This repository has been archived on 2024-05-31. You can view files and clone it, but cannot push or open issues or pull requests.
authentik/schema.yml

31636 lines
840 KiB
YAML
Raw Normal View History

openapi: 3.0.3
info:
title: authentik
2022-05-28 10:04:26 +00:00
version: 2022.5.3
description: Making authentication simple.
contact:
email: hello@goauthentik.io
license:
name: GNU GPLv3
url: https://github.com/goauthentik/authentik/blob/main/LICENSE
paths:
/admin/apps/:
get:
operationId: admin_apps_list
description: List current messages and pass into Serializer
tags:
- admin
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/App'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/admin/metrics/:
get:
operationId: admin_metrics_retrieve
description: Login Metrics per 1h
tags:
- admin
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/LoginMetrics'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/admin/system/:
get:
operationId: admin_system_retrieve
description: Get system information.
tags:
- admin
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/System'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/admin/system_tasks/:
get:
operationId: admin_system_tasks_list
description: List system tasks
tags:
- admin
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/Task'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/admin/system_tasks/{id}/:
get:
operationId: admin_system_tasks_retrieve
description: Get a single system task
parameters:
- in: path
name: id
schema:
type: string
required: true
tags:
- admin
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Task'
description: ''
'404':
description: Task not found
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/admin/system_tasks/{id}/retry/:
post:
operationId: admin_system_tasks_retry_create
description: Retry task
parameters:
- in: path
name: id
schema:
type: string
required: true
tags:
- admin
security:
- authentik: []
responses:
'204':
description: Task retried successfully
'404':
description: Task not found
'500':
description: Failed to retry task
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/admin/version/:
get:
operationId: admin_version_retrieve
description: Get running and latest version.
tags:
- admin
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Version'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/admin/workers/:
get:
operationId: admin_workers_retrieve
description: Get currently connected worker count.
tags:
- admin
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Workers'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/authenticators/admin/duo/:
get:
operationId: authenticators_admin_duo_list
description: Viewset for Duo authenticator devices (for admins)
parameters:
- in: query
name: name
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- name: search
required: false
in: query
description: A search term.
schema:
type: string
tags:
- authenticators
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedDuoDeviceList'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
post:
operationId: authenticators_admin_duo_create
description: Viewset for Duo authenticator devices (for admins)
tags:
- authenticators
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/DuoDeviceRequest'
required: true
security:
- authentik: []
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/DuoDevice'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/authenticators/admin/duo/{id}/:
get:
operationId: authenticators_admin_duo_retrieve
description: Viewset for Duo authenticator devices (for admins)
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this Duo Device.
required: true
tags:
- authenticators
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/DuoDevice'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
put:
operationId: authenticators_admin_duo_update
description: Viewset for Duo authenticator devices (for admins)
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this Duo Device.
required: true
tags:
- authenticators
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/DuoDeviceRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/DuoDevice'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
patch:
operationId: authenticators_admin_duo_partial_update
description: Viewset for Duo authenticator devices (for admins)
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this Duo Device.
required: true
tags:
- authenticators
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedDuoDeviceRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/DuoDevice'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
delete:
operationId: authenticators_admin_duo_destroy
description: Viewset for Duo authenticator devices (for admins)
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this Duo Device.
required: true
tags:
- authenticators
security:
- authentik: []
responses:
'204':
description: No response body
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
stages/authenticator_sms: Add SMS Authenticator Stage (#1577) * stages/authenticator_sms: initial implementation Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add initial stage UI Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/elements: clear invalid state when old input was invalid but new input is correct Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: add more logic Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/user: add basic SMS settings Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: initial working version Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: add tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/flows: optimise totp password manager entry on authenticator_validation stage Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/elements: add grouping support for table Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: allow sms class in authenticator stage Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add grouping to more pages Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_validate: add SMS support Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * api: add throttling for flow executor based on session key and pending user Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web: fix style issues Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * ci: add workflow to compile backend translations Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-11 15:51:49 +00:00
/authenticators/admin/sms/:
get:
operationId: authenticators_admin_sms_list
description: Viewset for sms authenticator devices (for admins)
parameters:
- in: query
name: name
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- name: search
required: false
in: query
description: A search term.
schema:
type: string
tags:
- authenticators
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedSMSDeviceList'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/authenticators/admin/sms/{id}/:
get:
operationId: authenticators_admin_sms_retrieve
description: Viewset for sms authenticator devices (for admins)
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this SMS Device.
required: true
tags:
- authenticators
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/SMSDevice'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/authenticators/admin/static/:
get:
operationId: authenticators_admin_static_list
description: Viewset for static authenticator devices (for admins)
parameters:
- in: query
name: name
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- name: search
required: false
in: query
description: A search term.
schema:
type: string
tags:
- authenticators
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedStaticDeviceList'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/authenticators/admin/static/{id}/:
get:
operationId: authenticators_admin_static_retrieve
description: Viewset for static authenticator devices (for admins)
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this static device.
required: true
tags:
- authenticators
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/StaticDevice'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/authenticators/admin/totp/:
get:
operationId: authenticators_admin_totp_list
description: Viewset for totp authenticator devices (for admins)
parameters:
- in: query
name: name
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- name: search
required: false
in: query
description: A search term.
schema:
type: string
tags:
- authenticators
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedTOTPDeviceList'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/authenticators/admin/totp/{id}/:
get:
operationId: authenticators_admin_totp_retrieve
description: Viewset for totp authenticator devices (for admins)
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this TOTP device.
required: true
tags:
- authenticators
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/TOTPDevice'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/authenticators/admin/webauthn/:
get:
operationId: authenticators_admin_webauthn_list
description: Viewset for WebAuthn authenticator devices (for admins)
parameters:
- in: query
name: name
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- name: search
required: false
in: query
description: A search term.
schema:
type: string
tags:
- authenticators
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedWebAuthnDeviceList'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/authenticators/admin/webauthn/{id}/:
get:
operationId: authenticators_admin_webauthn_retrieve
description: Viewset for WebAuthn authenticator devices (for admins)
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this WebAuthn Device.
required: true
tags:
- authenticators
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/WebAuthnDevice'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/authenticators/all/:
get:
operationId: authenticators_all_list
description: Get all devices for current user
tags:
- authenticators
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/Device'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/authenticators/duo/:
get:
operationId: authenticators_duo_list
description: Viewset for Duo authenticator devices
parameters:
- in: query
name: name
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- name: search
required: false
in: query
description: A search term.
schema:
type: string
tags:
- authenticators
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedDuoDeviceList'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/authenticators/duo/{id}/:
get:
operationId: authenticators_duo_retrieve
description: Viewset for Duo authenticator devices
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this Duo Device.
required: true
tags:
- authenticators
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/DuoDevice'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
put:
operationId: authenticators_duo_update
description: Viewset for Duo authenticator devices
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this Duo Device.
required: true
tags:
- authenticators
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/DuoDeviceRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/DuoDevice'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
patch:
operationId: authenticators_duo_partial_update
description: Viewset for Duo authenticator devices
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this Duo Device.
required: true
tags:
- authenticators
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedDuoDeviceRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/DuoDevice'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
delete:
operationId: authenticators_duo_destroy
description: Viewset for Duo authenticator devices
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this Duo Device.
required: true
tags:
- authenticators
security:
- authentik: []
responses:
'204':
description: No response body
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/authenticators/duo/{id}/used_by/:
get:
operationId: authenticators_duo_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this Duo Device.
required: true
tags:
- authenticators
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
stages/authenticator_sms: Add SMS Authenticator Stage (#1577) * stages/authenticator_sms: initial implementation Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add initial stage UI Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/elements: clear invalid state when old input was invalid but new input is correct Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: add more logic Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/user: add basic SMS settings Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: initial working version Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: add tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/flows: optimise totp password manager entry on authenticator_validation stage Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/elements: add grouping support for table Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: allow sms class in authenticator stage Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add grouping to more pages Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_validate: add SMS support Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * api: add throttling for flow executor based on session key and pending user Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web: fix style issues Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * ci: add workflow to compile backend translations Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-11 15:51:49 +00:00
/authenticators/sms/:
get:
operationId: authenticators_sms_list
description: Viewset for sms authenticator devices
parameters:
- in: query
name: name
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- name: search
required: false
in: query
description: A search term.
schema:
type: string
tags:
- authenticators
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedSMSDeviceList'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/authenticators/sms/{id}/:
get:
operationId: authenticators_sms_retrieve
description: Viewset for sms authenticator devices
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this SMS Device.
required: true
tags:
- authenticators
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/SMSDevice'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
put:
operationId: authenticators_sms_update
description: Viewset for sms authenticator devices
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this SMS Device.
required: true
tags:
- authenticators
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/SMSDeviceRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/SMSDevice'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
patch:
operationId: authenticators_sms_partial_update
description: Viewset for sms authenticator devices
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this SMS Device.
required: true
tags:
- authenticators
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedSMSDeviceRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/SMSDevice'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
delete:
operationId: authenticators_sms_destroy
description: Viewset for sms authenticator devices
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this SMS Device.
required: true
tags:
- authenticators
security:
- authentik: []
responses:
'204':
description: No response body
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/authenticators/sms/{id}/used_by/:
get:
operationId: authenticators_sms_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this SMS Device.
required: true
tags:
- authenticators
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/authenticators/static/:
get:
operationId: authenticators_static_list
description: Viewset for static authenticator devices
parameters:
- in: query
name: name
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- name: search
required: false
in: query
description: A search term.
schema:
type: string
tags:
- authenticators
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedStaticDeviceList'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/authenticators/static/{id}/:
get:
operationId: authenticators_static_retrieve
description: Viewset for static authenticator devices
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this static device.
required: true
tags:
- authenticators
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/StaticDevice'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
put:
operationId: authenticators_static_update
description: Viewset for static authenticator devices
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this static device.
required: true
tags:
- authenticators
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/StaticDeviceRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/StaticDevice'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
patch:
operationId: authenticators_static_partial_update
description: Viewset for static authenticator devices
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this static device.
required: true
tags:
- authenticators
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedStaticDeviceRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/StaticDevice'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
delete:
operationId: authenticators_static_destroy
description: Viewset for static authenticator devices
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this static device.
required: true
tags:
- authenticators
security:
- authentik: []
responses:
'204':
description: No response body
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/authenticators/static/{id}/used_by/:
get:
operationId: authenticators_static_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this static device.
required: true
tags:
- authenticators
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/authenticators/totp/:
get:
operationId: authenticators_totp_list
description: Viewset for totp authenticator devices
parameters:
- in: query
name: name
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- name: search
required: false
in: query
description: A search term.
schema:
type: string
tags:
- authenticators
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedTOTPDeviceList'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/authenticators/totp/{id}/:
get:
operationId: authenticators_totp_retrieve
description: Viewset for totp authenticator devices
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this TOTP device.
required: true
tags:
- authenticators
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/TOTPDevice'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
put:
operationId: authenticators_totp_update
description: Viewset for totp authenticator devices
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this TOTP device.
required: true
tags:
- authenticators
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/TOTPDeviceRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/TOTPDevice'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
patch:
operationId: authenticators_totp_partial_update
description: Viewset for totp authenticator devices
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this TOTP device.
required: true
tags:
- authenticators
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedTOTPDeviceRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/TOTPDevice'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
delete:
operationId: authenticators_totp_destroy
description: Viewset for totp authenticator devices
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this TOTP device.
required: true
tags:
- authenticators
security:
- authentik: []
responses:
'204':
description: No response body
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/authenticators/totp/{id}/used_by/:
get:
operationId: authenticators_totp_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this TOTP device.
required: true
tags:
- authenticators
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/authenticators/webauthn/:
get:
operationId: authenticators_webauthn_list
description: Viewset for WebAuthn authenticator devices
parameters:
- in: query
name: name
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- name: search
required: false
in: query
description: A search term.
schema:
type: string
tags:
- authenticators
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedWebAuthnDeviceList'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/authenticators/webauthn/{id}/:
get:
operationId: authenticators_webauthn_retrieve
description: Viewset for WebAuthn authenticator devices
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this WebAuthn Device.
required: true
tags:
- authenticators
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/WebAuthnDevice'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
put:
operationId: authenticators_webauthn_update
description: Viewset for WebAuthn authenticator devices
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this WebAuthn Device.
required: true
tags:
- authenticators
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/WebAuthnDeviceRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/WebAuthnDevice'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
patch:
operationId: authenticators_webauthn_partial_update
description: Viewset for WebAuthn authenticator devices
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this WebAuthn Device.
required: true
tags:
- authenticators
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedWebAuthnDeviceRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/WebAuthnDevice'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
delete:
operationId: authenticators_webauthn_destroy
description: Viewset for WebAuthn authenticator devices
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this WebAuthn Device.
required: true
tags:
- authenticators
security:
- authentik: []
responses:
'204':
description: No response body
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/authenticators/webauthn/{id}/used_by/:
get:
operationId: authenticators_webauthn_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this WebAuthn Device.
required: true
tags:
- authenticators
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/core/applications/:
get:
operationId: core_applications_list
description: Custom list method that checks Policy based access instead of guardian
parameters:
- in: query
name: name
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- name: search
required: false
in: query
description: A search term.
schema:
type: string
- in: query
name: slug
schema:
type: string
- in: query
name: superuser_full_list
schema:
type: boolean
tags:
- core
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedApplicationList'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
post:
operationId: core_applications_create
description: Application Viewset
tags:
- core
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/ApplicationRequest'
required: true
security:
- authentik: []
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/Application'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/core/applications/{slug}/:
get:
operationId: core_applications_retrieve
description: Application Viewset
parameters:
- in: path
name: slug
schema:
type: string
description: Internal application name, used in URLs.
required: true
tags:
- core
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Application'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
put:
operationId: core_applications_update
description: Application Viewset
parameters:
- in: path
name: slug
schema:
type: string
description: Internal application name, used in URLs.
required: true
tags:
- core
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/ApplicationRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Application'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
patch:
operationId: core_applications_partial_update
description: Application Viewset
parameters:
- in: path
name: slug
schema:
type: string
description: Internal application name, used in URLs.
required: true
tags:
- core
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedApplicationRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Application'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
delete:
operationId: core_applications_destroy
description: Application Viewset
parameters:
- in: path
name: slug
schema:
type: string
description: Internal application name, used in URLs.
required: true
tags:
- core
security:
- authentik: []
responses:
'204':
description: No response body
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/core/applications/{slug}/check_access/:
get:
operationId: core_applications_check_access_retrieve
description: Check access to a single application by slug
parameters:
- in: query
name: for_user
schema:
type: integer
- in: path
name: slug
schema:
type: string
description: Internal application name, used in URLs.
required: true
tags:
- core
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PolicyTestResult'
description: ''
'404':
description: for_user user not found
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/core/applications/{slug}/metrics/:
get:
operationId: core_applications_metrics_list
description: Metrics for application logins
parameters:
- in: path
name: slug
schema:
type: string
description: Internal application name, used in URLs.
required: true
tags:
- core
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/Coordinate'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/core/applications/{slug}/set_icon/:
post:
operationId: core_applications_set_icon_create
description: Set application icon
parameters:
- in: path
name: slug
schema:
type: string
description: Internal application name, used in URLs.
required: true
tags:
- core
requestBody:
content:
multipart/form-data:
schema:
$ref: '#/components/schemas/FileUploadRequest'
security:
- authentik: []
responses:
'200':
description: Success
'400':
description: Bad request
'403':
$ref: '#/components/schemas/GenericError'
/core/applications/{slug}/set_icon_url/:
post:
operationId: core_applications_set_icon_url_create
description: Set application icon (as URL)
parameters:
- in: path
name: slug
schema:
type: string
description: Internal application name, used in URLs.
required: true
tags:
- core
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/FilePathRequest'
required: true
security:
- authentik: []
responses:
'200':
description: Success
'400':
description: Bad request
'403':
$ref: '#/components/schemas/GenericError'
/core/applications/{slug}/used_by/:
get:
operationId: core_applications_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: slug
schema:
type: string
description: Internal application name, used in URLs.
required: true
tags:
- core
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/core/authenticated_sessions/:
get:
operationId: core_authenticated_sessions_list
description: AuthenticatedSession Viewset
parameters:
- in: query
name: last_ip
schema:
type: string
- in: query
name: last_user_agent
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- name: search
required: false
in: query
description: A search term.
schema:
type: string
- in: query
name: user__username
schema:
type: string
tags:
- core
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedAuthenticatedSessionList'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/core/authenticated_sessions/{uuid}/:
get:
operationId: core_authenticated_sessions_retrieve
description: AuthenticatedSession Viewset
parameters:
- in: path
name: uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Authenticated Session.
required: true
tags:
- core
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/AuthenticatedSession'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
delete:
operationId: core_authenticated_sessions_destroy
description: AuthenticatedSession Viewset
parameters:
- in: path
name: uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Authenticated Session.
required: true
tags:
- core
security:
- authentik: []
responses:
'204':
description: No response body
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/core/authenticated_sessions/{uuid}/used_by/:
get:
operationId: core_authenticated_sessions_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Authenticated Session.
required: true
tags:
- core
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/core/groups/:
get:
operationId: core_groups_list
description: Group Viewset
parameters:
- in: query
name: attributes
schema:
type: string
description: Attributes
- in: query
name: is_superuser
schema:
type: boolean
- in: query
name: members_by_pk
schema:
type: array
items:
type: integer
explode: true
style: form
- in: query
name: members_by_username
schema:
type: array
items:
type: string
description: Required. 150 characters or fewer. Letters, digits and @/./+/-/_
only.
explode: true
style: form
- in: query
name: name
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- name: search
required: false
in: query
description: A search term.
schema:
type: string
tags:
- core
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedGroupList'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
post:
operationId: core_groups_create
description: Group Viewset
tags:
- core
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/GroupRequest'
required: true
security:
- authentik: []
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/Group'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/core/groups/{group_uuid}/:
get:
operationId: core_groups_retrieve
description: Group Viewset
parameters:
- in: path
name: group_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this group.
required: true
tags:
- core
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Group'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
put:
operationId: core_groups_update
description: Group Viewset
parameters:
- in: path
name: group_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this group.
required: true
tags:
- core
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/GroupRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Group'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
patch:
operationId: core_groups_partial_update
description: Group Viewset
parameters:
- in: path
name: group_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this group.
required: true
tags:
- core
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedGroupRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Group'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
delete:
operationId: core_groups_destroy
description: Group Viewset
parameters:
- in: path
name: group_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this group.
required: true
tags:
- core
security:
- authentik: []
responses:
'204':
description: No response body
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/core/groups/{group_uuid}/used_by/:
get:
operationId: core_groups_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: group_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this group.
required: true
tags:
- core
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/core/tenants/:
get:
operationId: core_tenants_list
description: Tenant Viewset
parameters:
- in: query
name: branding_favicon
schema:
type: string
- in: query
name: branding_logo
schema:
type: string
- in: query
name: branding_title
schema:
type: string
- in: query
name: default
schema:
type: boolean
- in: query
name: domain
schema:
type: string
- in: query
name: event_retention
schema:
type: string
- in: query
name: flow_authentication
schema:
type: string
format: uuid
- in: query
name: flow_invalidation
schema:
type: string
format: uuid
- in: query
name: flow_recovery
schema:
type: string
format: uuid
- in: query
name: flow_unenrollment
schema:
type: string
format: uuid
core: customisable user settings (#2397) * tenants: add user_settings flow, add basic flow and basic new executor Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/user: use flow PromptStage instead of custom stage Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/flows: add tenant to StageHost interface Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/user: fix form missing component Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/user: re-add success message Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/user: improve support for multiple error messages Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/prompt: allow expressions in prompt placeholders Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/prompt: add tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * flows: always set pending user Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * flows: never cache stage configuration flow plans Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/user_write: fix error when pending user is anonymous user Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add checkbox for prompt placeholder expression Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * website/docs: add prompt expression docs Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/prompt: add ak-locale field type Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * tenants: fix default policy Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/user: add function to do global refresh Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/flows: fix rendering of ak-locale Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * tenants: fix default policy, add error handling to placeholder, fix locale attribute Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-02 23:13:06 +00:00
- in: query
name: flow_user_settings
schema:
type: string
format: uuid
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- name: search
required: false
in: query
description: A search term.
schema:
type: string
- in: query
name: tenant_uuid
schema:
type: string
format: uuid
- in: query
name: web_certificate
schema:
type: string
format: uuid
tags:
- core
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedTenantList'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
post:
operationId: core_tenants_create
description: Tenant Viewset
tags:
- core
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/TenantRequest'
required: true
security:
- authentik: []
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/Tenant'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/core/tenants/{tenant_uuid}/:
get:
operationId: core_tenants_retrieve
description: Tenant Viewset
parameters:
- in: path
name: tenant_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Tenant.
required: true
tags:
- core
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Tenant'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
put:
operationId: core_tenants_update
description: Tenant Viewset
parameters:
- in: path
name: tenant_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Tenant.
required: true
tags:
- core
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/TenantRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Tenant'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
patch:
operationId: core_tenants_partial_update
description: Tenant Viewset
parameters:
- in: path
name: tenant_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Tenant.
required: true
tags:
- core
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedTenantRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Tenant'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
delete:
operationId: core_tenants_destroy
description: Tenant Viewset
parameters:
- in: path
name: tenant_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Tenant.
required: true
tags:
- core
security:
- authentik: []
responses:
'204':
description: No response body
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/core/tenants/{tenant_uuid}/used_by/:
get:
operationId: core_tenants_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: tenant_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Tenant.
required: true
tags:
- core
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/core/tenants/current/:
get:
operationId: core_tenants_current_retrieve
description: Get current tenant
tags:
- core
security:
- authentik: []
- {}
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/CurrentTenant'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/core/tokens/:
get:
operationId: core_tokens_list
description: Token Viewset
parameters:
- in: query
name: description
schema:
type: string
- in: query
name: expires
schema:
type: string
format: date-time
- in: query
name: expiring
schema:
type: boolean
- in: query
name: identifier
schema:
type: string
- in: query
name: intent
schema:
type: string
enum:
- api
- app_password
- recovery
- verification
- in: query
name: managed
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- name: search
required: false
in: query
description: A search term.
schema:
type: string
- in: query
name: user__username
schema:
type: string
tags:
- core
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedTokenList'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
post:
operationId: core_tokens_create
description: Token Viewset
tags:
- core
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/TokenRequest'
required: true
security:
- authentik: []
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/Token'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/core/tokens/{identifier}/:
get:
operationId: core_tokens_retrieve
description: Token Viewset
parameters:
- in: path
name: identifier
schema:
type: string
required: true
tags:
- core
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Token'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
put:
operationId: core_tokens_update
description: Token Viewset
parameters:
- in: path
name: identifier
schema:
type: string
required: true
tags:
- core
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/TokenRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Token'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
patch:
operationId: core_tokens_partial_update
description: Token Viewset
parameters:
- in: path
name: identifier
schema:
type: string
required: true
tags:
- core
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedTokenRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Token'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
delete:
operationId: core_tokens_destroy
description: Token Viewset
parameters:
- in: path
name: identifier
schema:
type: string
required: true
tags:
- core
security:
- authentik: []
responses:
'204':
description: No response body
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/core/tokens/{identifier}/set_key/:
post:
operationId: core_tokens_set_key_create
description: Return token key and log access
parameters:
- in: path
name: identifier
schema:
type: string
required: true
tags:
- core
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/TokenSetKeyRequest'
required: true
security:
- authentik: []
responses:
'204':
description: Successfully changed key
'400':
description: Missing key
'404':
description: Token not found or expired
'403':
$ref: '#/components/schemas/GenericError'
/core/tokens/{identifier}/used_by/:
get:
operationId: core_tokens_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: identifier
schema:
type: string
required: true
tags:
- core
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/core/tokens/{identifier}/view_key/:
get:
operationId: core_tokens_view_key_retrieve
description: Return token key and log access
parameters:
- in: path
name: identifier
schema:
type: string
required: true
tags:
- core
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/TokenView'
description: ''
'404':
description: Token not found or expired
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/core/user_consent/:
get:
operationId: core_user_consent_list
description: UserConsent Viewset
parameters:
- in: query
name: application
schema:
type: string
format: uuid
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- name: search
required: false
in: query
description: A search term.
schema:
type: string
- in: query
name: user
schema:
type: integer
tags:
- core
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedUserConsentList'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/core/user_consent/{id}/:
get:
operationId: core_user_consent_retrieve
description: UserConsent Viewset
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this User Consent.
required: true
tags:
- core
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/UserConsent'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
delete:
operationId: core_user_consent_destroy
description: UserConsent Viewset
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this User Consent.
required: true
tags:
- core
security:
- authentik: []
responses:
'204':
description: No response body
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/core/user_consent/{id}/used_by/:
get:
operationId: core_user_consent_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this User Consent.
required: true
tags:
- core
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/core/users/:
get:
operationId: core_users_list
description: User Viewset
parameters:
- in: query
name: attributes
schema:
type: string
description: Attributes
- in: query
name: email
schema:
type: string
- in: query
name: groups_by_name
schema:
type: array
items:
type: string
explode: true
style: form
- in: query
name: groups_by_pk
schema:
type: array
items:
type: string
format: uuid
explode: true
style: form
- in: query
name: is_active
schema:
type: boolean
- in: query
name: is_superuser
schema:
type: boolean
- in: query
name: name
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- name: search
required: false
in: query
description: A search term.
schema:
type: string
- in: query
name: username
schema:
type: string
- in: query
name: uuid
schema:
type: string
tags:
- core
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedUserList'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
post:
operationId: core_users_create
description: User Viewset
tags:
- core
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/UserRequest'
required: true
security:
- authentik: []
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/User'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/core/users/{id}/:
get:
operationId: core_users_retrieve
description: User Viewset
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this User.
required: true
tags:
- core
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/User'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
put:
operationId: core_users_update
description: User Viewset
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this User.
required: true
tags:
- core
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/UserRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/User'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
patch:
operationId: core_users_partial_update
description: User Viewset
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this User.
required: true
tags:
- core
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedUserRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/User'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
delete:
operationId: core_users_destroy
description: User Viewset
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this User.
required: true
tags:
- core
security:
- authentik: []
responses:
'204':
description: No response body
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/core/users/{id}/metrics/:
get:
operationId: core_users_metrics_retrieve
description: User metrics per 1h
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this User.
required: true
tags:
- core
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/UserMetrics'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/core/users/{id}/recovery/:
get:
operationId: core_users_recovery_retrieve
description: Create a temporary link that a user can use to recover their accounts
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this User.
required: true
tags:
- core
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Link'
description: ''
'404':
content:
application/json:
schema:
$ref: '#/components/schemas/Link'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/core/users/{id}/recovery_email/:
get:
operationId: core_users_recovery_email_retrieve
description: Create a temporary link that a user can use to recover their accounts
parameters:
- in: query
name: email_stage
schema:
type: string
required: true
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this User.
required: true
tags:
- core
security:
- authentik: []
responses:
'204':
description: Successfully sent recover email
'404':
description: Bad request
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/core/users/{id}/set_password/:
post:
operationId: core_users_set_password_create
description: Set password for user
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this User.
required: true
tags:
- core
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/UserPasswordSetRequest'
required: true
security:
- authentik: []
responses:
'204':
description: Successfully changed password
'400':
description: Bad request
'403':
$ref: '#/components/schemas/GenericError'
/core/users/{id}/used_by/:
get:
operationId: core_users_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this User.
required: true
tags:
- core
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/core/users/me/:
get:
operationId: core_users_me_retrieve
description: Get information about current user
tags:
- core
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/SessionUser'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/core/users/service_account/:
post:
operationId: core_users_service_account_create
description: Create a new user account that is marked as a service account
tags:
- core
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/UserServiceAccountRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/UserServiceAccountResponse'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/crypto/certificatekeypairs/:
get:
operationId: crypto_certificatekeypairs_list
description: CertificateKeyPair Viewset
parameters:
- in: query
name: has_key
schema:
type: boolean
description: Only return certificate-key pairs with keys
- in: query
name: managed
schema:
type: string
- in: query
name: name
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- name: search
required: false
in: query
description: A search term.
schema:
type: string
tags:
- crypto
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedCertificateKeyPairList'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
post:
operationId: crypto_certificatekeypairs_create
description: CertificateKeyPair Viewset
tags:
- crypto
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/CertificateKeyPairRequest'
required: true
security:
- authentik: []
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/CertificateKeyPair'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/crypto/certificatekeypairs/{kp_uuid}/:
get:
operationId: crypto_certificatekeypairs_retrieve
description: CertificateKeyPair Viewset
parameters:
- in: path
name: kp_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Certificate-Key Pair.
required: true
tags:
- crypto
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/CertificateKeyPair'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
put:
operationId: crypto_certificatekeypairs_update
description: CertificateKeyPair Viewset
parameters:
- in: path
name: kp_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Certificate-Key Pair.
required: true
tags:
- crypto
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/CertificateKeyPairRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/CertificateKeyPair'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
patch:
operationId: crypto_certificatekeypairs_partial_update
description: CertificateKeyPair Viewset
parameters:
- in: path
name: kp_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Certificate-Key Pair.
required: true
tags:
- crypto
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedCertificateKeyPairRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/CertificateKeyPair'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
delete:
operationId: crypto_certificatekeypairs_destroy
description: CertificateKeyPair Viewset
parameters:
- in: path
name: kp_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Certificate-Key Pair.
required: true
tags:
- crypto
security:
- authentik: []
responses:
'204':
description: No response body
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/crypto/certificatekeypairs/{kp_uuid}/used_by/:
get:
operationId: crypto_certificatekeypairs_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: kp_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Certificate-Key Pair.
required: true
tags:
- crypto
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/crypto/certificatekeypairs/{kp_uuid}/view_certificate/:
get:
operationId: crypto_certificatekeypairs_view_certificate_retrieve
description: Return certificate-key pairs certificate and log access
parameters:
- in: query
name: download
schema:
type: boolean
- in: path
name: kp_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Certificate-Key Pair.
required: true
tags:
- crypto
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/CertificateData'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/crypto/certificatekeypairs/{kp_uuid}/view_private_key/:
get:
operationId: crypto_certificatekeypairs_view_private_key_retrieve
description: Return certificate-key pairs private key and log access
parameters:
- in: query
name: download
schema:
type: boolean
- in: path
name: kp_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Certificate-Key Pair.
required: true
tags:
- crypto
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/CertificateData'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/crypto/certificatekeypairs/generate/:
post:
operationId: crypto_certificatekeypairs_generate_create
description: Generate a new, self-signed certificate-key pair
tags:
- crypto
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/CertificateGenerationRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/CertificateKeyPair'
description: ''
'400':
description: Bad request
'403':
$ref: '#/components/schemas/GenericError'
/events/events/:
get:
operationId: events_events_list
description: Event Read-Only Viewset
parameters:
- in: query
name: action
schema:
type: string
- in: query
name: client_ip
schema:
type: string
- in: query
name: context_authorized_app
schema:
type: string
description: Context Authorized application
- in: query
name: context_model_app
schema:
type: string
description: Context Model App
- in: query
name: context_model_name
schema:
type: string
description: Context Model Name
- in: query
name: context_model_pk
schema:
type: string
description: Context Model Primary Key
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- name: search
required: false
in: query
description: A search term.
schema:
type: string
- in: query
name: tenant_name
schema:
type: string
description: Tenant name
- in: query
name: username
schema:
type: string
description: Username
tags:
- events
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedEventList'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
post:
operationId: events_events_create
description: Event Read-Only Viewset
tags:
- events
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/EventRequest'
required: true
security:
- authentik: []
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/Event'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/events/events/{event_uuid}/:
get:
operationId: events_events_retrieve
description: Event Read-Only Viewset
parameters:
- in: path
name: event_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Event.
required: true
tags:
- events
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Event'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
put:
operationId: events_events_update
description: Event Read-Only Viewset
parameters:
- in: path
name: event_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Event.
required: true
tags:
- events
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/EventRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Event'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
patch:
operationId: events_events_partial_update
description: Event Read-Only Viewset
parameters:
- in: path
name: event_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Event.
required: true
tags:
- events
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedEventRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Event'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
delete:
operationId: events_events_destroy
description: Event Read-Only Viewset
parameters:
- in: path
name: event_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Event.
required: true
tags:
- events
security:
- authentik: []
responses:
'204':
description: No response body
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/events/events/actions/:
get:
operationId: events_events_actions_list
description: Get all actions
tags:
- events
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/TypeCreate'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/events/events/per_month/:
get:
operationId: events_events_per_month_list
description: Get the count of events per month
parameters:
- in: query
name: action
schema:
type: string
- in: query
name: query
schema:
type: string
tags:
- events
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/Coordinate'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/events/events/top_per_user/:
get:
operationId: events_events_top_per_user_list
description: Get the top_n events grouped by user count
parameters:
- in: query
name: action
schema:
type: string
- in: query
name: top_n
schema:
type: integer
tags:
- events
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/EventTopPerUser'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/events/notifications/:
get:
operationId: events_notifications_list
description: Notification Viewset
parameters:
- in: query
name: body
schema:
type: string
- in: query
name: created
schema:
type: string
format: date-time
- in: query
name: event
schema:
type: string
format: uuid
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- name: search
required: false
in: query
description: A search term.
schema:
type: string
- in: query
name: seen
schema:
type: boolean
- in: query
name: severity
schema:
type: string
enum:
- alert
- notice
- warning
- in: query
name: user
schema:
type: integer
tags:
- events
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedNotificationList'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/events/notifications/{uuid}/:
get:
operationId: events_notifications_retrieve
description: Notification Viewset
parameters:
- in: path
name: uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Notification.
required: true
tags:
- events
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Notification'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
put:
operationId: events_notifications_update
description: Notification Viewset
parameters:
- in: path
name: uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Notification.
required: true
tags:
- events
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/NotificationRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Notification'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
patch:
operationId: events_notifications_partial_update
description: Notification Viewset
parameters:
- in: path
name: uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Notification.
required: true
tags:
- events
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedNotificationRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Notification'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
delete:
operationId: events_notifications_destroy
description: Notification Viewset
parameters:
- in: path
name: uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Notification.
required: true
tags:
- events
security:
- authentik: []
responses:
'204':
description: No response body
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/events/notifications/{uuid}/used_by/:
get:
operationId: events_notifications_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Notification.
required: true
tags:
- events
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/events/notifications/mark_all_seen/:
post:
operationId: events_notifications_mark_all_seen_create
description: Mark all the user's notifications as seen
tags:
- events
security:
- authentik: []
responses:
'204':
description: Marked tasks as read successfully.
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/events/rules/:
get:
operationId: events_rules_list
description: NotificationRule Viewset
parameters:
- in: query
name: group__name
schema:
type: string
- in: query
name: name
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- name: search
required: false
in: query
description: A search term.
schema:
type: string
- in: query
name: severity
schema:
type: string
enum:
- alert
- notice
- warning
description: Controls which severity level the created notifications will
have.
tags:
- events
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedNotificationRuleList'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
post:
operationId: events_rules_create
description: NotificationRule Viewset
tags:
- events
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/NotificationRuleRequest'
required: true
security:
- authentik: []
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/NotificationRule'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/events/rules/{pbm_uuid}/:
get:
operationId: events_rules_retrieve
description: NotificationRule Viewset
parameters:
- in: path
name: pbm_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Notification Rule.
required: true
tags:
- events
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/NotificationRule'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
put:
operationId: events_rules_update
description: NotificationRule Viewset
parameters:
- in: path
name: pbm_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Notification Rule.
required: true
tags:
- events
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/NotificationRuleRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/NotificationRule'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
patch:
operationId: events_rules_partial_update
description: NotificationRule Viewset
parameters:
- in: path
name: pbm_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Notification Rule.
required: true
tags:
- events
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedNotificationRuleRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/NotificationRule'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
delete:
operationId: events_rules_destroy
description: NotificationRule Viewset
parameters:
- in: path
name: pbm_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Notification Rule.
required: true
tags:
- events
security:
- authentik: []
responses:
'204':
description: No response body
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/events/rules/{pbm_uuid}/used_by/:
get:
operationId: events_rules_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: pbm_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Notification Rule.
required: true
tags:
- events
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/events/transports/:
get:
operationId: events_transports_list
description: NotificationTransport Viewset
parameters:
- in: query
name: mode
schema:
type: string
enum:
- email
- local
- webhook
- webhook_slack
- in: query
name: name
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- name: search
required: false
in: query
description: A search term.
schema:
type: string
- in: query
name: send_once
schema:
type: boolean
- in: query
name: webhook_url
schema:
type: string
tags:
- events
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedNotificationTransportList'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
post:
operationId: events_transports_create
description: NotificationTransport Viewset
tags:
- events
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/NotificationTransportRequest'
required: true
security:
- authentik: []
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/NotificationTransport'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/events/transports/{uuid}/:
get:
operationId: events_transports_retrieve
description: NotificationTransport Viewset
parameters:
- in: path
name: uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Notification Transport.
required: true
tags:
- events
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/NotificationTransport'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
put:
operationId: events_transports_update
description: NotificationTransport Viewset
parameters:
- in: path
name: uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Notification Transport.
required: true
tags:
- events
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/NotificationTransportRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/NotificationTransport'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
patch:
operationId: events_transports_partial_update
description: NotificationTransport Viewset
parameters:
- in: path
name: uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Notification Transport.
required: true
tags:
- events
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedNotificationTransportRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/NotificationTransport'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
delete:
operationId: events_transports_destroy
description: NotificationTransport Viewset
parameters:
- in: path
name: uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Notification Transport.
required: true
tags:
- events
security:
- authentik: []
responses:
'204':
description: No response body
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/events/transports/{uuid}/test/:
post:
operationId: events_transports_test_create
description: |-
Send example notification using selected transport. Requires
Modify permissions.
parameters:
- in: path
name: uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Notification Transport.
required: true
tags:
- events
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/NotificationTransportTest'
description: ''
'500':
description: Failed to test transport
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/events/transports/{uuid}/used_by/:
get:
operationId: events_transports_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Notification Transport.
required: true
tags:
- events
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/flows/bindings/:
get:
operationId: flows_bindings_list
description: FlowStageBinding Viewset
parameters:
- in: query
name: evaluate_on_plan
schema:
type: boolean
- in: query
name: fsb_uuid
schema:
type: string
format: uuid
- in: query
name: invalid_response_action
schema:
type: string
enum:
- restart
- restart_with_context
- retry
description: Configure how the flow executor should handle an invalid response
to a challenge. RETRY returns the error message and a similar challenge
to the executor. RESTART restarts the flow from the beginning, and RESTART_WITH_CONTEXT
restarts the flow while keeping the current context.
- in: query
name: order
schema:
type: integer
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- in: query
name: pbm_uuid
schema:
type: string
format: uuid
- in: query
name: policies
schema:
type: array
items:
type: string
format: uuid
explode: true
style: form
- in: query
name: policy_engine_mode
schema:
type: string
enum:
- all
- any
- in: query
name: re_evaluate_policies
schema:
type: boolean
- name: search
required: false
in: query
description: A search term.
schema:
type: string
- in: query
name: stage
schema:
type: string
format: uuid
- in: query
name: target
schema:
type: string
format: uuid
tags:
- flows
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedFlowStageBindingList'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
post:
operationId: flows_bindings_create
description: FlowStageBinding Viewset
tags:
- flows
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/FlowStageBindingRequest'
required: true
security:
- authentik: []
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/FlowStageBinding'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/flows/bindings/{fsb_uuid}/:
get:
operationId: flows_bindings_retrieve
description: FlowStageBinding Viewset
parameters:
- in: path
name: fsb_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Flow Stage Binding.
required: true
tags:
- flows
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/FlowStageBinding'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
put:
operationId: flows_bindings_update
description: FlowStageBinding Viewset
parameters:
- in: path
name: fsb_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Flow Stage Binding.
required: true
tags:
- flows
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/FlowStageBindingRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/FlowStageBinding'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
patch:
operationId: flows_bindings_partial_update
description: FlowStageBinding Viewset
parameters:
- in: path
name: fsb_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Flow Stage Binding.
required: true
tags:
- flows
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedFlowStageBindingRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/FlowStageBinding'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
delete:
operationId: flows_bindings_destroy
description: FlowStageBinding Viewset
parameters:
- in: path
name: fsb_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Flow Stage Binding.
required: true
tags:
- flows
security:
- authentik: []
responses:
'204':
description: No response body
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/flows/bindings/{fsb_uuid}/used_by/:
get:
operationId: flows_bindings_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: fsb_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Flow Stage Binding.
required: true
tags:
- flows
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/flows/executor/{flow_slug}/:
get:
operationId: flows_executor_get
description: Get the next pending challenge from the currently active flow.
parameters:
- in: path
name: flow_slug
schema:
type: string
required: true
- in: query
name: query
schema:
type: string
description: Querystring as received
required: true
tags:
- flows
security:
- authentik: []
- {}
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/ChallengeTypes'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
post:
operationId: flows_executor_solve
description: Solve the previously retrieved challenge and advanced to the next
stage.
parameters:
- in: path
name: flow_slug
schema:
type: string
required: true
- in: query
name: query
schema:
type: string
description: Querystring as received
required: true
tags:
- flows
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/FlowChallengeResponseRequest'
security:
- authentik: []
- {}
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/ChallengeTypes'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
flows: inspector (#1469) * flows: add initial inspector Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * flows: change naming a bit Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/flow: add inspector frame Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * core: don't use shadydom when inspecting Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * flows: add current stage to api Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/*: fix imports Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * flows: deep-copy plan instead of just adding Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/flows: ui Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * flows: restrict inspector to admin Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add buttons to launch flow with inspector Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/flows: don't automatically follow redirects when inspector is open Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * flows: make current_plan optional, only require historry Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/flows: handle error messages in inspector Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/flows: improve UI when flow is done Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * flows: add is_completed flag to inspector Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * flows: fix monkeypatches for tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * flows: add inspector tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * ci: re-enable cache Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-28 07:36:48 +00:00
/flows/inspector/{flow_slug}/:
get:
operationId: flows_inspector_get
description: Get current flow state and record it
parameters:
- in: path
name: flow_slug
schema:
type: string
required: true
tags:
- flows
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/FlowInspection'
description: ''
'400':
description: No flow plan in session.
'403':
$ref: '#/components/schemas/GenericError'
/flows/instances/:
get:
operationId: flows_instances_list
description: Flow Viewset
parameters:
- in: query
name: designation
schema:
type: string
enum:
- authentication
- authorization
- enrollment
- invalidation
- recovery
- stage_configuration
- unenrollment
description: Decides what this Flow is used for. For example, the Authentication
flow is redirect to when an un-authenticated user visits authentik.
- in: query
name: flow_uuid
schema:
type: string
format: uuid
- in: query
name: name
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- name: search
required: false
in: query
description: A search term.
schema:
type: string
- in: query
name: slug
schema:
type: string
tags:
- flows
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedFlowList'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
post:
operationId: flows_instances_create
description: Flow Viewset
tags:
- flows
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/FlowRequest'
required: true
security:
- authentik: []
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/Flow'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/flows/instances/{slug}/:
get:
operationId: flows_instances_retrieve
description: Flow Viewset
parameters:
- in: path
name: slug
schema:
type: string
description: Visible in the URL.
required: true
tags:
- flows
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Flow'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
put:
operationId: flows_instances_update
description: Flow Viewset
parameters:
- in: path
name: slug
schema:
type: string
description: Visible in the URL.
required: true
tags:
- flows
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/FlowRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Flow'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
patch:
operationId: flows_instances_partial_update
description: Flow Viewset
parameters:
- in: path
name: slug
schema:
type: string
description: Visible in the URL.
required: true
tags:
- flows
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedFlowRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Flow'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
delete:
operationId: flows_instances_destroy
description: Flow Viewset
parameters:
- in: path
name: slug
schema:
type: string
description: Visible in the URL.
required: true
tags:
- flows
security:
- authentik: []
responses:
'204':
description: No response body
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/flows/instances/{slug}/diagram/:
get:
operationId: flows_instances_diagram_retrieve
description: Return diagram for flow with slug `slug`, in the format used by
flowchart.js
parameters:
- in: path
name: slug
schema:
type: string
description: Visible in the URL.
required: true
tags:
- flows
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/FlowDiagram'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/flows/instances/{slug}/execute/:
get:
operationId: flows_instances_execute_retrieve
description: Execute flow for current user
parameters:
- in: path
name: slug
schema:
type: string
description: Visible in the URL.
required: true
tags:
- flows
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Link'
description: ''
'400':
description: Flow not applicable
'403':
$ref: '#/components/schemas/GenericError'
/flows/instances/{slug}/export/:
get:
operationId: flows_instances_export_retrieve
description: Export flow to .akflow file
parameters:
- in: path
name: slug
schema:
type: string
description: Visible in the URL.
required: true
tags:
- flows
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: string
format: binary
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/flows/instances/{slug}/set_background/:
post:
operationId: flows_instances_set_background_create
description: Set Flow background
parameters:
- in: path
name: slug
schema:
type: string
description: Visible in the URL.
required: true
tags:
- flows
requestBody:
content:
multipart/form-data:
schema:
$ref: '#/components/schemas/FileUploadRequest'
security:
- authentik: []
responses:
'200':
description: Success
'400':
description: Bad request
'403':
$ref: '#/components/schemas/GenericError'
/flows/instances/{slug}/set_background_url/:
post:
operationId: flows_instances_set_background_url_create
description: Set Flow background (as URL)
parameters:
- in: path
name: slug
schema:
type: string
description: Visible in the URL.
required: true
tags:
- flows
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/FilePathRequest'
required: true
security:
- authentik: []
responses:
'200':
description: Success
'400':
description: Bad request
'403':
$ref: '#/components/schemas/GenericError'
/flows/instances/{slug}/used_by/:
get:
operationId: flows_instances_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: slug
schema:
type: string
description: Visible in the URL.
required: true
tags:
- flows
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/flows/instances/cache_clear/:
post:
operationId: flows_instances_cache_clear_create
description: Clear flow cache
tags:
- flows
security:
- authentik: []
responses:
'204':
description: Successfully cleared cache
'400':
description: Bad request
'403':
$ref: '#/components/schemas/GenericError'
/flows/instances/cache_info/:
get:
operationId: flows_instances_cache_info_retrieve
description: Info about cached flows
tags:
- flows
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Cache'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/flows/instances/import_flow/:
post:
operationId: flows_instances_import_flow_create
description: Import flow from .akflow file
tags:
- flows
requestBody:
content:
multipart/form-data:
schema:
$ref: '#/components/schemas/FileUploadRequest'
security:
- authentik: []
responses:
'204':
description: Successfully imported flow
'400':
description: Bad request
'403':
$ref: '#/components/schemas/GenericError'
/oauth2/authorization_codes/:
get:
operationId: oauth2_authorization_codes_list
description: AuthorizationCode Viewset
parameters:
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- in: query
name: provider
schema:
type: integer
- name: search
required: false
in: query
description: A search term.
schema:
type: string
- in: query
name: user
schema:
type: integer
tags:
- oauth2
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedExpiringBaseGrantModelList'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/oauth2/authorization_codes/{id}/:
get:
operationId: oauth2_authorization_codes_retrieve
description: AuthorizationCode Viewset
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this Authorization Code.
required: true
tags:
- oauth2
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/ExpiringBaseGrantModel'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
delete:
operationId: oauth2_authorization_codes_destroy
description: AuthorizationCode Viewset
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this Authorization Code.
required: true
tags:
- oauth2
security:
- authentik: []
responses:
'204':
description: No response body
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/oauth2/authorization_codes/{id}/used_by/:
get:
operationId: oauth2_authorization_codes_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this Authorization Code.
required: true
tags:
- oauth2
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/oauth2/refresh_tokens/:
get:
operationId: oauth2_refresh_tokens_list
description: RefreshToken Viewset
parameters:
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- in: query
name: provider
schema:
type: integer
- name: search
required: false
in: query
description: A search term.
schema:
type: string
- in: query
name: user
schema:
type: integer
tags:
- oauth2
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedRefreshTokenModelList'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/oauth2/refresh_tokens/{id}/:
get:
operationId: oauth2_refresh_tokens_retrieve
description: RefreshToken Viewset
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this OAuth2 Token.
required: true
tags:
- oauth2
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/RefreshTokenModel'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
delete:
operationId: oauth2_refresh_tokens_destroy
description: RefreshToken Viewset
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this OAuth2 Token.
required: true
tags:
- oauth2
security:
- authentik: []
responses:
'204':
description: No response body
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/oauth2/refresh_tokens/{id}/used_by/:
get:
operationId: oauth2_refresh_tokens_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this OAuth2 Token.
required: true
tags:
- oauth2
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/outposts/instances/:
get:
operationId: outposts_instances_list
description: Outpost Viewset
parameters:
- in: query
name: managed__icontains
schema:
type: string
- in: query
name: managed__iexact
schema:
type: string
- in: query
name: name__icontains
schema:
type: string
- in: query
name: name__iexact
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- in: query
name: providers__isnull
schema:
type: boolean
- in: query
name: providers_by_pk
schema:
type: array
items:
type: integer
explode: true
style: form
- name: search
required: false
in: query
description: A search term.
schema:
type: string
- in: query
name: service_connection__name__icontains
schema:
type: string
- in: query
name: service_connection__name__iexact
schema:
type: string
tags:
- outposts
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedOutpostList'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
post:
operationId: outposts_instances_create
description: Outpost Viewset
tags:
- outposts
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/OutpostRequest'
required: true
security:
- authentik: []
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/Outpost'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/outposts/instances/{uuid}/:
get:
operationId: outposts_instances_retrieve
description: Outpost Viewset
parameters:
- in: path
name: uuid
schema:
type: string
format: uuid
description: A UUID string identifying this outpost.
required: true
tags:
- outposts
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Outpost'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
put:
operationId: outposts_instances_update
description: Outpost Viewset
parameters:
- in: path
name: uuid
schema:
type: string
format: uuid
description: A UUID string identifying this outpost.
required: true
tags:
- outposts
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/OutpostRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Outpost'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
patch:
operationId: outposts_instances_partial_update
description: Outpost Viewset
parameters:
- in: path
name: uuid
schema:
type: string
format: uuid
description: A UUID string identifying this outpost.
required: true
tags:
- outposts
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedOutpostRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Outpost'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
delete:
operationId: outposts_instances_destroy
description: Outpost Viewset
parameters:
- in: path
name: uuid
schema:
type: string
format: uuid
description: A UUID string identifying this outpost.
required: true
tags:
- outposts
security:
- authentik: []
responses:
'204':
description: No response body
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/outposts/instances/{uuid}/health/:
get:
operationId: outposts_instances_health_list
description: Get outposts current health
parameters:
- in: query
name: managed__icontains
schema:
type: string
- in: query
name: managed__iexact
schema:
type: string
- in: query
name: name__icontains
schema:
type: string
- in: query
name: name__iexact
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- in: query
name: providers__isnull
schema:
type: boolean
- in: query
name: providers_by_pk
schema:
type: array
items:
type: integer
explode: true
style: form
- name: search
required: false
in: query
description: A search term.
schema:
type: string
- in: query
name: service_connection__name__icontains
schema:
type: string
- in: query
name: service_connection__name__iexact
schema:
type: string
- in: path
name: uuid
schema:
type: string
format: uuid
description: A UUID string identifying this outpost.
required: true
tags:
- outposts
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/OutpostHealth'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/outposts/instances/{uuid}/used_by/:
get:
operationId: outposts_instances_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: uuid
schema:
type: string
format: uuid
description: A UUID string identifying this outpost.
required: true
tags:
- outposts
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/outposts/instances/default_settings/:
get:
operationId: outposts_instances_default_settings_retrieve
description: Global default outpost config
tags:
- outposts
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/OutpostDefaultConfig'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/outposts/ldap/:
get:
operationId: outposts_ldap_list
description: LDAPProvider Viewset
parameters:
- in: query
name: name
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- name: search
required: false
in: query
description: A search term.
schema:
type: string
tags:
- outposts
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedLDAPOutpostConfigList'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/outposts/ldap/{id}/:
get:
operationId: outposts_ldap_retrieve
description: LDAPProvider Viewset
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this LDAP Provider.
required: true
tags:
- outposts
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/LDAPOutpostConfig'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/outposts/proxy/:
get:
operationId: outposts_proxy_list
description: ProxyProvider Viewset
parameters:
- in: query
name: name
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- name: search
required: false
in: query
description: A search term.
schema:
type: string
tags:
- outposts
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedProxyOutpostConfigList'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/outposts/proxy/{id}/:
get:
operationId: outposts_proxy_retrieve
description: ProxyProvider Viewset
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this Proxy Provider.
required: true
tags:
- outposts
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/ProxyOutpostConfig'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/outposts/service_connections/all/:
get:
operationId: outposts_service_connections_all_list
description: ServiceConnection Viewset
parameters:
- in: query
name: name
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- name: search
required: false
in: query
description: A search term.
schema:
type: string
tags:
- outposts
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedServiceConnectionList'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/outposts/service_connections/all/{uuid}/:
get:
operationId: outposts_service_connections_all_retrieve
description: ServiceConnection Viewset
parameters:
- in: path
name: uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Outpost Service-Connection.
required: true
tags:
- outposts
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/ServiceConnection'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
delete:
operationId: outposts_service_connections_all_destroy
description: ServiceConnection Viewset
parameters:
- in: path
name: uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Outpost Service-Connection.
required: true
tags:
- outposts
security:
- authentik: []
responses:
'204':
description: No response body
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/outposts/service_connections/all/{uuid}/state/:
get:
operationId: outposts_service_connections_all_state_retrieve
description: Get the service connection's state
parameters:
- in: path
name: uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Outpost Service-Connection.
required: true
tags:
- outposts
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/ServiceConnectionState'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/outposts/service_connections/all/{uuid}/used_by/:
get:
operationId: outposts_service_connections_all_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Outpost Service-Connection.
