diff --git a/web/src/admin/stages/user_write/UserWriteStageForm.ts b/web/src/admin/stages/user_write/UserWriteStageForm.ts index 189ee8649..303488c6d 100644 --- a/web/src/admin/stages/user_write/UserWriteStageForm.ts +++ b/web/src/admin/stages/user_write/UserWriteStageForm.ts @@ -66,9 +66,7 @@ export class UserWriteStageForm extends ModelForm { class="pf-c-check__input" ?checked=${first(this.instance?.canCreateUsers, false)} /> - +

${t`When enabled, this stage has the ability to create new users. If no user is available in the flow with this disabled, the stage will fail.`} diff --git a/website/.gitignore b/website/.gitignore index e1d31e6ac..a9e9900cb 100644 --- a/website/.gitignore +++ b/website/.gitignore @@ -19,3 +19,6 @@ npm-debug.log* yarn-debug.log* yarn-error.log* + +static/docker-compose.yml +static/schema.yaml diff --git a/website/developer-docs/releases/index.md b/website/developer-docs/releases/index.md index 5874e9640..6b6195d43 100644 --- a/website/developer-docs/releases/index.md +++ b/website/developer-docs/releases/index.md @@ -152,7 +152,7 @@ Subject: `Release of authentik Security releases 2022.10.3 and 2022.11.3` ```markdown The security advisory for CVE-2022-xxxxx has been published: https://github.com/goauthentik/authentik/security/advisories/GHSA-mjfw-54m5-fvjf -Releases with fixes are being built and will be available here: https://github.com/goauthentik/authentik/releases +Releases 2022.10.3 and 2022.11.3 with fixes included are available here: https://github.com/goauthentik/authentik/releases ```

@@ -164,7 +164,11 @@ Releases with fixes are being built and will be available here: https://github.c ```markdown [...existing announcement...] -Edit: Advisory for for CVE-2022-xxxxx has been published here https://github.com/goauthentik/authentik/security/advisories/GHSA-mjfw-54m5-fvjf, the fixed versions are currently building and will be available here: https://github.com/goauthentik/authentik/releases +Edit: + +Advisory for for CVE-2022-xxxxx has been published here https://github.com/goauthentik/authentik/security/advisories/GHSA-mjfw-54m5-fvjf + +The fixed versions 2022.10.3 and 2022.11.3 are available here: https://github.com/goauthentik/authentik/releases ```

diff --git a/website/package.json b/website/package.json index 0c940a685..dbbf549fc 100644 --- a/website/package.json +++ b/website/package.json @@ -6,7 +6,7 @@ "scripts": { "docusaurus": "docusaurus", "watch": "docusaurus start", - "build": "docusaurus build", + "build": "cp ../docker-compose.yml static/docker-compose.yml && cp ../schema.yml static/schema.yaml && docusaurus build", "build-docs-only": "docusaurus build --config docusaurus.docs-only.js --out-dir help", "swizzle": "docusaurus swizzle", "deploy": "docusaurus deploy", diff --git a/website/static/docker-compose.yml b/website/static/docker-compose.yml deleted file mode 120000 index b3774a09e..000000000 --- a/website/static/docker-compose.yml +++ /dev/null @@ -1 +0,0 @@ -../../docker-compose.yml \ No newline at end of file diff --git a/website/static/docker-compose.yml b/website/static/docker-compose.yml new file mode 100644 index 000000000..dccdea971 --- /dev/null +++ b/website/static/docker-compose.yml @@ -0,0 +1,81 @@ +--- +version: '3.4' + +services: + postgresql: + image: docker.io/library/postgres:12-alpine + restart: unless-stopped + healthcheck: + test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"] + start_period: 20s + interval: 30s + retries: 5 + timeout: 5s + volumes: + - database:/var/lib/postgresql/data + environment: + - POSTGRES_PASSWORD=${PG_PASS:?database password required} + - POSTGRES_USER=${PG_USER:-authentik} + - POSTGRES_DB=${PG_DB:-authentik} + env_file: + - .env + redis: + image: docker.io/library/redis:alpine + command: --save 60 1 --loglevel warning + restart: unless-stopped + healthcheck: + test: ["CMD-SHELL", "redis-cli ping | grep PONG"] + start_period: 20s + interval: 30s + retries: 5 + timeout: 3s + volumes: + - redis:/data + server: + image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2022.11.4} + restart: unless-stopped + command: server + environment: + AUTHENTIK_REDIS__HOST: redis + AUTHENTIK_POSTGRESQL__HOST: postgresql + AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik} + AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik} + AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS} + volumes: + - ./media:/media + - ./custom-templates:/templates + env_file: + - .env + ports: + - "0.0.0.0:${AUTHENTIK_PORT_HTTP:-9000}:9000" + - "0.0.0.0:${AUTHENTIK_PORT_HTTPS:-9443}:9443" + worker: + image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2022.11.4} + restart: unless-stopped + command: worker + environment: + AUTHENTIK_REDIS__HOST: redis + AUTHENTIK_POSTGRESQL__HOST: postgresql + AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik} + AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik} + AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS} + # `user: root` and the docker socket volume are optional. + # See more for the docker socket integration here: + # https://goauthentik.io/docs/outposts/integrations/docker + # Removing `user: root` also prevents the worker from fixing the permissions + # on the mounted folders, so when removing this make sure the folders have the correct UID/GID + # (1000:1000 by default) + user: root + volumes: + - /var/run/docker.sock:/var/run/docker.sock + - ./media:/media + - ./certs:/certs + - ./custom-templates:/templates + env_file: + - .env + +volumes: + database: + driver: local + redis: + driver: local diff --git a/website/static/schema.yaml b/website/static/schema.yaml deleted file mode 120000 index 38462cb09..000000000 --- a/website/static/schema.yaml +++ /dev/null @@ -1 +0,0 @@ -../../schema.yml \ No newline at end of file diff --git a/website/static/schema.yaml b/website/static/schema.yaml new file mode 100644 index 000000000..392fd4808 --- /dev/null +++ b/website/static/schema.yaml @@ -0,0 +1,38491 @@ +openapi: 3.0.3 +info: + title: authentik + version: 2022.11.4 + description: Making authentication simple. + contact: + email: hello@goauthentik.io + license: + name: MIT + url: https://github.com/goauthentik/authentik/blob/main/LICENSE +paths: + /admin/apps/: + get: + operationId: admin_apps_list + description: Read-only view list all installed apps + tags: + - admin + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/App' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /admin/metrics/: + get: + operationId: admin_metrics_retrieve + description: Login Metrics per 1h + tags: + - admin + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/LoginMetrics' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /admin/system/: + get: + operationId: admin_system_retrieve + description: Get system information. + tags: + - admin + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/System' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /admin/system_tasks/: + get: + operationId: admin_system_tasks_list + description: List system tasks + tags: + - admin + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/Task' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /admin/system_tasks/{id}/: + get: + operationId: admin_system_tasks_retrieve + description: Get a single system task + parameters: + - in: path + name: id + schema: + type: string + required: true + tags: + - admin + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/Task' + description: '' + '404': + description: Task not found + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /admin/system_tasks/{id}/retry/: + post: + operationId: admin_system_tasks_retry_create + description: Retry task + parameters: + - in: path + name: id + schema: + type: string + required: true + tags: + - admin + security: + - authentik: [] + responses: + '204': + description: Task retried successfully + '404': + description: Task not found + '500': + description: Failed to retry task + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /admin/version/: + get: + operationId: admin_version_retrieve + description: Get running and latest version. + tags: + - admin + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/Version' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /admin/workers/: + get: + operationId: admin_workers_retrieve + description: Get currently connected worker count. + tags: + - admin + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/Workers' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /authenticators/admin/all/: + get: + operationId: authenticators_admin_all_list + description: Get all devices for current user + parameters: + - in: query + name: user + schema: + type: integer + tags: + - authenticators + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/Device' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /authenticators/admin/duo/: + get: + operationId: authenticators_admin_duo_list + description: Viewset for Duo authenticator devices (for admins) + parameters: + - in: query + name: name + schema: + type: string + - name: ordering + required: false + in: query + description: Which field to use when ordering the results. + schema: + type: string + - name: page + required: false + in: query + description: A page number within the paginated result set. + schema: + type: integer + - name: page_size + required: false + in: query + description: Number of results to return per page. + schema: + type: integer + - name: search + required: false + in: query + description: A search term. + schema: + type: string + tags: + - authenticators + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/PaginatedDuoDeviceList' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + post: + operationId: authenticators_admin_duo_create + description: Viewset for Duo authenticator devices (for admins) + tags: + - authenticators + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/DuoDeviceRequest' + required: true + security: + - authentik: [] + responses: + '201': + content: + application/json: + schema: + $ref: '#/components/schemas/DuoDevice' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /authenticators/admin/duo/{id}/: + get: + operationId: authenticators_admin_duo_retrieve + description: Viewset for Duo authenticator devices (for admins) + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this Duo Device. + required: true + tags: + - authenticators + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/DuoDevice' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + put: + operationId: authenticators_admin_duo_update + description: Viewset for Duo authenticator devices (for admins) + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this Duo Device. + required: true + tags: + - authenticators + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/DuoDeviceRequest' + required: true + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/DuoDevice' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + patch: + operationId: authenticators_admin_duo_partial_update + description: Viewset for Duo authenticator devices (for admins) + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this Duo Device. + required: true + tags: + - authenticators + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/PatchedDuoDeviceRequest' + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/DuoDevice' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + delete: + operationId: authenticators_admin_duo_destroy + description: Viewset for Duo authenticator devices (for admins) + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this Duo Device. + required: true + tags: + - authenticators + security: + - authentik: [] + responses: + '204': + description: No response body + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /authenticators/admin/sms/: + get: + operationId: authenticators_admin_sms_list + description: Viewset for sms authenticator devices (for admins) + parameters: + - in: query + name: name + schema: + type: string + - name: ordering + required: false + in: query + description: Which field to use when ordering the results. + schema: + type: string + - name: page + required: false + in: query + description: A page number within the paginated result set. + schema: + type: integer + - name: page_size + required: false + in: query + description: Number of results to return per page. + schema: + type: integer + - name: search + required: false + in: query + description: A search term. + schema: + type: string + tags: + - authenticators + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/PaginatedSMSDeviceList' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + post: + operationId: authenticators_admin_sms_create + description: Viewset for sms authenticator devices (for admins) + tags: + - authenticators + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/SMSDeviceRequest' + required: true + security: + - authentik: [] + responses: + '201': + content: + application/json: + schema: + $ref: '#/components/schemas/SMSDevice' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /authenticators/admin/sms/{id}/: + get: + operationId: authenticators_admin_sms_retrieve + description: Viewset for sms authenticator devices (for admins) + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this SMS Device. + required: true + tags: + - authenticators + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/SMSDevice' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + put: + operationId: authenticators_admin_sms_update + description: Viewset for sms authenticator devices (for admins) + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this SMS Device. + required: true + tags: + - authenticators + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/SMSDeviceRequest' + required: true + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/SMSDevice' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + patch: + operationId: authenticators_admin_sms_partial_update + description: Viewset for sms authenticator devices (for admins) + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this SMS Device. + required: true + tags: + - authenticators + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/PatchedSMSDeviceRequest' + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/SMSDevice' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + delete: + operationId: authenticators_admin_sms_destroy + description: Viewset for sms authenticator devices (for admins) + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this SMS Device. + required: true + tags: + - authenticators + security: + - authentik: [] + responses: + '204': + description: No response body + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /authenticators/admin/static/: + get: + operationId: authenticators_admin_static_list + description: Viewset for static authenticator devices (for admins) + parameters: + - in: query + name: name + schema: + type: string + - name: ordering + required: false + in: query + description: Which field to use when ordering the results. + schema: + type: string + - name: page + required: false + in: query + description: A page number within the paginated result set. + schema: + type: integer + - name: page_size + required: false + in: query + description: Number of results to return per page. + schema: + type: integer + - name: search + required: false + in: query + description: A search term. + schema: + type: string + tags: + - authenticators + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/PaginatedStaticDeviceList' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + post: + operationId: authenticators_admin_static_create + description: Viewset for static authenticator devices (for admins) + tags: + - authenticators + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/StaticDeviceRequest' + required: true + security: + - authentik: [] + responses: + '201': + content: + application/json: + schema: + $ref: '#/components/schemas/StaticDevice' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /authenticators/admin/static/{id}/: + get: + operationId: authenticators_admin_static_retrieve + description: Viewset for static authenticator devices (for admins) + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this static device. + required: true + tags: + - authenticators + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/StaticDevice' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + put: + operationId: authenticators_admin_static_update + description: Viewset for static authenticator devices (for admins) + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this static device. + required: true + tags: + - authenticators + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/StaticDeviceRequest' + required: true + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/StaticDevice' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + patch: + operationId: authenticators_admin_static_partial_update + description: Viewset for static authenticator devices (for admins) + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this static device. + required: true + tags: + - authenticators + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/PatchedStaticDeviceRequest' + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/StaticDevice' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + delete: + operationId: authenticators_admin_static_destroy + description: Viewset for static authenticator devices (for admins) + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this static device. + required: true + tags: + - authenticators + security: + - authentik: [] + responses: + '204': + description: No response body + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /authenticators/admin/totp/: + get: + operationId: authenticators_admin_totp_list + description: Viewset for totp authenticator devices (for admins) + parameters: + - in: query + name: name + schema: + type: string + - name: ordering + required: false + in: query + description: Which field to use when ordering the results. + schema: + type: string + - name: page + required: false + in: query + description: A page number within the paginated result set. + schema: + type: integer + - name: page_size + required: false + in: query + description: Number of results to return per page. + schema: + type: integer + - name: search + required: false + in: query + description: A search term. + schema: + type: string + tags: + - authenticators + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/PaginatedTOTPDeviceList' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + post: + operationId: authenticators_admin_totp_create + description: Viewset for totp authenticator devices (for admins) + tags: + - authenticators + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/TOTPDeviceRequest' + required: true + security: + - authentik: [] + responses: + '201': + content: + application/json: + schema: + $ref: '#/components/schemas/TOTPDevice' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /authenticators/admin/totp/{id}/: + get: + operationId: authenticators_admin_totp_retrieve + description: Viewset for totp authenticator devices (for admins) + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this TOTP device. + required: true + tags: + - authenticators + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/TOTPDevice' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + put: + operationId: authenticators_admin_totp_update + description: Viewset for totp authenticator devices (for admins) + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this TOTP device. + required: true + tags: + - authenticators + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/TOTPDeviceRequest' + required: true + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/TOTPDevice' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + patch: + operationId: authenticators_admin_totp_partial_update + description: Viewset for totp authenticator devices (for admins) + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this TOTP device. + required: true + tags: + - authenticators + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/PatchedTOTPDeviceRequest' + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/TOTPDevice' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + delete: + operationId: authenticators_admin_totp_destroy + description: Viewset for totp authenticator devices (for admins) + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this TOTP device. + required: true + tags: + - authenticators + security: + - authentik: [] + responses: + '204': + description: No response body + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /authenticators/admin/webauthn/: + get: + operationId: authenticators_admin_webauthn_list + description: Viewset for WebAuthn authenticator devices (for admins) + parameters: + - in: query + name: name + schema: + type: string + - name: ordering + required: false + in: query + description: Which field to use when ordering the results. + schema: + type: string + - name: page + required: false + in: query + description: A page number within the paginated result set. + schema: + type: integer + - name: page_size + required: false + in: query + description: Number of results to return per page. + schema: + type: integer + - name: search + required: false + in: query + description: A search term. + schema: + type: string + tags: + - authenticators + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/PaginatedWebAuthnDeviceList' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + post: + operationId: authenticators_admin_webauthn_create + description: Viewset for WebAuthn authenticator devices (for admins) + tags: + - authenticators + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/WebAuthnDeviceRequest' + required: true + security: + - authentik: [] + responses: + '201': + content: + application/json: + schema: + $ref: '#/components/schemas/WebAuthnDevice' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /authenticators/admin/webauthn/{id}/: + get: + operationId: authenticators_admin_webauthn_retrieve + description: Viewset for WebAuthn authenticator devices (for admins) + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this WebAuthn Device. + required: true + tags: + - authenticators + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/WebAuthnDevice' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + put: + operationId: authenticators_admin_webauthn_update + description: Viewset for WebAuthn authenticator devices (for admins) + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this WebAuthn Device. + required: true + tags: + - authenticators + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/WebAuthnDeviceRequest' + required: true + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/WebAuthnDevice' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + patch: + operationId: authenticators_admin_webauthn_partial_update + description: Viewset for WebAuthn authenticator devices (for admins) + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this WebAuthn Device. + required: true + tags: + - authenticators + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/PatchedWebAuthnDeviceRequest' + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/WebAuthnDevice' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + delete: + operationId: authenticators_admin_webauthn_destroy + description: Viewset for WebAuthn authenticator devices (for admins) + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this WebAuthn Device. + required: true + tags: + - authenticators + security: + - authentik: [] + responses: + '204': + description: No response body + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /authenticators/all/: + get: + operationId: authenticators_all_list + description: Get all devices for current user + tags: + - authenticators + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/Device' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /authenticators/duo/: + get: + operationId: authenticators_duo_list + description: Viewset for Duo authenticator devices + parameters: + - in: query + name: name + schema: + type: string + - name: ordering + required: false + in: query + description: Which field to use when ordering the results. + schema: + type: string + - name: page + required: false + in: query + description: A page number within the paginated result set. + schema: + type: integer + - name: page_size + required: false + in: query + description: Number of results to return per page. + schema: + type: integer + - name: search + required: false + in: query + description: A search term. + schema: + type: string + tags: + - authenticators + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/PaginatedDuoDeviceList' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /authenticators/duo/{id}/: + get: + operationId: authenticators_duo_retrieve + description: Viewset for Duo authenticator devices + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this Duo Device. + required: true + tags: + - authenticators + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/DuoDevice' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + put: + operationId: authenticators_duo_update + description: Viewset for Duo authenticator devices + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this Duo Device. + required: true + tags: + - authenticators + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/DuoDeviceRequest' + required: true + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/DuoDevice' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + patch: + operationId: authenticators_duo_partial_update + description: Viewset for Duo authenticator devices + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this Duo Device. + required: true + tags: + - authenticators + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/PatchedDuoDeviceRequest' + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/DuoDevice' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + delete: + operationId: authenticators_duo_destroy + description: Viewset for Duo authenticator devices + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this Duo Device. + required: true + tags: + - authenticators + security: + - authentik: [] + responses: + '204': + description: No response body + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /authenticators/duo/{id}/used_by/: + get: + operationId: authenticators_duo_used_by_list + description: Get a list of all objects that use this object + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this Duo Device. + required: true + tags: + - authenticators + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/UsedBy' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /authenticators/sms/: + get: + operationId: authenticators_sms_list + description: Viewset for sms authenticator devices + parameters: + - in: query + name: name + schema: + type: string + - name: ordering + required: false + in: query + description: Which field to use when ordering the results. + schema: + type: string + - name: page + required: false + in: query + description: A page number within the paginated result set. + schema: + type: integer + - name: page_size + required: false + in: query + description: Number of results to return per page. + schema: + type: integer + - name: search + required: false + in: query + description: A search term. + schema: + type: string + tags: + - authenticators + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/PaginatedSMSDeviceList' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /authenticators/sms/{id}/: + get: + operationId: authenticators_sms_retrieve + description: Viewset for sms authenticator devices + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this SMS Device. + required: true + tags: + - authenticators + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/SMSDevice' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + put: + operationId: authenticators_sms_update + description: Viewset for sms authenticator devices + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this SMS Device. + required: true + tags: + - authenticators + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/SMSDeviceRequest' + required: true + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/SMSDevice' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + patch: + operationId: authenticators_sms_partial_update + description: Viewset for sms authenticator devices + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this SMS Device. + required: true + tags: + - authenticators + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/PatchedSMSDeviceRequest' + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/SMSDevice' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + delete: + operationId: authenticators_sms_destroy + description: Viewset for sms authenticator devices + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this SMS Device. + required: true + tags: + - authenticators + security: + - authentik: [] + responses: + '204': + description: No response body + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /authenticators/sms/{id}/used_by/: + get: + operationId: authenticators_sms_used_by_list + description: Get a list of all objects that use this object + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this SMS Device. + required: true + tags: + - authenticators + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/UsedBy' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /authenticators/static/: + get: + operationId: authenticators_static_list + description: Viewset for static authenticator devices + parameters: + - in: query + name: name + schema: + type: string + - name: ordering + required: false + in: query + description: Which field to use when ordering the results. + schema: + type: string + - name: page + required: false + in: query + description: A page number within the paginated result set. + schema: + type: integer + - name: page_size + required: false + in: query + description: Number of results to return per page. + schema: + type: integer + - name: search + required: false + in: query + description: A search term. + schema: + type: string + tags: + - authenticators + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/PaginatedStaticDeviceList' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /authenticators/static/{id}/: + get: + operationId: authenticators_static_retrieve + description: Viewset for static authenticator devices + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this static device. + required: true + tags: + - authenticators + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/StaticDevice' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + put: + operationId: authenticators_static_update + description: Viewset for static authenticator devices + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this static device. + required: true + tags: + - authenticators + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/StaticDeviceRequest' + required: true + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/StaticDevice' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + patch: + operationId: authenticators_static_partial_update + description: Viewset for static authenticator devices + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this static device. + required: true + tags: + - authenticators + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/PatchedStaticDeviceRequest' + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/StaticDevice' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + delete: + operationId: authenticators_static_destroy + description: Viewset for static authenticator devices + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this static device. + required: true + tags: + - authenticators + security: + - authentik: [] + responses: + '204': + description: No response body + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /authenticators/static/{id}/used_by/: + get: + operationId: authenticators_static_used_by_list + description: Get a list of all objects that use this object + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this static device. + required: true + tags: + - authenticators + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/UsedBy' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /authenticators/totp/: + get: + operationId: authenticators_totp_list + description: Viewset for totp authenticator devices + parameters: + - in: query + name: name + schema: + type: string + - name: ordering + required: false + in: query + description: Which field to use when ordering the results. + schema: + type: string + - name: page + required: false + in: query + description: A page number within the paginated result set. + schema: + type: integer + - name: page_size + required: false + in: query + description: Number of results to return per page. + schema: + type: integer + - name: search + required: false + in: query + description: A search term. + schema: + type: string + tags: + - authenticators + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/PaginatedTOTPDeviceList' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /authenticators/totp/{id}/: + get: + operationId: authenticators_totp_retrieve + description: Viewset for totp authenticator devices + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this TOTP device. + required: true + tags: + - authenticators + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/TOTPDevice' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + put: + operationId: authenticators_totp_update + description: Viewset for totp authenticator devices + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this TOTP device. + required: true + tags: + - authenticators + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/TOTPDeviceRequest' + required: true + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/TOTPDevice' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + patch: + operationId: authenticators_totp_partial_update + description: Viewset for totp authenticator devices + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this TOTP device. + required: true + tags: + - authenticators + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/PatchedTOTPDeviceRequest' + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/TOTPDevice' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + delete: + operationId: authenticators_totp_destroy + description: Viewset for totp authenticator devices + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this TOTP device. + required: true + tags: + - authenticators + security: + - authentik: [] + responses: + '204': + description: No response body + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /authenticators/totp/{id}/used_by/: + get: + operationId: authenticators_totp_used_by_list + description: Get a list of all objects that use this object + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this TOTP device. + required: true + tags: + - authenticators + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/UsedBy' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /authenticators/webauthn/: + get: + operationId: authenticators_webauthn_list + description: Viewset