Release 2024.10
2024.10 has not been released yet! We're publishing these release notes as a preview of what's to come, and for our awesome beta testers trying out release candidates.
To try out the release candidate, replace your Docker image tag with the latest release candidate number, such as 2024.10.0-rc1. You can find the latest one in the latest releases on GitHub. If you don't find any, it means we haven't released one yet.
Highlights
- Chrome Device Trust Enterprise Preview: Verify that your users are logging in from managed devices and validate the devices' compliance with company policies.
- FIPS/FAL3 for FedRAMP "very high" compliance Enterprise+: with support for SAML encryption and now JWE (JSON Web Encryption) support, authentik can now be configured for FIPS compliance at Federal Assurance Level (FAL) 3.
- Captcha on Identification stage: Run a CAPTCHA process in the background while the user is entering their identification.
- Kerberos source: authentik can now integrate with existing Kerberos environments by allowing users to log in with their Kerberos credentials, SPNEGO or syncing users into authentik.
Breaking changes
We have no breaking changes this release!
New features
-
Chrome Device Trust Enterprise Preview
This is a new stage for Enterprise clients that verifies the user through the Chrome Verified Access API. This stage only works with Google Chrome. You'll need to bring your own Verified Access API instance via Google Cloud.
-
JWE support for OAuth
You can now configure JSON Web Encryption with the OAuth 2.0 Provider, which will encrypt all the tokens created by authentik, using the configured encryption key.
-
Captcha on identification stage
We've added an optional Captcha stage baked into an Identification stage to run in the background while the user inputs their information. Using this will hopefully result in lower total time per flow for the end user.
-
Invalidation flows for providers
The sign-out experience when the session in an application ends can be configured now. Previously where this was always a static page, any flow can be used now. This can be used for additional validation, or redirecting the user to a custom URL.
-
Autoselect 2FA device
Users who configure multiple 2FA devices will now land on their last used device's prompt, skipping the device picker. This will hopefually result in lower total average time per flow for the end user.
-
New structure for authentik's technical documentation
We've restructured the documentation in authentik to be more task-based, with sections, titles, and headings that follow the workflow of installing, configuring, and using the product. Previously, our docs were organized by components. This new focus on tasks increases findability within the Table of Contents, and provide a high-level guide of the typical workflows with authentik.
Upgrading
This release does not introduce any new requirements. You can follow the upgrade instructions below; for more detailed information about upgrading authentik, refer to our Upgrade documentation.
When you upgrade, be aware that the version of the authentik instance and of any outposts must be the same. We recommended that you always upgrade any outposts at the same time you upgrade your authentik instance.
Docker Compose
To upgrade, download the new docker-compose file and update the Docker stack with the new version, using these commands:
wget -O docker-compose.yml https://goauthentik.io/version/2024.10/docker-compose.yml
docker compose up -d
The -O
flag retains the downloaded file's name, overwriting any existing local file with the same name.
