This repository has been archived on 2024-05-31. You can view files and clone it, but cannot push or open issues or pull requests.
authentik/website/docs/releases/2023/v2023.4.md

1969 lines
77 KiB
Markdown
Raw Permalink Normal View History

---
title: Release 2023.4 - RADIUS support
slug: "/releases/2023.4"
---
## Breaking changes
- (Kubernetes only) Changes to RBAC objects created by helm
In previous versions, the helm chart would create a _ClusterRole_ and _ClusterRoleBinding_ if the service account creation was enabled. This was done to allow the deployment of outposts in any namespace in kubernetes. As this conflicted with multiple authentik installs per cluster, and was often not used, the new helm chart changes these resources to a _Role_ and _RoleBinding_, which give authentik access to deploy in the same namespace.
To keep the old behaviour, you can install the [authentik-remote-cluster](https://artifacthub.io/packages/helm/goauthentik/authentik-remote-cluster) chart, which deploys the same RBAC into any other namespace or cluster.
## New features
- RADIUS support
:::info
This feature is still in technical preview, so please report any Bugs you run into on [GitHub](https://github.com/goauthentik/authentik/issues).
:::
authentik now supports the [RADIUS protocol](https://en.wikipedia.org/wiki/RADIUS) for authentication, allowing for the integration of a wider variety of systems such as VPN software, network switches/routers, and others.
The RADIUS provider also uses a flow to authenticate users, and supports the same stages as the [LDAP Provider](../../../docs/providers/ldap/index.md).
Documentation: [RADIUS Provider](../../../docs/providers/radius/index.md)
- Decreased CPU usage for workers
Previously, authentik used a method to ensure that the worker containers are running correctly called "pinging", which would send a request to the worker and ensure it was processed correctly. This however used a lot of resources every time the health check ran. We've switched to a simpler method, one that will reduce CPU and memory usage (only affects Docker-Compose).
- Configurable authentication flow for providers
It is now possible to configure the authentication flow per provider. This configured flow will be used when an un-authenticated user tries to access the application the provider is used with. If no flow is set on a provider, the default authentication flow configured on the tenant will be used.
- "Stay logged in" prompt
In the [User login stage](../../../docs/flow/stages/user_login/index.md), an admin can use the new "Stay Logged In" option to add additional minutes or hours to the defined `session duration` value. When this "Stay Logged In" offset time is configured, the user logging in is presented with a prompt asking if they want to extend their session.
- Prompt preview
When creating a single prompt for use with a [Prompt stage](../../../docs/flow/stages/prompt/index.md), a live preview of the prompt is now shown. This makes it easier to test how a prompt will behave, and also shows what data it will send, and how it will be available in the flow context.
## Upgrading
This release does not introduce any new requirements.
### docker-compose
Download the docker-compose file for 2023.4 from [here](https://goauthentik.io/version/2023.4/docker-compose.yml). Afterwards, simply run `docker-compose up -d`.
### Kubernetes
Update your values to use the new images:
```yaml
image:
repository: ghcr.io/goauthentik/server
tag: 2023.4.0
```
## Minor changes/fixes
- \*: load websocket paths similarly to URLs (#5018)
- blueprints: allow setting of token key in blueprint context (#4995)
- core: Add unique constraint to user UUID (#5004)
- core: extend Postgres configuration (#5138)
- core: fix app launch URL flow selection (#5113)
- lifecycle: also migrate before starting worker, trap exit to cleanup mode (#5123)
- lifecycle: don't use celery ping for worker healthcheck (#5153)
- outposts: run containers as non root (#5212)
- outposts: set Kubernetes deployment security context (#5163)
- policies: provider raw result for better policy reusability (#5189)
- providers/ldap: fix duplicate attributes (#4972)
- providers/oauth2: fix response for response_type code and response_mode fragment (#4975)
- providers/proxy: rework endpoints logic (#4993)
- providers/radius: simple RADIUS outpost (#1796)
- providers/scim: add missing default fields (#5108)
- providers/scim: fix error when user-group m2m is updated forward (#5082)
- providers: Add ability to choose a default authentication flow (#5070)
- stages/authenticator_validate: fix stage not working without pending user (#5096)
- stages/identification: revert is_active check (#5183)
- stages/prompt: Add Radio Button Group, Dropdown and Text Area prompt fields (#4822)
- stages/prompt: Fix dropdown invalid choice (#5046)
- stages/user_login: stay logged in (#4958)
- stages/user_write: improve error handling (#5136)
- stages: Add ability to set user friendly names for MFA stages (#5005)
- web/admin: fix error adding users to groups (#5016)
- web/admin: fix error listing blueprints with missing metadata (#5041)
- web/admin: fix error when creating bindings due to hidden inputs (#5081)
- web/admin: fix inconsistent display of flows in selections (#4977)
- web/admin: fix ldap form when editing scim provider from view page (#5164)
- web/admin: fix prompt field display (#4990)
- web/admin: fix sidebar avatar not loaded (#5184)
- web/admin: prompt preview (#5078)
- web/admin: show warning when adding user to superuser group (#5091)
- web/elements: fix search select inconsistency (#4989)
- web/elements: only render form once instance is loaded (#5049)
- web/flows: fix authenticator selector in dark mode (#4974)
- web/user: rework search (#5107)
- web: only show debug locale if debug mode is enabled (#5111)
- web: remove more until (#5057)
## Fixed in 2023.4.1
- ci: fix tag lookup for previous stable version (#5257)
- lifecycle: fix worker healthcheck (#5259)
- lifecycle: re-add exec to ak wrapper (#5253)
security: cure53 fix (#6039) * ATH-01-001: resolve path and check start before loading blueprints This is even less of an issue since 411ef239f63e4d3beacd8297d4be54b29fb30127, since with that commit we only allow files that the listing returns Signed-off-by: Jens Langhammer <jens@goauthentik.io> * ATH-01-010: fix missing user filter for webauthn device This prevents an attack that is only possible when an attacker can intercept HTTP traffic and in the case of HTTPS decrypt it. * ATH-01-008: fix web forms not submitting correctly when pressing enter When submitting some forms with the Enter key instead of clicking "Confirm"/etc, the form would not get submitted correctly This would in the worst case is when setting a user's password, where the new password can end up in the URL, but the password was not actually saved to the user. * ATH-01-004: remove env from admin system endpoint this endpoint already required admin access, but for debugging the env variables are used very little Signed-off-by: Jens Langhammer <jens@goauthentik.io> * ATH-01-003 / ATH-01-012: disable htmlLabels in mermaid Signed-off-by: Jens Langhammer <jens@goauthentik.io> * ATH-01-005: use hmac.compare_digest for secret_key authentication Signed-off-by: Jens Langhammer <jens@goauthentik.io> * ATH-01-009: migrate impersonation to use API Signed-off-by: Jens Langhammer <jens@goauthentik.io> * ATH-01-010: rework Signed-off-by: Jens Langhammer <jens@goauthentik.io> * ATH-01-014: save authenticator validation state in flow context Signed-off-by: Jens Langhammer <jens@goauthentik.io> bugfixes Signed-off-by: Jens Langhammer <jens@goauthentik.io> * ATH-01-012: escape quotation marks Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add website Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update release ntoes Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update with all notes Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix format Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-06-22 20:25:04 +00:00