required: true
tags:
- outposts
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/outposts/service_connections/all/types/:
get:
operationId: outposts_service_connections_all_types_list
description: Get all creatable service connection types
tags:
- outposts
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/TypeCreate'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/outposts/service_connections/docker/:
get:
operationId: outposts_service_connections_docker_list
description: DockerServiceConnection Viewset
parameters:
- in: query
name: local
schema:
type: boolean
- in: query
name: name
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- name: search
required: false
in: query
description: A search term.
schema:
type: string
- in: query
name: tls_authentication
schema:
type: string
format: uuid
- in: query
name: tls_verification
schema:
type: string
format: uuid
- in: query
name: url
schema:
type: string
tags:
- outposts
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedDockerServiceConnectionList'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
post:
operationId: outposts_service_connections_docker_create
description: DockerServiceConnection Viewset
tags:
- outposts
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/DockerServiceConnectionRequest'
required: true
security:
- authentik: []
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/DockerServiceConnection'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/outposts/service_connections/docker/{uuid}/:
get:
operationId: outposts_service_connections_docker_retrieve
description: DockerServiceConnection Viewset
parameters:
- in: path
name: uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Docker Service-Connection.
required: true
tags:
- outposts
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/DockerServiceConnection'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
put:
operationId: outposts_service_connections_docker_update
description: DockerServiceConnection Viewset
parameters:
- in: path
name: uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Docker Service-Connection.
required: true
tags:
- outposts
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/DockerServiceConnectionRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/DockerServiceConnection'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
patch:
operationId: outposts_service_connections_docker_partial_update
description: DockerServiceConnection Viewset
parameters:
- in: path
name: uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Docker Service-Connection.
required: true
tags:
- outposts
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedDockerServiceConnectionRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/DockerServiceConnection'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
delete:
operationId: outposts_service_connections_docker_destroy
description: DockerServiceConnection Viewset
parameters:
- in: path
name: uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Docker Service-Connection.
required: true
tags:
- outposts
security:
- authentik: []
responses:
'204':
description: No response body
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/outposts/service_connections/docker/{uuid}/used_by/:
get:
operationId: outposts_service_connections_docker_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Docker Service-Connection.
required: true
tags:
- outposts
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/outposts/service_connections/kubernetes/:
get:
operationId: outposts_service_connections_kubernetes_list
description: KubernetesServiceConnection Viewset
parameters:
- in: query
name: local
schema:
type: boolean
- in: query
name: name
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- name: search
required: false
in: query
description: A search term.
schema:
type: string
tags:
- outposts
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedKubernetesServiceConnectionList'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
post:
operationId: outposts_service_connections_kubernetes_create
description: KubernetesServiceConnection Viewset
tags:
- outposts
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/KubernetesServiceConnectionRequest'
required: true
security:
- authentik: []
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/KubernetesServiceConnection'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/outposts/service_connections/kubernetes/{uuid}/:
get:
operationId: outposts_service_connections_kubernetes_retrieve
description: KubernetesServiceConnection Viewset
parameters:
- in: path
name: uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Kubernetes Service-Connection.
required: true
tags:
- outposts
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/KubernetesServiceConnection'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
put:
operationId: outposts_service_connections_kubernetes_update
description: KubernetesServiceConnection Viewset
parameters:
- in: path
name: uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Kubernetes Service-Connection.
required: true
tags:
- outposts
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/KubernetesServiceConnectionRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/KubernetesServiceConnection'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
patch:
operationId: outposts_service_connections_kubernetes_partial_update
description: KubernetesServiceConnection Viewset
parameters:
- in: path
name: uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Kubernetes Service-Connection.
required: true
tags:
- outposts
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedKubernetesServiceConnectionRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/KubernetesServiceConnection'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
delete:
operationId: outposts_service_connections_kubernetes_destroy
description: KubernetesServiceConnection Viewset
parameters:
- in: path
name: uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Kubernetes Service-Connection.
required: true
tags:
- outposts
security:
- authentik: []
responses:
'204':
description: No response body
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/outposts/service_connections/kubernetes/{uuid}/used_by/:
get:
operationId: outposts_service_connections_kubernetes_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Kubernetes Service-Connection.
required: true
tags:
- outposts
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/policies/all/:
get:
operationId: policies_all_list
description: Policy Viewset
parameters:
- in: query
name: bindings__isnull
schema:
type: boolean
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- in: query
name: promptstage__isnull
schema:
type: boolean
- name: search
required: false
in: query
description: A search term.
schema:
type: string
tags:
- policies
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedPolicyList'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/policies/all/{policy_uuid}/:
get:
operationId: policies_all_retrieve
description: Policy Viewset
parameters:
- in: path
name: policy_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Policy.
required: true
tags:
- policies
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Policy'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
delete:
operationId: policies_all_destroy
description: Policy Viewset
parameters:
- in: path
name: policy_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Policy.
required: true
tags:
- policies
security:
- authentik: []
responses:
'204':
description: No response body
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/policies/all/{policy_uuid}/test/:
post:
operationId: policies_all_test_create
description: Test policy
parameters:
- in: path
name: policy_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Policy.
required: true
tags:
- policies
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PolicyTestRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PolicyTestResult'
description: ''
'400':
description: Invalid parameters
'403':
$ref: '#/components/schemas/GenericError'
/policies/all/{policy_uuid}/used_by/:
get:
operationId: policies_all_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: policy_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Policy.
required: true
tags:
- policies
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/policies/all/cache_clear/:
post:
operationId: policies_all_cache_clear_create
description: Clear policy cache
tags:
- policies
security:
- authentik: []
responses:
'204':
description: Successfully cleared cache
'400':
description: Bad request
'403':
$ref: '#/components/schemas/GenericError'
/policies/all/cache_info/:
get:
operationId: policies_all_cache_info_retrieve
description: Info about cached policies
tags:
- policies
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Cache'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/policies/all/types/:
get:
operationId: policies_all_types_list
description: Get all creatable policy types
tags:
- policies
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/TypeCreate'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/policies/bindings/:
get:
operationId: policies_bindings_list
description: PolicyBinding Viewset
parameters:
- in: query
name: enabled
schema:
type: boolean
- in: query
name: order
schema:
type: integer
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- in: query
name: policy
schema:
type: string
format: uuid
- in: query
name: policy__isnull
schema:
type: boolean
- name: search
required: false
in: query
description: A search term.
schema:
type: string
- in: query
name: target
schema:
type: string
format: uuid
- in: query
name: target_in
schema:
type: array
items:
type: string
format: uuid
explode: true
style: form
- in: query
name: timeout
schema:
type: integer
tags:
- policies
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedPolicyBindingList'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
post:
operationId: policies_bindings_create
description: PolicyBinding Viewset
tags:
- policies
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PolicyBindingRequest'
required: true
security:
- authentik: []
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/PolicyBinding'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/policies/bindings/{policy_binding_uuid}/:
get:
operationId: policies_bindings_retrieve
description: PolicyBinding Viewset
parameters:
- in: path
name: policy_binding_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Policy Binding.
required: true
tags:
- policies
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PolicyBinding'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
put:
operationId: policies_bindings_update
description: PolicyBinding Viewset
parameters:
- in: path
name: policy_binding_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Policy Binding.
required: true
tags:
- policies
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PolicyBindingRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PolicyBinding'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
patch:
operationId: policies_bindings_partial_update
description: PolicyBinding Viewset
parameters:
- in: path
name: policy_binding_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Policy Binding.
required: true
tags:
- policies
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedPolicyBindingRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PolicyBinding'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
delete:
operationId: policies_bindings_destroy
description: PolicyBinding Viewset
parameters:
- in: path
name: policy_binding_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Policy Binding.
required: true
tags:
- policies
security:
- authentik: []
responses:
'204':
description: No response body
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/policies/bindings/{policy_binding_uuid}/used_by/:
get:
operationId: policies_bindings_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: policy_binding_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Policy Binding.
required: true
tags:
- policies
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/policies/dummy/:
get:
operationId: policies_dummy_list
description: Dummy Viewset
parameters:
- in: query
name: created
schema:
type: string
format: date-time
- in: query
name: execution_logging
schema:
type: boolean
- in: query
name: last_updated
schema:
type: string
format: date-time
- in: query
name: name
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- in: query
name: policy_uuid
schema:
type: string
format: uuid
- in: query
name: result
schema:
type: boolean
- name: search
required: false
in: query
description: A search term.
schema:
type: string
- in: query
name: wait_max
schema:
type: integer
- in: query
name: wait_min
schema:
type: integer
tags:
- policies
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedDummyPolicyList'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
post:
operationId: policies_dummy_create
description: Dummy Viewset
tags:
- policies
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/DummyPolicyRequest'
security:
- authentik: []
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/DummyPolicy'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/policies/dummy/{policy_uuid}/:
get:
operationId: policies_dummy_retrieve
description: Dummy Viewset
parameters:
- in: path
name: policy_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Dummy Policy.
required: true
tags:
- policies
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/DummyPolicy'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
put:
operationId: policies_dummy_update
description: Dummy Viewset
parameters:
- in: path
name: policy_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Dummy Policy.
required: true
tags:
- policies
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/DummyPolicyRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/DummyPolicy'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
patch:
operationId: policies_dummy_partial_update
description: Dummy Viewset
parameters:
- in: path
name: policy_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Dummy Policy.
required: true
tags:
- policies
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedDummyPolicyRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/DummyPolicy'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
delete:
operationId: policies_dummy_destroy
description: Dummy Viewset
parameters:
- in: path
name: policy_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Dummy Policy.
required: true
tags:
- policies
security:
- authentik: []
responses:
'204':
description: No response body
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/policies/dummy/{policy_uuid}/used_by/:
get:
operationId: policies_dummy_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: policy_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Dummy Policy.
required: true
tags:
- policies
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/policies/event_matcher/:
get:
operationId: policies_event_matcher_list
description: Event Matcher Policy Viewset
parameters:
- in: query
name: action
schema:
type: string
enum:
- authorize_application
- configuration_error
- custom_
- email_sent
- flow_execution
- impersonation_ended
- impersonation_started
- invitation_used
- login
- login_failed
- logout
- model_created
- model_deleted
- model_updated
- password_set
- policy_exception
- policy_execution
- property_mapping_exception
- secret_rotate
- secret_view
- source_linked
- suspicious_request
- system_exception
- system_task_exception
- system_task_execution
- update_available
- user_write
description: Match created events with this action type. When left empty,
all action types will be matched.
- in: query
name: app
schema:
type: string
enum:
- authentik.admin
- authentik.api
- authentik.core
- authentik.crypto
- authentik.events
- authentik.flows
- authentik.lib
- authentik.managed
- authentik.outposts
- authentik.policies
- authentik.policies.dummy
- authentik.policies.event_matcher
- authentik.policies.expiry
- authentik.policies.expression
- authentik.policies.hibp
- authentik.policies.password
- authentik.policies.reputation
- authentik.providers.ldap
- authentik.providers.oauth2
- authentik.providers.proxy
- authentik.providers.saml
- authentik.recovery
- authentik.sources.ldap
- authentik.sources.oauth
- authentik.sources.plex
- authentik.sources.saml
- authentik.stages.authenticator_duo
stages/authenticator_sms: Add SMS Authenticator Stage (#1577) * stages/authenticator_sms: initial implementation Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add initial stage UI Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/elements: clear invalid state when old input was invalid but new input is correct Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: add more logic Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/user: add basic SMS settings Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: initial working version Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: add tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/flows: optimise totp password manager entry on authenticator_validation stage Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/elements: add grouping support for table Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: allow sms class in authenticator stage Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add grouping to more pages Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_validate: add SMS support Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * api: add throttling for flow executor based on session key and pending user Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web: fix style issues Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * ci: add workflow to compile backend translations Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-11 15:51:49 +00:00
- authentik.stages.authenticator_sms
- authentik.stages.authenticator_static
- authentik.stages.authenticator_totp
- authentik.stages.authenticator_validate
- authentik.stages.authenticator_webauthn
- authentik.stages.captcha
- authentik.stages.consent
- authentik.stages.deny
- authentik.stages.dummy
- authentik.stages.email
- authentik.stages.identification
- authentik.stages.invitation
- authentik.stages.password
- authentik.stages.prompt
- authentik.stages.user_delete
- authentik.stages.user_login
- authentik.stages.user_logout
- authentik.stages.user_write
- authentik.tenants
description: Match events created by selected application. When left empty,
all applications are matched.
- in: query
name: client_ip
schema:
type: string
- in: query
name: created
schema:
type: string
format: date-time
- in: query
name: execution_logging
schema:
type: boolean
- in: query
name: last_updated
schema:
type: string
format: date-time
- in: query
name: name
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- in: query
name: policy_uuid
schema:
type: string
format: uuid
- name: search
required: false
in: query
description: A search term.
schema:
type: string
tags:
- policies
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedEventMatcherPolicyList'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
post:
operationId: policies_event_matcher_create
description: Event Matcher Policy Viewset
tags:
- policies
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/EventMatcherPolicyRequest'
security:
- authentik: []
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/EventMatcherPolicy'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/policies/event_matcher/{policy_uuid}/:
get:
operationId: policies_event_matcher_retrieve
description: Event Matcher Policy Viewset
parameters:
- in: path
name: policy_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Event Matcher Policy.
required: true
tags:
- policies
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/EventMatcherPolicy'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
put:
operationId: policies_event_matcher_update
description: Event Matcher Policy Viewset
parameters:
- in: path
name: policy_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Event Matcher Policy.
required: true
tags:
- policies
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/EventMatcherPolicyRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/EventMatcherPolicy'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
patch:
operationId: policies_event_matcher_partial_update
description: Event Matcher Policy Viewset
parameters:
- in: path
name: policy_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Event Matcher Policy.
required: true
tags:
- policies
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedEventMatcherPolicyRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/EventMatcherPolicy'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
delete:
operationId: policies_event_matcher_destroy
description: Event Matcher Policy Viewset
parameters:
- in: path
name: policy_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Event Matcher Policy.
required: true
tags:
- policies
security:
- authentik: []
responses:
'204':
description: No response body
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/policies/event_matcher/{policy_uuid}/used_by/:
get:
operationId: policies_event_matcher_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: policy_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Event Matcher Policy.
required: true
tags:
- policies
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/policies/expression/:
get:
operationId: policies_expression_list
description: Source Viewset
parameters:
- in: query
name: created
schema:
type: string
format: date-time
- in: query
name: execution_logging
schema:
type: boolean
- in: query
name: expression
schema:
type: string
- in: query
name: last_updated
schema:
type: string
format: date-time
- in: query
name: name
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- in: query
name: policy_uuid
schema:
type: string
format: uuid
- name: search
required: false
in: query
description: A search term.
schema:
type: string
tags:
- policies
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedExpressionPolicyList'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
post:
operationId: policies_expression_create
description: Source Viewset
tags:
- policies
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/ExpressionPolicyRequest'
required: true
security:
- authentik: []
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/ExpressionPolicy'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/policies/expression/{policy_uuid}/:
get:
operationId: policies_expression_retrieve
description: Source Viewset
parameters:
- in: path
name: policy_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Expression Policy.
required: true
tags:
- policies
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/ExpressionPolicy'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
put:
operationId: policies_expression_update
description: Source Viewset
parameters:
- in: path
name: policy_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Expression Policy.
required: true
tags:
- policies
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/ExpressionPolicyRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/ExpressionPolicy'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
patch:
operationId: policies_expression_partial_update
description: Source Viewset
parameters:
- in: path
name: policy_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Expression Policy.
required: true
tags:
- policies
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedExpressionPolicyRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/ExpressionPolicy'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
delete:
operationId: policies_expression_destroy
description: Source Viewset
parameters:
- in: path
name: policy_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Expression Policy.
required: true
tags:
- policies
security:
- authentik: []
responses:
'204':
description: No response body
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/policies/expression/{policy_uuid}/used_by/:
get:
operationId: policies_expression_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: policy_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Expression Policy.
required: true
tags:
- policies
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/policies/haveibeenpwned/:
get:
operationId: policies_haveibeenpwned_list
description: Source Viewset
parameters:
- in: query
name: allowed_count
schema:
type: integer
- in: query
name: created
schema:
type: string
format: date-time
- in: query
name: execution_logging
schema:
type: boolean
- in: query
name: last_updated
schema:
type: string
format: date-time
- in: query
name: name
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- in: query
name: password_field
schema:
type: string
- in: query
name: policy_uuid
schema:
type: string
format: uuid
- name: search
required: false
in: query
description: A search term.
schema:
type: string
tags:
- policies
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedHaveIBeenPwendPolicyList'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
post:
operationId: policies_haveibeenpwned_create
description: Source Viewset
tags:
- policies
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/HaveIBeenPwendPolicyRequest'
security:
- authentik: []
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/HaveIBeenPwendPolicy'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/policies/haveibeenpwned/{policy_uuid}/:
get:
operationId: policies_haveibeenpwned_retrieve
description: Source Viewset
parameters:
- in: path
name: policy_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Have I Been Pwned Policy.
required: true
tags:
- policies
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/HaveIBeenPwendPolicy'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
put:
operationId: policies_haveibeenpwned_update
description: Source Viewset
parameters:
- in: path
name: policy_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Have I Been Pwned Policy.
required: true
tags:
- policies
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/HaveIBeenPwendPolicyRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/HaveIBeenPwendPolicy'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
patch:
operationId: policies_haveibeenpwned_partial_update
description: Source Viewset
parameters:
- in: path
name: policy_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Have I Been Pwned Policy.
required: true
tags:
- policies
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedHaveIBeenPwendPolicyRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/HaveIBeenPwendPolicy'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
delete:
operationId: policies_haveibeenpwned_destroy
description: Source Viewset
parameters:
- in: path
name: policy_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Have I Been Pwned Policy.
required: true
tags:
- policies
security:
- authentik: []
responses:
'204':
description: No response body
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/policies/haveibeenpwned/{policy_uuid}/used_by/:
get:
operationId: policies_haveibeenpwned_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: policy_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Have I Been Pwned Policy.
required: true
tags:
- policies
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/policies/password/:
get:
operationId: policies_password_list
description: Password Policy Viewset
parameters:
- in: query
name: amount_digits
schema:
type: integer
- in: query
name: amount_lowercase
schema:
type: integer
- in: query
name: amount_symbols
schema:
type: integer
- in: query
name: amount_uppercase
schema:
type: integer
- in: query
name: created
schema:
type: string
format: date-time
- in: query
name: error_message
schema:
type: string
- in: query
name: execution_logging
schema:
type: boolean
- in: query
name: last_updated
schema:
type: string
format: date-time
- in: query
name: length_min
schema:
type: integer
- in: query
name: name
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- in: query
name: password_field
schema:
type: string
- in: query
name: policy_uuid
schema:
type: string
format: uuid
- name: search
required: false
in: query
description: A search term.
schema:
type: string
- in: query
name: symbol_charset
schema:
type: string
tags:
- policies
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedPasswordPolicyList'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
post:
operationId: policies_password_create
description: Password Policy Viewset
tags:
- policies
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PasswordPolicyRequest'
required: true
security:
- authentik: []
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/PasswordPolicy'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/policies/password/{policy_uuid}/:
get:
operationId: policies_password_retrieve
description: Password Policy Viewset
parameters:
- in: path
name: policy_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Password Policy.
required: true
tags:
- policies
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PasswordPolicy'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
put:
operationId: policies_password_update
description: Password Policy Viewset
parameters:
- in: path
name: policy_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Password Policy.
required: true
tags:
- policies
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PasswordPolicyRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PasswordPolicy'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
patch:
operationId: policies_password_partial_update
description: Password Policy Viewset
parameters:
- in: path
name: policy_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Password Policy.
required: true
tags:
- policies
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedPasswordPolicyRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PasswordPolicy'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
delete:
operationId: policies_password_destroy
description: Password Policy Viewset
parameters:
- in: path
name: policy_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Password Policy.
required: true
tags:
- policies
security:
- authentik: []
responses:
'204':
description: No response body
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/policies/password/{policy_uuid}/used_by/:
get:
operationId: policies_password_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: policy_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Password Policy.
required: true
tags:
- policies
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/policies/password_expiry/:
get:
operationId: policies_password_expiry_list
description: Password Expiry Viewset
parameters:
- in: query
name: created
schema:
type: string
format: date-time
- in: query
name: days
schema:
type: integer
- in: query
name: deny_only
schema:
type: boolean
- in: query
name: execution_logging
schema:
type: boolean
- in: query
name: last_updated
schema:
type: string
format: date-time
- in: query
name: name
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- in: query
name: policy_uuid
schema:
type: string
format: uuid
- name: search
required: false
in: query
description: A search term.
schema:
type: string
tags:
- policies
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedPasswordExpiryPolicyList'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
post:
operationId: policies_password_expiry_create
description: Password Expiry Viewset
tags:
- policies
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PasswordExpiryPolicyRequest'
required: true
security:
- authentik: []
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/PasswordExpiryPolicy'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/policies/password_expiry/{policy_uuid}/:
get:
operationId: policies_password_expiry_retrieve
description: Password Expiry Viewset
parameters:
- in: path
name: policy_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Password Expiry Policy.
required: true
tags:
- policies
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PasswordExpiryPolicy'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
put:
operationId: policies_password_expiry_update
description: Password Expiry Viewset
parameters:
- in: path
name: policy_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Password Expiry Policy.
required: true
tags:
- policies
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PasswordExpiryPolicyRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PasswordExpiryPolicy'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
patch:
operationId: policies_password_expiry_partial_update
description: Password Expiry Viewset
parameters:
- in: path
name: policy_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Password Expiry Policy.
required: true
tags:
- policies
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedPasswordExpiryPolicyRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PasswordExpiryPolicy'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
delete:
operationId: policies_password_expiry_destroy
description: Password Expiry Viewset
parameters:
- in: path
name: policy_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Password Expiry Policy.
required: true
tags:
- policies
security:
- authentik: []
responses:
'204':
description: No response body
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/policies/password_expiry/{policy_uuid}/used_by/:
get:
operationId: policies_password_expiry_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: policy_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Password Expiry Policy.
required: true
tags:
- policies
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/policies/reputation/:
get:
operationId: policies_reputation_list
description: Reputation Policy Viewset
parameters:
- in: query
name: check_ip
schema:
type: boolean
- in: query
name: check_username
schema:
type: boolean
- in: query
name: created
schema:
type: string
format: date-time
- in: query
name: execution_logging
schema:
type: boolean
- in: query
name: last_updated
schema:
type: string
format: date-time
- in: query
name: name
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- in: query
name: policy_uuid
schema:
type: string
format: uuid
- name: search
required: false
in: query
description: A search term.
schema:
type: string
- in: query
name: threshold
schema:
type: integer
tags:
- policies
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedReputationPolicyList'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
post:
operationId: policies_reputation_create
description: Reputation Policy Viewset
tags:
- policies
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/ReputationPolicyRequest'
security:
- authentik: []
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/ReputationPolicy'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/policies/reputation/{policy_uuid}/:
get:
operationId: policies_reputation_retrieve
description: Reputation Policy Viewset
parameters:
- in: path
name: policy_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Reputation Policy.
required: true
tags:
- policies
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/ReputationPolicy'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
put:
operationId: policies_reputation_update
description: Reputation Policy Viewset
parameters:
- in: path
name: policy_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Reputation Policy.
required: true
tags:
- policies
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/ReputationPolicyRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/ReputationPolicy'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
patch:
operationId: policies_reputation_partial_update
description: Reputation Policy Viewset
parameters:
- in: path
name: policy_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Reputation Policy.
required: true
tags:
- policies
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedReputationPolicyRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/ReputationPolicy'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
delete:
operationId: policies_reputation_destroy
description: Reputation Policy Viewset
parameters:
- in: path
name: policy_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Reputation Policy.
required: true
tags:
- policies
security:
- authentik: []
responses:
'204':
description: No response body
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/policies/reputation/{policy_uuid}/used_by/:
get:
operationId: policies_reputation_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: policy_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Reputation Policy.
required: true
tags:
- policies
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/policies/reputation/scores/:
get:
operationId: policies_reputation_scores_list
description: Reputation Viewset
parameters:
- in: query
name: identifier
schema:
type: string
- in: query
name: ip
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- in: query
name: score
schema:
type: integer
- name: search
required: false
in: query
description: A search term.
schema:
type: string
tags:
- policies
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedReputationList'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/policies/reputation/scores/{reputation_uuid}/:
get:
operationId: policies_reputation_scores_retrieve
description: Reputation Viewset
parameters:
- in: path
name: reputation_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this reputation.
required: true
tags:
- policies
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Reputation'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
delete:
operationId: policies_reputation_scores_destroy
description: Reputation Viewset
parameters:
- in: path
name: reputation_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this reputation.
required: true
tags:
- policies
security:
- authentik: []
responses:
'204':
description: No response body
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/policies/reputation/scores/{reputation_uuid}/used_by/:
get:
operationId: policies_reputation_scores_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: reputation_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this reputation.
required: true
tags:
- policies
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/propertymappings/all/:
get:
operationId: propertymappings_all_list
description: PropertyMapping Viewset
parameters:
- in: query
name: managed__isnull
schema:
type: boolean
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- name: search
required: false
in: query
description: A search term.
schema:
type: string
tags:
- propertymappings
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedPropertyMappingList'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/propertymappings/all/{pm_uuid}/:
get:
operationId: propertymappings_all_retrieve
description: PropertyMapping Viewset
parameters:
- in: path
name: pm_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Property Mapping.
required: true
tags:
- propertymappings
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PropertyMapping'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
delete:
operationId: propertymappings_all_destroy
description: PropertyMapping Viewset
parameters:
- in: path
name: pm_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Property Mapping.
required: true
tags:
- propertymappings
security:
- authentik: []
responses:
'204':
description: No response body
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/propertymappings/all/{pm_uuid}/test/:
post:
operationId: propertymappings_all_test_create
description: Test Property Mapping
parameters:
- in: query
name: format_result
schema:
type: boolean
- in: path
name: pm_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Property Mapping.
required: true
tags:
- propertymappings
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PolicyTestRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PropertyMappingTestResult'
description: ''
'400':
description: Invalid parameters
'403':
$ref: '#/components/schemas/GenericError'
/propertymappings/all/{pm_uuid}/used_by/:
get:
operationId: propertymappings_all_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: pm_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Property Mapping.
required: true
tags:
- propertymappings
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/propertymappings/all/types/:
get:
operationId: propertymappings_all_types_list
description: Get all creatable property-mapping types
tags:
- propertymappings
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/TypeCreate'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/propertymappings/ldap/:
get:
operationId: propertymappings_ldap_list
description: LDAP PropertyMapping Viewset
parameters:
- in: query
name: expression
schema:
type: string
- in: query
name: managed
schema:
type: array
items:
type: string
explode: true
style: form
- in: query
name: name
schema:
type: string
- in: query
name: object_field
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- in: query
name: pm_uuid
schema:
type: string
format: uuid
- name: search
required: false
in: query
description: A search term.
schema:
type: string
tags:
- propertymappings
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedLDAPPropertyMappingList'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
post:
operationId: propertymappings_ldap_create
description: LDAP PropertyMapping Viewset
tags:
- propertymappings
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/LDAPPropertyMappingRequest'
required: true
security:
- authentik: []
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/LDAPPropertyMapping'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/propertymappings/ldap/{pm_uuid}/:
get:
operationId: propertymappings_ldap_retrieve
description: LDAP PropertyMapping Viewset
parameters:
- in: path
name: pm_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this LDAP Property Mapping.
required: true
tags:
- propertymappings
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/LDAPPropertyMapping'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
put:
operationId: propertymappings_ldap_update
description: LDAP PropertyMapping Viewset
parameters:
- in: path
name: pm_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this LDAP Property Mapping.
required: true
tags:
- propertymappings
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/LDAPPropertyMappingRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/LDAPPropertyMapping'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
patch:
operationId: propertymappings_ldap_partial_update
description: LDAP PropertyMapping Viewset
parameters:
- in: path
name: pm_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this LDAP Property Mapping.
required: true
tags:
- propertymappings
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedLDAPPropertyMappingRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/LDAPPropertyMapping'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
delete:
operationId: propertymappings_ldap_destroy
description: LDAP PropertyMapping Viewset
parameters:
- in: path
name: pm_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this LDAP Property Mapping.
required: true
tags:
- propertymappings
security:
- authentik: []
responses:
'204':
description: No response body
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/propertymappings/ldap/{pm_uuid}/used_by/:
get:
operationId: propertymappings_ldap_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: pm_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this LDAP Property Mapping.
required: true
tags:
- propertymappings
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/propertymappings/notification/:
get:
operationId: propertymappings_notification_list
description: NotificationWebhookMapping Viewset
parameters:
- in: query
name: name
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- name: search
required: false
in: query
description: A search term.
schema:
type: string
tags:
- propertymappings
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedNotificationWebhookMappingList'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
post:
operationId: propertymappings_notification_create
description: NotificationWebhookMapping Viewset
tags:
- propertymappings
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/NotificationWebhookMappingRequest'
required: true
security:
- authentik: []
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/NotificationWebhookMapping'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/propertymappings/notification/{pm_uuid}/:
get:
operationId: propertymappings_notification_retrieve
description: NotificationWebhookMapping Viewset
parameters:
- in: path
name: pm_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Notification Webhook Mapping.
required: true
tags:
- propertymappings
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/NotificationWebhookMapping'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
put:
operationId: propertymappings_notification_update
description: NotificationWebhookMapping Viewset
parameters:
- in: path
name: pm_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Notification Webhook Mapping.
required: true
tags:
- propertymappings
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/NotificationWebhookMappingRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/NotificationWebhookMapping'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
patch:
operationId: propertymappings_notification_partial_update
description: NotificationWebhookMapping Viewset
parameters:
- in: path
name: pm_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Notification Webhook Mapping.
required: true
tags:
- propertymappings
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedNotificationWebhookMappingRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/NotificationWebhookMapping'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
delete:
operationId: propertymappings_notification_destroy
description: NotificationWebhookMapping Viewset
parameters:
- in: path
name: pm_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Notification Webhook Mapping.
required: true
tags:
- propertymappings
security:
- authentik: []
responses:
'204':
description: No response body
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/propertymappings/notification/{pm_uuid}/used_by/:
get:
operationId: propertymappings_notification_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: pm_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Notification Webhook Mapping.
required: true
tags:
- propertymappings
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/propertymappings/saml/:
get:
operationId: propertymappings_saml_list
description: SAMLPropertyMapping Viewset
parameters:
- in: query
name: expression
schema:
type: string
- in: query
name: friendly_name
schema:
type: string
- in: query
name: managed
schema:
type: array
items:
type: string
explode: true
style: form
- in: query
name: name
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- in: query
name: pm_uuid
schema:
type: string
format: uuid
- in: query
name: saml_name
schema:
type: string
- name: search
required: false
in: query
description: A search term.
schema:
type: string
tags:
- propertymappings
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedSAMLPropertyMappingList'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
post:
operationId: propertymappings_saml_create
description: SAMLPropertyMapping Viewset
tags:
- propertymappings
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/SAMLPropertyMappingRequest'
required: true
security:
- authentik: []
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/SAMLPropertyMapping'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/propertymappings/saml/{pm_uuid}/:
get:
operationId: propertymappings_saml_retrieve
description: SAMLPropertyMapping Viewset
parameters:
- in: path
name: pm_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this SAML Property Mapping.
required: true
tags:
- propertymappings
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/SAMLPropertyMapping'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
put:
operationId: propertymappings_saml_update
description: SAMLPropertyMapping Viewset
parameters:
- in: path
name: pm_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this SAML Property Mapping.
required: true
tags:
- propertymappings
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/SAMLPropertyMappingRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/SAMLPropertyMapping'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
patch:
operationId: propertymappings_saml_partial_update
description: SAMLPropertyMapping Viewset
parameters:
- in: path
name: pm_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this SAML Property Mapping.
required: true
tags:
- propertymappings
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedSAMLPropertyMappingRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/SAMLPropertyMapping'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
delete:
operationId: propertymappings_saml_destroy
description: SAMLPropertyMapping Viewset
parameters:
- in: path
name: pm_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this SAML Property Mapping.
required: true
tags:
- propertymappings
security:
- authentik: []
responses:
'204':
description: No response body
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/propertymappings/saml/{pm_uuid}/used_by/:
get:
operationId: propertymappings_saml_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: pm_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this SAML Property Mapping.
required: true
tags:
- propertymappings
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/propertymappings/scope/:
get:
operationId: propertymappings_scope_list
description: ScopeMapping Viewset
parameters:
- in: query
name: managed
schema:
type: array
items:
type: string
explode: true
style: form
- in: query
name: name
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- in: query
name: scope_name
schema:
type: string
- name: search
required: false
in: query
description: A search term.
schema:
type: string
tags:
- propertymappings
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedScopeMappingList'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
post:
operationId: propertymappings_scope_create
description: ScopeMapping Viewset
tags:
- propertymappings
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/ScopeMappingRequest'
required: true
security:
- authentik: []
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/ScopeMapping'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/propertymappings/scope/{pm_uuid}/:
get:
operationId: propertymappings_scope_retrieve
description: ScopeMapping Viewset
parameters:
- in: path
name: pm_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Scope Mapping.
required: true
tags:
- propertymappings
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/ScopeMapping'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
put:
operationId: propertymappings_scope_update
description: ScopeMapping Viewset
parameters:
- in: path
name: pm_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Scope Mapping.
required: true
tags:
- propertymappings
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/ScopeMappingRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/ScopeMapping'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
patch:
operationId: propertymappings_scope_partial_update
description: ScopeMapping Viewset
parameters:
- in: path
name: pm_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Scope Mapping.
required: true
tags:
- propertymappings
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedScopeMappingRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/ScopeMapping'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
delete:
operationId: propertymappings_scope_destroy
description: ScopeMapping Viewset
parameters:
- in: path
name: pm_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Scope Mapping.
required: true
tags:
- propertymappings
security:
- authentik: []
responses:
'204':
description: No response body
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/propertymappings/scope/{pm_uuid}/used_by/:
get:
operationId: propertymappings_scope_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: pm_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Scope Mapping.
required: true
tags:
- propertymappings
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/providers/all/:
get:
operationId: providers_all_list
description: Provider Viewset
parameters:
- in: query
name: application__isnull
schema:
type: boolean
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- name: search
required: false
in: query
description: A search term.
schema:
type: string
tags:
- providers
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedProviderList'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/providers/all/{id}/:
get:
operationId: providers_all_retrieve
description: Provider Viewset
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this provider.
required: true
tags:
- providers
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Provider'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
delete:
operationId: providers_all_destroy
description: Provider Viewset
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this provider.
required: true
tags:
- providers
security:
- authentik: []
responses:
'204':
description: No response body
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/providers/all/{id}/used_by/:
get:
operationId: providers_all_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this provider.
required: true
tags:
- providers
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/providers/all/types/:
get:
operationId: providers_all_types_list
description: Get all creatable provider types
tags:
- providers
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/TypeCreate'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/providers/ldap/:
get:
operationId: providers_ldap_list
description: LDAPProvider Viewset
parameters:
- in: query
name: application__isnull
schema:
type: boolean
- in: query
name: authorization_flow__slug__iexact
schema:
type: string
- in: query
name: base_dn__iexact
schema:
type: string
- in: query
name: certificate__kp_uuid__iexact
schema:
type: string
format: uuid
- in: query
name: certificate__name__iexact
schema:
type: string
- in: query
name: gid_start_number__iexact
schema:
type: integer
- in: query
name: name__iexact
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- name: search
required: false
in: query
description: A search term.
schema:
type: string
- in: query
name: search_group__group_uuid__iexact
schema:
type: string
format: uuid
- in: query
name: search_group__name__iexact
schema:
type: string
- in: query
name: tls_server_name__iexact
schema:
type: string
- in: query
name: uid_start_number__iexact
schema:
type: integer
tags:
- providers
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedLDAPProviderList'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
post:
operationId: providers_ldap_create
description: LDAPProvider Viewset
tags:
- providers
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/LDAPProviderRequest'
required: true
security:
- authentik: []
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/LDAPProvider'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/providers/ldap/{id}/:
get:
operationId: providers_ldap_retrieve
description: LDAPProvider Viewset
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this LDAP Provider.
required: true
tags:
- providers
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/LDAPProvider'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
put:
operationId: providers_ldap_update
description: LDAPProvider Viewset
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this LDAP Provider.
required: true
tags:
- providers
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/LDAPProviderRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/LDAPProvider'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
patch:
operationId: providers_ldap_partial_update
description: LDAPProvider Viewset
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this LDAP Provider.
required: true
tags:
- providers
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedLDAPProviderRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/LDAPProvider'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
delete:
operationId: providers_ldap_destroy
description: LDAPProvider Viewset
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this LDAP Provider.
required: true
tags:
- providers
security:
- authentik: []
responses:
'204':
description: No response body
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/providers/ldap/{id}/used_by/:
get:
operationId: providers_ldap_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this LDAP Provider.
required: true
tags:
- providers
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/providers/oauth2/:
get:
operationId: providers_oauth2_list
description: OAuth2Provider Viewset
parameters:
- in: query
name: access_code_validity
schema:
type: string
- in: query
name: application
schema:
type: string
format: uuid
- in: query
name: authorization_flow
schema:
type: string
format: uuid
- in: query
name: client_id
schema:
type: string
- in: query
name: client_type
schema:
type: string
enum:
- confidential
- public
description: |-
Confidential clients are capable of maintaining the confidentiality
of their credentials. Public clients are incapable.
- in: query
name: include_claims_in_id_token
schema:
type: boolean
- in: query
name: issuer_mode
schema:
type: string
enum:
- global
- per_provider
description: Configure how the issuer field of the ID Token should be filled.
- in: query
name: name
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- in: query
name: property_mappings
schema:
type: array
items:
type: string
format: uuid
explode: true
style: form
- in: query
name: redirect_uris
schema:
type: string
- name: search
required: false
in: query
description: A search term.
schema:
type: string
- in: query
name: signing_key
schema:
type: string
format: uuid
- in: query
name: sub_mode
schema:
type: string
enum:
- hashed_user_id
- user_email
- user_upn
- user_username
description: Configure what data should be used as unique User Identifier.
For most cases, the default should be fine.
- in: query
name: token_validity
schema:
type: string
tags:
- providers
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedOAuth2ProviderList'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
post:
operationId: providers_oauth2_create
description: OAuth2Provider Viewset
tags:
- providers
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/OAuth2ProviderRequest'
required: true
security:
- authentik: []
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/OAuth2Provider'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/providers/oauth2/{id}/:
get:
operationId: providers_oauth2_retrieve
description: OAuth2Provider Viewset
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this OAuth2/OpenID Provider.
required: true
tags:
- providers
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/OAuth2Provider'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
put:
operationId: providers_oauth2_update
description: OAuth2Provider Viewset
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this OAuth2/OpenID Provider.
required: true
tags:
- providers
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/OAuth2ProviderRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/OAuth2Provider'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
patch:
operationId: providers_oauth2_partial_update
description: OAuth2Provider Viewset
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this OAuth2/OpenID Provider.
required: true
tags:
- providers
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedOAuth2ProviderRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/OAuth2Provider'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
delete:
operationId: providers_oauth2_destroy
description: OAuth2Provider Viewset
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this OAuth2/OpenID Provider.
required: true
tags:
- providers
security:
- authentik: []
responses:
'204':
description: No response body
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/providers/oauth2/{id}/setup_urls/:
get:
operationId: providers_oauth2_setup_urls_retrieve
description: Get Providers setup URLs
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this OAuth2/OpenID Provider.
required: true
tags:
- providers
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/OAuth2ProviderSetupURLs'
description: ''
'404':
description: Provider has no application assigned
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/providers/oauth2/{id}/used_by/:
get:
operationId: providers_oauth2_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this OAuth2/OpenID Provider.
required: true
tags:
- providers
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/providers/proxy/:
get:
operationId: providers_proxy_list
description: ProxyProvider Viewset
parameters:
- in: query
name: application__isnull
schema:
type: boolean
- in: query
name: authorization_flow__slug__iexact
schema:
type: string
- in: query
name: basic_auth_enabled__iexact
schema:
type: boolean
- in: query
name: basic_auth_password_attribute__iexact
schema:
type: string
- in: query
name: basic_auth_user_attribute__iexact
schema:
type: string
- in: query
name: certificate__kp_uuid__iexact
schema:
type: string
format: uuid
- in: query
name: certificate__name__iexact
schema:
type: string
- in: query
name: cookie_domain__iexact
schema:
type: string
- in: query
name: external_host__iexact
schema:
type: string
- in: query
name: internal_host__iexact
schema:
type: string
- in: query
name: internal_host_ssl_validation__iexact
schema:
type: boolean
- in: query
name: mode__iexact
schema:
type: string
- in: query
name: name__iexact
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- in: query
name: property_mappings__iexact
schema:
type: array
items:
type: string
format: uuid
explode: true
style: form
- in: query
name: redirect_uris__iexact
schema:
type: string
- name: search
required: false
in: query
description: A search term.
schema:
type: string
- in: query
name: skip_path_regex__iexact
schema:
type: string
tags:
- providers
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedProxyProviderList'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
post:
operationId: providers_proxy_create
description: ProxyProvider Viewset
tags:
- providers
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/ProxyProviderRequest'
required: true
security:
- authentik: []
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/ProxyProvider'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/providers/proxy/{id}/:
get:
operationId: providers_proxy_retrieve
description: ProxyProvider Viewset
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this Proxy Provider.
required: true
tags:
- providers
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/ProxyProvider'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
put:
operationId: providers_proxy_update
description: ProxyProvider Viewset
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this Proxy Provider.
required: true
tags:
- providers
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/ProxyProviderRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/ProxyProvider'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
patch:
operationId: providers_proxy_partial_update
description: ProxyProvider Viewset
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this Proxy Provider.
required: true
tags:
- providers
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedProxyProviderRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/ProxyProvider'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
delete:
operationId: providers_proxy_destroy
description: ProxyProvider Viewset
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this Proxy Provider.
required: true
tags:
- providers
security:
- authentik: []
responses:
'204':
description: No response body
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/providers/proxy/{id}/used_by/:
get:
operationId: providers_proxy_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this Proxy Provider.
required: true
tags:
- providers
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/providers/saml/:
get:
operationId: providers_saml_list
description: SAMLProvider Viewset
parameters:
- in: query
name: acs_url
schema:
type: string
- in: query
name: assertion_valid_not_before
schema:
type: string
- in: query
name: assertion_valid_not_on_or_after
schema:
type: string
- in: query
name: audience
schema:
type: string
- in: query
name: authorization_flow
schema:
type: string
format: uuid
- in: query
name: digest_algorithm
schema:
type: string
enum:
- http://www.w3.org/2000/09/xmldsig#sha1
- http://www.w3.org/2001/04/xmldsig-more#sha384
- http://www.w3.org/2001/04/xmlenc#sha256
- http://www.w3.org/2001/04/xmlenc#sha512
- in: query
name: issuer
schema:
type: string
- in: query
name: name
schema:
type: string
- in: query
name: name_id_mapping
schema:
type: string
format: uuid
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- in: query
name: property_mappings
schema:
type: array
items:
type: string
format: uuid
explode: true
style: form
- name: search
required: false
in: query
description: A search term.
schema:
type: string
- in: query
name: session_valid_not_on_or_after
schema:
type: string
- in: query
name: signature_algorithm
schema:
type: string
enum:
- http://www.w3.org/2000/09/xmldsig#dsa-sha1
- http://www.w3.org/2000/09/xmldsig#rsa-sha1
- http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
- http://www.w3.org/2001/04/xmldsig-more#rsa-sha384
- http://www.w3.org/2001/04/xmldsig-more#rsa-sha512
- in: query
name: signing_kp
schema:
type: string
format: uuid
- in: query
name: sp_binding
schema:
type: string
title: Service Provider Binding
enum:
- post
- redirect
description: This determines how authentik sends the response back to the
Service Provider.
- in: query
name: verification_kp
schema:
type: string
format: uuid
tags:
- providers
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedSAMLProviderList'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
post:
operationId: providers_saml_create
description: SAMLProvider Viewset
tags:
- providers
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/SAMLProviderRequest'
required: true
security:
- authentik: []
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/SAMLProvider'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/providers/saml/{id}/:
get:
operationId: providers_saml_retrieve
description: SAMLProvider Viewset
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this SAML Provider.
required: true
tags:
- providers
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/SAMLProvider'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
put:
operationId: providers_saml_update
description: SAMLProvider Viewset
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this SAML Provider.
required: true
tags:
- providers
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/SAMLProviderRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/SAMLProvider'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
patch:
operationId: providers_saml_partial_update
description: SAMLProvider Viewset
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this SAML Provider.
required: true
tags:
- providers
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedSAMLProviderRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/SAMLProvider'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
delete:
operationId: providers_saml_destroy
description: SAMLProvider Viewset
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this SAML Provider.
required: true
tags:
- providers
security:
- authentik: []
responses:
'204':
description: No response body
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/providers/saml/{id}/metadata/:
get:
operationId: providers_saml_metadata_retrieve
description: Return metadata as XML string
parameters:
- in: query
name: download
schema:
type: boolean
- in: query
name: force_binding
schema:
type: string
enum:
- urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
- urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect
description: Optionally force the metadata to only include one binding.
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this SAML Provider.
required: true
tags:
- providers
security:
- authentik: []
- {}
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/SAMLMetadata'
description: ''
'404':
description: Provider has no application assigned
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/providers/saml/{id}/used_by/:
get:
operationId: providers_saml_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this SAML Provider.
required: true
tags:
- providers
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/providers/saml/import_metadata/:
post:
operationId: providers_saml_import_metadata_create
description: Create provider from SAML Metadata
tags:
- providers
requestBody:
content:
multipart/form-data:
schema:
$ref: '#/components/schemas/SAMLProviderImportRequest'
required: true
security:
- authentik: []
responses:
'204':
description: Successfully imported provider
'400':
description: Bad request
'403':
$ref: '#/components/schemas/GenericError'
/root/config/:
get:
operationId: root_config_retrieve
description: Retrieve public configuration options
tags:
- root
security:
- authentik: []
- {}
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Config'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/schema/:
get:
operationId: schema_retrieve
description: |-
OpenApi3 schema for this API. Format can be selected via content negotiation.
- YAML: application/vnd.oai.openapi
- JSON: application/vnd.oai.openapi+json
parameters:
- in: query
name: format
schema:
type: string
enum:
- json
- yaml
- in: query
name: lang
schema:
type: string
enum:
- af
- ar
- ar-dz
- ast
- az
- be
- bg
- bn
- br
- bs
- ca
- cs
- cy
- da
- de
- dsb
- el
- en
- en-au
- en-gb
- eo
- es
- es-ar
- es-co
- es-mx
- es-ni
- es-ve
- et
- eu
- fa
- fi
- fr
- fy
- ga
- gd
- gl
- he
- hi
- hr
- hsb
- hu
- hy
- ia
- id
- ig
- io
- is
- it
- ja
- ka
- kab
- kk
- km
- kn
- ko
- ky
- lb
- lt
- lv
- mk
- ml
- mn
- mr
- ms
- my
- nb
- ne
- nl
- nn
- os
- pa
- pl
- pt
- pt-br
- ro
- ru
- sk
- sl
- sq
- sr
- sr-latn
- sv
- sw
- ta
- te
- tg
- th
- tk
- tr
- tt
- udm
- uk
- ur
- uz
- vi
- zh-hans
- zh-hant
tags:
- schema
security:
- authentik: []
- {}
responses:
'200':
content:
application/vnd.oai.openapi:
schema:
type: object
additionalProperties: {}
application/yaml:
schema:
type: object
additionalProperties: {}
application/vnd.oai.openapi+json:
schema:
type: object
additionalProperties: {}
application/json:
schema:
type: object
additionalProperties: {}
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/sources/all/:
get:
operationId: sources_all_list
description: Source Viewset
parameters:
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- name: search
required: false
in: query
description: A search term.
schema:
type: string
tags:
- sources
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedSourceList'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/sources/all/{slug}/:
get:
operationId: sources_all_retrieve
description: Source Viewset
parameters:
- in: path
name: slug
schema:
type: string
description: Internal source name, used in URLs.
required: true
tags:
- sources
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Source'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
delete:
operationId: sources_all_destroy
description: Source Viewset
parameters:
- in: path
name: slug
schema:
type: string
description: Internal source name, used in URLs.
required: true
tags:
- sources
security:
- authentik: []
responses:
'204':
description: No response body
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/sources/all/{slug}/used_by/:
get:
operationId: sources_all_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: slug
schema:
type: string
description: Internal source name, used in URLs.
required: true
tags:
- sources
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/sources/all/types/:
get:
operationId: sources_all_types_list
description: Get all creatable source types
tags:
- sources
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/TypeCreate'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/sources/all/user_settings/:
get:
operationId: sources_all_user_settings_list
description: Get all sources the user can configure
tags:
- sources
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UserSetting'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/sources/ldap/:
get:
operationId: sources_ldap_list
description: LDAP Source Viewset
parameters:
- in: query
name: additional_group_dn
schema:
type: string
- in: query
name: additional_user_dn
schema:
type: string
- in: query
name: base_dn
schema:
type: string
- in: query
name: bind_cn
schema:
type: string
- in: query
name: enabled
schema:
type: boolean
- in: query
name: group_membership_field
schema:
type: string
- in: query
name: group_object_filter
schema:
type: string
- in: query
name: name
schema:
type: string
- in: query
name: object_uniqueness_field
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- in: query
name: peer_certificate
schema:
type: string
format: uuid
- in: query
name: property_mappings
schema:
type: array
items:
type: string
format: uuid
explode: true
style: form
- in: query
name: property_mappings_group
schema:
type: array
items:
type: string
format: uuid
explode: true
style: form
- name: search
required: false
in: query
description: A search term.
schema:
type: string
- in: query
name: server_uri
schema:
type: string
- in: query
name: slug
schema:
type: string
- in: query
name: start_tls
schema:
type: boolean
- in: query
name: sync_groups
schema:
type: boolean
- in: query
name: sync_parent_group
schema:
type: string
format: uuid
- in: query
name: sync_users
schema:
type: boolean
- in: query
name: sync_users_password
schema:
type: boolean
- in: query
name: user_object_filter
schema:
type: string
tags:
- sources
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedLDAPSourceList'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
post:
operationId: sources_ldap_create
description: LDAP Source Viewset
tags:
- sources
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/LDAPSourceRequest'
required: true
security:
- authentik: []
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/LDAPSource'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/sources/ldap/{slug}/:
get:
operationId: sources_ldap_retrieve
description: LDAP Source Viewset
parameters:
- in: path
name: slug
schema:
type: string
description: Internal source name, used in URLs.
required: true
tags:
- sources
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/LDAPSource'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
put:
operationId: sources_ldap_update
description: LDAP Source Viewset
parameters:
- in: path
name: slug
schema:
type: string
description: Internal source name, used in URLs.
required: true
tags:
- sources
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/LDAPSourceRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/LDAPSource'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
patch:
operationId: sources_ldap_partial_update
description: LDAP Source Viewset
parameters:
- in: path
name: slug
schema:
type: string
description: Internal source name, used in URLs.
required: true
tags:
- sources
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedLDAPSourceRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/LDAPSource'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
delete:
operationId: sources_ldap_destroy
description: LDAP Source Viewset
parameters:
- in: path
name: slug
schema:
type: string
description: Internal source name, used in URLs.
required: true
tags:
- sources
security:
- authentik: []
responses:
'204':
description: No response body
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/sources/ldap/{slug}/sync_status/:
get:
operationId: sources_ldap_sync_status_list
description: Get source's sync status
parameters:
- in: path
name: slug
schema:
type: string
description: Internal source name, used in URLs.
required: true
tags:
- sources
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/Task'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/sources/ldap/{slug}/used_by/:
get:
operationId: sources_ldap_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: slug
schema:
type: string
description: Internal source name, used in URLs.
required: true
tags:
- sources
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/sources/oauth/:
get:
operationId: sources_oauth_list
description: Source Viewset
parameters:
- in: query
name: access_token_url
schema:
type: string
- in: query
name: additional_scopes
schema:
type: string
- in: query
name: authentication_flow
schema:
type: string
format: uuid
- in: query
name: authorization_url
schema:
type: string
- in: query
name: consumer_key
schema:
type: string
- in: query
name: enabled
schema:
type: boolean
- in: query
name: enrollment_flow
schema:
type: string
format: uuid
- in: query
name: name
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- in: query
name: policy_engine_mode
schema:
type: string
enum:
- all
- any
- in: query
name: profile_url
schema:
type: string
- in: query
name: provider_type
schema:
type: string
- in: query
name: request_token_url
schema:
type: string
- name: search
required: false
in: query
description: A search term.
schema:
type: string
- in: query
name: slug
schema:
type: string
- in: query
name: user_matching_mode
schema:
type: string
enum:
- email_deny
- email_link
- identifier
- username_deny
- username_link
description: How the source determines if an existing user should be authenticated
or a new user enrolled.
tags:
- sources
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedOAuthSourceList'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
post:
operationId: sources_oauth_create
description: Source Viewset
tags:
- sources
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/OAuthSourceRequest'
required: true
security:
- authentik: []
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/OAuthSource'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/sources/oauth/{slug}/:
get:
operationId: sources_oauth_retrieve
description: Source Viewset
parameters:
- in: path
name: slug
schema:
type: string
description: Internal source name, used in URLs.
required: true
tags:
- sources
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/OAuthSource'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
put:
operationId: sources_oauth_update
description: Source Viewset
parameters:
- in: path
name: slug
schema:
type: string
description: Internal source name, used in URLs.
required: true
tags:
- sources
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/OAuthSourceRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/OAuthSource'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
patch:
operationId: sources_oauth_partial_update
description: Source Viewset
parameters:
- in: path
name: slug
schema:
type: string
description: Internal source name, used in URLs.
required: true
tags:
- sources
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedOAuthSourceRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/OAuthSource'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
delete:
operationId: sources_oauth_destroy
description: Source Viewset
parameters:
- in: path
name: slug
schema:
type: string
description: Internal source name, used in URLs.
required: true
tags:
- sources
security:
- authentik: []
responses:
'204':
description: No response body
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/sources/oauth/{slug}/used_by/:
get:
operationId: sources_oauth_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: slug
schema:
type: string
description: Internal source name, used in URLs.
required: true
tags:
- sources
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/sources/oauth/source_types/:
get:
operationId: sources_oauth_source_types_list
description: |-
Get all creatable source types. If ?name is set, only returns the type for <name>.
