be unset, in which case no Policy is sent.
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > SAMLSource Serializer
-
Changed property
name_id_policy
(string)NameID Policy sent to the IdP. Can be unset, in which case no Policy is sent.
Added enum value:
-
urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName
Removed enum value: -
urn:oasis:names:tc:SAML:2.0:nameid-format:X509SubjectName
-
-
-
GET
/stages/identification/{stage_uuid}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
- Added property
captcha_stage
(string)When set, adds functionality exactly like a Captcha stage, but baked into the Identification stage.
- Added property
PUT
/stages/identification/{stage_uuid}/
Request:
Changed content type : application/json
- Added property
captcha_stage
(string)When set, adds functionality exactly like a Captcha stage, but baked into the Identification stage.
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
- Added property
captcha_stage
(string)When set, adds functionality exactly like a Captcha stage, but baked into the Identification stage.
- Added property
PATCH
/stages/identification/{stage_uuid}/
Request:
Changed content type : application/json
- Added property
captcha_stage
(string)When set, adds functionality exactly like a Captcha stage, but baked into the Identification stage.
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
- Added property
captcha_stage
(string)When set, adds functionality exactly like a Captcha stage, but baked into the Identification stage.
- Added property
GET
/stages/password/{stage_uuid}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
backends
(array)Selection of backends to test the password against.
Changed items (string):
Added enum value:
authentik.sources.kerberos.auth.KerberosBackend
-
PUT
/stages/password/{stage_uuid}/
Request:
Changed content type : application/json
-
Changed property
backends
(array)Selection of backends to test the password against.
Changed items (string):
Added enum value:
authentik.sources.kerberos.auth.KerberosBackend
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
backends
(array)Selection of backends to test the password against.
Changed items (string):
Added enum value:
authentik.sources.kerberos.auth.KerberosBackend
-
PATCH
/stages/password/{stage_uuid}/
Request:
Changed content type : application/json
-
Changed property
backends
(array)Selection of backends to test the password against.
Changed items (string):
Added enum value:
authentik.sources.kerberos.auth.KerberosBackend
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
backends
(array)Selection of backends to test the password against.
Changed items (string):
Added enum value:
authentik.sources.kerberos.auth.KerberosBackend
-
PUT
/core/transactional/applications/
Request:
Changed content type : application/json
-
Changed property
provider
(object)Updated
authentik_providers_oauth2.oauth2provider
provider_model: New required properties:-
invalidation_flow
-
Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
Added property
encryption_key
(string)Key used to encrypt the tokens. When set, tokens will be encrypted and returned as JWEs.
-
Changed property
signing_key
(string)Key used to sign the tokens.
Updated
authentik_providers_radius.radiusprovider
provider_model: New required properties:-
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
Updated
authentik_providers_scim.scimprovider
provider_model:- Added property
verify_certificates
(boolean)
Updated
authentik_providers_proxy.proxyprovider
provider_model: New required properties:-
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
Updated
authentik_providers_rac.racprovider
provider_model: New required properties:-
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
Updated
authentik_providers_saml.samlprovider
provider_model: New required properties:-
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
Updated
authentik_providers_ldap.ldapprovider
provider_model: New required properties:-
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
GET
/core/user_consent/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > UserConsent Serializer
-
Changed property
application
(object)Application Serializer
-
Changed property
provider_obj
(object)Provider Serializer
New required properties:
-
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
-
Changed property
backchannel_providers_obj
(array)Changed items (object): > Provider Serializer
New required properties:
-
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
-
-
-
GET
/flows/executor/{flow_slug}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
Added 'ak-stage-session-end' component:
-
Property
flow_info
(object)Contextual flow information for a challenge
-
Property
title
(string) -
Property
background
(string) -
Property
cancel_url
(string) -
Property
layout
(string)Enum values:
stacked
content_left
content_right
sidebar_left
sidebar_right
-
-
Property
component
(string) -