## Fixed in 2023.4.2
- security: Address pen-test findings from the [2023-06 Cure53 Code audit](../../security/2023-06-cure53.md)
## API Changes
#### What's New
---
##### `GET` /outposts/radius/
##### `GET` /outposts/radius/{id}/
##### `GET` /providers/radius/
##### `POST` /providers/radius/
##### `GET` /providers/radius/{id}/
##### `PUT` /providers/radius/{id}/
##### `DELETE` /providers/radius/{id}/
##### `PATCH` /providers/radius/{id}/
##### `GET` /providers/radius/{id}/used_by/
##### `POST` /stages/prompt/prompts/preview/
#### What's Changed
---
##### `GET` /policies/event_matcher/{policy_uuid}/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `app` (string)
> - `authentik.admin` - authentik Admin
> - `authentik.api` - authentik API
> - `authentik.crypto` - authentik Crypto
> - `authentik.events` - authentik Events
> - `authentik.flows` - authentik Flows
> - `authentik.lib` - authentik lib
> - `authentik.outposts` - authentik Outpost
> - `authentik.policies.dummy` - authentik Policies.Dummy
> - `authentik.policies.event_matcher` - authentik Policies.Event Matcher
> - `authentik.policies.expiry` - authentik Policies.Expiry
> - `authentik.policies.expression` - authentik Policies.Expression
> - `authentik.policies.password` - authentik Policies.Password
> - `authentik.policies.reputation` - authentik Policies.Reputation
> - `authentik.policies` - authentik Policies
> - `authentik.providers.ldap` - authentik Providers.LDAP
> - `authentik.providers.oauth2` - authentik Providers.OAuth2
> - `authentik.providers.proxy` - authentik Providers.Proxy
> - `authentik.providers.radius` - authentik Providers.Radius
> - `authentik.providers.saml` - authentik Providers.SAML
> - `authentik.providers.scim` - authentik Providers.SCIM
> - `authentik.recovery` - authentik Recovery
> - `authentik.sources.ldap` - authentik Sources.LDAP
> - `authentik.sources.oauth` - authentik Sources.OAuth
> - `authentik.sources.plex` - authentik Sources.Plex
> - `authentik.sources.saml` - authentik Sources.SAML
> - `authentik.stages.authenticator_duo` - authentik Stages.Authenticator.Duo
> - `authentik.stages.authenticator_sms` - authentik Stages.Authenticator.SMS
> - `authentik.stages.authenticator_static` - authentik Stages.Authenticator.Static
> - `authentik.stages.authenticator_totp` - authentik Stages.Authenticator.TOTP
> - `authentik.stages.authenticator_validate` - authentik Stages.Authenticator.Validate
> - `authentik.stages.authenticator_webauthn` - authentik Stages.Authenticator.WebAuthn
> - `authentik.stages.captcha` - authentik Stages.Captcha
> - `authentik.stages.consent` - authentik Stages.Consent
> - `authentik.stages.deny` - authentik Stages.Deny
> - `authentik.stages.dummy` - authentik Stages.Dummy
> - `authentik.stages.email` - authentik Stages.Email
> - `authentik.stages.identification` - authentik Stages.Identification
> - `authentik.stages.invitation` - authentik Stages.User Invitation
> - `authentik.stages.password` - authentik Stages.Password
> - `authentik.stages.prompt` - authentik Stages.Prompt
> - `authentik.stages.user_delete` - authentik Stages.User Delete
> - `authentik.stages.user_login` - authentik Stages.User Login
> - `authentik.stages.user_logout` - authentik Stages.User Logout
> - `authentik.stages.user_write` - authentik Stages.User Write
> - `authentik.tenants` - authentik Tenants
> - `authentik.blueprints` - authentik Blueprints
> - `authentik.core` - authentik Core
Added enum value:
- `authentik.providers.radius`
##### `PUT` /policies/event_matcher/{policy_uuid}/
###### Request:
Changed content type : `application/json`
- Changed property `app` (string)
> - `authentik.admin` - authentik Admin
> - `authentik.api` - authentik API
> - `authentik.crypto` - authentik Crypto
> - `authentik.events` - authentik Events
> - `authentik.flows` - authentik Flows
> - `authentik.lib` - authentik lib
> - `authentik.outposts` - authentik Outpost
> - `authentik.policies.dummy` - authentik Policies.Dummy
> - `authentik.policies.event_matcher` - authentik Policies.Event Matcher
> - `authentik.policies.expiry` - authentik Policies.Expiry
> - `authentik.policies.expression` - authentik Policies.Expression
> - `authentik.policies.password` - authentik Policies.Password
> - `authentik.policies.reputation` - authentik Policies.Reputation
> - `authentik.policies` - authentik Policies
> - `authentik.providers.ldap` - authentik Providers.LDAP
> - `authentik.providers.oauth2` - authentik Providers.OAuth2
> - `authentik.providers.proxy` - authentik Providers.Proxy
> - `authentik.providers.radius` - authentik Providers.Radius
> - `authentik.providers.saml` - authentik Providers.SAML
> - `authentik.providers.scim` - authentik Providers.SCIM
> - `authentik.recovery` - authentik Recovery
> - `authentik.sources.ldap` - authentik Sources.LDAP
> - `authentik.sources.oauth` - authentik Sources.OAuth
> - `authentik.sources.plex` - authentik Sources.Plex
> - `authentik.sources.saml` - authentik Sources.SAML
> - `authentik.stages.authenticator_duo` - authentik Stages.Authenticator.Duo
> - `authentik.stages.authenticator_sms` - authentik Stages.Authenticator.SMS
> - `authentik.stages.authenticator_static` - authentik Stages.Authenticator.Static
> - `authentik.stages.authenticator_totp` - authentik Stages.Authenticator.TOTP
> - `authentik.stages.authenticator_validate` - authentik Stages.Authenticator.Validate
> - `authentik.stages.authenticator_webauthn` - authentik Stages.Authenticator.WebAuthn
> - `authentik.stages.captcha` - authentik Stages.Captcha
> - `authentik.stages.consent` - authentik Stages.Consent
> - `authentik.stages.deny` - authentik Stages.Deny
> - `authentik.stages.dummy` - authentik Stages.Dummy
> - `authentik.stages.email` - authentik Stages.Email
> - `authentik.stages.identification` - authentik Stages.Identification
> - `authentik.stages.invitation` - authentik Stages.User Invitation
> - `authentik.stages.password` - authentik Stages.Password
> - `authentik.stages.prompt` - authentik Stages.Prompt
> - `authentik.stages.user_delete` - authentik Stages.User Delete
> - `authentik.stages.user_login` - authentik Stages.User Login
> - `authentik.stages.user_logout` - authentik Stages.User Logout
> - `authentik.stages.user_write` - authentik Stages.User Write
> - `authentik.tenants` - authentik Tenants
> - `authentik.blueprints` - authentik Blueprints
> - `authentik.core` - authentik Core
Added enum value:
- `authentik.providers.radius`
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `app` (string)
> - `authentik.admin` - authentik Admin
> - `authentik.api` - authentik API
> - `authentik.crypto` - authentik Crypto
> - `authentik.events` - authentik Events
> - `authentik.flows` - authentik Flows
> - `authentik.lib` - authentik lib
> - `authentik.outposts` - authentik Outpost
> - `authentik.policies.dummy` - authentik Policies.Dummy
> - `authentik.policies.event_matcher` - authentik Policies.Event Matcher
> - `authentik.policies.expiry` - authentik Policies.Expiry
> - `authentik.policies.expression` - authentik Policies.Expression
> - `authentik.policies.password` - authentik Policies.Password
> - `authentik.policies.reputation` - authentik Policies.Reputation
> - `authentik.policies` - authentik Policies
> - `authentik.providers.ldap` - authentik Providers.LDAP
> - `authentik.providers.oauth2` - authentik Providers.OAuth2
> - `authentik.providers.proxy` - authentik Providers.Proxy
> - `authentik.providers.radius` - authentik Providers.Radius
> - `authentik.providers.saml` - authentik Providers.SAML
> - `authentik.providers.scim` - authentik Providers.SCIM
> - `authentik.recovery` - authentik Recovery
> - `authentik.sources.ldap` - authentik Sources.LDAP
> - `authentik.sources.oauth` - authentik Sources.OAuth
> - `authentik.sources.plex` - authentik Sources.Plex
> - `authentik.sources.saml` - authentik Sources.SAML
> - `authentik.stages.authenticator_duo` - authentik Stages.Authenticator.Duo
> - `authentik.stages.authenticator_sms` - authentik Stages.Authenticator.SMS
> - `authentik.stages.authenticator_static` - authentik Stages.Authenticator.Static
> - `authentik.stages.authenticator_totp` - authentik Stages.Authenticator.TOTP
