2022-10-14 15:23:23 +00:00
---
title: Release 2022.10
slug: "2022.10"
---
## Breaking changes
2022-10-19 20:53:07 +00:00
- This version removes old migrations that have been replaced by squashed versions in previous versions. As such it is only possible to upgrade to this version from **2022.1** or later.
2022-10-14 15:23:23 +00:00
- Several challenge components have been renamed to better match the rest of the challenges
- The SAML Source has been updated to use connection objects instead of directly creating users.
## New features
- Support for OAuth2 Device flow
See more in the OAuth2 provider docs [here ](../providers/oauth2/device_code ). This flow allows users to authenticate on devices that have limited input possibilities and or no browser access.
- Customizable payload for SMS Authenticator stage when using Generic provider.
- Revamped SAML Source
The SAML source uses connection objects and the same Flow manager as the OAuth and Plex source. Additionally error-handling has been improved.
This also allows for mapping fields from SAML Source to users.
## API Changes
#### What's New
---
2022-10-19 08:44:28 +00:00
##### `POST` /flows/instances/import/
2022-10-14 15:23:23 +00:00
##### `GET` /sources/user_connections/saml/
##### `POST` /sources/user_connections/saml/
##### `GET` /sources/user_connections/saml/{id}/
##### `PUT` /sources/user_connections/saml/{id}/
##### `DELETE` /sources/user_connections/saml/{id}/
##### `PATCH` /sources/user_connections/saml/{id}/
##### `GET` /sources/user_connections/saml/{id}/used_by/
2022-10-19 08:44:28 +00:00
#### What's Deleted
---
##### `POST` /flows/instances/import_flow/
2022-10-14 15:23:23 +00:00
#### What's Changed
---
##### `GET` /core/tenants/{tenant_uuid}/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Added property `flow_device_code` (string)
##### `PUT` /core/tenants/{tenant_uuid}/
###### Request:
Changed content type : `application/json`
- Added property `flow_device_code` (string)
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Added property `flow_device_code` (string)
##### `PATCH` /core/tenants/{tenant_uuid}/
###### Request:
Changed content type : `application/json`
- Added property `flow_device_code` (string)
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Added property `flow_device_code` (string)
##### `GET` /propertymappings/notification/{pm_uuid}/
###### Parameters:
Changed: `pm_uuid` in `path`
> A UUID string identifying this Webhook Mapping.
##### `PUT` /propertymappings/notification/{pm_uuid}/
###### Parameters:
Changed: `pm_uuid` in `path`
> A UUID string identifying this Webhook Mapping.
##### `DELETE` /propertymappings/notification/{pm_uuid}/
###### Parameters:
Changed: `pm_uuid` in `path`
> A UUID string identifying this Webhook Mapping.
##### `PATCH` /propertymappings/notification/{pm_uuid}/
###### Parameters:
Changed: `pm_uuid` in `path`
> A UUID string identifying this Webhook Mapping.
2022-10-19 08:44:28 +00:00
##### `GET` /admin/metrics/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
New required properties:
- `authorizations_per_1h`
* Added property `authorizations_per_1h` (array)
Items (object): > Coordinates for diagrams
- Property `x_cord` (integer)
- Property `y_cord` (integer)
2022-10-14 15:23:23 +00:00
##### `POST` /core/tenants/
###### Request:
Changed content type : `application/json`
- Added property `flow_device_code` (string)
###### Return Type:
Changed response : **201 Created**
- Changed content type : `application/json`
- Added property `flow_device_code` (string)
##### `GET` /core/tenants/
###### Parameters:
Added: `flow_device_code` in `query`
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `results` (array)
Changed items (object): > Tenant Serializer
- Added property `flow_device_code` (string)
##### `GET` /core/tenants/current/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Added property `flow_device_code` (string)
##### `GET` /crypto/certificatekeypairs/
###### Parameters:
Added: `include_details` in `query`
##### `GET` /propertymappings/notification/{pm_uuid}/used_by/
###### Parameters:
Changed: `pm_uuid` in `path`
> A UUID string identifying this Webhook Mapping.