for WebAuthn authenticator devices + parameters: + - in: query + name: name + schema: + type: string + - name: ordering + required: false + in: query + description: Which field to use when ordering the results. + schema: + type: string + - name: page + required: false + in: query + description: A page number within the paginated result set. + schema: + type: integer + - name: page_size + required: false + in: query + description: Number of results to return per page. + schema: + type: integer + - name: search + required: false + in: query + description: A search term. + schema: + type: string + tags: + - authenticators + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/PaginatedWebAuthnDeviceList' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /authenticators/webauthn/{id}/: + get: + operationId: authenticators_webauthn_retrieve + description: Viewset for WebAuthn authenticator devices + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this WebAuthn Device. + required: true + tags: + - authenticators + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/WebAuthnDevice' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + put: + operationId: authenticators_webauthn_update + description: Viewset for WebAuthn authenticator devices + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this WebAuthn Device. + required: true + tags: + - authenticators + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/WebAuthnDeviceRequest' + required: true + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/WebAuthnDevice' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + patch: + operationId: authenticators_webauthn_partial_update + description: Viewset for WebAuthn authenticator devices + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this WebAuthn Device. + required: true + tags: + - authenticators + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/PatchedWebAuthnDeviceRequest' + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/WebAuthnDevice' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + delete: + operationId: authenticators_webauthn_destroy + description: Viewset for WebAuthn authenticator devices + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this WebAuthn Device. + required: true + tags: + - authenticators + security: + - authentik: [] + responses: + '204': + description: No response body + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /authenticators/webauthn/{id}/used_by/: + get: + operationId: authenticators_webauthn_used_by_list + description: Get a list of all objects that use this object + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this WebAuthn Device. + required: true + tags: + - authenticators + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/UsedBy' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /core/applications/: + get: + operationId: core_applications_list + description: Custom list method that checks Policy based access instead of guardian + parameters: + - in: query + name: group + schema: + type: string + - in: query + name: meta_description + schema: + type: string + - in: query + name: meta_launch_url + schema: + type: string + - in: query + name: meta_publisher + schema: + type: string + - in: query + name: name + schema: + type: string + - name: ordering + required: false + in: query + description: Which field to use when ordering the results. + schema: + type: string + - name: page + required: false + in: query + description: A page number within the paginated result set. + schema: + type: integer + - name: page_size + required: false + in: query + description: Number of results to return per page. + schema: + type: integer + - name: search + required: false + in: query + description: A search term. + schema: + type: string + - in: query + name: slug + schema: + type: string + - in: query + name: superuser_full_list + schema: + type: boolean + tags: + - core + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/PaginatedApplicationList' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + post: + operationId: core_applications_create + description: Application Viewset + tags: + - core + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/ApplicationRequest' + required: true + security: + - authentik: [] + responses: + '201': + content: + application/json: + schema: + $ref: '#/components/schemas/Application' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /core/applications/{slug}/: + get: + operationId: core_applications_retrieve + description: Application Viewset + parameters: + - in: path + name: slug + schema: + type: string + description: Internal application name, used in URLs. + required: true + tags: + - core + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/Application' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + put: + operationId: core_applications_update + description: Application Viewset + parameters: + - in: path + name: slug + schema: + type: string + description: Internal application name, used in URLs. + required: true + tags: + - core + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/ApplicationRequest' + required: true + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/Application' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + patch: + operationId: core_applications_partial_update + description: Application Viewset + parameters: + - in: path + name: slug + schema: + type: string + description: Internal application name, used in URLs. + required: true + tags: + - core + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/PatchedApplicationRequest' + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/Application' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + delete: + operationId: core_applications_destroy + description: Application Viewset + parameters: + - in: path + name: slug + schema: + type: string + description: Internal application name, used in URLs. + required: true + tags: + - core + security: + - authentik: [] + responses: + '204': + description: No response body + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /core/applications/{slug}/check_access/: + get: + operationId: core_applications_check_access_retrieve + description: Check access to a single application by slug + parameters: + - in: query + name: for_user + schema: + type: integer + - in: path + name: slug + schema: + type: string + description: Internal application name, used in URLs. + required: true + tags: + - core + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/PolicyTestResult' + description: '' + '404': + description: for_user user not found + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /core/applications/{slug}/metrics/: + get: + operationId: core_applications_metrics_list + description: Metrics for application logins + parameters: + - in: path + name: slug + schema: + type: string + description: Internal application name, used in URLs. + required: true + tags: + - core + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/Coordinate' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /core/applications/{slug}/set_icon/: + post: + operationId: core_applications_set_icon_create + description: Set application icon + parameters: + - in: path + name: slug + schema: + type: string + description: Internal application name, used in URLs. + required: true + tags: + - core + requestBody: + content: + multipart/form-data: + schema: + $ref: '#/components/schemas/FileUploadRequest' + security: + - authentik: [] + responses: + '200': + description: Success + '400': + description: Bad request + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /core/applications/{slug}/set_icon_url/: + post: + operationId: core_applications_set_icon_url_create + description: Set application icon (as URL) + parameters: + - in: path + name: slug + schema: + type: string + description: Internal application name, used in URLs. + required: true + tags: + - core + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/FilePathRequest' + required: true + security: + - authentik: [] + responses: + '200': + description: Success + '400': + description: Bad request + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /core/applications/{slug}/used_by/: + get: + operationId: core_applications_used_by_list + description: Get a list of all objects that use this object + parameters: + - in: path + name: slug + schema: + type: string + description: Internal application name, used in URLs. + required: true + tags: + - core + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/UsedBy' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /core/authenticated_sessions/: + get: + operationId: core_authenticated_sessions_list + description: AuthenticatedSession Viewset + parameters: + - in: query + name: last_ip + schema: + type: string + - in: query + name: last_user_agent + schema: + type: string + - name: ordering + required: false + in: query + description: Which field to use when ordering the results. + schema: + type: string + - name: page + required: false + in: query + description: A page number within the paginated result set. + schema: + type: integer + - name: page_size + required: false + in: query + description: Number of results to return per page. + schema: + type: integer + - name: search + required: false + in: query + description: A search term. + schema: + type: string + - in: query + name: user__username + schema: + type: string + tags: + - core + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/PaginatedAuthenticatedSessionList' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /core/authenticated_sessions/{uuid}/: + get: + operationId: core_authenticated_sessions_retrieve + description: AuthenticatedSession Viewset + parameters: + - in: path + name: uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Authenticated Session. + required: true + tags: + - core + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/AuthenticatedSession' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + delete: + operationId: core_authenticated_sessions_destroy + description: AuthenticatedSession Viewset + parameters: + - in: path + name: uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Authenticated Session. + required: true + tags: + - core + security: + - authentik: [] + responses: + '204': + description: No response body + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /core/authenticated_sessions/{uuid}/used_by/: + get: + operationId: core_authenticated_sessions_used_by_list + description: Get a list of all objects that use this object + parameters: + - in: path + name: uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Authenticated Session. + required: true + tags: + - core + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/UsedBy' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /core/groups/: + get: + operationId: core_groups_list + description: Group Viewset + parameters: + - in: query + name: attributes + schema: + type: string + description: Attributes + - in: query + name: is_superuser + schema: + type: boolean + - in: query + name: members_by_pk + schema: + type: array + items: + type: integer + explode: true + style: form + - in: query + name: members_by_username + schema: + type: array + items: + type: string + description: Required. 150 characters or fewer. Letters, digits and @/./+/-/_ + only. + explode: true + style: form + - in: query + name: name + schema: + type: string + - name: ordering + required: false + in: query + description: Which field to use when ordering the results. + schema: + type: string + - name: page + required: false + in: query + description: A page number within the paginated result set. + schema: + type: integer + - name: page_size + required: false + in: query + description: Number of results to return per page. + schema: + type: integer + - name: search + required: false + in: query + description: A search term. + schema: + type: string + tags: + - core + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/PaginatedGroupList' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + post: + operationId: core_groups_create + description: Group Viewset + tags: + - core + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/GroupRequest' + required: true + security: + - authentik: [] + responses: + '201': + content: + application/json: + schema: + $ref: '#/components/schemas/Group' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /core/groups/{group_uuid}/: + get: + operationId: core_groups_retrieve + description: Group Viewset + parameters: + - in: path + name: group_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this group. + required: true + tags: + - core + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/Group' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + put: + operationId: core_groups_update + description: Group Viewset + parameters: + - in: path + name: group_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this group. + required: true + tags: + - core + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/GroupRequest' + required: true + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/Group' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + patch: + operationId: core_groups_partial_update + description: Group Viewset + parameters: + - in: path + name: group_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this group. + required: true + tags: + - core + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/PatchedGroupRequest' + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/Group' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + delete: + operationId: core_groups_destroy + description: Group Viewset + parameters: + - in: path + name: group_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this group. + required: true + tags: + - core + security: + - authentik: [] + responses: + '204': + description: No response body + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /core/groups/{group_uuid}/used_by/: + get: + operationId: core_groups_used_by_list + description: Get a list of all objects that use this object + parameters: + - in: path + name: group_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this group. + required: true + tags: + - core + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/UsedBy' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /core/tenants/: + get: + operationId: core_tenants_list + description: Tenant Viewset + parameters: + - in: query + name: branding_favicon + schema: + type: string + - in: query + name: branding_logo + schema: + type: string + - in: query + name: branding_title + schema: + type: string + - in: query + name: default + schema: + type: boolean + - in: query + name: domain + schema: + type: string + - in: query + name: event_retention + schema: + type: string + - in: query + name: flow_authentication + schema: + type: string + format: uuid + - in: query + name: flow_device_code + schema: + type: string + format: uuid + - in: query + name: flow_invalidation + schema: + type: string + format: uuid + - in: query + name: flow_recovery + schema: + type: string + format: uuid + - in: query + name: flow_unenrollment + schema: + type: string + format: uuid + - in: query + name: flow_user_settings + schema: + type: string + format: uuid + - name: ordering + required: false + in: query + description: Which field to use when ordering the results. + schema: + type: string + - name: page + required: false + in: query + description: A page number within the paginated result set. + schema: + type: integer + - name: page_size + required: false + in: query + description: Number of results to return per page. + schema: + type: integer + - name: search + required: false + in: query + description: A search term. + schema: + type: string + - in: query + name: tenant_uuid + schema: + type: string + format: uuid + - in: query + name: web_certificate + schema: + type: string + format: uuid + tags: + - core + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/PaginatedTenantList' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + post: + operationId: core_tenants_create + description: Tenant Viewset + tags: + - core + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/TenantRequest' + required: true + security: + - authentik: [] + responses: + '201': + content: + application/json: + schema: + $ref: '#/components/schemas/Tenant' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /core/tenants/{tenant_uuid}/: + get: + operationId: core_tenants_retrieve + description: Tenant Viewset + parameters: + - in: path + name: tenant_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Tenant. + required: true + tags: + - core + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/Tenant' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + put: + operationId: core_tenants_update + description: Tenant Viewset + parameters: + - in: path + name: tenant_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Tenant. + required: true + tags: + - core + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/TenantRequest' + required: true + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/Tenant' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + patch: + operationId: core_tenants_partial_update + description: Tenant Viewset + parameters: + - in: path + name: tenant_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Tenant. + required: true + tags: + - core + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/PatchedTenantRequest' + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/Tenant' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + delete: + operationId: core_tenants_destroy + description: Tenant Viewset + parameters: + - in: path + name: tenant_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Tenant. + required: true + tags: + - core + security: + - authentik: [] + responses: + '204': + description: No response body + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /core/tenants/{tenant_uuid}/used_by/: + get: + operationId: core_tenants_used_by_list + description: Get a list of all objects that use this object + parameters: + - in: path + name: tenant_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Tenant. + required: true + tags: + - core + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/UsedBy' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /core/tenants/current/: + get: + operationId: core_tenants_current_retrieve + description: Get current tenant + tags: + - core + security: + - authentik: [] + - {} + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/CurrentTenant' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /core/tokens/: + get: + operationId: core_tokens_list + description: Token Viewset + parameters: + - in: query + name: description + schema: + type: string + - in: query + name: expires + schema: + type: string + format: date-time + - in: query + name: expiring + schema: + type: boolean + - in: query + name: identifier + schema: + type: string + - in: query + name: intent + schema: + type: string + enum: + - api + - app_password + - recovery + - verification + - in: query + name: managed + schema: + type: string + - name: ordering + required: false + in: query + description: Which field to use when ordering the results. + schema: + type: string + - name: page + required: false + in: query + description: A page number within the paginated result set. + schema: + type: integer + - name: page_size + required: false + in: query + description: Number of results to return per page. + schema: + type: integer + - name: search + required: false + in: query + description: A search term. + schema: + type: string + - in: query + name: user__username + schema: + type: string + tags: + - core + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/PaginatedTokenList' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + post: + operationId: core_tokens_create + description: Token Viewset + tags: + - core + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/TokenRequest' + required: true + security: + - authentik: [] + responses: + '201': + content: + application/json: + schema: + $ref: '#/components/schemas/Token' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /core/tokens/{identifier}/: + get: + operationId: core_tokens_retrieve + description: Token Viewset + parameters: + - in: path + name: identifier + schema: + type: string + required: true + tags: + - core + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/Token' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + put: + operationId: core_tokens_update + description: Token Viewset + parameters: + - in: path + name: identifier + schema: + type: string + required: true + tags: + - core + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/TokenRequest' + required: true + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/Token' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + patch: + operationId: core_tokens_partial_update + description: Token Viewset + parameters: + - in: path + name: identifier + schema: + type: string + required: true + tags: + - core + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/PatchedTokenRequest' + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/Token' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + delete: + operationId: core_tokens_destroy + description: Token Viewset + parameters: + - in: path + name: identifier + schema: + type: string + required: true + tags: + - core + security: + - authentik: [] + responses: + '204': + description: No response body + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /core/tokens/{identifier}/set_key/: + post: + operationId: core_tokens_set_key_create + description: Return token key and log access + parameters: + - in: path + name: identifier + schema: + type: string + required: true + tags: + - core + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/TokenSetKeyRequest' + required: true + security: + - authentik: [] + responses: + '204': + description: Successfully changed key + '400': + description: Missing key + '404': + description: Token not found or expired + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /core/tokens/{identifier}/used_by/: + get: + operationId: core_tokens_used_by_list + description: Get a list of all objects that use this object + parameters: + - in: path + name: identifier + schema: + type: string + required: true + tags: + - core + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/UsedBy' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /core/tokens/{identifier}/view_key/: + get: + operationId: core_tokens_view_key_retrieve + description: Return token key and log access + parameters: + - in: path + name: identifier + schema: + type: string + required: true + tags: + - core + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/TokenView' + description: '' + '404': + description: Token not found or expired + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /core/user_consent/: + get: + operationId: core_user_consent_list + description: UserConsent Viewset + parameters: + - in: query + name: application + schema: + type: string + format: uuid + - name: ordering + required: false + in: query + description: Which field to use when ordering the results. + schema: + type: string + - name: page + required: false + in: query + description: A page number within the paginated result set. + schema: + type: integer + - name: page_size + required: false + in: query + description: Number of results to return per page. + schema: + type: integer + - name: search + required: false + in: query + description: A search term. + schema: + type: string + - in: query + name: user + schema: + type: integer + tags: + - core + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/PaginatedUserConsentList' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /core/user_consent/{id}/: + get: + operationId: core_user_consent_retrieve + description: UserConsent Viewset + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this User Consent. + required: true + tags: + - core + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/UserConsent' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + delete: + operationId: core_user_consent_destroy + description: UserConsent Viewset + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this User Consent. + required: true + tags: + - core + security: + - authentik: [] + responses: + '204': + description: No response body + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /core/user_consent/{id}/used_by/: + get: + operationId: core_user_consent_used_by_list + description: Get a list of all objects that use this object + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this User Consent. + required: true + tags: + - core + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/UsedBy' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /core/users/: + get: + operationId: core_users_list + description: User Viewset + parameters: + - in: query + name: attributes + schema: + type: string + description: Attributes + - in: query + name: email + schema: + type: string + - in: query + name: groups_by_name + schema: + type: array + items: + type: string + explode: true + style: form + - in: query + name: groups_by_pk + schema: + type: array + items: + type: string + format: uuid + explode: true + style: form + - in: query + name: is_active + schema: + type: boolean + - in: query + name: is_superuser + schema: + type: boolean + - in: query + name: name + schema: + type: string + - name: ordering + required: false + in: query + description: Which field to use when ordering the results. + schema: + type: string + - name: page + required: false + in: query + description: A page number within the paginated result set. + schema: + type: integer + - name: page_size + required: false + in: query + description: Number of results to return per page. + schema: + type: integer + - in: query + name: path + schema: + type: string + - in: query + name: path_startswith + schema: + type: string + - name: search + required: false + in: query + description: A search term. + schema: + type: string + - in: query + name: username + schema: + type: string + - in: query + name: uuid + schema: + type: string + tags: + - core + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/PaginatedUserList' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + post: + operationId: core_users_create + description: User Viewset + tags: + - core + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/UserRequest' + required: true + security: + - authentik: [] + responses: + '201': + content: + application/json: + schema: + $ref: '#/components/schemas/User' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /core/users/{id}/: + get: + operationId: core_users_retrieve + description: User Viewset + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this User. + required: true + tags: + - core + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/User' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + put: + operationId: core_users_update + description: User Viewset + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this User. + required: true + tags: + - core + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/UserRequest' + required: true + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/User' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + patch: + operationId: core_users_partial_update + description: User Viewset + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this User. + required: true + tags: + - core + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/PatchedUserRequest' + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/User' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + delete: + operationId: core_users_destroy + description: User Viewset + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this User. + required: true + tags: + - core + security: + - authentik: [] + responses: + '204': + description: No response body + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /core/users/{id}/metrics/: + get: + operationId: core_users_metrics_retrieve + description: User metrics per 1h + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this User. + required: true + tags: + - core + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/UserMetrics' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /core/users/{id}/recovery/: + get: + operationId: core_users_recovery_retrieve + description: Create a temporary link that a user can use to recover their accounts + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this User. + required: true + tags: + - core + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/Link' + description: '' + '404': + content: + application/json: + schema: + $ref: '#/components/schemas/Link' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /core/users/{id}/recovery_email/: + get: + operationId: core_users_recovery_email_retrieve + description: Create a temporary link that a user can use to recover their accounts + parameters: + - in: query + name: email_stage + schema: + type: string + required: true + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this User. + required: true + tags: + - core + security: + - authentik: [] + responses: + '204': + description: Successfully sent recover email + '404': + description: Bad request + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /core/users/{id}/set_password/: + post: + operationId: core_users_set_password_create + description: Set password for user + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this User. + required: true + tags: + - core + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/UserPasswordSetRequest' + required: true + security: + - authentik: [] + responses: + '204': + description: Successfully changed password + '400': + description: Bad request + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /core/users/{id}/used_by/: + get: + operationId: core_users_used_by_list + description: Get a list of all objects that use this object + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this User. + required: true + tags: + - core + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/UsedBy' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /core/users/me/: + get: + operationId: core_users_me_retrieve + description: Get information about current user + tags: + - core + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/SessionUser' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /core/users/paths/: + get: + operationId: core_users_paths_retrieve + description: Get all user paths + parameters: + - in: query + name: search + schema: + type: string + tags: + - core + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/UserPath' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /core/users/service_account/: + post: + operationId: core_users_service_account_create + description: Create a new user account that is marked as a service account + tags: + - core + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/UserServiceAccountRequest' + required: true + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/UserServiceAccountResponse' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /crypto/certificatekeypairs/: + get: + operationId: crypto_certificatekeypairs_list + description: CertificateKeyPair Viewset + parameters: + - in: query + name: has_key + schema: + type: boolean + description: Only return certificate-key pairs with keys + - in: query + name: include_details + schema: + type: boolean + default: true + - in: query + name: managed + schema: + type: string + - in: query + name: name + schema: + type: string + - name: ordering + required: false + in: query + description: Which field to use when ordering the results. + schema: + type: string + - name: page + required: false + in: query + description: A page number within the paginated result set. + schema: + type: integer + - name: page_size + required: false + in: query + description: Number of results to return per page. + schema: + type: integer + - name: search + required: false + in: query + description: A search term. + schema: + type: string + tags: + - crypto + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/PaginatedCertificateKeyPairList' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + post: + operationId: crypto_certificatekeypairs_create + description: CertificateKeyPair Viewset + tags: + - crypto + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/CertificateKeyPairRequest' + required: true + security: + - authentik: [] + responses: + '201': + content: + application/json: + schema: + $ref: '#/components/schemas/CertificateKeyPair' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /crypto/certificatekeypairs/{kp_uuid}/: + get: + operationId: crypto_certificatekeypairs_retrieve + description: CertificateKeyPair Viewset + parameters: + - in: path + name: kp_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Certificate-Key Pair. + required: true + tags: + - crypto + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/CertificateKeyPair' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + put: + operationId: crypto_certificatekeypairs_update + description: CertificateKeyPair Viewset + parameters: + - in: path + name: kp_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Certificate-Key Pair. + required: true + tags: + - crypto + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/CertificateKeyPairRequest' + required: true + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/CertificateKeyPair' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + patch: + operationId: crypto_certificatekeypairs_partial_update + description: CertificateKeyPair Viewset + parameters: + - in: path + name: kp_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Certificate-Key Pair. + required: true + tags: + - crypto + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/PatchedCertificateKeyPairRequest' + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/CertificateKeyPair' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + delete: + operationId: crypto_certificatekeypairs_destroy + description: CertificateKeyPair Viewset + parameters: + - in: path + name: kp_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Certificate-Key Pair. + required: true + tags: + - crypto + security: + - authentik: [] + responses: + '204': + description: No response body + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /crypto/certificatekeypairs/{kp_uuid}/used_by/: + get: + operationId: crypto_certificatekeypairs_used_by_list + description: Get a list of all objects that use this object + parameters: + - in: path + name: kp_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Certificate-Key Pair. + required: true + tags: + - crypto + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/UsedBy' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /crypto/certificatekeypairs/{kp_uuid}/view_certificate/: + get: + operationId: crypto_certificatekeypairs_view_certificate_retrieve + description: Return certificate-key pairs certificate and log access + parameters: + - in: query + name: download + schema: + type: boolean + - in: path + name: kp_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Certificate-Key Pair. + required: true + tags: + - crypto + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/CertificateData' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /crypto/certificatekeypairs/{kp_uuid}/view_private_key/: + get: + operationId: crypto_certificatekeypairs_view_private_key_retrieve + description: Return certificate-key pairs private key and log access + parameters: + - in: query + name: download + schema: + type: boolean + - in: path + name: kp_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Certificate-Key Pair. + required: true + tags: + - crypto + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/CertificateData' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /crypto/certificatekeypairs/generate/: + post: + operationId: crypto_certificatekeypairs_generate_create + description: Generate a new, self-signed certificate-key pair + tags: + - crypto + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/CertificateGenerationRequest' + required: true + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/CertificateKeyPair' + description: '' + '400': + description: Bad request + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /events/events/: + get: + operationId: events_events_list + description: Event Read-Only Viewset + parameters: + - in: query + name: action + schema: + type: string + - in: query + name: client_ip + schema: + type: string + - in: query + name: context_authorized_app + schema: + type: string + description: Context Authorized application + - in: query + name: context_model_app + schema: + type: string + description: Context Model App + - in: query + name: context_model_name + schema: + type: string + description: Context Model Name + - in: query + name: context_model_pk + schema: + type: string + description: Context Model Primary Key + - name: ordering + required: false + in: query + description: Which field to use when ordering the results. + schema: + type: string + - name: page + required: false + in: query + description: A page number within the paginated result set. + schema: + type: integer + - name: page_size + required: false + in: query + description: Number of results to return per page. + schema: + type: integer + - name: search + required: false + in: query + description: A search term. + schema: + type: string + - in: query + name: tenant_name + schema: + type: string + description: Tenant name + - in: query + name: username + schema: + type: string + description: Username + tags: + - events + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/PaginatedEventList' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + post: + operationId: events_events_create + description: Event Read-Only Viewset + tags: + - events + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/EventRequest' + required: true + security: + - authentik: [] + responses: + '201': + content: + application/json: + schema: + $ref: '#/components/schemas/Event' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /events/events/{event_uuid}/: + get: + operationId: events_events_retrieve + description: Event Read-Only Viewset + parameters: + - in: path + name: event_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Event. + required: true + tags: + - events + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/Event' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + put: + operationId: events_events_update + description: Event Read-Only Viewset + parameters: + - in: path + name: event_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Event. + required: true + tags: + - events + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/EventRequest' + required: true + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/Event' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + patch: + operationId: events_events_partial_update + description: Event Read-Only Viewset + parameters: + - in: path + name: event_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Event. + required: true + tags: + - events + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/PatchedEventRequest' + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/Event' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + delete: + operationId: events_events_destroy + description: Event Read-Only Viewset + parameters: + - in: path + name: event_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Event. + required: true + tags: + - events + security: + - authentik: [] + responses: + '204': + description: No response body + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /events/events/actions/: + get: + operationId: events_events_actions_list + description: Get all actions + tags: + - events + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/TypeCreate' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /events/events/per_month/: + get: + operationId: events_events_per_month_list + description: Get the count of events per month + parameters: + - in: query + name: action + schema: + type: string + - in: query + name: query + schema: + type: string + tags: + - events + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/Coordinate' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /events/events/top_per_user/: + get: + operationId: events_events_top_per_user_list + description: Get the top_n events grouped by user count + parameters: + - in: query + name: action + schema: + type: string + - in: query + name: top_n + schema: + type: integer + tags: + - events + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/EventTopPerUser' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /events/notifications/: + get: + operationId: events_notifications_list + description: Notification Viewset + parameters: + - in: query + name: body + schema: + type: string + - in: query + name: created + schema: + type: string + format: date-time + - in: query + name: event + schema: + type: string + format: uuid + - name: ordering + required: false + in: query + description: Which field to use when ordering the results. + schema: + type: string + - name: page + required: false + in: query + description: A page number within the paginated result set. + schema: + type: integer + - name: page_size + required: false + in: query + description: Number of results to return per page. + schema: + type: integer + - name: search + required: false + in: query + description: A search term. + schema: + type: string + - in: query + name: seen + schema: + type: boolean + - in: query + name: severity + schema: + type: string + enum: + - alert + - notice + - warning + - in: query + name: user + schema: + type: integer + tags: + - events + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/PaginatedNotificationList' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /events/notifications/{uuid}/: + get: + operationId: events_notifications_retrieve + description: Notification Viewset + parameters: + - in: path + name: uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Notification. + required: true + tags: + - events + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/Notification' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + put: + operationId: events_notifications_update + description: Notification Viewset + parameters: + - in: path + name: uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Notification. + required: true + tags: + - events + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/NotificationRequest' + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/Notification' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + patch: + operationId: events_notifications_partial_update + description: Notification Viewset + parameters: + - in: path + name: uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Notification. + required: true + tags: + - events + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/PatchedNotificationRequest' + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/Notification' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + delete: + operationId: events_notifications_destroy + description: Notification Viewset + parameters: + - in: path + name: uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Notification. + required: true + tags: + - events + security: + - authentik: [] + responses: + '204': + description: No response body + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /events/notifications/{uuid}/used_by/: + get: + operationId: events_notifications_used_by_list + description: Get a list of all objects that use this object + parameters: + - in: path + name: uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Notification. + required: true + tags: + - events + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/UsedBy' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /events/notifications/mark_all_seen/: + post: + operationId: events_notifications_mark_all_seen_create + description: Mark all the user's notifications as seen + tags: + - events + security: + - authentik: [] + responses: + '204': + description: Marked tasks as read successfully. + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /events/rules/: + get: + operationId: events_rules_list + description: NotificationRule Viewset + parameters: + - in: query + name: group__name + schema: + type: string + - in: query + name: name + schema: + type: string + - name: ordering + required: false + in: query + description: Which field to use when ordering the results. + schema: + type: string + - name: page + required: false + in: query + description: A page number within the paginated result set. + schema: + type: integer + - name: page_size + required: false + in: query + description: Number of results to return per page. + schema: + type: integer + - name: search + required: false + in: query + description: A search term. + schema: + type: string + - in: query + name: severity + schema: + type: string + enum: + - alert + - notice + - warning + description: Controls which severity level the created notifications will + have. + tags: + - events + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/PaginatedNotificationRuleList' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + post: + operationId: events_rules_create + description: NotificationRule Viewset + tags: + - events + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/NotificationRuleRequest' + required: true + security: + - authentik: [] + responses: + '201': + content: + application/json: + schema: + $ref: '#/components/schemas/NotificationRule' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /events/rules/{pbm_uuid}/: + get: + operationId: events_rules_retrieve + description: NotificationRule Viewset + parameters: + - in: path + name: pbm_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Notification Rule. + required: true + tags: + - events + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/NotificationRule' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + put: + operationId: events_rules_update + description: NotificationRule Viewset + parameters: + - in: path + name: pbm_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Notification Rule. + required: true + tags: + - events + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/NotificationRuleRequest' + required: true + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/NotificationRule' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + patch: + operationId: events_rules_partial_update + description: NotificationRule Viewset + parameters: + - in: path + name: pbm_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Notification Rule. + required: true + tags: + - events + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/PatchedNotificationRuleRequest' + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/NotificationRule' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + delete: + operationId: events_rules_destroy + description: NotificationRule Viewset + parameters: + - in: path + name: pbm_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Notification Rule. + required: true + tags: + - events + security: + - authentik: [] + responses: + '204': + description: No response body + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /events/rules/{pbm_uuid}/used_by/: + get: + operationId: events_rules_used_by_list + description: Get a list of all objects that use this object + parameters: + - in: path + name: pbm_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Notification Rule. + required: true + tags: + - events + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/UsedBy' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /events/transports/: + get: + operationId: events_transports_list + description: NotificationTransport Viewset + parameters: + - in: query + name: mode + schema: + type: string + enum: + - email + - local + - webhook + - webhook_slack + - in: query + name: name + schema: + type: string + - name: ordering + required: false + in: query + description: Which field to use when ordering the results. + schema: + type: string + - name: page + required: false + in: query + description: A page number within the paginated result set. + schema: + type: integer + - name: page_size + required: false + in: query + description: Number of results to return per page. + schema: + type: integer + - name: search + required: false + in: query + description: A search term. + schema: + type: string + - in: query + name: send_once + schema: + type: boolean + - in: query + name: webhook_url + schema: + type: string + tags: + - events + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/PaginatedNotificationTransportList' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + post: + operationId: events_transports_create + description: NotificationTransport Viewset + tags: + - events + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/NotificationTransportRequest' + required: true + security: + - authentik: [] + responses: + '201': + content: + application/json: + schema: + $ref: '#/components/schemas/NotificationTransport' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /events/transports/{uuid}/: + get: + operationId: events_transports_retrieve + description: NotificationTransport Viewset + parameters: + - in: path + name: uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Notification Transport. + required: true + tags: + - events + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/NotificationTransport' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + put: + operationId: events_transports_update + description: NotificationTransport Viewset + parameters: + - in: path + name: uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Notification Transport. + required: true + tags: + - events + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/NotificationTransportRequest' + required: true + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/NotificationTransport' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + patch: + operationId: events_transports_partial_update + description: NotificationTransport Viewset + parameters: + - in: path + name: uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Notification Transport. + required: true + tags: + - events + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/PatchedNotificationTransportRequest' + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/NotificationTransport' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + delete: + operationId: events_transports_destroy + description: NotificationTransport Viewset + parameters: + - in: path + name: uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Notification Transport. + required: true + tags: + - events + security: + - authentik: [] + responses: + '204': + description: No response body + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /events/transports/{uuid}/test/: + post: + operationId: events_transports_test_create + description: |- + Send example notification using selected transport. Requires + Modify permissions. + parameters: + - in: path + name: uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Notification Transport. + required: true + tags: + - events + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/NotificationTransportTest' + description: '' + '500': + description: Failed to test transport + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /events/transports/{uuid}/used_by/: + get: + operationId: events_transports_used_by_list + description: Get a list of all objects that use this object + parameters: + - in: path + name: uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Notification Transport. + required: true + tags: + - events + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/UsedBy' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /flows/bindings/: + get: + operationId: flows_bindings_list + description: FlowStageBinding Viewset + parameters: + - in: query + name: evaluate_on_plan + schema: + type: boolean + - in: query + name: fsb_uuid + schema: + type: string + format: uuid + - in: query + name: invalid_response_action + schema: + type: string + enum: + - restart + - restart_with_context + - retry + description: Configure how the flow executor should handle an invalid response + to a challenge. RETRY returns the error message and a similar challenge + to the executor. RESTART restarts the flow from the beginning, and RESTART_WITH_CONTEXT + restarts the flow while keeping the current context. + - in: query + name: order + schema: + type: integer + - name: ordering + required: false + in: query + description: Which field to use when ordering the results. + schema: + type: string + - name: page + required: false + in: query + description: A page number within the paginated result set. + schema: + type: integer + - name: page_size + required: false + in: query + description: Number of results to return per page. + schema: + type: integer + - in: query + name: pbm_uuid + schema: + type: string + format: uuid + - in: query + name: policies + schema: + type: array + items: + type: string + format: uuid + explode: true + style: form + - in: query + name: policy_engine_mode + schema: + type: string + enum: + - all + - any + - in: query + name: re_evaluate_policies + schema: + type: boolean + - name: search + required: false + in: query + description: A search term. + schema: + type: string + - in: query + name: stage + schema: + type: string + format: uuid + - in: query + name: target + schema: + type: string + format: uuid + tags: + - flows + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/PaginatedFlowStageBindingList' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + post: + operationId: flows_bindings_create + description: FlowStageBinding Viewset + tags: + - flows + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/FlowStageBindingRequest' + required: true + security: + - authentik: [] + responses: + '201': + content: + application/json: + schema: + $ref: '#/components/schemas/FlowStageBinding' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /flows/bindings/{fsb_uuid}/: + get: + operationId: flows_bindings_retrieve + description: FlowStageBinding Viewset + parameters: + - in: path + name: fsb_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Flow Stage Binding. + required: true + tags: + - flows + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/FlowStageBinding' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + put: + operationId: flows_bindings_update + description: FlowStageBinding Viewset + parameters: + - in: path + name: fsb_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Flow Stage Binding. + required: true + tags: + - flows + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/FlowStageBindingRequest' + required: true + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/FlowStageBinding' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + patch: + operationId: flows_bindings_partial_update + description: FlowStageBinding Viewset + parameters: + - in: path + name: fsb_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Flow Stage Binding. + required: true + tags: + - flows + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/PatchedFlowStageBindingRequest' + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/FlowStageBinding' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + delete: + operationId: flows_bindings_destroy + description: FlowStageBinding Viewset + parameters: + - in: path + name: fsb_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Flow Stage Binding. + required: true + tags: + - flows + security: + - authentik: [] + responses: + '204': + description: No response body + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /flows/bindings/{fsb_uuid}/used_by/: + get: + operationId: flows_bindings_used_by_list + description: Get a list of all objects that use this object + parameters: + - in: path + name: fsb_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Flow Stage Binding. + required: true + tags: + - flows + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/UsedBy' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /flows/executor/{flow_slug}/: + get: + operationId: flows_executor_get + description: Get the next pending challenge from the currently active flow. + parameters: + - in: path + name: flow_slug + schema: + type: string + required: true + - in: query + name: query + schema: + type: string + description: Querystring as received + required: true + tags: + - flows + security: + - authentik: [] + - {} + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/ChallengeTypes' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + post: + operationId: flows_executor_solve + description: Solve the previously retrieved challenge and advanced to the next + stage. + parameters: + - in: path + name: flow_slug + schema: + type: string + required: true + - in: query + name: query + schema: + type: string + description: Querystring as received + required: true + tags: + - flows + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/FlowChallengeResponseRequest' + security: + - authentik: [] + - {} + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/ChallengeTypes' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /flows/inspector/{flow_slug}/: + get: + operationId: flows_inspector_get + description: Get current flow state and record it + parameters: + - in: path + name: flow_slug + schema: + type: string + required: true + tags: + - flows + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/FlowInspection' + description: '' + '400': + description: No flow plan in session. + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /flows/instances/: + get: + operationId: flows_instances_list + description: Flow Viewset + parameters: + - in: query + name: denied_action + schema: + type: string + enum: + - continue + - message + - message_continue + description: Configure what should happen when a flow denies access to a user. + - in: query + name: designation + schema: + type: string + enum: + - authentication + - authorization + - enrollment + - invalidation + - recovery + - stage_configuration + - unenrollment + description: Decides what this Flow is used for. For example, the Authentication + flow is redirect to when an un-authenticated user visits authentik. + - in: query + name: flow_uuid + schema: + type: string + format: uuid + - in: query + name: name + schema: + type: string + - name: ordering + required: false + in: query + description: Which field to use when ordering the results. + schema: + type: string + - name: page + required: false + in: query + description: A page number within the paginated result set. + schema: + type: integer + - name: page_size + required: false + in: query + description: Number of results to return per page. + schema: + type: integer + - name: search + required: false + in: query + description: A search term. + schema: + type: string + - in: query + name: slug + schema: + type: string + tags: + - flows + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/PaginatedFlowList' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + post: + operationId: flows_instances_create + description: Flow Viewset + tags: + - flows + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/FlowRequest' + required: true + security: + - authentik: [] + responses: + '201': + content: + application/json: + schema: + $ref: '#/components/schemas/Flow' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /flows/instances/{slug}/: + get: + operationId: flows_instances_retrieve + description: Flow Viewset + parameters: + - in: path + name: slug + schema: + type: string + description: Visible in the URL. + required: true + tags: + - flows + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/Flow' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + put: + operationId: flows_instances_update + description: Flow Viewset + parameters: + - in: path + name: slug + schema: + type: string + description: Visible in the URL. + required: true + tags: + - flows + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/FlowRequest' + required: true + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/Flow' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + patch: + operationId: flows_instances_partial_update + description: Flow Viewset + parameters: + - in: path + name: slug + schema: + type: string + description: Visible in the URL. + required: true + tags: + - flows + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/PatchedFlowRequest' + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/Flow' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + delete: + operationId: flows_instances_destroy + description: Flow Viewset + parameters: + - in: path + name: slug + schema: + type: string + description: Visible in the URL. + required: true + tags: + - flows + security: + - authentik: [] + responses: + '204': + description: No response body + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /flows/instances/{slug}/diagram/: + get: + operationId: flows_instances_diagram_retrieve + description: Return diagram for flow with slug `slug`, in the format used by + flowchart.js + parameters: + - in: path + name: slug + schema: + type: string + description: Visible in the URL. + required: true + tags: + - flows + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/FlowDiagram' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /flows/instances/{slug}/execute/: + get: + operationId: flows_instances_execute_retrieve + description: Execute flow for current user + parameters: + - in: path + name: slug + schema: + type: string + description: Visible in the URL. + required: true + tags: + - flows + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/Link' + description: '' + '400': + description: Flow not applicable + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /flows/instances/{slug}/export/: + get: + operationId: flows_instances_export_retrieve + description: Export flow to .yaml file + parameters: + - in: path + name: slug + schema: + type: string + description: Visible in the URL. + required: true + tags: + - flows + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + type: string + format: binary + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /flows/instances/{slug}/set_background/: + post: + operationId: flows_instances_set_background_create + description: Set Flow background + parameters: + - in: path + name: slug + schema: + type: string + description: Visible in the URL. + required: true + tags: + - flows + requestBody: + content: + multipart/form-data: + schema: + $ref: '#/components/schemas/FileUploadRequest' + security: + - authentik: [] + responses: + '200': + description: Success + '400': + description: Bad request + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /flows/instances/{slug}/set_background_url/: + post: + operationId: flows_instances_set_background_url_create + description: Set Flow background (as URL) + parameters: + - in: path + name: slug + schema: + type: string + description: Visible in the URL. + required: true + tags: + - flows + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/FilePathRequest' + required: true + security: + - authentik: [] + responses: + '200': + description: Success + '400': + description: Bad request + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /flows/instances/{slug}/used_by/: + get: + operationId: flows_instances_used_by_list + description: Get a list of all objects that use this object + parameters: + - in: path + name: slug + schema: + type: string + description: Visible in the URL. + required: true + tags: + - flows + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/UsedBy' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /flows/instances/cache_clear/: + post: + operationId: flows_instances_cache_clear_create + description: Clear flow cache + tags: + - flows + security: + - authentik: [] + responses: + '204': + description: Successfully cleared cache + '400': + description: Bad request + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /flows/instances/cache_info/: + get: + operationId: flows_instances_cache_info_retrieve + description: Info about cached flows + tags: + - flows + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/Cache' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /flows/instances/import/: + post: + operationId: flows_instances_import_create + description: Import flow from .yaml file + tags: + - flows + requestBody: + content: + multipart/form-data: + schema: + $ref: '#/components/schemas/FileUploadRequest' + security: + - authentik: [] + responses: + '204': + content: + application/json: + schema: + $ref: '#/components/schemas/FlowImportResult' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/FlowImportResult' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /managed/blueprints/: + get: + operationId: managed_blueprints_list + description: Blueprint instances + parameters: + - in: query + name: name + schema: + type: string + - name: ordering + required: false + in: query + description: Which field to use when ordering the results. + schema: + type: string + - name: page + required: false + in: query + description: A page number within the paginated result set. + schema: + type: integer + - name: page_size + required: false + in: query + description: Number of results to return per page. + schema: + type: integer + - in: query + name: path + schema: + type: string + - name: search + required: false + in: query + description: A search term. + schema: + type: string + tags: + - managed + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/PaginatedBlueprintInstanceList' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + post: + operationId: managed_blueprints_create + description: Blueprint instances + tags: + - managed + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/BlueprintInstanceRequest' + required: true + security: + - authentik: [] + responses: + '201': + content: + application/json: + schema: + $ref: '#/components/schemas/BlueprintInstance' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /managed/blueprints/{instance_uuid}/: + get: + operationId: managed_blueprints_retrieve + description: Blueprint instances + parameters: + - in: path + name: instance_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Blueprint Instance. + required: true + tags: + - managed + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/BlueprintInstance' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + put: + operationId: managed_blueprints_update + description: Blueprint instances + parameters: + - in: path + name: instance_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Blueprint Instance. + required: true + tags: + - managed + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/BlueprintInstanceRequest' + required: true + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/BlueprintInstance' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + patch: + operationId: managed_blueprints_partial_update + description: Blueprint instances + parameters: + - in: path + name: instance_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Blueprint Instance. + required: true + tags: + - managed + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/PatchedBlueprintInstanceRequest' + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/BlueprintInstance' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + delete: + operationId: managed_blueprints_destroy + description: Blueprint instances + parameters: + - in: path + name: instance_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Blueprint Instance. + required: true + tags: + - managed + security: + - authentik: [] + responses: + '204': + description: No response body + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /managed/blueprints/{instance_uuid}/apply/: + post: + operationId: managed_blueprints_apply_create + description: Apply a blueprint + parameters: + - in: path + name: instance_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Blueprint Instance. + required: true + tags: + - managed + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/BlueprintInstance' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /managed/blueprints/{instance_uuid}/used_by/: + get: + operationId: managed_blueprints_used_by_list + description: Get a list of all objects that use this object + parameters: + - in: path + name: instance_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Blueprint Instance. + required: true + tags: + - managed + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/UsedBy' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /managed/blueprints/available/: + get: + operationId: managed_blueprints_available_list + description: Get blueprints + tags: + - managed + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/BlueprintFile' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /oauth2/authorization_codes/: + get: + operationId: oauth2_authorization_codes_list + description: AuthorizationCode Viewset + parameters: + - name: ordering + required: false + in: query + description: Which field to use when ordering the results. + schema: + type: string + - name: page + required: false + in: query + description: A page number within the paginated result set. + schema: + type: integer + - name: page_size + required: false + in: query + description: Number of results to return per page. + schema: + type: integer + - in: query + name: provider + schema: + type: integer + - name: search + required: false + in: query + description: A search term. + schema: + type: string + - in: query + name: user + schema: + type: integer + tags: + - oauth2 + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/PaginatedExpiringBaseGrantModelList' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /oauth2/authorization_codes/{id}/: + get: + operationId: oauth2_authorization_codes_retrieve + description: AuthorizationCode Viewset + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this Authorization Code. + required: true + tags: + - oauth2 + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/ExpiringBaseGrantModel' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + delete: + operationId: oauth2_authorization_codes_destroy + description: AuthorizationCode Viewset + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this Authorization