> - `authentik.stages.authenticator_validate` - authentik Stages.Authenticator.Validate
> - `authentik.stages.authenticator_webauthn` - authentik Stages.Authenticator.WebAuthn
> - `authentik.stages.captcha` - authentik Stages.Captcha
> - `authentik.stages.consent` - authentik Stages.Consent
> - `authentik.stages.deny` - authentik Stages.Deny
> - `authentik.stages.dummy` - authentik Stages.Dummy
> - `authentik.stages.email` - authentik Stages.Email
> - `authentik.stages.identification` - authentik Stages.Identification
> - `authentik.stages.invitation` - authentik Stages.User Invitation
> - `authentik.stages.password` - authentik Stages.Password
> - `authentik.stages.prompt` - authentik Stages.Prompt
> - `authentik.stages.user_delete` - authentik Stages.User Delete
> - `authentik.stages.user_login` - authentik Stages.User Login
> - `authentik.stages.user_logout` - authentik Stages.User Logout
> - `authentik.stages.user_write` - authentik Stages.User Write
> - `authentik.tenants` - authentik Tenants
> - `authentik.blueprints` - authentik Blueprints
> - `authentik.core` - authentik Core
Added enum value:
- `authentik.providers.radius`
##### `PATCH` /policies/event_matcher/{policy_uuid}/
###### Request:
Changed content type : `application/json`
- Changed property `app` (string)
> - `authentik.admin` - authentik Admin
> - `authentik.api` - authentik API
> - `authentik.crypto` - authentik Crypto
> - `authentik.events` - authentik Events
> - `authentik.flows` - authentik Flows
> - `authentik.lib` - authentik lib
> - `authentik.outposts` - authentik Outpost
> - `authentik.policies.dummy` - authentik Policies.Dummy
> - `authentik.policies.event_matcher` - authentik Policies.Event Matcher
> - `authentik.policies.expiry` - authentik Policies.Expiry
> - `authentik.policies.expression` - authentik Policies.Expression
> - `authentik.policies.password` - authentik Policies.Password
> - `authentik.policies.reputation` - authentik Policies.Reputation
> - `authentik.policies` - authentik Policies
> - `authentik.providers.ldap` - authentik Providers.LDAP
> - `authentik.providers.oauth2` - authentik Providers.OAuth2
> - `authentik.providers.proxy` - authentik Providers.Proxy
> - `authentik.providers.radius` - authentik Providers.Radius
> - `authentik.providers.saml` - authentik Providers.SAML
> - `authentik.providers.scim` - authentik Providers.SCIM
> - `authentik.recovery` - authentik Recovery
> - `authentik.sources.ldap` - authentik Sources.LDAP
> - `authentik.sources.oauth` - authentik Sources.OAuth
> - `authentik.sources.plex` - authentik Sources.Plex
> - `authentik.sources.saml` - authentik Sources.SAML
> - `authentik.stages.authenticator_duo` - authentik Stages.Authenticator.Duo
> - `authentik.stages.authenticator_sms` - authentik Stages.Authenticator.SMS
> - `authentik.stages.authenticator_static` - authentik Stages.Authenticator.Static
> - `authentik.stages.authenticator_totp` - authentik Stages.Authenticator.TOTP
> - `authentik.stages.authenticator_validate` - authentik Stages.Authenticator.Validate
> - `authentik.stages.authenticator_webauthn` - authentik Stages.Authenticator.WebAuthn
> - `authentik.stages.captcha` - authentik Stages.Captcha
> - `authentik.stages.consent` - authentik Stages.Consent
> - `authentik.stages.deny` - authentik Stages.Deny
> - `authentik.stages.dummy` - authentik Stages.Dummy
> - `authentik.stages.email` - authentik Stages.Email
> - `authentik.stages.identification` - authentik Stages.Identification
> - `authentik.stages.invitation` - authentik Stages.User Invitation
> - `authentik.stages.password` - authentik Stages.Password
> - `authentik.stages.prompt` - authentik Stages.Prompt
> - `authentik.stages.user_delete` - authentik Stages.User Delete
> - `authentik.stages.user_login` - authentik Stages.User Login
> - `authentik.stages.user_logout` - authentik Stages.User Logout
> - `authentik.stages.user_write` - authentik Stages.User Write
> - `authentik.tenants` - authentik Tenants
> - `authentik.blueprints` - authentik Blueprints
> - `authentik.core` - authentik Core
Added enum value:
- `authentik.providers.radius`
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `app` (string)
> - `authentik.admin` - authentik Admin
> - `authentik.api` - authentik API
> - `authentik.crypto` - authentik Crypto
> - `authentik.events` - authentik Events
> - `authentik.flows` - authentik Flows
> - `authentik.lib` - authentik lib
> - `authentik.outposts` - authentik Outpost
> - `authentik.policies.dummy` - authentik Policies.Dummy
> - `authentik.policies.event_matcher` - authentik Policies.Event Matcher
> - `authentik.policies.expiry` - authentik Policies.Expiry
> - `authentik.policies.expression` - authentik Policies.Expression
> - `authentik.policies.password` - authentik Policies.Password
> - `authentik.policies.reputation` - authentik Policies.Reputation
> - `authentik.policies` - authentik Policies
> - `authentik.providers.ldap` - authentik Providers.LDAP
> - `authentik.providers.oauth2` - authentik Providers.OAuth2
> - `authentik.providers.proxy` - authentik Providers.Proxy
> - `authentik.providers.radius` - authentik Providers.Radius
> - `authentik.providers.saml` - authentik Providers.SAML
> - `authentik.providers.scim` - authentik Providers.SCIM
> - `authentik.recovery` - authentik Recovery
> - `authentik.sources.ldap` - authentik Sources.LDAP
> - `authentik.sources.oauth` - authentik Sources.OAuth
> - `authentik.sources.plex` - authentik Sources.Plex
> - `authentik.sources.saml` - authentik Sources.SAML
> - `authentik.stages.authenticator_duo` - authentik Stages.Authenticator.Duo
> - `authentik.stages.authenticator_sms` - authentik Stages.Authenticator.SMS
> - `authentik.stages.authenticator_static` - authentik Stages.Authenticator.Static
> - `authentik.stages.authenticator_totp` - authentik Stages.Authenticator.TOTP
> - `authentik.stages.authenticator_validate` - authentik Stages.Authenticator.Validate
> - `authentik.stages.authenticator_webauthn` - authentik Stages.Authenticator.WebAuthn
> - `authentik.stages.captcha` - authentik Stages.Captcha
> - `authentik.stages.consent` - authentik Stages.Consent
> - `authentik.stages.deny` - authentik Stages.Deny
> - `authentik.stages.dummy` - authentik Stages.Dummy
> - `authentik.stages.email` - authentik Stages.Email
> - `authentik.stages.identification` - authentik Stages.Identification
> - `authentik.stages.invitation` - authentik Stages.User Invitation
> - `authentik.stages.password` - authentik Stages.Password
> - `authentik.stages.prompt` - authentik Stages.Prompt
> - `authentik.stages.user_delete` - authentik Stages.User Delete
> - `authentik.stages.user_login` - authentik Stages.User Login
> - `authentik.stages.user_logout` - authentik Stages.User Logout
> - `authentik.stages.user_write` - authentik Stages.User Write
> - `authentik.tenants` - authentik Tenants
> - `authentik.blueprints` - authentik Blueprints
> - `authentik.core` - authentik Core
Added enum value:
- `authentik.providers.radius`
##### `GET` /providers/all/{id}/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Added property `authentication_flow` (string)
> Flow used for authentication when the associated application is accessed by an un-authenticated user.
##### `GET` /providers/oauth2/{id}/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Added property `authentication_flow` (string)
> Flow used for authentication when the associated application is accessed by an un-authenticated user.
##### `PUT` /providers/oauth2/{id}/
###### Request:
Changed content type : `application/json`
- Added property `authentication_flow` (string)
> Flow used for authentication when the associated application is accessed by an un-authenticated user.
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Added property `authentication_flow` (string)
> Flow used for authentication when the associated application is accessed by an un-authenticated user.
##### `PATCH` /providers/oauth2/{id}/
###### Request:
Changed content type : `application/json`
- Added property `authentication_flow` (string)
> Flow used for authentication when the associated application is accessed by an un-authenticated user.