If <name> isn't found, returns the default type.
parameters:
- in: query
name: name
schema:
type: string
tags:
- sources
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/SourceType'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/sources/plex/:
get:
operationId: sources_plex_list
description: Plex source Viewset
parameters:
- in: query
name: allow_friends
schema:
type: boolean
- in: query
name: authentication_flow
schema:
type: string
format: uuid
- in: query
name: client_id
schema:
type: string
- in: query
name: enabled
schema:
type: boolean
- in: query
name: enrollment_flow
schema:
type: string
format: uuid
- in: query
name: name
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- in: query
name: policy_engine_mode
schema:
type: string
enum:
- all
- any
- name: search
required: false
in: query
description: A search term.
schema:
type: string
- in: query
name: slug
schema:
type: string
- in: query
name: user_matching_mode
schema:
type: string
enum:
- email_deny
- email_link
- identifier
- username_deny
- username_link
description: How the source determines if an existing user should be authenticated
or a new user enrolled.
tags:
- sources
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedPlexSourceList'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
post:
operationId: sources_plex_create
description: Plex source Viewset
tags:
- sources
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PlexSourceRequest'
required: true
security:
- authentik: []
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/PlexSource'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/sources/plex/{slug}/:
get:
operationId: sources_plex_retrieve
description: Plex source Viewset
parameters:
- in: path
name: slug
schema:
type: string
description: Internal source name, used in URLs.
required: true
tags:
- sources
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PlexSource'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
put:
operationId: sources_plex_update
description: Plex source Viewset
parameters:
- in: path
name: slug
schema:
type: string
description: Internal source name, used in URLs.
required: true
tags:
- sources
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PlexSourceRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PlexSource'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
patch:
operationId: sources_plex_partial_update
description: Plex source Viewset
parameters:
- in: path
name: slug
schema:
type: string
description: Internal source name, used in URLs.
required: true
tags:
- sources
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedPlexSourceRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PlexSource'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
delete:
operationId: sources_plex_destroy
description: Plex source Viewset
parameters:
- in: path
name: slug
schema:
type: string
description: Internal source name, used in URLs.
required: true
tags:
- sources
security:
- authentik: []
responses:
'204':
description: No response body
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/sources/plex/{slug}/used_by/:
get:
operationId: sources_plex_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: slug
schema:
type: string
description: Internal source name, used in URLs.
required: true
tags:
- sources
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/sources/plex/redeem_token/:
post:
operationId: sources_plex_redeem_token_create
description: |-
Redeem a plex token, check it's access to resources against what's allowed
for the source, and redirect to an authentication/enrollment flow.
parameters:
- in: query
name: slug
schema:
type: string
tags:
- sources
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PlexTokenRedeemRequest'
required: true
security:
- authentik: []
- {}
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/RedirectChallenge'
description: ''
'400':
description: Token not found
'403':
description: Access denied
/sources/plex/redeem_token_authenticated/:
post:
operationId: sources_plex_redeem_token_authenticated_create
description: Redeem a plex token for an authenticated user, creating a connection
parameters:
- in: query
name: slug
schema:
type: string
tags:
- sources
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PlexTokenRedeemRequest'
required: true
security:
- authentik: []
responses:
'204':
description: No response body
'400':
description: Token not found
'403':
description: Access denied
/sources/saml/:
get:
operationId: sources_saml_list
description: SAMLSource Viewset
parameters:
- in: query
name: allow_idp_initiated
schema:
type: boolean
- in: query
name: authentication_flow
schema:
type: string
format: uuid
- in: query
name: binding_type
schema:
type: string
enum:
- POST
- POST_AUTO
- REDIRECT
- in: query
name: digest_algorithm
schema:
type: string
enum:
- http://www.w3.org/2000/09/xmldsig#sha1
- http://www.w3.org/2001/04/xmldsig-more#sha384
- http://www.w3.org/2001/04/xmlenc#sha256
- http://www.w3.org/2001/04/xmlenc#sha512
- in: query
name: enabled
schema:
type: boolean
- in: query
name: enrollment_flow
schema:
type: string
format: uuid
- in: query
name: issuer
schema:
type: string
- in: query
name: managed
schema:
type: string
- in: query
name: name
schema:
type: string
- in: query
name: name_id_policy
schema:
type: string
enum:
- urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
- urn:oasis:names:tc:SAML:2.0:nameid-format:WindowsDomainQualifiedName
- urn:oasis:names:tc:SAML:2.0:nameid-format:X509SubjectName
- urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
- urn:oasis:names:tc:SAML:2.0:nameid-format:transient
description: NameID Policy sent to the IdP. Can be unset, in which case no
Policy is sent.
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- in: query
name: pbm_uuid
schema:
type: string
format: uuid
- in: query
name: policies
schema:
type: array
items:
type: string
format: uuid
explode: true
style: form
- in: query
name: policy_engine_mode
schema:
type: string
enum:
- all
- any
- in: query
name: pre_authentication_flow
schema:
type: string
format: uuid
- in: query
name: property_mappings
schema:
type: array
items:
type: string
format: uuid
explode: true
style: form
- name: search
required: false
in: query
description: A search term.
schema:
type: string
- in: query
name: signature_algorithm
schema:
type: string
enum:
- http://www.w3.org/2000/09/xmldsig#dsa-sha1
- http://www.w3.org/2000/09/xmldsig#rsa-sha1
- http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
- http://www.w3.org/2001/04/xmldsig-more#rsa-sha384
- http://www.w3.org/2001/04/xmldsig-more#rsa-sha512
- in: query
name: signing_kp
schema:
type: string
format: uuid
- in: query
name: slo_url
schema:
type: string
- in: query
name: slug
schema:
type: string
- in: query
name: sso_url
schema:
type: string
- in: query
name: temporary_user_delete_after
schema:
type: string
- in: query
name: user_matching_mode
schema:
type: string
enum:
- email_deny
- email_link
- identifier
- username_deny
- username_link
description: How the source determines if an existing user should be authenticated
or a new user enrolled.
tags:
- sources
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedSAMLSourceList'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
post:
operationId: sources_saml_create
description: SAMLSource Viewset
tags:
- sources
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/SAMLSourceRequest'
required: true
security:
- authentik: []
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/SAMLSource'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/sources/saml/{slug}/:
get:
operationId: sources_saml_retrieve
description: SAMLSource Viewset
parameters:
- in: path
name: slug
schema:
type: string
description: Internal source name, used in URLs.
required: true
tags:
- sources
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/SAMLSource'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
put:
operationId: sources_saml_update
description: SAMLSource Viewset
parameters:
- in: path
name: slug
schema:
type: string
description: Internal source name, used in URLs.
required: true
tags:
- sources
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/SAMLSourceRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/SAMLSource'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
patch:
operationId: sources_saml_partial_update
description: SAMLSource Viewset
parameters:
- in: path
name: slug
schema:
type: string
description: Internal source name, used in URLs.
required: true
tags:
- sources
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedSAMLSourceRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/SAMLSource'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
delete:
operationId: sources_saml_destroy
description: SAMLSource Viewset
parameters:
- in: path
name: slug
schema:
type: string
description: Internal source name, used in URLs.
required: true
tags:
- sources
security:
- authentik: []
responses:
'204':
description: No response body
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/sources/saml/{slug}/metadata/:
get:
operationId: sources_saml_metadata_retrieve
description: Return metadata as XML string
parameters:
- in: path
name: slug
schema:
type: string
description: Internal source name, used in URLs.
required: true
tags:
- sources
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/SAMLMetadata'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/sources/saml/{slug}/used_by/:
get:
operationId: sources_saml_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: slug
schema:
type: string
description: Internal source name, used in URLs.
required: true
tags:
- sources
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/sources/user_connections/all/:
get:
operationId: sources_user_connections_all_list
description: User-source connection Viewset
parameters:
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- name: search
required: false
in: query
description: A search term.
schema:
type: string
tags:
- sources
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedUserSourceConnectionList'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/sources/user_connections/all/{id}/:
get:
operationId: sources_user_connections_all_retrieve
description: User-source connection Viewset
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this user source connection.
required: true
tags:
- sources
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/UserSourceConnection'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
put:
operationId: sources_user_connections_all_update
description: User-source connection Viewset
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this user source connection.
required: true
tags:
- sources
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/UserSourceConnection'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
patch:
operationId: sources_user_connections_all_partial_update
description: User-source connection Viewset
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this user source connection.
required: true
tags:
- sources
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/UserSourceConnection'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
delete:
operationId: sources_user_connections_all_destroy
description: User-source connection Viewset
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this user source connection.
required: true
tags:
- sources
security:
- authentik: []
responses:
'204':
description: No response body
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/sources/user_connections/all/{id}/used_by/:
get:
operationId: sources_user_connections_all_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this user source connection.
required: true
tags:
- sources
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/sources/user_connections/oauth/:
get:
operationId: sources_user_connections_oauth_list
description: Source Viewset
parameters:
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- name: search
required: false
in: query
description: A search term.
schema:
type: string
- in: query
name: source__slug
schema:
type: string
tags:
- sources
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedUserOAuthSourceConnectionList'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
post:
operationId: sources_user_connections_oauth_create
description: Source Viewset
tags:
- sources
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/UserOAuthSourceConnectionRequest'
required: true
security:
- authentik: []
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/UserOAuthSourceConnection'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/sources/user_connections/oauth/{id}/:
get:
operationId: sources_user_connections_oauth_retrieve
description: Source Viewset
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this User OAuth Source Connection.
required: true
tags:
- sources
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/UserOAuthSourceConnection'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
put:
operationId: sources_user_connections_oauth_update
description: Source Viewset
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this User OAuth Source Connection.
required: true
tags:
- sources
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/UserOAuthSourceConnectionRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/UserOAuthSourceConnection'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
patch:
operationId: sources_user_connections_oauth_partial_update
description: Source Viewset
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this User OAuth Source Connection.
required: true
tags:
- sources
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedUserOAuthSourceConnectionRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/UserOAuthSourceConnection'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
delete:
operationId: sources_user_connections_oauth_destroy
description: Source Viewset
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this User OAuth Source Connection.
required: true
tags:
- sources
security:
- authentik: []
responses:
'204':
description: No response body
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/sources/user_connections/oauth/{id}/used_by/:
get:
operationId: sources_user_connections_oauth_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this User OAuth Source Connection.
required: true
tags:
- sources
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/sources/user_connections/plex/:
get:
operationId: sources_user_connections_plex_list
description: Plex Source connection Serializer
parameters:
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- name: search
required: false
in: query
description: A search term.
schema:
type: string
- in: query
name: source__slug
schema:
type: string
tags:
- sources
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedPlexSourceConnectionList'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
post:
operationId: sources_user_connections_plex_create
description: Plex Source connection Serializer
tags:
- sources
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PlexSourceConnectionRequest'
required: true
security:
- authentik: []
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/PlexSourceConnection'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/sources/user_connections/plex/{id}/:
get:
operationId: sources_user_connections_plex_retrieve
description: Plex Source connection Serializer
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this User Plex Source Connection.
required: true
tags:
- sources
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PlexSourceConnection'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
put:
operationId: sources_user_connections_plex_update
description: Plex Source connection Serializer
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this User Plex Source Connection.
required: true
tags:
- sources
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PlexSourceConnectionRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PlexSourceConnection'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
patch:
operationId: sources_user_connections_plex_partial_update
description: Plex Source connection Serializer
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this User Plex Source Connection.
required: true
tags:
- sources
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedPlexSourceConnectionRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PlexSourceConnection'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
delete:
operationId: sources_user_connections_plex_destroy
description: Plex Source connection Serializer
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this User Plex Source Connection.
required: true
tags:
- sources
security:
- authentik: []
responses:
'204':
description: No response body
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/sources/user_connections/plex/{id}/used_by/:
get:
operationId: sources_user_connections_plex_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this User Plex Source Connection.
required: true
tags:
- sources
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/stages/all/:
get:
operationId: stages_all_list
description: Stage Viewset
parameters:
- in: query
name: name
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- name: search
required: false
in: query
description: A search term.
schema:
type: string
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedStageList'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/stages/all/{stage_uuid}/:
get:
operationId: stages_all_retrieve
description: Stage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this stage.
required: true
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Stage'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
delete:
operationId: stages_all_destroy
description: Stage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this stage.
required: true
tags:
- stages
security:
- authentik: []
responses:
'204':
description: No response body
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/stages/all/{stage_uuid}/used_by/:
get:
operationId: stages_all_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this stage.
required: true
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/stages/all/types/:
get:
operationId: stages_all_types_list
description: Get all creatable stage types
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/TypeCreate'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/stages/all/user_settings/:
get:
operationId: stages_all_user_settings_list
description: Get all stages the user can configure
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UserSetting'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/stages/authenticator/duo/:
get:
operationId: stages_authenticator_duo_list
description: AuthenticatorDuoStage Viewset
parameters:
- in: query
name: api_hostname
schema:
type: string
- in: query
name: client_id
schema:
type: string
- in: query
name: configure_flow
schema:
type: string
format: uuid
- in: query
name: name
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- name: search
required: false
in: query
description: A search term.
schema:
type: string
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedAuthenticatorDuoStageList'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
post:
operationId: stages_authenticator_duo_create
description: AuthenticatorDuoStage Viewset
tags:
- stages
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/AuthenticatorDuoStageRequest'
required: true
security:
- authentik: []
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/AuthenticatorDuoStage'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/stages/authenticator/duo/{stage_uuid}/:
get:
operationId: stages_authenticator_duo_retrieve
description: AuthenticatorDuoStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Duo Authenticator Setup Stage.
required: true
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/AuthenticatorDuoStage'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
put:
operationId: stages_authenticator_duo_update
description: AuthenticatorDuoStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Duo Authenticator Setup Stage.
required: true
tags:
- stages
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/AuthenticatorDuoStageRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/AuthenticatorDuoStage'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
patch:
operationId: stages_authenticator_duo_partial_update
description: AuthenticatorDuoStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Duo Authenticator Setup Stage.
required: true
tags:
- stages
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedAuthenticatorDuoStageRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/AuthenticatorDuoStage'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
delete:
operationId: stages_authenticator_duo_destroy
description: AuthenticatorDuoStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Duo Authenticator Setup Stage.
required: true
tags:
- stages
security:
- authentik: []
responses:
'204':
description: No response body
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/stages/authenticator/duo/{stage_uuid}/enrollment_status/:
post:
operationId: stages_authenticator_duo_enrollment_status_create
description: Check enrollment status of user details in current session
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Duo Authenticator Setup Stage.
required: true
tags:
- stages
security:
- authentik: []
responses:
'204':
description: Enrollment successful
'420':
description: Enrollment pending/failed
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
stages/authenticator_sms: Add SMS Authenticator Stage (#1577) * stages/authenticator_sms: initial implementation Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add initial stage UI Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/elements: clear invalid state when old input was invalid but new input is correct Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: add more logic Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/user: add basic SMS settings Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: initial working version Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: add tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/flows: optimise totp password manager entry on authenticator_validation stage Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/elements: add grouping support for table Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: allow sms class in authenticator stage Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add grouping to more pages Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_validate: add SMS support Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * api: add throttling for flow executor based on session key and pending user Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web: fix style issues Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * ci: add workflow to compile backend translations Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-11 15:51:49 +00:00
/stages/authenticator/duo/{stage_uuid}/import_devices/:
post:
operationId: stages_authenticator_duo_import_devices_create
description: Import duo devices into authentik
parameters:
- in: query
name: duo_user_id
schema:
type: string
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Duo Authenticator Setup Stage.
required: true
- in: query
name: username
schema:
type: string
tags:
- stages
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/AuthenticatorDuoStageRequest'
required: true
security:
- authentik: []
responses:
'204':
description: Enrollment successful
'400':
description: Device exists already
'403':
$ref: '#/components/schemas/GenericError'
/stages/authenticator/duo/{stage_uuid}/used_by/:
get:
operationId: stages_authenticator_duo_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Duo Authenticator Setup Stage.
required: true
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/stages/authenticator/sms/:
get:
operationId: stages_authenticator_sms_list
description: AuthenticatorSMSStage Viewset
parameters:
- in: query
name: account_sid
schema:
type: string
- in: query
name: auth
schema:
type: string
- in: query
name: auth_password
schema:
type: string
- in: query
name: auth_type
schema:
type: string
enum:
- basic
- bearer
stages/authenticator_sms: Add SMS Authenticator Stage (#1577) * stages/authenticator_sms: initial implementation Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add initial stage UI Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/elements: clear invalid state when old input was invalid but new input is correct Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: add more logic Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/user: add basic SMS settings Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: initial working version Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: add tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/flows: optimise totp password manager entry on authenticator_validation stage Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/elements: add grouping support for table Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: allow sms class in authenticator stage Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add grouping to more pages Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_validate: add SMS support Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * api: add throttling for flow executor based on session key and pending user Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web: fix style issues Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * ci: add workflow to compile backend translations Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-11 15:51:49 +00:00
- in: query
name: configure_flow
schema:
type: string
format: uuid
- in: query
name: from_number
schema:
type: string
- in: query
name: name
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- in: query
name: provider
schema:
type: string
enum:
- generic
stages/authenticator_sms: Add SMS Authenticator Stage (#1577) * stages/authenticator_sms: initial implementation Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add initial stage UI Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/elements: clear invalid state when old input was invalid but new input is correct Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: add more logic Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/user: add basic SMS settings Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: initial working version Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: add tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/flows: optimise totp password manager entry on authenticator_validation stage Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/elements: add grouping support for table Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: allow sms class in authenticator stage Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add grouping to more pages Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_validate: add SMS support Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * api: add throttling for flow executor based on session key and pending user Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web: fix style issues Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * ci: add workflow to compile backend translations Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-11 15:51:49 +00:00
- twilio
- name: search
required: false
in: query
description: A search term.
schema:
type: string
- in: query
name: stage_uuid
schema:
type: string
format: uuid
- in: query
name: verify_only
schema:
type: boolean
stages/authenticator_sms: Add SMS Authenticator Stage (#1577) * stages/authenticator_sms: initial implementation Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add initial stage UI Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/elements: clear invalid state when old input was invalid but new input is correct Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: add more logic Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/user: add basic SMS settings Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: initial working version Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: add tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/flows: optimise totp password manager entry on authenticator_validation stage Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/elements: add grouping support for table Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: allow sms class in authenticator stage Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add grouping to more pages Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_validate: add SMS support Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * api: add throttling for flow executor based on session key and pending user Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web: fix style issues Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * ci: add workflow to compile backend translations Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-11 15:51:49 +00:00
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedAuthenticatorSMSStageList'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
post:
operationId: stages_authenticator_sms_create
description: AuthenticatorSMSStage Viewset
tags:
- stages
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/AuthenticatorSMSStageRequest'
required: true
security:
- authentik: []
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/AuthenticatorSMSStage'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/stages/authenticator/sms/{stage_uuid}/:
get:
operationId: stages_authenticator_sms_retrieve
description: AuthenticatorSMSStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this SMS Authenticator Setup Stage.
required: true
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/AuthenticatorSMSStage'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
put:
operationId: stages_authenticator_sms_update
description: AuthenticatorSMSStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this SMS Authenticator Setup Stage.
required: true
tags:
- stages
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/AuthenticatorSMSStageRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/AuthenticatorSMSStage'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
patch:
operationId: stages_authenticator_sms_partial_update
description: AuthenticatorSMSStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this SMS Authenticator Setup Stage.
required: true
tags:
- stages
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedAuthenticatorSMSStageRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/AuthenticatorSMSStage'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
delete:
operationId: stages_authenticator_sms_destroy
description: AuthenticatorSMSStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
stages/authenticator_sms: Add SMS Authenticator Stage (#1577) * stages/authenticator_sms: initial implementation Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add initial stage UI Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/elements: clear invalid state when old input was invalid but new input is correct Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: add more logic Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/user: add basic SMS settings Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: initial working version Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: add tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/flows: optimise totp password manager entry on authenticator_validation stage Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/elements: add grouping support for table Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: allow sms class in authenticator stage Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add grouping to more pages Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_validate: add SMS support Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * api: add throttling for flow executor based on session key and pending user Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web: fix style issues Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * ci: add workflow to compile backend translations Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-11 15:51:49 +00:00
description: A UUID string identifying this SMS Authenticator Setup Stage.
required: true
tags:
- stages
security:
- authentik: []
responses:
'204':
stages/authenticator_sms: Add SMS Authenticator Stage (#1577) * stages/authenticator_sms: initial implementation Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add initial stage UI Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/elements: clear invalid state when old input was invalid but new input is correct Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: add more logic Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/user: add basic SMS settings Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: initial working version Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: add tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/flows: optimise totp password manager entry on authenticator_validation stage Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/elements: add grouping support for table Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: allow sms class in authenticator stage Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add grouping to more pages Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_validate: add SMS support Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * api: add throttling for flow executor based on session key and pending user Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web: fix style issues Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * ci: add workflow to compile backend translations Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-11 15:51:49 +00:00
description: No response body
'400':
stages/authenticator_sms: Add SMS Authenticator Stage (#1577) * stages/authenticator_sms: initial implementation Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add initial stage UI Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/elements: clear invalid state when old input was invalid but new input is correct Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: add more logic Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/user: add basic SMS settings Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: initial working version Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: add tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/flows: optimise totp password manager entry on authenticator_validation stage Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/elements: add grouping support for table Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: allow sms class in authenticator stage Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add grouping to more pages Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_validate: add SMS support Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * api: add throttling for flow executor based on session key and pending user Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web: fix style issues Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * ci: add workflow to compile backend translations Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-11 15:51:49 +00:00
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
stages/authenticator_sms: Add SMS Authenticator Stage (#1577) * stages/authenticator_sms: initial implementation Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add initial stage UI Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/elements: clear invalid state when old input was invalid but new input is correct Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: add more logic Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/user: add basic SMS settings Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: initial working version Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: add tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/flows: optimise totp password manager entry on authenticator_validation stage Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/elements: add grouping support for table Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: allow sms class in authenticator stage Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add grouping to more pages Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_validate: add SMS support Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * api: add throttling for flow executor based on session key and pending user Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web: fix style issues Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * ci: add workflow to compile backend translations Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-11 15:51:49 +00:00
/stages/authenticator/sms/{stage_uuid}/used_by/:
get:
stages/authenticator_sms: Add SMS Authenticator Stage (#1577) * stages/authenticator_sms: initial implementation Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add initial stage UI Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/elements: clear invalid state when old input was invalid but new input is correct Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: add more logic Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/user: add basic SMS settings Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: initial working version Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: add tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/flows: optimise totp password manager entry on authenticator_validation stage Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/elements: add grouping support for table Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: allow sms class in authenticator stage Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add grouping to more pages Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_validate: add SMS support Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * api: add throttling for flow executor based on session key and pending user Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web: fix style issues Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * ci: add workflow to compile backend translations Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-11 15:51:49 +00:00
operationId: stages_authenticator_sms_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
stages/authenticator_sms: Add SMS Authenticator Stage (#1577) * stages/authenticator_sms: initial implementation Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add initial stage UI Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/elements: clear invalid state when old input was invalid but new input is correct Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: add more logic Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/user: add basic SMS settings Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: initial working version Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: add tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/flows: optimise totp password manager entry on authenticator_validation stage Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/elements: add grouping support for table Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: allow sms class in authenticator stage Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add grouping to more pages Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_validate: add SMS support Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * api: add throttling for flow executor based on session key and pending user Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web: fix style issues Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * ci: add workflow to compile backend translations Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-11 15:51:49 +00:00
description: A UUID string identifying this SMS Authenticator Setup Stage.
required: true
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/stages/authenticator/static/:
get:
operationId: stages_authenticator_static_list
description: AuthenticatorStaticStage Viewset
parameters:
- in: query
name: configure_flow
schema:
type: string
format: uuid
- in: query
name: name
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- name: search
required: false
in: query
description: A search term.
schema:
type: string
- in: query
name: stage_uuid
schema:
type: string
format: uuid
- in: query
name: token_count
schema:
type: integer
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedAuthenticatorStaticStageList'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
post:
operationId: stages_authenticator_static_create
description: AuthenticatorStaticStage Viewset
tags:
- stages
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/AuthenticatorStaticStageRequest'
required: true
security:
- authentik: []
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/AuthenticatorStaticStage'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/stages/authenticator/static/{stage_uuid}/:
get:
operationId: stages_authenticator_static_retrieve
description: AuthenticatorStaticStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Static Authenticator Stage.
required: true
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/AuthenticatorStaticStage'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
put:
operationId: stages_authenticator_static_update
description: AuthenticatorStaticStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Static Authenticator Stage.
required: true
tags:
- stages
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/AuthenticatorStaticStageRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/AuthenticatorStaticStage'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
patch:
operationId: stages_authenticator_static_partial_update
description: AuthenticatorStaticStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Static Authenticator Stage.
required: true
tags:
- stages
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedAuthenticatorStaticStageRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/AuthenticatorStaticStage'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
delete:
operationId: stages_authenticator_static_destroy
description: AuthenticatorStaticStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Static Authenticator Stage.
required: true
tags:
- stages
security:
- authentik: []
responses:
'204':
description: No response body
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/stages/authenticator/static/{stage_uuid}/used_by/:
get:
operationId: stages_authenticator_static_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Static Authenticator Stage.
required: true
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/stages/authenticator/totp/:
get:
operationId: stages_authenticator_totp_list
description: AuthenticatorTOTPStage Viewset
parameters:
- in: query
name: configure_flow
schema:
type: string
format: uuid
- in: query
name: digits
schema:
type: integer
enum:
- 6
- 8
- in: query
name: name
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- name: search
required: false
in: query
description: A search term.
schema:
type: string
- in: query
name: stage_uuid
schema:
type: string
format: uuid
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedAuthenticatorTOTPStageList'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
post:
operationId: stages_authenticator_totp_create
description: AuthenticatorTOTPStage Viewset
tags:
- stages
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/AuthenticatorTOTPStageRequest'
required: true
security:
- authentik: []
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/AuthenticatorTOTPStage'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/stages/authenticator/totp/{stage_uuid}/:
get:
operationId: stages_authenticator_totp_retrieve
description: AuthenticatorTOTPStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this TOTP Authenticator Setup Stage.
required: true
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/AuthenticatorTOTPStage'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
put:
operationId: stages_authenticator_totp_update
description: AuthenticatorTOTPStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this TOTP Authenticator Setup Stage.
required: true
tags:
- stages
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/AuthenticatorTOTPStageRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/AuthenticatorTOTPStage'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
patch:
operationId: stages_authenticator_totp_partial_update
description: AuthenticatorTOTPStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this TOTP Authenticator Setup Stage.
required: true
tags:
- stages
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedAuthenticatorTOTPStageRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/AuthenticatorTOTPStage'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
delete:
operationId: stages_authenticator_totp_destroy
description: AuthenticatorTOTPStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this TOTP Authenticator Setup Stage.
required: true
tags:
- stages
security:
- authentik: []
responses:
'204':
description: No response body
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/stages/authenticator/totp/{stage_uuid}/used_by/:
get:
operationId: stages_authenticator_totp_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this TOTP Authenticator Setup Stage.
required: true
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/stages/authenticator/validate/:
get:
operationId: stages_authenticator_validate_list
description: AuthenticatorValidateStage Viewset
parameters:
- in: query
name: configuration_stages
schema:
type: array
items:
type: string
format: uuid
explode: true
style: form
- in: query
name: name
schema:
type: string
- in: query
name: not_configured_action
schema:
type: string
enum:
- configure
- deny
- skip
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- name: search
required: false
in: query
description: A search term.
schema:
type: string
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedAuthenticatorValidateStageList'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
post:
operationId: stages_authenticator_validate_create
description: AuthenticatorValidateStage Viewset
tags:
- stages
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/AuthenticatorValidateStageRequest'
required: true
security:
- authentik: []
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/AuthenticatorValidateStage'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/stages/authenticator/validate/{stage_uuid}/:
get:
operationId: stages_authenticator_validate_retrieve
description: AuthenticatorValidateStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Authenticator Validation Stage.
required: true
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/AuthenticatorValidateStage'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
put:
operationId: stages_authenticator_validate_update
description: AuthenticatorValidateStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Authenticator Validation Stage.
required: true
tags:
- stages
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/AuthenticatorValidateStageRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/AuthenticatorValidateStage'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
patch:
operationId: stages_authenticator_validate_partial_update
description: AuthenticatorValidateStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Authenticator Validation Stage.
required: true
tags:
- stages
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedAuthenticatorValidateStageRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/AuthenticatorValidateStage'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
delete:
operationId: stages_authenticator_validate_destroy
description: AuthenticatorValidateStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Authenticator Validation Stage.
required: true
tags:
- stages
security:
- authentik: []
responses:
'204':
description: No response body
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/stages/authenticator/validate/{stage_uuid}/used_by/:
get:
operationId: stages_authenticator_validate_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Authenticator Validation Stage.
required: true
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/stages/authenticator/webauthn/:
get:
operationId: stages_authenticator_webauthn_list
description: AuthenticateWebAuthnStage Viewset
parameters:
- in: query
name: authenticator_attachment
schema:
type: string
nullable: true
enum:
- cross-platform
- platform
- in: query
name: configure_flow
schema:
type: string
format: uuid
- in: query
name: name
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- in: query
name: resident_key_requirement
schema:
type: string
enum:
- discouraged
- preferred
- required
- name: search
required: false
in: query
description: A search term.
schema:
type: string
- in: query
name: stage_uuid
schema:
type: string
format: uuid
- in: query
name: user_verification
schema:
type: string
enum:
- discouraged
- preferred
- required
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedAuthenticateWebAuthnStageList'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
post:
operationId: stages_authenticator_webauthn_create
description: AuthenticateWebAuthnStage Viewset
tags:
- stages
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/AuthenticateWebAuthnStageRequest'
required: true
security:
- authentik: []
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/AuthenticateWebAuthnStage'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/stages/authenticator/webauthn/{stage_uuid}/:
get:
operationId: stages_authenticator_webauthn_retrieve
description: AuthenticateWebAuthnStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this WebAuthn Authenticator Setup Stage.
required: true
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/AuthenticateWebAuthnStage'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
put:
operationId: stages_authenticator_webauthn_update
description: AuthenticateWebAuthnStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this WebAuthn Authenticator Setup Stage.
required: true
tags:
- stages
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/AuthenticateWebAuthnStageRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/AuthenticateWebAuthnStage'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
patch:
operationId: stages_authenticator_webauthn_partial_update
description: AuthenticateWebAuthnStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this WebAuthn Authenticator Setup Stage.
required: true
tags:
- stages
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedAuthenticateWebAuthnStageRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/AuthenticateWebAuthnStage'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
delete:
operationId: stages_authenticator_webauthn_destroy
description: AuthenticateWebAuthnStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this WebAuthn Authenticator Setup Stage.
required: true
tags:
- stages
security:
- authentik: []
responses:
'204':
description: No response body
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/stages/authenticator/webauthn/{stage_uuid}/used_by/:
get:
operationId: stages_authenticator_webauthn_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this WebAuthn Authenticator Setup Stage.
required: true
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/stages/captcha/:
get:
operationId: stages_captcha_list
description: CaptchaStage Viewset
parameters:
- in: query
name: name
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- in: query
name: public_key
schema:
type: string
- name: search
required: false
in: query
description: A search term.
schema:
type: string
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedCaptchaStageList'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
post:
operationId: stages_captcha_create
description: CaptchaStage Viewset
tags:
- stages
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/CaptchaStageRequest'
required: true
security:
- authentik: []
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/CaptchaStage'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/stages/captcha/{stage_uuid}/:
get:
operationId: stages_captcha_retrieve
description: CaptchaStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Captcha Stage.
required: true
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/CaptchaStage'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
put:
operationId: stages_captcha_update
description: CaptchaStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Captcha Stage.
required: true
tags:
- stages
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/CaptchaStageRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/CaptchaStage'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
patch:
operationId: stages_captcha_partial_update
description: CaptchaStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Captcha Stage.
required: true
tags:
- stages
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedCaptchaStageRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/CaptchaStage'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
delete:
operationId: stages_captcha_destroy
description: CaptchaStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Captcha Stage.
required: true
tags:
- stages
security:
- authentik: []
responses:
'204':
description: No response body
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/stages/captcha/{stage_uuid}/used_by/:
get:
operationId: stages_captcha_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Captcha Stage.
required: true
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/stages/consent/:
get:
operationId: stages_consent_list
description: ConsentStage Viewset
parameters:
- in: query
name: consent_expire_in
schema:
type: string
- in: query
name: mode
schema:
type: string
enum:
- always_require
- expiring
- permanent
- in: query
name: name
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- name: search
required: false
in: query
description: A search term.
schema:
type: string
- in: query
name: stage_uuid
schema:
type: string
format: uuid
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedConsentStageList'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
post:
operationId: stages_consent_create
description: ConsentStage Viewset
tags:
- stages
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/ConsentStageRequest'
required: true
security:
- authentik: []
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/ConsentStage'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/stages/consent/{stage_uuid}/:
get:
operationId: stages_consent_retrieve
description: ConsentStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Consent Stage.
required: true
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/ConsentStage'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
put:
operationId: stages_consent_update
description: ConsentStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Consent Stage.
required: true
tags:
- stages
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/ConsentStageRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/ConsentStage'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
patch:
operationId: stages_consent_partial_update
description: ConsentStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Consent Stage.
required: true
tags:
- stages
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedConsentStageRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/ConsentStage'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
delete:
operationId: stages_consent_destroy
description: ConsentStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Consent Stage.
required: true
tags:
- stages
security:
- authentik: []
responses:
'204':
description: No response body
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/stages/consent/{stage_uuid}/used_by/:
get:
operationId: stages_consent_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Consent Stage.
required: true
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/stages/deny/:
get:
operationId: stages_deny_list
description: DenyStage Viewset
parameters:
- in: query
name: name
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- name: search
required: false
in: query
description: A search term.
schema:
type: string
- in: query
name: stage_uuid
schema:
type: string
format: uuid
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedDenyStageList'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
post:
operationId: stages_deny_create
description: DenyStage Viewset
tags:
- stages
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/DenyStageRequest'
required: true
security:
- authentik: []
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/DenyStage'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/stages/deny/{stage_uuid}/:
get:
operationId: stages_deny_retrieve
description: DenyStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Deny Stage.
required: true
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/DenyStage'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
put:
operationId: stages_deny_update
description: DenyStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Deny Stage.
required: true
tags:
- stages
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/DenyStageRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/DenyStage'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
patch:
operationId: stages_deny_partial_update
description: DenyStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Deny Stage.
required: true
tags:
- stages
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedDenyStageRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/DenyStage'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
delete:
operationId: stages_deny_destroy
description: DenyStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Deny Stage.
required: true
tags:
- stages
security:
- authentik: []
responses:
'204':
description: No response body
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/stages/deny/{stage_uuid}/used_by/:
get:
operationId: stages_deny_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Deny Stage.
required: true
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/stages/dummy/:
get:
operationId: stages_dummy_list
description: DummyStage Viewset
parameters:
- in: query
name: name
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- name: search
required: false
in: query
description: A search term.
schema:
type: string
- in: query
name: stage_uuid
schema:
type: string
format: uuid
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedDummyStageList'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
post:
operationId: stages_dummy_create
description: DummyStage Viewset
tags:
- stages
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/DummyStageRequest'
required: true
security:
- authentik: []
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/DummyStage'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/stages/dummy/{stage_uuid}/:
get:
operationId: stages_dummy_retrieve
description: DummyStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Dummy Stage.
required: true
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/DummyStage'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
put:
operationId: stages_dummy_update
description: DummyStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Dummy Stage.
required: true
tags:
- stages
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/DummyStageRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/DummyStage'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
patch:
operationId: stages_dummy_partial_update
description: DummyStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Dummy Stage.
required: true
tags:
- stages
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedDummyStageRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/DummyStage'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
delete:
operationId: stages_dummy_destroy
description: DummyStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Dummy Stage.
required: true
tags:
- stages
security:
- authentik: []
responses:
'204':
description: No response body
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/stages/dummy/{stage_uuid}/used_by/:
get:
operationId: stages_dummy_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Dummy Stage.
required: true
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/stages/email/:
get:
operationId: stages_email_list
description: EmailStage Viewset
parameters:
- in: query
name: activate_user_on_success
schema:
type: boolean
- in: query
name: from_address
schema:
type: string
- in: query
name: host
schema:
type: string
- in: query
name: name
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- in: query
name: port
schema:
type: integer
- name: search
required: false
in: query
description: A search term.
schema:
type: string
- in: query
name: subject
schema:
type: string
- in: query
name: template
schema:
type: string
- in: query
name: timeout
schema:
type: integer
- in: query
name: token_expiry
schema:
type: integer
- in: query
name: use_global_settings
schema:
type: boolean
- in: query
name: use_ssl
schema:
type: boolean
- in: query
name: use_tls
schema:
type: boolean
- in: query
name: username
schema:
type: string
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedEmailStageList'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
post:
operationId: stages_email_create
description: EmailStage Viewset
tags:
- stages
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/EmailStageRequest'
required: true
security:
- authentik: []
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/EmailStage'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/stages/email/{stage_uuid}/:
get:
operationId: stages_email_retrieve
description: EmailStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Email Stage.
required: true
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/EmailStage'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
put:
operationId: stages_email_update
description: EmailStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Email Stage.
required: true
tags:
- stages
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/EmailStageRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/EmailStage'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
patch:
operationId: stages_email_partial_update
description: EmailStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Email Stage.
required: true
tags:
- stages
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedEmailStageRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/EmailStage'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
delete:
operationId: stages_email_destroy
description: EmailStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Email Stage.
required: true
tags:
- stages
security:
- authentik: []
responses:
'204':
description: No response body
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/stages/email/{stage_uuid}/used_by/:
get:
operationId: stages_email_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Email Stage.
required: true
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/stages/email/templates/:
get:
operationId: stages_email_templates_list
description: Get all available templates, including custom templates
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/TypeCreate'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/stages/identification/:
get:
operationId: stages_identification_list
description: IdentificationStage Viewset
parameters:
- in: query
name: case_insensitive_matching
schema:
type: boolean
- in: query
name: enrollment_flow
schema:
type: string
format: uuid
- in: query
name: name
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- in: query
name: password_stage
schema:
type: string
format: uuid
- in: query
name: passwordless_flow
schema:
type: string
format: uuid
- in: query
name: recovery_flow
schema:
type: string
format: uuid
- name: search
required: false
in: query
description: A search term.
schema:
type: string
- in: query
name: show_matched_user
schema:
type: boolean
- in: query
name: show_source_labels
schema:
type: boolean
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedIdentificationStageList'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
post:
operationId: stages_identification_create
description: IdentificationStage Viewset
tags:
- stages
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/IdentificationStageRequest'
required: true
security:
- authentik: []
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/IdentificationStage'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/stages/identification/{stage_uuid}/:
get:
operationId: stages_identification_retrieve
description: IdentificationStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Identification Stage.
required: true
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/IdentificationStage'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
put:
operationId: stages_identification_update
description: IdentificationStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Identification Stage.
required: true
tags:
- stages
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/IdentificationStageRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/IdentificationStage'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
patch:
operationId: stages_identification_partial_update
description: IdentificationStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Identification Stage.
required: true
tags:
- stages
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedIdentificationStageRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/IdentificationStage'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
delete:
operationId: stages_identification_destroy
description: IdentificationStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Identification Stage.
required: true
tags:
- stages
security:
- authentik: []
responses:
'204':
description: No response body
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/stages/identification/{stage_uuid}/used_by/:
get:
operationId: stages_identification_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Identification Stage.
required: true
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/stages/invitation/invitations/:
get:
operationId: stages_invitation_invitations_list
description: Invitation Viewset
parameters:
- in: query
name: created_by__username
schema:
type: string
- in: query
name: expires
schema:
type: string
format: date-time
- in: query
name: name
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- name: search
required: false
in: query
description: A search term.
schema:
type: string
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedInvitationList'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
post:
operationId: stages_invitation_invitations_create
description: Invitation Viewset
tags:
- stages
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/InvitationRequest'
required: true
security:
- authentik: []
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/Invitation'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/stages/invitation/invitations/{invite_uuid}/:
get:
operationId: stages_invitation_invitations_retrieve
description: Invitation Viewset
parameters:
- in: path
name: invite_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Invitation.
required: true
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Invitation'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
put:
operationId: stages_invitation_invitations_update
description: Invitation Viewset
parameters:
- in: path
name: invite_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Invitation.
required: true
tags:
- stages
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/InvitationRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Invitation'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
patch:
operationId: stages_invitation_invitations_partial_update
description: Invitation Viewset
parameters:
- in: path
name: invite_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Invitation.
required: true
tags:
- stages
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedInvitationRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Invitation'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
delete:
operationId: stages_invitation_invitations_destroy
description: Invitation Viewset
parameters:
- in: path
name: invite_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Invitation.
required: true
tags:
- stages
security:
- authentik: []
responses:
'204':
description: No response body
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/stages/invitation/invitations/{invite_uuid}/used_by/:
get:
operationId: stages_invitation_invitations_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: invite_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Invitation.
required: true
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/stages/invitation/stages/:
get:
operationId: stages_invitation_stages_list
description: InvitationStage Viewset
parameters:
- in: query
name: continue_flow_without_invitation
schema:
type: boolean
- in: query
name: name
schema:
type: string
- in: query
name: no_flows
schema:
type: boolean
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- name: search
required: false
in: query
description: A search term.
schema:
type: string
- in: query
name: stage_uuid
schema:
type: string
format: uuid
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedInvitationStageList'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
post:
operationId: stages_invitation_stages_create
description: InvitationStage Viewset
tags:
- stages
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/InvitationStageRequest'
required: true
security:
- authentik: []
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/InvitationStage'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/stages/invitation/stages/{stage_uuid}/:
get:
operationId: stages_invitation_stages_retrieve
description: InvitationStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Invitation Stage.
required: true
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/InvitationStage'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
put:
operationId: stages_invitation_stages_update
description: InvitationStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Invitation Stage.
required: true
tags:
- stages
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/InvitationStageRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/InvitationStage'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
patch:
operationId: stages_invitation_stages_partial_update
description: InvitationStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Invitation Stage.
required: true
tags:
- stages
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedInvitationStageRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/InvitationStage'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
delete:
operationId: stages_invitation_stages_destroy
description: InvitationStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Invitation Stage.
required: true
tags:
- stages
security:
- authentik: []
responses:
'204':
description: No response body
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/stages/invitation/stages/{stage_uuid}/used_by/:
get:
operationId: stages_invitation_stages_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Invitation Stage.
required: true
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/stages/password/:
get:
operationId: stages_password_list
description: PasswordStage Viewset
parameters:
- in: query
name: configure_flow
schema:
type: string
format: uuid
- in: query
name: failed_attempts_before_cancel
schema:
type: integer
- in: query
name: name
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- name: search
required: false
in: query
description: A search term.
schema:
type: string
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedPasswordStageList'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
post:
operationId: stages_password_create
description: PasswordStage Viewset
tags:
- stages
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PasswordStageRequest'
required: true
security:
- authentik: []
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/PasswordStage'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/stages/password/{stage_uuid}/:
get:
operationId: stages_password_retrieve
description: PasswordStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Password Stage.
required: true
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PasswordStage'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
put:
operationId: stages_password_update
description: PasswordStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Password Stage.
required: true
tags:
- stages
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PasswordStageRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PasswordStage'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
patch:
operationId: stages_password_partial_update
description: PasswordStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Password Stage.
required: true
tags:
- stages
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedPasswordStageRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PasswordStage'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
delete:
operationId: stages_password_destroy
description: PasswordStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Password Stage.
required: true
tags:
- stages
security:
- authentik: []
responses:
'204':
description: No response body
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/stages/password/{stage_uuid}/used_by/:
get:
operationId: stages_password_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Password Stage.
required: true
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/stages/prompt/prompts/:
get:
operationId: stages_prompt_prompts_list
description: Prompt Viewset
parameters:
- in: query
name: field_key
schema:
type: string
- in: query
name: label
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- in: query
name: placeholder
schema:
type: string
- name: search
required: false
in: query
description: A search term.
schema:
type: string
- in: query
name: type
schema:
type: string
enum:
core: customisable user settings (#2397) * tenants: add user_settings flow, add basic flow and basic new executor Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/user: use flow PromptStage instead of custom stage Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/flows: add tenant to StageHost interface Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/user: fix form missing component Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/user: re-add success message Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/user: improve support for multiple error messages Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/prompt: allow expressions in prompt placeholders Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/prompt: add tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * flows: always set pending user Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * flows: never cache stage configuration flow plans Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/user_write: fix error when pending user is anonymous user Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add checkbox for prompt placeholder expression Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * website/docs: add prompt expression docs Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/prompt: add ak-locale field type Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * tenants: fix default policy Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/user: add function to do global refresh Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/flows: fix rendering of ak-locale Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * tenants: fix default policy, add error handling to placeholder, fix locale attribute Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-02 23:13:06 +00:00
- ak-locale
- checkbox
- date
- date-time
- email
- hidden
- number
- password
- separator
- static
- text
- text_read_only
- username
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedPromptList'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
post:
operationId: stages_prompt_prompts_create
description: Prompt Viewset
tags:
- stages
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PromptRequest'
required: true
security:
- authentik: []
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/Prompt'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/stages/prompt/prompts/{prompt_uuid}/:
get:
operationId: stages_prompt_prompts_retrieve
description: Prompt Viewset
parameters:
- in: path
name: prompt_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Prompt.
required: true
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Prompt'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
put:
operationId: stages_prompt_prompts_update
description: Prompt Viewset
parameters:
- in: path
name: prompt_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Prompt.
required: true
tags:
- stages
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PromptRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Prompt'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
patch:
operationId: stages_prompt_prompts_partial_update
description: Prompt Viewset
parameters:
- in: path
name: prompt_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Prompt.
required: true
tags:
- stages
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedPromptRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Prompt'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
delete:
operationId: stages_prompt_prompts_destroy
description: Prompt Viewset
parameters:
- in: path
name: prompt_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Prompt.
required: true
tags:
- stages
security:
- authentik: []
responses:
'204':
description: No response body
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/stages/prompt/prompts/{prompt_uuid}/used_by/:
get:
operationId: stages_prompt_prompts_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: prompt_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Prompt.
required: true
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/stages/prompt/stages/:
get:
operationId: stages_prompt_stages_list
description: PromptStage Viewset
parameters:
- in: query
name: fields
schema:
type: array
items:
type: string
format: uuid
explode: true
style: form
- in: query
name: name
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- name: search
required: false
in: query
description: A search term.
schema:
type: string
- in: query
name: stage_uuid
schema:
type: string
format: uuid
- in: query
name: validation_policies
schema:
type: array
items:
type: string
format: uuid
explode: true
style: form
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedPromptStageList'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
post:
operationId: stages_prompt_stages_create
description: PromptStage Viewset
tags:
- stages
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PromptStageRequest'
required: true
security:
- authentik: []
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/PromptStage'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/stages/prompt/stages/{stage_uuid}/:
get:
operationId: stages_prompt_stages_retrieve
description: PromptStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Prompt Stage.
required: true
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PromptStage'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
put:
operationId: stages_prompt_stages_update
description: PromptStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Prompt Stage.
required: true
tags:
- stages
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PromptStageRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PromptStage'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
patch:
operationId: stages_prompt_stages_partial_update
description: PromptStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Prompt Stage.
required: true
tags:
- stages
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedPromptStageRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PromptStage'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
delete:
operationId: stages_prompt_stages_destroy
description: PromptStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Prompt Stage.
required: true
tags:
- stages
security:
- authentik: []
responses:
'204':
description: No response body
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/stages/prompt/stages/{stage_uuid}/used_by/:
get:
operationId: stages_prompt_stages_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Prompt Stage.
required: true
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/stages/user_delete/:
get:
operationId: stages_user_delete_list
description: UserDeleteStage Viewset
parameters:
- in: query
name: name
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- name: search
required: false
in: query
description: A search term.
schema:
type: string
- in: query
name: stage_uuid
schema:
type: string
format: uuid
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedUserDeleteStageList'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
post:
operationId: stages_user_delete_create
description: UserDeleteStage Viewset
tags:
- stages
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/UserDeleteStageRequest'
required: true
security:
- authentik: []
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/UserDeleteStage'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/stages/user_delete/{stage_uuid}/:
get:
operationId: stages_user_delete_retrieve
description: UserDeleteStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this User Delete Stage.
required: true
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/UserDeleteStage'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
put:
operationId: stages_user_delete_update
description: UserDeleteStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this User Delete Stage.
required: true
tags:
- stages
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/UserDeleteStageRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/UserDeleteStage'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
patch:
operationId: stages_user_delete_partial_update
description: UserDeleteStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this User Delete Stage.
required: true
tags:
- stages
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedUserDeleteStageRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/UserDeleteStage'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
delete:
operationId: stages_user_delete_destroy
description: UserDeleteStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this User Delete Stage.
required: true
tags:
- stages
security:
- authentik: []
responses:
'204':
description: No response body
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/stages/user_delete/{stage_uuid}/used_by/:
get:
operationId: stages_user_delete_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this User Delete Stage.
required: true
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/stages/user_login/:
get:
operationId: stages_user_login_list
description: UserLoginStage Viewset
parameters:
- in: query
name: name
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- name: search
required: false
in: query
description: A search term.
schema:
type: string
- in: query
name: session_duration
schema:
type: string
- in: query
name: stage_uuid
schema:
type: string
format: uuid
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedUserLoginStageList'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
post:
operationId: stages_user_login_create
description: UserLoginStage Viewset
tags:
- stages
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/UserLoginStageRequest'
required: true
security:
- authentik: []
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/UserLoginStage'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/stages/user_login/{stage_uuid}/:
get:
operationId: stages_user_login_retrieve
description: UserLoginStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this User Login Stage.
required: true
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/UserLoginStage'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
put:
operationId: stages_user_login_update
description: UserLoginStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this User Login Stage.
required: true
tags:
- stages
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/UserLoginStageRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/UserLoginStage'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
patch:
operationId: stages_user_login_partial_update
description: UserLoginStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this User Login Stage.
required: true
tags:
- stages
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedUserLoginStageRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/UserLoginStage'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
delete:
operationId: stages_user_login_destroy
description: UserLoginStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this User Login Stage.
required: true
tags:
- stages
security:
- authentik: []
responses:
'204':
description: No response body
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/stages/user_login/{stage_uuid}/used_by/:
get:
operationId: stages_user_login_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this User Login Stage.
required: true
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/stages/user_logout/:
get:
operationId: stages_user_logout_list
description: UserLogoutStage Viewset
parameters:
- in: query
name: name
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- name: search
required: false
in: query
description: A search term.
schema:
type: string
- in: query
name: stage_uuid
schema:
type: string
format: uuid
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedUserLogoutStageList'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
post:
operationId: stages_user_logout_create
description: UserLogoutStage Viewset
tags:
- stages
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/UserLogoutStageRequest'
required: true
security:
- authentik: []
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/UserLogoutStage'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/stages/user_logout/{stage_uuid}/:
get:
operationId: stages_user_logout_retrieve
description: UserLogoutStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this User Logout Stage.
required: true
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/UserLogoutStage'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
put:
operationId: stages_user_logout_update
description: UserLogoutStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this User Logout Stage.
required: true
tags:
- stages
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/UserLogoutStageRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/UserLogoutStage'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
patch:
operationId: stages_user_logout_partial_update
description: UserLogoutStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this User Logout Stage.
required: true
tags:
- stages
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedUserLogoutStageRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/UserLogoutStage'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
delete:
operationId: stages_user_logout_destroy
description: UserLogoutStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this User Logout Stage.
required: true
tags:
- stages
security:
- authentik: []
responses:
'204':
description: No response body
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/stages/user_logout/{stage_uuid}/used_by/:
get:
operationId: stages_user_logout_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this User Logout Stage.
required: true
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/stages/user_write/:
get:
operationId: stages_user_write_list
description: UserWriteStage Viewset
parameters:
- in: query
name: create_users_as_inactive
schema:
type: boolean
- in: query
name: create_users_group
schema:
type: string
format: uuid
- in: query
name: name
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- name: search
required: false
in: query
description: A search term.
schema:
type: string
- in: query
name: stage_uuid
schema:
type: string
format: uuid
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedUserWriteStageList'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
post:
operationId: stages_user_write_create
description: UserWriteStage Viewset
tags:
- stages
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/UserWriteStageRequest'
required: true
security:
- authentik: []
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/UserWriteStage'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/stages/user_write/{stage_uuid}/:
get:
operationId: stages_user_write_retrieve
description: UserWriteStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this User Write Stage.
required: true
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/UserWriteStage'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
put:
operationId: stages_user_write_update
description: UserWriteStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this User Write Stage.
required: true
tags:
- stages
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/UserWriteStageRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/UserWriteStage'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
patch:
operationId: stages_user_write_partial_update
description: UserWriteStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this User Write Stage.
required: true
tags:
- stages
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedUserWriteStageRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/UserWriteStage'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
delete:
operationId: stages_user_write_destroy
description: UserWriteStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this User Write Stage.
required: true
tags:
- stages
security:
- authentik: []
responses:
'204':
description: No response body
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/stages/user_write/{stage_uuid}/used_by/:
get:
operationId: stages_user_write_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this User Write Stage.
required: true
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
components:
schemas:
AccessDeniedChallenge:
type: object
description: Challenge when a flow's active stage calls `stage_invalid()`.
properties:
type:
$ref: '#/components/schemas/ChallengeChoices'
flow_info:
$ref: '#/components/schemas/ContextualFlowInfo'
component:
type: string
default: ak-stage-access-denied
response_errors:
type: object
additionalProperties:
type: array
items:
$ref: '#/components/schemas/ErrorDetail'
pending_user:
type: string
pending_user_avatar:
type: string
error_message:
type: string
required:
- pending_user
- pending_user_avatar
- type
App:
type: object
description: Serialize Application info
properties:
name:
type: string
label:
type: string
required:
- label
- name
AppEnum:
enum:
- authentik.admin
- authentik.api
- authentik.crypto
stages/authenticator_sms: Add SMS Authenticator Stage (#1577) * stages/authenticator_sms: initial implementation Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add initial stage UI Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/elements: clear invalid state when old input was invalid but new input is correct Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: add more logic Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/user: add basic SMS settings Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: initial working version Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: add tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/flows: optimise totp password manager entry on authenticator_validation stage Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/elements: add grouping support for table Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: allow sms class in authenticator stage Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add grouping to more pages Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_validate: add SMS support Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * api: add throttling for flow executor based on session key and pending user Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web: fix style issues Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * ci: add workflow to compile backend translations Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-11 15:51:49 +00:00
- authentik.events
- authentik.flows
- authentik.lib
stages/authenticator_sms: Add SMS Authenticator Stage (#1577) * stages/authenticator_sms: initial implementation Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add initial stage UI Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/elements: clear invalid state when old input was invalid but new input is correct Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: add more logic Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/user: add basic SMS settings Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: initial working version Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: add tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/flows: optimise totp password manager entry on authenticator_validation stage Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/elements: add grouping support for table Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: allow sms class in authenticator stage Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add grouping to more pages Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_validate: add SMS support Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * api: add throttling for flow executor based on session key and pending user Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web: fix style issues Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * ci: add workflow to compile backend translations Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-11 15:51:49 +00:00
- authentik.outposts
- authentik.policies.dummy
- authentik.policies.event_matcher
- authentik.policies.expiry
- authentik.policies.expression
- authentik.policies.hibp
- authentik.policies.password
- authentik.policies.reputation
stages/authenticator_sms: Add SMS Authenticator Stage (#1577) * stages/authenticator_sms: initial implementation Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add initial stage UI Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/elements: clear invalid state when old input was invalid but new input is correct Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: add more logic Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/user: add basic SMS settings Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: initial working version Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: add tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/flows: optimise totp password manager entry on authenticator_validation stage Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/elements: add grouping support for table Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: allow sms class in authenticator stage Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add grouping to more pages Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_validate: add SMS support Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * api: add throttling for flow executor based on session key and pending user Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web: fix style issues Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * ci: add workflow to compile backend translations Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-11 15:51:49 +00:00
- authentik.policies
- authentik.providers.ldap
- authentik.providers.oauth2
stages/authenticator_sms: Add SMS Authenticator Stage (#1577) * stages/authenticator_sms: initial implementation Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add initial stage UI Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/elements: clear invalid state when old input was invalid but new input is correct Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: add more logic Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/user: add basic SMS settings Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: initial working version Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: add tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/flows: optimise totp password manager entry on authenticator_validation stage Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/elements: add grouping support for table Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: allow sms class in authenticator stage Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add grouping to more pages Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_validate: add SMS support Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * api: add throttling for flow executor based on session key and pending user Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web: fix style issues Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * ci: add workflow to compile backend translations Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-11 15:51:49 +00:00
- authentik.providers.proxy
- authentik.providers.saml
- authentik.recovery
- authentik.sources.ldap
- authentik.sources.oauth
- authentik.sources.plex
- authentik.sources.saml
- authentik.stages.authenticator_duo
stages/authenticator_sms: Add SMS Authenticator Stage (#1577) * stages/authenticator_sms: initial implementation Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add initial stage UI Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/elements: clear invalid state when old input was invalid but new input is correct Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: add more logic Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/user: add basic SMS settings Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: initial working version Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: add tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/flows: optimise totp password manager entry on authenticator_validation stage Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/elements: add grouping support for table Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: allow sms class in authenticator stage Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add grouping to more pages Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_validate: add SMS support Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * api: add throttling for flow executor based on session key and pending user Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web: fix style issues Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * ci: add workflow to compile backend translations Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-11 15:51:49 +00:00
- authentik.stages.authenticator_sms
- authentik.stages.authenticator_static
- authentik.stages.authenticator_totp
- authentik.stages.authenticator_validate
- authentik.stages.authenticator_webauthn
- authentik.stages.captcha
- authentik.stages.consent
- authentik.stages.deny
- authentik.stages.dummy
- authentik.stages.email
- authentik.stages.identification
- authentik.stages.invitation
- authentik.stages.password
- authentik.stages.prompt
- authentik.stages.user_delete
- authentik.stages.user_login
- authentik.stages.user_logout
- authentik.stages.user_write
- authentik.tenants
- authentik.managed
- authentik.core
type: string
AppleChallengeResponseRequest:
type: object
description: Pseudo class for plex response
properties:
component:
type: string
minLength: 1
default: ak-flow-sources-oauth-apple
AppleLoginChallenge:
type: object
description: Special challenge for apple-native authentication flow, which happens
on the client.
properties:
type:
$ref: '#/components/schemas/ChallengeChoices'
flow_info:
$ref: '#/components/schemas/ContextualFlowInfo'
component:
type: string
default: ak-flow-sources-oauth-apple
response_errors:
type: object
additionalProperties:
type: array
items:
$ref: '#/components/schemas/ErrorDetail'
client_id:
type: string
scope:
type: string
redirect_uri:
type: string
state:
type: string
required:
- client_id
- redirect_uri
- scope
- state
- type
Application:
type: object
description: Application Serializer
properties:
pk:
type: string
format: uuid
readOnly: true
title: Pbm uuid
name:
type: string
description: Application's display Name.
slug:
type: string
description: Internal application name, used in URLs.
maxLength: 50
pattern: ^[-a-zA-Z0-9_]+$
provider:
type: integer
nullable: true
provider_obj:
allOf:
- $ref: '#/components/schemas/Provider'
readOnly: true
launch_url:
type: string
nullable: true
readOnly: true
meta_launch_url:
type: string
format: uri
meta_icon:
type: string
nullable: true
readOnly: true
meta_description:
type: string
meta_publisher:
type: string
policy_engine_mode:
$ref: '#/components/schemas/PolicyEngineMode'
group:
type: string
required:
- launch_url
- meta_icon
- name
- pk
- provider_obj
- slug
ApplicationRequest:
type: object
description: Application Serializer
properties:
name:
type: string
minLength: 1
description: Application's display Name.
slug:
type: string
minLength: 1
description: Internal application name, used in URLs.
maxLength: 50
pattern: ^[-a-zA-Z0-9_]+$
provider:
type: integer
nullable: true
meta_launch_url:
type: string
format: uri
meta_description:
type: string
meta_publisher:
type: string
policy_engine_mode:
$ref: '#/components/schemas/PolicyEngineMode'
group:
type: string
required:
- name
- slug
AuthTypeEnum:
enum:
- basic
- bearer
type: string
AuthenticateWebAuthnStage:
type: object
description: AuthenticateWebAuthnStage Serializer
properties:
pk:
type: string
format: uuid
readOnly: true
title: Stage uuid
name:
type: string
component:
type: string
readOnly: true
verbose_name:
type: string
readOnly: true
verbose_name_plural:
type: string
readOnly: true
meta_model_name:
type: string
readOnly: true
flow_set:
type: array
items:
$ref: '#/components/schemas/Flow'
configure_flow:
type: string
format: uuid
nullable: true
description: Flow used by an authenticated user to configure this Stage.