Kubernetes
Upgrade the Helm Chart to the new version, using the following commands:
helm repo update
helm upgrade authentik authentik/authentik -f values.yaml --version ^2024.10
Minor changes/fixes
- *: fix deprecated calls to sentry start_span (#11655)
- admin: refactor update check (#11272)
- admin: store version history (#11520)
- blueprints: fix validation error when using internal storage (#11654)
- core: ensure all providers have correct priority (#11280)
- core: ensure proxy provider is correctly looked up (#11267)
- core: extract object matching from flow manager (#11458)
- core: fix change_user_type always requiring usernames (#11177)
- core: fix missing argument name escaping for property mapping (#11231)
- core: fix permission check for scoped impersonation (#11315)
- core: fix permission check for scoped impersonation (#11603)
- enterprise: fix API mixin license validity check (#11331)
- enterprise: fix incorrect comparison for latest validity date (#11109)
- enterprise: show specific error if Install ID is invalid in license (#11317)
- events: always use expiry from current tenant for events, not only when creating from HTTP request (#11415)
- events: optimise marking events as seen (#11297)
- fix: proxy provider - docker traefik label (#11460)
- flows: include Outpost instance in flow context and save in login event (#11318)
- flows: provider invalidation (#5048)
- internal: fix go paginator not setting page correctly (#11253)
- internal: restore /ping behaviour for embedded outpost (#11568)
- policies/event_matcher: fix inconsistent behaviour (#11724)
- providers/ldap: fix incorrect permission check for search access (#11217)
- providers/ldap: fix migration assuming search group is set (#11170)
- providers/ldap: rework search_group migration to work with read replicas (#11228)
- providers/oauth2: add indexes on tokens (#11524)
- providers/oauth2: add initial JWE support (#11344)
- providers/oauth2: audit_ignore last_login change for generated service account (#11085)
- providers/oauth2: don't overwrite attributes when updating service account (#11709)
- providers/oauth2: improve indexes on tokens (#11543)
- providers/proxy: fix URL path getting lost when partial URL is given to rd= (#11354)
- providers/proxy: fix panic, keep session storages open (#11439)
- providers/saml: fix incorrect ds:Reference URI (#11699)
- providers/scim: add option to ignore SCIM server cert (#11437)
- root: fix ensure `outpost_connection_discovery runs on worker startup (#11260)
- schemas: fix XML Schema loading...for some reason?
- security: fix CVE-2024-47070 (#11536)
- security: fix CVE-2024-47077 (#11535)
- sources/ldap: fix mapping check, fix debug endpoint (#11442)
- sources/ldap: fix missing search attribute (#11125)
- sources/ldap: fix ms_ad userAccountControl not checking for lockout (#11532)
- sources/saml: fix NameIDFormat descriptor in metadata generation (#11614)
- stages/authenticator: use RBAC for devices API (#11482)
- stages/authenticator_webauthn: Update FIDO MDS3 & Passkey aaguid blobs (#11138)
- stages/authenticator_webauthn: Update FIDO MDS3 & Passkey aaguid blobs (#11383)
- stages/authenticator_webauthn: Update FIDO MDS3 & Passkey aaguid blobs (#11578)
- stages/authenticator_webauthn: Update FIDO MDS3 & Passkey aaguid blobs (#11683)
- stages/identification: dynamically find login challenges (#11571)
- stages/password: add error message when exceeding maximum tries (#11679)
- tests/e2e: add forward auth e2e test (#11374)
- web/admin: display webauthn device type (#11481)
- web/admin: fix Authentication flow being required (#11496)
- web/admin: fix duplicate flow labels (#11689)
- web/admin: fix error in Outpost creation form (#11173)
- web/admin: fix invalid create date shown for MFA registered before date was saved (#11728)
- web/admin: fix misc dual select on different forms (#11203)
- web/admin: fix missing Sync object button SCIM Provider (#11211)
- web/admin: fix notification property mapping forms (#11298)
- web/admin: fix sync single button throwing error (#11727)
- web/admin: improve error handling (#11212)
- web/users: show - if device was registered before we started saving the time (#11256)
- web: Adjust Wdio MaxInstances, add Knip (#11089)
- web: Fix css loading in unit tests, remove unneeded dot paths (#11629)
- web: add missing id attribute for button in ak-flow-input-password (#11413)
- web: audit and update package.json and associated test harness, with upgrade to WebdriverIO 9 (#11596)
- web: fix dual-select with dynamic selection (#11133)
- web: fix e2e tests to work with latest WebdriverIO and authentik 2024.8 (#11105)
- web: fix readonly fields appearing white in dark theme (#11271)
- web: provide simple tables for API-less displays (#11028)
- web: provide storybook demos and docs for existing tests (#11651)
- web: revert lockfile lint, re-add integrity (#11380)
- web: small fixes for elements and forms (#11546)
API Changes
What's New
GET
/admin/version/history/
GET
/admin/version/history/{#123;id}#125;/
What's Changed
GET
/authenticators/admin/all/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
Changed items (object): > Serializer for Duo authenticator devices
New required properties:
-
extra_description
- Added property
extra_description
(string)Get extra description
-
GET
/authenticators/all/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
Changed items (object): > Serializer for Duo authenticator devices
New required properties:
-
extra_description
- Added property
extra_description
(string)Get extra description
-
GET
/providers/all/{#123;id}#125;/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
New required properties:
-
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
GET
/providers/oauth2/{#123;id}#125;/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
New required properties:
-
invalidation_flow
-
Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
Added property
encryption_key
(string)Key used to encrypt the tokens. When set, tokens will be encrypted and returned as JWEs.