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Added property `authentication_flow` (string)
> Flow used for authentication when the associated application is accessed by an un-authenticated user.
##### `GET` /providers/proxy/{id}/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Added property `authentication_flow` (string)
> Flow used for authentication when the associated application is accessed by an un-authenticated user.
##### `PUT` /providers/proxy/{id}/
###### Request:
Changed content type : `application/json`
- Added property `authentication_flow` (string)
> Flow used for authentication when the associated application is accessed by an un-authenticated user.
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Added property `authentication_flow` (string)
> Flow used for authentication when the associated application is accessed by an un-authenticated user.
##### `PATCH` /providers/proxy/{id}/
###### Request:
Changed content type : `application/json`
- Added property `authentication_flow` (string)
> Flow used for authentication when the associated application is accessed by an un-authenticated user.
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Added property `authentication_flow` (string)
> Flow used for authentication when the associated application is accessed by an un-authenticated user.
##### `GET` /core/applications/{slug}/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `provider_obj` (object)
> Provider Serializer
- Added property `authentication_flow` (string)
> Flow used for authentication when the associated application is accessed by an un-authenticated user.
##### `PUT` /core/applications/{slug}/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `provider_obj` (object)
> Provider Serializer
- Added property `authentication_flow` (string)
> Flow used for authentication when the associated application is accessed by an un-authenticated user.
##### `PATCH` /core/applications/{slug}/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `provider_obj` (object)
> Provider Serializer
- Added property `authentication_flow` (string)
> Flow used for authentication when the associated application is accessed by an un-authenticated user.
##### `GET` /outposts/instances/{uuid}/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `type` (string)
> - `proxy` - Proxy
> - `ldap` - Ldap
> - `radius` - Radius
Added enum value:
- `radius`
- Changed property `providers_obj` (array)
Changed items (object): > Provider Serializer
- Added property `authentication_flow` (string)
> Flow used for authentication when the associated application is accessed by an un-authenticated user.
##### `PUT` /outposts/instances/{uuid}/
###### Request:
Changed content type : `application/json`
- Changed property `type` (string)
> - `proxy` - Proxy
> - `ldap` - Ldap
> - `radius` - Radius
Added enum value:
- `radius`
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `type` (string)
> - `proxy` - Proxy
> - `ldap` - Ldap
> - `radius` - Radius
Added enum value:
- `radius`
- Changed property `providers_obj` (array)
Changed items (object): > Provider Serializer
- Added property `authentication_flow` (string)
> Flow used for authentication when the associated application is accessed by an un-authenticated user.
##### `PATCH` /outposts/instances/{uuid}/
###### Request:
Changed content type : `application/json`
- Changed property `type` (string)
> - `proxy` - Proxy
> - `ldap` - Ldap
> - `radius` - Radius
Added enum value:
- `radius`
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `type` (string)
> - `proxy` - Proxy
> - `ldap` - Ldap
> - `radius` - Radius
Added enum value:
- `radius`
- Changed property `providers_obj` (array)
Changed items (object): > Provider Serializer
- Added property `authentication_flow` (string)
> Flow used for authentication when the associated application is accessed by an un-authenticated user.
##### `POST` /policies/event_matcher/
###### Request:
Changed content type : `application/json`
- Changed property `app` (string)
> - `authentik.admin` - authentik Admin
> - `authentik.api` - authentik API
> - `authentik.crypto` - authentik Crypto
> - `authentik.events` - authentik Events
> - `authentik.flows` - authentik Flows
> - `authentik.lib` - authentik lib
> - `authentik.outposts` - authentik Outpost
> - `authentik.policies.dummy` - authentik Policies.Dummy
> - `authentik.policies.event_matcher` - authentik Policies.Event Matcher
> - `authentik.policies.expiry` - authentik Policies.Expiry
> - `authentik.policies.expression` - authentik Policies.Expression
> - `authentik.policies.password` - authentik Policies.Password
> - `authentik.policies.reputation` - authentik Policies.Reputation
> - `authentik.policies` - authentik Policies
> - `authentik.providers.ldap` - authentik Providers.LDAP
> - `authentik.providers.oauth2` - authentik Providers.OAuth2
> - `authentik.providers.proxy` - authentik Providers.Proxy
> - `authentik.providers.radius` - authentik Providers.Radius
> - `authentik.providers.saml` - authentik Providers.SAML
> - `authentik.providers.scim` - authentik Providers.SCIM
> - `authentik.recovery` - authentik Recovery
> - `authentik.sources.ldap` - authentik Sources.LDAP
> - `authentik.sources.oauth` - authentik Sources.OAuth
> - `authentik.sources.plex` - authentik Sources.Plex
> - `authentik.sources.saml` - authentik Sources.SAML
> - `authentik.stages.authenticator_duo` - authentik Stages.Authenticator.Duo
> - `authentik.stages.authenticator_sms` - authentik Stages.Authenticator.SMS
> - `authentik.stages.authenticator_static` - authentik Stages.Authenticator.Static
> - `authentik.stages.authenticator_totp` - authentik Stages.Authenticator.TOTP
> - `authentik.stages.authenticator_validate` - authentik Stages.Authenticator.Validate
> - `authentik.stages.authenticator_webauthn` - authentik Stages.Authenticator.WebAuthn
> - `authentik.stages.captcha` - authentik Stages.Captcha
> - `authentik.stages.consent` - authentik Stages.Consent
> - `authentik.stages.deny` - authentik Stages.Deny
> - `authentik.stages.dummy` - authentik Stages.Dummy
> - `authentik.stages.email` - authentik Stages.Email
> - `authentik.stages.identification` - authentik Stages.Identification
> - `authentik.stages.invitation` - authentik Stages.User Invitation
> - `authentik.stages.password` - authentik Stages.Password
> - `authentik.stages.prompt` - authentik Stages.Prompt
> - `authentik.stages.user_delete` - authentik Stages.User Delete
> - `authentik.stages.user_login` - authentik Stages.User Login
> - `authentik.stages.user_logout` - authentik Stages.User Logout
> - `authentik.stages.user_write` - authentik Stages.User Write
> - `authentik.tenants` - authentik Tenants
> - `authentik.blueprints` - authentik Blueprints
> - `authentik.core` - authentik Core
Added enum value:
- `authentik.providers.radius`
###### Return Type:
Changed response : **201 Created**
- Changed content type : `application/json`
- Changed property `app` (string)
> - `authentik.admin` - authentik Admin
> - `authentik.api` - authentik API
> - `authentik.crypto` - authentik Crypto
> - `authentik.events` - authentik Events
> - `authentik.flows` - authentik Flows
> - `authentik.lib` - authentik lib
> - `authentik.outposts` - authentik Outpost
> - `authentik.policies.dummy` - authentik Policies.Dummy
> - `authentik.policies.event_matcher` - authentik Policies.Event Matcher
> - `authentik.policies.expiry` - authentik Policies.Expiry
> - `authentik.policies.expression` - authentik Policies.Expression
> - `authentik.policies.password` - authentik Policies.Password
> - `authentik.policies.reputation` - authentik Policies.Reputation
> - `authentik.policies` - authentik Policies
> - `authentik.providers.ldap` - authentik Providers.LDAP
> - `authentik.providers.oauth2` - authentik Providers.OAuth2
> - `authentik.providers.proxy` - authentik Providers.Proxy
> - `authentik.providers.radius` - authentik Providers.Radius
> - `authentik.providers.saml` - authentik Providers.SAML
> - `authentik.providers.scim` - authentik Providers.SCIM
> - `authentik.recovery` - authentik Recovery
> - `authentik.sources.ldap` - authentik Sources.LDAP
> - `authentik.sources.oauth` - authentik Sources.OAuth
> - `authentik.sources.plex` - authentik Sources.Plex
> - `authentik.sources.saml` - authentik Sources.SAML
> - `authentik.stages.authenticator_duo` - authentik Stages.Authenticator.Duo
> - `authentik.stages.authenticator_sms` - authentik Stages.Authenticator.SMS
> - `authentik.stages.authenticator_static` - authentik Stages.Authenticator.Static
> - `authentik.stages.authenticator_totp` - authentik Stages.Authenticator.TOTP
> - `authentik.stages.authenticator_validate` - authentik Stages.Authenticator.Validate
> - `authentik.stages.authenticator_webauthn` - authentik Stages.Authenticator.WebAuthn