If empty, user will not be able to configure this stage.
user_verification:
$ref: '#/components/schemas/UserVerificationEnum'
authenticator_attachment:
allOf:
- $ref: '#/components/schemas/AuthenticatorAttachmentEnum'
nullable: true
resident_key_requirement:
$ref: '#/components/schemas/ResidentKeyRequirementEnum'
required:
- component
- meta_model_name
- name
- pk
- verbose_name
- verbose_name_plural
AuthenticateWebAuthnStageRequest:
type: object
description: AuthenticateWebAuthnStage Serializer
properties:
name:
type: string
minLength: 1
flow_set:
type: array
items:
$ref: '#/components/schemas/FlowRequest'
configure_flow:
type: string
format: uuid
nullable: true
description: Flow used by an authenticated user to configure this Stage.
If empty, user will not be able to configure this stage.
user_verification:
$ref: '#/components/schemas/UserVerificationEnum'
authenticator_attachment:
allOf:
- $ref: '#/components/schemas/AuthenticatorAttachmentEnum'
nullable: true
resident_key_requirement:
$ref: '#/components/schemas/ResidentKeyRequirementEnum'
required:
- name
AuthenticatedSession:
type: object
description: AuthenticatedSession Serializer
properties:
uuid:
type: string
format: uuid
current:
type: boolean
readOnly: true
user_agent:
type: object
description: User agent details
properties:
device:
type: object
description: User agent device
properties:
brand:
type: string
family:
type: string
model:
type: string
required:
- brand
- family
- model
os:
type: object
description: User agent os
properties:
family:
type: string
major:
type: string
minor:
type: string
patch:
type: string
patch_minor:
type: string
required:
- family
- major
- minor
- patch
- patch_minor
user_agent:
type: object
description: User agent browser
properties:
family:
type: string
major:
type: string
minor:
type: string
patch:
type: string
required:
- family
- major
- minor
- patch
string:
type: string
required:
- device
- os
- string
- user_agent
readOnly: true
geo_ip:
type: object
description: GeoIP Details
properties:
continent:
type: string
country:
type: string
lat:
type: number
format: double
long:
type: number
format: double
city:
type: string
required:
- city
- continent
- country
- lat
- long
nullable: true
readOnly: true
user:
type: integer
last_ip:
type: string
last_user_agent:
type: string
last_used:
type: string
format: date-time
readOnly: true
expires:
type: string
format: date-time
required:
- current
- geo_ip
- last_ip
- last_used
- user
- user_agent
AuthenticatorAttachmentEnum:
enum:
- platform
- cross-platform
type: string
AuthenticatorDuoChallenge:
type: object
description: Duo Challenge
properties:
type:
$ref: '#/components/schemas/ChallengeChoices'
flow_info:
$ref: '#/components/schemas/ContextualFlowInfo'
component:
type: string
default: ak-stage-authenticator-duo
response_errors:
type: object
additionalProperties:
type: array
items:
$ref: '#/components/schemas/ErrorDetail'
pending_user:
type: string
pending_user_avatar:
type: string
activation_barcode:
type: string
activation_code:
type: string
stage_uuid:
type: string
required:
- activation_barcode
- activation_code
- pending_user
- pending_user_avatar
- stage_uuid
- type
AuthenticatorDuoChallengeResponseRequest:
type: object
description: Pseudo class for duo response
properties:
component:
type: string
minLength: 1
default: ak-stage-authenticator-duo
AuthenticatorDuoStage:
type: object
description: AuthenticatorDuoStage Serializer
properties:
pk:
type: string
format: uuid
readOnly: true
title: Stage uuid
name:
type: string
component:
type: string
readOnly: true
verbose_name:
type: string
readOnly: true
verbose_name_plural:
type: string
readOnly: true
meta_model_name:
type: string
readOnly: true
flow_set:
type: array
items:
$ref: '#/components/schemas/Flow'
configure_flow:
type: string
format: uuid
nullable: true
description: Flow used by an authenticated user to configure this Stage.
If empty, user will not be able to configure this stage.
client_id:
type: string
api_hostname:
type: string
required:
- api_hostname
- client_id
- component
- meta_model_name
- name
- pk
- verbose_name
- verbose_name_plural
AuthenticatorDuoStageRequest:
type: object
description: AuthenticatorDuoStage Serializer
properties:
name:
type: string
minLength: 1
flow_set:
type: array
items:
$ref: '#/components/schemas/FlowRequest'
configure_flow:
type: string
format: uuid
nullable: true
description: Flow used by an authenticated user to configure this Stage.
If empty, user will not be able to configure this stage.
client_id:
type: string
minLength: 1
client_secret:
type: string
writeOnly: true
minLength: 1
api_hostname:
type: string
minLength: 1
required:
- api_hostname
- client_id
- client_secret
- name
stages/authenticator_sms: Add SMS Authenticator Stage (#1577) * stages/authenticator_sms: initial implementation Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add initial stage UI Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/elements: clear invalid state when old input was invalid but new input is correct Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: add more logic Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/user: add basic SMS settings Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: initial working version Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: add tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/flows: optimise totp password manager entry on authenticator_validation stage Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/elements: add grouping support for table Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: allow sms class in authenticator stage Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add grouping to more pages Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_validate: add SMS support Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * api: add throttling for flow executor based on session key and pending user Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web: fix style issues Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * ci: add workflow to compile backend translations Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-11 15:51:49 +00:00
AuthenticatorSMSChallenge:
type: object
description: SMS Setup challenge
properties:
type:
$ref: '#/components/schemas/ChallengeChoices'
flow_info:
$ref: '#/components/schemas/ContextualFlowInfo'
component:
type: string
default: ak-stage-authenticator-sms
response_errors:
type: object
additionalProperties:
type: array
items:
$ref: '#/components/schemas/ErrorDetail'
pending_user:
type: string
pending_user_avatar:
type: string
phone_number_required:
type: boolean
default: true
required:
- pending_user
- pending_user_avatar
- type
AuthenticatorSMSChallengeResponseRequest:
type: object
description: SMS Challenge response, device is set by get_response_instance
properties:
component:
type: string
minLength: 1
stages/authenticator_sms: Add SMS Authenticator Stage (#1577) * stages/authenticator_sms: initial implementation Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add initial stage UI Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/elements: clear invalid state when old input was invalid but new input is correct Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: add more logic Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/user: add basic SMS settings Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: initial working version Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: add tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/flows: optimise totp password manager entry on authenticator_validation stage Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/elements: add grouping support for table Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: allow sms class in authenticator stage Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add grouping to more pages Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_validate: add SMS support Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * api: add throttling for flow executor based on session key and pending user Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web: fix style issues Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * ci: add workflow to compile backend translations Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-11 15:51:49 +00:00
default: ak-stage-authenticator-sms
code:
type: integer
phone_number:
type: string
minLength: 1
stages/authenticator_sms: Add SMS Authenticator Stage (#1577) * stages/authenticator_sms: initial implementation Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add initial stage UI Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/elements: clear invalid state when old input was invalid but new input is correct Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: add more logic Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/user: add basic SMS settings Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: initial working version Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: add tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/flows: optimise totp password manager entry on authenticator_validation stage Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/elements: add grouping support for table Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: allow sms class in authenticator stage Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add grouping to more pages Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_validate: add SMS support Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * api: add throttling for flow executor based on session key and pending user Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web: fix style issues Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * ci: add workflow to compile backend translations Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-11 15:51:49 +00:00
AuthenticatorSMSStage:
type: object
description: AuthenticatorSMSStage Serializer
properties:
pk:
type: string
format: uuid
readOnly: true
title: Stage uuid
name:
type: string
component:
type: string
readOnly: true
verbose_name:
type: string
readOnly: true
verbose_name_plural:
type: string
readOnly: true
meta_model_name:
type: string
readOnly: true
stages/authenticator_sms: Add SMS Authenticator Stage (#1577) * stages/authenticator_sms: initial implementation Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add initial stage UI Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/elements: clear invalid state when old input was invalid but new input is correct Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: add more logic Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/user: add basic SMS settings Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: initial working version Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: add tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/flows: optimise totp password manager entry on authenticator_validation stage Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/elements: add grouping support for table Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: allow sms class in authenticator stage Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add grouping to more pages Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_validate: add SMS support Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * api: add throttling for flow executor based on session key and pending user Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web: fix style issues Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * ci: add workflow to compile backend translations Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-11 15:51:49 +00:00
flow_set:
type: array
items:
$ref: '#/components/schemas/Flow'
configure_flow:
type: string
format: uuid
nullable: true
description: Flow used by an authenticated user to configure this Stage.
If empty, user will not be able to configure this stage.
provider:
$ref: '#/components/schemas/ProviderEnum'
from_number:
type: string
account_sid:
stages/authenticator_sms: Add SMS Authenticator Stage (#1577) * stages/authenticator_sms: initial implementation Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add initial stage UI Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/elements: clear invalid state when old input was invalid but new input is correct Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: add more logic Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/user: add basic SMS settings Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: initial working version Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: add tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/flows: optimise totp password manager entry on authenticator_validation stage Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/elements: add grouping support for table Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: allow sms class in authenticator stage Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add grouping to more pages Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_validate: add SMS support Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * api: add throttling for flow executor based on session key and pending user Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web: fix style issues Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * ci: add workflow to compile backend translations Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-11 15:51:49 +00:00
type: string
auth:
stages/authenticator_sms: Add SMS Authenticator Stage (#1577) * stages/authenticator_sms: initial implementation Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add initial stage UI Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/elements: clear invalid state when old input was invalid but new input is correct Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: add more logic Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/user: add basic SMS settings Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: initial working version Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: add tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/flows: optimise totp password manager entry on authenticator_validation stage Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/elements: add grouping support for table Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: allow sms class in authenticator stage Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add grouping to more pages Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_validate: add SMS support Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * api: add throttling for flow executor based on session key and pending user Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web: fix style issues Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * ci: add workflow to compile backend translations Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-11 15:51:49 +00:00
type: string
auth_password:
type: string
auth_type:
$ref: '#/components/schemas/AuthTypeEnum'
verify_only:
type: boolean
description: When enabled, the Phone number is only used during enrollment
to verify the users authenticity. Only a hash of the phone number is saved
to ensure it is not re-used in the future.
stages/authenticator_sms: Add SMS Authenticator Stage (#1577) * stages/authenticator_sms: initial implementation Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add initial stage UI Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/elements: clear invalid state when old input was invalid but new input is correct Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: add more logic Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/user: add basic SMS settings Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: initial working version Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: add tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/flows: optimise totp password manager entry on authenticator_validation stage Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/elements: add grouping support for table Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: allow sms class in authenticator stage Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add grouping to more pages Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_validate: add SMS support Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * api: add throttling for flow executor based on session key and pending user Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web: fix style issues Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * ci: add workflow to compile backend translations Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-11 15:51:49 +00:00
required:
- account_sid
- auth
stages/authenticator_sms: Add SMS Authenticator Stage (#1577) * stages/authenticator_sms: initial implementation Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add initial stage UI Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/elements: clear invalid state when old input was invalid but new input is correct Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: add more logic Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/user: add basic SMS settings Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: initial working version Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: add tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/flows: optimise totp password manager entry on authenticator_validation stage Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/elements: add grouping support for table Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: allow sms class in authenticator stage Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add grouping to more pages Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_validate: add SMS support Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * api: add throttling for flow executor based on session key and pending user Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web: fix style issues Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * ci: add workflow to compile backend translations Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-11 15:51:49 +00:00
- component
- from_number
- meta_model_name
stages/authenticator_sms: Add SMS Authenticator Stage (#1577) * stages/authenticator_sms: initial implementation Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add initial stage UI Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/elements: clear invalid state when old input was invalid but new input is correct Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: add more logic Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/user: add basic SMS settings Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: initial working version Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: add tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/flows: optimise totp password manager entry on authenticator_validation stage Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/elements: add grouping support for table Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: allow sms class in authenticator stage Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add grouping to more pages Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_validate: add SMS support Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * api: add throttling for flow executor based on session key and pending user Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web: fix style issues Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * ci: add workflow to compile backend translations Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-11 15:51:49 +00:00
- name
- pk
- provider
- verbose_name
- verbose_name_plural
AuthenticatorSMSStageRequest:
type: object
description: AuthenticatorSMSStage Serializer
properties:
name:
type: string
minLength: 1
stages/authenticator_sms: Add SMS Authenticator Stage (#1577) * stages/authenticator_sms: initial implementation Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add initial stage UI Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/elements: clear invalid state when old input was invalid but new input is correct Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: add more logic Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/user: add basic SMS settings Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: initial working version Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: add tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/flows: optimise totp password manager entry on authenticator_validation stage Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/elements: add grouping support for table Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: allow sms class in authenticator stage Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add grouping to more pages Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_validate: add SMS support Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * api: add throttling for flow executor based on session key and pending user Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web: fix style issues Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * ci: add workflow to compile backend translations Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-11 15:51:49 +00:00
flow_set:
type: array
items:
$ref: '#/components/schemas/FlowRequest'
configure_flow:
type: string
format: uuid
nullable: true
description: Flow used by an authenticated user to configure this Stage.
If empty, user will not be able to configure this stage.
provider:
$ref: '#/components/schemas/ProviderEnum'
from_number:
type: string
minLength: 1
account_sid:
stages/authenticator_sms: Add SMS Authenticator Stage (#1577) * stages/authenticator_sms: initial implementation Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add initial stage UI Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/elements: clear invalid state when old input was invalid but new input is correct Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: add more logic Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/user: add basic SMS settings Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: initial working version Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: add tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/flows: optimise totp password manager entry on authenticator_validation stage Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/elements: add grouping support for table Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: allow sms class in authenticator stage Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add grouping to more pages Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_validate: add SMS support Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * api: add throttling for flow executor based on session key and pending user Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web: fix style issues Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * ci: add workflow to compile backend translations Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-11 15:51:49 +00:00
type: string
minLength: 1
auth:
stages/authenticator_sms: Add SMS Authenticator Stage (#1577) * stages/authenticator_sms: initial implementation Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add initial stage UI Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/elements: clear invalid state when old input was invalid but new input is correct Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: add more logic Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/user: add basic SMS settings Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: initial working version Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: add tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/flows: optimise totp password manager entry on authenticator_validation stage Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/elements: add grouping support for table Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: allow sms class in authenticator stage Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add grouping to more pages Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_validate: add SMS support Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * api: add throttling for flow executor based on session key and pending user Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web: fix style issues Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * ci: add workflow to compile backend translations Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-11 15:51:49 +00:00
type: string
minLength: 1
auth_password:
type: string
auth_type:
$ref: '#/components/schemas/AuthTypeEnum'
verify_only:
type: boolean
description: When enabled, the Phone number is only used during enrollment
to verify the users authenticity. Only a hash of the phone number is saved
to ensure it is not re-used in the future.
stages/authenticator_sms: Add SMS Authenticator Stage (#1577) * stages/authenticator_sms: initial implementation Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add initial stage UI Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/elements: clear invalid state when old input was invalid but new input is correct Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: add more logic Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/user: add basic SMS settings Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: initial working version Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: add tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/flows: optimise totp password manager entry on authenticator_validation stage Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/elements: add grouping support for table Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: allow sms class in authenticator stage Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add grouping to more pages Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_validate: add SMS support Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * api: add throttling for flow executor based on session key and pending user Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web: fix style issues Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * ci: add workflow to compile backend translations Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-11 15:51:49 +00:00
required:
- account_sid
- auth
stages/authenticator_sms: Add SMS Authenticator Stage (#1577) * stages/authenticator_sms: initial implementation Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add initial stage UI Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/elements: clear invalid state when old input was invalid but new input is correct Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: add more logic Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/user: add basic SMS settings Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: initial working version Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: add tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/flows: optimise totp password manager entry on authenticator_validation stage Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/elements: add grouping support for table Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: allow sms class in authenticator stage Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add grouping to more pages Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_validate: add SMS support Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * api: add throttling for flow executor based on session key and pending user Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web: fix style issues Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * ci: add workflow to compile backend translations Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-11 15:51:49 +00:00
- from_number
- name
- provider
AuthenticatorStaticChallenge:
type: object
description: Static authenticator challenge
properties:
type:
$ref: '#/components/schemas/ChallengeChoices'
flow_info:
$ref: '#/components/schemas/ContextualFlowInfo'
component:
type: string
default: ak-stage-authenticator-static
response_errors:
type: object
additionalProperties:
type: array
items:
$ref: '#/components/schemas/ErrorDetail'
pending_user:
type: string
pending_user_avatar:
type: string
codes:
type: array
items:
type: string
required:
- codes
- pending_user
- pending_user_avatar
- type
AuthenticatorStaticChallengeResponseRequest:
type: object
description: Pseudo class for static response
properties:
component:
type: string
minLength: 1
default: ak-stage-authenticator-static
AuthenticatorStaticStage:
type: object
description: AuthenticatorStaticStage Serializer
properties:
pk:
type: string
format: uuid
readOnly: true
title: Stage uuid
name:
type: string
component:
type: string
readOnly: true
verbose_name:
type: string
readOnly: true
verbose_name_plural:
type: string
readOnly: true
meta_model_name:
type: string
readOnly: true
flow_set:
type: array
items:
$ref: '#/components/schemas/Flow'
configure_flow:
type: string
format: uuid
nullable: true
description: Flow used by an authenticated user to configure this Stage.
If empty, user will not be able to configure this stage.
token_count:
type: integer
maximum: 2147483647
minimum: -2147483648
required:
- component
- meta_model_name
- name
- pk
- verbose_name
- verbose_name_plural
AuthenticatorStaticStageRequest:
type: object
description: AuthenticatorStaticStage Serializer
properties:
name:
type: string
minLength: 1
flow_set:
type: array
items:
$ref: '#/components/schemas/FlowRequest'
configure_flow:
type: string
format: uuid
nullable: true
description: Flow used by an authenticated user to configure this Stage.
If empty, user will not be able to configure this stage.
token_count:
type: integer
maximum: 2147483647
minimum: -2147483648
required:
- name
AuthenticatorTOTPChallenge:
type: object
description: TOTP Setup challenge
properties:
type:
$ref: '#/components/schemas/ChallengeChoices'
flow_info:
$ref: '#/components/schemas/ContextualFlowInfo'
component:
type: string
default: ak-stage-authenticator-totp
response_errors:
type: object
additionalProperties:
type: array
items:
$ref: '#/components/schemas/ErrorDetail'
pending_user:
type: string
pending_user_avatar:
type: string
config_url:
type: string
required:
- config_url
- pending_user
- pending_user_avatar
- type
AuthenticatorTOTPChallengeResponseRequest:
type: object
description: TOTP Challenge response, device is set by get_response_instance
properties:
component:
type: string
minLength: 1
default: ak-stage-authenticator-totp
code:
type: integer
required:
- code
AuthenticatorTOTPStage:
type: object
description: AuthenticatorTOTPStage Serializer
properties:
pk:
type: string
format: uuid
readOnly: true
title: Stage uuid
name:
type: string
component:
type: string
readOnly: true
verbose_name:
type: string
readOnly: true
verbose_name_plural:
type: string
readOnly: true
meta_model_name:
type: string
readOnly: true
flow_set:
type: array
items:
$ref: '#/components/schemas/Flow'
configure_flow:
type: string
format: uuid
nullable: true
description: Flow used by an authenticated user to configure this Stage.
If empty, user will not be able to configure this stage.
digits:
allOf:
- $ref: '#/components/schemas/DigitsEnum'
minimum: -2147483648
maximum: 2147483647
required:
- component
- digits
- meta_model_name
- name
- pk
- verbose_name
- verbose_name_plural
AuthenticatorTOTPStageRequest:
type: object
description: AuthenticatorTOTPStage Serializer
properties:
name:
type: string
minLength: 1
flow_set:
type: array
items:
$ref: '#/components/schemas/FlowRequest'
configure_flow:
type: string
format: uuid
nullable: true
description: Flow used by an authenticated user to configure this Stage.
If empty, user will not be able to configure this stage.
digits:
allOf:
- $ref: '#/components/schemas/DigitsEnum'
minimum: -2147483648
maximum: 2147483647
required:
- digits
- name
AuthenticatorValidateStage:
type: object
description: AuthenticatorValidateStage Serializer
properties:
pk:
type: string
format: uuid
readOnly: true
title: Stage uuid
name:
type: string
component:
type: string
readOnly: true
verbose_name:
type: string
readOnly: true
verbose_name_plural:
type: string
readOnly: true
meta_model_name:
type: string
readOnly: true
flow_set:
type: array
items:
$ref: '#/components/schemas/Flow'
not_configured_action:
$ref: '#/components/schemas/NotConfiguredActionEnum'
device_classes:
type: array
items:
$ref: '#/components/schemas/DeviceClassesEnum'
description: Device classes which can be used to authenticate
configuration_stages:
type: array
items:
type: string
format: uuid
description: Stages used to configure Authenticator when user doesn't have
any compatible devices. After this configuration Stage passes, the user
is not prompted again.
last_auth_threshold:
type: string
description: If any of the user's device has been used within this threshold,
this stage will be skipped
required:
- component
- meta_model_name
- name
- pk
- verbose_name
- verbose_name_plural
AuthenticatorValidateStageRequest:
type: object
description: AuthenticatorValidateStage Serializer
properties:
name:
type: string
minLength: 1
flow_set:
type: array
items:
$ref: '#/components/schemas/FlowRequest'
not_configured_action:
$ref: '#/components/schemas/NotConfiguredActionEnum'
device_classes:
type: array
items:
$ref: '#/components/schemas/DeviceClassesEnum'
description: Device classes which can be used to authenticate
configuration_stages:
type: array
items:
type: string
format: uuid
description: Stages used to configure Authenticator when user doesn't have
any compatible devices. After this configuration Stage passes, the user
is not prompted again.
last_auth_threshold:
type: string
minLength: 1
description: If any of the user's device has been used within this threshold,
this stage will be skipped
required:
- name
AuthenticatorValidationChallenge:
type: object
description: Authenticator challenge
properties:
type:
$ref: '#/components/schemas/ChallengeChoices'
flow_info:
$ref: '#/components/schemas/ContextualFlowInfo'
component:
type: string
default: ak-stage-authenticator-validate
response_errors:
type: object
additionalProperties:
type: array
items:
$ref: '#/components/schemas/ErrorDetail'
pending_user:
type: string
pending_user_avatar:
type: string
device_challenges:
type: array
items:
$ref: '#/components/schemas/DeviceChallenge'
configuration_stages:
type: array
items:
$ref: '#/components/schemas/SelectableStage'
required:
- configuration_stages
- device_challenges
- pending_user
- pending_user_avatar
- type
AuthenticatorValidationChallengeResponseRequest:
type: object
description: Challenge used for Code-based and WebAuthn authenticators
properties:
component:
type: string
minLength: 1
default: ak-stage-authenticator-validate
stages/authenticator_sms: Add SMS Authenticator Stage (#1577) * stages/authenticator_sms: initial implementation Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add initial stage UI Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/elements: clear invalid state when old input was invalid but new input is correct Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: add more logic Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/user: add basic SMS settings Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: initial working version Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: add tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/flows: optimise totp password manager entry on authenticator_validation stage Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/elements: add grouping support for table Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: allow sms class in authenticator stage Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add grouping to more pages Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_validate: add SMS support Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * api: add throttling for flow executor based on session key and pending user Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web: fix style issues Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * ci: add workflow to compile backend translations Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-11 15:51:49 +00:00
selected_challenge:
$ref: '#/components/schemas/DeviceChallengeRequest'
selected_stage:
type: string
minLength: 1
code:
type: string
minLength: 1
webauthn:
type: object
additionalProperties: {}
duo:
type: integer
AuthenticatorWebAuthnChallenge:
type: object
description: WebAuthn Challenge
properties:
type:
$ref: '#/components/schemas/ChallengeChoices'
flow_info:
$ref: '#/components/schemas/ContextualFlowInfo'
component:
type: string
default: ak-stage-authenticator-webauthn
response_errors:
type: object
additionalProperties:
type: array
items:
$ref: '#/components/schemas/ErrorDetail'
pending_user:
type: string
pending_user_avatar:
type: string
registration:
type: object
additionalProperties: {}
required:
- pending_user
- pending_user_avatar
- registration
- type
AuthenticatorWebAuthnChallengeResponseRequest:
type: object
description: WebAuthn Challenge response
properties:
component:
type: string
minLength: 1
default: ak-stage-authenticator-webauthn
response:
type: object
additionalProperties: {}
required:
- response
AutoSubmitChallengeResponseRequest:
type: object
description: Pseudo class for autosubmit response
properties:
component:
type: string
minLength: 1
default: ak-stage-autosubmit
AutosubmitChallenge:
type: object
description: Autosubmit challenge used to send and navigate a POST request
properties:
type:
$ref: '#/components/schemas/ChallengeChoices'
flow_info:
$ref: '#/components/schemas/ContextualFlowInfo'
component:
type: string
default: ak-stage-autosubmit
response_errors:
type: object
additionalProperties:
type: array
items:
$ref: '#/components/schemas/ErrorDetail'
url:
type: string
attrs:
type: object
additionalProperties:
type: string
title:
type: string
required:
- attrs
- type
- url
BackendsEnum:
enum:
- authentik.core.auth.InbuiltBackend
- authentik.core.auth.TokenBackend
- authentik.sources.ldap.auth.LDAPBackend
type: string
BindingTypeEnum:
enum:
- REDIRECT
- POST
- POST_AUTO
type: string
Cache:
type: object
description: Generic cache stats for an object
properties:
count:
type: integer
readOnly: true
required:
- count
CapabilitiesEnum:
enum:
- can_save_media
- can_geo_ip
- can_impersonate
type: string
CaptchaChallenge:
type: object
description: Site public key
properties:
type:
$ref: '#/components/schemas/ChallengeChoices'
flow_info:
$ref: '#/components/schemas/ContextualFlowInfo'
component:
type: string
default: ak-stage-captcha
response_errors:
type: object
additionalProperties:
type: array
items:
$ref: '#/components/schemas/ErrorDetail'
pending_user:
type: string
pending_user_avatar:
type: string
site_key:
type: string
required:
- pending_user
- pending_user_avatar
- site_key
- type
CaptchaChallengeResponseRequest:
type: object
description: Validate captcha token
properties:
component:
type: string
minLength: 1
default: ak-stage-captcha
token:
type: string
minLength: 1
required:
- token
CaptchaStage:
type: object
description: CaptchaStage Serializer
properties:
pk:
type: string
format: uuid
readOnly: true
title: Stage uuid
name:
type: string
component:
type: string
readOnly: true
verbose_name:
type: string
readOnly: true
verbose_name_plural:
type: string
readOnly: true
meta_model_name:
type: string
readOnly: true
flow_set:
type: array
items:
$ref: '#/components/schemas/Flow'
public_key:
type: string
description: Public key, acquired from https://www.google.com/recaptcha/intro/v3.html
required:
- component
- meta_model_name
- name
- pk
- public_key
- verbose_name
- verbose_name_plural
CaptchaStageRequest:
type: object
description: CaptchaStage Serializer
properties:
name:
type: string
minLength: 1
flow_set:
type: array
items:
$ref: '#/components/schemas/FlowRequest'
public_key:
type: string
minLength: 1
description: Public key, acquired from https://www.google.com/recaptcha/intro/v3.html
private_key:
type: string
writeOnly: true
minLength: 1
description: Private key, acquired from https://www.google.com/recaptcha/intro/v3.html
required:
- name
- private_key
- public_key
CertificateData:
type: object
description: Get CertificateKeyPair's data
properties:
data:
type: string
readOnly: true
required:
- data
CertificateGenerationRequest:
type: object
description: Certificate generation parameters
properties:
common_name:
type: string
minLength: 1
subject_alt_name:
type: string
validity_days:
type: integer
required:
- common_name
- validity_days
CertificateKeyPair:
type: object
description: CertificateKeyPair Serializer
properties:
pk:
type: string
format: uuid
readOnly: true
title: Kp uuid
name:
type: string
fingerprint_sha256:
type: string
readOnly: true
fingerprint_sha1:
type: string
readOnly: true
cert_expiry:
type: string
format: date-time
readOnly: true
cert_subject:
type: string
readOnly: true
private_key_available:
type: boolean
readOnly: true
private_key_type:
type: string
nullable: true
readOnly: true
certificate_download_url:
type: string
readOnly: true
private_key_download_url:
type: string
readOnly: true
managed:
type: string
nullable: true
title: Managed by authentik
description: Objects which are managed by authentik. These objects are created
and updated automatically. This is flag only indicates that an object
can be overwritten by migrations. You can still modify the objects via
the API, but expect changes to be overwritten in a later update.
required:
- cert_expiry
- cert_subject
- certificate_download_url
- fingerprint_sha1
- fingerprint_sha256
- name
- pk
- private_key_available
- private_key_download_url
- private_key_type
CertificateKeyPairRequest:
type: object
description: CertificateKeyPair Serializer
properties:
name:
type: string
minLength: 1
certificate_data:
type: string
writeOnly: true
minLength: 1
description: PEM-encoded Certificate data
key_data:
type: string
writeOnly: true
description: Optional Private Key. If this is set, you can use this keypair
for encryption.
managed:
type: string
nullable: true
minLength: 1
title: Managed by authentik
description: Objects which are managed by authentik. These objects are created
and updated automatically. This is flag only indicates that an object
can be overwritten by migrations. You can still modify the objects via
the API, but expect changes to be overwritten in a later update.
required:
- certificate_data
- name
ChallengeChoices:
enum:
- native
- shell
- redirect
type: string
ChallengeTypes:
oneOf:
- $ref: '#/components/schemas/AccessDeniedChallenge'
- $ref: '#/components/schemas/AppleLoginChallenge'
- $ref: '#/components/schemas/AuthenticatorDuoChallenge'
stages/authenticator_sms: Add SMS Authenticator Stage (#1577) * stages/authenticator_sms: initial implementation Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add initial stage UI Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/elements: clear invalid state when old input was invalid but new input is correct Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: add more logic Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/user: add basic SMS settings Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: initial working version Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: add tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/flows: optimise totp password manager entry on authenticator_validation stage Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/elements: add grouping support for table Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: allow sms class in authenticator stage Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add grouping to more pages Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_validate: add SMS support Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * api: add throttling for flow executor based on session key and pending user Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web: fix style issues Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * ci: add workflow to compile backend translations Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-11 15:51:49 +00:00
- $ref: '#/components/schemas/AuthenticatorSMSChallenge'
- $ref: '#/components/schemas/AuthenticatorStaticChallenge'
- $ref: '#/components/schemas/AuthenticatorTOTPChallenge'
- $ref: '#/components/schemas/AuthenticatorValidationChallenge'
- $ref: '#/components/schemas/AuthenticatorWebAuthnChallenge'
- $ref: '#/components/schemas/AutosubmitChallenge'
- $ref: '#/components/schemas/CaptchaChallenge'
- $ref: '#/components/schemas/ConsentChallenge'
- $ref: '#/components/schemas/DummyChallenge'
- $ref: '#/components/schemas/EmailChallenge'
- $ref: '#/components/schemas/IdentificationChallenge'
- $ref: '#/components/schemas/PasswordChallenge'
- $ref: '#/components/schemas/PlexAuthenticationChallenge'
- $ref: '#/components/schemas/PromptChallenge'
- $ref: '#/components/schemas/RedirectChallenge'
- $ref: '#/components/schemas/ShellChallenge'
discriminator:
propertyName: component
mapping:
ak-stage-access-denied: '#/components/schemas/AccessDeniedChallenge'
ak-flow-sources-oauth-apple: '#/components/schemas/AppleLoginChallenge'
ak-stage-authenticator-duo: '#/components/schemas/AuthenticatorDuoChallenge'
stages/authenticator_sms: Add SMS Authenticator Stage (#1577) * stages/authenticator_sms: initial implementation Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add initial stage UI Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/elements: clear invalid state when old input was invalid but new input is correct Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: add more logic Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/user: add basic SMS settings Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: initial working version Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: add tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/flows: optimise totp password manager entry on authenticator_validation stage Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/elements: add grouping support for table Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: allow sms class in authenticator stage Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add grouping to more pages Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_validate: add SMS support Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * api: add throttling for flow executor based on session key and pending user Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web: fix style issues Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * ci: add workflow to compile backend translations Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-11 15:51:49 +00:00
ak-stage-authenticator-sms: '#/components/schemas/AuthenticatorSMSChallenge'
ak-stage-authenticator-static: '#/components/schemas/AuthenticatorStaticChallenge'
ak-stage-authenticator-totp: '#/components/schemas/AuthenticatorTOTPChallenge'
ak-stage-authenticator-validate: '#/components/schemas/AuthenticatorValidationChallenge'
ak-stage-authenticator-webauthn: '#/components/schemas/AuthenticatorWebAuthnChallenge'
ak-stage-autosubmit: '#/components/schemas/AutosubmitChallenge'
ak-stage-captcha: '#/components/schemas/CaptchaChallenge'
ak-stage-consent: '#/components/schemas/ConsentChallenge'
ak-stage-dummy: '#/components/schemas/DummyChallenge'
ak-stage-email: '#/components/schemas/EmailChallenge'
ak-stage-identification: '#/components/schemas/IdentificationChallenge'
ak-stage-password: '#/components/schemas/PasswordChallenge'
ak-flow-sources-plex: '#/components/schemas/PlexAuthenticationChallenge'
ak-stage-prompt: '#/components/schemas/PromptChallenge'
xak-flow-redirect: '#/components/schemas/RedirectChallenge'
xak-flow-shell: '#/components/schemas/ShellChallenge'
ClientTypeEnum:
enum:
- confidential
- public
type: string
Config:
type: object
description: Serialize authentik Config into DRF Object
properties:
error_reporting:
$ref: '#/components/schemas/ErrorReportingConfig'
capabilities:
type: array
items:
$ref: '#/components/schemas/CapabilitiesEnum'
cache_timeout:
type: integer
cache_timeout_flows:
type: integer
cache_timeout_policies:
type: integer
cache_timeout_reputation:
type: integer
required:
- cache_timeout
- cache_timeout_flows
- cache_timeout_policies
- cache_timeout_reputation
- capabilities
- error_reporting
ConsentChallenge:
type: object
description: Challenge info for consent screens
properties:
type:
$ref: '#/components/schemas/ChallengeChoices'
flow_info:
$ref: '#/components/schemas/ContextualFlowInfo'
component:
type: string
default: ak-stage-consent
response_errors:
type: object
additionalProperties:
type: array
items:
$ref: '#/components/schemas/ErrorDetail'
pending_user:
type: string
pending_user_avatar:
type: string
header_text:
type: string
permissions:
type: array
items:
$ref: '#/components/schemas/Permission'
required:
- header_text
- pending_user
- pending_user_avatar
- permissions
- type
ConsentChallengeResponseRequest:
type: object
description: Consent challenge response, any valid response request is valid
properties:
component:
type: string
minLength: 1
default: ak-stage-consent
ConsentStage:
type: object
description: ConsentStage Serializer
properties:
pk:
type: string
format: uuid
readOnly: true
title: Stage uuid
name:
type: string
component:
type: string
readOnly: true
verbose_name:
type: string
readOnly: true
verbose_name_plural:
type: string
readOnly: true
meta_model_name:
type: string
readOnly: true
flow_set:
type: array
items:
$ref: '#/components/schemas/Flow'
mode:
$ref: '#/components/schemas/ConsentStageModeEnum'
consent_expire_in:
type: string
title: Consent expires in
description: 'Offset after which consent expires. (Format: hours=1;minutes=2;seconds=3).'
required:
- component
- meta_model_name
- name
- pk
- verbose_name
- verbose_name_plural
ConsentStageModeEnum:
enum:
- always_require
- permanent
- expiring
type: string
ConsentStageRequest:
type: object
description: ConsentStage Serializer
properties:
name:
type: string
minLength: 1
flow_set:
type: array
items:
$ref: '#/components/schemas/FlowRequest'
mode:
$ref: '#/components/schemas/ConsentStageModeEnum'
consent_expire_in:
type: string
minLength: 1
title: Consent expires in
description: 'Offset after which consent expires. (Format: hours=1;minutes=2;seconds=3).'
required:
- name
ContextualFlowInfo:
type: object
description: Contextual flow information for a challenge
properties:
title:
type: string
background:
type: string
cancel_url:
type: string
2022-05-15 23:10:23 +00:00
layout:
$ref: '#/components/schemas/LayoutEnum'
required:
- cancel_url
2022-05-15 23:10:23 +00:00
- layout
Coordinate:
type: object
description: Coordinates for diagrams
properties:
x_cord:
type: integer
readOnly: true
y_cord:
type: integer
readOnly: true
required:
- x_cord
- y_cord
CurrentTenant:
type: object
description: Partial tenant information for styling
properties:
matched_domain:
type: string
branding_title:
type: string
branding_logo:
type: string
branding_favicon:
type: string
ui_footer_links:
type: array
items:
$ref: '#/components/schemas/FooterLink'
readOnly: true
core: customisable user settings (#2397) * tenants: add user_settings flow, add basic flow and basic new executor Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/user: use flow PromptStage instead of custom stage Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/flows: add tenant to StageHost interface Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/user: fix form missing component Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/user: re-add success message Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/user: improve support for multiple error messages Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/prompt: allow expressions in prompt placeholders Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/prompt: add tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * flows: always set pending user Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * flows: never cache stage configuration flow plans Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/user_write: fix error when pending user is anonymous user Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add checkbox for prompt placeholder expression Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * website/docs: add prompt expression docs Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/prompt: add ak-locale field type Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * tenants: fix default policy Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/user: add function to do global refresh Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/flows: fix rendering of ak-locale Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * tenants: fix default policy, add error handling to placeholder, fix locale attribute Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-02 23:13:06 +00:00
default: []
flow_authentication:
type: string
flow_invalidation:
type: string
flow_recovery:
type: string
flow_unenrollment:
type: string
core: customisable user settings (#2397) * tenants: add user_settings flow, add basic flow and basic new executor Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/user: use flow PromptStage instead of custom stage Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/flows: add tenant to StageHost interface Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/user: fix form missing component Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/user: re-add success message Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/user: improve support for multiple error messages Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/prompt: allow expressions in prompt placeholders Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/prompt: add tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * flows: always set pending user Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * flows: never cache stage configuration flow plans Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/user_write: fix error when pending user is anonymous user Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add checkbox for prompt placeholder expression Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * website/docs: add prompt expression docs Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/prompt: add ak-locale field type Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * tenants: fix default policy Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/user: add function to do global refresh Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/flows: fix rendering of ak-locale Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * tenants: fix default policy, add error handling to placeholder, fix locale attribute Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-02 23:13:06 +00:00
flow_user_settings:
type: string
required:
- branding_favicon
- branding_logo
- branding_title
- matched_domain
- ui_footer_links
DenyStage:
type: object
description: DenyStage Serializer
properties:
pk:
type: string
format: uuid
readOnly: true
title: Stage uuid
name:
type: string
component:
type: string
readOnly: true
verbose_name:
type: string
readOnly: true
verbose_name_plural:
type: string
readOnly: true
meta_model_name:
type: string
readOnly: true
flow_set:
type: array
items:
$ref: '#/components/schemas/Flow'
required:
- component
- meta_model_name
- name
- pk
- verbose_name
- verbose_name_plural
DenyStageRequest:
type: object
description: DenyStage Serializer
properties:
name:
type: string
minLength: 1
flow_set:
type: array
items:
$ref: '#/components/schemas/FlowRequest'
required:
- name
Device:
type: object
description: Serializer for Duo authenticator devices
properties:
verbose_name:
type: string
readOnly: true
verbose_name_plural:
type: string
readOnly: true
meta_model_name:
type: string
readOnly: true
pk:
type: integer
name:
type: string
type:
type: string
readOnly: true
required:
- meta_model_name
- name
- pk
- type
- verbose_name
- verbose_name_plural
DeviceChallenge:
type: object
description: Single device challenge
properties:
device_class:
type: string
device_uid:
type: string
challenge:
type: object
additionalProperties: {}
required:
- challenge
- device_class
- device_uid
stages/authenticator_sms: Add SMS Authenticator Stage (#1577) * stages/authenticator_sms: initial implementation Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add initial stage UI Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/elements: clear invalid state when old input was invalid but new input is correct Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: add more logic Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/user: add basic SMS settings Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: initial working version Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: add tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/flows: optimise totp password manager entry on authenticator_validation stage Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/elements: add grouping support for table Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: allow sms class in authenticator stage Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add grouping to more pages Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_validate: add SMS support Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * api: add throttling for flow executor based on session key and pending user Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web: fix style issues Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * ci: add workflow to compile backend translations Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-11 15:51:49 +00:00
DeviceChallengeRequest:
type: object
description: Single device challenge
properties:
device_class:
type: string
minLength: 1
stages/authenticator_sms: Add SMS Authenticator Stage (#1577) * stages/authenticator_sms: initial implementation Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add initial stage UI Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/elements: clear invalid state when old input was invalid but new input is correct Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: add more logic Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/user: add basic SMS settings Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: initial working version Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: add tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/flows: optimise totp password manager entry on authenticator_validation stage Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/elements: add grouping support for table Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: allow sms class in authenticator stage Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add grouping to more pages Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_validate: add SMS support Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * api: add throttling for flow executor based on session key and pending user Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web: fix style issues Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * ci: add workflow to compile backend translations Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-11 15:51:49 +00:00
device_uid:
type: string
minLength: 1
stages/authenticator_sms: Add SMS Authenticator Stage (#1577) * stages/authenticator_sms: initial implementation Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add initial stage UI Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/elements: clear invalid state when old input was invalid but new input is correct Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: add more logic Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/user: add basic SMS settings Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: initial working version Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: add tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/flows: optimise totp password manager entry on authenticator_validation stage Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/elements: add grouping support for table Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: allow sms class in authenticator stage Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add grouping to more pages Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_validate: add SMS support Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * api: add throttling for flow executor based on session key and pending user Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web: fix style issues Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * ci: add workflow to compile backend translations Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-11 15:51:49 +00:00
challenge:
type: object
additionalProperties: {}
required:
- challenge
- device_class
- device_uid
DeviceClassesEnum:
enum:
- static
- totp
- webauthn
- duo
stages/authenticator_sms: Add SMS Authenticator Stage (#1577) * stages/authenticator_sms: initial implementation Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add initial stage UI Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/elements: clear invalid state when old input was invalid but new input is correct Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: add more logic Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/user: add basic SMS settings Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: initial working version Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: add tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/flows: optimise totp password manager entry on authenticator_validation stage Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/elements: add grouping support for table Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: allow sms class in authenticator stage Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add grouping to more pages Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_validate: add SMS support Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * api: add throttling for flow executor based on session key and pending user Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web: fix style issues Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * ci: add workflow to compile backend translations Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-11 15:51:49 +00:00
- sms
type: string
DigestAlgorithmEnum:
enum:
- http://www.w3.org/2000/09/xmldsig#sha1
- http://www.w3.org/2001/04/xmlenc#sha256
- http://www.w3.org/2001/04/xmldsig-more#sha384
- http://www.w3.org/2001/04/xmlenc#sha512
type: string
DigitsEnum:
enum:
- 6
- 8
type: integer
DockerServiceConnection:
type: object
description: DockerServiceConnection Serializer
properties:
pk:
type: string
format: uuid
readOnly: true
title: Uuid
name:
type: string
local:
type: boolean
description: If enabled, use the local connection. Required Docker socket/Kubernetes
Integration
component:
type: string
readOnly: true
verbose_name:
type: string
readOnly: true
verbose_name_plural:
type: string
readOnly: true
meta_model_name:
type: string
readOnly: true
url:
type: string
description: Can be in the format of 'unix://<path>' when connecting to
a local docker daemon, or 'https://<hostname>:2376' when connecting to
a remote system.
tls_verification:
type: string
format: uuid
nullable: true
description: CA which the endpoint's Certificate is verified against. Can
be left empty for no validation.
tls_authentication:
type: string
format: uuid
nullable: true
description: Certificate/Key used for authentication. Can be left empty
for no authentication.
required:
- component
- meta_model_name
- name
- pk
- url
- verbose_name
- verbose_name_plural
DockerServiceConnectionRequest:
type: object
description: DockerServiceConnection Serializer
properties:
name:
type: string
minLength: 1
local:
type: boolean
description: If enabled, use the local connection. Required Docker socket/Kubernetes
Integration
url:
type: string
minLength: 1
description: Can be in the format of 'unix://<path>' when connecting to
a local docker daemon, or 'https://<hostname>:2376' when connecting to
a remote system.
tls_verification:
type: string
format: uuid
nullable: true
description: CA which the endpoint's Certificate is verified against. Can
be left empty for no validation.
tls_authentication:
type: string
format: uuid
nullable: true
description: Certificate/Key used for authentication. Can be left empty
for no authentication.
required:
- name
- url
DummyChallenge:
type: object
description: Dummy challenge
properties:
type:
$ref: '#/components/schemas/ChallengeChoices'
flow_info:
$ref: '#/components/schemas/ContextualFlowInfo'
component:
type: string
default: ak-stage-dummy
response_errors:
type: object
additionalProperties:
type: array
items:
$ref: '#/components/schemas/ErrorDetail'
required:
- type
DummyChallengeResponseRequest:
type: object
description: Dummy challenge response
properties:
component:
type: string
minLength: 1
default: ak-stage-dummy
DummyPolicy:
type: object
description: Dummy Policy Serializer
properties:
pk:
type: string
format: uuid
readOnly: true
title: Policy uuid
name:
type: string
nullable: true
execution_logging:
type: boolean
description: When this option is enabled, all executions of this policy
will be logged. By default, only execution errors are logged.
component:
type: string
readOnly: true
verbose_name:
type: string
readOnly: true
verbose_name_plural:
type: string
readOnly: true
meta_model_name:
type: string
readOnly: true
bound_to:
type: integer
readOnly: true
result:
type: boolean
wait_min:
type: integer
maximum: 2147483647
minimum: -2147483648
wait_max:
type: integer
maximum: 2147483647
minimum: -2147483648
required:
- bound_to
- component
- meta_model_name
- pk
- verbose_name
- verbose_name_plural
DummyPolicyRequest:
type: object
description: Dummy Policy Serializer
properties:
name:
type: string
nullable: true
execution_logging:
type: boolean
description: When this option is enabled, all executions of this policy
will be logged. By default, only execution errors are logged.
result:
type: boolean
wait_min:
type: integer
maximum: 2147483647
minimum: -2147483648
wait_max:
type: integer
maximum: 2147483647
minimum: -2147483648
DummyStage:
type: object
description: DummyStage Serializer
properties:
pk:
type: string
format: uuid
readOnly: true
title: Stage uuid
name:
type: string
component:
type: string
readOnly: true
verbose_name:
type: string
readOnly: true
verbose_name_plural:
type: string
readOnly: true
meta_model_name:
type: string
readOnly: true
flow_set:
type: array
items:
$ref: '#/components/schemas/Flow'
required:
- component
- meta_model_name
- name
- pk
- verbose_name
- verbose_name_plural
DummyStageRequest:
type: object
description: DummyStage Serializer
properties:
name:
type: string
minLength: 1
flow_set:
type: array
items:
$ref: '#/components/schemas/FlowRequest'
required:
- name
DuoDevice:
type: object
description: Serializer for Duo authenticator devices
properties:
pk:
type: integer
readOnly: true
title: ID
name:
type: string
description: The human-readable name of this device.
maxLength: 64
required:
- name
- pk
DuoDeviceRequest:
type: object
description: Serializer for Duo authenticator devices
properties:
name:
type: string
minLength: 1
description: The human-readable name of this device.
maxLength: 64
required:
- name
EmailChallenge:
type: object
description: Email challenge
properties:
type:
$ref: '#/components/schemas/ChallengeChoices'
flow_info:
$ref: '#/components/schemas/ContextualFlowInfo'
component:
type: string
default: ak-stage-email
response_errors:
type: object
additionalProperties:
type: array
items:
$ref: '#/components/schemas/ErrorDetail'
required:
- type
EmailChallengeResponseRequest:
type: object
description: |-
Email challenge resposen. No fields. This challenge is
always declared invalid to give the user a chance to retry
properties:
component:
type: string
minLength: 1
default: ak-stage-email
EmailStage:
type: object
description: EmailStage Serializer
properties:
pk:
type: string
format: uuid
readOnly: true
title: Stage uuid
name:
type: string
component:
type: string
readOnly: true
verbose_name:
type: string
readOnly: true
verbose_name_plural:
type: string
readOnly: true
meta_model_name:
type: string
readOnly: true
flow_set:
type: array
items:
$ref: '#/components/schemas/Flow'
use_global_settings:
type: boolean
description: When enabled, global Email connection settings will be used
and connection settings below will be ignored.
host:
type: string
port:
type: integer
maximum: 2147483647
minimum: -2147483648
username:
type: string
use_tls:
type: boolean
use_ssl:
type: boolean
timeout:
type: integer
maximum: 2147483647
minimum: -2147483648
from_address:
type: string
format: email
maxLength: 254
token_expiry:
type: integer
maximum: 2147483647
minimum: -2147483648
description: Time in minutes the token sent is valid.
subject:
type: string
template:
type: string
activate_user_on_success:
type: boolean
description: Activate users upon completion of stage.
required:
- component
- meta_model_name
- name
- pk
- verbose_name
- verbose_name_plural
EmailStageRequest:
type: object
description: EmailStage Serializer
properties:
name:
type: string
minLength: 1
flow_set:
type: array
items:
$ref: '#/components/schemas/FlowRequest'
use_global_settings:
type: boolean
description: When enabled, global Email connection settings will be used
and connection settings below will be ignored.
host:
type: string
minLength: 1
port:
type: integer
maximum: 2147483647
minimum: -2147483648
username:
type: string
password:
type: string
writeOnly: true
use_tls:
type: boolean
use_ssl:
type: boolean
timeout:
type: integer
maximum: 2147483647
minimum: -2147483648
from_address:
type: string
format: email
minLength: 1
maxLength: 254
token_expiry:
type: integer
maximum: 2147483647
minimum: -2147483648
description: Time in minutes the token sent is valid.
subject:
type: string
minLength: 1
template:
type: string
minLength: 1
activate_user_on_success:
type: boolean
description: Activate users upon completion of stage.
required:
- name
ErrorDetail:
type: object
description: Serializer for rest_framework's error messages
properties:
string:
type: string
code:
type: string
required:
- code
- string
ErrorReportingConfig:
type: object
description: Config for error reporting
properties:
enabled:
type: boolean
readOnly: true
environment:
type: string
readOnly: true
send_pii:
type: boolean
readOnly: true
traces_sample_rate:
type: number
format: double
readOnly: true
required:
- enabled
- environment
- send_pii
- traces_sample_rate
Event:
type: object
description: Event Serializer
properties:
pk:
type: string
format: uuid
readOnly: true
title: Event uuid
user:
type: object
additionalProperties: {}
action:
$ref: '#/components/schemas/EventActions'
app:
type: string
context:
type: object
additionalProperties: {}
client_ip:
type: string
nullable: true
created:
type: string
format: date-time
readOnly: true
expires:
type: string
format: date-time
tenant:
type: object
additionalProperties: {}
required:
- action
- app
- created
- pk
EventActions:
enum:
- login
- login_failed
- logout
- user_write
- suspicious_request
- password_set
- secret_view
- secret_rotate
- invitation_used
- authorize_application
- source_linked
- impersonation_started
- impersonation_ended
- flow_execution
- policy_execution
- policy_exception
- property_mapping_exception
- system_task_execution
- system_task_exception
- system_exception
- configuration_error
- model_created
- model_updated
- model_deleted
- email_sent
- update_available
- custom_
type: string
EventMatcherPolicy:
type: object
description: Event Matcher Policy Serializer
properties:
pk:
type: string
format: uuid
readOnly: true
title: Policy uuid
name:
type: string
nullable: true
execution_logging:
type: boolean
description: When this option is enabled, all executions of this policy
will be logged. By default, only execution errors are logged.
component:
type: string
readOnly: true
verbose_name:
type: string
readOnly: true
verbose_name_plural:
type: string
readOnly: true
meta_model_name:
type: string
readOnly: true
bound_to:
type: integer
readOnly: true
action:
allOf:
- $ref: '#/components/schemas/EventActions'
description: Match created events with this action type. When left empty,
all action types will be matched.
client_ip:
type: string
description: Matches Event's Client IP (strict matching, for network matching
use an Expression Policy)
app:
allOf:
- $ref: '#/components/schemas/AppEnum'
description: Match events created by selected application. When left empty,
all applications are matched.
required:
- bound_to
- component
- meta_model_name
- pk
- verbose_name
- verbose_name_plural
EventMatcherPolicyRequest:
type: object
description: Event Matcher Policy Serializer
properties:
name:
type: string
nullable: true
execution_logging:
type: boolean
description: When this option is enabled, all executions of this policy
will be logged. By default, only execution errors are logged.
action:
allOf:
- $ref: '#/components/schemas/EventActions'
description: Match created events with this action type. When left empty,
all action types will be matched.
client_ip:
type: string
description: Matches Event's Client IP (strict matching, for network matching
use an Expression Policy)
app:
allOf:
- $ref: '#/components/schemas/AppEnum'
description: Match events created by selected application. When left empty,
all applications are matched.