-
Changed property
signing_key
(string)Key used to sign the tokens.
-
PUT
/providers/oauth2/{#123;id}#125;/
Request:
Changed content type : application/json
New required properties:
invalidation_flow
-
Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
Added property
encryption_key
(string)Key used to encrypt the tokens. When set, tokens will be encrypted and returned as JWEs.
-
Changed property
signing_key
(string)Key used to sign the tokens.
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
New required properties:
-
invalidation_flow
-
Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
Added property
encryption_key
(string)Key used to encrypt the tokens. When set, tokens will be encrypted and returned as JWEs.
-
Changed property
signing_key
(string)Key used to sign the tokens.
-
PATCH
/providers/oauth2/{#123;id}#125;/
Request:
Changed content type : application/json
-
Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
Added property
encryption_key
(string)Key used to encrypt the tokens. When set, tokens will be encrypted and returned as JWEs.
-
Changed property
signing_key
(string)Key used to sign the tokens.
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
New required properties:
-
invalidation_flow
-
Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
Added property
encryption_key
(string)Key used to encrypt the tokens. When set, tokens will be encrypted and returned as JWEs.
-
Changed property
signing_key
(string)Key used to sign the tokens.
-
GET
/providers/proxy/{#123;id}#125;/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
New required properties:
-
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
PUT
/providers/proxy/{#123;id}#125;/
Request:
Changed content type : application/json
New required properties:
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
New required properties:
-
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
PATCH
/providers/proxy/{#123;id}#125;/
Request:
Changed content type : application/json
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
New required properties:
-
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
GET
/providers/rac/{#123;id}#125;/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
New required properties:
-
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
PUT
/providers/rac/{#123;id}#125;/
Request:
Changed content type : application/json
New required properties:
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
New required properties:
-
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
PATCH
/providers/rac/{#123;id}#125;/
Request:
Changed content type : application/json
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
New required properties:
-
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
GET
/providers/radius/{#123;id}#125;/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
New required properties:
-
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
PUT
/providers/radius/{#123;id}#125;/
Request:
Changed content type : application/json
New required properties:
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
New required properties:
-
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
PATCH
/providers/radius/{#123;id}#125;/
Request:
Changed content type : application/json
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
New required properties:
-
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
POST
/providers/saml/import_metadata/
Request:
Changed content type : multipart/form-data
New required properties:
invalidation_flow
- Added property
invalidation_flow
(string)
GET
/providers/scim/{#123;id}#125;/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
- Added property
verify_certificates
(boolean)
- Added property
PUT
/providers/scim/{#123;id}#125;/
Request:
Changed content type : application/json
- Added property
verify_certificates
(boolean)
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
- Added property
verify_certificates
(boolean)
- Added property
PATCH
/providers/scim/{#123;id}#125;/
Request:
Changed content type : application/json
- Added property
verify_certificates
(boolean)
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
- Added property
verify_certificates
(boolean)
- Added property
GET
/core/applications/{#123;slug}#125;/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
provider_obj
(object)Provider Serializer
New required properties:
-
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
-
Changed property
backchannel_providers_obj
(array)Changed items (object): > Provider Serializer
New required properties:
-
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
-
PUT
/core/applications/{#123;slug}#125;/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
provider_obj
(object)Provider Serializer
New required properties:
-
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
-
Changed property
backchannel_providers_obj
(array)Changed items (object): > Provider Serializer
New required properties:
-
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
-
PATCH
/core/applications/{#123;slug}#125;/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
provider_obj
(object)Provider Serializer
New required properties:
-
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
-
Changed property
backchannel_providers_obj
(array)Changed items (object): > Provider Serializer
New required properties:
-
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
-
GET
/outposts/instances/{#123;uuid}#125;/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
providers_obj
(array)Changed items (object): > Provider Serializer
New required properties:
-
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
-
PUT
/outposts/instances/{#123;uuid}#125;/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
providers_obj
(array)Changed items (object): > Provider Serializer
New required properties:
-
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
-
PATCH
/outposts/instances/{#123;uuid}#125;/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
providers_obj
(array)Changed items (object): > Provider Serializer
New required properties:
-
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
-
GET
/providers/all/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > Provider Serializer
New required properties:
-
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
-
GET
/providers/ldap/{#123;id}#125;/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
New required properties:
-
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
PUT
/providers/ldap/{#123;id}#125;/
Request:
Changed content type : application/json
New required properties:
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
New required properties:
-
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
PATCH
/providers/ldap/{#123;id}#125;/
Request:
Changed content type : application/json
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
New required properties:
-
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
POST
/providers/oauth2/
Request:
Changed content type : application/json
New required properties:
invalidation_flow
-
Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
Added property
encryption_key
(string)Key used to encrypt the tokens. When set, tokens will be encrypted and returned as JWEs.
-
Changed property
signing_key
(string)Key used to sign the tokens.
Return Type:
Changed response : 201 Created
-
Changed content type :
application/json
New required properties:
-
invalidation_flow
-
Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
Added property
encryption_key
(string)Key used to encrypt the tokens. When set, tokens will be encrypted and returned as JWEs.
-
Changed property
signing_key
(string)Key used to sign the tokens.
-
GET
/providers/oauth2/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > OAuth2Provider Serializer
New required properties:
-
invalidation_flow
-
Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
Added property
encryption_key
(string)Key used to encrypt the tokens. When set, tokens will be encrypted and returned as JWEs.
-
Changed property
signing_key
(string)Key used to sign the tokens.
-
-
POST
/providers/proxy/
Request:
Changed content type : application/json
New required properties:
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
Return Type:
Changed response : 201 Created
-
Changed content type :
application/json
New required properties:
-
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
GET
/providers/proxy/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > ProxyProvider Serializer
New required properties:
-
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
-
POST
/providers/rac/
Request:
Changed content type : application/json
New required properties:
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
Return Type:
Changed response : 201 Created
-
Changed content type :
application/json
New required properties:
-
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
GET
/providers/rac/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > RACProvider Serializer
New required properties:
-
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
-
POST
/providers/radius/
Request:
Changed content type : application/json
New required properties:
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
Return Type:
Changed response : 201 Created
-
Changed content type :
application/json
New required properties:
-
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
GET
/providers/radius/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > RadiusProvider Serializer
New required properties:
-
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
-
GET
/providers/saml/{#123;id}#125;/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
New required properties:
-
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
PUT
/providers/saml/{#123;id}#125;/
Request:
Changed content type : application/json
New required properties:
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
New required properties:
-
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
PATCH
/providers/saml/{#123;id}#125;/
Request:
Changed content type : application/json
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
New required properties:
-
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
POST
/providers/scim/
Request:
Changed content type : application/json
- Added property
verify_certificates
(boolean)
Return Type:
Changed response : 201 Created
-
Changed content type :
application/json
- Added property
verify_certificates
(boolean)
- Added property
GET
/providers/scim/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > SCIMProvider Serializer
- Added property
verify_certificates
(boolean)
- Added property
-
GET