> - `authentik.stages.captcha` - authentik Stages.Captcha
> - `authentik.stages.consent` - authentik Stages.Consent
> - `authentik.stages.deny` - authentik Stages.Deny
> - `authentik.stages.dummy` - authentik Stages.Dummy
> - `authentik.stages.email` - authentik Stages.Email
> - `authentik.stages.identification` - authentik Stages.Identification
> - `authentik.stages.invitation` - authentik Stages.User Invitation
> - `authentik.stages.password` - authentik Stages.Password
> - `authentik.stages.prompt` - authentik Stages.Prompt
> - `authentik.stages.user_delete` - authentik Stages.User Delete
> - `authentik.stages.user_login` - authentik Stages.User Login
> - `authentik.stages.user_logout` - authentik Stages.User Logout
> - `authentik.stages.user_write` - authentik Stages.User Write
> - `authentik.tenants` - authentik Tenants
> - `authentik.blueprints` - authentik Blueprints
> - `authentik.core` - authentik Core
Added enum value:
- `authentik.providers.radius`
##### `GET` /policies/event_matcher/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `results` (array)
Changed items (object): > Event Matcher Policy Serializer
- Changed property `app` (string)
> - `authentik.admin` - authentik Admin
> - `authentik.api` - authentik API
> - `authentik.crypto` - authentik Crypto
> - `authentik.events` - authentik Events
> - `authentik.flows` - authentik Flows
> - `authentik.lib` - authentik lib
> - `authentik.outposts` - authentik Outpost
> - `authentik.policies.dummy` - authentik Policies.Dummy
> - `authentik.policies.event_matcher` - authentik Policies.Event Matcher
> - `authentik.policies.expiry` - authentik Policies.Expiry
> - `authentik.policies.expression` - authentik Policies.Expression
> - `authentik.policies.password` - authentik Policies.Password
> - `authentik.policies.reputation` - authentik Policies.Reputation
> - `authentik.policies` - authentik Policies
> - `authentik.providers.ldap` - authentik Providers.LDAP
> - `authentik.providers.oauth2` - authentik Providers.OAuth2
> - `authentik.providers.proxy` - authentik Providers.Proxy
> - `authentik.providers.radius` - authentik Providers.Radius
> - `authentik.providers.saml` - authentik Providers.SAML
> - `authentik.providers.scim` - authentik Providers.SCIM
> - `authentik.recovery` - authentik Recovery
> - `authentik.sources.ldap` - authentik Sources.LDAP
> - `authentik.sources.oauth` - authentik Sources.OAuth
> - `authentik.sources.plex` - authentik Sources.Plex
> - `authentik.sources.saml` - authentik Sources.SAML
> - `authentik.stages.authenticator_duo` - authentik Stages.Authenticator.Duo
> - `authentik.stages.authenticator_sms` - authentik Stages.Authenticator.SMS
> - `authentik.stages.authenticator_static` - authentik Stages.Authenticator.Static
> - `authentik.stages.authenticator_totp` - authentik Stages.Authenticator.TOTP
> - `authentik.stages.authenticator_validate` - authentik Stages.Authenticator.Validate
> - `authentik.stages.authenticator_webauthn` - authentik Stages.Authenticator.WebAuthn
> - `authentik.stages.captcha` - authentik Stages.Captcha
> - `authentik.stages.consent` - authentik Stages.Consent
> - `authentik.stages.deny` - authentik Stages.Deny
> - `authentik.stages.dummy` - authentik Stages.Dummy
> - `authentik.stages.email` - authentik Stages.Email
> - `authentik.stages.identification` - authentik Stages.Identification
> - `authentik.stages.invitation` - authentik Stages.User Invitation
> - `authentik.stages.password` - authentik Stages.Password
> - `authentik.stages.prompt` - authentik Stages.Prompt
> - `authentik.stages.user_delete` - authentik Stages.User Delete
> - `authentik.stages.user_login` - authentik Stages.User Login
> - `authentik.stages.user_logout` - authentik Stages.User Logout
> - `authentik.stages.user_write` - authentik Stages.User Write
> - `authentik.tenants` - authentik Tenants
> - `authentik.blueprints` - authentik Blueprints
> - `authentik.core` - authentik Core
Added enum value:
- `authentik.providers.radius`
##### `GET` /providers/all/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `results` (array)
Changed items (object): > Provider Serializer
- Added property `authentication_flow` (string)
> Flow used for authentication when the associated application is accessed by an un-authenticated user.
##### `GET` /providers/ldap/{id}/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Added property `authentication_flow` (string)
> Flow used for authentication when the associated application is accessed by an un-authenticated user.
##### `PUT` /providers/ldap/{id}/
###### Request:
Changed content type : `application/json`
- Added property `authentication_flow` (string)
> Flow used for authentication when the associated application is accessed by an un-authenticated user.
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Added property `authentication_flow` (string)
> Flow used for authentication when the associated application is accessed by an un-authenticated user.
##### `PATCH` /providers/ldap/{id}/
###### Request:
Changed content type : `application/json`
- Added property `authentication_flow` (string)
> Flow used for authentication when the associated application is accessed by an un-authenticated user.
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Added property `authentication_flow` (string)
> Flow used for authentication when the associated application is accessed by an un-authenticated user.
##### `POST` /providers/oauth2/
###### Request:
Changed content type : `application/json`
- Added property `authentication_flow` (string)
> Flow used for authentication when the associated application is accessed by an un-authenticated user.
###### Return Type:
Changed response : **201 Created**
- Changed content type : `application/json`
- Added property `authentication_flow` (string)
> Flow used for authentication when the associated application is accessed by an un-authenticated user.
##### `GET` /providers/oauth2/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `results` (array)
Changed items (object): > OAuth2Provider Serializer
- Added property `authentication_flow` (string)
> Flow used for authentication when the associated application is accessed by an un-authenticated user.
##### `POST` /providers/proxy/
###### Request:
Changed content type : `application/json`
- Added property `authentication_flow` (string)
> Flow used for authentication when the associated application is accessed by an un-authenticated user.
###### Return Type:
Changed response : **201 Created**
- Changed content type : `application/json`
- Added property `authentication_flow` (string)
> Flow used for authentication when the associated application is accessed by an un-authenticated user.
##### `GET` /providers/proxy/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `results` (array)
Changed items (object): > ProxyProvider Serializer
- Added property `authentication_flow` (string)
> Flow used for authentication when the associated application is accessed by an un-authenticated user.
##### `GET` /providers/saml/{id}/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Added property `authentication_flow` (string)
> Flow used for authentication when the associated application is accessed by an un-authenticated user.
##### `PUT` /providers/saml/{id}/
###### Request:
Changed content type : `application/json`
- Added property `authentication_flow` (string)
> Flow used for authentication when the associated application is accessed by an un-authenticated user.
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Added property `authentication_flow` (string)
> Flow used for authentication when the associated application is accessed by an un-authenticated user.
##### `PATCH` /providers/saml/{id}/
###### Request:
Changed content type : `application/json`
- Added property `authentication_flow` (string)
> Flow used for authentication when the associated application is accessed by an un-authenticated user.
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Added property `authentication_flow` (string)
> Flow used for authentication when the associated application is accessed by an un-authenticated user.
##### `POST` /core/applications/
###### Return Type:
Changed response : **201 Created**
- Changed content type : `application/json`
- Changed property `provider_obj` (object)
> Provider Serializer
- Added property `authentication_flow` (string)
> Flow used for authentication when the associated application is accessed by an un-authenticated user.
##### `GET` /core/applications/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `results` (array)
Changed items (object): > Application Serializer
- Changed property `provider_obj` (object)
> Provider Serializer
- Added property `authentication_flow` (string)
> Flow used for authentication when the associated application is accessed by an un-authenticated user.