EventRequest:
type: object
description: Event Serializer
properties:
user:
type: object
additionalProperties: {}
action:
$ref: '#/components/schemas/EventActions'
app:
type: string
minLength: 1
context:
type: object
additionalProperties: {}
client_ip:
type: string
nullable: true
minLength: 1
expires:
type: string
format: date-time
tenant:
type: object
additionalProperties: {}
required:
- action
- app
EventTopPerUser:
type: object
description: Response object of Event's top_per_user
properties:
application:
type: object
additionalProperties: {}
counted_events:
type: integer
unique_users:
type: integer
required:
- application
- counted_events
- unique_users
ExpiringBaseGrantModel:
type: object
description: Serializer for BaseGrantModel and ExpiringBaseGrant
properties:
pk:
type: integer
readOnly: true
title: ID
provider:
$ref: '#/components/schemas/OAuth2Provider'
user:
$ref: '#/components/schemas/User'
is_expired:
type: boolean
readOnly: true
expires:
type: string
format: date-time
scope:
type: array
items:
type: string
required:
- is_expired
- pk
- provider
- scope
- user
ExpressionPolicy:
type: object
description: Group Membership Policy Serializer
properties:
pk:
type: string
format: uuid
readOnly: true
title: Policy uuid
name:
type: string
nullable: true
execution_logging:
type: boolean
description: When this option is enabled, all executions of this policy
will be logged. By default, only execution errors are logged.
component:
type: string
readOnly: true
verbose_name:
type: string
readOnly: true
verbose_name_plural:
type: string
readOnly: true
meta_model_name:
type: string
readOnly: true
bound_to:
type: integer
readOnly: true
expression:
type: string
required:
- bound_to
- component
- expression
- meta_model_name
- pk
- verbose_name
- verbose_name_plural
ExpressionPolicyRequest:
type: object
description: Group Membership Policy Serializer
properties:
name:
type: string
nullable: true
execution_logging:
type: boolean
description: When this option is enabled, all executions of this policy
will be logged. By default, only execution errors are logged.
expression:
type: string
minLength: 1
required:
- expression
FilePathRequest:
type: object
description: Serializer to upload file
properties:
url:
type: string
minLength: 1
required:
- url
FileUploadRequest:
type: object
description: Serializer to upload file
properties:
file:
type: string
format: binary
clear:
type: boolean
default: false
Flow:
type: object
description: Flow Serializer
properties:
pk:
type: string
format: uuid
readOnly: true
title: Flow uuid
policybindingmodel_ptr_id:
type: string
format: uuid
readOnly: true
name:
type: string
slug:
type: string
description: Visible in the URL.
maxLength: 50
pattern: ^[-a-zA-Z0-9_]+$
title:
type: string
description: Shown as the Title in Flow pages.
designation:
allOf:
- $ref: '#/components/schemas/FlowDesignationEnum'
description: Decides what this Flow is used for. For example, the Authentication
flow is redirect to when an un-authenticated user visits authentik.
background:
type: string
readOnly: true
stages:
type: array
items:
type: string
format: uuid
readOnly: true
policies:
type: array
items:
type: string
format: uuid
readOnly: true
cache_count:
type: integer
readOnly: true
policy_engine_mode:
$ref: '#/components/schemas/PolicyEngineMode'
compatibility_mode:
type: boolean
description: Enable compatibility mode, increases compatibility with password
managers on mobile devices.
export_url:
type: string
readOnly: true
2022-05-15 23:10:23 +00:00
layout:
$ref: '#/components/schemas/LayoutEnum'
required:
- background
- cache_count
- designation
- export_url
- name
- pk
- policies
- policybindingmodel_ptr_id
- slug
- stages
- title
FlowChallengeResponseRequest:
oneOf:
- $ref: '#/components/schemas/AppleChallengeResponseRequest'
- $ref: '#/components/schemas/AuthenticatorDuoChallengeResponseRequest'
stages/authenticator_sms: Add SMS Authenticator Stage (#1577) * stages/authenticator_sms: initial implementation Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add initial stage UI Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/elements: clear invalid state when old input was invalid but new input is correct Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: add more logic Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/user: add basic SMS settings Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: initial working version Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: add tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/flows: optimise totp password manager entry on authenticator_validation stage Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/elements: add grouping support for table Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: allow sms class in authenticator stage Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add grouping to more pages Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_validate: add SMS support Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * api: add throttling for flow executor based on session key and pending user Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web: fix style issues Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * ci: add workflow to compile backend translations Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-11 15:51:49 +00:00
- $ref: '#/components/schemas/AuthenticatorSMSChallengeResponseRequest'
- $ref: '#/components/schemas/AuthenticatorStaticChallengeResponseRequest'
- $ref: '#/components/schemas/AuthenticatorTOTPChallengeResponseRequest'
- $ref: '#/components/schemas/AuthenticatorValidationChallengeResponseRequest'
- $ref: '#/components/schemas/AuthenticatorWebAuthnChallengeResponseRequest'
- $ref: '#/components/schemas/AutoSubmitChallengeResponseRequest'
- $ref: '#/components/schemas/CaptchaChallengeResponseRequest'
- $ref: '#/components/schemas/ConsentChallengeResponseRequest'
- $ref: '#/components/schemas/DummyChallengeResponseRequest'
- $ref: '#/components/schemas/EmailChallengeResponseRequest'
- $ref: '#/components/schemas/IdentificationChallengeResponseRequest'
- $ref: '#/components/schemas/PasswordChallengeResponseRequest'
- $ref: '#/components/schemas/PlexAuthenticationChallengeResponseRequest'
- $ref: '#/components/schemas/PromptChallengeResponseRequest'
discriminator:
propertyName: component
mapping:
ak-flow-sources-oauth-apple: '#/components/schemas/AppleChallengeResponseRequest'
ak-stage-authenticator-duo: '#/components/schemas/AuthenticatorDuoChallengeResponseRequest'
stages/authenticator_sms: Add SMS Authenticator Stage (#1577) * stages/authenticator_sms: initial implementation Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add initial stage UI Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/elements: clear invalid state when old input was invalid but new input is correct Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: add more logic Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/user: add basic SMS settings Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: initial working version Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: add tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/flows: optimise totp password manager entry on authenticator_validation stage Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/elements: add grouping support for table Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: allow sms class in authenticator stage Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add grouping to more pages Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_validate: add SMS support Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * api: add throttling for flow executor based on session key and pending user Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web: fix style issues Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * ci: add workflow to compile backend translations Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-11 15:51:49 +00:00
ak-stage-authenticator-sms: '#/components/schemas/AuthenticatorSMSChallengeResponseRequest'
ak-stage-authenticator-static: '#/components/schemas/AuthenticatorStaticChallengeResponseRequest'
ak-stage-authenticator-totp: '#/components/schemas/AuthenticatorTOTPChallengeResponseRequest'
ak-stage-authenticator-validate: '#/components/schemas/AuthenticatorValidationChallengeResponseRequest'
ak-stage-authenticator-webauthn: '#/components/schemas/AuthenticatorWebAuthnChallengeResponseRequest'
ak-stage-autosubmit: '#/components/schemas/AutoSubmitChallengeResponseRequest'
ak-stage-captcha: '#/components/schemas/CaptchaChallengeResponseRequest'
ak-stage-consent: '#/components/schemas/ConsentChallengeResponseRequest'
ak-stage-dummy: '#/components/schemas/DummyChallengeResponseRequest'
ak-stage-email: '#/components/schemas/EmailChallengeResponseRequest'
ak-stage-identification: '#/components/schemas/IdentificationChallengeResponseRequest'
ak-stage-password: '#/components/schemas/PasswordChallengeResponseRequest'
ak-flow-sources-plex: '#/components/schemas/PlexAuthenticationChallengeResponseRequest'
ak-stage-prompt: '#/components/schemas/PromptChallengeResponseRequest'
FlowDesignationEnum:
enum:
- authentication
- authorization
- invalidation
- enrollment
- unenrollment
- recovery
- stage_configuration
type: string
FlowDiagram:
type: object
description: response of the flow's diagram action
properties:
diagram:
type: string
readOnly: true
required:
- diagram
flows: inspector (#1469) * flows: add initial inspector Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * flows: change naming a bit Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/flow: add inspector frame Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * core: don't use shadydom when inspecting Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * flows: add current stage to api Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/*: fix imports Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * flows: deep-copy plan instead of just adding Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/flows: ui Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * flows: restrict inspector to admin Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add buttons to launch flow with inspector Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/flows: don't automatically follow redirects when inspector is open Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * flows: make current_plan optional, only require historry Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/flows: handle error messages in inspector Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/flows: improve UI when flow is done Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * flows: add is_completed flag to inspector Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * flows: fix monkeypatches for tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * flows: add inspector tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * ci: re-enable cache Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-28 07:36:48 +00:00
FlowInspection:
type: object
description: Serializer for inspect endpoint
properties:
plans:
type: array
items:
$ref: '#/components/schemas/FlowInspectorPlan'
current_plan:
$ref: '#/components/schemas/FlowInspectorPlan'
is_completed:
type: boolean
required:
- is_completed
- plans
FlowInspectorPlan:
type: object
description: Serializer for an active FlowPlan
properties:
current_stage:
allOf:
- $ref: '#/components/schemas/FlowStageBinding'
readOnly: true
next_planned_stage:
allOf:
- $ref: '#/components/schemas/FlowStageBinding'
readOnly: true
plan_context:
type: object
additionalProperties: {}
readOnly: true
session_id:
type: string
readOnly: true
required:
- current_stage
- next_planned_stage
- plan_context
- session_id
FlowRequest:
type: object
description: Flow Serializer
properties:
name:
type: string
minLength: 1
slug:
type: string
minLength: 1
description: Visible in the URL.
maxLength: 50
pattern: ^[-a-zA-Z0-9_]+$
title:
type: string
minLength: 1
description: Shown as the Title in Flow pages.
designation:
allOf:
- $ref: '#/components/schemas/FlowDesignationEnum'
description: Decides what this Flow is used for. For example, the Authentication
flow is redirect to when an un-authenticated user visits authentik.
policy_engine_mode:
$ref: '#/components/schemas/PolicyEngineMode'
compatibility_mode:
type: boolean
description: Enable compatibility mode, increases compatibility with password
managers on mobile devices.
2022-05-15 23:10:23 +00:00
layout:
$ref: '#/components/schemas/LayoutEnum'
required:
- designation
- name
- slug
- title
FlowStageBinding:
type: object
description: FlowStageBinding Serializer
properties:
pk:
type: string
format: uuid
readOnly: true
title: Fsb uuid
policybindingmodel_ptr_id:
type: string
format: uuid
readOnly: true
target:
type: string
format: uuid
stage:
type: string
format: uuid
stage_obj:
allOf:
- $ref: '#/components/schemas/Stage'
readOnly: true
evaluate_on_plan:
type: boolean
description: Evaluate policies during the Flow planning process. Disable
this for input-based policies.
re_evaluate_policies:
type: boolean
description: Evaluate policies when the Stage is present to the user.
order:
type: integer
maximum: 2147483647
minimum: -2147483648
policy_engine_mode:
$ref: '#/components/schemas/PolicyEngineMode'
invalid_response_action:
allOf:
- $ref: '#/components/schemas/InvalidResponseActionEnum'
description: Configure how the flow executor should handle an invalid response
to a challenge. RETRY returns the error message and a similar challenge
to the executor. RESTART restarts the flow from the beginning, and RESTART_WITH_CONTEXT
restarts the flow while keeping the current context.
required:
- order
- pk
- policybindingmodel_ptr_id
- stage
- stage_obj
- target
FlowStageBindingRequest:
type: object
description: FlowStageBinding Serializer
properties:
target:
type: string
format: uuid
stage:
type: string
format: uuid
evaluate_on_plan:
type: boolean
description: Evaluate policies during the Flow planning process. Disable
this for input-based policies.
re_evaluate_policies:
type: boolean
description: Evaluate policies when the Stage is present to the user.
order:
type: integer
maximum: 2147483647
minimum: -2147483648
policy_engine_mode:
$ref: '#/components/schemas/PolicyEngineMode'
invalid_response_action:
allOf:
- $ref: '#/components/schemas/InvalidResponseActionEnum'
description: Configure how the flow executor should handle an invalid response
to a challenge. RETRY returns the error message and a similar challenge
to the executor. RESTART restarts the flow from the beginning, and RESTART_WITH_CONTEXT
restarts the flow while keeping the current context.
required:
- order
- stage
- target
FooterLink:
type: object
description: Links returned in Config API
properties:
href:
type: string
readOnly: true
name:
type: string
readOnly: true
required:
- href
- name
GenericError:
type: object
description: Generic API Error
properties:
detail:
type: string
code:
type: string
required:
- detail
Group:
type: object
description: Group Serializer
properties:
pk:
type: string
format: uuid
readOnly: true
title: Group uuid
num_pk:
type: integer
readOnly: true
name:
type: string
maxLength: 80
is_superuser:
type: boolean
description: Users added to this group will be superusers.
parent:
type: string
format: uuid
nullable: true
parent_name:
type: string
readOnly: true
users:
type: array
items:
type: integer
attributes:
type: object
additionalProperties: {}
2021-07-13 16:24:18 +00:00
users_obj:
type: array
items:
$ref: '#/components/schemas/GroupMember'
readOnly: true
required:
- name
- num_pk
- parent
- parent_name
- pk
- users
2021-07-13 16:24:18 +00:00
- users_obj
GroupMember:
type: object
description: Stripped down user serializer to show relevant users for groups
properties:
pk:
type: integer
readOnly: true
title: ID
username:
type: string
description: Required. 150 characters or fewer. Letters, digits and @/./+/-/_
only.
pattern: ^[\w.@+-]+$
maxLength: 150
name:
type: string
description: User's display name.
is_active:
type: boolean
title: Active
description: Designates whether this user should be treated as active. Unselect
this instead of deleting accounts.
last_login:
type: string
format: date-time
nullable: true
email:
type: string
format: email
title: Email address
maxLength: 254
avatar:
type: string
readOnly: true
attributes:
type: object
additionalProperties: {}
uid:
type: string
readOnly: true
required:
- avatar
- name
- pk
- uid
- username
GroupMemberRequest:
type: object
description: Stripped down user serializer to show relevant users for groups
properties:
username:
type: string
minLength: 1
2021-07-13 16:24:18 +00:00
description: Required. 150 characters or fewer. Letters, digits and @/./+/-/_
only.
pattern: ^[\w.@+-]+$
maxLength: 150
name:
type: string
minLength: 1
2021-07-13 16:24:18 +00:00
description: User's display name.
is_active:
type: boolean
title: Active
description: Designates whether this user should be treated as active. Unselect
this instead of deleting accounts.
last_login:
type: string
format: date-time
nullable: true
email:
type: string
format: email
title: Email address
maxLength: 254
attributes:
type: object
additionalProperties: {}
required:
- name
- username
GroupRequest:
type: object
description: Group Serializer
properties:
name:
type: string
minLength: 1
maxLength: 80
is_superuser:
type: boolean
description: Users added to this group will be superusers.
parent:
type: string
format: uuid
nullable: true
users:
type: array
items:
type: integer
attributes:
type: object
additionalProperties: {}
required:
- name
- parent
- users
HaveIBeenPwendPolicy:
type: object
description: Have I Been Pwned Policy Serializer
properties:
pk:
type: string
format: uuid
readOnly: true
title: Policy uuid
name:
type: string
nullable: true
execution_logging:
type: boolean
description: When this option is enabled, all executions of this policy
will be logged. By default, only execution errors are logged.
component:
type: string
readOnly: true
verbose_name:
type: string
readOnly: true
verbose_name_plural:
type: string
readOnly: true
meta_model_name:
type: string
readOnly: true
bound_to:
type: integer
readOnly: true
password_field:
type: string
description: Field key to check, field keys defined in Prompt stages are
available.
allowed_count:
type: integer
maximum: 2147483647
minimum: -2147483648
required:
- bound_to
- component
- meta_model_name
- pk
- verbose_name
- verbose_name_plural
HaveIBeenPwendPolicyRequest:
type: object
description: Have I Been Pwned Policy Serializer
properties:
name:
type: string
nullable: true
execution_logging:
type: boolean
description: When this option is enabled, all executions of this policy
will be logged. By default, only execution errors are logged.
password_field:
type: string
minLength: 1
description: Field key to check, field keys defined in Prompt stages are
available.
allowed_count:
type: integer
maximum: 2147483647
minimum: -2147483648
IdentificationChallenge:
type: object
description: Identification challenges with all UI elements
properties:
type:
$ref: '#/components/schemas/ChallengeChoices'
flow_info:
$ref: '#/components/schemas/ContextualFlowInfo'
component:
type: string
default: ak-stage-identification
response_errors:
type: object
additionalProperties:
type: array
items:
$ref: '#/components/schemas/ErrorDetail'
user_fields:
type: array
items:
type: string
nullable: true
password_fields:
type: boolean
application_pre:
type: string
enroll_url:
type: string
recovery_url:
type: string
passwordless_url:
type: string
primary_action:
type: string
sources:
type: array
items:
$ref: '#/components/schemas/LoginSource'
show_source_labels:
type: boolean
required:
- password_fields
- primary_action
- show_source_labels
- type
- user_fields
IdentificationChallengeResponseRequest:
type: object
description: Identification challenge
properties:
component:
type: string
minLength: 1
default: ak-stage-identification
uid_field:
type: string
minLength: 1
password:
type: string
nullable: true
required:
- uid_field
IdentificationStage:
type: object
description: IdentificationStage Serializer
properties:
pk:
type: string
format: uuid
readOnly: true
title: Stage uuid
name:
type: string
component:
type: string
readOnly: true
verbose_name:
type: string
readOnly: true
verbose_name_plural:
type: string
readOnly: true
meta_model_name:
type: string
readOnly: true
flow_set:
type: array
items:
$ref: '#/components/schemas/Flow'
user_fields:
type: array
items:
$ref: '#/components/schemas/UserFieldsEnum'
description: Fields of the user object to match against. (Hold shift to
select multiple options)
password_stage:
type: string
format: uuid
nullable: true
description: When set, shows a password field, instead of showing the password
field as seaprate step.
case_insensitive_matching:
type: boolean
description: When enabled, user fields are matched regardless of their casing.
show_matched_user:
type: boolean
description: When a valid username/email has been entered, and this option
is enabled, the user's username and avatar will be shown. Otherwise, the
text that the user entered will be shown
enrollment_flow:
type: string
format: uuid
nullable: true
description: Optional enrollment flow, which is linked at the bottom of
the page.
recovery_flow:
type: string
format: uuid
nullable: true
description: Optional recovery flow, which is linked at the bottom of the
page.
passwordless_flow:
type: string
format: uuid
nullable: true
description: Optional passwordless flow, which is linked at the bottom of
the page.
sources:
type: array
items:
type: string
format: uuid
description: Specify which sources should be shown.
show_source_labels:
type: boolean
required:
- component
- meta_model_name
- name
- pk
- verbose_name
- verbose_name_plural
IdentificationStageRequest:
type: object
description: IdentificationStage Serializer
properties:
name:
type: string
minLength: 1
flow_set:
type: array
items:
$ref: '#/components/schemas/FlowRequest'
user_fields:
type: array
items:
$ref: '#/components/schemas/UserFieldsEnum'
description: Fields of the user object to match against. (Hold shift to
select multiple options)
password_stage:
type: string
format: uuid
nullable: true
description: When set, shows a password field, instead of showing the password
field as seaprate step.
case_insensitive_matching:
type: boolean
description: When enabled, user fields are matched regardless of their casing.
show_matched_user:
type: boolean
description: When a valid username/email has been entered, and this option
is enabled, the user's username and avatar will be shown. Otherwise, the
text that the user entered will be shown
enrollment_flow:
type: string
format: uuid
nullable: true
description: Optional enrollment flow, which is linked at the bottom of
the page.
recovery_flow:
type: string
format: uuid
nullable: true
description: Optional recovery flow, which is linked at the bottom of the
page.
passwordless_flow:
type: string
format: uuid
nullable: true
description: Optional passwordless flow, which is linked at the bottom of
the page.
sources:
type: array
items:
type: string
format: uuid
description: Specify which sources should be shown.
show_source_labels:
type: boolean
required:
- name
IntentEnum:
enum:
- verification
- api
- recovery
- app_password
type: string
InvalidResponseActionEnum:
enum:
- retry
- restart
- restart_with_context
type: string
Invitation:
type: object
description: Invitation Serializer
properties:
pk:
type: string
format: uuid
readOnly: true
title: Invite uuid
name:
type: string
maxLength: 50
pattern: ^[-a-zA-Z0-9_]+$
expires:
type: string
format: date-time
fixed_data:
type: object
additionalProperties: {}
created_by:
allOf:
- $ref: '#/components/schemas/GroupMember'
readOnly: true
single_use:
type: boolean
description: When enabled, the invitation will be deleted after usage.
required:
- created_by
- name
- pk
InvitationRequest:
type: object
description: Invitation Serializer
properties:
name:
type: string
minLength: 1
maxLength: 50
pattern: ^[-a-zA-Z0-9_]+$
expires:
type: string
format: date-time
fixed_data:
type: object
additionalProperties: {}
single_use:
type: boolean
description: When enabled, the invitation will be deleted after usage.
required:
- name
InvitationStage:
type: object
description: InvitationStage Serializer
properties:
pk:
type: string
format: uuid
readOnly: true
title: Stage uuid
name:
type: string
component:
type: string
readOnly: true
verbose_name:
type: string
readOnly: true
verbose_name_plural:
type: string
readOnly: true
meta_model_name:
type: string
readOnly: true
flow_set:
type: array
items:
$ref: '#/components/schemas/Flow'
continue_flow_without_invitation:
type: boolean
description: If this flag is set, this Stage will jump to the next Stage
when no Invitation is given. By default this Stage will cancel the Flow
when no invitation is given.
required:
- component
- meta_model_name
- name
- pk
- verbose_name
- verbose_name_plural
InvitationStageRequest:
type: object
description: InvitationStage Serializer
properties:
name:
type: string
minLength: 1
flow_set:
type: array
items:
$ref: '#/components/schemas/FlowRequest'
continue_flow_without_invitation:
type: boolean
description: If this flag is set, this Stage will jump to the next Stage
when no Invitation is given. By default this Stage will cancel the Flow
when no invitation is given.
required:
- name
IssuerModeEnum:
enum:
- global
- per_provider
type: string
KubernetesServiceConnection:
type: object
description: KubernetesServiceConnection Serializer
properties:
pk:
type: string
format: uuid
readOnly: true
title: Uuid
name:
type: string
local:
type: boolean
description: If enabled, use the local connection. Required Docker socket/Kubernetes
Integration
component:
type: string
readOnly: true
verbose_name:
type: string
readOnly: true
verbose_name_plural:
type: string
readOnly: true
meta_model_name:
type: string
readOnly: true
kubeconfig:
type: object
additionalProperties: {}
description: Paste your kubeconfig here. authentik will automatically use
the currently selected context.
required:
- component
- meta_model_name
- name
- pk
- verbose_name
- verbose_name_plural
KubernetesServiceConnectionRequest:
type: object
description: KubernetesServiceConnection Serializer
properties:
name:
type: string
minLength: 1
local:
type: boolean
description: If enabled, use the local connection. Required Docker socket/Kubernetes
Integration
kubeconfig:
type: object
additionalProperties: {}
description: Paste your kubeconfig here. authentik will automatically use
the currently selected context.
required:
- name
LDAPAPIAccessMode:
enum:
- direct
- cached
type: string
LDAPOutpostConfig:
type: object
description: LDAPProvider Serializer
properties:
pk:
type: integer
readOnly: true
title: ID
name:
type: string
base_dn:
type: string
description: DN under which objects are accessible.
bind_flow_slug:
type: string
application_slug:
type: string
search_group:
type: string
format: uuid
nullable: true
description: Users in this group can do search queries. If not set, every
user can execute search queries.
2021-07-13 16:24:18 +00:00
certificate:
type: string
format: uuid
nullable: true
tls_server_name:
type: string
2021-07-14 07:17:01 +00:00
uid_start_number:
type: integer
maximum: 2147483647
minimum: -2147483648
description: The start for uidNumbers, this number is added to the user.Pk
to make sure that the numbers aren't too low for POSIX users. Default
is 2000 to ensure that we don't collide with local users uidNumber
2021-07-14 07:17:01 +00:00
gid_start_number:
type: integer
maximum: 2147483647
minimum: -2147483648
description: The start for gidNumbers, this number is added to a number
generated from the group.Pk to make sure that the numbers aren't too low
for POSIX groups. Default is 4000 to ensure that we don't collide with
local groups or users primary groups gidNumber
search_mode:
$ref: '#/components/schemas/LDAPAPIAccessMode'
bind_mode:
$ref: '#/components/schemas/LDAPAPIAccessMode'
required:
- application_slug
- bind_flow_slug
- name
- pk
LDAPPropertyMapping:
type: object
description: LDAP PropertyMapping Serializer
properties:
pk:
type: string
format: uuid
readOnly: true
title: Pm uuid
managed:
type: string
nullable: true
title: Managed by authentik
description: Objects which are managed by authentik. These objects are created
and updated automatically. This is flag only indicates that an object
can be overwritten by migrations. You can still modify the objects via
the API, but expect changes to be overwritten in a later update.
name:
type: string
expression:
type: string
component:
type: string
readOnly: true
verbose_name:
type: string
readOnly: true
verbose_name_plural:
type: string
readOnly: true
meta_model_name:
type: string
readOnly: true
object_field:
type: string
required:
- component
- expression
- meta_model_name
- name
- object_field
- pk
- verbose_name
- verbose_name_plural
LDAPPropertyMappingRequest:
type: object
description: LDAP PropertyMapping Serializer
properties:
managed:
type: string
nullable: true
minLength: 1
title: Managed by authentik
description: Objects which are managed by authentik. These objects are created
and updated automatically. This is flag only indicates that an object
can be overwritten by migrations. You can still modify the objects via
the API, but expect changes to be overwritten in a later update.
name:
type: string
minLength: 1
expression:
type: string
minLength: 1
object_field:
type: string
minLength: 1
required:
- expression
- name
- object_field
LDAPProvider:
type: object
description: LDAPProvider Serializer
properties:
pk:
type: integer
readOnly: true
title: ID
name:
type: string
authorization_flow:
type: string
format: uuid
description: Flow used when authorizing this provider.
property_mappings:
type: array
items:
type: string
format: uuid
component:
type: string
readOnly: true
assigned_application_slug:
type: string
description: Internal application name, used in URLs.
readOnly: true
assigned_application_name:
type: string
description: Application's display Name.
readOnly: true
verbose_name:
type: string
readOnly: true
verbose_name_plural:
type: string
readOnly: true
meta_model_name:
type: string
readOnly: true
base_dn:
type: string
description: DN under which objects are accessible.
search_group:
type: string
format: uuid
nullable: true
description: Users in this group can do search queries. If not set, every
user can execute search queries.
2021-07-13 16:24:18 +00:00
certificate:
type: string
format: uuid
nullable: true
tls_server_name:
type: string
2021-07-14 07:17:01 +00:00
uid_start_number:
type: integer
maximum: 2147483647
minimum: -2147483648
description: The start for uidNumbers, this number is added to the user.Pk
to make sure that the numbers aren't too low for POSIX users. Default
is 2000 to ensure that we don't collide with local users uidNumber
2021-07-14 07:17:01 +00:00
gid_start_number:
type: integer
maximum: 2147483647
minimum: -2147483648
description: The start for gidNumbers, this number is added to a number
generated from the group.Pk to make sure that the numbers aren't too low
for POSIX groups. Default is 4000 to ensure that we don't collide with
local groups or users primary groups gidNumber
outpost_set:
type: array
items:
type: string
readOnly: true
search_mode:
$ref: '#/components/schemas/LDAPAPIAccessMode'
bind_mode:
$ref: '#/components/schemas/LDAPAPIAccessMode'
required:
- assigned_application_name
- assigned_application_slug
- authorization_flow
- component
- meta_model_name
- name
- outpost_set
- pk
- verbose_name
- verbose_name_plural
LDAPProviderRequest:
type: object
description: LDAPProvider Serializer
properties:
name:
type: string
minLength: 1
authorization_flow:
type: string
format: uuid
description: Flow used when authorizing this provider.
property_mappings:
type: array
items:
type: string
format: uuid
base_dn:
type: string
minLength: 1
description: DN under which objects are accessible.
search_group:
type: string
format: uuid
nullable: true
description: Users in this group can do search queries. If not set, every
user can execute search queries.
2021-07-13 16:24:18 +00:00
certificate:
type: string
format: uuid
nullable: true
tls_server_name:
type: string
2021-07-14 07:17:01 +00:00
uid_start_number:
type: integer
maximum: 2147483647
minimum: -2147483648
description: The start for uidNumbers, this number is added to the user.Pk
to make sure that the numbers aren't too low for POSIX users. Default
is 2000 to ensure that we don't collide with local users uidNumber
2021-07-14 07:17:01 +00:00
gid_start_number:
type: integer
maximum: 2147483647
minimum: -2147483648
description: The start for gidNumbers, this number is added to a number
generated from the group.Pk to make sure that the numbers aren't too low
for POSIX groups. Default is 4000 to ensure that we don't collide with
local groups or users primary groups gidNumber
search_mode:
$ref: '#/components/schemas/LDAPAPIAccessMode'
bind_mode:
$ref: '#/components/schemas/LDAPAPIAccessMode'
required:
- authorization_flow
- name
LDAPSource:
type: object
description: LDAP Source Serializer
properties:
pk:
type: string
format: uuid
readOnly: true
title: Pbm uuid
name:
type: string
description: Source's display Name.
slug:
type: string
description: Internal source name, used in URLs.
maxLength: 50
pattern: ^[-a-zA-Z0-9_]+$
enabled:
type: boolean
authentication_flow:
type: string
format: uuid
nullable: true
description: Flow to use when authenticating existing users.
enrollment_flow:
type: string
format: uuid
nullable: true
description: Flow to use when enrolling new users.
component:
type: string
readOnly: true
verbose_name:
type: string
readOnly: true
verbose_name_plural:
type: string
readOnly: true
meta_model_name:
type: string
readOnly: true
policy_engine_mode:
$ref: '#/components/schemas/PolicyEngineMode'
user_matching_mode:
allOf:
- $ref: '#/components/schemas/UserMatchingModeEnum'
description: How the source determines if an existing user should be authenticated
or a new user enrolled.
server_uri:
type: string
format: uri
peer_certificate:
type: string
format: uuid
nullable: true
description: Optionally verify the LDAP Server's Certificate against the
CA Chain in this keypair.
bind_cn:
type: string
start_tls:
type: boolean
title: Enable Start TLS
base_dn:
type: string
additional_user_dn:
type: string
title: Addition User DN
description: Prepended to Base DN for User-queries.
additional_group_dn:
type: string
title: Addition Group DN
description: Prepended to Base DN for Group-queries.
user_object_filter:
type: string
description: Consider Objects matching this filter to be Users.
group_object_filter:
type: string
description: Consider Objects matching this filter to be Groups.
group_membership_field:
type: string
description: Field which contains members of a group.
object_uniqueness_field:
type: string
description: Field which contains a unique Identifier.
sync_users:
type: boolean
sync_users_password:
type: boolean
description: When a user changes their password, sync it back to LDAP. This
can only be enabled on a single LDAP source.
sync_groups:
type: boolean
sync_parent_group:
type: string
format: uuid
nullable: true
property_mappings:
type: array
items:
type: string
format: uuid
property_mappings_group:
type: array
items:
type: string
format: uuid
description: Property mappings used for group creation/updating.
required:
- base_dn
- component
- meta_model_name
- name
- pk
- server_uri
- slug
- verbose_name
- verbose_name_plural
LDAPSourceRequest:
type: object
description: LDAP Source Serializer
properties:
name:
type: string
minLength: 1
description: Source's display Name.
slug:
type: string
minLength: 1
description: Internal source name, used in URLs.
maxLength: 50
pattern: ^[-a-zA-Z0-9_]+$
enabled:
type: boolean
authentication_flow:
type: string
format: uuid
nullable: true
description: Flow to use when authenticating existing users.
enrollment_flow:
type: string
format: uuid
nullable: true
description: Flow to use when enrolling new users.
policy_engine_mode:
$ref: '#/components/schemas/PolicyEngineMode'
user_matching_mode:
allOf:
- $ref: '#/components/schemas/UserMatchingModeEnum'
description: How the source determines if an existing user should be authenticated
or a new user enrolled.
server_uri:
type: string
minLength: 1
format: uri
peer_certificate:
type: string
format: uuid
nullable: true
description: Optionally verify the LDAP Server's Certificate against the
CA Chain in this keypair.
bind_cn:
type: string
bind_password:
type: string
writeOnly: true
start_tls:
type: boolean
title: Enable Start TLS
base_dn:
type: string
minLength: 1
additional_user_dn:
type: string
title: Addition User DN
description: Prepended to Base DN for User-queries.
additional_group_dn:
type: string
title: Addition Group DN
description: Prepended to Base DN for Group-queries.
user_object_filter:
type: string
minLength: 1
description: Consider Objects matching this filter to be Users.
group_object_filter:
type: string
minLength: 1
description: Consider Objects matching this filter to be Groups.
group_membership_field:
type: string
minLength: 1
description: Field which contains members of a group.
object_uniqueness_field:
type: string
minLength: 1
description: Field which contains a unique Identifier.
sync_users:
type: boolean
sync_users_password:
type: boolean
description: When a user changes their password, sync it back to LDAP. This
can only be enabled on a single LDAP source.
sync_groups:
type: boolean
sync_parent_group:
type: string
format: uuid
nullable: true
property_mappings:
type: array
items:
type: string
format: uuid
property_mappings_group:
type: array
items:
type: string
format: uuid
description: Property mappings used for group creation/updating.
required:
- base_dn
- name
- server_uri
- slug
2022-05-15 23:10:23 +00:00
LayoutEnum:
enum:
- stacked
- content_left
- content_right
- sidebar_left
- sidebar_right
type: string
Link:
type: object
description: Returns a single link
properties:
link:
type: string
required:
- link
LoginChallengeTypes:
oneOf:
- $ref: '#/components/schemas/RedirectChallenge'
- $ref: '#/components/schemas/PlexAuthenticationChallenge'
- $ref: '#/components/schemas/AppleLoginChallenge'
discriminator:
propertyName: component
mapping:
xak-flow-redirect: '#/components/schemas/RedirectChallenge'
ak-flow-sources-plex: '#/components/schemas/PlexAuthenticationChallenge'
ak-flow-sources-oauth-apple: '#/components/schemas/AppleLoginChallenge'
LoginMetrics:
type: object
description: Login Metrics per 1h
properties:
logins_per_1h:
type: array
items:
$ref: '#/components/schemas/Coordinate'
readOnly: true
logins_failed_per_1h:
type: array
items:
$ref: '#/components/schemas/Coordinate'
readOnly: true
required:
- logins_failed_per_1h
- logins_per_1h
LoginSource:
type: object
description: Serializer for Login buttons of sources
properties:
name:
type: string
icon_url:
type: string
nullable: true
challenge:
$ref: '#/components/schemas/LoginChallengeTypes'
required:
- challenge
- name
NameIdPolicyEnum:
enum:
- urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
- urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
- urn:oasis:names:tc:SAML:2.0:nameid-format:X509SubjectName
- urn:oasis:names:tc:SAML:2.0:nameid-format:WindowsDomainQualifiedName
- urn:oasis:names:tc:SAML:2.0:nameid-format:transient
type: string
NotConfiguredActionEnum:
enum:
- skip
- deny
- configure
type: string
Notification:
type: object
description: Notification Serializer
properties:
pk:
type: string
format: uuid
readOnly: true
title: Uuid
severity:
allOf:
- $ref: '#/components/schemas/SeverityEnum'
readOnly: true
body:
type: string
readOnly: true
created:
type: string
format: date-time
readOnly: true
event:
$ref: '#/components/schemas/Event'
seen:
type: boolean
required:
- body
- created
- pk
- severity
NotificationRequest:
type: object
description: Notification Serializer
properties:
event:
$ref: '#/components/schemas/EventRequest'
seen:
type: boolean
NotificationRule:
type: object
description: NotificationRule Serializer
properties:
pk:
type: string
format: uuid
readOnly: true
title: Pbm uuid
name:
type: string
transports:
type: array
items:
type: string
format: uuid
description: Select which transports should be used to notify the user.
If none are selected, the notification will only be shown in the authentik
UI.
severity:
allOf:
- $ref: '#/components/schemas/SeverityEnum'
description: Controls which severity level the created notifications will
have.
group:
type: string
format: uuid
nullable: true
description: Define which group of users this notification should be sent
and shown to. If left empty, Notification won't ben sent.
group_obj:
allOf:
- $ref: '#/components/schemas/Group'
readOnly: true
required:
- group_obj
- name
- pk
NotificationRuleRequest:
type: object
description: NotificationRule Serializer
properties:
name:
type: string
minLength: 1
transports:
type: array
items:
type: string
format: uuid
description: Select which transports should be used to notify the user.
If none are selected, the notification will only be shown in the authentik
UI.
severity:
allOf:
- $ref: '#/components/schemas/SeverityEnum'
description: Controls which severity level the created notifications will
have.
group:
type: string
format: uuid
nullable: true
description: Define which group of users this notification should be sent
and shown to. If left empty, Notification won't ben sent.
required:
- name
NotificationTransport:
type: object
description: NotificationTransport Serializer
properties:
pk:
type: string
format: uuid
readOnly: true
title: Uuid
name:
type: string
mode:
$ref: '#/components/schemas/NotificationTransportModeEnum'
mode_verbose:
type: string
readOnly: true
webhook_url:
type: string
format: uri
webhook_mapping:
type: string
format: uuid
nullable: true
send_once:
type: boolean
description: Only send notification once, for example when sending a webhook
into a chat channel.
required:
- mode_verbose
- name
- pk
NotificationTransportModeEnum:
enum:
- local
- webhook
- webhook_slack
- email
type: string
NotificationTransportRequest:
type: object
description: NotificationTransport Serializer
properties:
name:
type: string
minLength: 1
mode:
$ref: '#/components/schemas/NotificationTransportModeEnum'
webhook_url:
type: string
format: uri
webhook_mapping:
type: string
format: uuid
nullable: true
send_once:
type: boolean
description: Only send notification once, for example when sending a webhook
into a chat channel.
required:
- name
NotificationTransportTest:
type: object
description: Notification test serializer
properties:
messages:
type: array
items:
type: string
required:
- messages
NotificationWebhookMapping:
type: object
description: NotificationWebhookMapping Serializer
properties:
pk:
type: string
format: uuid
readOnly: true
title: Pm uuid
name:
type: string
expression:
type: string
required:
- expression
- name
- pk
NotificationWebhookMappingRequest:
type: object
description: NotificationWebhookMapping Serializer
properties:
name:
type: string
minLength: 1
expression:
type: string
minLength: 1
required:
- expression
- name
OAuth2Provider:
type: object
description: OAuth2Provider Serializer
properties:
pk:
type: integer
readOnly: true
title: ID
name:
type: string
authorization_flow:
type: string
format: uuid
description: Flow used when authorizing this provider.
property_mappings:
type: array
items:
type: string
format: uuid
component:
type: string
readOnly: true
assigned_application_slug:
type: string
description: Internal application name, used in URLs.
readOnly: true
assigned_application_name:
type: string
description: Application's display Name.
readOnly: true
verbose_name:
type: string
readOnly: true
verbose_name_plural:
type: string
readOnly: true
meta_model_name:
type: string
readOnly: true
client_type:
allOf:
- $ref: '#/components/schemas/ClientTypeEnum'
description: |-
Confidential clients are capable of maintaining the confidentiality
of their credentials. Public clients are incapable.
client_id:
type: string
maxLength: 255
client_secret:
type: string
maxLength: 255
access_code_validity:
type: string
description: 'Access codes not valid on or after current time + this value
(Format: hours=1;minutes=2;seconds=3).'
token_validity:
type: string
description: 'Tokens not valid on or after current time + this value (Format:
hours=1;minutes=2;seconds=3).'
include_claims_in_id_token:
type: boolean
description: Include User claims from scopes in the id_token, for applications
that don't access the userinfo endpoint.
signing_key:
type: string
format: uuid
nullable: true
description: Key used to sign the tokens. Only required when JWT Algorithm
is set to RS256.
redirect_uris:
type: string
description: Enter each URI on a new line.
sub_mode:
allOf:
- $ref: '#/components/schemas/SubModeEnum'
description: Configure what data should be used as unique User Identifier.
For most cases, the default should be fine.
issuer_mode:
allOf:
- $ref: '#/components/schemas/IssuerModeEnum'
description: Configure how the issuer field of the ID Token should be filled.
verification_keys:
type: array
items:
type: string
format: uuid
title: Allowed certificates for JWT-based client_credentials
title: Allowed certificates for JWT-based client_credentials
description: DEPRECATED. JWTs created with the configured certificates can
authenticate with this provider.
jwks_sources:
type: array
items:
type: string
format: uuid
title: Any JWT signed by the JWK of the selected source can be used to
authenticate.
title: Any JWT signed by the JWK of the selected source can be used to authenticate.
required:
- assigned_application_name
- assigned_application_slug
- authorization_flow
- component
- meta_model_name
- name
- pk
- verbose_name
- verbose_name_plural
OAuth2ProviderRequest:
type: object
description: OAuth2Provider Serializer
properties:
name:
type: string
minLength: 1
authorization_flow:
type: string
format: uuid
description: Flow used when authorizing this provider.
property_mappings:
type: array
items:
type: string
format: uuid
client_type:
allOf:
- $ref: '#/components/schemas/ClientTypeEnum'
description: |-
Confidential clients are capable of maintaining the confidentiality
of their credentials. Public clients are incapable.
client_id:
type: string
minLength: 1
maxLength: 255
client_secret:
type: string
maxLength: 255
access_code_validity:
type: string
minLength: 1
description: 'Access codes not valid on or after current time + this value
(Format: hours=1;minutes=2;seconds=3).'
token_validity:
type: string
minLength: 1
description: 'Tokens not valid on or after current time + this value (Format:
hours=1;minutes=2;seconds=3).'
include_claims_in_id_token:
type: boolean
description: Include User claims from scopes in the id_token, for applications
that don't access the userinfo endpoint.
signing_key:
type: string
format: uuid
nullable: true
description: Key used to sign the tokens. Only required when JWT Algorithm
is set to RS256.
redirect_uris:
type: string
description: Enter each URI on a new line.
sub_mode:
allOf:
- $ref: '#/components/schemas/SubModeEnum'
description: Configure what data should be used as unique User Identifier.