/rac/connection_tokens/{#123;connection_token_uuid}#125;/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
provider_obj
(object)RACProvider Serializer
New required properties:
-
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
-
Changed property
endpoint_obj
(object)Endpoint Serializer
-
Changed property
provider_obj
(object)RACProvider Serializer
New required properties:
-
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
-
-
PUT
/rac/connection_tokens/{#123;connection_token_uuid}#125;/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
provider_obj
(object)RACProvider Serializer
New required properties:
-
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
-
Changed property
endpoint_obj
(object)Endpoint Serializer
-
Changed property
provider_obj
(object)RACProvider Serializer
New required properties:
-
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
-
-
PATCH
/rac/connection_tokens/{#123;connection_token_uuid}#125;/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
provider_obj
(object)RACProvider Serializer
New required properties:
-
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
-
Changed property
endpoint_obj
(object)Endpoint Serializer
-
Changed property
provider_obj
(object)RACProvider Serializer
New required properties:
-
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
-
-
GET
/rac/endpoints/{#123;pbm_uuid}#125;/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
provider_obj
(object)RACProvider Serializer
New required properties:
-
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
-
PUT
/rac/endpoints/{#123;pbm_uuid}#125;/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
provider_obj
(object)RACProvider Serializer
New required properties:
-
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
-
PATCH
/rac/endpoints/{#123;pbm_uuid}#125;/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
provider_obj
(object)RACProvider Serializer
New required properties:
-
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
-
GET
/sources/saml/{#123;slug}#125;/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
name_id_policy
(string)NameID Policy sent to the IdP. Can be unset, in which case no Policy is sent.
Added enum value:
-
urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName
Removed enum value: -
urn:oasis:names:tc:SAML:2.0:nameid-format:X509SubjectName
-
-
PUT
/sources/saml/{#123;slug}#125;/
Request:
Changed content type : application/json
-
Changed property
name_id_policy
(string)NameID Policy sent to the IdP. Can be unset, in which case no Policy is sent.
Added enum value:
-
urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName
Removed enum value: -
urn:oasis:names:tc:SAML:2.0:nameid-format:X509SubjectName
-
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
name_id_policy
(string)NameID Policy sent to the IdP. Can be unset, in which case no Policy is sent.
Added enum value:
-
urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName
Removed enum value: -
urn:oasis:names:tc:SAML:2.0:nameid-format:X509SubjectName
-
-
PATCH
/sources/saml/{#123;slug}#125;/
Request:
Changed content type : application/json
-
Changed property
name_id_policy
(string)NameID Policy sent to the IdP. Can be unset, in which case no Policy is sent.
Added enum value:
-
urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName
Removed enum value: -
urn:oasis:names:tc:SAML:2.0:nameid-format:X509SubjectName
-
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
name_id_policy
(string)NameID Policy sent to the IdP. Can be unset, in which case no Policy is sent.
Added enum value:
-
urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName
Removed enum value: -
urn:oasis:names:tc:SAML:2.0:nameid-format:X509SubjectName
-
-
POST
/core/applications/
Return Type:
Changed response : 201 Created
-
Changed content type :
application/json
-
Changed property
provider_obj
(object)Provider Serializer
New required properties:
-
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
-
Changed property
backchannel_providers_obj
(array)Changed items (object): > Provider Serializer
New required properties:
-
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
-
GET
/core/applications/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > Application Serializer
-
Changed property
provider_obj
(object)Provider Serializer
New required properties:
-
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
-
Changed property
backchannel_providers_obj
(array)Changed items (object): > Provider Serializer
New required properties:
-
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
-
-
GET
/core/user_consent/{#123;id}#125;/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
application
(object)Application Serializer
-
Changed property
provider_obj
(object)Provider Serializer
New required properties:
-
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
-
Changed property
backchannel_providers_obj
(array)Changed items (object): > Provider Serializer
New required properties:
-
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
-
-
GET
/oauth2/access_tokens/{#123;id}#125;/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
provider
(object)OAuth2Provider Serializer
New required properties:
-
invalidation_flow
-
Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
Added property
encryption_key
(string)Key used to encrypt the tokens. When set, tokens will be encrypted and returned as JWEs.