Property
response_errors
(object) -
Property
pending_user
(string) -
Property
pending_user_avatar
(string) -
Property
application_name
(string) -
Property
application_launch_url
(string) -
Property
invalidation_flow_url
(string) -
Property
brand_name
(string)
Added 'xak-flow-frame' component:
-
Property
flow_info
(object)Contextual flow information for a challenge
-
Property
component
(string) -
Property
response_errors
(object) -
Property
url
(string) -
Property
loading_overlay
(boolean) -
Property
loading_text
(string)
Updated
ak-stage-authenticator-validate
component:-
Changed property
device_challenges
(array)Changed items (object): > Single device challenge
New required properties:
-
last_used
- Added property
last_used
(string)
-
Updated
ak-stage-identification
component:-
Added property
captcha_stage
(object)Site public key
-
Property
flow_info
(object)Contextual flow information for a challenge
-
Property
component
(string) -
Property
response_errors
(object) -
Property
pending_user
(string) -
Property
pending_user_avatar
(string) -
Property
site_key
(string) -
Property
js_url
(string)
-
-
POST
/flows/executor/{flow_slug}/
Request:
Changed content type : application/json
Added 'xak-flow-frame' component:
- Property
component
(string)
Updated ak-stage-identification
component:
- Added property
captcha_token
(string)
Updated ak-stage-authenticator-validate
component:
-
Changed property
selected_challenge
(object)Single device challenge
New required properties:
-
last_used
- Added property
last_used
(string)
-
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
Added 'ak-stage-session-end' component: Added 'xak-flow-frame' component: Updated
ak-stage-authenticator-validate
component:-
Changed property
device_challenges
(array)Changed items (object): > Single device challenge
New required properties:
-
last_used
- Added property
last_used
(string)
-
Updated
ak-stage-identification
component:- Added property
captcha_stage
(object)Site public key
-
GET
/oauth2/access_tokens/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > Serializer for BaseGrantModel and RefreshToken
-
Changed property
provider
(object)OAuth2Provider Serializer
New required properties:
-
invalidation_flow
-
Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
Added property
encryption_key
(string)Key used to encrypt the tokens. When set, tokens will be encrypted and returned as JWEs.
-
Changed property
signing_key
(string)Key used to sign the tokens.
-
-
-
GET
/oauth2/authorization_codes/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > Serializer for BaseGrantModel and ExpiringBaseGrant
-
Changed property
provider
(object)OAuth2Provider Serializer
New required properties:
-
invalidation_flow
-
Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
Added property
encryption_key
(string)Key used to encrypt the tokens. When set, tokens will be encrypted and returned as JWEs.
-
Changed property
signing_key
(string)Key used to sign the tokens.
-
-
-
GET
/oauth2/refresh_tokens/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > Serializer for BaseGrantModel and RefreshToken
-
Changed property
provider
(object)OAuth2Provider Serializer
New required properties:
-
invalidation_flow
-
Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
Added property
encryption_key
(string)Key used to encrypt the tokens. When set, tokens will be encrypted and returned as JWEs.
-
Changed property
signing_key
(string)Key used to sign the tokens.
-
-
-
POST
/stages/identification/
Request:
Changed content type : application/json
- Added property
captcha_stage
(string)When set, adds functionality exactly like a Captcha stage, but baked into the Identification stage.
Return Type:
Changed response : 201 Created
-
Changed content type :
application/json
- Added property
captcha_stage
(string)When set, adds functionality exactly like a Captcha stage, but baked into the Identification stage.
- Added property
GET
/stages/identification/
Parameters:
Added: captcha_stage
in query
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > IdentificationStage Serializer
- Added property
captcha_stage
(string)When set, adds functionality exactly like a Captcha stage, but baked into the Identification stage.
- Added property
-
POST
/stages/password/
Request:
Changed content type : application/json
-
Changed property
backends
(array)Selection of backends to test the password against.
Changed items (string):
Added enum value:
authentik.sources.kerberos.auth.KerberosBackend
Return Type:
Changed response : 201 Created
-
Changed content type :
application/json
-
Changed property
backends
(array)Selection of backends to test the password against.
Changed items (string):
Added enum value:
authentik.sources.kerberos.auth.KerberosBackend
-
GET
/stages/password/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > PasswordStage Serializer
-
Changed property
backends
(array)Selection of backends to test the password against.