For most cases, the default should be fine.
issuer_mode:
allOf:
- $ref: '#/components/schemas/IssuerModeEnum'
description: Configure how the issuer field of the ID Token should be filled.
verification_keys:
type: array
items:
type: string
format: uuid
title: Allowed certificates for JWT-based client_credentials
title: Allowed certificates for JWT-based client_credentials
description: DEPRECATED. JWTs created with the configured certificates can
authenticate with this provider.
jwks_sources:
type: array
items:
type: string
format: uuid
title: Any JWT signed by the JWK of the selected source can be used to
authenticate.
title: Any JWT signed by the JWK of the selected source can be used to authenticate.
required:
- authorization_flow
- name
OAuth2ProviderSetupURLs:
type: object
description: OAuth2 Provider Metadata serializer
properties:
issuer:
type: string
readOnly: true
authorize:
type: string
readOnly: true
token:
type: string
readOnly: true
user_info:
type: string
readOnly: true
provider_info:
type: string
readOnly: true
logout:
type: string
readOnly: true
required:
- authorize
- issuer
- logout
- provider_info
- token
- user_info
OAuthSource:
type: object
description: OAuth Source Serializer
properties:
pk:
type: string
format: uuid
readOnly: true
title: Pbm uuid
name:
type: string
description: Source's display Name.
slug:
type: string
description: Internal source name, used in URLs.
maxLength: 50
pattern: ^[-a-zA-Z0-9_]+$
enabled:
type: boolean
authentication_flow:
type: string
format: uuid
nullable: true
description: Flow to use when authenticating existing users.
enrollment_flow:
type: string
format: uuid
nullable: true
description: Flow to use when enrolling new users.
component:
type: string
readOnly: true
verbose_name:
type: string
readOnly: true
verbose_name_plural:
type: string
readOnly: true
meta_model_name:
type: string
readOnly: true
policy_engine_mode:
$ref: '#/components/schemas/PolicyEngineMode'
user_matching_mode:
allOf:
- $ref: '#/components/schemas/UserMatchingModeEnum'
description: How the source determines if an existing user should be authenticated
or a new user enrolled.
provider_type:
$ref: '#/components/schemas/ProviderTypeEnum'
request_token_url:
type: string
nullable: true
description: URL used to request the initial token. This URL is only required
for OAuth 1.
maxLength: 255
authorization_url:
type: string
nullable: true
description: URL the user is redirect to to conest the flow.
maxLength: 255
access_token_url:
type: string
nullable: true
description: URL used by authentik to retrieve tokens.
maxLength: 255
profile_url:
type: string
nullable: true
description: URL used by authentik to get user information.
maxLength: 255
consumer_key:
type: string
callback_url:
type: string
readOnly: true
additional_scopes:
type: string
type:
allOf:
- $ref: '#/components/schemas/SourceType'
readOnly: true
oidc_well_known_url:
type: string
oidc_jwks_url:
type: string
oidc_jwks:
type: object
additionalProperties: {}
required:
- callback_url
- component
- consumer_key
- meta_model_name
- name
- pk
- provider_type
- slug
- type
- verbose_name
- verbose_name_plural
OAuthSourceRequest:
type: object
description: OAuth Source Serializer
properties:
name:
type: string
minLength: 1
description: Source's display Name.
slug:
type: string
minLength: 1
description: Internal source name, used in URLs.
maxLength: 50
pattern: ^[-a-zA-Z0-9_]+$
enabled:
type: boolean
authentication_flow:
type: string
format: uuid
nullable: true
description: Flow to use when authenticating existing users.
enrollment_flow:
type: string
format: uuid
nullable: true
description: Flow to use when enrolling new users.
policy_engine_mode:
$ref: '#/components/schemas/PolicyEngineMode'
user_matching_mode:
allOf:
- $ref: '#/components/schemas/UserMatchingModeEnum'
description: How the source determines if an existing user should be authenticated
or a new user enrolled.
provider_type:
$ref: '#/components/schemas/ProviderTypeEnum'
request_token_url:
type: string
nullable: true
minLength: 1
description: URL used to request the initial token. This URL is only required
for OAuth 1.
maxLength: 255
authorization_url:
type: string
nullable: true
minLength: 1
description: URL the user is redirect to to conest the flow.
maxLength: 255
access_token_url:
type: string
nullable: true
minLength: 1
description: URL used by authentik to retrieve tokens.
maxLength: 255
profile_url:
type: string
nullable: true
minLength: 1
description: URL used by authentik to get user information.
maxLength: 255
consumer_key:
type: string
minLength: 1
consumer_secret:
type: string
writeOnly: true
minLength: 1
additional_scopes:
type: string
oidc_well_known_url:
type: string
oidc_jwks_url:
type: string
oidc_jwks:
type: object
additionalProperties: {}
required:
- consumer_key
- consumer_secret
- name
- provider_type
- slug
OpenIDConnectConfiguration:
type: object
description: rest_framework Serializer for OIDC Configuration
properties:
issuer:
type: string
authorization_endpoint:
type: string
token_endpoint:
type: string
userinfo_endpoint:
type: string
end_session_endpoint:
type: string
introspection_endpoint:
type: string
jwks_uri:
type: string
response_types_supported:
type: array
items:
type: string
id_token_signing_alg_values_supported:
type: array
items:
type: string
subject_types_supported:
type: array
items:
type: string
token_endpoint_auth_methods_supported:
type: array
items:
type: string
required:
- authorization_endpoint
- end_session_endpoint
- id_token_signing_alg_values_supported
- introspection_endpoint
- issuer
- jwks_uri
- response_types_supported
- subject_types_supported
- token_endpoint
- token_endpoint_auth_methods_supported
- userinfo_endpoint
Outpost:
type: object
description: Outpost Serializer
properties:
pk:
type: string
format: uuid
readOnly: true
title: Uuid
name:
type: string
type:
$ref: '#/components/schemas/OutpostTypeEnum'
providers:
type: array
items:
type: integer
providers_obj:
type: array
items:
$ref: '#/components/schemas/Provider'
readOnly: true
service_connection:
type: string
format: uuid
nullable: true
description: Select Service-Connection authentik should use to manage this
outpost. Leave empty if authentik should not handle the deployment.
service_connection_obj:
allOf:
- $ref: '#/components/schemas/ServiceConnection'
readOnly: true
token_identifier:
type: string
readOnly: true
config:
type: object
additionalProperties: {}
managed:
type: string
nullable: true
title: Managed by authentik
description: Objects which are managed by authentik. These objects are created
and updated automatically. This is flag only indicates that an object
can be overwritten by migrations. You can still modify the objects via
the API, but expect changes to be overwritten in a later update.
required:
- config
- name
- pk
- providers
- providers_obj
- service_connection_obj
- token_identifier
- type
OutpostDefaultConfig:
type: object
description: Global default outpost config
properties:
config:
type: object
additionalProperties: {}
readOnly: true
required:
- config
OutpostHealth:
type: object
description: Outpost health status
properties:
last_seen:
type: string
format: date-time
readOnly: true
version:
type: string
readOnly: true
version_should:
type: string
readOnly: true
version_outdated:
type: boolean
readOnly: true
build_hash:
type: string
readOnly: true
build_hash_should:
type: string
readOnly: true
required:
- build_hash
- build_hash_should
- last_seen
- version
- version_outdated
- version_should
OutpostRequest:
type: object
description: Outpost Serializer
properties:
name:
type: string
minLength: 1
type:
$ref: '#/components/schemas/OutpostTypeEnum'
providers:
type: array
items:
type: integer
service_connection:
type: string
format: uuid
nullable: true
description: Select Service-Connection authentik should use to manage this
outpost. Leave empty if authentik should not handle the deployment.
config:
type: object
additionalProperties: {}
managed:
type: string
nullable: true
minLength: 1
title: Managed by authentik
description: Objects which are managed by authentik. These objects are created
and updated automatically. This is flag only indicates that an object
can be overwritten by migrations. You can still modify the objects via
the API, but expect changes to be overwritten in a later update.
required:
- config
- name
- providers
- type
OutpostTypeEnum:
enum:
- proxy
- ldap
type: string
PaginatedApplicationList:
type: object
properties:
pagination:
type: object
properties:
next:
type: number
previous:
type: number
count:
type: number
current:
type: number
total_pages:
type: number
start_index:
type: number
end_index:
type: number
required:
- next
- previous
- count
- current
- total_pages
- start_index
- end_index
results:
type: array
items:
$ref: '#/components/schemas/Application'
required:
- pagination
- results
PaginatedAuthenticateWebAuthnStageList:
type: object
properties:
pagination:
type: object
properties:
next:
type: number
previous:
type: number
count:
type: number
current:
type: number
total_pages:
type: number
start_index:
type: number
end_index:
type: number
required:
- next
- previous
- count
- current
- total_pages
- start_index
- end_index
results:
type: array
items:
$ref: '#/components/schemas/AuthenticateWebAuthnStage'
required:
- pagination
- results
PaginatedAuthenticatedSessionList:
type: object
properties:
pagination:
type: object
properties:
next:
type: number
previous:
type: number
count:
type: number
current:
type: number
total_pages:
type: number
start_index:
type: number
end_index:
type: number
required:
- next
- previous
- count
- current
- total_pages
- start_index
- end_index
results:
type: array
items:
$ref: '#/components/schemas/AuthenticatedSession'
required:
- pagination
- results
PaginatedAuthenticatorDuoStageList:
type: object
properties:
pagination:
type: object
properties:
next:
type: number
previous:
type: number
count:
type: number
current:
type: number
total_pages:
type: number
start_index:
type: number
end_index:
type: number
required:
- next
- previous
- count
- current
- total_pages
- start_index
- end_index
results:
type: array
items:
$ref: '#/components/schemas/AuthenticatorDuoStage'
required:
- pagination
- results
stages/authenticator_sms: Add SMS Authenticator Stage (#1577) * stages/authenticator_sms: initial implementation Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add initial stage UI Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/elements: clear invalid state when old input was invalid but new input is correct Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: add more logic Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/user: add basic SMS settings Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: initial working version Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: add tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/flows: optimise totp password manager entry on authenticator_validation stage Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/elements: add grouping support for table Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: allow sms class in authenticator stage Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add grouping to more pages Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_validate: add SMS support Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * api: add throttling for flow executor based on session key and pending user Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web: fix style issues Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * ci: add workflow to compile backend translations Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-11 15:51:49 +00:00
PaginatedAuthenticatorSMSStageList:
type: object
properties:
pagination:
type: object
properties:
next:
type: number
previous:
type: number
count:
type: number
current:
type: number
total_pages:
type: number
start_index:
type: number
end_index:
type: number
required:
- next
- previous
- count
- current
- total_pages
- start_index
- end_index
results:
type: array
items:
$ref: '#/components/schemas/AuthenticatorSMSStage'
required:
- pagination
- results
PaginatedAuthenticatorStaticStageList:
type: object
properties:
pagination:
type: object
properties:
next:
type: number
previous:
type: number
count:
type: number
current:
type: number
total_pages:
type: number
start_index:
type: number
end_index:
type: number
required:
- next
- previous
- count
- current
- total_pages
- start_index
- end_index
results:
type: array
items:
$ref: '#/components/schemas/AuthenticatorStaticStage'
required:
- pagination
- results
PaginatedAuthenticatorTOTPStageList:
type: object
properties:
pagination:
type: object
properties:
next:
type: number
previous:
type: number
count:
type: number
current:
type: number
total_pages:
type: number
start_index:
type: number
end_index:
type: number
required:
- next
- previous
- count
- current
- total_pages
- start_index
- end_index
results:
type: array
items:
$ref: '#/components/schemas/AuthenticatorTOTPStage'
required:
- pagination
- results
PaginatedAuthenticatorValidateStageList:
type: object
properties:
pagination:
type: object
properties:
next:
type: number
previous:
type: number
count:
type: number
current:
type: number
total_pages:
type: number
start_index:
type: number
end_index:
type: number
required:
- next
- previous
- count
- current
- total_pages
- start_index
- end_index
results:
type: array
items:
$ref: '#/components/schemas/AuthenticatorValidateStage'
required:
- pagination
- results
PaginatedCaptchaStageList:
type: object
properties:
pagination:
type: object
properties:
next:
type: number
previous:
type: number
count:
type: number
current:
type: number
total_pages:
type: number
start_index:
type: number
end_index:
type: number
required:
- next
- previous
- count
- current
- total_pages
- start_index
- end_index
results:
type: array
items:
$ref: '#/components/schemas/CaptchaStage'
required:
- pagination
- results
PaginatedCertificateKeyPairList:
type: object
properties:
pagination:
type: object
properties:
next:
type: number
previous:
type: number
count:
type: number
current:
type: number
total_pages:
type: number
start_index:
type: number
end_index:
type: number
required:
- next
- previous
- count
- current
- total_pages
- start_index
- end_index
results:
type: array
items:
$ref: '#/components/schemas/CertificateKeyPair'
required:
- pagination
- results
PaginatedConsentStageList:
type: object
properties:
pagination:
type: object
properties:
next:
type: number
previous:
type: number
count:
type: number
current:
type: number
total_pages:
type: number
start_index:
type: number
end_index:
type: number
required:
- next
- previous
- count
- current
- total_pages
- start_index
- end_index
results:
type: array
items:
$ref: '#/components/schemas/ConsentStage'
required:
- pagination
- results
PaginatedDenyStageList:
type: object
properties:
pagination:
type: object
properties:
next:
type: number
previous:
type: number
count:
type: number
current:
type: number
total_pages:
type: number
start_index:
type: number
end_index:
type: number
required:
- next
- previous
- count
- current
- total_pages
- start_index
- end_index
results:
type: array
items:
$ref: '#/components/schemas/DenyStage'
required:
- pagination
- results
PaginatedDockerServiceConnectionList:
type: object
properties:
pagination:
type: object
properties:
next:
type: number
previous:
type: number
count:
type: number
current:
type: number
total_pages:
type: number
start_index:
type: number
end_index:
type: number
required:
- next
- previous
- count
- current
- total_pages
- start_index
- end_index
results:
type: array
items:
$ref: '#/components/schemas/DockerServiceConnection'
required:
- pagination
- results
PaginatedDummyPolicyList:
type: object
properties:
pagination:
type: object
properties:
next:
type: number
previous:
type: number
count:
type: number
current:
type: number
total_pages:
type: number
start_index:
type: number
end_index:
type: number
required:
- next
- previous
- count
- current
- total_pages
- start_index
- end_index
results:
type: array
items:
$ref: '#/components/schemas/DummyPolicy'
required:
- pagination
- results
PaginatedDummyStageList:
type: object
properties:
pagination:
type: object
properties:
next:
type: number
previous:
type: number
count:
type: number
current:
type: number
total_pages:
type: number
start_index:
type: number
end_index:
type: number
required:
- next
- previous
- count
- current
- total_pages
- start_index
- end_index
results:
type: array
items:
$ref: '#/components/schemas/DummyStage'
required:
- pagination
- results
PaginatedDuoDeviceList:
type: object
properties:
pagination:
type: object
properties:
next:
type: number
previous:
type: number
count:
type: number
current:
type: number
total_pages:
type: number
start_index:
type: number
end_index:
type: number
required:
- next
- previous
- count
- current
- total_pages
- start_index
- end_index
results:
type: array
items:
$ref: '#/components/schemas/DuoDevice'
required:
- pagination
- results
PaginatedEmailStageList:
type: object
properties:
pagination:
type: object
properties:
next:
type: number
previous:
type: number
count:
type: number
current:
type: number
total_pages:
type: number
start_index:
type: number
end_index:
type: number
required:
- next
- previous
- count
- current
- total_pages
- start_index
- end_index
results:
type: array
items:
$ref: '#/components/schemas/EmailStage'
required:
- pagination
- results
PaginatedEventList:
type: object
properties:
pagination:
type: object
properties:
next:
type: number
previous:
type: number
count:
type: number
current:
type: number
total_pages:
type: number
start_index:
type: number
end_index:
type: number
required:
- next
- previous
- count
- current
- total_pages
- start_index
- end_index
results:
type: array
items:
$ref: '#/components/schemas/Event'
required:
- pagination
- results
PaginatedEventMatcherPolicyList:
type: object
properties:
pagination:
type: object
properties:
next:
type: number
previous:
type: number
count:
type: number
current:
type: number
total_pages:
type: number
start_index:
type: number
end_index:
type: number
required:
- next
- previous
- count
- current
- total_pages
- start_index
- end_index
results:
type: array
items:
$ref: '#/components/schemas/EventMatcherPolicy'
required:
- pagination
- results
PaginatedExpiringBaseGrantModelList:
type: object
properties:
pagination:
type: object
properties:
next:
type: number
previous:
type: number
count:
type: number
current:
type: number
total_pages:
type: number
start_index:
type: number
end_index:
type: number
required:
- next
- previous
- count
- current
- total_pages
- start_index
- end_index
results:
type: array
items:
$ref: '#/components/schemas/ExpiringBaseGrantModel'
required:
- pagination
- results
PaginatedExpressionPolicyList:
type: object
properties:
pagination:
type: object
properties:
next:
type: number
previous:
type: number
count:
type: number
current:
type: number
total_pages:
type: number
start_index:
type: number
end_index:
type: number
required:
- next
- previous
- count
- current
- total_pages
- start_index
- end_index
results:
type: array
items:
$ref: '#/components/schemas/ExpressionPolicy'
required:
- pagination
- results
PaginatedFlowList:
type: object
properties:
pagination:
type: object
properties:
next:
type: number
previous:
type: number
count:
type: number
current:
type: number
total_pages:
type: number
start_index:
type: number
end_index:
type: number
required:
- next
- previous
- count
- current
- total_pages
- start_index
- end_index
results:
type: array
items:
$ref: '#/components/schemas/Flow'
required:
- pagination
- results
PaginatedFlowStageBindingList:
type: object
properties:
pagination:
type: object
properties:
next:
type: number
previous:
type: number
count:
type: number
current:
type: number
total_pages:
type: number
start_index:
type: number
end_index:
type: number
required:
- next
- previous
- count
- current
- total_pages
- start_index
- end_index
results:
type: array
items:
$ref: '#/components/schemas/FlowStageBinding'
required:
- pagination
- results
PaginatedGroupList:
type: object
properties:
pagination:
type: object
properties:
next:
type: number
previous:
type: number
count:
type: number
current:
type: number
total_pages:
type: number
start_index:
type: number
end_index:
type: number
required:
- next
- previous
- count
- current
- total_pages
- start_index
- end_index
results:
type: array
items:
$ref: '#/components/schemas/Group'
required:
- pagination
- results
PaginatedHaveIBeenPwendPolicyList:
type: object
properties:
pagination:
type: object
properties:
next:
type: number
previous:
type: number
count:
type: number
current:
type: number
total_pages:
type: number
start_index:
type: number
end_index:
type: number
required:
- next
- previous
- count
- current
- total_pages
- start_index
- end_index
results:
type: array
items:
$ref: '#/components/schemas/HaveIBeenPwendPolicy'
required:
- pagination
- results
PaginatedIdentificationStageList:
type: object
properties:
pagination:
type: object
properties:
next:
type: number
previous:
type: number
count:
type: number
current:
type: number
total_pages:
type: number
start_index:
type: number
end_index:
type: number
required:
- next
- previous
- count
- current
- total_pages
- start_index
- end_index
results:
type: array
items:
$ref: '#/components/schemas/IdentificationStage'
required:
- pagination
- results
PaginatedInvitationList:
type: object
properties:
pagination:
type: object
properties:
next:
type: number
previous:
type: number
count:
type: number
current:
type: number
total_pages:
type: number
start_index:
type: number
end_index:
type: number
required:
- next
- previous
- count
- current
- total_pages
- start_index
- end_index
results:
type: array
items:
$ref: '#/components/schemas/Invitation'
required:
- pagination
- results
PaginatedInvitationStageList:
type: object
properties:
pagination:
type: object
properties:
next:
type: number
previous:
type: number
count:
type: number
current:
type: number
total_pages:
type: number
start_index:
type: number
end_index:
type: number
required:
- next
- previous
- count
- current
- total_pages
- start_index
- end_index
results:
type: array
items:
$ref: '#/components/schemas/InvitationStage'
required:
- pagination
- results
PaginatedKubernetesServiceConnectionList:
type: object
properties:
pagination:
type: object
properties:
next:
type: number
previous:
type: number
count:
type: number
current:
type: number
total_pages:
type: number
start_index:
type: number
end_index:
type: number
required:
- next
- previous
- count
- current
- total_pages
- start_index
- end_index
results:
type: array
items:
$ref: '#/components/schemas/KubernetesServiceConnection'
required:
- pagination
- results
PaginatedLDAPOutpostConfigList:
type: object
properties:
pagination:
type: object
properties:
next:
type: number
previous:
type: number
count:
type: number
current:
type: number
total_pages:
type: number
start_index:
type: number
end_index:
type: number
required:
- next
- previous
- count
- current
- total_pages
- start_index
- end_index
results:
type: array
items:
$ref: '#/components/schemas/LDAPOutpostConfig'
required:
- pagination
- results
PaginatedLDAPPropertyMappingList:
type: object
properties:
pagination:
type: object
properties:
next:
type: number
previous:
type: number
count:
type: number
current:
type: number
total_pages:
type: number
start_index:
type: number
end_index:
type: number
required:
- next
- previous
- count
- current
- total_pages
- start_index
- end_index
results:
type: array
items:
$ref: '#/components/schemas/LDAPPropertyMapping'
required:
- pagination
- results
PaginatedLDAPProviderList:
type: object
properties:
pagination:
type: object
properties:
next:
type: number
previous:
type: number
count:
type: number
current:
type: number
total_pages:
type: number
start_index:
type: number
end_index:
type: number
required:
- next
- previous
- count
- current
- total_pages
- start_index
- end_index
results:
type: array
items:
$ref: '#/components/schemas/LDAPProvider'
required:
- pagination
- results
PaginatedLDAPSourceList:
type: object
properties:
pagination:
type: object
properties:
next:
type: number
previous:
type: number
count:
type: number
current:
type: number
total_pages:
type: number
start_index:
type: number
end_index:
type: number
required:
- next
- previous
- count
- current
- total_pages
- start_index
- end_index
results:
type: array
items:
$ref: '#/components/schemas/LDAPSource'
required:
- pagination
- results
PaginatedNotificationList:
type: object
properties:
pagination:
type: object
properties:
next:
type: number
previous:
type: number
count:
type: number
current:
type: number
total_pages:
type: number
start_index:
type: number
end_index:
type: number
required:
- next
- previous
- count
- current
- total_pages
- start_index
- end_index
results:
type: array
items:
$ref: '#/components/schemas/Notification'
required:
- pagination
- results
PaginatedNotificationRuleList:
type: object
properties:
pagination:
type: object
properties:
next:
type: number
previous:
type: number
count:
type: number
current:
type: number
total_pages:
type: number
start_index:
type: number
end_index:
type: number
required:
- next
- previous
- count
- current
- total_pages
- start_index
- end_index
results:
type: array
items:
$ref: '#/components/schemas/NotificationRule'
required:
- pagination
- results
PaginatedNotificationTransportList:
type: object
properties:
pagination:
type: object
properties:
next:
type: number
previous:
type: number
count:
type: number
current:
type: number
total_pages:
type: number
start_index:
type: number
end_index:
type: number
required:
- next
- previous
- count
- current
- total_pages
- start_index
- end_index
results:
type: array
items:
$ref: '#/components/schemas/NotificationTransport'
required:
- pagination
- results
PaginatedNotificationWebhookMappingList:
type: object
properties:
pagination:
type: object
properties:
next:
type: number
previous:
type: number
count:
type: number
current:
type: number
total_pages:
type: number
start_index:
type: number
end_index:
type: number
required:
- next
- previous
- count
- current
- total_pages
- start_index
- end_index
results:
type: array
items:
$ref: '#/components/schemas/NotificationWebhookMapping'
required:
- pagination
- results
PaginatedOAuth2ProviderList:
type: object
properties:
pagination:
type: object
properties:
next:
type: number
previous:
type: number
count:
type: number
current:
type: number
total_pages:
type: number
start_index:
type: number
end_index:
type: number
required:
- next
- previous
- count
- current
- total_pages
- start_index
- end_index
results:
type: array
items:
$ref: '#/components/schemas/OAuth2Provider'
required:
- pagination
- results
PaginatedOAuthSourceList:
type: object
properties:
pagination:
type: object
properties:
next:
type: number
previous:
type: number
count:
type: number
current:
type: number
total_pages:
type: number
start_index:
type: number
end_index:
type: number
required:
- next
- previous
- count
- current
- total_pages
- start_index
- end_index
results:
type: array
items:
$ref: '#/components/schemas/OAuthSource'
required:
- pagination
- results
PaginatedOutpostList:
type: object
properties:
pagination:
type: object
properties:
next:
type: number
previous:
type: number
count:
type: number
current:
type: number
total_pages:
type: number
start_index:
type: number
end_index:
type: number
required:
- next
- previous
- count
- current
- total_pages
- start_index
- end_index
results:
type: array
items:
$ref: '#/components/schemas/Outpost'
required:
- pagination
- results
PaginatedPasswordExpiryPolicyList:
type: object
properties:
pagination:
type: object
properties:
next:
type: number
previous:
type: number
count:
type: number
current:
type: number
total_pages:
type: number
start_index:
type: number
end_index:
type: number
required:
- next
- previous
- count
- current
- total_pages
- start_index
- end_index
results:
type: array
items:
$ref: '#/components/schemas/PasswordExpiryPolicy'
required:
- pagination
- results
PaginatedPasswordPolicyList:
type: object
properties:
pagination:
type: object
properties:
next:
type: number
previous:
type: number
count:
type: number
current:
type: number
total_pages:
type: number
start_index:
type: number
end_index:
type: number
required:
- next
- previous
- count
- current
- total_pages
- start_index
- end_index
results:
type: array
items:
$ref: '#/components/schemas/PasswordPolicy'
required:
- pagination
- results
PaginatedPasswordStageList:
type: object
properties:
pagination:
type: object
properties:
next:
type: number
previous:
type: number
count:
type: number
current:
type: number
total_pages:
type: number
start_index:
type: number
end_index:
type: number
required:
- next
- previous
- count
- current
- total_pages
- start_index
- end_index
results:
type: array
items:
$ref: '#/components/schemas/PasswordStage'
required:
- pagination
- results
PaginatedPlexSourceConnectionList:
type: object
properties:
pagination:
type: object
properties:
next:
type: number
previous:
type: number
count:
type: number
current:
type: number
total_pages:
type: number
start_index:
type: number
end_index:
type: number
required:
- next
- previous
- count
- current
- total_pages
- start_index
- end_index
results:
type: array
items:
$ref: '#/components/schemas/PlexSourceConnection'
required:
- pagination
- results
PaginatedPlexSourceList:
type: object
properties:
pagination:
type: object
properties:
next:
type: number
previous:
type: number
count:
type: number
current:
type: number
total_pages:
type: number
start_index:
type: number
end_index:
type: number
required:
- next
- previous
- count
- current
- total_pages
- start_index
- end_index
results:
type: array
items:
$ref: '#/components/schemas/PlexSource'
required:
- pagination
- results
PaginatedPolicyBindingList:
type: object
properties:
pagination:
type: object
properties:
next:
type: number
previous:
type: number
count:
type: number
current:
type: number
total_pages:
type: number
start_index:
type: number
end_index:
type: number
required:
- next
- previous
- count
- current
- total_pages
- start_index
- end_index
results:
type: array
items:
$ref: '#/components/schemas/PolicyBinding'
required:
- pagination
- results
PaginatedPolicyList:
type: object
properties:
pagination:
type: object
properties:
next:
type: number
previous:
type: number
count:
type: number
current:
type: number
total_pages:
type: number
start_index:
type: number
end_index:
type: number
required:
- next
- previous
- count
- current
- total_pages
- start_index
- end_index
results:
type: array
items:
$ref: '#/components/schemas/Policy'
required:
- pagination
- results
PaginatedPromptList:
type: object
properties:
pagination:
type: object
properties:
next:
type: number
previous:
type: number
count:
type: number
current:
type: number
total_pages:
type: number
start_index:
type: number
end_index:
type: number
required:
- next
- previous
- count
- current
- total_pages
- start_index
- end_index
results:
type: array
items:
$ref: '#/components/schemas/Prompt'
required:
- pagination
- results
PaginatedPromptStageList:
type: object
properties:
pagination:
type: object
properties:
next:
type: number
previous:
type: number
count:
type: number
current:
type: number
total_pages:
type: number
start_index:
type: number
end_index:
type: number
required:
- next
- previous
- count
- current
- total_pages
- start_index
- end_index
results:
type: array
items:
$ref: '#/components/schemas/PromptStage'
required:
- pagination
- results
PaginatedPropertyMappingList:
type: object
properties:
pagination:
type: object
properties:
next:
type: number
previous:
type: number
count:
type: number
current:
type: number
total_pages:
type: number
start_index:
type: number
end_index:
type: number
required:
- next
- previous
- count
- current
- total_pages
- start_index
- end_index
results:
type: array
items:
$ref: '#/components/schemas/PropertyMapping'
required:
- pagination
- results
PaginatedProviderList:
type: object
properties:
pagination:
type: object
properties:
next:
type: number
previous:
type: number
count:
type: number
current:
type: number
total_pages:
type: number
start_index:
type: number
end_index:
type: number
required:
- next
- previous
- count
- current
- total_pages
- start_index
- end_index
results:
type: array
items:
$ref: '#/components/schemas/Provider'
required:
- pagination
- results
PaginatedProxyOutpostConfigList:
type: object
properties:
pagination:
type: object
properties:
next:
type: number
previous:
type: number
count:
type: number
current:
type: number
total_pages:
type: number
start_index:
type: number
end_index:
type: number
required:
- next
- previous
- count
- current
- total_pages
- start_index
- end_index
results:
type: array
items:
$ref: '#/components/schemas/ProxyOutpostConfig'
required:
- pagination
- results
PaginatedProxyProviderList:
type: object
properties:
pagination:
type: object
properties:
next:
type: number
previous:
type: number
count:
type: number
current:
type: number
total_pages:
type: number
start_index:
type: number
end_index:
type: number
required:
- next
- previous
- count
- current
- total_pages
- start_index
- end_index
results:
type: array
items:
$ref: '#/components/schemas/ProxyProvider'
required:
- pagination
- results
PaginatedRefreshTokenModelList:
type: object
properties:
pagination:
type: object
properties:
next:
type: number
previous:
type: number
count:
type: number
current:
type: number
total_pages:
type: number
start_index:
type: number
end_index:
type: number
required:
- next
- previous
- count
- current
- total_pages
- start_index
- end_index
results:
type: array
items:
$ref: '#/components/schemas/RefreshTokenModel'
required:
- pagination
- results
PaginatedReputationList:
type: object
properties:
pagination:
type: object
properties:
next:
type: number
previous:
type: number
count:
type: number
current:
type: number
total_pages:
type: number
start_index:
type: number
end_index:
type: number
required:
- next
- previous
- count
- current
- total_pages
- start_index
- end_index
results:
type: array
items:
$ref: '#/components/schemas/Reputation'
required:
- pagination
- results
PaginatedReputationPolicyList:
type: object
properties:
pagination:
type: object
properties:
next:
type: number
previous:
type: number
count:
type: number
current:
type: number
total_pages:
type: number
start_index:
type: number
end_index:
type: number
required:
- next
- previous
- count
- current
- total_pages
- start_index
- end_index
results:
type: array
items:
$ref: '#/components/schemas/ReputationPolicy'
required:
- pagination
- results
PaginatedSAMLPropertyMappingList:
type: object
properties:
pagination:
type: object
properties:
next:
type: number
previous:
type: number
count:
type: number
current:
type: number
total_pages:
type: number
start_index:
type: number
end_index:
type: number
required:
- next
- previous
- count
- current
- total_pages
- start_index
- end_index
results:
type: array
items:
$ref: '#/components/schemas/SAMLPropertyMapping'
required:
- pagination
- results
PaginatedSAMLProviderList:
type: object
properties:
pagination:
type: object
properties:
next:
type: number
previous:
type: number
count:
type: number
current:
type: number
total_pages:
type: number
start_index:
type: number
end_index:
type: number
required:
- next
- previous
- count
- current
- total_pages
- start_index
- end_index
results:
type: array
items:
$ref: '#/components/schemas/SAMLProvider'
required:
- pagination
- results
PaginatedSAMLSourceList:
type: object
properties:
pagination:
type: object
properties:
next:
type: number
previous:
type: number
count:
type: number
current:
type: number
total_pages:
type: number
start_index:
type: number
end_index:
type: number
required:
- next
- previous
- count
- current
- total_pages
- start_index
- end_index
results:
type: array
items:
$ref: '#/components/schemas/SAMLSource'
required:
- pagination
- results
stages/authenticator_sms: Add SMS Authenticator Stage (#1577) * stages/authenticator_sms: initial implementation Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add initial stage UI Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/elements: clear invalid state when old input was invalid but new input is correct Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: add more logic Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/user: add basic SMS settings Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: initial working version Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: add tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/flows: optimise totp password manager entry on authenticator_validation stage Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/elements: add grouping support for table Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: allow sms class in authenticator stage Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add grouping to more pages Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_validate: add SMS support Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * api: add throttling for flow executor based on session key and pending user Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web: fix style issues Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * ci: add workflow to compile backend translations Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-11 15:51:49 +00:00
PaginatedSMSDeviceList:
type: object
properties:
pagination:
type: object
properties:
next:
type: number
previous:
type: number
count:
type: number
current:
type: number
total_pages:
type: number
start_index:
type: number
end_index:
type: number
required:
- next
- previous
- count
- current
- total_pages
- start_index
- end_index
results:
type: array
items:
$ref: '#/components/schemas/SMSDevice'
required:
- pagination
- results
PaginatedScopeMappingList:
type: object
properties:
pagination:
type: object
properties:
next:
type: number
previous:
type: number
count:
type: number
current:
type: number
total_pages:
type: number
start_index:
type: number
end_index:
type: number
required:
- next
- previous
- count
- current
- total_pages
- start_index
- end_index
results:
type: array
items:
$ref: '#/components/schemas/ScopeMapping'
required:
- pagination
- results
PaginatedServiceConnectionList:
type: object
properties:
pagination:
type: object
properties:
next:
type: number
previous:
type: number
count:
type: number
current:
type: number
total_pages:
type: number
start_index:
type: number
end_index:
type: number
required:
- next
- previous
- count
- current
- total_pages
- start_index
- end_index
results:
type: array
items:
$ref: '#/components/schemas/ServiceConnection'
required:
- pagination
- results
PaginatedSourceList:
type: object
properties:
pagination:
type: object
properties:
next:
type: number
previous:
type: number
count:
type: number
current:
type: number
total_pages:
type: number
start_index:
type: number
end_index:
type: number
required:
- next
- previous
- count
- current
- total_pages
- start_index
- end_index
results:
type: array
items:
$ref: '#/components/schemas/Source'
required:
- pagination
- results
PaginatedStageList:
type: object
properties:
pagination:
type: object
properties:
next:
type: number
previous:
type: number
count:
type: number
current:
type: number
total_pages:
type: number
start_index:
type: number
end_index:
type: number
required:
- next
- previous
- count
- current
- total_pages
- start_index
- end_index
results:
type: array
items:
$ref: '#/components/schemas/Stage'
required:
- pagination
- results
PaginatedStaticDeviceList:
type: object
properties:
pagination:
type: object
properties:
next:
type: number
previous:
type: number
count:
type: number
current:
type: number
total_pages:
type: number
start_index:
type: number
end_index:
type: number
required:
- next
- previous
- count
- current
- total_pages
- start_index
- end_index
results:
type: array
items:
$ref: '#/components/schemas/StaticDevice'
required:
- pagination
- results
PaginatedTOTPDeviceList:
type: object
properties:
pagination:
type: object
properties:
next:
type: number
previous:
type: number
count:
type: number
current:
type: number
total_pages:
type: number
start_index:
type: number
end_index:
type: number
required:
- next
- previous
- count
- current
- total_pages
- start_index
- end_index
results:
type: array
items:
$ref: '#/components/schemas/TOTPDevice'
required:
- pagination
- results
PaginatedTenantList:
type: object
properties:
pagination:
type: object
properties:
next:
type: number
previous:
type: number
count:
type: number
current:
type: number
total_pages:
type: number
start_index:
type: number
end_index:
type: number
required:
- next
- previous
- count
- current
- total_pages
- start_index
- end_index
results:
type: array
items:
$ref: '#/components/schemas/Tenant'
required:
- pagination
- results
PaginatedTokenList:
type: object
properties:
pagination:
type: object
properties:
next:
type: number
previous:
type: number
count:
type: number
current:
type: number
total_pages:
type: number
start_index:
type: number
end_index:
type: number
required:
- next
- previous
- count
- current
- total_pages
- start_index
- end_index
results:
type: array
items:
$ref: '#/components/schemas/Token'
required:
- pagination
- results
PaginatedUserConsentList:
type: object
properties:
pagination:
type: object
properties:
next:
type: number
previous:
type: number
count:
type: number
current:
type: number
total_pages:
type: number
start_index:
type: number
end_index:
type: number
required:
- next
- previous
- count
- current
- total_pages
- start_index
- end_index
results:
type: array
items:
$ref: '#/components/schemas/UserConsent'
required:
- pagination
- results
PaginatedUserDeleteStageList:
type: object
properties:
pagination:
type: object
properties:
next:
type: number
previous:
type: number
count:
type: number
current:
type: number
total_pages:
type: number
start_index:
type: number
end_index:
type: number
required:
- next
- previous
- count
- current
- total_pages
- start_index
- end_index
results:
type: array
items:
$ref: '#/components/schemas/UserDeleteStage'
required:
- pagination
- results
PaginatedUserList:
type: object
properties:
pagination:
type: object
properties:
next:
type: number
previous:
type: number
count:
type: number
current:
type: number
total_pages:
type: number
start_index:
type: number
end_index:
type: number
required:
- next
- previous
- count
- current
- total_pages
- start_index
- end_index
results:
type: array
items:
$ref: '#/components/schemas/User'
required:
- pagination
- results
PaginatedUserLoginStageList:
type: object
properties:
pagination:
type: object
properties:
next:
type: number
previous:
type: number
count:
type: number
current:
type: number
total_pages:
type: number
start_index:
type: number
end_index:
type: number
required:
- next
- previous
- count
- current
- total_pages
- start_index
- end_index
results:
type: array
items:
$ref: '#/components/schemas/UserLoginStage'
required:
- pagination
- results
PaginatedUserLogoutStageList:
type: object
properties:
pagination:
type: object
properties:
next:
type: number
previous:
type: number
count:
type: number
current:
type: number
total_pages:
type: number
start_index:
type: number
end_index:
type: number
required:
- next
- previous
- count
- current
- total_pages
- start_index
- end_index
results:
type: array
items:
$ref: '#/components/schemas/UserLogoutStage'
required:
- pagination
- results
PaginatedUserOAuthSourceConnectionList:
type: object
properties:
pagination:
type: object
properties:
next:
type: number
previous:
type: number
count:
type: number
current:
type: number
total_pages:
type: number
start_index:
type: number
end_index:
type: number
required:
- next
- previous
- count
- current
- total_pages
- start_index
- end_index
results:
type: array
items:
$ref: '#/components/schemas/UserOAuthSourceConnection'
required:
- pagination
- results
PaginatedUserSourceConnectionList:
type: object
properties:
pagination:
type: object
properties:
next:
type: number
previous:
type: number
count:
type: number
current:
type: number
total_pages:
type: number
start_index:
type: number
end_index:
type: number
required:
- next
- previous
- count
- current
- total_pages
- start_index
- end_index
results:
type: array
items:
$ref: '#/components/schemas/UserSourceConnection'
required:
- pagination
- results
PaginatedUserWriteStageList:
type: object
properties:
pagination:
type: object
properties:
next:
type: number
previous:
type: number
count:
type: number
current:
type: number
total_pages:
type: number
start_index:
type: number
end_index:
type: number
required:
- next
- previous
- count
- current
- total_pages
- start_index
- end_index
results:
type: array
items:
$ref: '#/components/schemas/UserWriteStage'
required:
- pagination
- results
PaginatedWebAuthnDeviceList:
type: object
properties:
pagination:
type: object
properties:
next:
type: number
previous:
type: number
count:
type: number
current:
type: number
total_pages:
type: number
start_index:
type: number
end_index:
type: number
required:
- next
- previous
- count
- current
- total_pages
- start_index
- end_index
results:
type: array
items:
$ref: '#/components/schemas/WebAuthnDevice'
required:
- pagination
- results
PasswordChallenge:
type: object
description: Password challenge UI fields
properties:
type:
$ref: '#/components/schemas/ChallengeChoices'
flow_info:
$ref: '#/components/schemas/ContextualFlowInfo'
component:
type: string
default: ak-stage-password
response_errors:
type: object
additionalProperties:
type: array
items:
$ref: '#/components/schemas/ErrorDetail'
pending_user:
type: string
pending_user_avatar:
type: string
recovery_url:
type: string
required:
- pending_user
- pending_user_avatar
- type
PasswordChallengeResponseRequest:
type: object
description: Password challenge response
properties:
component:
type: string
minLength: 1
default: ak-stage-password
password:
type: string
minLength: 1
required:
- password
PasswordExpiryPolicy:
type: object
description: Password Expiry Policy Serializer
properties:
pk:
type: string
format: uuid
readOnly: true
title: Policy uuid
name:
type: string
nullable: true
execution_logging:
type: boolean
description: When this option is enabled, all executions of this policy
will be logged. By default, only execution errors are logged.
component:
type: string
readOnly: true
verbose_name:
type: string
readOnly: true
verbose_name_plural:
type: string
readOnly: true
meta_model_name:
type: string
readOnly: true
bound_to:
type: integer
readOnly: true
days:
type: integer
maximum: 2147483647
minimum: -2147483648
deny_only:
type: boolean
required:
- bound_to
- component
- days
- meta_model_name
- pk
- verbose_name
- verbose_name_plural
PasswordExpiryPolicyRequest:
type: object
description: Password Expiry Policy Serializer
properties:
name:
type: string
nullable: true
execution_logging:
type: boolean
description: When this option is enabled, all executions of this policy
will be logged. By default, only execution errors are logged.
days:
type: integer
maximum: 2147483647
minimum: -2147483648
deny_only:
type: boolean
required:
- days
PasswordPolicy:
type: object
description: Password Policy Serializer
properties:
pk:
type: string
format: uuid
readOnly: true
title: Policy uuid
name:
type: string
nullable: true
execution_logging:
type: boolean
description: When this option is enabled, all executions of this policy
will be logged. By default, only execution errors are logged.
component:
type: string
readOnly: true
verbose_name:
type: string
readOnly: true
verbose_name_plural:
type: string
readOnly: true
meta_model_name:
type: string
readOnly: true
bound_to:
type: integer
readOnly: true
password_field:
type: string
description: Field key to check, field keys defined in Prompt stages are
available.
amount_digits:
type: integer
maximum: 2147483647
minimum: 0
amount_uppercase:
type: integer
maximum: 2147483647
minimum: 0
amount_lowercase:
type: integer
maximum: 2147483647
minimum: 0
amount_symbols:
type: integer
maximum: 2147483647
minimum: 0
length_min:
type: integer
maximum: 2147483647
minimum: 0
symbol_charset:
type: string
error_message:
type: string
required:
- bound_to
- component
- error_message
- meta_model_name
- pk
- verbose_name
- verbose_name_plural
PasswordPolicyRequest:
type: object
description: Password Policy Serializer
properties:
name:
type: string
nullable: true
execution_logging:
type: boolean
description: When this option is enabled, all executions of this policy
will be logged. By default, only execution errors are logged.
password_field:
type: string
minLength: 1
description: Field key to check, field keys defined in Prompt stages are
available.
amount_digits:
type: integer
maximum: 2147483647
minimum: 0
amount_uppercase:
type: integer
maximum: 2147483647
minimum: 0
amount_lowercase:
type: integer
maximum: 2147483647
minimum: 0
amount_symbols:
type: integer
maximum: 2147483647
minimum: 0
length_min:
type: integer
maximum: 2147483647
minimum: 0
symbol_charset:
type: string
minLength: 1
error_message:
type: string
minLength: 1
required:
- error_message
PasswordStage:
type: object
description: PasswordStage Serializer
properties:
pk:
type: string
format: uuid
readOnly: true
title: Stage uuid
name:
type: string
component:
type: string
readOnly: true
verbose_name:
type: string
readOnly: true
verbose_name_plural:
type: string
readOnly: true
meta_model_name:
type: string
readOnly: true
flow_set:
type: array
items:
$ref: '#/components/schemas/Flow'
backends:
type: array
items:
$ref: '#/components/schemas/BackendsEnum'
description: Selection of backends to test the password against.
configure_flow:
type: string
format: uuid
nullable: true
description: Flow used by an authenticated user to configure this Stage.
If empty, user will not be able to configure this stage.
failed_attempts_before_cancel:
type: integer
maximum: 2147483647
minimum: -2147483648
description: How many attempts a user has before the flow is canceled. To
lock the user out, use a reputation policy and a user_write stage.
required:
- backends
- component
- meta_model_name
- name
- pk
- verbose_name
- verbose_name_plural
PasswordStageRequest:
type: object
description: PasswordStage Serializer
properties:
name:
type: string
minLength: 1
flow_set:
type: array
items:
$ref: '#/components/schemas/FlowRequest'
backends:
type: array
items:
$ref: '#/components/schemas/BackendsEnum'
description: Selection of backends to test the password against.
configure_flow:
type: string
format: uuid
nullable: true
description: Flow used by an authenticated user to configure this Stage.
If empty, user will not be able to configure this stage.
failed_attempts_before_cancel:
type: integer
maximum: 2147483647
minimum: -2147483648
description: How many attempts a user has before the flow is canceled. To
lock the user out, use a reputation policy and a user_write stage.
required:
- backends
- name
PatchedApplicationRequest:
type: object
description: Application Serializer
properties:
name:
type: string
minLength: 1
description: Application's display Name.
slug:
type: string
minLength: 1
description: Internal application name, used in URLs.
maxLength: 50
pattern: ^[-a-zA-Z0-9_]+$
provider:
type: integer
nullable: true
meta_launch_url:
type: string
format: uri
meta_description:
type: string
meta_publisher:
type: string
policy_engine_mode:
$ref: '#/components/schemas/PolicyEngineMode'
group:
type: string
PatchedAuthenticateWebAuthnStageRequest:
type: object
description: AuthenticateWebAuthnStage Serializer
properties:
name:
type: string
minLength: 1
flow_set:
type: array
items:
$ref: '#/components/schemas/FlowRequest'
configure_flow:
type: string
format: uuid
nullable: true
description: Flow used by an authenticated user to configure this Stage.
If empty, user will not be able to configure this stage.
user_verification:
$ref: '#/components/schemas/UserVerificationEnum'
authenticator_attachment:
allOf:
- $ref: '#/components/schemas/AuthenticatorAttachmentEnum'
nullable: true
resident_key_requirement:
$ref: '#/components/schemas/ResidentKeyRequirementEnum'
PatchedAuthenticatorDuoStageRequest:
type: object
description: AuthenticatorDuoStage Serializer
properties:
name:
type: string
minLength: 1
flow_set:
type: array
items:
$ref: '#/components/schemas/FlowRequest'
configure_flow:
type: string
format: uuid
nullable: true
description: Flow used by an authenticated user to configure this Stage.
If empty, user will not be able to configure this stage.
client_id:
type: string
minLength: 1
client_secret:
type: string
writeOnly: true
minLength: 1
api_hostname:
type: string
minLength: 1
stages/authenticator_sms: Add SMS Authenticator Stage (#1577) * stages/authenticator_sms: initial implementation Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add initial stage UI Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/elements: clear invalid state when old input was invalid but new input is correct Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: add more logic Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/user: add basic SMS settings Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: initial working version Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: add tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/flows: optimise totp password manager entry on authenticator_validation stage Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/elements: add grouping support for table Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: allow sms class in authenticator stage Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add grouping to more pages Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_validate: add SMS support Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * api: add throttling for flow executor based on session key and pending user Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web: fix style issues Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * ci: add workflow to compile backend translations Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-11 15:51:49 +00:00
PatchedAuthenticatorSMSStageRequest:
type: object
description: AuthenticatorSMSStage Serializer
properties:
name:
type: string
minLength: 1
stages/authenticator_sms: Add SMS Authenticator Stage (#1577) * stages/authenticator_sms: initial implementation Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add initial stage UI Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/elements: clear invalid state when old input was invalid but new input is correct Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: add more logic Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/user: add basic SMS settings Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: initial working version Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: add tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/flows: optimise totp password manager entry on authenticator_validation stage Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/elements: add grouping support for table Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: allow sms class in authenticator stage Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add grouping to more pages Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_validate: add SMS support Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * api: add throttling for flow executor based on session key and pending user Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web: fix style issues Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * ci: add workflow to compile backend translations Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-11 15:51:49 +00:00
flow_set:
type: array
items:
$ref: '#/components/schemas/FlowRequest'
configure_flow:
type: string
format: uuid
nullable: true
description: Flow used by an authenticated user to configure this Stage.
If empty, user will not be able to configure this stage.
provider:
$ref: '#/components/schemas/ProviderEnum'
from_number:
type: string
minLength: 1
account_sid:
stages/authenticator_sms: Add SMS Authenticator Stage (#1577) * stages/authenticator_sms: initial implementation Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add initial stage UI Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/elements: clear invalid state when old input was invalid but new input is correct Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: add more logic Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/user: add basic SMS settings Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: initial working version Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: add tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/flows: optimise totp password manager entry on authenticator_validation stage Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/elements: add grouping support for table Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: allow sms class in authenticator stage Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add grouping to more pages Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_validate: add SMS support Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * api: add throttling for flow executor based on session key and pending user Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web: fix style issues Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * ci: add workflow to compile backend translations Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-11 15:51:49 +00:00
type: string
minLength: 1
auth:
stages/authenticator_sms: Add SMS Authenticator Stage (#1577) * stages/authenticator_sms: initial implementation Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add initial stage UI Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/elements: clear invalid state when old input was invalid but new input is correct Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: add more logic Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/user: add basic SMS settings Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: initial working version Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: add tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/flows: optimise totp password manager entry on authenticator_validation stage Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/elements: add grouping support for table Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: allow sms class in authenticator stage Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add grouping to more pages Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_validate: add SMS support Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * api: add throttling for flow executor based on session key and pending user Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web: fix style issues Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * ci: add workflow to compile backend translations Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-11 15:51:49 +00:00
type: string
minLength: 1
auth_password:
type: string
auth_type:
$ref: '#/components/schemas/AuthTypeEnum'
verify_only:
type: boolean
description: When enabled, the Phone number is only used during enrollment
to verify the users authenticity. Only a hash of the phone number is saved
to ensure it is not re-used in the future.
PatchedAuthenticatorStaticStageRequest:
type: object
description: AuthenticatorStaticStage Serializer
properties:
name:
type: string
minLength: 1
flow_set:
type: array
items:
$ref: '#/components/schemas/FlowRequest'
configure_flow:
type: string
format: uuid
nullable: true
description: Flow used by an authenticated user to configure this Stage.
If empty, user will not be able to configure this stage.
token_count:
type: integer
maximum: 2147483647
minimum: -2147483648
PatchedAuthenticatorTOTPStageRequest:
type: object
description: AuthenticatorTOTPStage Serializer
properties:
name:
type: string
minLength: 1
flow_set:
type: array
items:
$ref: '#/components/schemas/FlowRequest'
configure_flow:
type: string
format: uuid
nullable: true
description: Flow used by an authenticated user to configure this Stage.
If empty, user will not be able to configure this stage.
digits:
allOf:
- $ref: '#/components/schemas/DigitsEnum'
minimum: -2147483648
maximum: 2147483647
PatchedAuthenticatorValidateStageRequest:
type: object
description: AuthenticatorValidateStage Serializer
properties:
name:
type: string
minLength: 1
flow_set:
type: array
items:
$ref: '#/components/schemas/FlowRequest'
not_configured_action:
$ref: '#/components/schemas/NotConfiguredActionEnum'
device_classes:
type: array
items:
$ref: '#/components/schemas/DeviceClassesEnum'
description: Device classes which can be used to authenticate
configuration_stages:
type: array
items:
type: string
format: uuid
description: Stages used to configure Authenticator when user doesn't have
any compatible devices. After this configuration Stage passes, the user
is not prompted again.
last_auth_threshold:
type: string
minLength: 1
description: If any of the user's device has been used within this threshold,
this stage will be skipped
PatchedCaptchaStageRequest:
type: object
description: CaptchaStage Serializer
properties:
name:
type: string
minLength: 1
flow_set:
type: array
items:
$ref: '#/components/schemas/FlowRequest'
public_key:
type: string
minLength: 1
description: Public key, acquired from https://www.google.com/recaptcha/intro/v3.html
private_key:
type: string
writeOnly: true
minLength: 1
description: Private key, acquired from https://www.google.com/recaptcha/intro/v3.html
PatchedCertificateKeyPairRequest:
type: object
description: CertificateKeyPair Serializer
properties:
name:
type: string
minLength: 1
certificate_data:
type: string
writeOnly: true
minLength: 1
description: PEM-encoded Certificate data
key_data:
type: string
writeOnly: true
description: Optional Private Key. If this is set, you can use this keypair
for encryption.
managed:
type: string
nullable: true
minLength: 1
title: Managed by authentik
description: Objects which are managed by authentik. These objects are created
and updated automatically. This is flag only indicates that an object
can be overwritten by migrations. You can still modify the objects via
the API, but expect changes to be overwritten in a later update.
PatchedConsentStageRequest:
type: object
description: ConsentStage Serializer
properties:
name:
type: string
minLength: 1
flow_set:
type: array
items:
$ref: '#/components/schemas/FlowRequest'
mode:
$ref: '#/components/schemas/ConsentStageModeEnum'
consent_expire_in:
type: string
minLength: 1
title: Consent expires in
description: 'Offset after which consent expires. (Format: hours=1;minutes=2;seconds=3).'
PatchedDenyStageRequest:
type: object
description: DenyStage Serializer
properties:
name:
type: string
minLength: 1
flow_set:
type: array
items:
$ref: '#/components/schemas/FlowRequest'
PatchedDockerServiceConnectionRequest:
type: object
description: DockerServiceConnection Serializer
properties:
name:
type: string
minLength: 1
local:
type: boolean
description: If enabled, use the local connection. Required Docker socket/Kubernetes
Integration
url:
type: string
minLength: 1
description: Can be in the format of 'unix://<path>' when connecting to
a local docker daemon, or 'https://<hostname>:2376' when connecting to
a remote system.
tls_verification:
type: string
format: uuid
nullable: true
description: CA which the endpoint's Certificate is verified against. Can
be left empty for no validation.
tls_authentication:
type: string
format: uuid
nullable: true
description: Certificate/Key used for authentication. Can be left empty
for no authentication.
PatchedDummyPolicyRequest:
type: object
description: Dummy Policy Serializer
properties:
name:
type: string
nullable: true
execution_logging:
type: boolean
description: When this option is enabled, all executions of this policy
will be logged. By default, only execution errors are logged.
result:
type: boolean
wait_min:
type: integer
maximum: 2147483647
minimum: -2147483648
wait_max:
type: integer
maximum: 2147483647
minimum: -2147483648
PatchedDummyStageRequest:
type: object
description: DummyStage Serializer
properties:
name:
type: string
minLength: 1
flow_set:
type: array
items:
$ref: '#/components/schemas/FlowRequest'
PatchedDuoDeviceRequest:
type: object
description: Serializer for Duo authenticator devices
properties:
name:
type: string
minLength: 1
description: The human-readable name of this device.
maxLength: 64
PatchedEmailStageRequest:
type: object
description: EmailStage Serializer
properties:
name:
type: string
minLength: 1
flow_set:
type: array
items:
$ref: '#/components/schemas/FlowRequest'
use_global_settings:
type: boolean
description: When enabled, global Email connection settings will be used
and connection settings below will be ignored.
host:
type: string
minLength: 1
port:
type: integer
maximum: 2147483647
minimum: -2147483648
username:
type: string
password:
type: string
writeOnly: true
use_tls:
type: boolean
use_ssl:
type: boolean
timeout:
type: integer
maximum: 2147483647
minimum: -2147483648
from_address:
type: string
format: email
minLength: 1
maxLength: 254
token_expiry:
type: integer
maximum: 2147483647
minimum: -2147483648
description: Time in minutes the token sent is valid.
subject:
type: string
minLength: 1
template:
type: string
minLength: 1
activate_user_on_success:
type: boolean
description: Activate users upon completion of stage.
PatchedEventMatcherPolicyRequest:
type: object
description: Event Matcher Policy Serializer
properties:
name:
type: string
nullable: true
execution_logging:
type: boolean
description: When this option is enabled, all executions of this policy
will be logged. By default, only execution errors are logged.
action:
allOf:
- $ref: '#/components/schemas/EventActions'
description: Match created events with this action type. When left empty,
all action types will be matched.
client_ip:
type: string
description: Matches Event's Client IP (strict matching, for network matching
use an Expression Policy)
app:
allOf:
- $ref: '#/components/schemas/AppEnum'
description: Match events created by selected application. When left empty,
all applications are matched.
PatchedEventRequest:
type: object
description: Event Serializer
properties:
user:
type: object
additionalProperties: {}
action:
$ref: '#/components/schemas/EventActions'
app:
type: string
minLength: 1
context:
type: object
additionalProperties: {}
client_ip:
type: string
nullable: true
minLength: 1
expires:
type: string
format: date-time
tenant:
type: object
additionalProperties: {}
PatchedExpressionPolicyRequest:
type: object
description: Group Membership Policy Serializer
properties:
name:
type: string
nullable: true
execution_logging:
type: boolean
description: When this option is enabled, all executions of this policy
will be logged. By default, only execution errors are logged.
expression:
type: string
minLength: 1
PatchedFlowRequest:
type: object
description: Flow Serializer
properties:
name:
type: string
minLength: 1
slug:
type: string
minLength: 1
description: Visible in the URL.
maxLength: 50
pattern: ^[-a-zA-Z0-9_]+$
title:
type: string
minLength: 1
description: Shown as the Title in Flow pages.
designation:
allOf:
- $ref: '#/components/schemas/FlowDesignationEnum'
description: Decides what this Flow is used for. For example, the Authentication
flow is redirect to when an un-authenticated user visits authentik.
policy_engine_mode:
$ref: '#/components/schemas/PolicyEngineMode'
compatibility_mode:
type: boolean
description: Enable compatibility mode, increases compatibility with password
managers on mobile devices.