##### `GET` /core/user_consent/{id}/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `application` (object)
> Application Serializer
- Changed property `provider_obj` (object)
> Provider Serializer
- Added property `authentication_flow` (string)
> Flow used for authentication when the associated application is accessed by an un-authenticated user.
##### `GET` /oauth2/access_tokens/{id}/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `provider` (object)
> OAuth2Provider Serializer
- Added property `authentication_flow` (string)
> Flow used for authentication when the associated application is accessed by an un-authenticated user.
##### `GET` /oauth2/authorization_codes/{id}/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `provider` (object)
> OAuth2Provider Serializer
- Added property `authentication_flow` (string)
> Flow used for authentication when the associated application is accessed by an un-authenticated user.
##### `GET` /oauth2/refresh_tokens/{id}/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `provider` (object)
> OAuth2Provider Serializer
- Added property `authentication_flow` (string)
> Flow used for authentication when the associated application is accessed by an un-authenticated user.
##### `POST` /outposts/instances/
###### Request:
Changed content type : `application/json`
- Changed property `type` (string)
> - `proxy` - Proxy
> - `ldap` - Ldap
> - `radius` - Radius
Added enum value:
- `radius`
###### Return Type:
Changed response : **201 Created**
- Changed content type : `application/json`
- Changed property `type` (string)
> - `proxy` - Proxy
> - `ldap` - Ldap
> - `radius` - Radius
Added enum value:
- `radius`
- Changed property `providers_obj` (array)
Changed items (object): > Provider Serializer
- Added property `authentication_flow` (string)
> Flow used for authentication when the associated application is accessed by an un-authenticated user.
##### `GET` /outposts/instances/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `results` (array)
Changed items (object): > Outpost Serializer
- Changed property `type` (string)
> - `proxy` - Proxy
> - `ldap` - Ldap
> - `radius` - Radius
Added enum value:
- `radius`
- Changed property `providers_obj` (array)
Changed items (object): > Provider Serializer
- Added property `authentication_flow` (string)
> Flow used for authentication when the associated application is accessed by an un-authenticated user.
##### `POST` /providers/ldap/
###### Request:
Changed content type : `application/json`
- Added property `authentication_flow` (string)
> Flow used for authentication when the associated application is accessed by an un-authenticated user.
###### Return Type:
Changed response : **201 Created**
- Changed content type : `application/json`
- Added property `authentication_flow` (string)
> Flow used for authentication when the associated application is accessed by an un-authenticated user.
##### `GET` /providers/ldap/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `results` (array)
Changed items (object): > LDAPProvider Serializer
- Added property `authentication_flow` (string)
> Flow used for authentication when the associated application is accessed by an un-authenticated user.
##### `POST` /providers/saml/
###### Request:
Changed content type : `application/json`
- Added property `authentication_flow` (string)
> Flow used for authentication when the associated application is accessed by an un-authenticated user.
###### Return Type:
Changed response : **201 Created**
- Changed content type : `application/json`
- Added property `authentication_flow` (string)
> Flow used for authentication when the associated application is accessed by an un-authenticated user.
##### `GET` /providers/saml/
###### Parameters:
Added: `authentication_flow` in `query`
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `results` (array)
Changed items (object): > SAMLProvider Serializer
- Added property `authentication_flow` (string)
> Flow used for authentication when the associated application is accessed by an un-authenticated user.
##### `GET` /stages/user_login/{stage_uuid}/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Added property `remember_me_offset` (string)
> Offset the session will be extended by when the user picks the remember me option. Default of 0 means that the remember me option will not be shown. (Format: hours=-1;minutes=-2;seconds=-3)
##### `PUT` /stages/user_login/{stage_uuid}/
###### Request:
Changed content type : `application/json`
- Added property `remember_me_offset` (string)
> Offset the session will be extended by when the user picks the remember me option. Default of 0 means that the remember me option will not be shown. (Format: hours=-1;minutes=-2;seconds=-3)
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Added property `remember_me_offset` (string)
> Offset the session will be extended by when the user picks the remember me option. Default of 0 means that the remember me option will not be shown. (Format: hours=-1;minutes=-2;seconds=-3)
##### `PATCH` /stages/user_login/{stage_uuid}/
###### Request:
Changed content type : `application/json`
- Added property `remember_me_offset` (string)
> Offset the session will be extended by when the user picks the remember me option. Default of 0 means that the remember me option will not be shown. (Format: hours=-1;minutes=-2;seconds=-3)
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Added property `remember_me_offset` (string)
> Offset the session will be extended by when the user picks the remember me option. Default of 0 means that the remember me option will not be shown. (Format: hours=-1;minutes=-2;seconds=-3)
##### `GET` /core/user_consent/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `results` (array)
Changed items (object): > UserConsent Serializer
- Changed property `application` (object)
> Application Serializer
- Changed property `provider_obj` (object)
> Provider Serializer
- Added property `authentication_flow` (string)
> Flow used for authentication when the associated application is accessed by an un-authenticated user.
##### `GET` /flows/executor/{flow_slug}/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
Added 'ak-stage-user-login' component:
- Property `type` (string)
> - `native` - NATIVE
> - `shell` - SHELL
> - `redirect` - REDIRECT
Enum values:
- `native`
- `shell`
- `redirect`
- Property `flow_info` (object)
> Contextual flow information for a challenge
- Property `title` (string)
- Property `background` (string)
- Property `cancel_url` (string)
- Property `layout` (string)
> - `stacked` - STACKED
> - `content_left` - CONTENT_LEFT
> - `content_right` - CONTENT_RIGHT
> - `sidebar_left` - SIDEBAR_LEFT
> - `sidebar_right` - SIDEBAR_RIGHT
Enum values:
- `stacked`
- `content_left`
- `content_right`
- `sidebar_left`
- `sidebar_right`
- Property `component` (string)
- Property `response_errors` (object)
- Property `pending_user` (string)
- Property `pending_user_avatar` (string)
Updated `ak-stage-prompt` component:
- Changed property `fields` (array)
Changed items (object): > Serializer for a single Prompt field
New required properties:
- `choices`
* Added property `choices` (array)
Items (string):
* Changed property `type` (string)
> - `text` - Text: Simple Text input
> - `text_area` - Text area: Multiline Text Input.
> - `text_read_only` - Text (read-only): Simple Text input, but cannot be edited.
> - `text_area_read_only` - Text area (read-only): Multiline Text input, but cannot be edited.
> - `username` - Username: Same as Text input, but checks for and prevents duplicate usernames.
> - `email` - Email: Text field with Email type.
> - `password` - Password: Masked input, multiple inputs of this type on the same prompt need to be identical.
> - `number` - Number
> - `checkbox` - Checkbox
> - `radio-button-group` - Fixed choice field rendered as a group of radio buttons.
> - `dropdown` - Fixed choice field rendered as a dropdown.
> - `date` - Date
> - `date-time` - Date Time
> - `file` - File: File upload for arbitrary files. File content will be available in flow context as data-URI
> - `separator` - Separator: Static Separator Line
> - `hidden` - Hidden: Hidden field, can be used to insert data into form.
> - `static` - Static: Static value, displayed as-is.
> - `ak-locale` - authentik: Selection of locales authentik supports
Added enum values:
- `text_area`
- `text_area_read_only`
- `radio-button-group`
- `dropdown`
##### `POST` /flows/executor/{flow_slug}/
###### Request:
Changed content type : `application/json`
Added 'ak-stage-user-login' component:
- Property `component` (string)
- Property `remember_me` (boolean)
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
Added 'ak-stage-user-login' component:
Updated `ak-stage-prompt` component:
- Changed property `fields` (array)
Changed items (object): > Serializer for a single Prompt field
New required properties:
- `choices`
* Added property `choices` (array)
* Changed property `type` (string)
> - `text` - Text: Simple Text input
> - `text_area` - Text area: Multiline Text Input.
> - `text_read_only` - Text (read-only): Simple Text input, but cannot be edited.
> - `text_area_read_only` - Text area (read-only): Multiline Text input, but cannot be edited.
> - `username` - Username: Same as Text input, but checks for and prevents duplicate usernames.
> - `email` - Email: Text field with Email type.