-
Changed property
signing_key
(string)Key used to sign the tokens.
-
-
GET
/oauth2/authorization_codes/{#123;id}#125;/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
provider
(object)OAuth2Provider Serializer
New required properties:
-
invalidation_flow
-
Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
Added property
encryption_key
(string)Key used to encrypt the tokens. When set, tokens will be encrypted and returned as JWEs.
-
Changed property
signing_key
(string)Key used to sign the tokens.
-
-
GET
/oauth2/refresh_tokens/{#123;id}#125;/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
provider
(object)OAuth2Provider Serializer
New required properties:
-
invalidation_flow
-
Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
Added property
encryption_key
(string)Key used to encrypt the tokens. When set, tokens will be encrypted and returned as JWEs.
-
Changed property
signing_key
(string)Key used to sign the tokens.
-
-
POST
/outposts/instances/
Return Type:
Changed response : 201 Created
-
Changed content type :
application/json
-
Changed property
providers_obj
(array)Changed items (object): > Provider Serializer
New required properties:
-
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
-
GET
/outposts/instances/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > Outpost Serializer
-
Changed property
providers_obj
(array)Changed items (object): > Provider Serializer
New required properties:
-
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
-
-
GET
/outposts/ldap/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > LDAPProvider Serializer
New required properties:
-
unbind_flow_slug
- Added property
unbind_flow_slug
(string)Get slug for unbind flow, defaulting to brand's default flow.
-
-
POST
/providers/ldap/
Request:
Changed content type : application/json
New required properties:
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
Return Type:
Changed response : 201 Created
-
Changed content type :
application/json
New required properties:
-
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
GET
/providers/ldap/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > LDAPProvider Serializer
New required properties:
-
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
-
POST
/providers/saml/
Request:
Changed content type : application/json
New required properties:
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
Return Type:
Changed response : 201 Created
-
Changed content type :
application/json
New required properties:
-
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
GET
/providers/saml/
Parameters:
Added: invalidation_flow
in query
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > SAMLProvider Serializer
New required properties:
-
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
-
GET
/rac/connection_tokens/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > ConnectionToken Serializer
-
Changed property
provider_obj
(object)RACProvider Serializer
New required properties:
-
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
-
Changed property
endpoint_obj
(object)Endpoint Serializer
-
Changed property
provider_obj
(object)RACProvider Serializer
New required properties:
-
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
-
-
-
POST
/rac/endpoints/
Return Type:
Changed response : 201 Created
-
Changed content type :
application/json
-
Changed property
provider_obj
(object)RACProvider Serializer
New required properties:
-
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
-
GET
/rac/endpoints/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > Endpoint Serializer
-
Changed property
provider_obj
(object)RACProvider Serializer
New required properties:
-
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
-
-
POST
/sources/saml/
Request:
Changed content type : application/json
-
Changed property
name_id_policy
(string)NameID Policy sent to the IdP. Can be unset, in which case no Policy is sent.
Added enum value:
-
urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName
Removed enum value: -
urn:oasis:names:tc:SAML:2.0:nameid-format:X509SubjectName
-
Return Type:
Changed response : 201 Created
-
Changed content type :
application/json
-
Changed property
name_id_policy
(string)NameID Policy sent to the IdP. Can be unset, in which case no Policy is sent.
Added enum value:
-
urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName
Removed enum value: -
urn:oasis:names:tc:SAML:2.0:nameid-format:X509SubjectName
-
-
GET
/sources/saml/
Parameters:
Changed: name_id_policy
in query
NameID Policy sent to the IdP. Can be unset, in which case no Policy is sent.