2022-05-15 23:10:23 +00:00
layout:
$ref: '#/components/schemas/LayoutEnum'
PatchedFlowStageBindingRequest:
type: object
description: FlowStageBinding Serializer
properties:
target:
type: string
format: uuid
stage:
type: string
format: uuid
evaluate_on_plan:
type: boolean
description: Evaluate policies during the Flow planning process. Disable
this for input-based policies.
re_evaluate_policies:
type: boolean
description: Evaluate policies when the Stage is present to the user.
order:
type: integer
maximum: 2147483647
minimum: -2147483648
policy_engine_mode:
$ref: '#/components/schemas/PolicyEngineMode'
invalid_response_action:
allOf:
- $ref: '#/components/schemas/InvalidResponseActionEnum'
description: Configure how the flow executor should handle an invalid response
to a challenge. RETRY returns the error message and a similar challenge
to the executor. RESTART restarts the flow from the beginning, and RESTART_WITH_CONTEXT
restarts the flow while keeping the current context.
PatchedGroupRequest:
type: object
description: Group Serializer
properties:
name:
type: string
minLength: 1
maxLength: 80
is_superuser:
type: boolean
description: Users added to this group will be superusers.
parent:
type: string
format: uuid
nullable: true
users:
type: array
items:
type: integer
attributes:
type: object
additionalProperties: {}
PatchedHaveIBeenPwendPolicyRequest:
type: object
description: Have I Been Pwned Policy Serializer
properties:
name:
type: string
nullable: true
execution_logging:
type: boolean
description: When this option is enabled, all executions of this policy
will be logged. By default, only execution errors are logged.
password_field:
type: string
minLength: 1
description: Field key to check, field keys defined in Prompt stages are
available.
allowed_count:
type: integer
maximum: 2147483647
minimum: -2147483648
PatchedIdentificationStageRequest:
type: object
description: IdentificationStage Serializer
properties:
name:
type: string
minLength: 1
flow_set:
type: array
items:
$ref: '#/components/schemas/FlowRequest'
user_fields:
type: array
items:
$ref: '#/components/schemas/UserFieldsEnum'
description: Fields of the user object to match against. (Hold shift to
select multiple options)
password_stage:
type: string
format: uuid
nullable: true
description: When set, shows a password field, instead of showing the password
field as seaprate step.
case_insensitive_matching:
type: boolean
description: When enabled, user fields are matched regardless of their casing.
show_matched_user:
type: boolean
description: When a valid username/email has been entered, and this option
is enabled, the user's username and avatar will be shown. Otherwise, the
text that the user entered will be shown
enrollment_flow:
type: string
format: uuid
nullable: true
description: Optional enrollment flow, which is linked at the bottom of
the page.
recovery_flow:
type: string
format: uuid
nullable: true
description: Optional recovery flow, which is linked at the bottom of the
page.
passwordless_flow:
type: string
format: uuid
nullable: true
description: Optional passwordless flow, which is linked at the bottom of
the page.
sources:
type: array
items:
type: string
format: uuid
description: Specify which sources should be shown.
show_source_labels:
type: boolean
PatchedInvitationRequest:
type: object
description: Invitation Serializer
properties:
name:
type: string
minLength: 1
maxLength: 50
pattern: ^[-a-zA-Z0-9_]+$
expires:
type: string
format: date-time
fixed_data:
type: object
additionalProperties: {}
single_use:
type: boolean
description: When enabled, the invitation will be deleted after usage.
PatchedInvitationStageRequest:
type: object
description: InvitationStage Serializer
properties:
name:
type: string
minLength: 1
flow_set:
type: array
items:
$ref: '#/components/schemas/FlowRequest'
continue_flow_without_invitation:
type: boolean
description: If this flag is set, this Stage will jump to the next Stage
when no Invitation is given. By default this Stage will cancel the Flow
when no invitation is given.
PatchedKubernetesServiceConnectionRequest:
type: object
description: KubernetesServiceConnection Serializer
properties:
name:
type: string
minLength: 1
local:
type: boolean
description: If enabled, use the local connection. Required Docker socket/Kubernetes
Integration
kubeconfig:
type: object
additionalProperties: {}
description: Paste your kubeconfig here. authentik will automatically use
the currently selected context.
PatchedLDAPPropertyMappingRequest:
type: object
description: LDAP PropertyMapping Serializer
properties:
managed:
type: string
nullable: true
minLength: 1
title: Managed by authentik
description: Objects which are managed by authentik. These objects are created
and updated automatically. This is flag only indicates that an object
can be overwritten by migrations. You can still modify the objects via
the API, but expect changes to be overwritten in a later update.
name:
type: string
minLength: 1
expression:
type: string
minLength: 1
object_field:
type: string
minLength: 1
PatchedLDAPProviderRequest:
type: object
description: LDAPProvider Serializer
properties:
name:
type: string
minLength: 1
authorization_flow:
type: string
format: uuid
description: Flow used when authorizing this provider.
property_mappings:
type: array
items:
type: string
format: uuid
base_dn:
type: string
minLength: 1
description: DN under which objects are accessible.
search_group:
type: string
format: uuid
nullable: true
description: Users in this group can do search queries. If not set, every
user can execute search queries.
2021-07-13 16:24:18 +00:00
certificate:
type: string
format: uuid
nullable: true
tls_server_name:
type: string
2021-07-14 07:17:01 +00:00
uid_start_number:
type: integer
maximum: 2147483647
minimum: -2147483648
description: The start for uidNumbers, this number is added to the user.Pk
to make sure that the numbers aren't too low for POSIX users. Default
is 2000 to ensure that we don't collide with local users uidNumber
2021-07-14 07:17:01 +00:00
gid_start_number:
type: integer
maximum: 2147483647
minimum: -2147483648
description: The start for gidNumbers, this number is added to a number
generated from the group.Pk to make sure that the numbers aren't too low
for POSIX groups. Default is 4000 to ensure that we don't collide with
local groups or users primary groups gidNumber
search_mode:
$ref: '#/components/schemas/LDAPAPIAccessMode'
bind_mode:
$ref: '#/components/schemas/LDAPAPIAccessMode'
PatchedLDAPSourceRequest:
type: object
description: LDAP Source Serializer
properties:
name:
type: string
minLength: 1
description: Source's display Name.
slug:
type: string
minLength: 1
description: Internal source name, used in URLs.
maxLength: 50
pattern: ^[-a-zA-Z0-9_]+$
enabled:
type: boolean
authentication_flow:
type: string
format: uuid
nullable: true
description: Flow to use when authenticating existing users.
enrollment_flow:
type: string
format: uuid
nullable: true
description: Flow to use when enrolling new users.
policy_engine_mode:
$ref: '#/components/schemas/PolicyEngineMode'
user_matching_mode:
allOf:
- $ref: '#/components/schemas/UserMatchingModeEnum'
description: How the source determines if an existing user should be authenticated
or a new user enrolled.
server_uri:
type: string
minLength: 1
format: uri
peer_certificate:
type: string
format: uuid
nullable: true
description: Optionally verify the LDAP Server's Certificate against the
CA Chain in this keypair.
bind_cn:
type: string
bind_password:
type: string
writeOnly: true
start_tls:
type: boolean
title: Enable Start TLS
base_dn:
type: string
minLength: 1
additional_user_dn:
type: string
title: Addition User DN
description: Prepended to Base DN for User-queries.
additional_group_dn:
type: string
title: Addition Group DN
description: Prepended to Base DN for Group-queries.
user_object_filter:
type: string
minLength: 1
description: Consider Objects matching this filter to be Users.
group_object_filter:
type: string
minLength: 1
description: Consider Objects matching this filter to be Groups.
group_membership_field:
type: string
minLength: 1
description: Field which contains members of a group.
object_uniqueness_field:
type: string
minLength: 1
description: Field which contains a unique Identifier.
sync_users:
type: boolean
sync_users_password:
type: boolean
description: When a user changes their password, sync it back to LDAP. This
can only be enabled on a single LDAP source.
sync_groups:
type: boolean
sync_parent_group:
type: string
format: uuid
nullable: true
property_mappings:
type: array
items:
type: string
format: uuid
property_mappings_group:
type: array
items:
type: string
format: uuid
description: Property mappings used for group creation/updating.
PatchedNotificationRequest:
type: object
description: Notification Serializer
properties:
event:
$ref: '#/components/schemas/EventRequest'
seen:
type: boolean
PatchedNotificationRuleRequest:
type: object
description: NotificationRule Serializer
properties:
name:
type: string
minLength: 1
transports:
type: array
items:
type: string
format: uuid
description: Select which transports should be used to notify the user.
If none are selected, the notification will only be shown in the authentik
UI.
severity:
allOf:
- $ref: '#/components/schemas/SeverityEnum'
description: Controls which severity level the created notifications will
have.
group:
type: string
format: uuid
nullable: true
description: Define which group of users this notification should be sent
and shown to. If left empty, Notification won't ben sent.
PatchedNotificationTransportRequest:
type: object
description: NotificationTransport Serializer
properties:
name:
type: string
minLength: 1
mode:
$ref: '#/components/schemas/NotificationTransportModeEnum'
webhook_url:
type: string
format: uri
webhook_mapping:
type: string
format: uuid
nullable: true
send_once:
type: boolean
description: Only send notification once, for example when sending a webhook
into a chat channel.
PatchedNotificationWebhookMappingRequest:
type: object
description: NotificationWebhookMapping Serializer
properties:
name:
type: string
minLength: 1
expression:
type: string
minLength: 1
PatchedOAuth2ProviderRequest:
type: object
description: OAuth2Provider Serializer
properties:
name:
type: string
minLength: 1
authorization_flow:
type: string
format: uuid
description: Flow used when authorizing this provider.
property_mappings:
type: array
items:
type: string
format: uuid
client_type:
allOf:
- $ref: '#/components/schemas/ClientTypeEnum'
description: |-
Confidential clients are capable of maintaining the confidentiality
of their credentials. Public clients are incapable.
client_id:
type: string
minLength: 1
maxLength: 255
client_secret:
type: string
maxLength: 255
access_code_validity:
type: string
minLength: 1
description: 'Access codes not valid on or after current time + this value
(Format: hours=1;minutes=2;seconds=3).'
token_validity:
type: string
minLength: 1
description: 'Tokens not valid on or after current time + this value (Format:
hours=1;minutes=2;seconds=3).'
include_claims_in_id_token:
type: boolean
description: Include User claims from scopes in the id_token, for applications
that don't access the userinfo endpoint.
signing_key:
type: string
format: uuid
nullable: true
description: Key used to sign the tokens. Only required when JWT Algorithm
is set to RS256.
redirect_uris:
type: string
description: Enter each URI on a new line.
sub_mode:
allOf:
- $ref: '#/components/schemas/SubModeEnum'
description: Configure what data should be used as unique User Identifier.
For most cases, the default should be fine.
issuer_mode:
allOf:
- $ref: '#/components/schemas/IssuerModeEnum'
description: Configure how the issuer field of the ID Token should be filled.
verification_keys:
type: array
items:
type: string
format: uuid
title: Allowed certificates for JWT-based client_credentials
title: Allowed certificates for JWT-based client_credentials
description: DEPRECATED. JWTs created with the configured certificates can
authenticate with this provider.
jwks_sources:
type: array
items:
type: string
format: uuid
title: Any JWT signed by the JWK of the selected source can be used to
authenticate.
title: Any JWT signed by the JWK of the selected source can be used to authenticate.
PatchedOAuthSourceRequest:
type: object
description: OAuth Source Serializer
properties:
name:
type: string
minLength: 1
description: Source's display Name.
slug:
type: string
minLength: 1
description: Internal source name, used in URLs.
maxLength: 50
pattern: ^[-a-zA-Z0-9_]+$
enabled:
type: boolean
authentication_flow:
type: string
format: uuid
nullable: true
description: Flow to use when authenticating existing users.
enrollment_flow:
type: string
format: uuid
nullable: true
description: Flow to use when enrolling new users.
policy_engine_mode:
$ref: '#/components/schemas/PolicyEngineMode'
user_matching_mode:
allOf:
- $ref: '#/components/schemas/UserMatchingModeEnum'
description: How the source determines if an existing user should be authenticated
or a new user enrolled.
provider_type:
$ref: '#/components/schemas/ProviderTypeEnum'
request_token_url:
type: string
nullable: true
minLength: 1
description: URL used to request the initial token. This URL is only required
for OAuth 1.
maxLength: 255
authorization_url:
type: string
nullable: true
minLength: 1
description: URL the user is redirect to to conest the flow.
maxLength: 255
access_token_url:
type: string
nullable: true
minLength: 1
description: URL used by authentik to retrieve tokens.
maxLength: 255
profile_url:
type: string
nullable: true
minLength: 1
description: URL used by authentik to get user information.
maxLength: 255
consumer_key:
type: string
minLength: 1
consumer_secret:
type: string
writeOnly: true
minLength: 1
additional_scopes:
type: string
oidc_well_known_url:
type: string
oidc_jwks_url:
type: string
oidc_jwks:
type: object
additionalProperties: {}
PatchedOutpostRequest:
type: object
description: Outpost Serializer
properties:
name:
type: string
minLength: 1
type:
$ref: '#/components/schemas/OutpostTypeEnum'
providers:
type: array
items:
type: integer
service_connection:
type: string
format: uuid
nullable: true
description: Select Service-Connection authentik should use to manage this
outpost. Leave empty if authentik should not handle the deployment.
config:
type: object
additionalProperties: {}
managed:
type: string
nullable: true
minLength: 1
title: Managed by authentik
description: Objects which are managed by authentik. These objects are created
and updated automatically. This is flag only indicates that an object
can be overwritten by migrations. You can still modify the objects via
the API, but expect changes to be overwritten in a later update.
PatchedPasswordExpiryPolicyRequest:
type: object
description: Password Expiry Policy Serializer
properties:
name:
type: string
nullable: true
execution_logging:
type: boolean
description: When this option is enabled, all executions of this policy
will be logged. By default, only execution errors are logged.
days:
type: integer
maximum: 2147483647
minimum: -2147483648
deny_only:
type: boolean
PatchedPasswordPolicyRequest:
type: object
description: Password Policy Serializer
properties:
name:
type: string
nullable: true
execution_logging:
type: boolean
description: When this option is enabled, all executions of this policy
will be logged. By default, only execution errors are logged.
password_field:
type: string
minLength: 1
description: Field key to check, field keys defined in Prompt stages are
available.
amount_digits:
type: integer
maximum: 2147483647
minimum: 0
amount_uppercase:
type: integer
maximum: 2147483647
minimum: 0
amount_lowercase:
type: integer
maximum: 2147483647
minimum: 0
amount_symbols:
type: integer
maximum: 2147483647
minimum: 0
length_min:
type: integer
maximum: 2147483647
minimum: 0
symbol_charset:
type: string
minLength: 1
error_message:
type: string
minLength: 1
PatchedPasswordStageRequest:
type: object
description: PasswordStage Serializer
properties:
name:
type: string
minLength: 1
flow_set:
type: array
items:
$ref: '#/components/schemas/FlowRequest'
backends:
type: array
items:
$ref: '#/components/schemas/BackendsEnum'
description: Selection of backends to test the password against.
configure_flow:
type: string
format: uuid
nullable: true
description: Flow used by an authenticated user to configure this Stage.
If empty, user will not be able to configure this stage.
failed_attempts_before_cancel:
type: integer
maximum: 2147483647
minimum: -2147483648
description: How many attempts a user has before the flow is canceled. To
lock the user out, use a reputation policy and a user_write stage.
PatchedPlexSourceConnectionRequest:
type: object
description: Plex Source connection Serializer
properties:
identifier:
type: string
minLength: 1
plex_token:
type: string
minLength: 1
PatchedPlexSourceRequest:
type: object
description: Plex Source Serializer
properties:
name:
type: string
minLength: 1
description: Source's display Name.
slug:
type: string
minLength: 1
description: Internal source name, used in URLs.
maxLength: 50
pattern: ^[-a-zA-Z0-9_]+$
enabled:
type: boolean
authentication_flow:
type: string
format: uuid
nullable: true
description: Flow to use when authenticating existing users.
enrollment_flow:
type: string
format: uuid
nullable: true
description: Flow to use when enrolling new users.
policy_engine_mode:
$ref: '#/components/schemas/PolicyEngineMode'
user_matching_mode:
allOf:
- $ref: '#/components/schemas/UserMatchingModeEnum'
description: How the source determines if an existing user should be authenticated
or a new user enrolled.
client_id:
type: string
minLength: 1
description: Client identifier used to talk to Plex.
allowed_servers:
type: array
items:
type: string
minLength: 1
description: Which servers a user has to be a member of to be granted access.
Empty list allows every server.
allow_friends:
type: boolean
description: Allow friends to authenticate, even if you don't share a server.
plex_token:
type: string
minLength: 1
description: Plex token used to check friends
PatchedPolicyBindingRequest:
type: object
description: PolicyBinding Serializer
properties:
policy:
type: string
format: uuid
nullable: true
group:
type: string
format: uuid
nullable: true
user:
type: integer
nullable: true
target:
type: string
format: uuid
negate:
type: boolean
description: Negates the outcome of the policy. Messages are unaffected.
enabled:
type: boolean
order:
type: integer
maximum: 2147483647
minimum: -2147483648
timeout:
type: integer
maximum: 2147483647
minimum: -2147483648
description: Timeout after which Policy execution is terminated.
PatchedPromptRequest:
type: object
description: Prompt Serializer
properties:
field_key:
type: string
minLength: 1
description: Name of the form field, also used to store the value
label:
type: string
minLength: 1
type:
$ref: '#/components/schemas/PromptTypeEnum'
required:
type: boolean
placeholder:
type: string
order:
type: integer
maximum: 2147483647
minimum: -2147483648
promptstage_set:
type: array
items:
$ref: '#/components/schemas/StageRequest'
sub_text:
type: string
core: customisable user settings (#2397) * tenants: add user_settings flow, add basic flow and basic new executor Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/user: use flow PromptStage instead of custom stage Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/flows: add tenant to StageHost interface Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/user: fix form missing component Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/user: re-add success message Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/user: improve support for multiple error messages Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/prompt: allow expressions in prompt placeholders Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/prompt: add tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * flows: always set pending user Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * flows: never cache stage configuration flow plans Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/user_write: fix error when pending user is anonymous user Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add checkbox for prompt placeholder expression Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * website/docs: add prompt expression docs Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/prompt: add ak-locale field type Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * tenants: fix default policy Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/user: add function to do global refresh Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/flows: fix rendering of ak-locale Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * tenants: fix default policy, add error handling to placeholder, fix locale attribute Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-02 23:13:06 +00:00
placeholder_expression:
type: boolean
PatchedPromptStageRequest:
type: object
description: PromptStage Serializer
properties:
name:
type: string
minLength: 1
flow_set:
type: array
items:
$ref: '#/components/schemas/FlowRequest'
fields:
type: array
items:
type: string
format: uuid
validation_policies:
type: array
items:
type: string
format: uuid
PatchedProxyProviderRequest:
type: object
description: ProxyProvider Serializer
properties:
name:
type: string
minLength: 1
authorization_flow:
type: string
format: uuid
description: Flow used when authorizing this provider.
property_mappings:
type: array
items:
type: string
format: uuid
internal_host:
type: string
format: uri
external_host:
type: string
minLength: 1
format: uri
internal_host_ssl_validation:
type: boolean
description: Validate SSL Certificates of upstream servers
certificate:
type: string
format: uuid
nullable: true
skip_path_regex:
type: string
description: Regular expressions for which authentication is not required.
Each new line is interpreted as a new Regular Expression.
basic_auth_enabled:
type: boolean
title: Set HTTP-Basic Authentication
description: Set a custom HTTP-Basic Authentication header based on values
from authentik.
basic_auth_password_attribute:
type: string
title: HTTP-Basic Password Key
description: User/Group Attribute used for the password part of the HTTP-Basic
Header.
basic_auth_user_attribute:
type: string
title: HTTP-Basic Username Key
description: User/Group Attribute used for the user part of the HTTP-Basic
Header. If not set, the user's Email address is used.
outposts: set cookies for a domain to authenticate an entire domain (#971) * outposts: initial cookie domain implementation Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add cookie domain setting Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * providers/proxy: replace forward_auth_mode with general mode Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: rebuild proxy provider form Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * providers/proxy: re-add forward_auth_mode for backwards compat Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: fix data.mode not being set Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * root: always set log level to debug when testing Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * providers/proxy: use new mode attribute Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * providers/proxy: only ingress /akprox on forward_domain Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * providers/proxy: fix lint error Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: fix error on ProxyProviderForm when not using proxy mode Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: fix default for outpost form's type missing Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add additional desc for proxy modes Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * outposts: fix service account permissions not always being updated Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * outpost/proxy: fix redirecting to incorrect host for domain mode Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web: improve error handling for network errors Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * outpost: fix image naming not matching main imaeg Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * outposts/proxy: fix redirects for domain mode and traefik Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web: fix colour for paragraphs Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/flows: fix consent stage not showing permissions correctly Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * website/docs: add domain-level docs Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * website/docs: fix broken links Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * outposts/proxy: remove dead code Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/flows: fix missing id for #header-text Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-08 21:10:17 +00:00
mode:
allOf:
- $ref: '#/components/schemas/ProxyMode'
description: Enable support for forwardAuth in traefik and nginx auth_request.
Exclusive with internal_host.
outposts: set cookies for a domain to authenticate an entire domain (#971) * outposts: initial cookie domain implementation Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add cookie domain setting Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * providers/proxy: replace forward_auth_mode with general mode Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: rebuild proxy provider form Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * providers/proxy: re-add forward_auth_mode for backwards compat Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: fix data.mode not being set Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * root: always set log level to debug when testing Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * providers/proxy: use new mode attribute Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * providers/proxy: only ingress /akprox on forward_domain Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * providers/proxy: fix lint error Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: fix error on ProxyProviderForm when not using proxy mode Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: fix default for outpost form's type missing Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add additional desc for proxy modes Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * outposts: fix service account permissions not always being updated Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * outpost/proxy: fix redirecting to incorrect host for domain mode Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web: improve error handling for network errors Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * outpost: fix image naming not matching main imaeg Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * outposts/proxy: fix redirects for domain mode and traefik Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web: fix colour for paragraphs Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/flows: fix consent stage not showing permissions correctly Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * website/docs: add domain-level docs Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * website/docs: fix broken links Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * outposts/proxy: remove dead code Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/flows: fix missing id for #header-text Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-08 21:10:17 +00:00
cookie_domain:
type: string
outposts/proxyv2 (#1365) * outposts/proxyv2: initial commit Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add rs256 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> more stuff Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add forward auth an sign_out Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> match cookie name Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> re-add support for rs256 for backwards compat Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add error handler Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> ensure unique user-agent is used Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> set cookie duration based on id_token expiry Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> build proxy v2 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add ssl Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add basic auth and custom header support Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add application cert loading Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> implement whitelist Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add redis Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> migrate embedded outpost to v2 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> remove old proxy Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> providers/proxy: make token expiration configurable Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add metrics Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> fix tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * providers/proxy: only allow one redirect URI Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix docker build for proxy Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * remove default port offset Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add AUTHENTIK_HOST_BROWSER Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * tests: fix e2e/integration tests not using proper tags Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * remove references of old port Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix user_attributes not being loaded correctly Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * cleanup dependencies Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * cleanup Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-08 18:04:56 +00:00
token_validity:
type: string
minLength: 1
outposts/proxyv2 (#1365) * outposts/proxyv2: initial commit Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add rs256 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> more stuff Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add forward auth an sign_out Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> match cookie name Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> re-add support for rs256 for backwards compat Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add error handler Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> ensure unique user-agent is used Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> set cookie duration based on id_token expiry Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> build proxy v2 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add ssl Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add basic auth and custom header support Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add application cert loading Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> implement whitelist Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add redis Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> migrate embedded outpost to v2 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> remove old proxy Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> providers/proxy: make token expiration configurable Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add metrics Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> fix tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * providers/proxy: only allow one redirect URI Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix docker build for proxy Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * remove default port offset Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add AUTHENTIK_HOST_BROWSER Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * tests: fix e2e/integration tests not using proper tags Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * remove references of old port Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix user_attributes not being loaded correctly Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * cleanup dependencies Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * cleanup Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-08 18:04:56 +00:00
description: 'Tokens not valid on or after current time + this value (Format:
hours=1;minutes=2;seconds=3).'
PatchedReputationPolicyRequest:
type: object
description: Reputation Policy Serializer
properties:
name:
type: string
nullable: true
execution_logging:
type: boolean
description: When this option is enabled, all executions of this policy
will be logged. By default, only execution errors are logged.
check_ip:
type: boolean
check_username:
type: boolean
threshold:
type: integer
maximum: 2147483647
minimum: -2147483648
PatchedSAMLPropertyMappingRequest:
type: object
description: SAMLPropertyMapping Serializer
properties:
managed:
type: string
nullable: true
minLength: 1
title: Managed by authentik
description: Objects which are managed by authentik. These objects are created
and updated automatically. This is flag only indicates that an object
can be overwritten by migrations. You can still modify the objects via
the API, but expect changes to be overwritten in a later update.
name:
type: string
minLength: 1
expression:
type: string
minLength: 1
saml_name:
type: string
minLength: 1
friendly_name:
type: string
nullable: true
PatchedSAMLProviderRequest:
type: object
description: SAMLProvider Serializer
properties:
name:
type: string
minLength: 1
authorization_flow:
type: string
format: uuid
description: Flow used when authorizing this provider.
property_mappings:
type: array
items:
type: string
format: uuid
acs_url:
type: string
format: uri
minLength: 1
maxLength: 200
audience:
type: string
description: Value of the audience restriction field of the assertion. When
left empty, no audience restriction will be added.
issuer:
type: string
minLength: 1
description: Also known as EntityID
assertion_valid_not_before:
type: string
minLength: 1
description: 'Assertion valid not before current time + this value (Format:
hours=-1;minutes=-2;seconds=-3).'
assertion_valid_not_on_or_after:
type: string
minLength: 1
description: 'Assertion not valid on or after current time + this value
(Format: hours=1;minutes=2;seconds=3).'
session_valid_not_on_or_after:
type: string
minLength: 1
description: 'Session not valid on or after current time + this value (Format:
hours=1;minutes=2;seconds=3).'
name_id_mapping:
type: string
format: uuid
nullable: true
title: NameID Property Mapping
description: Configure how the NameID value will be created. When left empty,
the NameIDPolicy of the incoming request will be considered
digest_algorithm:
$ref: '#/components/schemas/DigestAlgorithmEnum'
signature_algorithm:
$ref: '#/components/schemas/SignatureAlgorithmEnum'
signing_kp:
type: string
format: uuid
nullable: true
title: Signing Keypair
description: Keypair used to sign outgoing Responses going to the Service
Provider.
verification_kp:
type: string
format: uuid
nullable: true
title: Verification Certificate
description: When selected, incoming assertion's Signatures will be validated
against this certificate. To allow unsigned Requests, leave on default.
sp_binding:
allOf:
- $ref: '#/components/schemas/SpBindingEnum'
title: Service Provider Binding
description: This determines how authentik sends the response back to the
Service Provider.
PatchedSAMLSourceRequest:
type: object
description: SAMLSource Serializer
properties:
name:
type: string
minLength: 1
description: Source's display Name.
slug:
type: string
minLength: 1
description: Internal source name, used in URLs.
maxLength: 50
pattern: ^[-a-zA-Z0-9_]+$
enabled:
type: boolean
authentication_flow:
type: string
format: uuid
nullable: true
description: Flow to use when authenticating existing users.
enrollment_flow:
type: string
format: uuid
nullable: true
description: Flow to use when enrolling new users.
policy_engine_mode:
$ref: '#/components/schemas/PolicyEngineMode'
user_matching_mode:
allOf:
- $ref: '#/components/schemas/UserMatchingModeEnum'
description: How the source determines if an existing user should be authenticated
or a new user enrolled.
pre_authentication_flow:
type: string
format: uuid
description: Flow used before authentication.
issuer:
type: string
description: Also known as Entity ID. Defaults the Metadata URL.
sso_url:
type: string
format: uri
minLength: 1
description: URL that the initial Login request is sent to.
maxLength: 200
slo_url:
type: string
format: uri
nullable: true
description: Optional URL if your IDP supports Single-Logout.
maxLength: 200
allow_idp_initiated:
type: boolean
description: Allows authentication flows initiated by the IdP. This can
be a security risk, as no validation of the request ID is done.
name_id_policy:
allOf:
- $ref: '#/components/schemas/NameIdPolicyEnum'
description: NameID Policy sent to the IdP. Can be unset, in which case
no Policy is sent.
binding_type:
$ref: '#/components/schemas/BindingTypeEnum'
signing_kp:
type: string
format: uuid
nullable: true
title: Signing Keypair
description: Keypair which is used to sign outgoing requests. Leave empty
to disable signing.
digest_algorithm:
$ref: '#/components/schemas/DigestAlgorithmEnum'
signature_algorithm:
$ref: '#/components/schemas/SignatureAlgorithmEnum'
temporary_user_delete_after:
type: string
minLength: 1
title: Delete temporary users after
description: 'Time offset when temporary users should be deleted. This only
applies if your IDP uses the NameID Format ''transient'', and the user
doesn''t log out manually. (Format: hours=1;minutes=2;seconds=3).'
stages/authenticator_sms: Add SMS Authenticator Stage (#1577) * stages/authenticator_sms: initial implementation Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add initial stage UI Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/elements: clear invalid state when old input was invalid but new input is correct Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: add more logic Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/user: add basic SMS settings Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: initial working version Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: add tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/flows: optimise totp password manager entry on authenticator_validation stage Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/elements: add grouping support for table Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: allow sms class in authenticator stage Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add grouping to more pages Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_validate: add SMS support Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * api: add throttling for flow executor based on session key and pending user Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web: fix style issues Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * ci: add workflow to compile backend translations Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-11 15:51:49 +00:00
PatchedSMSDeviceRequest:
type: object
description: Serializer for sms authenticator devices
properties:
name:
type: string
minLength: 1
stages/authenticator_sms: Add SMS Authenticator Stage (#1577) * stages/authenticator_sms: initial implementation Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add initial stage UI Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/elements: clear invalid state when old input was invalid but new input is correct Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: add more logic Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/user: add basic SMS settings Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: initial working version Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: add tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/flows: optimise totp password manager entry on authenticator_validation stage Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/elements: add grouping support for table Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: allow sms class in authenticator stage Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add grouping to more pages Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_validate: add SMS support Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * api: add throttling for flow executor based on session key and pending user Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web: fix style issues Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * ci: add workflow to compile backend translations Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-11 15:51:49 +00:00
description: The human-readable name of this device.
maxLength: 64
PatchedScopeMappingRequest:
type: object
description: ScopeMapping Serializer
properties:
managed:
type: string
nullable: true
minLength: 1
title: Managed by authentik
description: Objects which are managed by authentik. These objects are created
and updated automatically. This is flag only indicates that an object
can be overwritten by migrations. You can still modify the objects via
the API, but expect changes to be overwritten in a later update.
name:
type: string
minLength: 1
expression:
type: string
minLength: 1
scope_name:
type: string
minLength: 1
description: Scope used by the client
description:
type: string
description: Description shown to the user when consenting. If left empty,
the user won't be informed.
PatchedStaticDeviceRequest:
type: object
description: Serializer for static authenticator devices
properties:
name:
type: string
minLength: 1
description: The human-readable name of this device.
maxLength: 64
PatchedTOTPDeviceRequest:
type: object
description: Serializer for totp authenticator devices
properties:
name:
type: string
minLength: 1
description: The human-readable name of this device.
maxLength: 64
PatchedTenantRequest:
type: object
description: Tenant Serializer
properties:
domain:
type: string
minLength: 1
description: Domain that activates this tenant. Can be a superset, i.e.
`a.b` for `aa.b` and `ba.b`
default:
type: boolean
branding_title:
type: string
minLength: 1
branding_logo:
type: string
minLength: 1
branding_favicon:
type: string
minLength: 1
flow_authentication:
type: string
format: uuid
nullable: true
flow_invalidation:
type: string
format: uuid
nullable: true
flow_recovery:
type: string
format: uuid
nullable: true
flow_unenrollment:
type: string
format: uuid
nullable: true
core: customisable user settings (#2397) * tenants: add user_settings flow, add basic flow and basic new executor Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/user: use flow PromptStage instead of custom stage Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/flows: add tenant to StageHost interface Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/user: fix form missing component Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/user: re-add success message Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/user: improve support for multiple error messages Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/prompt: allow expressions in prompt placeholders Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/prompt: add tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * flows: always set pending user Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * flows: never cache stage configuration flow plans Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/user_write: fix error when pending user is anonymous user Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add checkbox for prompt placeholder expression Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * website/docs: add prompt expression docs Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/prompt: add ak-locale field type Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * tenants: fix default policy Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/user: add function to do global refresh Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/flows: fix rendering of ak-locale Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * tenants: fix default policy, add error handling to placeholder, fix locale attribute Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-02 23:13:06 +00:00
flow_user_settings:
type: string
format: uuid
nullable: true
event_retention:
type: string
minLength: 1
description: 'Events will be deleted after this duration.(Format: weeks=3;days=2;hours=3,seconds=2).'
web_certificate:
type: string
format: uuid
nullable: true
description: Web Certificate used by the authentik Core webserver.
attributes:
type: object
additionalProperties: {}
PatchedTokenRequest:
type: object
description: Token Serializer
properties:
managed:
type: string
nullable: true
minLength: 1
title: Managed by authentik
description: Objects which are managed by authentik. These objects are created
and updated automatically. This is flag only indicates that an object
can be overwritten by migrations. You can still modify the objects via
the API, but expect changes to be overwritten in a later update.
identifier:
type: string
minLength: 1
maxLength: 255
pattern: ^[-a-zA-Z0-9_]+$
intent:
$ref: '#/components/schemas/IntentEnum'
user:
type: integer
description:
type: string
expires:
type: string
format: date-time
expiring:
type: boolean
PatchedUserDeleteStageRequest:
type: object
description: UserDeleteStage Serializer
properties:
name:
type: string
minLength: 1
flow_set:
type: array
items:
$ref: '#/components/schemas/FlowRequest'
PatchedUserLoginStageRequest:
type: object
description: UserLoginStage Serializer
properties:
name:
type: string
minLength: 1
flow_set:
type: array
items:
$ref: '#/components/schemas/FlowRequest'
session_duration:
type: string
minLength: 1
description: 'Determines how long a session lasts. Default of 0 means that
the sessions lasts until the browser is closed. (Format: hours=-1;minutes=-2;seconds=-3)'
PatchedUserLogoutStageRequest:
type: object
description: UserLogoutStage Serializer
properties:
name:
type: string
minLength: 1
flow_set:
type: array
items:
$ref: '#/components/schemas/FlowRequest'
PatchedUserOAuthSourceConnectionRequest:
type: object
description: OAuth Source Serializer
properties:
user:
type: integer
identifier:
type: string
minLength: 1
maxLength: 255
access_token:
type: string
writeOnly: true
nullable: true
PatchedUserRequest:
type: object
description: User Serializer
properties:
username:
type: string
minLength: 1
maxLength: 150
name:
type: string
description: User's display name.
is_active:
type: boolean
title: Active
description: Designates whether this user should be treated as active. Unselect
this instead of deleting accounts.
last_login:
type: string
format: date-time
nullable: true
groups:
type: array
items:
type: string
format: uuid
email:
type: string
format: email
title: Email address
maxLength: 254
attributes:
type: object
additionalProperties: {}
PatchedUserWriteStageRequest:
type: object
description: UserWriteStage Serializer
properties:
name:
type: string
minLength: 1
flow_set:
type: array
items:
$ref: '#/components/schemas/FlowRequest'
create_users_as_inactive:
type: boolean
description: When set, newly created users are inactive and cannot login.
create_users_group:
type: string
format: uuid
nullable: true
description: Optionally add newly created users to this group.
PatchedWebAuthnDeviceRequest:
type: object
description: Serializer for WebAuthn authenticator devices
properties:
name:
type: string
minLength: 1
maxLength: 200
Permission:
type: object
description: Permission used for consent
properties:
name:
type: string
id:
type: string
required:
- id
- name
PlexAuthenticationChallenge:
type: object
description: Challenge shown to the user in identification stage
properties:
type:
$ref: '#/components/schemas/ChallengeChoices'
flow_info:
$ref: '#/components/schemas/ContextualFlowInfo'
component:
type: string
default: ak-flow-sources-plex
response_errors:
type: object
additionalProperties:
type: array
items:
$ref: '#/components/schemas/ErrorDetail'
client_id:
type: string
slug:
type: string
required:
- client_id
- slug
- type
PlexAuthenticationChallengeResponseRequest:
type: object
description: Pseudo class for plex response
properties:
component:
type: string
minLength: 1
default: ak-flow-sources-plex
PlexSource:
type: object
description: Plex Source Serializer
properties:
pk:
type: string
format: uuid
readOnly: true
title: Pbm uuid
name:
type: string
description: Source's display Name.
slug:
type: string
description: Internal source name, used in URLs.
maxLength: 50
pattern: ^[-a-zA-Z0-9_]+$
enabled:
type: boolean
authentication_flow:
type: string
format: uuid
nullable: true
description: Flow to use when authenticating existing users.
enrollment_flow:
type: string
format: uuid
nullable: true
description: Flow to use when enrolling new users.
component:
type: string
readOnly: true
verbose_name:
type: string
readOnly: true
verbose_name_plural:
type: string
readOnly: true
meta_model_name:
type: string
readOnly: true
policy_engine_mode:
$ref: '#/components/schemas/PolicyEngineMode'
user_matching_mode:
allOf:
- $ref: '#/components/schemas/UserMatchingModeEnum'
description: How the source determines if an existing user should be authenticated
or a new user enrolled.
client_id:
type: string
description: Client identifier used to talk to Plex.
allowed_servers:
type: array
items:
type: string
description: Which servers a user has to be a member of to be granted access.
Empty list allows every server.
allow_friends:
type: boolean
description: Allow friends to authenticate, even if you don't share a server.
plex_token:
type: string
description: Plex token used to check friends
required:
- component
- meta_model_name
- name
- pk
- plex_token
- slug
- verbose_name
- verbose_name_plural
PlexSourceConnection:
type: object
description: Plex Source connection Serializer
properties:
pk:
type: integer
readOnly: true
title: ID
user:
type: integer
readOnly: true
source:
allOf:
- $ref: '#/components/schemas/Source'
readOnly: true
identifier:
type: string
plex_token:
type: string
required:
- identifier
- pk
- plex_token
- source
- user
PlexSourceConnectionRequest:
type: object
description: Plex Source connection Serializer
properties:
identifier:
type: string
minLength: 1
plex_token:
type: string
minLength: 1
required:
- identifier
- plex_token
PlexSourceRequest:
type: object
description: Plex Source Serializer
properties:
name:
type: string
minLength: 1
description: Source's display Name.
slug:
type: string
minLength: 1
description: Internal source name, used in URLs.
maxLength: 50
pattern: ^[-a-zA-Z0-9_]+$
enabled:
type: boolean
authentication_flow:
type: string
format: uuid
nullable: true
description: Flow to use when authenticating existing users.
enrollment_flow:
type: string
format: uuid
nullable: true
description: Flow to use when enrolling new users.
policy_engine_mode:
$ref: '#/components/schemas/PolicyEngineMode'
user_matching_mode:
allOf:
- $ref: '#/components/schemas/UserMatchingModeEnum'
description: How the source determines if an existing user should be authenticated
or a new user enrolled.
client_id:
type: string
minLength: 1
description: Client identifier used to talk to Plex.
allowed_servers:
type: array
items:
type: string
minLength: 1
description: Which servers a user has to be a member of to be granted access.
Empty list allows every server.
allow_friends:
type: boolean
description: Allow friends to authenticate, even if you don't share a server.
plex_token:
type: string
minLength: 1
description: Plex token used to check friends
required:
- name
- plex_token
- slug
PlexTokenRedeemRequest:
type: object
description: Serializer to redeem a plex token
properties:
plex_token:
type: string
minLength: 1
required:
- plex_token
Policy:
type: object
description: Policy Serializer
properties:
pk:
type: string
format: uuid
readOnly: true
title: Policy uuid
name:
type: string
nullable: true
execution_logging:
type: boolean
description: When this option is enabled, all executions of this policy
will be logged. By default, only execution errors are logged.
component:
type: string
readOnly: true
verbose_name:
type: string
readOnly: true
verbose_name_plural:
type: string
readOnly: true
meta_model_name:
type: string
readOnly: true
bound_to:
type: integer
readOnly: true
required:
- bound_to
- component
- meta_model_name
- pk
- verbose_name
- verbose_name_plural
PolicyBinding:
type: object
description: PolicyBinding Serializer
properties:
pk:
type: string
format: uuid
readOnly: true
title: Policy binding uuid
policy:
type: string
format: uuid
nullable: true
group:
type: string
format: uuid
nullable: true
user:
type: integer
nullable: true
policy_obj:
allOf:
- $ref: '#/components/schemas/Policy'
readOnly: true
group_obj:
allOf:
- $ref: '#/components/schemas/Group'
readOnly: true
user_obj:
allOf:
- $ref: '#/components/schemas/User'
readOnly: true
target:
type: string
format: uuid
negate:
type: boolean
description: Negates the outcome of the policy. Messages are unaffected.
enabled:
type: boolean
order:
type: integer
maximum: 2147483647
minimum: -2147483648
timeout:
type: integer
maximum: 2147483647
minimum: -2147483648
description: Timeout after which Policy execution is terminated.
required:
- group_obj
- order
- pk
- policy_obj
- target
- user_obj
PolicyBindingRequest:
type: object
description: PolicyBinding Serializer
properties:
policy:
type: string
format: uuid
nullable: true
group:
type: string
format: uuid
nullable: true
user:
type: integer
nullable: true
target:
type: string
format: uuid
negate:
type: boolean
description: Negates the outcome of the policy. Messages are unaffected.
enabled:
type: boolean
order:
type: integer
maximum: 2147483647
minimum: -2147483648
timeout:
type: integer
maximum: 2147483647
minimum: -2147483648
description: Timeout after which Policy execution is terminated.
required:
- order
- target
PolicyEngineMode:
enum:
- all
- any
type: string
PolicyRequest:
type: object
description: Policy Serializer
properties:
name:
type: string
nullable: true
execution_logging:
type: boolean
description: When this option is enabled, all executions of this policy
will be logged. By default, only execution errors are logged.
PolicyTestRequest:
type: object
description: Test policy execution for a user with context
properties:
user:
type: integer
context:
type: object
additionalProperties: {}
required:
- user
PolicyTestResult:
type: object
description: result of a policy test
properties:
passing:
type: boolean
messages:
type: array
items:
type: string
readOnly: true
log_messages:
type: array
items:
type: object
additionalProperties: {}
readOnly: true
required:
- log_messages
- messages
- passing
Prompt:
type: object
description: Prompt Serializer
properties:
pk:
type: string
format: uuid
readOnly: true
title: Prompt uuid
field_key:
type: string
description: Name of the form field, also used to store the value
label:
type: string
type:
$ref: '#/components/schemas/PromptTypeEnum'
required:
type: boolean
placeholder:
type: string
order:
type: integer
maximum: 2147483647
minimum: -2147483648
promptstage_set:
type: array
items:
$ref: '#/components/schemas/Stage'
sub_text:
type: string
core: customisable user settings (#2397) * tenants: add user_settings flow, add basic flow and basic new executor Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/user: use flow PromptStage instead of custom stage Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/flows: add tenant to StageHost interface Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/user: fix form missing component Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/user: re-add success message Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/user: improve support for multiple error messages Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/prompt: allow expressions in prompt placeholders Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/prompt: add tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * flows: always set pending user Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * flows: never cache stage configuration flow plans Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/user_write: fix error when pending user is anonymous user Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add checkbox for prompt placeholder expression Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * website/docs: add prompt expression docs Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/prompt: add ak-locale field type Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * tenants: fix default policy Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/user: add function to do global refresh Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/flows: fix rendering of ak-locale Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * tenants: fix default policy, add error handling to placeholder, fix locale attribute Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-02 23:13:06 +00:00
placeholder_expression:
type: boolean
required:
- field_key
- label
- pk
- type
PromptChallenge:
type: object
description: Initial challenge being sent, define fields
properties:
type:
$ref: '#/components/schemas/ChallengeChoices'
flow_info:
$ref: '#/components/schemas/ContextualFlowInfo'
component:
type: string
default: ak-stage-prompt
response_errors:
type: object
additionalProperties:
type: array
items:
$ref: '#/components/schemas/ErrorDetail'
fields:
type: array
items:
$ref: '#/components/schemas/StagePrompt'
required:
- fields
- type
PromptChallengeResponseRequest:
type: object
description: |-
Validate response, fields are dynamically created based
on the stage
properties:
component:
type: string
minLength: 1
default: ak-stage-prompt
additionalProperties: {}
PromptRequest:
type: object
description: Prompt Serializer
properties:
field_key:
type: string
minLength: 1
description: Name of the form field, also used to store the value
label:
type: string
minLength: 1
type:
$ref: '#/components/schemas/PromptTypeEnum'
required:
type: boolean
placeholder:
type: string
order:
type: integer
maximum: 2147483647
minimum: -2147483648
promptstage_set:
type: array
items:
$ref: '#/components/schemas/StageRequest'
sub_text:
type: string
core: customisable user settings (#2397) * tenants: add user_settings flow, add basic flow and basic new executor Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/user: use flow PromptStage instead of custom stage Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/flows: add tenant to StageHost interface Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/user: fix form missing component Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/user: re-add success message Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/user: improve support for multiple error messages Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/prompt: allow expressions in prompt placeholders Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/prompt: add tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * flows: always set pending user Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * flows: never cache stage configuration flow plans Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/user_write: fix error when pending user is anonymous user Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add checkbox for prompt placeholder expression Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * website/docs: add prompt expression docs Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/prompt: add ak-locale field type Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * tenants: fix default policy Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/user: add function to do global refresh Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/flows: fix rendering of ak-locale Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * tenants: fix default policy, add error handling to placeholder, fix locale attribute Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-02 23:13:06 +00:00
placeholder_expression:
type: boolean
required:
- field_key
- label
- type
PromptStage:
type: object
description: PromptStage Serializer
properties:
pk:
type: string
format: uuid
readOnly: true
title: Stage uuid
name:
type: string
component:
type: string
readOnly: true
verbose_name:
type: string
readOnly: true
verbose_name_plural:
type: string
readOnly: true
meta_model_name:
type: string
readOnly: true
flow_set:
type: array
items:
$ref: '#/components/schemas/Flow'
fields:
type: array
items:
type: string
format: uuid
validation_policies:
type: array
items:
type: string
format: uuid
required:
- component
- fields
- meta_model_name
- name
- pk
- verbose_name
- verbose_name_plural
PromptStageRequest:
type: object
description: PromptStage Serializer
properties:
name:
type: string
minLength: 1
flow_set:
type: array
items:
$ref: '#/components/schemas/FlowRequest'
fields:
type: array
items:
type: string
format: uuid
validation_policies:
type: array
items:
type: string
format: uuid
required:
- fields
- name
PromptTypeEnum:
enum:
- text
- text_read_only
- username
- email
- password
- number
- checkbox
- date
- date-time
- separator
- hidden
- static
core: customisable user settings (#2397) * tenants: add user_settings flow, add basic flow and basic new executor Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/user: use flow PromptStage instead of custom stage Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/flows: add tenant to StageHost interface Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/user: fix form missing component Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/user: re-add success message Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/user: improve support for multiple error messages Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/prompt: allow expressions in prompt placeholders Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/prompt: add tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * flows: always set pending user Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * flows: never cache stage configuration flow plans Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/user_write: fix error when pending user is anonymous user Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add checkbox for prompt placeholder expression Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * website/docs: add prompt expression docs Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/prompt: add ak-locale field type Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * tenants: fix default policy Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/user: add function to do global refresh Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/flows: fix rendering of ak-locale Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * tenants: fix default policy, add error handling to placeholder, fix locale attribute Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-02 23:13:06 +00:00
- ak-locale
type: string
PropertyMapping:
type: object
description: PropertyMapping Serializer
properties:
pk:
type: string
format: uuid
readOnly: true
title: Pm uuid
managed:
type: string
nullable: true
title: Managed by authentik
description: Objects which are managed by authentik. These objects are created
and updated automatically. This is flag only indicates that an object
can be overwritten by migrations. You can still modify the objects via
the API, but expect changes to be overwritten in a later update.
name:
type: string
expression:
type: string
component:
type: string
readOnly: true
verbose_name:
type: string
readOnly: true
verbose_name_plural:
type: string
readOnly: true
meta_model_name:
type: string
readOnly: true
required:
- component
- expression
- meta_model_name
- name
- pk
- verbose_name
- verbose_name_plural
PropertyMappingTestResult:
type: object
description: Result of a Property-mapping test
properties:
result:
type: string
readOnly: true
successful:
type: boolean
readOnly: true
required:
- result
- successful
Provider:
type: object
description: Provider Serializer
properties:
pk:
type: integer
readOnly: true
title: ID
name:
type: string
authorization_flow:
type: string
format: uuid
description: Flow used when authorizing this provider.
property_mappings:
type: array
items:
type: string
format: uuid
component:
type: string
readOnly: true
assigned_application_slug:
type: string
description: Internal application name, used in URLs.
readOnly: true
assigned_application_name:
type: string
description: Application's display Name.
readOnly: true
verbose_name:
type: string
readOnly: true
verbose_name_plural:
type: string
readOnly: true
meta_model_name:
type: string
readOnly: true
required:
- assigned_application_name
- assigned_application_slug
- authorization_flow
- component
- meta_model_name
- name
- pk
- verbose_name
- verbose_name_plural
stages/authenticator_sms: Add SMS Authenticator Stage (#1577) * stages/authenticator_sms: initial implementation Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add initial stage UI Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/elements: clear invalid state when old input was invalid but new input is correct Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: add more logic Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/user: add basic SMS settings Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: initial working version Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: add tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/flows: optimise totp password manager entry on authenticator_validation stage Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/elements: add grouping support for table Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: allow sms class in authenticator stage Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add grouping to more pages Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_validate: add SMS support Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * api: add throttling for flow executor based on session key and pending user Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web: fix style issues Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * ci: add workflow to compile backend translations Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-11 15:51:49 +00:00
ProviderEnum:
enum:
- twilio
- generic
stages/authenticator_sms: Add SMS Authenticator Stage (#1577) * stages/authenticator_sms: initial implementation Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add initial stage UI Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/elements: clear invalid state when old input was invalid but new input is correct Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: add more logic Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/user: add basic SMS settings Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: initial working version Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: add tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/flows: optimise totp password manager entry on authenticator_validation stage Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/elements: add grouping support for table Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: allow sms class in authenticator stage Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add grouping to more pages Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_validate: add SMS support Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * api: add throttling for flow executor based on session key and pending user Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web: fix style issues Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * ci: add workflow to compile backend translations Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-11 15:51:49 +00:00
type: string
ProviderRequest:
type: object
description: Provider Serializer
properties:
name:
type: string
minLength: 1
authorization_flow:
type: string
format: uuid
description: Flow used when authorizing this provider.
property_mappings:
type: array
items:
type: string
format: uuid
required:
- authorization_flow
- name
ProviderTypeEnum:
enum:
- apple
- azuread
- discord
- facebook
- github
- google
- openidconnect
- okta
- reddit
- twitter
- mailcow
type: string
outposts: set cookies for a domain to authenticate an entire domain (#971) * outposts: initial cookie domain implementation Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add cookie domain setting Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * providers/proxy: replace forward_auth_mode with general mode Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: rebuild proxy provider form Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * providers/proxy: re-add forward_auth_mode for backwards compat Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: fix data.mode not being set Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * root: always set log level to debug when testing Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * providers/proxy: use new mode attribute Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * providers/proxy: only ingress /akprox on forward_domain Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * providers/proxy: fix lint error Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: fix error on ProxyProviderForm when not using proxy mode Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: fix default for outpost form's type missing Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add additional desc for proxy modes Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * outposts: fix service account permissions not always being updated Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * outpost/proxy: fix redirecting to incorrect host for domain mode Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web: improve error handling for network errors Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * outpost: fix image naming not matching main imaeg Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * outposts/proxy: fix redirects for domain mode and traefik Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web: fix colour for paragraphs Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/flows: fix consent stage not showing permissions correctly Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * website/docs: add domain-level docs Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * website/docs: fix broken links Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * outposts/proxy: remove dead code Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/flows: fix missing id for #header-text Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-08 21:10:17 +00:00
ProxyMode:
enum:
- proxy
- forward_single
- forward_domain
type: string
ProxyOutpostConfig:
type: object
outposts: set cookies for a domain to authenticate an entire domain (#971) * outposts: initial cookie domain implementation Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add cookie domain setting Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * providers/proxy: replace forward_auth_mode with general mode Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: rebuild proxy provider form Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * providers/proxy: re-add forward_auth_mode for backwards compat Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: fix data.mode not being set Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * root: always set log level to debug when testing Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * providers/proxy: use new mode attribute Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * providers/proxy: only ingress /akprox on forward_domain Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * providers/proxy: fix lint error Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: fix error on ProxyProviderForm when not using proxy mode Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: fix default for outpost form's type missing Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add additional desc for proxy modes Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * outposts: fix service account permissions not always being updated Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * outpost/proxy: fix redirecting to incorrect host for domain mode Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web: improve error handling for network errors Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * outpost: fix image naming not matching main imaeg Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * outposts/proxy: fix redirects for domain mode and traefik Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web: fix colour for paragraphs Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/flows: fix consent stage not showing permissions correctly Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * website/docs: add domain-level docs Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * website/docs: fix broken links Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * outposts/proxy: remove dead code Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/flows: fix missing id for #header-text Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-08 21:10:17 +00:00
description: Proxy provider serializer for outposts
properties:
pk:
type: integer
readOnly: true
title: ID
name:
type: string
internal_host:
type: string
format: uri
external_host:
type: string
format: uri
internal_host_ssl_validation:
type: boolean
description: Validate SSL Certificates of upstream servers
client_id:
type: string
maxLength: 255
client_secret:
type: string
maxLength: 255
oidc_configuration:
allOf:
- $ref: '#/components/schemas/OpenIDConnectConfiguration'
readOnly: true
cookie_secret:
type: string
certificate:
type: string
format: uuid
nullable: true
skip_path_regex:
type: string
description: Regular expressions for which authentication is not required.