> - `password` - Password: Masked input, multiple inputs of this type on the same prompt need to be identical.
> - `number` - Number
> - `checkbox` - Checkbox
> - `radio-button-group` - Fixed choice field rendered as a group of radio buttons.
> - `dropdown` - Fixed choice field rendered as a dropdown.
> - `date` - Date
> - `date-time` - Date Time
> - `file` - File: File upload for arbitrary files. File content will be available in flow context as data-URI
> - `separator` - Separator: Static Separator Line
> - `hidden` - Hidden: Hidden field, can be used to insert data into form.
> - `static` - Static: Static value, displayed as-is.
> - `ak-locale` - authentik: Selection of locales authentik supports
Added enum values:
- `text_area`
- `text_area_read_only`
- `radio-button-group`
- `dropdown`
##### `GET` /oauth2/access_tokens/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `results` (array)
Changed items (object): > Serializer for BaseGrantModel and RefreshToken
- Changed property `provider` (object)
> OAuth2Provider Serializer
- Added property `authentication_flow` (string)
> Flow used for authentication when the associated application is accessed by an un-authenticated user.
##### `GET` /oauth2/authorization_codes/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `results` (array)
Changed items (object): > Serializer for BaseGrantModel and ExpiringBaseGrant
- Changed property `provider` (object)
> OAuth2Provider Serializer
- Added property `authentication_flow` (string)
> Flow used for authentication when the associated application is accessed by an un-authenticated user.
##### `GET` /oauth2/refresh_tokens/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `results` (array)
Changed items (object): > Serializer for BaseGrantModel and RefreshToken
- Changed property `provider` (object)
> OAuth2Provider Serializer
- Added property `authentication_flow` (string)
> Flow used for authentication when the associated application is accessed by an un-authenticated user.
##### `GET` /stages/prompt/prompts/{prompt_uuid}/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `placeholder` (string)
> When creating a Radio Button Group or Dropdown, enable interpreting as expression and return a list to return multiple choices.
- Changed property `type` (string)
> - `text` - Text: Simple Text input
> - `text_area` - Text area: Multiline Text Input.
> - `text_read_only` - Text (read-only): Simple Text input, but cannot be edited.
> - `text_area_read_only` - Text area (read-only): Multiline Text input, but cannot be edited.
> - `username` - Username: Same as Text input, but checks for and prevents duplicate usernames.
> - `email` - Email: Text field with Email type.
> - `password` - Password: Masked input, multiple inputs of this type on the same prompt need to be identical.
> - `number` - Number
> - `checkbox` - Checkbox
> - `radio-button-group` - Fixed choice field rendered as a group of radio buttons.
> - `dropdown` - Fixed choice field rendered as a dropdown.
> - `date` - Date
> - `date-time` - Date Time
> - `file` - File: File upload for arbitrary files. File content will be available in flow context as data-URI
> - `separator` - Separator: Static Separator Line
> - `hidden` - Hidden: Hidden field, can be used to insert data into form.
> - `static` - Static: Static value, displayed as-is.
> - `ak-locale` - authentik: Selection of locales authentik supports
Added enum values:
- `text_area`
- `text_area_read_only`
- `radio-button-group`
- `dropdown`
##### `PUT` /stages/prompt/prompts/{prompt_uuid}/
###### Request:
Changed content type : `application/json`
- Changed property `placeholder` (string)
> When creating a Radio Button Group or Dropdown, enable interpreting as expression and return a list to return multiple choices.
- Changed property `type` (string)
> - `text` - Text: Simple Text input
> - `text_area` - Text area: Multiline Text Input.
> - `text_read_only` - Text (read-only): Simple Text input, but cannot be edited.
> - `text_area_read_only` - Text area (read-only): Multiline Text input, but cannot be edited.
> - `username` - Username: Same as Text input, but checks for and prevents duplicate usernames.
> - `email` - Email: Text field with Email type.
> - `password` - Password: Masked input, multiple inputs of this type on the same prompt need to be identical.
> - `number` - Number
> - `checkbox` - Checkbox
> - `radio-button-group` - Fixed choice field rendered as a group of radio buttons.
> - `dropdown` - Fixed choice field rendered as a dropdown.
> - `date` - Date
> - `date-time` - Date Time
> - `file` - File: File upload for arbitrary files. File content will be available in flow context as data-URI
> - `separator` - Separator: Static Separator Line
> - `hidden` - Hidden: Hidden field, can be used to insert data into form.
> - `static` - Static: Static value, displayed as-is.
> - `ak-locale` - authentik: Selection of locales authentik supports
Added enum values:
- `text_area`
- `text_area_read_only`
- `radio-button-group`
- `dropdown`
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `placeholder` (string)
> When creating a Radio Button Group or Dropdown, enable interpreting as expression and return a list to return multiple choices.
- Changed property `type` (string)
> - `text` - Text: Simple Text input
> - `text_area` - Text area: Multiline Text Input.
> - `text_read_only` - Text (read-only): Simple Text input, but cannot be edited.
> - `text_area_read_only` - Text area (read-only): Multiline Text input, but cannot be edited.
> - `username` - Username: Same as Text input, but checks for and prevents duplicate usernames.
> - `email` - Email: Text field with Email type.
> - `password` - Password: Masked input, multiple inputs of this type on the same prompt need to be identical.
> - `number` - Number
> - `checkbox` - Checkbox
> - `radio-button-group` - Fixed choice field rendered as a group of radio buttons.
> - `dropdown` - Fixed choice field rendered as a dropdown.
> - `date` - Date
> - `date-time` - Date Time
> - `file` - File: File upload for arbitrary files. File content will be available in flow context as data-URI
> - `separator` - Separator: Static Separator Line
> - `hidden` - Hidden: Hidden field, can be used to insert data into form.
> - `static` - Static: Static value, displayed as-is.
> - `ak-locale` - authentik: Selection of locales authentik supports
Added enum values:
- `text_area`
- `text_area_read_only`
- `radio-button-group`
- `dropdown`
##### `PATCH` /stages/prompt/prompts/{prompt_uuid}/
###### Request:
Changed content type : `application/json`
- Changed property `placeholder` (string)
> When creating a Radio Button Group or Dropdown, enable interpreting as expression and return a list to return multiple choices.
- Changed property `type` (string)
> - `text` - Text: Simple Text input
> - `text_area` - Text area: Multiline Text Input.
> - `text_read_only` - Text (read-only): Simple Text input, but cannot be edited.
> - `text_area_read_only` - Text area (read-only): Multiline Text input, but cannot be edited.
> - `username` - Username: Same as Text input, but checks for and prevents duplicate usernames.
> - `email` - Email: Text field with Email type.
> - `password` - Password: Masked input, multiple inputs of this type on the same prompt need to be identical.
> - `number` - Number
> - `checkbox` - Checkbox
> - `radio-button-group` - Fixed choice field rendered as a group of radio buttons.
> - `dropdown` - Fixed choice field rendered as a dropdown.
> - `date` - Date
> - `date-time` - Date Time
> - `file` - File: File upload for arbitrary files. File content will be available in flow context as data-URI
> - `separator` - Separator: Static Separator Line
> - `hidden` - Hidden: Hidden field, can be used to insert data into form.
> - `static` - Static: Static value, displayed as-is.
> - `ak-locale` - authentik: Selection of locales authentik supports
Added enum values:
- `text_area`
- `text_area_read_only`
- `radio-button-group`
- `dropdown`
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `placeholder` (string)
> When creating a Radio Button Group or Dropdown, enable interpreting as expression and return a list to return multiple choices.
- Changed property `type` (string)
> - `text` - Text: Simple Text input
> - `text_area` - Text area: Multiline Text Input.
> - `text_read_only` - Text (read-only): Simple Text input, but cannot be edited.
> - `text_area_read_only` - Text area (read-only): Multiline Text input, but cannot be edited.
> - `username` - Username: Same as Text input, but checks for and prevents duplicate usernames.
> - `email` - Email: Text field with Email type.
> - `password` - Password: Masked input, multiple inputs of this type on the same prompt need to be identical.