Changed items (string):
Added enum value:
authentik.sources.kerberos.auth.KerberosBackend
-
-
API Changes in 2024.10.1
What's Changed
GET
/providers/rac/{id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
New optional properties:
-
invalidation_flow
- Deleted property
invalidation_flow
(string)Flow used ending the session from a provider.
-
PUT
/providers/rac/{id}/
Request:
Changed content type : application/json
New optional properties:
invalidation_flow
- Deleted property
invalidation_flow
(string)Flow used ending the session from a provider.
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
New optional properties:
-
invalidation_flow
- Deleted property
invalidation_flow
(string)Flow used ending the session from a provider.
-
PATCH
/providers/rac/{id}/
Request:
Changed content type : application/json
- Deleted property
invalidation_flow
(string)Flow used ending the session from a provider.
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
New optional properties:
-
invalidation_flow
- Deleted property
invalidation_flow
(string)Flow used ending the session from a provider.
-
POST
/providers/rac/
Request:
Changed content type : application/json
New optional properties:
invalidation_flow
- Deleted property
invalidation_flow
(string)Flow used ending the session from a provider.
Return Type:
Changed response : 201 Created
-
Changed content type :
application/json
New optional properties:
-
invalidation_flow
- Deleted property
invalidation_flow
(string)Flow used ending the session from a provider.
-
GET
/providers/rac/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > RACProvider Serializer
New optional properties:
-
invalidation_flow
- Deleted property
invalidation_flow
(string)Flow used ending the session from a provider.
-
-
GET
/rac/connection_tokens/{connection_token_uuid}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
provider_obj
(object)RACProvider Serializer
New optional properties:
-
invalidation_flow
- Deleted property
invalidation_flow
(string)Flow used ending the session from a provider.
-
-
Changed property
endpoint_obj
(object)Endpoint Serializer
-
Changed property
provider_obj
(object)RACProvider Serializer
New optional properties:
-
invalidation_flow
- Deleted property
invalidation_flow
(string)Flow used ending the session from a provider.
-
-
-
PUT
/rac/connection_tokens/{connection_token_uuid}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
provider_obj
(object)RACProvider Serializer
New optional properties:
-
invalidation_flow
- Deleted property
invalidation_flow
(string)Flow used ending the session from a provider.
-
-
Changed property
endpoint_obj
(object)Endpoint Serializer
-
Changed property
provider_obj
(object)RACProvider Serializer
New optional properties:
-
invalidation_flow
- Deleted property
invalidation_flow
(string)Flow used ending the session from a provider.
-
-
-
PATCH
/rac/connection_tokens/{connection_token_uuid}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
provider_obj
(object)RACProvider Serializer
New optional properties:
-
invalidation_flow
- Deleted property
invalidation_flow
(string)Flow used ending the session from a provider.
-
-
Changed property
endpoint_obj
(object)Endpoint Serializer
-
Changed property
provider_obj
(object)RACProvider Serializer
New optional properties:
-
invalidation_flow
- Deleted property
invalidation_flow
(string)Flow used ending the session from a provider.
-
-
-
GET
/rac/endpoints/{pbm_uuid}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
provider_obj
(object)RACProvider Serializer
New optional properties:
-
invalidation_flow
- Deleted property
invalidation_flow
(string)Flow used ending the session from a provider.
-
-
PUT
/rac/endpoints/{pbm_uuid}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
provider_obj
(object)RACProvider Serializer
New optional properties:
-
invalidation_flow
- Deleted property
invalidation_flow
(string)Flow used ending the session from a provider.
-
-
PATCH
/rac/endpoints/{pbm_uuid}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
provider_obj
(object)RACProvider Serializer
New optional properties:
-
invalidation_flow
- Deleted property
invalidation_flow
(string)Flow used ending the session from a provider.