Each new line is interpreted as a new Regular Expression.
basic_auth_enabled:
type: boolean
title: Set HTTP-Basic Authentication
description: Set a custom HTTP-Basic Authentication header based on values
from authentik.
basic_auth_password_attribute:
type: string
title: HTTP-Basic Password Key
description: User/Group Attribute used for the password part of the HTTP-Basic
Header.
basic_auth_user_attribute:
type: string
title: HTTP-Basic Username Key
description: User/Group Attribute used for the user part of the HTTP-Basic
Header. If not set, the user's Email address is used.
outposts: set cookies for a domain to authenticate an entire domain (#971) * outposts: initial cookie domain implementation Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add cookie domain setting Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * providers/proxy: replace forward_auth_mode with general mode Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: rebuild proxy provider form Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * providers/proxy: re-add forward_auth_mode for backwards compat Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: fix data.mode not being set Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * root: always set log level to debug when testing Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * providers/proxy: use new mode attribute Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * providers/proxy: only ingress /akprox on forward_domain Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * providers/proxy: fix lint error Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: fix error on ProxyProviderForm when not using proxy mode Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: fix default for outpost form's type missing Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add additional desc for proxy modes Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * outposts: fix service account permissions not always being updated Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * outpost/proxy: fix redirecting to incorrect host for domain mode Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web: improve error handling for network errors Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * outpost: fix image naming not matching main imaeg Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * outposts/proxy: fix redirects for domain mode and traefik Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web: fix colour for paragraphs Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/flows: fix consent stage not showing permissions correctly Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * website/docs: add domain-level docs Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * website/docs: fix broken links Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * outposts/proxy: remove dead code Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/flows: fix missing id for #header-text Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-08 21:10:17 +00:00
mode:
allOf:
- $ref: '#/components/schemas/ProxyMode'
description: Enable support for forwardAuth in traefik and nginx auth_request.
Exclusive with internal_host.
outposts: set cookies for a domain to authenticate an entire domain (#971) * outposts: initial cookie domain implementation Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add cookie domain setting Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * providers/proxy: replace forward_auth_mode with general mode Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: rebuild proxy provider form Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * providers/proxy: re-add forward_auth_mode for backwards compat Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: fix data.mode not being set Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * root: always set log level to debug when testing Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * providers/proxy: use new mode attribute Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * providers/proxy: only ingress /akprox on forward_domain Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * providers/proxy: fix lint error Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: fix error on ProxyProviderForm when not using proxy mode Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: fix default for outpost form's type missing Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add additional desc for proxy modes Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * outposts: fix service account permissions not always being updated Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * outpost/proxy: fix redirecting to incorrect host for domain mode Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web: improve error handling for network errors Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * outpost: fix image naming not matching main imaeg Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * outposts/proxy: fix redirects for domain mode and traefik Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web: fix colour for paragraphs Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/flows: fix consent stage not showing permissions correctly Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * website/docs: add domain-level docs Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * website/docs: fix broken links Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * outposts/proxy: remove dead code Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/flows: fix missing id for #header-text Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-08 21:10:17 +00:00
cookie_domain:
type: string
token_validity:
type: number
format: double
nullable: true
readOnly: true
scopes_to_request:
type: array
items:
type: string
readOnly: true
assigned_application_slug:
type: string
description: Internal application name, used in URLs.
readOnly: true
assigned_application_name:
type: string
description: Application's display Name.
readOnly: true
required:
- assigned_application_name
- assigned_application_slug
- external_host
- name
- oidc_configuration
- pk
- scopes_to_request
- token_validity
ProxyProvider:
type: object
description: ProxyProvider Serializer
properties:
pk:
type: integer
readOnly: true
title: ID
name:
type: string
authorization_flow:
type: string
format: uuid
description: Flow used when authorizing this provider.
property_mappings:
type: array
items:
type: string
format: uuid
component:
type: string
readOnly: true
assigned_application_slug:
type: string
description: Internal application name, used in URLs.
readOnly: true
assigned_application_name:
type: string
description: Application's display Name.
readOnly: true
verbose_name:
type: string
readOnly: true
verbose_name_plural:
type: string
readOnly: true
meta_model_name:
type: string
readOnly: true
internal_host:
type: string
format: uri
external_host:
type: string
format: uri
internal_host_ssl_validation:
type: boolean
description: Validate SSL Certificates of upstream servers
certificate:
type: string
format: uuid
nullable: true
skip_path_regex:
type: string
description: Regular expressions for which authentication is not required.
Each new line is interpreted as a new Regular Expression.
basic_auth_enabled:
type: boolean
title: Set HTTP-Basic Authentication
description: Set a custom HTTP-Basic Authentication header based on values
from authentik.
basic_auth_password_attribute:
type: string
title: HTTP-Basic Password Key
description: User/Group Attribute used for the password part of the HTTP-Basic
Header.
basic_auth_user_attribute:
type: string
title: HTTP-Basic Username Key
description: User/Group Attribute used for the user part of the HTTP-Basic
Header. If not set, the user's Email address is used.
outposts: set cookies for a domain to authenticate an entire domain (#971) * outposts: initial cookie domain implementation Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add cookie domain setting Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * providers/proxy: replace forward_auth_mode with general mode Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: rebuild proxy provider form Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * providers/proxy: re-add forward_auth_mode for backwards compat Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: fix data.mode not being set Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * root: always set log level to debug when testing Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * providers/proxy: use new mode attribute Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * providers/proxy: only ingress /akprox on forward_domain Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * providers/proxy: fix lint error Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: fix error on ProxyProviderForm when not using proxy mode Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: fix default for outpost form's type missing Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add additional desc for proxy modes Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * outposts: fix service account permissions not always being updated Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * outpost/proxy: fix redirecting to incorrect host for domain mode Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web: improve error handling for network errors Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * outpost: fix image naming not matching main imaeg Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * outposts/proxy: fix redirects for domain mode and traefik Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web: fix colour for paragraphs Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/flows: fix consent stage not showing permissions correctly Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * website/docs: add domain-level docs Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * website/docs: fix broken links Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * outposts/proxy: remove dead code Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/flows: fix missing id for #header-text Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-08 21:10:17 +00:00
mode:
allOf:
- $ref: '#/components/schemas/ProxyMode'
description: Enable support for forwardAuth in traefik and nginx auth_request.
Exclusive with internal_host.
redirect_uris:
type: string
readOnly: true
outposts: set cookies for a domain to authenticate an entire domain (#971) * outposts: initial cookie domain implementation Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add cookie domain setting Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * providers/proxy: replace forward_auth_mode with general mode Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: rebuild proxy provider form Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * providers/proxy: re-add forward_auth_mode for backwards compat Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: fix data.mode not being set Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * root: always set log level to debug when testing Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * providers/proxy: use new mode attribute Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * providers/proxy: only ingress /akprox on forward_domain Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * providers/proxy: fix lint error Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: fix error on ProxyProviderForm when not using proxy mode Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: fix default for outpost form's type missing Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add additional desc for proxy modes Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * outposts: fix service account permissions not always being updated Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * outpost/proxy: fix redirecting to incorrect host for domain mode Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web: improve error handling for network errors Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * outpost: fix image naming not matching main imaeg Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * outposts/proxy: fix redirects for domain mode and traefik Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web: fix colour for paragraphs Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/flows: fix consent stage not showing permissions correctly Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * website/docs: add domain-level docs Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * website/docs: fix broken links Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * outposts/proxy: remove dead code Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/flows: fix missing id for #header-text Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-08 21:10:17 +00:00
cookie_domain:
type: string
outposts/proxyv2 (#1365) * outposts/proxyv2: initial commit Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add rs256 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> more stuff Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add forward auth an sign_out Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> match cookie name Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> re-add support for rs256 for backwards compat Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add error handler Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> ensure unique user-agent is used Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> set cookie duration based on id_token expiry Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> build proxy v2 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add ssl Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add basic auth and custom header support Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add application cert loading Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> implement whitelist Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add redis Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> migrate embedded outpost to v2 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> remove old proxy Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> providers/proxy: make token expiration configurable Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add metrics Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> fix tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * providers/proxy: only allow one redirect URI Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix docker build for proxy Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * remove default port offset Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add AUTHENTIK_HOST_BROWSER Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * tests: fix e2e/integration tests not using proper tags Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * remove references of old port Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix user_attributes not being loaded correctly Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * cleanup dependencies Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * cleanup Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-08 18:04:56 +00:00
token_validity:
type: string
description: 'Tokens not valid on or after current time + this value (Format:
hours=1;minutes=2;seconds=3).'
outpost_set:
type: array
items:
type: string
readOnly: true
required:
- assigned_application_name
- assigned_application_slug
- authorization_flow
- component
- external_host
- meta_model_name
- name
- outpost_set
- pk
- redirect_uris
- verbose_name
- verbose_name_plural
ProxyProviderRequest:
type: object
description: ProxyProvider Serializer
properties:
name:
type: string
minLength: 1
authorization_flow:
type: string
format: uuid
description: Flow used when authorizing this provider.
property_mappings:
type: array
items:
type: string
format: uuid
internal_host:
type: string
format: uri
external_host:
type: string
minLength: 1
format: uri
internal_host_ssl_validation:
type: boolean
description: Validate SSL Certificates of upstream servers
certificate:
type: string
format: uuid
nullable: true
skip_path_regex:
type: string
description: Regular expressions for which authentication is not required.
Each new line is interpreted as a new Regular Expression.
basic_auth_enabled:
type: boolean
title: Set HTTP-Basic Authentication
description: Set a custom HTTP-Basic Authentication header based on values
from authentik.
basic_auth_password_attribute:
type: string
title: HTTP-Basic Password Key
description: User/Group Attribute used for the password part of the HTTP-Basic
Header.
basic_auth_user_attribute:
type: string
title: HTTP-Basic Username Key
description: User/Group Attribute used for the user part of the HTTP-Basic
Header. If not set, the user's Email address is used.
outposts: set cookies for a domain to authenticate an entire domain (#971) * outposts: initial cookie domain implementation Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add cookie domain setting Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * providers/proxy: replace forward_auth_mode with general mode Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: rebuild proxy provider form Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * providers/proxy: re-add forward_auth_mode for backwards compat Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: fix data.mode not being set Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * root: always set log level to debug when testing Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * providers/proxy: use new mode attribute Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * providers/proxy: only ingress /akprox on forward_domain Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * providers/proxy: fix lint error Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: fix error on ProxyProviderForm when not using proxy mode Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: fix default for outpost form's type missing Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add additional desc for proxy modes Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * outposts: fix service account permissions not always being updated Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * outpost/proxy: fix redirecting to incorrect host for domain mode Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web: improve error handling for network errors Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * outpost: fix image naming not matching main imaeg Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * outposts/proxy: fix redirects for domain mode and traefik Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web: fix colour for paragraphs Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/flows: fix consent stage not showing permissions correctly Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * website/docs: add domain-level docs Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * website/docs: fix broken links Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * outposts/proxy: remove dead code Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/flows: fix missing id for #header-text Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-08 21:10:17 +00:00
mode:
allOf:
- $ref: '#/components/schemas/ProxyMode'
description: Enable support for forwardAuth in traefik and nginx auth_request.
Exclusive with internal_host.
outposts: set cookies for a domain to authenticate an entire domain (#971) * outposts: initial cookie domain implementation Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add cookie domain setting Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * providers/proxy: replace forward_auth_mode with general mode Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: rebuild proxy provider form Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * providers/proxy: re-add forward_auth_mode for backwards compat Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: fix data.mode not being set Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * root: always set log level to debug when testing Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * providers/proxy: use new mode attribute Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * providers/proxy: only ingress /akprox on forward_domain Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * providers/proxy: fix lint error Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: fix error on ProxyProviderForm when not using proxy mode Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: fix default for outpost form's type missing Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add additional desc for proxy modes Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * outposts: fix service account permissions not always being updated Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * outpost/proxy: fix redirecting to incorrect host for domain mode Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web: improve error handling for network errors Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * outpost: fix image naming not matching main imaeg Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * outposts/proxy: fix redirects for domain mode and traefik Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web: fix colour for paragraphs Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/flows: fix consent stage not showing permissions correctly Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * website/docs: add domain-level docs Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * website/docs: fix broken links Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * outposts/proxy: remove dead code Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/flows: fix missing id for #header-text Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-08 21:10:17 +00:00
cookie_domain:
type: string
outposts/proxyv2 (#1365) * outposts/proxyv2: initial commit Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add rs256 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> more stuff Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add forward auth an sign_out Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> match cookie name Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> re-add support for rs256 for backwards compat Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add error handler Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> ensure unique user-agent is used Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> set cookie duration based on id_token expiry Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> build proxy v2 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add ssl Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add basic auth and custom header support Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add application cert loading Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> implement whitelist Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add redis Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> migrate embedded outpost to v2 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> remove old proxy Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> providers/proxy: make token expiration configurable Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add metrics Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> fix tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * providers/proxy: only allow one redirect URI Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix docker build for proxy Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * remove default port offset Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add AUTHENTIK_HOST_BROWSER Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * tests: fix e2e/integration tests not using proper tags Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * remove references of old port Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix user_attributes not being loaded correctly Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * cleanup dependencies Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * cleanup Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-08 18:04:56 +00:00
token_validity:
type: string
minLength: 1
outposts/proxyv2 (#1365) * outposts/proxyv2: initial commit Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add rs256 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> more stuff Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add forward auth an sign_out Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> match cookie name Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> re-add support for rs256 for backwards compat Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add error handler Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> ensure unique user-agent is used Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> set cookie duration based on id_token expiry Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> build proxy v2 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add ssl Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add basic auth and custom header support Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add application cert loading Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> implement whitelist Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add redis Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> migrate embedded outpost to v2 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> remove old proxy Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> providers/proxy: make token expiration configurable Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add metrics Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> fix tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * providers/proxy: only allow one redirect URI Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix docker build for proxy Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * remove default port offset Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add AUTHENTIK_HOST_BROWSER Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * tests: fix e2e/integration tests not using proper tags Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * remove references of old port Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix user_attributes not being loaded correctly Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * cleanup dependencies Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * cleanup Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-08 18:04:56 +00:00
description: 'Tokens not valid on or after current time + this value (Format:
hours=1;minutes=2;seconds=3).'
required:
- authorization_flow
- external_host
- name
RedirectChallenge:
type: object
description: Challenge type to redirect the client
properties:
type:
$ref: '#/components/schemas/ChallengeChoices'
flow_info:
$ref: '#/components/schemas/ContextualFlowInfo'
component:
type: string
default: xak-flow-redirect
response_errors:
type: object
additionalProperties:
type: array
items:
$ref: '#/components/schemas/ErrorDetail'
to:
type: string
required:
- to
- type
RefreshTokenModel:
type: object
description: Serializer for BaseGrantModel and RefreshToken
properties:
pk:
type: integer
readOnly: true
title: ID
provider:
$ref: '#/components/schemas/OAuth2Provider'
user:
$ref: '#/components/schemas/User'
is_expired:
type: boolean
readOnly: true
expires:
type: string
format: date-time
scope:
type: array
items:
type: string
id_token:
type: string
readOnly: true
revoked:
type: boolean
required:
- id_token
- is_expired
- pk
- provider
- scope
- user
Reputation:
type: object
description: Reputation Serializer
properties:
pk:
type: string
format: uuid
title: Reputation uuid
identifier:
type: string
ip:
type: string
ip_geo_data:
type: object
additionalProperties: {}
score:
type: integer
maximum: 9223372036854775807
minimum: -9223372036854775808
format: int64
updated:
type: string
format: date-time
readOnly: true
required:
- identifier
- ip
- updated
ReputationPolicy:
type: object
description: Reputation Policy Serializer
properties:
pk:
type: string
format: uuid
readOnly: true
title: Policy uuid
name:
type: string
nullable: true
execution_logging:
type: boolean
description: When this option is enabled, all executions of this policy
will be logged. By default, only execution errors are logged.
component:
type: string
readOnly: true
verbose_name:
type: string
readOnly: true
verbose_name_plural:
type: string
readOnly: true
meta_model_name:
type: string
readOnly: true
bound_to:
type: integer
readOnly: true
check_ip:
type: boolean
check_username:
type: boolean
threshold:
type: integer
maximum: 2147483647
minimum: -2147483648
required:
- bound_to
- component
- meta_model_name
- pk
- verbose_name
- verbose_name_plural
ReputationPolicyRequest:
type: object
description: Reputation Policy Serializer
properties:
name:
type: string
nullable: true
execution_logging:
type: boolean
description: When this option is enabled, all executions of this policy
will be logged. By default, only execution errors are logged.
check_ip:
type: boolean
check_username:
type: boolean
threshold:
type: integer
maximum: 2147483647
minimum: -2147483648
ResidentKeyRequirementEnum:
enum:
- discouraged
- preferred
- required
type: string
SAMLMetadata:
type: object
description: SAML Provider Metadata serializer
properties:
metadata:
type: string
readOnly: true
download_url:
type: string
readOnly: true
required:
- download_url
- metadata
SAMLPropertyMapping:
type: object
description: SAMLPropertyMapping Serializer
properties:
pk:
type: string
format: uuid
readOnly: true
title: Pm uuid
managed:
type: string
nullable: true
title: Managed by authentik
description: Objects which are managed by authentik. These objects are created
and updated automatically. This is flag only indicates that an object
can be overwritten by migrations. You can still modify the objects via
the API, but expect changes to be overwritten in a later update.
name:
type: string
expression:
type: string
component:
type: string
readOnly: true
verbose_name:
type: string
readOnly: true
verbose_name_plural:
type: string
readOnly: true
meta_model_name:
type: string
readOnly: true
saml_name:
type: string
friendly_name:
type: string
nullable: true
required:
- component
- expression
- meta_model_name
- name
- pk
- saml_name
- verbose_name
- verbose_name_plural
SAMLPropertyMappingRequest:
type: object
description: SAMLPropertyMapping Serializer
properties:
managed:
type: string
nullable: true
minLength: 1
title: Managed by authentik
description: Objects which are managed by authentik. These objects are created
and updated automatically. This is flag only indicates that an object
can be overwritten by migrations. You can still modify the objects via
the API, but expect changes to be overwritten in a later update.
name:
type: string
minLength: 1
expression:
type: string
minLength: 1
saml_name:
type: string
minLength: 1
friendly_name:
type: string
nullable: true
required:
- expression
- name
- saml_name
SAMLProvider:
type: object
description: SAMLProvider Serializer
properties:
pk:
type: integer
readOnly: true
title: ID
name:
type: string
authorization_flow:
type: string
format: uuid
description: Flow used when authorizing this provider.
property_mappings:
type: array
items:
type: string
format: uuid
component:
type: string
readOnly: true
assigned_application_slug:
type: string
description: Internal application name, used in URLs.
readOnly: true
assigned_application_name:
type: string
description: Application's display Name.
readOnly: true
verbose_name:
type: string
readOnly: true
verbose_name_plural:
type: string
readOnly: true
meta_model_name:
type: string
readOnly: true
acs_url:
type: string
format: uri
maxLength: 200
audience:
type: string
description: Value of the audience restriction field of the assertion. When
left empty, no audience restriction will be added.
issuer:
type: string
description: Also known as EntityID
assertion_valid_not_before:
type: string
description: 'Assertion valid not before current time + this value (Format:
hours=-1;minutes=-2;seconds=-3).'
assertion_valid_not_on_or_after:
type: string
description: 'Assertion not valid on or after current time + this value
(Format: hours=1;minutes=2;seconds=3).'
session_valid_not_on_or_after:
type: string
description: 'Session not valid on or after current time + this value (Format:
hours=1;minutes=2;seconds=3).'
name_id_mapping:
type: string
format: uuid
nullable: true
title: NameID Property Mapping
description: Configure how the NameID value will be created. When left empty,
the NameIDPolicy of the incoming request will be considered
digest_algorithm:
$ref: '#/components/schemas/DigestAlgorithmEnum'
signature_algorithm:
$ref: '#/components/schemas/SignatureAlgorithmEnum'
signing_kp:
type: string
format: uuid
nullable: true
title: Signing Keypair
description: Keypair used to sign outgoing Responses going to the Service
Provider.
verification_kp:
type: string
format: uuid
nullable: true
title: Verification Certificate
description: When selected, incoming assertion's Signatures will be validated
against this certificate. To allow unsigned Requests, leave on default.
sp_binding:
allOf:
- $ref: '#/components/schemas/SpBindingEnum'
title: Service Provider Binding
description: This determines how authentik sends the response back to the
Service Provider.
metadata_download_url:
type: string
readOnly: true
required:
- acs_url
- assigned_application_name
- assigned_application_slug
- authorization_flow
- component
- meta_model_name
- metadata_download_url
- name
- pk
- verbose_name
- verbose_name_plural
SAMLProviderImportRequest:
type: object
description: Import saml provider from XML Metadata
properties:
name:
type: string
minLength: 1
authorization_flow:
type: string
file:
type: string
format: binary
required:
- authorization_flow
- file
- name
SAMLProviderRequest:
type: object
description: SAMLProvider Serializer
properties:
name:
type: string
minLength: 1
authorization_flow:
type: string
format: uuid
description: Flow used when authorizing this provider.
property_mappings:
type: array
items:
type: string
format: uuid
acs_url:
type: string
format: uri
minLength: 1
maxLength: 200
audience:
type: string
description: Value of the audience restriction field of the assertion. When
left empty, no audience restriction will be added.
issuer:
type: string
minLength: 1
description: Also known as EntityID
assertion_valid_not_before:
type: string
minLength: 1
description: 'Assertion valid not before current time + this value (Format:
hours=-1;minutes=-2;seconds=-3).'
assertion_valid_not_on_or_after:
type: string
minLength: 1
description: 'Assertion not valid on or after current time + this value
(Format: hours=1;minutes=2;seconds=3).'
session_valid_not_on_or_after:
type: string
minLength: 1
description: 'Session not valid on or after current time + this value (Format:
hours=1;minutes=2;seconds=3).'
name_id_mapping:
type: string
format: uuid
nullable: true
title: NameID Property Mapping
description: Configure how the NameID value will be created. When left empty,
the NameIDPolicy of the incoming request will be considered
digest_algorithm:
$ref: '#/components/schemas/DigestAlgorithmEnum'
signature_algorithm:
$ref: '#/components/schemas/SignatureAlgorithmEnum'
signing_kp:
type: string
format: uuid
nullable: true
title: Signing Keypair
description: Keypair used to sign outgoing Responses going to the Service
Provider.
verification_kp:
type: string
format: uuid
nullable: true
title: Verification Certificate
description: When selected, incoming assertion's Signatures will be validated
against this certificate. To allow unsigned Requests, leave on default.
sp_binding:
allOf:
- $ref: '#/components/schemas/SpBindingEnum'
title: Service Provider Binding
description: This determines how authentik sends the response back to the
Service Provider.
required:
- acs_url
- authorization_flow
- name
SAMLSource:
type: object
description: SAMLSource Serializer
properties:
pk:
type: string
format: uuid
readOnly: true
title: Pbm uuid
name:
type: string
description: Source's display Name.
slug:
type: string
description: Internal source name, used in URLs.
maxLength: 50
pattern: ^[-a-zA-Z0-9_]+$
enabled:
type: boolean
authentication_flow:
type: string
format: uuid
nullable: true
description: Flow to use when authenticating existing users.
enrollment_flow:
type: string
format: uuid
nullable: true
description: Flow to use when enrolling new users.
component:
type: string
readOnly: true
verbose_name:
type: string
readOnly: true
verbose_name_plural:
type: string
readOnly: true
meta_model_name:
type: string
readOnly: true
policy_engine_mode:
$ref: '#/components/schemas/PolicyEngineMode'
user_matching_mode:
allOf:
- $ref: '#/components/schemas/UserMatchingModeEnum'
description: How the source determines if an existing user should be authenticated
or a new user enrolled.
pre_authentication_flow:
type: string
format: uuid
description: Flow used before authentication.
issuer:
type: string
description: Also known as Entity ID. Defaults the Metadata URL.
sso_url:
type: string
format: uri
description: URL that the initial Login request is sent to.
maxLength: 200
slo_url:
type: string
format: uri
nullable: true
description: Optional URL if your IDP supports Single-Logout.
maxLength: 200
allow_idp_initiated:
type: boolean
description: Allows authentication flows initiated by the IdP. This can
be a security risk, as no validation of the request ID is done.
name_id_policy:
allOf:
- $ref: '#/components/schemas/NameIdPolicyEnum'
description: NameID Policy sent to the IdP. Can be unset, in which case
no Policy is sent.
binding_type:
$ref: '#/components/schemas/BindingTypeEnum'
signing_kp:
type: string
format: uuid
nullable: true
title: Signing Keypair
description: Keypair which is used to sign outgoing requests. Leave empty
to disable signing.
digest_algorithm:
$ref: '#/components/schemas/DigestAlgorithmEnum'
signature_algorithm:
$ref: '#/components/schemas/SignatureAlgorithmEnum'
temporary_user_delete_after:
type: string
title: Delete temporary users after
description: 'Time offset when temporary users should be deleted. This only
applies if your IDP uses the NameID Format ''transient'', and the user
doesn''t log out manually. (Format: hours=1;minutes=2;seconds=3).'
required:
- component
- meta_model_name
- name
- pk
- pre_authentication_flow
- slug
- sso_url
- verbose_name
- verbose_name_plural
SAMLSourceRequest:
type: object
description: SAMLSource Serializer
properties:
name:
type: string
minLength: 1
description: Source's display Name.
slug:
type: string
minLength: 1
description: Internal source name, used in URLs.
maxLength: 50
pattern: ^[-a-zA-Z0-9_]+$
enabled:
type: boolean
authentication_flow:
type: string
format: uuid
nullable: true
description: Flow to use when authenticating existing users.
enrollment_flow:
type: string
format: uuid
nullable: true
description: Flow to use when enrolling new users.
policy_engine_mode:
$ref: '#/components/schemas/PolicyEngineMode'
user_matching_mode:
allOf:
- $ref: '#/components/schemas/UserMatchingModeEnum'
description: How the source determines if an existing user should be authenticated
or a new user enrolled.
pre_authentication_flow:
type: string
format: uuid
description: Flow used before authentication.
issuer:
type: string
description: Also known as Entity ID. Defaults the Metadata URL.
sso_url:
type: string
format: uri
minLength: 1
description: URL that the initial Login request is sent to.
maxLength: 200
slo_url:
type: string
format: uri
nullable: true
description: Optional URL if your IDP supports Single-Logout.
maxLength: 200
allow_idp_initiated:
type: boolean
description: Allows authentication flows initiated by the IdP. This can
be a security risk, as no validation of the request ID is done.
name_id_policy:
allOf:
- $ref: '#/components/schemas/NameIdPolicyEnum'
description: NameID Policy sent to the IdP. Can be unset, in which case
no Policy is sent.
binding_type:
$ref: '#/components/schemas/BindingTypeEnum'
signing_kp:
type: string
format: uuid
nullable: true
title: Signing Keypair
description: Keypair which is used to sign outgoing requests. Leave empty
to disable signing.
digest_algorithm:
$ref: '#/components/schemas/DigestAlgorithmEnum'
signature_algorithm:
$ref: '#/components/schemas/SignatureAlgorithmEnum'
temporary_user_delete_after:
type: string
minLength: 1
title: Delete temporary users after
description: 'Time offset when temporary users should be deleted. This only
applies if your IDP uses the NameID Format ''transient'', and the user
doesn''t log out manually. (Format: hours=1;minutes=2;seconds=3).'
required:
- name
- pre_authentication_flow
- slug
- sso_url
stages/authenticator_sms: Add SMS Authenticator Stage (#1577) * stages/authenticator_sms: initial implementation Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add initial stage UI Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/elements: clear invalid state when old input was invalid but new input is correct Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: add more logic Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/user: add basic SMS settings Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: initial working version Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: add tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/flows: optimise totp password manager entry on authenticator_validation stage Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/elements: add grouping support for table Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: allow sms class in authenticator stage Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add grouping to more pages Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_validate: add SMS support Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * api: add throttling for flow executor based on session key and pending user Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web: fix style issues Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * ci: add workflow to compile backend translations Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-11 15:51:49 +00:00
SMSDevice:
type: object
description: Serializer for sms authenticator devices
properties:
name:
type: string
description: The human-readable name of this device.
maxLength: 64
pk:
type: integer
readOnly: true
title: ID
phone_number:
type: string
readOnly: true
required:
- name
- phone_number
- pk
SMSDeviceRequest:
type: object
description: Serializer for sms authenticator devices
properties:
name:
type: string
minLength: 1
stages/authenticator_sms: Add SMS Authenticator Stage (#1577) * stages/authenticator_sms: initial implementation Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add initial stage UI Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/elements: clear invalid state when old input was invalid but new input is correct Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: add more logic Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/user: add basic SMS settings Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: initial working version Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: add tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/flows: optimise totp password manager entry on authenticator_validation stage Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/elements: add grouping support for table Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: allow sms class in authenticator stage Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add grouping to more pages Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_validate: add SMS support Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * api: add throttling for flow executor based on session key and pending user Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web: fix style issues Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * ci: add workflow to compile backend translations Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-11 15:51:49 +00:00
description: The human-readable name of this device.
maxLength: 64
required:
- name
ScopeMapping:
type: object
description: ScopeMapping Serializer
properties:
pk:
type: string
format: uuid
readOnly: true
title: Pm uuid
managed:
type: string
nullable: true
title: Managed by authentik
description: Objects which are managed by authentik. These objects are created
and updated automatically. This is flag only indicates that an object
can be overwritten by migrations. You can still modify the objects via
the API, but expect changes to be overwritten in a later update.
name:
type: string
expression:
type: string
component:
type: string
readOnly: true
verbose_name:
type: string
readOnly: true
verbose_name_plural:
type: string
readOnly: true
meta_model_name:
type: string
readOnly: true
scope_name:
type: string
description: Scope used by the client
description:
type: string
description: Description shown to the user when consenting. If left empty,
the user won't be informed.
required:
- component
- expression
- meta_model_name
- name
- pk
- scope_name
- verbose_name
- verbose_name_plural
ScopeMappingRequest:
type: object
description: ScopeMapping Serializer
properties:
managed:
type: string
nullable: true
minLength: 1
title: Managed by authentik
description: Objects which are managed by authentik. These objects are created
and updated automatically. This is flag only indicates that an object
can be overwritten by migrations. You can still modify the objects via
the API, but expect changes to be overwritten in a later update.
name:
type: string
minLength: 1
expression:
type: string
minLength: 1
scope_name:
type: string
minLength: 1
description: Scope used by the client
description:
type: string
description: Description shown to the user when consenting. If left empty,
the user won't be informed.
required:
- expression
- name
- scope_name
SelectableStage:
type: object
description: Serializer for stages which can be selected by users
properties:
pk:
type: string
format: uuid
name:
type: string
verbose_name:
type: string
meta_model_name:
type: string
required:
- meta_model_name
- name
- pk
- verbose_name
ServiceConnection:
type: object
description: ServiceConnection Serializer
properties:
pk:
type: string
format: uuid
readOnly: true
title: Uuid
name:
type: string
local:
type: boolean
description: If enabled, use the local connection. Required Docker socket/Kubernetes
Integration
component:
type: string
readOnly: true
verbose_name:
type: string
readOnly: true
verbose_name_plural:
type: string
readOnly: true
meta_model_name:
type: string
readOnly: true
required:
- component
- meta_model_name
- name
- pk
- verbose_name
- verbose_name_plural
ServiceConnectionRequest:
type: object
description: ServiceConnection Serializer
properties:
name:
type: string
minLength: 1
local:
type: boolean
description: If enabled, use the local connection. Required Docker socket/Kubernetes
Integration
required:
- name
ServiceConnectionState:
type: object
description: Serializer for Service connection state
properties:
healthy:
type: boolean
readOnly: true
version:
type: string
readOnly: true
required:
- healthy
- version
SessionUser:
type: object
description: |-
Response for the /user/me endpoint, returns the currently active user (as `user` property)
and, if this user is being impersonated, the original user in the `original` property.
properties:
user:
$ref: '#/components/schemas/UserSelf'
original:
$ref: '#/components/schemas/UserSelf'
required:
- user
SeverityEnum:
enum:
- notice
- warning
- alert
type: string
ShellChallenge:
type: object
description: challenge type to render HTML as-is
properties:
type:
$ref: '#/components/schemas/ChallengeChoices'
flow_info:
$ref: '#/components/schemas/ContextualFlowInfo'
component:
type: string
default: xak-flow-shell
response_errors:
type: object
additionalProperties:
type: array
items:
$ref: '#/components/schemas/ErrorDetail'
body:
type: string
required:
- body
- type
SignatureAlgorithmEnum:
enum:
- http://www.w3.org/2000/09/xmldsig#rsa-sha1
- http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
- http://www.w3.org/2001/04/xmldsig-more#rsa-sha384
- http://www.w3.org/2001/04/xmldsig-more#rsa-sha512
- http://www.w3.org/2000/09/xmldsig#dsa-sha1
type: string
Source:
type: object
description: Source Serializer
properties:
pk:
type: string
format: uuid
readOnly: true
title: Pbm uuid
name:
type: string
description: Source's display Name.
slug:
type: string
description: Internal source name, used in URLs.
maxLength: 50
pattern: ^[-a-zA-Z0-9_]+$
enabled:
type: boolean
authentication_flow:
type: string
format: uuid
nullable: true
description: Flow to use when authenticating existing users.
enrollment_flow:
type: string
format: uuid
nullable: true
description: Flow to use when enrolling new users.
component:
type: string
readOnly: true
verbose_name:
type: string
readOnly: true
verbose_name_plural:
type: string
readOnly: true
meta_model_name:
type: string
readOnly: true
policy_engine_mode:
$ref: '#/components/schemas/PolicyEngineMode'
user_matching_mode:
allOf:
- $ref: '#/components/schemas/UserMatchingModeEnum'
description: How the source determines if an existing user should be authenticated
or a new user enrolled.
required:
- component
- meta_model_name
- name
- pk
- slug
- verbose_name
- verbose_name_plural
SourceRequest:
type: object
description: Source Serializer
properties:
name:
type: string
minLength: 1
description: Source's display Name.
slug:
type: string
minLength: 1
description: Internal source name, used in URLs.
maxLength: 50
pattern: ^[-a-zA-Z0-9_]+$
enabled:
type: boolean
authentication_flow:
type: string
format: uuid
nullable: true
description: Flow to use when authenticating existing users.
enrollment_flow:
type: string
format: uuid
nullable: true
description: Flow to use when enrolling new users.
policy_engine_mode:
$ref: '#/components/schemas/PolicyEngineMode'
user_matching_mode:
allOf:
- $ref: '#/components/schemas/UserMatchingModeEnum'
description: How the source determines if an existing user should be authenticated
or a new user enrolled.
required:
- name
- slug
SourceType:
type: object
description: Serializer for SourceType
properties:
name:
type: string
slug:
type: string
urls_customizable:
type: boolean
request_token_url:
type: string
readOnly: true
nullable: true
authorization_url:
type: string
readOnly: true
nullable: true
access_token_url:
type: string
readOnly: true
nullable: true
profile_url:
type: string
readOnly: true
nullable: true
required:
- access_token_url
- authorization_url
- name
- profile_url
- request_token_url
- slug
- urls_customizable
SpBindingEnum:
enum:
- redirect
- post
type: string
Stage:
type: object
description: Stage Serializer
properties:
pk:
type: string
format: uuid
readOnly: true
title: Stage uuid
name:
type: string
component:
type: string
readOnly: true
verbose_name:
type: string
readOnly: true
verbose_name_plural:
type: string
readOnly: true
meta_model_name:
type: string
readOnly: true
flow_set:
type: array
items:
$ref: '#/components/schemas/Flow'
required:
- component
- meta_model_name
- name
- pk
- verbose_name
- verbose_name_plural
StagePrompt:
type: object
description: Serializer for a single Prompt field
properties:
field_key:
type: string
label:
type: string
type:
$ref: '#/components/schemas/PromptTypeEnum'
required:
type: boolean
placeholder:
type: string
order:
type: integer
sub_text:
type: string
required:
- field_key
- label
- order
- placeholder
- required
- sub_text
- type
StageRequest:
type: object
description: Stage Serializer
properties:
name:
type: string
minLength: 1
flow_set:
type: array
items:
$ref: '#/components/schemas/FlowRequest'
required:
- name
StaticDevice:
type: object
description: Serializer for static authenticator devices
properties:
name:
type: string
description: The human-readable name of this device.
maxLength: 64
token_set:
type: array
items:
$ref: '#/components/schemas/StaticDeviceToken'
readOnly: true
pk:
type: integer
readOnly: true
title: ID
required:
- name
- pk
- token_set
StaticDeviceRequest:
type: object
description: Serializer for static authenticator devices
properties:
name:
type: string
minLength: 1
description: The human-readable name of this device.
maxLength: 64
required:
- name
StaticDeviceToken:
type: object
description: Serializer for static device's tokens
properties:
token:
type: string
maxLength: 16
required:
- token
StaticDeviceTokenRequest:
type: object
description: Serializer for static device's tokens
properties:
token:
type: string
minLength: 1
maxLength: 16
required:
- token
StatusEnum:
enum:
- SUCCESSFUL
- WARNING
- ERROR
- UNKNOWN
type: string
SubModeEnum:
enum:
- hashed_user_id
- user_username
- user_email
- user_upn
type: string
System:
type: object
description: Get system information.
properties:
env:
type: object
additionalProperties:
type: string
readOnly: true
http_headers:
type: object
additionalProperties:
type: string
readOnly: true
http_host:
type: string
readOnly: true
http_is_secure:
type: boolean
readOnly: true
runtime:
type: object
description: Runtime information
properties:
python_version:
type: string
gunicorn_version:
type: string
environment:
type: string
architecture:
type: string
platform:
type: string
uname:
type: string
required:
- architecture
- environment
- gunicorn_version
- platform
- python_version
- uname
readOnly: true
tenant:
type: string
readOnly: true
server_time:
type: string
format: date-time
readOnly: true
embedded_outpost_host:
type: string
readOnly: true
required:
- embedded_outpost_host
- env
- http_headers
- http_host
- http_is_secure
- runtime
- server_time
- tenant
TOTPDevice:
type: object
description: Serializer for totp authenticator devices
properties:
name:
type: string
description: The human-readable name of this device.
maxLength: 64
pk:
type: integer
readOnly: true
title: ID
required:
- name
- pk
TOTPDeviceRequest:
type: object
description: Serializer for totp authenticator devices
properties:
name:
type: string
minLength: 1
description: The human-readable name of this device.
maxLength: 64
required:
- name
Task:
type: object
description: Serialize TaskInfo and TaskResult
properties:
task_name:
type: string
task_description:
type: string
task_finish_timestamp:
type: string
format: date-time
status:
$ref: '#/components/schemas/StatusEnum'
messages:
type: array
items: {}
required:
- messages
- status
- task_description
- task_finish_timestamp
- task_name
Tenant:
type: object
description: Tenant Serializer
properties:
tenant_uuid:
type: string
format: uuid
readOnly: true
domain:
type: string
description: Domain that activates this tenant. Can be a superset, i.e.
`a.b` for `aa.b` and `ba.b`
default:
type: boolean
branding_title:
type: string
branding_logo:
type: string
branding_favicon:
type: string
flow_authentication:
type: string
format: uuid
nullable: true
flow_invalidation:
type: string
format: uuid
nullable: true
flow_recovery:
type: string
format: uuid
nullable: true
flow_unenrollment:
type: string
format: uuid
nullable: true
core: customisable user settings (#2397) * tenants: add user_settings flow, add basic flow and basic new executor Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/user: use flow PromptStage instead of custom stage Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/flows: add tenant to StageHost interface Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/user: fix form missing component Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/user: re-add success message Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/user: improve support for multiple error messages Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/prompt: allow expressions in prompt placeholders Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/prompt: add tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * flows: always set pending user Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * flows: never cache stage configuration flow plans Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/user_write: fix error when pending user is anonymous user Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add checkbox for prompt placeholder expression Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * website/docs: add prompt expression docs Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/prompt: add ak-locale field type Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * tenants: fix default policy Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/user: add function to do global refresh Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/flows: fix rendering of ak-locale Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * tenants: fix default policy, add error handling to placeholder, fix locale attribute Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-02 23:13:06 +00:00
flow_user_settings:
type: string
format: uuid
nullable: true
event_retention:
type: string
description: 'Events will be deleted after this duration.(Format: weeks=3;days=2;hours=3,seconds=2).'
web_certificate:
type: string
format: uuid
nullable: true
description: Web Certificate used by the authentik Core webserver.
attributes:
type: object
additionalProperties: {}
required:
- domain
- tenant_uuid
TenantRequest:
type: object
description: Tenant Serializer
properties:
domain:
type: string
minLength: 1
description: Domain that activates this tenant. Can be a superset, i.e.
`a.b` for `aa.b` and `ba.b`
default:
type: boolean
branding_title:
type: string
minLength: 1
branding_logo:
type: string
minLength: 1
branding_favicon:
type: string
minLength: 1
flow_authentication:
type: string
format: uuid
nullable: true
flow_invalidation:
type: string
format: uuid
nullable: true
flow_recovery:
type: string
format: uuid
nullable: true
flow_unenrollment:
type: string
format: uuid
nullable: true
core: customisable user settings (#2397) * tenants: add user_settings flow, add basic flow and basic new executor Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/user: use flow PromptStage instead of custom stage Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/flows: add tenant to StageHost interface Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/user: fix form missing component Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/user: re-add success message Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/user: improve support for multiple error messages Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/prompt: allow expressions in prompt placeholders Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/prompt: add tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * flows: always set pending user Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * flows: never cache stage configuration flow plans Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/user_write: fix error when pending user is anonymous user Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add checkbox for prompt placeholder expression Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * website/docs: add prompt expression docs Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/prompt: add ak-locale field type Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * tenants: fix default policy Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/user: add function to do global refresh Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/flows: fix rendering of ak-locale Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * tenants: fix default policy, add error handling to placeholder, fix locale attribute Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-02 23:13:06 +00:00
flow_user_settings:
type: string
format: uuid
nullable: true
event_retention:
type: string
minLength: 1
description: 'Events will be deleted after this duration.(Format: weeks=3;days=2;hours=3,seconds=2).'
web_certificate:
type: string
format: uuid
nullable: true
description: Web Certificate used by the authentik Core webserver.
attributes:
type: object
additionalProperties: {}
required:
- domain
Token:
type: object
description: Token Serializer
properties:
pk:
type: string
format: uuid
readOnly: true
title: Token uuid
managed:
type: string
nullable: true
title: Managed by authentik
description: Objects which are managed by authentik. These objects are created
and updated automatically. This is flag only indicates that an object
can be overwritten by migrations. You can still modify the objects via
the API, but expect changes to be overwritten in a later update.
identifier:
type: string
maxLength: 255
pattern: ^[-a-zA-Z0-9_]+$
intent:
$ref: '#/components/schemas/IntentEnum'
user:
type: integer
user_obj:
allOf:
- $ref: '#/components/schemas/User'
readOnly: true
description:
type: string
expires:
type: string
format: date-time
expiring:
type: boolean
required:
- identifier
- pk
- user_obj
TokenRequest:
type: object
description: Token Serializer
properties:
managed:
type: string
nullable: true
minLength: 1
title: Managed by authentik
description: Objects which are managed by authentik. These objects are created
and updated automatically. This is flag only indicates that an object
can be overwritten by migrations. You can still modify the objects via
the API, but expect changes to be overwritten in a later update.
identifier:
type: string
minLength: 1
maxLength: 255
pattern: ^[-a-zA-Z0-9_]+$
intent:
$ref: '#/components/schemas/IntentEnum'
user:
type: integer
description:
type: string
expires:
type: string
format: date-time
expiring:
type: boolean
required:
- identifier
TokenSetKeyRequest:
type: object
properties:
key:
type: string
minLength: 1
required:
- key
TokenView:
type: object
description: Show token's current key
properties:
key:
type: string
readOnly: true
required:
- key
TypeCreate:
type: object
description: Types of an object that can be created
properties:
name:
type: string
description:
type: string
component:
type: string
model_name:
type: string
required:
- component
- description
- model_name
- name
UsedBy:
type: object
description: A list of all objects referencing the queried object
properties:
app:
type: string
model_name:
type: string
pk:
type: string
name:
type: string
action:
$ref: '#/components/schemas/UsedByActionEnum'
required:
- action
- app
- model_name
- name
- pk
UsedByActionEnum:
enum:
- CASCADE
- CASCADE_MANY
- SET_NULL
- SET_DEFAULT
type: string
User:
type: object
description: User Serializer
properties:
pk:
type: integer
readOnly: true
title: ID
username:
type: string
maxLength: 150
name:
type: string
description: User's display name.
is_active:
type: boolean
title: Active
description: Designates whether this user should be treated as active. Unselect
this instead of deleting accounts.
last_login:
type: string
format: date-time
nullable: true
is_superuser:
type: boolean
readOnly: true
groups:
type: array
items:
type: string
format: uuid
groups_obj:
type: array
items:
$ref: '#/components/schemas/Group'
readOnly: true
email:
type: string
format: email
title: Email address
maxLength: 254
avatar:
type: string
readOnly: true
attributes:
type: object
additionalProperties: {}
uid:
type: string
readOnly: true
required:
- avatar
- groups
- groups_obj
- is_superuser
- name
- pk
- uid
- username
UserConsent:
type: object
description: UserConsent Serializer
properties:
pk:
type: integer
readOnly: true
title: ID
expires:
type: string
format: date-time
user:
$ref: '#/components/schemas/User'
application:
$ref: '#/components/schemas/Application'
required:
- application
- pk
- user
UserDeleteStage:
type: object
description: UserDeleteStage Serializer
properties:
pk:
type: string
format: uuid
readOnly: true
title: Stage uuid
name:
type: string
component:
type: string
readOnly: true
verbose_name:
type: string
readOnly: true
verbose_name_plural:
type: string
readOnly: true
meta_model_name:
type: string
readOnly: true
flow_set:
type: array
items:
$ref: '#/components/schemas/Flow'
required:
- component
- meta_model_name
- name
- pk
- verbose_name
- verbose_name_plural
UserDeleteStageRequest:
type: object
description: UserDeleteStage Serializer
properties:
name:
type: string
minLength: 1
flow_set:
type: array
items:
$ref: '#/components/schemas/FlowRequest'
required:
- name
UserFieldsEnum:
enum:
- email
- username
- upn
type: string
UserLoginStage:
type: object
description: UserLoginStage Serializer
properties:
pk:
type: string
format: uuid
readOnly: true
title: Stage uuid
name:
type: string
component:
type: string
readOnly: true
verbose_name:
type: string
readOnly: true
verbose_name_plural:
type: string
readOnly: true
meta_model_name:
type: string
readOnly: true
flow_set:
type: array
items:
$ref: '#/components/schemas/Flow'
session_duration:
type: string
description: 'Determines how long a session lasts. Default of 0 means that
the sessions lasts until the browser is closed. (Format: hours=-1;minutes=-2;seconds=-3)'
required:
- component
- meta_model_name
- name
- pk
- verbose_name
- verbose_name_plural
UserLoginStageRequest:
type: object
description: UserLoginStage Serializer
properties:
name:
type: string
minLength: 1
flow_set:
type: array
items:
$ref: '#/components/schemas/FlowRequest'
session_duration:
type: string
minLength: 1
description: 'Determines how long a session lasts. Default of 0 means that
the sessions lasts until the browser is closed. (Format: hours=-1;minutes=-2;seconds=-3)'
required:
- name
UserLogoutStage:
type: object
description: UserLogoutStage Serializer
properties:
pk:
type: string
format: uuid
readOnly: true
title: Stage uuid
name:
type: string
component:
type: string
readOnly: true
verbose_name:
type: string
readOnly: true
verbose_name_plural:
type: string
readOnly: true
meta_model_name:
type: string
readOnly: true
flow_set:
type: array
items:
$ref: '#/components/schemas/Flow'
required:
- component
- meta_model_name
- name
- pk
- verbose_name
- verbose_name_plural
UserLogoutStageRequest:
type: object
description: UserLogoutStage Serializer
properties:
name:
type: string
minLength: 1
flow_set:
type: array
items:
$ref: '#/components/schemas/FlowRequest'
required:
- name
UserMatchingModeEnum:
enum:
- identifier
- email_link
- email_deny
- username_link
- username_deny
type: string
UserMetrics:
type: object
description: User Metrics
properties:
logins_per_1h:
type: array
items:
$ref: '#/components/schemas/Coordinate'
readOnly: true
logins_failed_per_1h:
type: array
items:
$ref: '#/components/schemas/Coordinate'
readOnly: true
authorizations_per_1h:
type: array
items:
$ref: '#/components/schemas/Coordinate'
readOnly: true
required:
- authorizations_per_1h
- logins_failed_per_1h
- logins_per_1h
UserOAuthSourceConnection:
type: object
description: OAuth Source Serializer
properties:
pk:
type: integer
readOnly: true
title: ID
user:
type: integer
source:
allOf:
- $ref: '#/components/schemas/Source'
readOnly: true
identifier:
type: string
maxLength: 255
required:
- identifier
- pk
- source
- user
UserOAuthSourceConnectionRequest:
type: object
description: OAuth Source Serializer
properties:
user:
type: integer
identifier:
type: string
minLength: 1
maxLength: 255
access_token:
type: string
writeOnly: true
nullable: true
required:
- identifier
- user
UserPasswordSetRequest:
type: object
properties:
password:
type: string
minLength: 1
required:
- password
UserRequest:
type: object
description: User Serializer
properties:
username:
type: string
minLength: 1
maxLength: 150
name:
type: string
description: User's display name.
is_active:
type: boolean
title: Active
description: Designates whether this user should be treated as active. Unselect
this instead of deleting accounts.
last_login:
type: string
format: date-time
nullable: true
groups:
type: array
items:
type: string
format: uuid
email:
type: string
format: email
title: Email address
maxLength: 254
attributes:
type: object
additionalProperties: {}
required:
- groups
- name
- username
UserSelf:
type: object
description: User Serializer for information a user can retrieve about themselves
properties:
pk:
type: integer
readOnly: true
title: ID
username:
type: string
description: Required. 150 characters or fewer. Letters, digits and @/./+/-/_
only.
pattern: ^[\w.@+-]+$
maxLength: 150
name:
type: string
description: User's display name.
is_active:
type: boolean
readOnly: true
title: Active
description: Designates whether this user should be treated as active. Unselect
this instead of deleting accounts.
is_superuser:
type: boolean
readOnly: true
groups:
type: array
items:
$ref: '#/components/schemas/UserSelfGroups'
readOnly: true
email:
type: string
format: email
title: Email address
maxLength: 254
avatar:
type: string
readOnly: true
uid:
type: string
readOnly: true
settings:
type: object
additionalProperties: {}
readOnly: true
required:
- avatar
- groups
- is_active
- is_superuser
- name
- pk
- settings
- uid
- username
UserSelfGroups:
type: object
properties:
name:
type: string
readOnly: true
pk:
type: string
readOnly: true
required:
- name
- pk
UserServiceAccountRequest:
type: object
properties:
name:
type: string
minLength: 1
create_group:
type: boolean
default: false
required:
- name
UserServiceAccountResponse:
type: object
properties:
username:
type: string
token:
type: string
required:
- token
- username
UserSetting:
type: object
description: Serializer for User settings for stages and sources
properties:
object_uid:
type: string
component:
type: string
title:
type: string
configure_url:
type: string
icon_url:
type: string
required:
- component
- object_uid
- title
UserSourceConnection:
type: object
description: OAuth Source Serializer
properties:
pk:
type: integer
readOnly: true
title: ID
user:
type: integer
readOnly: true
source:
allOf:
- $ref: '#/components/schemas/Source'
readOnly: true
created:
type: string
format: date-time
readOnly: true
required:
- created
- pk
- source
- user
UserVerificationEnum:
enum:
- required
- preferred
- discouraged
type: string
UserWriteStage:
type: object
description: UserWriteStage Serializer
properties:
pk:
type: string
format: uuid
readOnly: true
title: Stage uuid
name:
type: string
component:
type: string
readOnly: true
verbose_name:
type: string
readOnly: true
verbose_name_plural:
type: string
readOnly: true
meta_model_name:
type: string
readOnly: true
flow_set:
type: array
items:
$ref: '#/components/schemas/Flow'
create_users_as_inactive:
type: boolean
description: When set, newly created users are inactive and cannot login.
create_users_group:
type: string
format: uuid
nullable: true
description: Optionally add newly created users to this group.
required:
- component
- meta_model_name
- name
- pk
- verbose_name
- verbose_name_plural
UserWriteStageRequest:
type: object
description: UserWriteStage Serializer
properties:
name:
type: string
minLength: 1
flow_set:
type: array
items:
$ref: '#/components/schemas/FlowRequest'
create_users_as_inactive:
type: boolean
description: When set, newly created users are inactive and cannot login.
create_users_group:
type: string
format: uuid
nullable: true
description: Optionally add newly created users to this group.
required:
- name
ValidationError:
type: object
description: Validation Error
properties:
non_field_errors:
type: array
items:
type: string
code:
type: string
additionalProperties: {}
Version:
type: object
description: Get running and latest version.
properties:
version_current:
type: string
readOnly: true
version_latest:
type: string
readOnly: true
build_hash:
type: string
readOnly: true
outdated:
type: boolean
readOnly: true
required:
- build_hash
- outdated
- version_current
- version_latest
WebAuthnDevice:
type: object
description: Serializer for WebAuthn authenticator devices
properties:
pk:
type: integer
readOnly: true
title: ID
name:
type: string
maxLength: 200
created_on:
type: string
format: date-time
readOnly: true
required:
- created_on
- name
- pk
WebAuthnDeviceRequest:
type: object
description: Serializer for WebAuthn authenticator devices
properties:
name:
type: string
minLength: 1
maxLength: 200
required:
- name
Workers:
type: object
properties:
count:
type: integer
required:
- count
securitySchemes:
authentik:
type: apiKey
in: header
name: Authorization
servers:
- url: /api/v3/