##### `GET` /root/config/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `capabilities` (array)
Changed items (string):
Added enum value:
- `can_debug`
##### `GET` /sources/oauth/{slug}/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `provider_type` (string)
Added enum value:
- `twitch`
##### `PUT` /sources/oauth/{slug}/
###### Request:
Changed content type : `application/json`
- Changed property `provider_type` (string)
Added enum value:
- `twitch`
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `provider_type` (string)
Added enum value:
- `twitch`
##### `PATCH` /sources/oauth/{slug}/
###### Request:
Changed content type : `application/json`
- Changed property `provider_type` (string)
Added enum value:
- `twitch`
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `provider_type` (string)
Added enum value:
- `twitch`
##### `POST` /sources/oauth/
###### Request:
Changed content type : `application/json`
- Changed property `provider_type` (string)
Added enum value:
- `twitch`
###### Return Type:
Changed response : **201 Created**
- Changed content type : `application/json`
- Changed property `provider_type` (string)
Added enum value:
- `twitch`
##### `GET` /sources/oauth/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `results` (array)
Changed items (object): > OAuth Source Serializer
- Changed property `provider_type` (string)
Added enum value:
- `twitch`
##### `GET` /stages/authenticator/sms/{stage_uuid}/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Added property `mapping` (string)
> Optionally modify the payload being sent to custom providers.
##### `PUT` /stages/authenticator/sms/{stage_uuid}/
###### Request:
Changed content type : `application/json`
- Added property `mapping` (string)
> Optionally modify the payload being sent to custom providers.
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Added property `mapping` (string)
> Optionally modify the payload being sent to custom providers.
##### `PATCH` /stages/authenticator/sms/{stage_uuid}/
###### Request:
Changed content type : `application/json`
- Added property `mapping` (string)
> Optionally modify the payload being sent to custom providers.
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Added property `mapping` (string)
> Optionally modify the payload being sent to custom providers.
##### `GET` /flows/executor/{flow_slug}/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
Deleted 'ak-flow-sources-plex' component
Deleted 'ak-flow-sources-oauth-apple' component
Added 'ak-provider-oauth2-device-code' component:
- Property `type` (string)
Enum values:
- `native`
- `shell`
- `redirect`
- Property `flow_info` (object)
> Contextual flow information for a challenge
- Property `title` (string)
- Property `background` (string)
- Property `cancel_url` (string)
- Property `layout` (string)
Enum values:
- `stacked`
- `content_left`
- `content_right`
- `sidebar_left`
- `sidebar_right`
- Property `component` (string)
- Property `response_errors` (object)
Added 'ak-source-oauth-apple' component:
- Property `type` (string)
- Property `flow_info` (object)
> Contextual flow information for a challenge
- Property `component` (string)
- Property `response_errors` (object)
- Property `client_id` (string)
- Property `scope` (string)
- Property `redirect_uri` (string)
- Property `state` (string)
Added 'ak-source-plex' component:
- Property `type` (string)
- Property `flow_info` (object)
> Contextual flow information for a challenge
- Property `component` (string)
- Property `response_errors` (object)
- Property `client_id` (string)
- Property `slug` (string)
Added 'ak-provider-oauth2-device-code-finish' component:
- Property `type` (string)
- Property `flow_info` (object)
> Contextual flow information for a challenge
- Property `component` (string)
- Property `response_errors` (object)
Updated `ak-stage-identification` component:
- Changed property `sources` (array)
Changed items (object): > Serializer for Login buttons of sources
- Changed property `challenge` (object)
Deleted 'ak-flow-sources-plex' component
Deleted 'ak-flow-sources-oauth-apple' component
Added 'ak-source-oauth-apple' component:
Added 'ak-source-plex' component:
##### `POST` /flows/executor/{flow_slug}/
###### Request:
Changed content type : `application/json`
Deleted 'ak-flow-sources-plex' component
Deleted 'ak-flow-sources-oauth-apple' component
Added 'ak-provider-oauth2-device-code' component:
- Property `component` (string)
- Property `code` (integer)
Added 'ak-source-oauth-apple' component:
- Property `component` (string)
Added 'ak-source-plex' component:
- Property `component` (string)
Added 'ak-provider-oauth2-device-code-finish' component:
- Property `component` (string)
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
Deleted 'ak-flow-sources-plex' component
Deleted 'ak-flow-sources-oauth-apple' component
Added 'ak-provider-oauth2-device-code' component:
Added 'ak-source-oauth-apple' component:
Added 'ak-source-plex' component:
Added 'ak-provider-oauth2-device-code-finish' component:
Updated `ak-stage-identification` component:
- Changed property `sources` (array)
Changed items (object): > Serializer for Login buttons of sources
- Changed property `challenge` (object)
Deleted 'ak-flow-sources-plex' component
Deleted 'ak-flow-sources-oauth-apple' component
Added 'ak-source-oauth-apple' component:
Added 'ak-source-plex' component:
##### `POST` /stages/authenticator/sms/
###### Request:
Changed content type : `application/json`
- Added property `mapping` (string)
> Optionally modify the payload being sent to custom providers.