-
-
GET
/sources/kerberos/{slug}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
- Changed property
spnego_server_name
(string)Force the use of a specific server name for SPNEGO. Must be in the form HTTP@hostname
- Changed property
PUT
/sources/kerberos/{slug}/
Request:
Changed content type : application/json
- Changed property
spnego_server_name
(string)Force the use of a specific server name for SPNEGO. Must be in the form HTTP@hostname
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
- Changed property
spnego_server_name
(string)Force the use of a specific server name for SPNEGO. Must be in the form HTTP@hostname
- Changed property
PATCH
/sources/kerberos/{slug}/
Request:
Changed content type : application/json
- Changed property
spnego_server_name
(string)Force the use of a specific server name for SPNEGO. Must be in the form HTTP@hostname
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
- Changed property
spnego_server_name
(string)Force the use of a specific server name for SPNEGO. Must be in the form HTTP@hostname
- Changed property
GET
/rac/connection_tokens/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > ConnectionToken Serializer
-
Changed property
provider_obj
(object)RACProvider Serializer
New optional properties:
-
invalidation_flow
- Deleted property
invalidation_flow
(string)Flow used ending the session from a provider.
-
-
Changed property
endpoint_obj
(object)Endpoint Serializer
-
Changed property
provider_obj
(object)RACProvider Serializer
New optional properties:
-
invalidation_flow
- Deleted property
invalidation_flow
(string)Flow used ending the session from a provider.
-
-
-
-
POST
/rac/endpoints/
Return Type:
Changed response : 201 Created
-
Changed content type :
application/json
-
Changed property
provider_obj
(object)RACProvider Serializer
New optional properties:
-
invalidation_flow
- Deleted property
invalidation_flow
(string)Flow used ending the session from a provider.
-
-
GET
/rac/endpoints/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > Endpoint Serializer
-
Changed property
provider_obj
(object)RACProvider Serializer
New optional properties:
-
invalidation_flow
- Deleted property
invalidation_flow
(string)Flow used ending the session from a provider.
-
-
-
POST
/sources/kerberos/
Request:
Changed content type : application/json
- Changed property
spnego_server_name
(string)Force the use of a specific server name for SPNEGO. Must be in the form HTTP@hostname
Return Type:
Changed response : 201 Created
-
Changed content type :
application/json
- Changed property
spnego_server_name
(string)Force the use of a specific server name for SPNEGO. Must be in the form HTTP@hostname
- Changed property
GET
/sources/kerberos/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > Kerberos Source Serializer
- Changed property
spnego_server_name
(string)Force the use of a specific server name for SPNEGO. Must be in the form HTTP@hostname
- Changed property
-
PUT
/core/transactional/applications/
Request:
Changed content type : application/json
-
Changed property
provider
(object)Updated
authentik_providers_rac.racprovider
provider_model: New optional properties:-
invalidation_flow
- Deleted property
invalidation_flow
(string)Flow used ending the session from a provider.
-
API Changes in 2024.10.2
What's Changed
GET
/stages/captcha/{stage_uuid}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
- Added property
interactive
(boolean)
- Added property
PUT
/stages/captcha/{stage_uuid}/
Request:
Changed content type : application/json
- Added property
interactive
(boolean)
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
- Added property
interactive
(boolean)
- Added property
PATCH
/stages/captcha/{stage_uuid}/
Request:
Changed content type : application/json
- Added property
interactive
(boolean)
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
- Added property
interactive
(boolean)
- Added property
GET
/flows/executor/{flow_slug}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
Updated
ak-stage-captcha
component: New required properties:-
interactive
- Added property
interactive
(boolean)
-
POST
/flows/executor/{flow_slug}/
Request:
Changed content type : application/json
Updated ak-provider-oauth2-device-code
component:
- Changed property
code
(integer -> string)
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
Updated
ak-stage-captcha
component: New required properties:-
interactive
- Added property
interactive
(boolean)
-
POST
/stages/captcha/
Request:
Changed content type : application/json
- Added property
interactive
(boolean)
Return Type:
Changed response : 201 Created
-
Changed content type :
application/json
- Added property
interactive
(boolean)
- Added property
GET
/stages/captcha/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > CaptchaStage Serializer
- Added property
interactive
(boolean)
- Added property
-