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > SAMLSource Serializer
-
Changed property
name_id_policy
(string)NameID Policy sent to the IdP. Can be unset, in which case no Policy is sent.
Added enum value:
-
urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName
Removed enum value: -
urn:oasis:names:tc:SAML:2.0:nameid-format:X509SubjectName
-
-
-
PUT
/core/transactional/applications/
Request:
Changed content type : application/json
-
Changed property
provider
(object)Updated
authentik_providers_oauth2.oauth2provider
provider_model: New required properties:-
invalidation_flow
-
Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
Added property
encryption_key
(string)Key used to encrypt the tokens. When set, tokens will be encrypted and returned as JWEs.
-
Changed property
signing_key
(string)Key used to sign the tokens.
Updated
authentik_providers_radius.radiusprovider
provider_model: New required properties:-
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
Updated
authentik_providers_scim.scimprovider
provider_model:- Added property
verify_certificates
(boolean)
Updated
authentik_providers_proxy.proxyprovider
provider_model: New required properties:-
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
Updated
authentik_providers_rac.racprovider
provider_model: New required properties:-
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
Updated
authentik_providers_saml.samlprovider
provider_model: New required properties:-
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
Updated
authentik_providers_ldap.ldapprovider
provider_model: New required properties:-
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
GET
/core/user_consent/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > UserConsent Serializer
-
Changed property
application
(object)Application Serializer
-
Changed property
provider_obj
(object)Provider Serializer
New required properties:
-
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
-
Changed property
backchannel_providers_obj
(array)Changed items (object): > Provider Serializer
New required properties:
-
invalidation_flow
- Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
-
-
-
GET
/flows/executor/{#123;flow_slug}#125;/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
Added 'ak-stage-session-end' component:
-
Property
flow_info
(object)Contextual flow information for a challenge
-
Property
title
(string) -
Property
background
(string) -
Property
cancel_url
(string) -
Property
layout
(string)Enum values:
stacked
content_left
content_right
sidebar_left
sidebar_right
-
-
Property
component
(string) -
Property
response_errors
(object) -
Property
pending_user
(string) -
Property
pending_user_avatar
(string) -
Property
application_name
(string) -
Property
application_launch_url
(string) -
Property
invalidation_flow_url
(string) -
Property
brand_name
(string)
-
POST
/flows/executor/{#123;flow_slug}#125;/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
Added 'ak-stage-session-end' component:
GET
/oauth2/access_tokens/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > Serializer for BaseGrantModel and RefreshToken
-
Changed property
provider
(object)OAuth2Provider Serializer
New required properties:
-
invalidation_flow
-
Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
Added property
encryption_key
(string)Key used to encrypt the tokens. When set, tokens will be encrypted and returned as JWEs.
-
Changed property
signing_key
(string)Key used to sign the tokens.
-
-
-
GET
/oauth2/authorization_codes/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > Serializer for BaseGrantModel and ExpiringBaseGrant
-
Changed property
provider
(object)OAuth2Provider Serializer
New required properties:
-
invalidation_flow
-
Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
Added property
encryption_key
(string)Key used to encrypt the tokens. When set, tokens will be encrypted and returned as JWEs.
-
Changed property
signing_key
(string)Key used to sign the tokens.
-
-
-
GET
/oauth2/refresh_tokens/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > Serializer for BaseGrantModel and RefreshToken
-
Changed property
provider
(object)OAuth2Provider Serializer
New required properties:
-
invalidation_flow
-
Added property
invalidation_flow
(string)Flow used ending the session from a provider.
-
Added property
encryption_key
(string)Key used to encrypt the tokens. When set, tokens will be encrypted and returned as JWEs.
-
Changed property
signing_key
(string)Key used to sign the tokens.
-
-
-