###### Return Type:
Changed response : **201 Created**
- Changed content type : `application/json`
- Added property `mapping` (string)
> Optionally modify the payload being sent to custom providers.
##### `GET` /stages/authenticator/sms/
###### Parameters:
Added: `mapping` in `query`
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `results` (array)
Changed items (object): > AuthenticatorSMSStage Serializer
- Added property `mapping` (string)
> Optionally modify the payload being sent to custom providers.
## Minor changes/fixes
- \*: improve error handling in ldap outpost, ignore additional errors
2022-10-19 08:44:28 +00:00
- admin: add authorisations metric (#3811)
2022-10-14 15:23:23 +00:00
- blueprints: fix error when exporting objects with lazily translated strings
2022-10-19 08:44:28 +00:00
- core: fallback to empty user object for PropertyMappingEvaluator
2022-10-14 15:23:23 +00:00
- core: fix messages not being shown when no client is connected
2022-10-19 08:44:28 +00:00
- core: fix title in generic error template
- crypto: fix cert_expiry not having the correct format
2022-10-14 15:23:23 +00:00
- crypto: fix import_certificate checking private key as certificate
- crypto: make certificate parsing optional for crypto api (#3711)
- flows: always show flow inspector in debug mode, don't require admin in debug (#3786)
2022-10-19 08:44:28 +00:00
- flows: improved import (show logs, improve UI) (#3807)
- flows: optimise queries for flow and stage API endpoints
- internal: limit body size
- outposts/ldap: increase compatibility with different types in user and group attributes
2022-10-14 15:23:23 +00:00
- providers/oauth2: add all hardcoded claims to claims_supported list
- providers/oauth2: add device flow (#3334)
- providers/oauth2: exclude at_hash claim if not set instead of being null
2022-10-19 08:44:28 +00:00
- providers/oauth2: fix issues with es256 and add tests (#3808)
- providers/saml: don't attempt verification of SAML request when no verification certificate is configured
- root: add global fallback throttle
2022-10-14 15:23:23 +00:00
- root: Add setting to adjust database config for pgbouncer (#3769)
- root: decrease default token size to 60 chars for compatibility (#3710)
- root: save email template directory in config
- sources/oauth: add Twitch OAuth source (#3746)
2022-10-19 08:44:28 +00:00
- sources/oauth: allow overriding of all scopes
2022-10-14 15:23:23 +00:00
- sources/saml: improve error handling for missing assertion and missing subject
- sources/saml: revamp SAML Source (#3785)
- stages/authenticator_sms: make sms stage payload customisable (#3780)
- stages/email: don't check that email templates exist on startup
2022-10-19 08:44:28 +00:00
- web: use drawSelection to workaround cursor bug when using CodeMirror with ShadowDOM in firefox
2022-10-14 15:23:23 +00:00
- web/\*: fix blank api drawer
- web/admin: allow web-based sources to have empty enrollment/authentication flow
2022-10-19 08:44:28 +00:00
- web/admin: rework scrolling in modals, ensure overlay covers everything
2022-10-14 15:23:23 +00:00
- web/admin: set card headers and icons in card class
- web/flows: improve display for action-showing stages
- web/flows: update flow background
- website/docs: add warning to trace log level
## Upgrading
This release does not introduce any new requirements.
### docker-compose
Download the docker-compose file for 2022.10 from [here ](https://goauthentik.io/version/2022.10/docker-compose.yml ). Afterwards, simply run `docker-compose up -d` .
### Kubernetes
Update your values to use the new images:
```yaml
image:
repository: ghcr.io/goauthentik/server
tag: 2022.10.1
```