> - `number` - Number
> - `checkbox` - Checkbox
> - `radio-button-group` - Fixed choice field rendered as a group of radio buttons.
> - `dropdown` - Fixed choice field rendered as a dropdown.
> - `date` - Date
> - `date-time` - Date Time
> - `file` - File: File upload for arbitrary files. File content will be available in flow context as data-URI
> - `separator` - Separator: Static Separator Line
> - `hidden` - Hidden: Hidden field, can be used to insert data into form.
> - `static` - Static: Static value, displayed as-is.
> - `ak-locale` - authentik: Selection of locales authentik supports
Added enum values:
- `text_area`
- `text_area_read_only`
- `radio-button-group`
- `dropdown`
##### `POST` /stages/user_login/
###### Request:
Changed content type : `application/json`
- Added property `remember_me_offset` (string)
> Offset the session will be extended by when the user picks the remember me option. Default of 0 means that the remember me option will not be shown. (Format: hours=-1;minutes=-2;seconds=-3)
###### Return Type:
Changed response : **201 Created**
- Changed content type : `application/json`
- Added property `remember_me_offset` (string)
> Offset the session will be extended by when the user picks the remember me option. Default of 0 means that the remember me option will not be shown. (Format: hours=-1;minutes=-2;seconds=-3)
##### `GET` /stages/user_login/
###### Parameters:
Added: `remember_me_offset` in `query`
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `results` (array)
Changed items (object): > UserLoginStage Serializer
- Added property `remember_me_offset` (string)
> Offset the session will be extended by when the user picks the remember me option. Default of 0 means that the remember me option will not be shown. (Format: hours=-1;minutes=-2;seconds=-3)
##### `POST` /stages/prompt/prompts/
###### Request:
Changed content type : `application/json`
- Changed property `placeholder` (string)
> When creating a Radio Button Group or Dropdown, enable interpreting as expression and return a list to return multiple choices.
- Changed property `type` (string)
> - `text` - Text: Simple Text input
> - `text_area` - Text area: Multiline Text Input.
> - `text_read_only` - Text (read-only): Simple Text input, but cannot be edited.
> - `text_area_read_only` - Text area (read-only): Multiline Text input, but cannot be edited.
> - `username` - Username: Same as Text input, but checks for and prevents duplicate usernames.
> - `email` - Email: Text field with Email type.
> - `password` - Password: Masked input, multiple inputs of this type on the same prompt need to be identical.
> - `number` - Number
> - `checkbox` - Checkbox
> - `radio-button-group` - Fixed choice field rendered as a group of radio buttons.
> - `dropdown` - Fixed choice field rendered as a dropdown.
> - `date` - Date
> - `date-time` - Date Time
> - `file` - File: File upload for arbitrary files. File content will be available in flow context as data-URI
> - `separator` - Separator: Static Separator Line
> - `hidden` - Hidden: Hidden field, can be used to insert data into form.
> - `static` - Static: Static value, displayed as-is.
> - `ak-locale` - authentik: Selection of locales authentik supports
Added enum values:
- `text_area`
- `text_area_read_only`
- `radio-button-group`
- `dropdown`
###### Return Type:
Changed response : **201 Created**
- Changed content type : `application/json`
- Changed property `placeholder` (string)
> When creating a Radio Button Group or Dropdown, enable interpreting as expression and return a list to return multiple choices.
- Changed property `type` (string)
> - `text` - Text: Simple Text input
> - `text_area` - Text area: Multiline Text Input.
> - `text_read_only` - Text (read-only): Simple Text input, but cannot be edited.
> - `text_area_read_only` - Text area (read-only): Multiline Text input, but cannot be edited.
> - `username` - Username: Same as Text input, but checks for and prevents duplicate usernames.
> - `email` - Email: Text field with Email type.
> - `password` - Password: Masked input, multiple inputs of this type on the same prompt need to be identical.
> - `number` - Number
> - `checkbox` - Checkbox
> - `radio-button-group` - Fixed choice field rendered as a group of radio buttons.
> - `dropdown` - Fixed choice field rendered as a dropdown.
> - `date` - Date
> - `date-time` - Date Time
> - `file` - File: File upload for arbitrary files. File content will be available in flow context as data-URI
> - `separator` - Separator: Static Separator Line
> - `hidden` - Hidden: Hidden field, can be used to insert data into form.
> - `static` - Static: Static value, displayed as-is.
> - `ak-locale` - authentik: Selection of locales authentik supports
Added enum values:
- `text_area`
- `text_area_read_only`
- `radio-button-group`
- `dropdown`
##### `GET` /stages/prompt/prompts/
###### Parameters:
Changed: `type` in `query`
> - `text` - Text: Simple Text input
> - `text_area` - Text area: Multiline Text Input.
> - `text_read_only` - Text (read-only): Simple Text input, but cannot be edited.
> - `text_area_read_only` - Text area (read-only): Multiline Text input, but cannot be edited.
> - `username` - Username: Same as Text input, but checks for and prevents duplicate usernames.
> - `email` - Email: Text field with Email type.
> - `password` - Password: Masked input, multiple inputs of this type on the same prompt need to be identical.
> - `number` - Number
> - `checkbox` - Checkbox
> - `radio-button-group` - Fixed choice field rendered as a group of radio buttons.
> - `dropdown` - Fixed choice field rendered as a dropdown.
> - `date` - Date
> - `date-time` - Date Time
> - `file` - File: File upload for arbitrary files. File content will be available in flow context as data-URI
> - `separator` - Separator: Static Separator Line
> - `hidden` - Hidden: Hidden field, can be used to insert data into form.
> - `static` - Static: Static value, displayed as-is.
> - `ak-locale` - authentik: Selection of locales authentik supports
> - `text` - Text: Simple Text input
> - `text_area` - Text area: Multiline Text Input.
> - `text_read_only` - Text (read-only): Simple Text input, but cannot be edited.
> - `text_area_read_only` - Text area (read-only): Multiline Text input, but cannot be edited.
> - `username` - Username: Same as Text input, but checks for and prevents duplicate usernames.
> - `email` - Email: Text field with Email type.
> - `password` - Password: Masked input, multiple inputs of this type on the same prompt need to be identical.
> - `number` - Number
> - `checkbox` - Checkbox
> - `radio-button-group` - Fixed choice field rendered as a group of radio buttons.
> - `dropdown` - Fixed choice field rendered as a dropdown.
> - `date` - Date
> - `date-time` - Date Time
> - `file` - File: File upload for arbitrary files. File content will be available in flow context as data-URI
> - `separator` - Separator: Static Separator Line
> - `hidden` - Hidden: Hidden field, can be used to insert data into form.
> - `static` - Static: Static value, displayed as-is.
> - `ak-locale` - authentik: Selection of locales authentik supports
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `results` (array)
Changed items (object): > Prompt Serializer
- Changed property `placeholder` (string)
> When creating a Radio Button Group or Dropdown, enable interpreting as expression and return a list to return multiple choices.
- Changed property `type` (string)
> - `text` - Text: Simple Text input
> - `text_area` - Text area: Multiline Text Input.
> - `text_read_only` - Text (read-only): Simple Text input, but cannot be edited.
> - `text_area_read_only` - Text area (read-only): Multiline Text input, but cannot be edited.
> - `username` - Username: Same as Text input, but checks for and prevents duplicate usernames.
> - `email` - Email: Text field with Email type.
> - `password` - Password: Masked input, multiple inputs of this type on the same prompt need to be identical.
> - `number` - Number
> - `checkbox` - Checkbox
> - `radio-button-group` - Fixed choice field rendered as a group of radio buttons.
> - `dropdown` - Fixed choice field rendered as a dropdown.
> - `date` - Date
> - `date-time` - Date Time
> - `file` - File: File upload for arbitrary files. File content will be available in flow context as data-URI
> - `separator` - Separator: Static Separator Line
> - `hidden` - Hidden: Hidden field, can be used to insert data into form.
> - `static` - Static: Static value, displayed as-is.
> - `ak-locale` - authentik: Selection of locales authentik supports
Added enum values:
- `text_area`
- `text_area_read_only`
- `radio-button-group`
- `dropdown`