Code. + required: true + tags: + - oauth2 + security: + - authentik: [] + responses: + '204': + description: No response body + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /oauth2/authorization_codes/{id}/used_by/: + get: + operationId: oauth2_authorization_codes_used_by_list + description: Get a list of all objects that use this object + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this Authorization Code. + required: true + tags: + - oauth2 + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/UsedBy' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /oauth2/refresh_tokens/: + get: + operationId: oauth2_refresh_tokens_list + description: RefreshToken Viewset + parameters: + - name: ordering + required: false + in: query + description: Which field to use when ordering the results. + schema: + type: string + - name: page + required: false + in: query + description: A page number within the paginated result set. + schema: + type: integer + - name: page_size + required: false + in: query + description: Number of results to return per page. + schema: + type: integer + - in: query + name: provider + schema: + type: integer + - name: search + required: false + in: query + description: A search term. + schema: + type: string + - in: query + name: user + schema: + type: integer + tags: + - oauth2 + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/PaginatedRefreshTokenModelList' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /oauth2/refresh_tokens/{id}/: + get: + operationId: oauth2_refresh_tokens_retrieve + description: RefreshToken Viewset + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this OAuth2 Token. + required: true + tags: + - oauth2 + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/RefreshTokenModel' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + delete: + operationId: oauth2_refresh_tokens_destroy + description: RefreshToken Viewset + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this OAuth2 Token. + required: true + tags: + - oauth2 + security: + - authentik: [] + responses: + '204': + description: No response body + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /oauth2/refresh_tokens/{id}/used_by/: + get: + operationId: oauth2_refresh_tokens_used_by_list + description: Get a list of all objects that use this object + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this OAuth2 Token. + required: true + tags: + - oauth2 + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/UsedBy' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /outposts/instances/: + get: + operationId: outposts_instances_list + description: Outpost Viewset + parameters: + - in: query + name: managed__icontains + schema: + type: string + - in: query + name: managed__iexact + schema: + type: string + - in: query + name: name__icontains + schema: + type: string + - in: query + name: name__iexact + schema: + type: string + - name: ordering + required: false + in: query + description: Which field to use when ordering the results. + schema: + type: string + - name: page + required: false + in: query + description: A page number within the paginated result set. + schema: + type: integer + - name: page_size + required: false + in: query + description: Number of results to return per page. + schema: + type: integer + - in: query + name: providers__isnull + schema: + type: boolean + - in: query + name: providers_by_pk + schema: + type: array + items: + type: integer + explode: true + style: form + - name: search + required: false + in: query + description: A search term. + schema: + type: string + - in: query + name: service_connection__name__icontains + schema: + type: string + - in: query + name: service_connection__name__iexact + schema: + type: string + tags: + - outposts + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/PaginatedOutpostList' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + post: + operationId: outposts_instances_create + description: Outpost Viewset + tags: + - outposts + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/OutpostRequest' + required: true + security: + - authentik: [] + responses: + '201': + content: + application/json: + schema: + $ref: '#/components/schemas/Outpost' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /outposts/instances/{uuid}/: + get: + operationId: outposts_instances_retrieve + description: Outpost Viewset + parameters: + - in: path + name: uuid + schema: + type: string + format: uuid + description: A UUID string identifying this outpost. + required: true + tags: + - outposts + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/Outpost' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + put: + operationId: outposts_instances_update + description: Outpost Viewset + parameters: + - in: path + name: uuid + schema: + type: string + format: uuid + description: A UUID string identifying this outpost. + required: true + tags: + - outposts + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/OutpostRequest' + required: true + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/Outpost' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + patch: + operationId: outposts_instances_partial_update + description: Outpost Viewset + parameters: + - in: path + name: uuid + schema: + type: string + format: uuid + description: A UUID string identifying this outpost. + required: true + tags: + - outposts + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/PatchedOutpostRequest' + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/Outpost' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + delete: + operationId: outposts_instances_destroy + description: Outpost Viewset + parameters: + - in: path + name: uuid + schema: + type: string + format: uuid + description: A UUID string identifying this outpost. + required: true + tags: + - outposts + security: + - authentik: [] + responses: + '204': + description: No response body + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /outposts/instances/{uuid}/health/: + get: + operationId: outposts_instances_health_list + description: Get outposts current health + parameters: + - in: query + name: managed__icontains + schema: + type: string + - in: query + name: managed__iexact + schema: + type: string + - in: query + name: name__icontains + schema: + type: string + - in: query + name: name__iexact + schema: + type: string + - name: ordering + required: false + in: query + description: Which field to use when ordering the results. + schema: + type: string + - in: query + name: providers__isnull + schema: + type: boolean + - in: query + name: providers_by_pk + schema: + type: array + items: + type: integer + explode: true + style: form + - name: search + required: false + in: query + description: A search term. + schema: + type: string + - in: query + name: service_connection__name__icontains + schema: + type: string + - in: query + name: service_connection__name__iexact + schema: + type: string + - in: path + name: uuid + schema: + type: string + format: uuid + description: A UUID string identifying this outpost. + required: true + tags: + - outposts + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/OutpostHealth' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /outposts/instances/{uuid}/used_by/: + get: + operationId: outposts_instances_used_by_list + description: Get a list of all objects that use this object + parameters: + - in: path + name: uuid + schema: + type: string + format: uuid + description: A UUID string identifying this outpost. + required: true + tags: + - outposts + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/UsedBy' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /outposts/instances/default_settings/: + get: + operationId: outposts_instances_default_settings_retrieve + description: Global default outpost config + tags: + - outposts + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/OutpostDefaultConfig' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /outposts/ldap/: + get: + operationId: outposts_ldap_list + description: LDAPProvider Viewset + parameters: + - in: query + name: name + schema: + type: string + - name: ordering + required: false + in: query + description: Which field to use when ordering the results. + schema: + type: string + - name: page + required: false + in: query + description: A page number within the paginated result set. + schema: + type: integer + - name: page_size + required: false + in: query + description: Number of results to return per page. + schema: + type: integer + - name: search + required: false + in: query + description: A search term. + schema: + type: string + tags: + - outposts + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/PaginatedLDAPOutpostConfigList' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /outposts/ldap/{id}/: + get: + operationId: outposts_ldap_retrieve + description: LDAPProvider Viewset + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this LDAP Provider. + required: true + tags: + - outposts + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/LDAPOutpostConfig' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /outposts/proxy/: + get: + operationId: outposts_proxy_list + description: ProxyProvider Viewset + parameters: + - in: query + name: name + schema: + type: string + - name: ordering + required: false + in: query + description: Which field to use when ordering the results. + schema: + type: string + - name: page + required: false + in: query + description: A page number within the paginated result set. + schema: + type: integer + - name: page_size + required: false + in: query + description: Number of results to return per page. + schema: + type: integer + - name: search + required: false + in: query + description: A search term. + schema: + type: string + tags: + - outposts + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/PaginatedProxyOutpostConfigList' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /outposts/proxy/{id}/: + get: + operationId: outposts_proxy_retrieve + description: ProxyProvider Viewset + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this Proxy Provider. + required: true + tags: + - outposts + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/ProxyOutpostConfig' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /outposts/service_connections/all/: + get: + operationId: outposts_service_connections_all_list + description: ServiceConnection Viewset + parameters: + - in: query + name: name + schema: + type: string + - name: ordering + required: false + in: query + description: Which field to use when ordering the results. + schema: + type: string + - name: page + required: false + in: query + description: A page number within the paginated result set. + schema: + type: integer + - name: page_size + required: false + in: query + description: Number of results to return per page. + schema: + type: integer + - name: search + required: false + in: query + description: A search term. + schema: + type: string + tags: + - outposts + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/PaginatedServiceConnectionList' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /outposts/service_connections/all/{uuid}/: + get: + operationId: outposts_service_connections_all_retrieve + description: ServiceConnection Viewset + parameters: + - in: path + name: uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Outpost Service-Connection. + required: true + tags: + - outposts + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/ServiceConnection' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + delete: + operationId: outposts_service_connections_all_destroy + description: ServiceConnection Viewset + parameters: + - in: path + name: uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Outpost Service-Connection. + required: true + tags: + - outposts + security: + - authentik: [] + responses: + '204': + description: No response body + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /outposts/service_connections/all/{uuid}/state/: + get: + operationId: outposts_service_connections_all_state_retrieve + description: Get the service connection's state + parameters: + - in: path + name: uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Outpost Service-Connection. + required: true + tags: + - outposts + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/ServiceConnectionState' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /outposts/service_connections/all/{uuid}/used_by/: + get: + operationId: outposts_service_connections_all_used_by_list + description: Get a list of all objects that use this object + parameters: + - in: path + name: uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Outpost Service-Connection. + required: true + tags: + - outposts + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/UsedBy' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /outposts/service_connections/all/types/: + get: + operationId: outposts_service_connections_all_types_list + description: Get all creatable service connection types + tags: + - outposts + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/TypeCreate' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /outposts/service_connections/docker/: + get: + operationId: outposts_service_connections_docker_list + description: DockerServiceConnection Viewset + parameters: + - in: query + name: local + schema: + type: boolean + - in: query + name: name + schema: + type: string + - name: ordering + required: false + in: query + description: Which field to use when ordering the results. + schema: + type: string + - name: page + required: false + in: query + description: A page number within the paginated result set. + schema: + type: integer + - name: page_size + required: false + in: query + description: Number of results to return per page. + schema: + type: integer + - name: search + required: false + in: query + description: A search term. + schema: + type: string + - in: query + name: tls_authentication + schema: + type: string + format: uuid + - in: query + name: tls_verification + schema: + type: string + format: uuid + - in: query + name: url + schema: + type: string + tags: + - outposts + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/PaginatedDockerServiceConnectionList' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + post: + operationId: outposts_service_connections_docker_create + description: DockerServiceConnection Viewset + tags: + - outposts + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/DockerServiceConnectionRequest' + required: true + security: + - authentik: [] + responses: + '201': + content: + application/json: + schema: + $ref: '#/components/schemas/DockerServiceConnection' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /outposts/service_connections/docker/{uuid}/: + get: + operationId: outposts_service_connections_docker_retrieve + description: DockerServiceConnection Viewset + parameters: + - in: path + name: uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Docker Service-Connection. + required: true + tags: + - outposts + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/DockerServiceConnection' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + put: + operationId: outposts_service_connections_docker_update + description: DockerServiceConnection Viewset + parameters: + - in: path + name: uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Docker Service-Connection. + required: true + tags: + - outposts + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/DockerServiceConnectionRequest' + required: true + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/DockerServiceConnection' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + patch: + operationId: outposts_service_connections_docker_partial_update + description: DockerServiceConnection Viewset + parameters: + - in: path + name: uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Docker Service-Connection. + required: true + tags: + - outposts + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/PatchedDockerServiceConnectionRequest' + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/DockerServiceConnection' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + delete: + operationId: outposts_service_connections_docker_destroy + description: DockerServiceConnection Viewset + parameters: + - in: path + name: uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Docker Service-Connection. + required: true + tags: + - outposts + security: + - authentik: [] + responses: + '204': + description: No response body + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /outposts/service_connections/docker/{uuid}/used_by/: + get: + operationId: outposts_service_connections_docker_used_by_list + description: Get a list of all objects that use this object + parameters: + - in: path + name: uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Docker Service-Connection. + required: true + tags: + - outposts + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/UsedBy' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /outposts/service_connections/kubernetes/: + get: + operationId: outposts_service_connections_kubernetes_list + description: KubernetesServiceConnection Viewset + parameters: + - in: query + name: local + schema: + type: boolean + - in: query + name: name + schema: + type: string + - name: ordering + required: false + in: query + description: Which field to use when ordering the results. + schema: + type: string + - name: page + required: false + in: query + description: A page number within the paginated result set. + schema: + type: integer + - name: page_size + required: false + in: query + description: Number of results to return per page. + schema: + type: integer + - name: search + required: false + in: query + description: A search term. + schema: + type: string + tags: + - outposts + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/PaginatedKubernetesServiceConnectionList' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + post: + operationId: outposts_service_connections_kubernetes_create + description: KubernetesServiceConnection Viewset + tags: + - outposts + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/KubernetesServiceConnectionRequest' + required: true + security: + - authentik: [] + responses: + '201': + content: + application/json: + schema: + $ref: '#/components/schemas/KubernetesServiceConnection' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /outposts/service_connections/kubernetes/{uuid}/: + get: + operationId: outposts_service_connections_kubernetes_retrieve + description: KubernetesServiceConnection Viewset + parameters: + - in: path + name: uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Kubernetes Service-Connection. + required: true + tags: + - outposts + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/KubernetesServiceConnection' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + put: + operationId: outposts_service_connections_kubernetes_update + description: KubernetesServiceConnection Viewset + parameters: + - in: path + name: uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Kubernetes Service-Connection. + required: true + tags: + - outposts + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/KubernetesServiceConnectionRequest' + required: true + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/KubernetesServiceConnection' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + patch: + operationId: outposts_service_connections_kubernetes_partial_update + description: KubernetesServiceConnection Viewset + parameters: + - in: path + name: uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Kubernetes Service-Connection. + required: true + tags: + - outposts + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/PatchedKubernetesServiceConnectionRequest' + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/KubernetesServiceConnection' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + delete: + operationId: outposts_service_connections_kubernetes_destroy + description: KubernetesServiceConnection Viewset + parameters: + - in: path + name: uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Kubernetes Service-Connection. + required: true + tags: + - outposts + security: + - authentik: [] + responses: + '204': + description: No response body + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /outposts/service_connections/kubernetes/{uuid}/used_by/: + get: + operationId: outposts_service_connections_kubernetes_used_by_list + description: Get a list of all objects that use this object + parameters: + - in: path + name: uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Kubernetes Service-Connection. + required: true + tags: + - outposts + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/UsedBy' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /policies/all/: + get: + operationId: policies_all_list + description: Policy Viewset + parameters: + - in: query + name: bindings__isnull + schema: + type: boolean + - name: ordering + required: false + in: query + description: Which field to use when ordering the results. + schema: + type: string + - name: page + required: false + in: query + description: A page number within the paginated result set. + schema: + type: integer + - name: page_size + required: false + in: query + description: Number of results to return per page. + schema: + type: integer + - in: query + name: promptstage__isnull + schema: + type: boolean + - name: search + required: false + in: query + description: A search term. + schema: + type: string + tags: + - policies + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/PaginatedPolicyList' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /policies/all/{policy_uuid}/: + get: + operationId: policies_all_retrieve + description: Policy Viewset + parameters: + - in: path + name: policy_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Policy. + required: true + tags: + - policies + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/Policy' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + delete: + operationId: policies_all_destroy + description: Policy Viewset + parameters: + - in: path + name: policy_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Policy. + required: true + tags: + - policies + security: + - authentik: [] + responses: + '204': + description: No response body + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /policies/all/{policy_uuid}/test/: + post: + operationId: policies_all_test_create + description: Test policy + parameters: + - in: path + name: policy_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Policy. + required: true + tags: + - policies + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/PolicyTestRequest' + required: true + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/PolicyTestResult' + description: '' + '400': + description: Invalid parameters + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /policies/all/{policy_uuid}/used_by/: + get: + operationId: policies_all_used_by_list + description: Get a list of all objects that use this object + parameters: + - in: path + name: policy_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Policy. + required: true + tags: + - policies + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/UsedBy' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /policies/all/cache_clear/: + post: + operationId: policies_all_cache_clear_create + description: Clear policy cache + tags: + - policies + security: + - authentik: [] + responses: + '204': + description: Successfully cleared cache + '400': + description: Bad request + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /policies/all/cache_info/: + get: + operationId: policies_all_cache_info_retrieve + description: Info about cached policies + tags: + - policies + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/Cache' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /policies/all/types/: + get: + operationId: policies_all_types_list + description: Get all creatable policy types + tags: + - policies + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/TypeCreate' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /policies/bindings/: + get: + operationId: policies_bindings_list + description: PolicyBinding Viewset + parameters: + - in: query + name: enabled + schema: + type: boolean + - in: query + name: order + schema: + type: integer + - name: ordering + required: false + in: query + description: Which field to use when ordering the results. + schema: + type: string + - name: page + required: false + in: query + description: A page number within the paginated result set. + schema: + type: integer + - name: page_size + required: false + in: query + description: Number of results to return per page. + schema: + type: integer + - in: query + name: policy + schema: + type: string + format: uuid + - in: query + name: policy__isnull + schema: + type: boolean + - name: search + required: false + in: query + description: A search term. + schema: + type: string + - in: query + name: target + schema: + type: string + format: uuid + - in: query + name: target_in + schema: + type: array + items: + type: string + format: uuid + explode: true + style: form + - in: query + name: timeout + schema: + type: integer + tags: + - policies + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/PaginatedPolicyBindingList' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + post: + operationId: policies_bindings_create + description: PolicyBinding Viewset + tags: + - policies + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/PolicyBindingRequest' + required: true + security: + - authentik: [] + responses: + '201': + content: + application/json: + schema: + $ref: '#/components/schemas/PolicyBinding' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /policies/bindings/{policy_binding_uuid}/: + get: + operationId: policies_bindings_retrieve + description: PolicyBinding Viewset + parameters: + - in: path + name: policy_binding_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Policy Binding. + required: true + tags: + - policies + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/PolicyBinding' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + put: + operationId: policies_bindings_update + description: PolicyBinding Viewset + parameters: + - in: path + name: policy_binding_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Policy Binding. + required: true + tags: + - policies + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/PolicyBindingRequest' + required: true + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/PolicyBinding' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + patch: + operationId: policies_bindings_partial_update + description: PolicyBinding Viewset + parameters: + - in: path + name: policy_binding_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Policy Binding. + required: true + tags: + - policies + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/PatchedPolicyBindingRequest' + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/PolicyBinding' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + delete: + operationId: policies_bindings_destroy + description: PolicyBinding Viewset + parameters: + - in: path + name: policy_binding_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Policy Binding. + required: true + tags: + - policies + security: + - authentik: [] + responses: + '204': + description: No response body + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /policies/bindings/{policy_binding_uuid}/used_by/: + get: + operationId: policies_bindings_used_by_list + description: Get a list of all objects that use this object + parameters: + - in: path + name: policy_binding_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Policy Binding. + required: true + tags: + - policies + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/UsedBy' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /policies/dummy/: + get: + operationId: policies_dummy_list + description: Dummy Viewset + parameters: + - in: query + name: created + schema: + type: string + format: date-time + - in: query + name: execution_logging + schema: + type: boolean + - in: query + name: last_updated + schema: + type: string + format: date-time + - in: query + name: name + schema: + type: string + - name: ordering + required: false + in: query + description: Which field to use when ordering the results. + schema: + type: string + - name: page + required: false + in: query + description: A page number within the paginated result set. + schema: + type: integer + - name: page_size + required: false + in: query + description: Number of results to return per page. + schema: + type: integer + - in: query + name: policy_uuid + schema: + type: string + format: uuid + - in: query + name: result + schema: + type: boolean + - name: search + required: false + in: query + description: A search term. + schema: + type: string + - in: query + name: wait_max + schema: + type: integer + - in: query + name: wait_min + schema: + type: integer + tags: + - policies + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/PaginatedDummyPolicyList' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + post: + operationId: policies_dummy_create + description: Dummy Viewset + tags: + - policies + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/DummyPolicyRequest' + security: + - authentik: [] + responses: + '201': + content: + application/json: + schema: + $ref: '#/components/schemas/DummyPolicy' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /policies/dummy/{policy_uuid}/: + get: + operationId: policies_dummy_retrieve + description: Dummy Viewset + parameters: + - in: path + name: policy_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Dummy Policy. + required: true + tags: + - policies + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/DummyPolicy' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + put: + operationId: policies_dummy_update + description: Dummy Viewset + parameters: + - in: path + name: policy_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Dummy Policy. + required: true + tags: + - policies + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/DummyPolicyRequest' + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/DummyPolicy' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + patch: + operationId: policies_dummy_partial_update + description: Dummy Viewset + parameters: + - in: path + name: policy_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Dummy Policy. + required: true + tags: + - policies + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/PatchedDummyPolicyRequest' + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/DummyPolicy' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + delete: + operationId: policies_dummy_destroy + description: Dummy Viewset + parameters: + - in: path + name: policy_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Dummy Policy. + required: true + tags: + - policies + security: + - authentik: [] + responses: + '204': + description: No response body + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /policies/dummy/{policy_uuid}/used_by/: + get: + operationId: policies_dummy_used_by_list + description: Get a list of all objects that use this object + parameters: + - in: path + name: policy_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Dummy Policy. + required: true + tags: + - policies + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/UsedBy' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /policies/event_matcher/: + get: + operationId: policies_event_matcher_list + description: Event Matcher Policy Viewset + parameters: + - in: query + name: action + schema: + type: string + enum: + - authorize_application + - configuration_error + - custom_ + - email_sent + - flow_execution + - impersonation_ended + - impersonation_started + - invitation_used + - login + - login_failed + - logout + - model_created + - model_deleted + - model_updated + - password_set + - policy_exception + - policy_execution + - property_mapping_exception + - secret_rotate + - secret_view + - source_linked + - suspicious_request + - system_exception + - system_task_exception + - system_task_execution + - update_available + - user_write + description: Match created events with this action type. When left empty, + all action types will be matched. + - in: query + name: app + schema: + type: string + enum: + - authentik.admin + - authentik.api + - authentik.blueprints + - authentik.core + - authentik.crypto + - authentik.events + - authentik.flows + - authentik.lib + - authentik.outposts + - authentik.policies + - authentik.policies.dummy + - authentik.policies.event_matcher + - authentik.policies.expiry + - authentik.policies.expression + - authentik.policies.hibp + - authentik.policies.password + - authentik.policies.reputation + - authentik.providers.ldap + - authentik.providers.oauth2 + - authentik.providers.proxy + - authentik.providers.saml + - authentik.recovery + - authentik.sources.ldap + - authentik.sources.oauth + - authentik.sources.plex + - authentik.sources.saml + - authentik.stages.authenticator_duo + - authentik.stages.authenticator_sms + - authentik.stages.authenticator_static + - authentik.stages.authenticator_totp + - authentik.stages.authenticator_validate + - authentik.stages.authenticator_webauthn + - authentik.stages.captcha + - authentik.stages.consent + - authentik.stages.deny + - authentik.stages.dummy + - authentik.stages.email + - authentik.stages.identification + - authentik.stages.invitation + - authentik.stages.password + - authentik.stages.prompt + - authentik.stages.user_delete + - authentik.stages.user_login + - authentik.stages.user_logout + - authentik.stages.user_write + - authentik.tenants + description: Match events created by selected application. When left empty, + all applications are matched. + - in: query + name: client_ip + schema: + type: string + - in: query + name: created + schema: + type: string + format: date-time + - in: query + name: execution_logging + schema: + type: boolean + - in: query + name: last_updated + schema: + type: string + format: date-time + - in: query + name: name + schema: + type: string + - name: ordering + required: false + in: query + description: Which field to use when ordering the results. + schema: + type: string + - name: page + required: false + in: query + description: A page number within the paginated result set. + schema: + type: integer + - name: page_size + required: false + in: query + description: Number of results to return per page. + schema: + type: integer + - in: query + name: policy_uuid + schema: + type: string + format: uuid + - name: search + required: false + in: query + description: A search term. + schema: + type: string + tags: + - policies + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/PaginatedEventMatcherPolicyList' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + post: + operationId: policies_event_matcher_create + description: Event Matcher Policy Viewset + tags: + - policies + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/EventMatcherPolicyRequest' + security: + - authentik: [] + responses: + '201': + content: + application/json: + schema: + $ref: '#/components/schemas/EventMatcherPolicy' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /policies/event_matcher/{policy_uuid}/: + get: + operationId: policies_event_matcher_retrieve + description: Event Matcher Policy Viewset + parameters: + - in: path + name: policy_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Event Matcher Policy. + required: true + tags: + - policies + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/EventMatcherPolicy' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + put: + operationId: policies_event_matcher_update + description: Event Matcher Policy Viewset + parameters: + - in: path + name: policy_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Event Matcher Policy. + required: true + tags: + - policies + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/EventMatcherPolicyRequest' + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/EventMatcherPolicy' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + patch: + operationId: policies_event_matcher_partial_update + description: Event Matcher Policy Viewset + parameters: + - in: path + name: policy_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Event Matcher Policy. + required: true + tags: + - policies + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/PatchedEventMatcherPolicyRequest' + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/EventMatcherPolicy' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + delete: + operationId: policies_event_matcher_destroy + description: Event Matcher Policy Viewset + parameters: + - in: path + name: policy_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Event Matcher Policy. + required: true + tags: + - policies + security: + - authentik: [] + responses: + '204': + description: No response body + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /policies/event_matcher/{policy_uuid}/used_by/: + get: + operationId: policies_event_matcher_used_by_list + description: Get a list of all objects that use this object + parameters: + - in: path + name: policy_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Event Matcher Policy. + required: true + tags: + - policies + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/UsedBy' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /policies/expression/: + get: + operationId: policies_expression_list + description: Source Viewset + parameters: + - in: query + name: created + schema: + type: string + format: date-time + - in: query + name: execution_logging + schema: + type: boolean + - in: query + name: expression + schema: + type: string + - in: query + name: last_updated + schema: + type: string + format: date-time + - in: query + name: name + schema: + type: string + - name: ordering + required: false + in: query + description: Which field to use when ordering the results. + schema: + type: string + - name: page + required: false + in: query + description: A page number within the paginated result set. + schema: + type: integer + - name: page_size + required: false + in: query + description: Number of results to return per page. + schema: + type: integer + - in: query + name: policy_uuid + schema: + type: string + format: uuid + - name: search + required: false + in: query + description: A search term. + schema: + type: string + tags: + - policies + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/PaginatedExpressionPolicyList' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + post: + operationId: policies_expression_create + description: Source Viewset + tags: + - policies + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/ExpressionPolicyRequest' + required: true + security: + - authentik: [] + responses: + '201': + content: + application/json: + schema: + $ref: '#/components/schemas/ExpressionPolicy' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /policies/expression/{policy_uuid}/: + get: + operationId: policies_expression_retrieve + description: Source Viewset + parameters: + - in: path + name: policy_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Expression Policy. + required: true + tags: + - policies + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/ExpressionPolicy' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + put: + operationId: policies_expression_update + description: Source Viewset + parameters: + - in: path + name: policy_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Expression Policy. + required: true + tags: + - policies + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/ExpressionPolicyRequest' + required: true + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/ExpressionPolicy' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + patch: + operationId: policies_expression_partial_update + description: Source Viewset + parameters: + - in: path + name: policy_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Expression Policy. + required: true + tags: + - policies + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/PatchedExpressionPolicyRequest' + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/ExpressionPolicy' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + delete: + operationId: policies_expression_destroy + description: Source Viewset + parameters: + - in: path + name: policy_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Expression Policy. + required: true + tags: + - policies + security: + - authentik: [] + responses: + '204': + description: No response body + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /policies/expression/{policy_uuid}/used_by/: + get: + operationId: policies_expression_used_by_list + description: Get a list of all objects that use this object + parameters: + - in: path + name: policy_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Expression Policy. + required: true + tags: + - policies + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/UsedBy' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /policies/haveibeenpwned/: + get: + operationId: policies_haveibeenpwned_list + description: Source Viewset + parameters: + - in: query + name: allowed_count + schema: + type: integer + - in: query + name: created + schema: + type: string + format: date-time + - in: query + name: execution_logging + schema: + type: boolean + - in: query + name: last_updated + schema: + type: string + format: date-time + - in: query + name: name + schema: + type: string + - name: ordering + required: false + in: query + description: Which field to use when ordering the results. + schema: + type: string + - name: page + required: false + in: query + description: A page number within the paginated result set. + schema: + type: integer + - name: page_size + required: false + in: query + description: Number of results to return per page. + schema: + type: integer + - in: query + name: password_field + schema: + type: string + - in: query + name: policy_uuid + schema: + type: string + format: uuid + - name: search + required: false + in: query + description: A search term. + schema: + type: string + tags: + - policies + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/PaginatedHaveIBeenPwendPolicyList' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + post: + operationId: policies_haveibeenpwned_create + description: Source Viewset + tags: + - policies + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/HaveIBeenPwendPolicyRequest' + security: + - authentik: [] + responses: + '201': + content: + application/json: + schema: + $ref: '#/components/schemas/HaveIBeenPwendPolicy' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /policies/haveibeenpwned/{policy_uuid}/: + get: + operationId: policies_haveibeenpwned_retrieve + description: Source Viewset + parameters: + - in: path + name: policy_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Have I Been Pwned Policy. + required: true + tags: + - policies + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/HaveIBeenPwendPolicy' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + put: + operationId: policies_haveibeenpwned_update + description: Source Viewset + parameters: + - in: path + name: policy_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Have I Been Pwned Policy. + required: true + tags: + - policies + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/HaveIBeenPwendPolicyRequest' + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/HaveIBeenPwendPolicy' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + patch: + operationId: policies_haveibeenpwned_partial_update + description: Source Viewset + parameters: + - in: path + name: policy_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Have I Been Pwned Policy. + required: true + tags: + - policies + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/PatchedHaveIBeenPwendPolicyRequest' + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/HaveIBeenPwendPolicy' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + delete: + operationId: policies_haveibeenpwned_destroy + description: Source Viewset + parameters: + - in: path + name: policy_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Have I Been Pwned Policy. + required: true + tags: + - policies + security: + - authentik: [] + responses: + '204': + description: No response body + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /policies/haveibeenpwned/{policy_uuid}/used_by/: + get: + operationId: policies_haveibeenpwned_used_by_list + description: Get a list of all objects that use this object + parameters: + - in: path + name: policy_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Have I Been Pwned Policy. + required: true + tags: + - policies + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/UsedBy' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /policies/password/: + get: + operationId: policies_password_list + description: Password Policy Viewset + parameters: + - in: query + name: amount_digits + schema: + type: integer + - in: query + name: amount_lowercase + schema: + type: integer + - in: query + name: amount_symbols + schema: + type: integer + - in: query + name: amount_uppercase + schema: + type: integer + - in: query + name: check_have_i_been_pwned + schema: + type: boolean + - in: query + name: check_static_rules + schema: + type: boolean + - in: query + name: check_zxcvbn + schema: + type: boolean + - in: query + name: created + schema: + type: string + format: date-time + - in: query + name: error_message + schema: + type: string + - in: query + name: execution_logging + schema: + type: boolean + - in: query + name: hibp_allowed_count + schema: + type: integer + - in: query + name: last_updated + schema: + type: string + format: date-time + - in: query + name: length_min + schema: + type: integer + - in: query + name: name + schema: + type: string + - name: ordering + required: false + in: query + description: Which field to use when ordering the results. + schema: + type: string + - name: page + required: false + in: query + description: A page number within the paginated result set. + schema: + type: integer + - name: page_size + required: false + in: query + description: Number of results to return per page. + schema: + type: integer + - in: query + name: password_field + schema: + type: string + - in: query + name: policy_uuid + schema: + type: string + format: uuid + - name: search + required: false + in: query + description: A search term. + schema: + type: string + - in: query + name: symbol_charset + schema: + type: string + - in: query + name: zxcvbn_score_threshold + schema: + type: integer + tags: + - policies + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/PaginatedPasswordPolicyList' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + post: + operationId: policies_password_create + description: Password Policy Viewset + tags: + - policies + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/PasswordPolicyRequest' + security: + - authentik: [] + responses: + '201': + content: + application/json: + schema: + $ref: '#/components/schemas/PasswordPolicy' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /policies/password/{policy_uuid}/: + get: + operationId: policies_password_retrieve + description: Password Policy Viewset + parameters: + - in: path + name: policy_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Password Policy. + required: true + tags: + - policies + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/PasswordPolicy' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + put: + operationId: policies_password_update + description: Password Policy Viewset + parameters: + - in: path + name: policy_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Password Policy. + required: true + tags: + - policies + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/PasswordPolicyRequest' + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/PasswordPolicy' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + patch: + operationId: policies_password_partial_update + description: Password Policy Viewset + parameters: + - in: path + name: policy_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Password Policy. + required: true + tags: + - policies + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/PatchedPasswordPolicyRequest' + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/PasswordPolicy' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + delete: + operationId: policies_password_destroy + description: Password Policy Viewset + parameters: + - in: path + name: policy_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Password Policy. + required: true + tags: + - policies + security: + - authentik: [] + responses: + '204': + description: No response body + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /policies/password/{policy_uuid}/used_by/: + get: + operationId: policies_password_used_by_list + description: Get a list of all objects that use this object + parameters: + - in: path + name: policy_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Password Policy. + required: true + tags: + - policies + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/UsedBy' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /policies/password_expiry/: + get: + operationId: policies_password_expiry_list + description: Password Expiry Viewset + parameters: + - in: query + name: created + schema: + type: string + format: date-time + - in: query + name: days + schema: + type: integer + - in: query + name: deny_only + schema: + type: boolean + - in: query + name: execution_logging + schema: + type: boolean + - in: query + name: last_updated + schema: + type: string + format: date-time + - in: query + name: name + schema: + type: string + - name: ordering + required: false + in: query + description: Which field to use when ordering the results. + schema: + type: string + - name: page + required: false + in: query + description: A page number within the paginated result set. + schema: + type: integer + - name: page_size + required: false + in: query + description: Number of results to return per page. + schema: + type: integer + - in: query + name: policy_uuid + schema: + type: string + format: uuid + - name: search + required: false + in: query + description: A search term. + schema: + type: string + tags: + - policies + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/PaginatedPasswordExpiryPolicyList' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + post: + operationId: policies_password_expiry_create + description: Password Expiry Viewset + tags: + - policies + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/PasswordExpiryPolicyRequest' + required: true + security: + - authentik: [] + responses: + '201': + content: + application/json: + schema: + $ref: '#/components/schemas/PasswordExpiryPolicy' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /policies/password_expiry/{policy_uuid}/: + get: + operationId: policies_password_expiry_retrieve + description: Password Expiry Viewset + parameters: + - in: path + name: policy_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Password Expiry Policy. + required: true + tags: + - policies + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/PasswordExpiryPolicy' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + put: + operationId: policies_password_expiry_update + description: Password Expiry Viewset + parameters: + - in: path + name: policy_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Password Expiry Policy. + required: true + tags: + - policies + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/PasswordExpiryPolicyRequest' + required: true + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/PasswordExpiryPolicy' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + patch: + operationId: policies_password_expiry_partial_update + description: Password Expiry Viewset + parameters: + - in: path + name: policy_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Password Expiry Policy. + required: true + tags: + - policies + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/PatchedPasswordExpiryPolicyRequest' + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/PasswordExpiryPolicy' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + delete: + operationId: policies_password_expiry_destroy + description: Password Expiry Viewset + parameters: + - in: path + name: policy_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Password Expiry Policy. + required: true + tags: + - policies + security: + - authentik: [] + responses: + '204': + description: No response body + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /policies/password_expiry/{policy_uuid}/used_by/: + get: + operationId: policies_password_expiry_used_by_list + description: Get a list of all objects that use this object + parameters: + - in: path + name: policy_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Password Expiry Policy. + required: true + tags: + - policies + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/UsedBy' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /policies/reputation/: + get: + operationId: policies_reputation_list + description: Reputation Policy Viewset + parameters: + - in: query + name: check_ip + schema: + type: boolean + - in: query + name: check_username + schema: + type: boolean + - in: query + name: created + schema: + type: string + format: date-time + - in: query + name: execution_logging + schema: + type: boolean + - in: query + name: last_updated + schema: + type: string + format: date-time + - in: query + name: name + schema: + type: string + - name: ordering + required: false + in: query + description: Which field to use when ordering the results. + schema: + type: string + - name: page + required: false + in: query + description: A page number within the paginated result set. + schema: + type: integer + - name: page_size + required: false + in: query + description: Number of results to return per page. + schema: + type: integer + - in: query + name: policy_uuid + schema: + type: string + format: uuid + - name: search + required: false + in: query + description: A search term. + schema: + type: string + - in: query + name: threshold + schema: + type: integer + tags: + - policies + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/PaginatedReputationPolicyList' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + post: + operationId: policies_reputation_create + description: Reputation Policy Viewset + tags: + - policies + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/ReputationPolicyRequest' + security: + - authentik: [] + responses: + '201': + content: + application/json: + schema: + $ref: '#/components/schemas/ReputationPolicy' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /policies/reputation/{policy_uuid}/: + get: + operationId: policies_reputation_retrieve + description: Reputation Policy Viewset + parameters: + - in: path + name: policy_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Reputation Policy. + required: true + tags: + - policies + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/ReputationPolicy' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + put: + operationId: policies_reputation_update + description: Reputation Policy Viewset + parameters: + - in: path + name: policy_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Reputation Policy. + required: true + tags: + - policies + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/ReputationPolicyRequest' + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/ReputationPolicy' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + patch: + operationId: policies_reputation_partial_update + description: Reputation Policy Viewset + parameters: + - in: path + name: policy_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Reputation Policy. + required: true + tags: + - policies + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/PatchedReputationPolicyRequest' + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/ReputationPolicy' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + delete: + operationId: policies_reputation_destroy + description: Reputation Policy Viewset + parameters: + - in: path + name: policy_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Reputation Policy. + required: true + tags: + - policies + security: + - authentik: [] + responses: + '204': + description: No response body + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /policies/reputation/{policy_uuid}/used_by/: + get: + operationId: policies_reputation_used_by_list + description: Get a list of all objects that use this object + parameters: + - in: path + name: policy_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Reputation Policy. + required: true + tags: + - policies + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/UsedBy' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /policies/reputation/scores/: + get: + operationId: policies_reputation_scores_list + description: Reputation Viewset + parameters: + - in: query + name: identifier + schema: + type: string + - in: query + name: ip + schema: + type: string + - name: ordering + required: false + in: query + description: Which field to use when ordering the results. + schema: + type: string + - name: page + required: false + in: query + description: A page number within the paginated result set. + schema: + type: integer + - name: page_size + required: false + in: query + description: Number of results to return per page. + schema: + type: integer + - in: query + name: score + schema: + type: integer + - name: search + required: false + in: query + description: A search term. + schema: + type: string + tags: + - policies + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/PaginatedReputationList' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /policies/reputation/scores/{reputation_uuid}/: + get: + operationId: policies_reputation_scores_retrieve + description: Reputation Viewset + parameters: + - in: path + name: reputation_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this reputation. + required: true + tags: + - policies + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/Reputation' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + delete: + operationId: policies_reputation_scores_destroy + description: Reputation Viewset + parameters: + - in: path + name: reputation_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this reputation. + required: true + tags: + - policies + security: + - authentik: [] + responses: + '204': + description: No response body + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /policies/reputation/scores/{reputation_uuid}/used_by/: + get: + operationId: policies_reputation_scores_used_by_list + description: Get a list of all objects that use this object + parameters: + - in: path + name: reputation_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this reputation. + required: true + tags: + - policies + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/UsedBy' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /propertymappings/all/: + get: + operationId: propertymappings_all_list + description: PropertyMapping Viewset + parameters: + - in: query + name: managed__isnull + schema: + type: boolean + - name: ordering + required: false + in: query + description: Which field to use when ordering the results. + schema: + type: string + - name: page + required: false + in: query + description: A page number within the paginated result set. + schema: + type: integer + - name: page_size + required: false + in: query + description: Number of results to return per page. + schema: + type: integer + - name: search + required: false + in: query + description: A search term. + schema: + type: string + tags: + - propertymappings + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/PaginatedPropertyMappingList' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /propertymappings/all/{pm_uuid}/: + get: + operationId: propertymappings_all_retrieve + description: PropertyMapping Viewset + parameters: + - in: path + name: pm_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Property Mapping. + required: true + tags: + - propertymappings + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/PropertyMapping' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + delete: + operationId: propertymappings_all_destroy + description: PropertyMapping Viewset + parameters: + - in: path + name: pm_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Property Mapping. + required: true + tags: + - propertymappings + security: + - authentik: [] + responses: + '204': + description: No response body + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /propertymappings/all/{pm_uuid}/test/: + post: + operationId: propertymappings_all_test_create + description: Test Property Mapping + parameters: + - in: query + name: format_result + schema: + type: boolean + - in: path + name: pm_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Property Mapping. + required: true + tags: + - propertymappings + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/PolicyTestRequest' + required: true + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/PropertyMappingTestResult' + description: '' + '400': + description: Invalid parameters + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /propertymappings/all/{pm_uuid}/used_by/: + get: + operationId: propertymappings_all_used_by_list + description: Get a list of all objects that use this object + parameters: + - in: path + name: pm_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Property Mapping. + required: true + tags: + - propertymappings + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/UsedBy' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /propertymappings/all/types/: + get: + operationId: propertymappings_all_types_list + description: Get all creatable property-mapping types + tags: + - propertymappings + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/TypeCreate' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /propertymappings/ldap/: + get: + operationId: propertymappings_ldap_list + description: LDAP PropertyMapping Viewset + parameters: + - in: query + name: expression + schema: + type: string + - in: query + name: managed + schema: + type: array + items: + type: string + explode: true + style: form + - in: query + name: name + schema: + type: string + - in: query + name: object_field + schema: + type: string + - name: ordering + required: false + in: query + description: Which field to use when ordering the results. + schema: + type: string + - name: page + required: false + in: query + description: A page number within the paginated result set. + schema: + type: integer + - name: page_size + required: false + in: query + description: Number of results to return per page. + schema: + type: integer + - in: query + name: pm_uuid + schema: + type: string + format: uuid + - name: search + required: false + in: query + description: A search term. + schema: + type: string + tags: + - propertymappings + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/PaginatedLDAPPropertyMappingList' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + post: + operationId: propertymappings_ldap_create + description: LDAP PropertyMapping Viewset + tags: + - propertymappings + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/LDAPPropertyMappingRequest' + required: true + security: + - authentik: [] + responses: + '201': + content: + application/json: + schema: + $ref: '#/components/schemas/LDAPPropertyMapping' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /propertymappings/ldap/{pm_uuid}/: + get: + operationId: propertymappings_ldap_retrieve + description: LDAP PropertyMapping Viewset + parameters: + - in: path + name: pm_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this LDAP Property Mapping. + required: true + tags: + - propertymappings + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/LDAPPropertyMapping' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + put: + operationId: propertymappings_ldap_update + description: LDAP PropertyMapping Viewset + parameters: + - in: path + name: pm_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this LDAP Property Mapping. + required: true + tags: + - propertymappings + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/LDAPPropertyMappingRequest' + required: true + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/LDAPPropertyMapping' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + patch: + operationId: propertymappings_ldap_partial_update + description: LDAP PropertyMapping Viewset + parameters: + - in: path + name: pm_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this LDAP Property Mapping. + required: true + tags: + - propertymappings + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/PatchedLDAPPropertyMappingRequest' + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/LDAPPropertyMapping' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + delete: + operationId: propertymappings_ldap_destroy + description: LDAP PropertyMapping Viewset + parameters: + - in: path + name: pm_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this LDAP Property Mapping. + required: true + tags: + - propertymappings + security: + - authentik: [] + responses: + '204': + description: No response body + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /propertymappings/ldap/{pm_uuid}/used_by/: + get: + operationId: propertymappings_ldap_used_by_list + description: Get a list of all objects that use this object + parameters: + - in: path + name: pm_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this LDAP Property Mapping. + required: true + tags: + - propertymappings + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/UsedBy' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /propertymappings/notification/: + get: + operationId: propertymappings_notification_list + description: NotificationWebhookMapping Viewset + parameters: + - in: query + name: name + schema: + type: string + - name: ordering + required: false + in: query + description: Which field to use when ordering the results. + schema: + type: string + - name: page + required: false + in: query + description: A page number within the paginated result set. + schema: + type: integer + - name: page_size + required: false + in: query + description: Number of results to return per page. + schema: + type: integer + - name: search + required: false + in: query + description: A search term. + schema: + type: string + tags: + - propertymappings + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/PaginatedNotificationWebhookMappingList' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + post: + operationId: propertymappings_notification_create + description: NotificationWebhookMapping Viewset + tags: + - propertymappings + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/NotificationWebhookMappingRequest' + required: true + security: + - authentik: [] + responses: + '201': + content: + application/json: + schema: + $ref: '#/components/schemas/NotificationWebhookMapping' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /propertymappings/notification/{pm_uuid}/: + get: + operationId: propertymappings_notification_retrieve + description: NotificationWebhookMapping Viewset + parameters: + - in: path + name: pm_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Webhook Mapping. + required: true + tags: + - propertymappings + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/NotificationWebhookMapping' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + put: + operationId: propertymappings_notification_update + description: NotificationWebhookMapping Viewset + parameters: + - in: path + name: pm_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Webhook Mapping. + required: true + tags: + - propertymappings + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/NotificationWebhookMappingRequest' + required: true + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/NotificationWebhookMapping' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + patch: + operationId: propertymappings_notification_partial_update + description: NotificationWebhookMapping Viewset + parameters: + - in: path + name: pm_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Webhook Mapping. + required: true + tags: + - propertymappings + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/PatchedNotificationWebhookMappingRequest' + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/NotificationWebhookMapping' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + delete: + operationId: propertymappings_notification_destroy + description: NotificationWebhookMapping Viewset + parameters: + - in: path + name: pm_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Webhook Mapping. + required: true + tags: + - propertymappings + security: + - authentik: [] + responses: + '204': + description: No response body + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /propertymappings/notification/{pm_uuid}/used_by/: + get: + operationId: propertymappings_notification_used_by_list + description: Get a list of all objects that use this object + parameters: + - in: path + name: pm_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Webhook Mapping. + required: true + tags: + - propertymappings + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/UsedBy' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /propertymappings/saml/: + get: + operationId: propertymappings_saml_list + description: SAMLPropertyMapping Viewset + parameters: + - in: query + name: expression + schema: + type: string + - in: query + name: friendly_name + schema: + type: string + - in: query + name: managed + schema: + type: array + items: + type: string + explode: true + style: form + - in: query + name: name + schema: + type: string + - name: ordering + required: false + in: query + description: Which field to use when ordering the results. + schema: + type: string + - name: page + required: false + in: query + description: A page number within the paginated result set. + schema: + type: integer + - name: page_size + required: false + in: query + description: Number of results to return per page. + schema: + type: integer + - in: query + name: pm_uuid + schema: + type: string + format: uuid + - in: query + name: saml_name + schema: + type: string + - name: search + required: false + in: query + description: A search term. + schema: + type: string + tags: + - propertymappings + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/PaginatedSAMLPropertyMappingList' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + post: + operationId: propertymappings_saml_create + description: SAMLPropertyMapping Viewset + tags: + - propertymappings + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/SAMLPropertyMappingRequest' + required: true + security: + - authentik: [] + responses: + '201': + content: + application/json: + schema: + $ref: '#/components/schemas/SAMLPropertyMapping' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /propertymappings/saml/{pm_uuid}/: + get: + operationId: propertymappings_saml_retrieve + description: SAMLPropertyMapping Viewset + parameters: + - in: path + name: pm_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this SAML Property Mapping. + required: true + tags: + - propertymappings + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/SAMLPropertyMapping' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + put: + operationId: propertymappings_saml_update + description: SAMLPropertyMapping Viewset + parameters: + - in: path + name: pm_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this SAML Property Mapping. + required: true + tags: + - propertymappings + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/SAMLPropertyMappingRequest' + required: true + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/SAMLPropertyMapping' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + patch: + operationId: propertymappings_saml_partial_update + description: SAMLPropertyMapping Viewset + parameters: + - in: path + name: pm_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this SAML Property Mapping. + required: true + tags: + - propertymappings + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/PatchedSAMLPropertyMappingRequest' + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/SAMLPropertyMapping' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + delete: + operationId: propertymappings_saml_destroy + description: SAMLPropertyMapping Viewset + parameters: + - in: path + name: pm_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this SAML Property Mapping. + required: true + tags: + - propertymappings + security: + - authentik: [] + responses: + '204': + description: No response body + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /propertymappings/saml/{pm_uuid}/used_by/: + get: + operationId: propertymappings_saml_used_by_list + description: Get a list of all objects that use this object + parameters: + - in: path + name: pm_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this SAML Property Mapping. + required: true + tags: + - propertymappings + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/UsedBy' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /propertymappings/scope/: + get: + operationId: propertymappings_scope_list + description: ScopeMapping Viewset + parameters: + - in: query + name: managed + schema: + type: array + items: + type: string + explode: true + style: form + - in: query + name: name + schema: + type: string + - name: ordering + required: false + in: query + description: Which field to use when ordering the results. + schema: + type: string + - name: page + required: false + in: query + description: A page number within the paginated result set. + schema: + type: integer + - name: page_size + required: false + in: query + description: Number of results to return per page. + schema: + type: integer + - in: query + name: scope_name + schema: + type: string + - name: search + required: false + in: query + description: A search term. + schema: + type: string + tags: + - propertymappings + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/PaginatedScopeMappingList' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + post: + operationId: propertymappings_scope_create + description: ScopeMapping Viewset + tags: + - propertymappings + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/ScopeMappingRequest' + required: true + security: + - authentik: [] + responses: + '201': + content: + application/json: + schema: + $ref: '#/components/schemas/ScopeMapping' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /propertymappings/scope/{pm_uuid}/: + get: + operationId: propertymappings_scope_retrieve + description: ScopeMapping Viewset + parameters: + - in: path + name: pm_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Scope Mapping. + required: true + tags: + - propertymappings + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/ScopeMapping' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + put: + operationId: propertymappings_scope_update + description: ScopeMapping Viewset + parameters: + - in: path + name: pm_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Scope Mapping. + required: true + tags: + - propertymappings + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/ScopeMappingRequest' + required: true + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/ScopeMapping' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + patch: + operationId: propertymappings_scope_partial_update + description: ScopeMapping Viewset + parameters: + - in: path + name: pm_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Scope Mapping. + required: true + tags: + - propertymappings + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/PatchedScopeMappingRequest' + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/ScopeMapping' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + delete: + operationId: propertymappings_scope_destroy + description: ScopeMapping Viewset + parameters: + - in: path + name: pm_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Scope Mapping. + required: true + tags: + - propertymappings + security: + - authentik: [] + responses: + '204': + description: No response body + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /propertymappings/scope/{pm_uuid}/used_by/: + get: + operationId: propertymappings_scope_used_by_list + description: Get a list of all objects that use this object + parameters: + - in: path + name: pm_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Scope Mapping. + required: true + tags: + - propertymappings + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/UsedBy' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /providers/all/: + get: + operationId: providers_all_list + description: Provider Viewset + parameters: + - in: query + name: application__isnull + schema: + type: boolean + - name: ordering + required: false + in: query + description: Which field to use when ordering the results. + schema: + type: string + - name: page + required: false + in: query + description: A page number within the paginated result set. + schema: + type: integer + - name: page_size + required: false + in: query + description: Number of results to return per page. + schema: + type: integer + - name: search + required: false + in: query + description: A search term. + schema: + type: string + tags: + - providers + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/PaginatedProviderList' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /providers/all/{id}/: + get: + operationId: providers_all_retrieve + description: Provider Viewset + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this provider. + required: true + tags: + - providers + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/Provider' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + delete: + operationId: providers_all_destroy + description: Provider Viewset + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this provider. + required: true + tags: + - providers + security: + - authentik: [] + responses: + '204': + description: No response body + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /providers/all/{id}/used_by/: + get: + operationId: providers_all_used_by_list + description: Get a list of all objects that use this object + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this provider. + required: true + tags: + - providers + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/UsedBy' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /providers/all/types/: + get: + operationId: providers_all_types_list + description: Get all creatable provider types + tags: + - providers + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/TypeCreate' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /providers/ldap/: + get: + operationId: providers_ldap_list + description: LDAPProvider Viewset + parameters: + - in: query + name: application__isnull + schema: + type: boolean + - in: query + name: authorization_flow__slug__iexact + schema: + type: string + - in: query + name: base_dn__iexact + schema: + type: string + - in: query + name: certificate__kp_uuid__iexact + schema: + type: string + format: uuid + - in: query + name: certificate__name__iexact + schema: + type: string + - in: query + name: gid_start_number__iexact + schema: + type: integer + - in: query + name: name__iexact + schema: + type: string + - name: ordering + required: false + in: query + description: Which field to use when ordering the results. + schema: + type: string + - name: page + required: false + in: query + description: A page number within the paginated result set. + schema: + type: integer + - name: page_size + required: false + in: query + description: Number of results to return per page. + schema: + type: integer + - name: search + required: false + in: query + description: A search term. + schema: + type: string + - in: query + name: search_group__group_uuid__iexact + schema: + type: string + format: uuid + - in: query + name: search_group__name__iexact + schema: + type: string + - in: query + name: tls_server_name__iexact + schema: + type: string + - in: query + name: uid_start_number__iexact + schema: + type: integer + tags: + - providers + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/PaginatedLDAPProviderList' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + post: + operationId: providers_ldap_create + description: LDAPProvider Viewset + tags: + - providers + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/LDAPProviderRequest' + required: true + security: + - authentik: [] + responses: + '201': + content: + application/json: + schema: + $ref: '#/components/schemas/LDAPProvider' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /providers/ldap/{id}/: + get: + operationId: providers_ldap_retrieve + description: LDAPProvider Viewset + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this LDAP Provider. + required: true + tags: + - providers + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/LDAPProvider' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + put: + operationId: providers_ldap_update + description: LDAPProvider Viewset + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this LDAP Provider. + required: true + tags: + - providers + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/LDAPProviderRequest' + required: true + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/LDAPProvider' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + patch: + operationId: providers_ldap_partial_update + description: LDAPProvider Viewset + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this LDAP Provider. + required: true + tags: + - providers + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/PatchedLDAPProviderRequest' + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/LDAPProvider' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + delete: + operationId: providers_ldap_destroy + description: LDAPProvider Viewset + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this LDAP Provider. + required: true + tags: + - providers + security: + - authentik: [] + responses: + '204': + description: No response body + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /providers/ldap/{id}/used_by/: + get: + operationId: providers_ldap_used_by_list + description: Get a list of all objects that use this object + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this LDAP Provider. + required: true + tags: + - providers + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/UsedBy' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /providers/oauth2/: + get: + operationId: providers_oauth2_list + description: OAuth2Provider Viewset + parameters: + - in: query + name: access_code_validity + schema: + type: string + - in: query + name: application + schema: + type: string + format: uuid + - in: query + name: authorization_flow + schema: + type: string + format: uuid + - in: query + name: client_id + schema: + type: string + - in: query + name: client_type + schema: + type: string + enum: + - confidential + - public + description: Confidential clients are capable of maintaining the confidentiality + of their credentials. Public clients are incapable + - in: query + name: include_claims_in_id_token + schema: + type: boolean + - in: query + name: issuer_mode + schema: + type: string + enum: + - global + - per_provider + description: Configure how the issuer field of the ID Token should be filled. + - in: query + name: name + schema: + type: string + - name: ordering + required: false + in: query + description: Which field to use when ordering the results. + schema: + type: string + - name: page + required: false + in: query + description: A page number within the paginated result set. + schema: + type: integer + - name: page_size + required: false + in: query + description: Number of results to return per page. + schema: + type: integer + - in: query + name: property_mappings + schema: + type: array + items: + type: string + format: uuid + explode: true + style: form + - in: query + name: redirect_uris + schema: + type: string + - name: search + required: false + in: query + description: A search term. + schema: + type: string + - in: query + name: signing_key + schema: + type: string + format: uuid + - in: query + name: sub_mode + schema: + type: string + enum: + - hashed_user_id + - user_email + - user_upn + - user_username + description: Configure what data should be used as unique User Identifier. + For most cases, the default should be fine. + - in: query + name: token_validity + schema: + type: string + tags: + - providers + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/PaginatedOAuth2ProviderList' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + post: + operationId: providers_oauth2_create + description: OAuth2Provider Viewset + tags: + - providers + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/OAuth2ProviderRequest' + required: true + security: + - authentik: [] + responses: + '201': + content: + application/json: + schema: + $ref: '#/components/schemas/OAuth2Provider' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /providers/oauth2/{id}/: + get: + operationId: providers_oauth2_retrieve + description: OAuth2Provider Viewset + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this OAuth2/OpenID Provider. + required: true + tags: + - providers + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/OAuth2Provider' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + put: + operationId: providers_oauth2_update + description: OAuth2Provider Viewset + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this OAuth2/OpenID Provider. + required: true + tags: + - providers + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/OAuth2ProviderRequest' + required: true + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/OAuth2Provider' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + patch: + operationId: providers_oauth2_partial_update + description: OAuth2Provider Viewset + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this OAuth2/OpenID Provider. + required: true + tags: + - providers + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/PatchedOAuth2ProviderRequest' + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/OAuth2Provider' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + delete: + operationId: providers_oauth2_destroy + description: OAuth2Provider Viewset + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this OAuth2/OpenID Provider. + required: true + tags: + - providers + security: + - authentik: [] + responses: + '204': + description: No response body + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /providers/oauth2/{id}/preview_user/: + get: + operationId: providers_oauth2_preview_user_retrieve + description: Preview user data for provider + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this OAuth2/OpenID Provider. + required: true + tags: + - providers + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/PropertyMappingPreview' + description: '' + '400': + description: Bad request + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /providers/oauth2/{id}/setup_urls/: + get: + operationId: providers_oauth2_setup_urls_retrieve + description: Get Providers setup URLs + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this OAuth2/OpenID Provider. + required: true + tags: + - providers + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/OAuth2ProviderSetupURLs' + description: '' + '404': + description: Provider has no application assigned + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /providers/oauth2/{id}/used_by/: + get: + operationId: providers_oauth2_used_by_list + description: Get a list of all objects that use this object + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this OAuth2/OpenID Provider. + required: true + tags: + - providers + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/UsedBy' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /providers/proxy/: + get: + operationId: providers_proxy_list + description: ProxyProvider Viewset + parameters: + - in: query + name: application__isnull + schema: + type: boolean + - in: query + name: authorization_flow__slug__iexact + schema: + type: string + - in: query + name: basic_auth_enabled__iexact + schema: + type: boolean + - in: query + name: basic_auth_password_attribute__iexact + schema: + type: string + - in: query + name: basic_auth_user_attribute__iexact + schema: + type: string + - in: query + name: certificate__kp_uuid__iexact + schema: + type: string + format: uuid + - in: query + name: certificate__name__iexact + schema: + type: string + - in: query + name: cookie_domain__iexact + schema: + type: string + - in: query + name: external_host__iexact + schema: + type: string + - in: query + name: internal_host__iexact + schema: + type: string + - in: query + name: internal_host_ssl_validation__iexact + schema: + type: boolean + - in: query + name: mode__iexact + schema: + type: string + - in: query + name: name__iexact + schema: + type: string + - name: ordering + required: false + in: query + description: Which field to use when ordering the results. + schema: + type: string + - name: page + required: false + in: query + description: A page number within the paginated result set. + schema: + type: integer + - name: page_size + required: false + in: query + description: Number of results to return per page. + schema: + type: integer + - in: query + name: property_mappings__iexact + schema: + type: array + items: + type: string + format: uuid + explode: true + style: form + - in: query + name: redirect_uris__iexact + schema: + type: string + - name: search + required: false + in: query + description: A search term. + schema: + type: string + - in: query + name: skip_path_regex__iexact + schema: + type: string + tags: + - providers + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/PaginatedProxyProviderList' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + post: + operationId: providers_proxy_create + description: ProxyProvider Viewset + tags: + - providers + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/ProxyProviderRequest' + required: true + security: + - authentik: [] + responses: + '201': + content: + application/json: + schema: + $ref: '#/components/schemas/ProxyProvider' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /providers/proxy/{id}/: + get: + operationId: providers_proxy_retrieve + description: ProxyProvider Viewset + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this Proxy Provider. + required: true + tags: + - providers + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/ProxyProvider' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + put: + operationId: providers_proxy_update + description: ProxyProvider Viewset + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this Proxy Provider. + required: true + tags: + - providers + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/ProxyProviderRequest' + required: true + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/ProxyProvider' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + patch: + operationId: providers_proxy_partial_update + description: ProxyProvider Viewset + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this Proxy Provider. + required: true + tags: + - providers + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/PatchedProxyProviderRequest' + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/ProxyProvider' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + delete: + operationId: providers_proxy_destroy + description: ProxyProvider Viewset + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this Proxy Provider. + required: true + tags: + - providers + security: + - authentik: [] + responses: + '204': + description: No response body + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /providers/proxy/{id}/used_by/: + get: + operationId: providers_proxy_used_by_list + description: Get a list of all objects that use this object + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this Proxy Provider. + required: true + tags: + - providers + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/UsedBy' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /providers/saml/: + get: + operationId: providers_saml_list + description: SAMLProvider Viewset + parameters: + - in: query + name: acs_url + schema: + type: string + - in: query + name: assertion_valid_not_before + schema: + type: string + - in: query + name: assertion_valid_not_on_or_after + schema: + type: string + - in: query + name: audience + schema: + type: string + - in: query + name: authorization_flow + schema: + type: string + format: uuid + - in: query + name: digest_algorithm + schema: + type: string + enum: + - http://www.w3.org/2000/09/xmldsig#sha1 + - http://www.w3.org/2001/04/xmldsig-more#sha384 + - http://www.w3.org/2001/04/xmlenc#sha256 + - http://www.w3.org/2001/04/xmlenc#sha512 + - in: query + name: issuer + schema: + type: string + - in: query + name: name + schema: + type: string + - in: query + name: name_id_mapping + schema: + type: string + format: uuid + - name: ordering + required: false + in: query + description: Which field to use when ordering the results. + schema: + type: string + - name: page + required: false + in: query + description: A page number within the paginated result set. + schema: + type: integer + - name: page_size + required: false + in: query + description: Number of results to return per page. + schema: + type: integer + - in: query + name: property_mappings + schema: + type: array + items: + type: string + format: uuid + explode: true + style: form + - name: search + required: false + in: query + description: A search term. + schema: + type: string + - in: query + name: session_valid_not_on_or_after + schema: + type: string + - in: query + name: signature_algorithm + schema: + type: string + enum: + - http://www.w3.org/2000/09/xmldsig#dsa-sha1 + - http://www.w3.org/2000/09/xmldsig#rsa-sha1 + - http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 + - http://www.w3.org/2001/04/xmldsig-more#rsa-sha384 + - http://www.w3.org/2001/04/xmldsig-more#rsa-sha512 + - in: query + name: signing_kp + schema: + type: string + format: uuid + - in: query + name: sp_binding + schema: + type: string + title: Service Provider Binding + enum: + - post + - redirect + description: This determines how authentik sends the response back to the + Service Provider. + - in: query + name: verification_kp + schema: + type: string + format: uuid + tags: + - providers + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/PaginatedSAMLProviderList' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + post: + operationId: providers_saml_create + description: SAMLProvider Viewset + tags: + - providers + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/SAMLProviderRequest' + required: true + security: + - authentik: [] + responses: + '201': + content: + application/json: + schema: + $ref: '#/components/schemas/SAMLProvider' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /providers/saml/{id}/: + get: + operationId: providers_saml_retrieve + description: SAMLProvider Viewset + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this SAML Provider. + required: true + tags: + - providers + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/SAMLProvider' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + put: + operationId: providers_saml_update + description: SAMLProvider Viewset + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this SAML Provider. + required: true + tags: + - providers + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/SAMLProviderRequest' + required: true + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/SAMLProvider' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + patch: + operationId: providers_saml_partial_update + description: SAMLProvider Viewset + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this SAML Provider. + required: true + tags: + - providers + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/PatchedSAMLProviderRequest' + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/SAMLProvider' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + delete: + operationId: providers_saml_destroy + description: SAMLProvider Viewset + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this SAML Provider. + required: true + tags: + - providers + security: + - authentik: [] + responses: + '204': + description: No response body + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /providers/saml/{id}/metadata/: + get: + operationId: providers_saml_metadata_retrieve + description: Return metadata as XML string + parameters: + - in: query + name: download + schema: + type: boolean + - in: query + name: force_binding + schema: + type: string + enum: + - urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST + - urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect + description: Optionally force the metadata to only include one binding. + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this SAML Provider. + required: true + tags: + - providers + security: + - authentik: [] + - {} + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/SAMLMetadata' + description: '' + '404': + description: Provider has no application assigned + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /providers/saml/{id}/preview_user/: + get: + operationId: providers_saml_preview_user_retrieve + description: Preview user data for provider + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this SAML Provider. + required: true + tags: + - providers + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/PropertyMappingPreview' + description: '' + '400': + description: Bad request + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /providers/saml/{id}/used_by/: + get: + operationId: providers_saml_used_by_list + description: Get a list of all objects that use this object + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this SAML Provider. + required: true + tags: + - providers + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/UsedBy' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /providers/saml/import_metadata/: + post: + operationId: providers_saml_import_metadata_create + description: Create provider from SAML Metadata + tags: + - providers + requestBody: + content: + multipart/form-data: + schema: + $ref: '#/components/schemas/SAMLProviderImportRequest' + required: true + security: + - authentik: [] + responses: + '204': + description: Successfully imported provider + '400': + description: Bad request + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /root/config/: + get: + operationId: root_config_retrieve + description: Retrieve public configuration options + tags: + - root + security: + - authentik: [] + - {} + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/Config' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /schema/: + get: + operationId: schema_retrieve + description: |- + OpenApi3 schema for this API. Format can be selected via content negotiation. + + - YAML: application/vnd.oai.openapi + - JSON: application/vnd.oai.openapi+json + parameters: + - in: query + name: format + schema: + type: string + enum: + - json + - yaml + - in: query + name: lang + schema: + type: string + enum: + - af + - ar + - ar-dz + - ast + - az + - be + - bg + - bn + - br + - bs + - ca + - cs + - cy + - da + - de + - dsb + - el + - en + - en-au + - en-gb + - eo + - es + - es-ar + - es-co + - es-mx + - es-ni + - es-ve + - et + - eu + - fa + - fi + - fr + - fy + - ga + - gd + - gl + - he + - hi + - hr + - hsb + - hu + - hy + - ia + - id + - ig + - io + - is + - it + - ja + - ka + - kab + - kk + - km + - kn + - ko + - ky + - lb + - lt + - lv + - mk + - ml + - mn + - mr + - ms + - my + - nb + - ne + - nl + - nn + - os + - pa + - pl + - pt + - pt-br + - ro + - ru + - sk + - sl + - sq + - sr + - sr-latn + - sv + - sw + - ta + - te + - tg + - th + - tk + - tr + - tt + - udm + - uk + - ur + - uz + - vi + - zh-hans + - zh-hant + tags: + - schema + security: + - authentik: [] + - {} + responses: + '200': + content: + application/vnd.oai.openapi: + schema: + type: object + additionalProperties: {} + application/yaml: + schema: + type: object + additionalProperties: {} + application/vnd.oai.openapi+json: + schema: + type: object + additionalProperties: {} + application/json: + schema: + type: object + additionalProperties: {} + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /sources/all/: + get: + operationId: sources_all_list + description: Source Viewset + parameters: + - in: query + name: managed + schema: + type: string + - in: query + name: name + schema: + type: string + - name: ordering + required: false + in: query + description: Which field to use when ordering the results. + schema: + type: string + - name: page + required: false + in: query + description: A page number within the paginated result set. + schema: + type: integer + - name: page_size + required: false + in: query + description: Number of results to return per page. + schema: + type: integer + - name: search + required: false + in: query + description: A search term. + schema: + type: string + - in: query + name: slug + schema: + type: string + tags: + - sources + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/PaginatedSourceList' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /sources/all/{slug}/: + get: + operationId: sources_all_retrieve + description: Source Viewset + parameters: + - in: path + name: slug + schema: + type: string + description: Internal source name, used in URLs. + required: true + tags: + - sources + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/Source' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + delete: + operationId: sources_all_destroy + description: Source Viewset + parameters: + - in: path + name: slug + schema: + type: string + description: Internal source name, used in URLs. + required: true + tags: + - sources + security: + - authentik: [] + responses: + '204': + description: No response body + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /sources/all/{slug}/set_icon/: + post: + operationId: sources_all_set_icon_create + description: Set source icon + parameters: + - in: path + name: slug + schema: + type: string + description: Internal source name, used in URLs. + required: true + tags: + - sources + requestBody: + content: + multipart/form-data: + schema: + $ref: '#/components/schemas/FileUploadRequest' + security: + - authentik: [] + responses: + '200': + description: Success + '400': + description: Bad request + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /sources/all/{slug}/set_icon_url/: + post: + operationId: sources_all_set_icon_url_create + description: Set source icon (as URL) + parameters: + - in: path + name: slug + schema: + type: string + description: Internal source name, used in URLs. + required: true + tags: + - sources + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/FilePathRequest' + required: true + security: + - authentik: [] + responses: + '200': + description: Success + '400': + description: Bad request + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /sources/all/{slug}/used_by/: + get: + operationId: sources_all_used_by_list + description: Get a list of all objects that use this object + parameters: + - in: path + name: slug + schema: + type: string + description: Internal source name, used in URLs. + required: true + tags: + - sources + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/UsedBy' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /sources/all/types/: + get: + operationId: sources_all_types_list + description: Get all creatable source types + tags: + - sources + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/TypeCreate' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /sources/all/user_settings/: + get: + operationId: sources_all_user_settings_list + description: Get all sources the user can configure + tags: + - sources + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/UserSetting' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /sources/ldap/: + get: + operationId: sources_ldap_list + description: LDAP Source Viewset + parameters: + - in: query + name: additional_group_dn + schema: + type: string + - in: query + name: additional_user_dn + schema: + type: string + - in: query + name: base_dn + schema: + type: string + - in: query + name: bind_cn + schema: + type: string + - in: query + name: enabled + schema: + type: boolean + - in: query + name: group_membership_field + schema: + type: string + - in: query + name: group_object_filter + schema: + type: string + - in: query + name: name + schema: + type: string + - in: query + name: object_uniqueness_field + schema: + type: string + - name: ordering + required: false + in: query + description: Which field to use when ordering the results. + schema: + type: string + - name: page + required: false + in: query + description: A page number within the paginated result set. + schema: + type: integer + - name: page_size + required: false + in: query + description: Number of results to return per page. + schema: + type: integer + - in: query + name: peer_certificate + schema: + type: string + format: uuid + - in: query + name: property_mappings + schema: + type: array + items: + type: string + format: uuid + explode: true + style: form + - in: query + name: property_mappings_group + schema: + type: array + items: + type: string + format: uuid + explode: true + style: form + - name: search + required: false + in: query + description: A search term. + schema: + type: string + - in: query + name: server_uri + schema: + type: string + - in: query + name: slug + schema: + type: string + - in: query + name: start_tls + schema: + type: boolean + - in: query + name: sync_groups + schema: + type: boolean + - in: query + name: sync_parent_group + schema: + type: string + format: uuid + - in: query + name: sync_users + schema: + type: boolean + - in: query + name: sync_users_password + schema: + type: boolean + - in: query + name: user_object_filter + schema: + type: string + tags: + - sources + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/PaginatedLDAPSourceList' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + post: + operationId: sources_ldap_create + description: LDAP Source Viewset + tags: + - sources + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/LDAPSourceRequest' + required: true + security: + - authentik: [] + responses: + '201': + content: + application/json: + schema: + $ref: '#/components/schemas/LDAPSource' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /sources/ldap/{slug}/: + get: + operationId: sources_ldap_retrieve + description: LDAP Source Viewset + parameters: + - in: path + name: slug + schema: + type: string + description: Internal source name, used in URLs. + required: true + tags: + - sources + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/LDAPSource' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + put: + operationId: sources_ldap_update + description: LDAP Source Viewset + parameters: + - in: path + name: slug + schema: + type: string + description: Internal source name, used in URLs. + required: true + tags: + - sources + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/LDAPSourceRequest' + required: true + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/LDAPSource' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + patch: + operationId: sources_ldap_partial_update + description: LDAP Source Viewset + parameters: + - in: path + name: slug + schema: + type: string + description: Internal source name, used in URLs. + required: true + tags: + - sources + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/PatchedLDAPSourceRequest' + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/LDAPSource' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + delete: + operationId: sources_ldap_destroy + description: LDAP Source Viewset + parameters: + - in: path + name: slug + schema: + type: string + description: Internal source name, used in URLs. + required: true + tags: + - sources + security: + - authentik: [] + responses: + '204': + description: No response body + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /sources/ldap/{slug}/sync_status/: + get: + operationId: sources_ldap_sync_status_list + description: Get source's sync status + parameters: + - in: path + name: slug + schema: + type: string + description: Internal source name, used in URLs. + required: true + tags: + - sources + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/Task' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /sources/ldap/{slug}/used_by/: + get: + operationId: sources_ldap_used_by_list + description: Get a list of all objects that use this object + parameters: + - in: path + name: slug + schema: + type: string + description: Internal source name, used in URLs. + required: true + tags: + - sources + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/UsedBy' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /sources/oauth/: + get: + operationId: sources_oauth_list + description: Source Viewset + parameters: + - in: query + name: access_token_url + schema: + type: string + - in: query + name: additional_scopes + schema: + type: string + - in: query + name: authentication_flow + schema: + type: string + format: uuid + - in: query + name: authorization_url + schema: + type: string + - in: query + name: consumer_key + schema: + type: string + - in: query + name: enabled + schema: + type: boolean + - in: query + name: enrollment_flow + schema: + type: string + format: uuid + - in: query + name: name + schema: + type: string + - name: ordering + required: false + in: query + description: Which field to use when ordering the results. + schema: + type: string + - name: page + required: false + in: query + description: A page number within the paginated result set. + schema: + type: integer + - name: page_size + required: false + in: query + description: Number of results to return per page. + schema: + type: integer + - in: query + name: policy_engine_mode + schema: + type: string + enum: + - all + - any + - in: query + name: profile_url + schema: + type: string + - in: query + name: provider_type + schema: + type: string + - in: query + name: request_token_url + schema: + type: string + - name: search + required: false + in: query + description: A search term. + schema: + type: string + - in: query + name: slug + schema: + type: string + - in: query + name: user_matching_mode + schema: + type: string + enum: + - email_deny + - email_link + - identifier + - username_deny + - username_link + description: How the source determines if an existing user should be authenticated + or a new user enrolled. + tags: + - sources + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/PaginatedOAuthSourceList' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + post: + operationId: sources_oauth_create + description: Source Viewset + tags: + - sources + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/OAuthSourceRequest' + required: true + security: + - authentik: [] + responses: + '201': + content: + application/json: + schema: + $ref: '#/components/schemas/OAuthSource' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /sources/oauth/{slug}/: + get: + operationId: sources_oauth_retrieve + description: Source Viewset + parameters: + - in: path + name: slug + schema: + type: string + description: Internal source name, used in URLs. + required: true + tags: + - sources + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/OAuthSource' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + put: + operationId: sources_oauth_update + description: Source Viewset + parameters: + - in: path + name: slug + schema: + type: string + description: Internal source name, used in URLs. + required: true + tags: + - sources + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/OAuthSourceRequest' + required: true + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/OAuthSource' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + patch: + operationId: sources_oauth_partial_update + description: Source Viewset + parameters: + - in: path + name: slug + schema: + type: string + description: Internal source name, used in URLs. + required: true + tags: + - sources + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/PatchedOAuthSourceRequest' + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/OAuthSource' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + delete: + operationId: sources_oauth_destroy + description: Source Viewset + parameters: + - in: path + name: slug + schema: + type: string + description: Internal source name, used in URLs. + required: true + tags: + - sources + security: + - authentik: [] + responses: + '204': + description: No response body + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /sources/oauth/{slug}/used_by/: + get: + operationId: sources_oauth_used_by_list + description: Get a list of all objects that use this object + parameters: + - in: path + name: slug + schema: + type: string + description: Internal source name, used in URLs. + required: true + tags: + - sources + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/UsedBy' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /sources/oauth/source_types/: + get: + operationId: sources_oauth_source_types_list + description: |- + Get all creatable source types. If ?name is set, only returns the type for . + If isn't found, returns the default type. + parameters: + - in: query + name: name + schema: + type: string + tags: + - sources + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/SourceType' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /sources/plex/: + get: + operationId: sources_plex_list + description: Plex source Viewset + parameters: + - in: query + name: allow_friends + schema: + type: boolean + - in: query + name: authentication_flow + schema: + type: string + format: uuid + - in: query + name: client_id + schema: + type: string + - in: query + name: enabled + schema: + type: boolean + - in: query + name: enrollment_flow + schema: + type: string + format: uuid + - in: query + name: name + schema: + type: string + - name: ordering + required: false + in: query + description: Which field to use when ordering the results. + schema: + type: string + - name: page + required: false + in: query + description: A page number within the paginated result set. + schema: + type: integer + - name: page_size + required: false + in: query + description: Number of results to return per page. + schema: + type: integer + - in: query + name: policy_engine_mode + schema: + type: string + enum: + - all + - any + - name: search + required: false + in: query + description: A search term. + schema: + type: string + - in: query + name: slug + schema: + type: string + - in: query + name: user_matching_mode + schema: + type: string + enum: + - email_deny + - email_link + - identifier + - username_deny + - username_link + description: How the source determines if an existing user should be authenticated + or a new user enrolled. + tags: + - sources + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/PaginatedPlexSourceList' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + post: + operationId: sources_plex_create + description: Plex source Viewset + tags: + - sources + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/PlexSourceRequest' + required: true + security: + - authentik: [] + responses: + '201': + content: + application/json: + schema: + $ref: '#/components/schemas/PlexSource' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /sources/plex/{slug}/: + get: + operationId: sources_plex_retrieve + description: Plex source Viewset + parameters: + - in: path + name: slug + schema: + type: string + description: Internal source name, used in URLs. + required: true + tags: + - sources + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/PlexSource' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + put: + operationId: sources_plex_update + description: Plex source Viewset + parameters: + - in: path + name: slug + schema: + type: string + description: Internal source name, used in URLs. + required: true + tags: + - sources + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/PlexSourceRequest' + required: true + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/PlexSource' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + patch: + operationId: sources_plex_partial_update + description: Plex source Viewset + parameters: + - in: path + name: slug + schema: + type: string + description: Internal source name, used in URLs. + required: true + tags: + - sources + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/PatchedPlexSourceRequest' + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/PlexSource' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + delete: + operationId: sources_plex_destroy + description: Plex source Viewset + parameters: + - in: path + name: slug + schema: + type: string + description: Internal source name, used in URLs. + required: true + tags: + - sources + security: + - authentik: [] + responses: + '204': + description: No response body + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /sources/plex/{slug}/used_by/: + get: + operationId: sources_plex_used_by_list + description: Get a list of all objects that use this object + parameters: + - in: path + name: slug + schema: + type: string + description: Internal source name, used in URLs. + required: true + tags: + - sources + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/UsedBy' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /sources/plex/redeem_token/: + post: + operationId: sources_plex_redeem_token_create + description: |- + Redeem a plex token, check it's access to resources against what's allowed + for the source, and redirect to an authentication/enrollment flow. + parameters: + - in: query + name: slug + schema: + type: string + tags: + - sources + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/PlexTokenRedeemRequest' + required: true + security: + - authentik: [] + - {} + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/RedirectChallenge' + description: '' + '400': + description: Token not found + '403': + description: Access denied + /sources/plex/redeem_token_authenticated/: + post: + operationId: sources_plex_redeem_token_authenticated_create + description: Redeem a plex token for an authenticated user, creating a connection + parameters: + - in: query + name: slug + schema: + type: string + tags: + - sources + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/PlexTokenRedeemRequest' + required: true + security: + - authentik: [] + responses: + '204': + description: No response body + '400': + description: Token not found + '403': + description: Access denied + /sources/saml/: + get: + operationId: sources_saml_list + description: SAMLSource Viewset + parameters: + - in: query + name: allow_idp_initiated + schema: + type: boolean + - in: query + name: authentication_flow + schema: + type: string + format: uuid + - in: query + name: binding_type + schema: + type: string + enum: + - POST + - POST_AUTO + - REDIRECT + - in: query + name: digest_algorithm + schema: + type: string + enum: + - http://www.w3.org/2000/09/xmldsig#sha1 + - http://www.w3.org/2001/04/xmldsig-more#sha384 + - http://www.w3.org/2001/04/xmlenc#sha256 + - http://www.w3.org/2001/04/xmlenc#sha512 + - in: query + name: enabled + schema: + type: boolean + - in: query + name: enrollment_flow + schema: + type: string + format: uuid + - in: query + name: issuer + schema: + type: string + - in: query + name: managed + schema: + type: string + - in: query + name: name + schema: + type: string + - in: query + name: name_id_policy + schema: + type: string + enum: + - urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress + - urn:oasis:names:tc:SAML:2.0:nameid-format:WindowsDomainQualifiedName + - urn:oasis:names:tc:SAML:2.0:nameid-format:X509SubjectName + - urn:oasis:names:tc:SAML:2.0:nameid-format:persistent + - urn:oasis:names:tc:SAML:2.0:nameid-format:transient + description: NameID Policy sent to the IdP. Can be unset, in which case no + Policy is sent. + - name: ordering + required: false + in: query + description: Which field to use when ordering the results. + schema: + type: string + - name: page + required: false + in: query + description: A page number within the paginated result set. + schema: + type: integer + - name: page_size + required: false + in: query + description: Number of results to return per page. + schema: + type: integer + - in: query + name: policy_engine_mode + schema: + type: string + enum: + - all + - any + - in: query + name: pre_authentication_flow + schema: + type: string + format: uuid + - name: search + required: false + in: query + description: A search term. + schema: + type: string + - in: query + name: signature_algorithm + schema: + type: string + enum: + - http://www.w3.org/2000/09/xmldsig#dsa-sha1 + - http://www.w3.org/2000/09/xmldsig#rsa-sha1 + - http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 + - http://www.w3.org/2001/04/xmldsig-more#rsa-sha384 + - http://www.w3.org/2001/04/xmldsig-more#rsa-sha512 + - in: query + name: signing_kp + schema: + type: string + format: uuid + - in: query + name: slo_url + schema: + type: string + - in: query + name: slug + schema: + type: string + - in: query + name: sso_url + schema: + type: string + - in: query + name: temporary_user_delete_after + schema: + type: string + - in: query + name: user_matching_mode + schema: + type: string + enum: + - email_deny + - email_link + - identifier + - username_deny + - username_link + description: How the source determines if an existing user should be authenticated + or a new user enrolled. + tags: + - sources + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/PaginatedSAMLSourceList' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + post: + operationId: sources_saml_create + description: SAMLSource Viewset + tags: + - sources + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/SAMLSourceRequest' + required: true + security: + - authentik: [] + responses: + '201': + content: + application/json: + schema: + $ref: '#/components/schemas/SAMLSource' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /sources/saml/{slug}/: + get: + operationId: sources_saml_retrieve + description: SAMLSource Viewset + parameters: + - in: path + name: slug + schema: + type: string + description: Internal source name, used in URLs. + required: true + tags: + - sources + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/SAMLSource' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + put: + operationId: sources_saml_update + description: SAMLSource Viewset + parameters: + - in: path + name: slug + schema: + type: string + description: Internal source name, used in URLs. + required: true + tags: + - sources + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/SAMLSourceRequest' + required: true + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/SAMLSource' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + patch: + operationId: sources_saml_partial_update + description: SAMLSource Viewset + parameters: + - in: path + name: slug + schema: + type: string + description: Internal source name, used in URLs. + required: true + tags: + - sources + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/PatchedSAMLSourceRequest' + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/SAMLSource' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + delete: + operationId: sources_saml_destroy + description: SAMLSource Viewset + parameters: + - in: path + name: slug + schema: + type: string + description: Internal source name, used in URLs. + required: true + tags: + - sources + security: + - authentik: [] + responses: + '204': + description: No response body + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /sources/saml/{slug}/metadata/: + get: + operationId: sources_saml_metadata_retrieve + description: Return metadata as XML string + parameters: + - in: path + name: slug + schema: + type: string + description: Internal source name, used in URLs. + required: true + tags: + - sources + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/SAMLMetadata' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /sources/saml/{slug}/used_by/: + get: + operationId: sources_saml_used_by_list + description: Get a list of all objects that use this object + parameters: + - in: path + name: slug + schema: + type: string + description: Internal source name, used in URLs. + required: true + tags: + - sources + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/UsedBy' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /sources/user_connections/all/: + get: + operationId: sources_user_connections_all_list + description: User-source connection Viewset + parameters: + - name: ordering + required: false + in: query + description: Which field to use when ordering the results. + schema: + type: string + - name: page + required: false + in: query + description: A page number within the paginated result set. + schema: + type: integer + - name: page_size + required: false + in: query + description: Number of results to return per page. + schema: + type: integer + - name: search + required: false + in: query + description: A search term. + schema: + type: string + tags: + - sources + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/PaginatedUserSourceConnectionList' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /sources/user_connections/all/{id}/: + get: + operationId: sources_user_connections_all_retrieve + description: User-source connection Viewset + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this user source connection. + required: true + tags: + - sources + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/UserSourceConnection' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + put: + operationId: sources_user_connections_all_update + description: User-source connection Viewset + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this user source connection. + required: true + tags: + - sources + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/UserSourceConnection' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + patch: + operationId: sources_user_connections_all_partial_update + description: User-source connection Viewset + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this user source connection. + required: true + tags: + - sources + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/UserSourceConnection' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + delete: + operationId: sources_user_connections_all_destroy + description: User-source connection Viewset + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this user source connection. + required: true + tags: + - sources + security: + - authentik: [] + responses: + '204': + description: No response body + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /sources/user_connections/all/{id}/used_by/: + get: + operationId: sources_user_connections_all_used_by_list + description: Get a list of all objects that use this object + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this user source connection. + required: true + tags: + - sources + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/UsedBy' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /sources/user_connections/oauth/: + get: + operationId: sources_user_connections_oauth_list + description: Source Viewset + parameters: + - name: ordering + required: false + in: query + description: Which field to use when ordering the results. + schema: + type: string + - name: page + required: false + in: query + description: A page number within the paginated result set. + schema: + type: integer + - name: page_size + required: false + in: query + description: Number of results to return per page. + schema: + type: integer + - name: search + required: false + in: query + description: A search term. + schema: + type: string + - in: query + name: source__slug + schema: + type: string + tags: + - sources + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/PaginatedUserOAuthSourceConnectionList' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + post: + operationId: sources_user_connections_oauth_create + description: Source Viewset + tags: + - sources + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/UserOAuthSourceConnectionRequest' + required: true + security: + - authentik: [] + responses: + '201': + content: + application/json: + schema: + $ref: '#/components/schemas/UserOAuthSourceConnection' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /sources/user_connections/oauth/{id}/: + get: + operationId: sources_user_connections_oauth_retrieve + description: Source Viewset + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this User OAuth Source Connection. + required: true + tags: + - sources + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/UserOAuthSourceConnection' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + put: + operationId: sources_user_connections_oauth_update + description: Source Viewset + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this User OAuth Source Connection. + required: true + tags: + - sources + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/UserOAuthSourceConnectionRequest' + required: true + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/UserOAuthSourceConnection' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + patch: + operationId: sources_user_connections_oauth_partial_update + description: Source Viewset + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this User OAuth Source Connection. + required: true + tags: + - sources + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/PatchedUserOAuthSourceConnectionRequest' + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/UserOAuthSourceConnection' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + delete: + operationId: sources_user_connections_oauth_destroy + description: Source Viewset + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this User OAuth Source Connection. + required: true + tags: + - sources + security: + - authentik: [] + responses: + '204': + description: No response body + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /sources/user_connections/oauth/{id}/used_by/: + get: + operationId: sources_user_connections_oauth_used_by_list + description: Get a list of all objects that use this object + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this User OAuth Source Connection. + required: true + tags: + - sources + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/UsedBy' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /sources/user_connections/plex/: + get: + operationId: sources_user_connections_plex_list + description: Plex Source connection Serializer + parameters: + - name: ordering + required: false + in: query + description: Which field to use when ordering the results. + schema: + type: string + - name: page + required: false + in: query + description: A page number within the paginated result set. + schema: + type: integer + - name: page_size + required: false + in: query + description: Number of results to return per page. + schema: + type: integer + - name: search + required: false + in: query + description: A search term. + schema: + type: string + - in: query + name: source__slug + schema: + type: string + tags: + - sources + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/PaginatedPlexSourceConnectionList' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + post: + operationId: sources_user_connections_plex_create + description: Plex Source connection Serializer + tags: + - sources + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/PlexSourceConnectionRequest' + required: true + security: + - authentik: [] + responses: + '201': + content: + application/json: + schema: + $ref: '#/components/schemas/PlexSourceConnection' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /sources/user_connections/plex/{id}/: + get: + operationId: sources_user_connections_plex_retrieve + description: Plex Source connection Serializer + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this User Plex Source Connection. + required: true + tags: + - sources + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/PlexSourceConnection' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + put: + operationId: sources_user_connections_plex_update + description: Plex Source connection Serializer + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this User Plex Source Connection. + required: true + tags: + - sources + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/PlexSourceConnectionRequest' + required: true + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/PlexSourceConnection' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + patch: + operationId: sources_user_connections_plex_partial_update + description: Plex Source connection Serializer + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this User Plex Source Connection. + required: true + tags: + - sources + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/PatchedPlexSourceConnectionRequest' + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/PlexSourceConnection' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + delete: + operationId: sources_user_connections_plex_destroy + description: Plex Source connection Serializer + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this User Plex Source Connection. + required: true + tags: + - sources + security: + - authentik: [] + responses: + '204': + description: No response body + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /sources/user_connections/plex/{id}/used_by/: + get: + operationId: sources_user_connections_plex_used_by_list + description: Get a list of all objects that use this object + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this User Plex Source Connection. + required: true + tags: + - sources + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/UsedBy' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /sources/user_connections/saml/: + get: + operationId: sources_user_connections_saml_list + description: Source Viewset + parameters: + - name: ordering + required: false + in: query + description: Which field to use when ordering the results. + schema: + type: string + - name: page + required: false + in: query + description: A page number within the paginated result set. + schema: + type: integer + - name: page_size + required: false + in: query + description: Number of results to return per page. + schema: + type: integer + - name: search + required: false + in: query + description: A search term. + schema: + type: string + - in: query + name: source__slug + schema: + type: string + tags: + - sources + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/PaginatedUserSAMLSourceConnectionList' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + post: + operationId: sources_user_connections_saml_create + description: Source Viewset + tags: + - sources + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/UserSAMLSourceConnectionRequest' + required: true + security: + - authentik: [] + responses: + '201': + content: + application/json: + schema: + $ref: '#/components/schemas/UserSAMLSourceConnection' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /sources/user_connections/saml/{id}/: + get: + operationId: sources_user_connections_saml_retrieve + description: Source Viewset + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this User SAML Source Connection. + required: true + tags: + - sources + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/UserSAMLSourceConnection' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + put: + operationId: sources_user_connections_saml_update + description: Source Viewset + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this User SAML Source Connection. + required: true + tags: + - sources + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/UserSAMLSourceConnectionRequest' + required: true + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/UserSAMLSourceConnection' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + patch: + operationId: sources_user_connections_saml_partial_update + description: Source Viewset + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this User SAML Source Connection. + required: true + tags: + - sources + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/PatchedUserSAMLSourceConnectionRequest' + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/UserSAMLSourceConnection' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + delete: + operationId: sources_user_connections_saml_destroy + description: Source Viewset + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this User SAML Source Connection. + required: true + tags: + - sources + security: + - authentik: [] + responses: + '204': + description: No response body + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /sources/user_connections/saml/{id}/used_by/: + get: + operationId: sources_user_connections_saml_used_by_list + description: Get a list of all objects that use this object + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this User SAML Source Connection. + required: true + tags: + - sources + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/UsedBy' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /stages/all/: + get: + operationId: stages_all_list + description: Stage Viewset + parameters: + - in: query + name: name + schema: + type: string + - name: ordering + required: false + in: query + description: Which field to use when ordering the results. + schema: + type: string + - name: page + required: false + in: query + description: A page number within the paginated result set. + schema: + type: integer + - name: page_size + required: false + in: query + description: Number of results to return per page. + schema: + type: integer + - name: search + required: false + in: query + description: A search term. + schema: + type: string + tags: + - stages + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/PaginatedStageList' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /stages/all/{stage_uuid}/: + get: + operationId: stages_all_retrieve + description: Stage Viewset + parameters: + - in: path + name: stage_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this stage. + required: true + tags: + - stages + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/Stage' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + delete: + operationId: stages_all_destroy + description: Stage Viewset + parameters: + - in: path + name: stage_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this stage. + required: true + tags: + - stages + security: + - authentik: [] + responses: + '204': + description: No response body + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /stages/all/{stage_uuid}/used_by/: + get: + operationId: stages_all_used_by_list + description: Get a list of all objects that use this object + parameters: + - in: path + name: stage_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this stage. + required: true + tags: + - stages + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/UsedBy' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /stages/all/types/: + get: + operationId: stages_all_types_list + description: Get all creatable stage types + tags: + - stages + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/TypeCreate' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /stages/all/user_settings/: + get: + operationId: stages_all_user_settings_list + description: Get all stages the user can configure + tags: + - stages + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/UserSetting' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /stages/authenticator/duo/: + get: + operationId: stages_authenticator_duo_list + description: AuthenticatorDuoStage Viewset + parameters: + - in: query + name: api_hostname + schema: + type: string + - in: query + name: client_id + schema: + type: string + - in: query + name: configure_flow + schema: + type: string + format: uuid + - in: query + name: name + schema: + type: string + - name: ordering + required: false + in: query + description: Which field to use when ordering the results. + schema: + type: string + - name: page + required: false + in: query + description: A page number within the paginated result set. + schema: + type: integer + - name: page_size + required: false + in: query + description: Number of results to return per page. + schema: + type: integer + - name: search + required: false + in: query + description: A search term. + schema: + type: string + tags: + - stages + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/PaginatedAuthenticatorDuoStageList' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + post: + operationId: stages_authenticator_duo_create + description: AuthenticatorDuoStage Viewset + tags: + - stages + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/AuthenticatorDuoStageRequest' + required: true + security: + - authentik: [] + responses: + '201': + content: + application/json: + schema: + $ref: '#/components/schemas/AuthenticatorDuoStage' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /stages/authenticator/duo/{stage_uuid}/: + get: + operationId: stages_authenticator_duo_retrieve + description: AuthenticatorDuoStage Viewset + parameters: + - in: path + name: stage_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Duo Authenticator Setup Stage. + required: true + tags: + - stages + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/AuthenticatorDuoStage' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + put: + operationId: stages_authenticator_duo_update + description: AuthenticatorDuoStage Viewset + parameters: + - in: path + name: stage_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Duo Authenticator Setup Stage. + required: true + tags: + - stages + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/AuthenticatorDuoStageRequest' + required: true + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/AuthenticatorDuoStage' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + patch: + operationId: stages_authenticator_duo_partial_update + description: AuthenticatorDuoStage Viewset + parameters: + - in: path + name: stage_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Duo Authenticator Setup Stage. + required: true + tags: + - stages + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/PatchedAuthenticatorDuoStageRequest' + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/AuthenticatorDuoStage' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + delete: + operationId: stages_authenticator_duo_destroy + description: AuthenticatorDuoStage Viewset + parameters: + - in: path + name: stage_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Duo Authenticator Setup Stage. + required: true + tags: + - stages + security: + - authentik: [] + responses: + '204': + description: No response body + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /stages/authenticator/duo/{stage_uuid}/enrollment_status/: + post: + operationId: stages_authenticator_duo_enrollment_status_create + description: Check enrollment status of user details in current session + parameters: + - in: path + name: stage_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Duo Authenticator Setup Stage. + required: true + tags: + - stages + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/DuoDeviceEnrollmentStatus' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /stages/authenticator/duo/{stage_uuid}/import_device_manual/: + post: + operationId: stages_authenticator_duo_import_device_manual_create + description: Import duo devices into authentik + parameters: + - in: path + name: stage_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Duo Authenticator Setup Stage. + required: true + tags: + - stages + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/AuthenticatorDuoStageManualDeviceImportRequest' + required: true + security: + - authentik: [] + responses: + '204': + description: Enrollment successful + '400': + description: Bad request + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /stages/authenticator/duo/{stage_uuid}/import_devices_automatic/: + post: + operationId: stages_authenticator_duo_import_devices_automatic_create + description: Import duo devices into authentik + parameters: + - in: path + name: stage_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Duo Authenticator Setup Stage. + required: true + tags: + - stages + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/AuthenticatorDuoStageDeviceImportResponse' + description: '' + '400': + description: Bad request + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /stages/authenticator/duo/{stage_uuid}/used_by/: + get: + operationId: stages_authenticator_duo_used_by_list + description: Get a list of all objects that use this object + parameters: + - in: path + name: stage_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Duo Authenticator Setup Stage. + required: true + tags: + - stages + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/UsedBy' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /stages/authenticator/sms/: + get: + operationId: stages_authenticator_sms_list + description: AuthenticatorSMSStage Viewset + parameters: + - in: query + name: account_sid + schema: + type: string + - in: query + name: auth + schema: + type: string + - in: query + name: auth_password + schema: + type: string + - in: query + name: auth_type + schema: + type: string + enum: + - basic + - bearer + - in: query + name: configure_flow + schema: + type: string + format: uuid + - in: query + name: from_number + schema: + type: string + - in: query + name: mapping + schema: + type: string + format: uuid + - in: query + name: name + schema: + type: string + - name: ordering + required: false + in: query + description: Which field to use when ordering the results. + schema: + type: string + - name: page + required: false + in: query + description: A page number within the paginated result set. + schema: + type: integer + - name: page_size + required: false + in: query + description: Number of results to return per page. + schema: + type: integer + - in: query + name: provider + schema: + type: string + enum: + - generic + - twilio + - name: search + required: false + in: query + description: A search term. + schema: + type: string + - in: query + name: stage_uuid + schema: + type: string + format: uuid + - in: query + name: verify_only + schema: + type: boolean + tags: + - stages + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/PaginatedAuthenticatorSMSStageList' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + post: + operationId: stages_authenticator_sms_create + description: AuthenticatorSMSStage Viewset + tags: + - stages + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/AuthenticatorSMSStageRequest' + required: true + security: + - authentik: [] + responses: + '201': + content: + application/json: + schema: + $ref: '#/components/schemas/AuthenticatorSMSStage' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /stages/authenticator/sms/{stage_uuid}/: + get: + operationId: stages_authenticator_sms_retrieve + description: AuthenticatorSMSStage Viewset + parameters: + - in: path + name: stage_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this SMS Authenticator Setup Stage. + required: true + tags: + - stages + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/AuthenticatorSMSStage' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + put: + operationId: stages_authenticator_sms_update + description: AuthenticatorSMSStage Viewset + parameters: + - in: path + name: stage_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this SMS Authenticator Setup Stage. + required: true + tags: + - stages + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/AuthenticatorSMSStageRequest' + required: true + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/AuthenticatorSMSStage' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + patch: + operationId: stages_authenticator_sms_partial_update + description: AuthenticatorSMSStage Viewset + parameters: + - in: path + name: stage_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this SMS Authenticator Setup Stage. + required: true + tags: + - stages + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/PatchedAuthenticatorSMSStageRequest' + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/AuthenticatorSMSStage' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + delete: + operationId: stages_authenticator_sms_destroy + description: AuthenticatorSMSStage Viewset + parameters: + - in: path + name: stage_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this SMS Authenticator Setup Stage. + required: true + tags: + - stages + security: + - authentik: [] + responses: + '204': + description: No response body + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /stages/authenticator/sms/{stage_uuid}/used_by/: + get: + operationId: stages_authenticator_sms_used_by_list + description: Get a list of all objects that use this object + parameters: + - in: path + name: stage_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this SMS Authenticator Setup Stage. + required: true + tags: + - stages + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/UsedBy' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /stages/authenticator/static/: + get: + operationId: stages_authenticator_static_list + description: AuthenticatorStaticStage Viewset + parameters: + - in: query + name: configure_flow + schema: + type: string + format: uuid + - in: query + name: name + schema: + type: string + - name: ordering + required: false + in: query + description: Which field to use when ordering the results. + schema: + type: string + - name: page + required: false + in: query + description: A page number within the paginated result set. + schema: + type: integer + - name: page_size + required: false + in: query + description: Number of results to return per page. + schema: + type: integer + - name: search + required: false + in: query + description: A search term. + schema: + type: string + - in: query + name: stage_uuid + schema: + type: string + format: uuid + - in: query + name: token_count + schema: + type: integer + tags: + - stages + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/PaginatedAuthenticatorStaticStageList' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + post: + operationId: stages_authenticator_static_create + description: AuthenticatorStaticStage Viewset + tags: + - stages + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/AuthenticatorStaticStageRequest' + required: true + security: + - authentik: [] + responses: + '201': + content: + application/json: + schema: + $ref: '#/components/schemas/AuthenticatorStaticStage' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /stages/authenticator/static/{stage_uuid}/: + get: + operationId: stages_authenticator_static_retrieve + description: AuthenticatorStaticStage Viewset + parameters: + - in: path + name: stage_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Static Authenticator Stage. + required: true + tags: + - stages + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/AuthenticatorStaticStage' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + put: + operationId: stages_authenticator_static_update + description: AuthenticatorStaticStage Viewset + parameters: + - in: path + name: stage_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Static Authenticator Stage. + required: true + tags: + - stages + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/AuthenticatorStaticStageRequest' + required: true + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/AuthenticatorStaticStage' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + patch: + operationId: stages_authenticator_static_partial_update + description: AuthenticatorStaticStage Viewset + parameters: + - in: path + name: stage_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Static Authenticator Stage. + required: true + tags: + - stages + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/PatchedAuthenticatorStaticStageRequest' + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/AuthenticatorStaticStage' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + delete: + operationId: stages_authenticator_static_destroy + description: AuthenticatorStaticStage Viewset + parameters: + - in: path + name: stage_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Static Authenticator Stage. + required: true + tags: + - stages + security: + - authentik: [] + responses: + '204': + description: No response body + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /stages/authenticator/static/{stage_uuid}/used_by/: + get: + operationId: stages_authenticator_static_used_by_list + description: Get a list of all objects that use this object + parameters: + - in: path + name: stage_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Static Authenticator Stage. + required: true + tags: + - stages + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/UsedBy' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /stages/authenticator/totp/: + get: + operationId: stages_authenticator_totp_list + description: AuthenticatorTOTPStage Viewset + parameters: + - in: query + name: configure_flow + schema: + type: string + format: uuid + - in: query + name: digits + schema: + type: integer + enum: + - 6 + - 8 + - in: query + name: name + schema: + type: string + - name: ordering + required: false + in: query + description: Which field to use when ordering the results. + schema: + type: string + - name: page + required: false + in: query + description: A page number within the paginated result set. + schema: + type: integer + - name: page_size + required: false + in: query + description: Number of results to return per page. + schema: + type: integer + - name: search + required: false + in: query + description: A search term. + schema: + type: string + - in: query + name: stage_uuid + schema: + type: string + format: uuid + tags: + - stages + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/PaginatedAuthenticatorTOTPStageList' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + post: + operationId: stages_authenticator_totp_create + description: AuthenticatorTOTPStage Viewset + tags: + - stages + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/AuthenticatorTOTPStageRequest' + required: true + security: + - authentik: [] + responses: + '201': + content: + application/json: + schema: + $ref: '#/components/schemas/AuthenticatorTOTPStage' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /stages/authenticator/totp/{stage_uuid}/: + get: + operationId: stages_authenticator_totp_retrieve + description: AuthenticatorTOTPStage Viewset + parameters: + - in: path + name: stage_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this TOTP Authenticator Setup Stage. + required: true + tags: + - stages + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/AuthenticatorTOTPStage' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + put: + operationId: stages_authenticator_totp_update + description: AuthenticatorTOTPStage Viewset + parameters: + - in: path + name: stage_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this TOTP Authenticator Setup Stage. + required: true + tags: + - stages + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/AuthenticatorTOTPStageRequest' + required: true + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/AuthenticatorTOTPStage' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + patch: + operationId: stages_authenticator_totp_partial_update + description: AuthenticatorTOTPStage Viewset + parameters: + - in: path + name: stage_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this TOTP Authenticator Setup Stage. + required: true + tags: + - stages + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/PatchedAuthenticatorTOTPStageRequest' + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/AuthenticatorTOTPStage' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + delete: + operationId: stages_authenticator_totp_destroy + description: AuthenticatorTOTPStage Viewset + parameters: + - in: path + name: stage_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this TOTP Authenticator Setup Stage. + required: true + tags: + - stages + security: + - authentik: [] + responses: + '204': + description: No response body + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /stages/authenticator/totp/{stage_uuid}/used_by/: + get: + operationId: stages_authenticator_totp_used_by_list + description: Get a list of all objects that use this object + parameters: + - in: path + name: stage_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this TOTP Authenticator Setup Stage. + required: true + tags: + - stages + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/UsedBy' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /stages/authenticator/validate/: + get: + operationId: stages_authenticator_validate_list + description: AuthenticatorValidateStage Viewset + parameters: + - in: query + name: configuration_stages + schema: + type: array + items: + type: string + format: uuid + explode: true + style: form + - in: query + name: name + schema: + type: string + - in: query + name: not_configured_action + schema: + type: string + enum: + - configure + - deny + - skip + - name: ordering + required: false + in: query + description: Which field to use when ordering the results. + schema: + type: string + - name: page + required: false + in: query + description: A page number within the paginated result set. + schema: + type: integer + - name: page_size + required: false + in: query + description: Number of results to return per page. + schema: + type: integer + - name: search + required: false + in: query + description: A search term. + schema: + type: string + tags: + - stages + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/PaginatedAuthenticatorValidateStageList' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + post: + operationId: stages_authenticator_validate_create + description: AuthenticatorValidateStage Viewset + tags: + - stages + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/AuthenticatorValidateStageRequest' + required: true + security: + - authentik: [] + responses: + '201': + content: + application/json: + schema: + $ref: '#/components/schemas/AuthenticatorValidateStage' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /stages/authenticator/validate/{stage_uuid}/: + get: + operationId: stages_authenticator_validate_retrieve + description: AuthenticatorValidateStage Viewset + parameters: + - in: path + name: stage_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Authenticator Validation Stage. + required: true + tags: + - stages + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/AuthenticatorValidateStage' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + put: + operationId: stages_authenticator_validate_update + description: AuthenticatorValidateStage Viewset + parameters: + - in: path + name: stage_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Authenticator Validation Stage. + required: true + tags: + - stages + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/AuthenticatorValidateStageRequest' + required: true + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/AuthenticatorValidateStage' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + patch: + operationId: stages_authenticator_validate_partial_update + description: AuthenticatorValidateStage Viewset + parameters: + - in: path + name: stage_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Authenticator Validation Stage. + required: true + tags: + - stages + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/PatchedAuthenticatorValidateStageRequest' + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/AuthenticatorValidateStage' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + delete: + operationId: stages_authenticator_validate_destroy + description: AuthenticatorValidateStage Viewset + parameters: + - in: path + name: stage_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Authenticator Validation Stage. + required: true + tags: + - stages + security: + - authentik: [] + responses: + '204': + description: No response body + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /stages/authenticator/validate/{stage_uuid}/used_by/: + get: + operationId: stages_authenticator_validate_used_by_list + description: Get a list of all objects that use this object + parameters: + - in: path + name: stage_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Authenticator Validation Stage. + required: true + tags: + - stages + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/UsedBy' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /stages/authenticator/webauthn/: + get: + operationId: stages_authenticator_webauthn_list + description: AuthenticateWebAuthnStage Viewset + parameters: + - in: query + name: authenticator_attachment + schema: + type: string + nullable: true + enum: + - cross-platform + - platform + - in: query + name: configure_flow + schema: + type: string + format: uuid + - in: query + name: name + schema: + type: string + - name: ordering + required: false + in: query + description: Which field to use when ordering the results. + schema: + type: string + - name: page + required: false + in: query + description: A page number within the paginated result set. + schema: + type: integer + - name: page_size + required: false + in: query + description: Number of results to return per page. + schema: + type: integer + - in: query + name: resident_key_requirement + schema: + type: string + enum: + - discouraged + - preferred + - required + - name: search + required: false + in: query + description: A search term. + schema: + type: string + - in: query + name: stage_uuid + schema: + type: string + format: uuid + - in: query + name: user_verification + schema: + type: string + enum: + - discouraged + - preferred + - required + tags: + - stages + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/PaginatedAuthenticateWebAuthnStageList' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + post: + operationId: stages_authenticator_webauthn_create + description: AuthenticateWebAuthnStage Viewset + tags: + - stages + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/AuthenticateWebAuthnStageRequest' + required: true + security: + - authentik: [] + responses: + '201': + content: + application/json: + schema: + $ref: '#/components/schemas/AuthenticateWebAuthnStage' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /stages/authenticator/webauthn/{stage_uuid}/: + get: + operationId: stages_authenticator_webauthn_retrieve + description: AuthenticateWebAuthnStage Viewset + parameters: + - in: path + name: stage_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this WebAuthn Authenticator Setup Stage. + required: true + tags: + - stages + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/AuthenticateWebAuthnStage' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + put: + operationId: stages_authenticator_webauthn_update + description: AuthenticateWebAuthnStage Viewset + parameters: + - in: path + name: stage_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this WebAuthn Authenticator Setup Stage. + required: true + tags: + - stages + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/AuthenticateWebAuthnStageRequest' + required: true + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/AuthenticateWebAuthnStage' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + patch: + operationId: stages_authenticator_webauthn_partial_update + description: AuthenticateWebAuthnStage Viewset + parameters: + - in: path + name: stage_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this WebAuthn Authenticator Setup Stage. + required: true + tags: + - stages + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/PatchedAuthenticateWebAuthnStageRequest' + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/AuthenticateWebAuthnStage' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + delete: + operationId: stages_authenticator_webauthn_destroy + description: AuthenticateWebAuthnStage Viewset + parameters: + - in: path + name: stage_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this WebAuthn Authenticator Setup Stage. + required: true + tags: + - stages + security: + - authentik: [] + responses: + '204': + description: No response body + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /stages/authenticator/webauthn/{stage_uuid}/used_by/: + get: + operationId: stages_authenticator_webauthn_used_by_list + description: Get a list of all objects that use this object + parameters: + - in: path + name: stage_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this WebAuthn Authenticator Setup Stage. + required: true + tags: + - stages + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/UsedBy' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /stages/captcha/: + get: + operationId: stages_captcha_list + description: CaptchaStage Viewset + parameters: + - in: query + name: name + schema: + type: string + - name: ordering + required: false + in: query + description: Which field to use when ordering the results. + schema: + type: string + - name: page + required: false + in: query + description: A page number within the paginated result set. + schema: + type: integer + - name: page_size + required: false + in: query + description: Number of results to return per page. + schema: + type: integer + - in: query + name: public_key + schema: + type: string + - name: search + required: false + in: query + description: A search term. + schema: + type: string + tags: + - stages + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/PaginatedCaptchaStageList' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + post: + operationId: stages_captcha_create + description: CaptchaStage Viewset + tags: + - stages + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/CaptchaStageRequest' + required: true + security: + - authentik: [] + responses: + '201': + content: + application/json: + schema: + $ref: '#/components/schemas/CaptchaStage' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /stages/captcha/{stage_uuid}/: + get: + operationId: stages_captcha_retrieve + description: CaptchaStage Viewset + parameters: + - in: path + name: stage_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Captcha Stage. + required: true + tags: + - stages + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/CaptchaStage' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + put: + operationId: stages_captcha_update + description: CaptchaStage Viewset + parameters: + - in: path + name: stage_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Captcha Stage. + required: true + tags: + - stages + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/CaptchaStageRequest' + required: true + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/CaptchaStage' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + patch: + operationId: stages_captcha_partial_update + description: CaptchaStage Viewset + parameters: + - in: path + name: stage_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Captcha Stage. + required: true + tags: + - stages + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/PatchedCaptchaStageRequest' + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/CaptchaStage' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + delete: + operationId: stages_captcha_destroy + description: CaptchaStage Viewset + parameters: + - in: path + name: stage_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Captcha Stage. + required: true + tags: + - stages + security: + - authentik: [] + responses: + '204': + description: No response body + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /stages/captcha/{stage_uuid}/used_by/: + get: + operationId: stages_captcha_used_by_list + description: Get a list of all objects that use this object + parameters: + - in: path + name: stage_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Captcha Stage. + required: true + tags: + - stages + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/UsedBy' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /stages/consent/: + get: + operationId: stages_consent_list + description: ConsentStage Viewset + parameters: + - in: query + name: consent_expire_in + schema: + type: string + - in: query + name: mode + schema: + type: string + enum: + - always_require + - expiring + - permanent + - in: query + name: name + schema: + type: string + - name: ordering + required: false + in: query + description: Which field to use when ordering the results. + schema: + type: string + - name: page + required: false + in: query + description: A page number within the paginated result set. + schema: + type: integer + - name: page_size + required: false + in: query + description: Number of results to return per page. + schema: + type: integer + - name: search + required: false + in: query + description: A search term. + schema: + type: string + - in: query + name: stage_uuid + schema: + type: string + format: uuid + tags: + - stages + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/PaginatedConsentStageList' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + post: + operationId: stages_consent_create + description: ConsentStage Viewset + tags: + - stages + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/ConsentStageRequest' + required: true + security: + - authentik: [] + responses: + '201': + content: + application/json: + schema: + $ref: '#/components/schemas/ConsentStage' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /stages/consent/{stage_uuid}/: + get: + operationId: stages_consent_retrieve + description: ConsentStage Viewset + parameters: + - in: path + name: stage_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Consent Stage. + required: true + tags: + - stages + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/ConsentStage' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + put: + operationId: stages_consent_update + description: ConsentStage Viewset + parameters: + - in: path + name: stage_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Consent Stage. + required: true + tags: + - stages + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/ConsentStageRequest' + required: true + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/ConsentStage' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + patch: + operationId: stages_consent_partial_update + description: ConsentStage Viewset + parameters: + - in: path + name: stage_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Consent Stage. + required: true + tags: + - stages + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/PatchedConsentStageRequest' + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/ConsentStage' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + delete: + operationId: stages_consent_destroy + description: ConsentStage Viewset + parameters: + - in: path + name: stage_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Consent Stage. + required: true + tags: + - stages + security: + - authentik: [] + responses: + '204': + description: No response body + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /stages/consent/{stage_uuid}/used_by/: + get: + operationId: stages_consent_used_by_list + description: Get a list of all objects that use this object + parameters: + - in: path + name: stage_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Consent Stage. + required: true + tags: + - stages + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/UsedBy' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /stages/deny/: + get: + operationId: stages_deny_list + description: DenyStage Viewset + parameters: + - in: query + name: name + schema: + type: string + - name: ordering + required: false + in: query + description: Which field to use when ordering the results. + schema: + type: string + - name: page + required: false + in: query + description: A page number within the paginated result set. + schema: + type: integer + - name: page_size + required: false + in: query + description: Number of results to return per page. + schema: + type: integer + - name: search + required: false + in: query + description: A search term. + schema: + type: string + - in: query + name: stage_uuid + schema: + type: string + format: uuid + tags: + - stages + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/PaginatedDenyStageList' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + post: + operationId: stages_deny_create + description: DenyStage Viewset + tags: + - stages + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/DenyStageRequest' + required: true + security: + - authentik: [] + responses: + '201': + content: + application/json: + schema: + $ref: '#/components/schemas/DenyStage' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /stages/deny/{stage_uuid}/: + get: + operationId: stages_deny_retrieve + description: DenyStage Viewset + parameters: + - in: path + name: stage_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Deny Stage. + required: true + tags: + - stages + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/DenyStage' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + put: + operationId: stages_deny_update + description: DenyStage Viewset + parameters: + - in: path + name: stage_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Deny Stage. + required: true + tags: + - stages + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/DenyStageRequest' + required: true + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/DenyStage' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + patch: + operationId: stages_deny_partial_update + description: DenyStage Viewset + parameters: + - in: path + name: stage_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Deny Stage. + required: true + tags: + - stages + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/PatchedDenyStageRequest' + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/DenyStage' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + delete: + operationId: stages_deny_destroy + description: DenyStage Viewset + parameters: + - in: path + name: stage_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Deny Stage. + required: true + tags: + - stages + security: + - authentik: [] + responses: + '204': + description: No response body + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /stages/deny/{stage_uuid}/used_by/: + get: + operationId: stages_deny_used_by_list + description: Get a list of all objects that use this object + parameters: + - in: path + name: stage_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Deny Stage. + required: true + tags: + - stages + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/UsedBy' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /stages/dummy/: + get: + operationId: stages_dummy_list + description: DummyStage Viewset + parameters: + - in: query + name: name + schema: + type: string + - name: ordering + required: false + in: query + description: Which field to use when ordering the results. + schema: + type: string + - name: page + required: false + in: query + description: A page number within the paginated result set. + schema: + type: integer + - name: page_size + required: false + in: query + description: Number of results to return per page. + schema: + type: integer + - name: search + required: false + in: query + description: A search term. + schema: + type: string + - in: query + name: stage_uuid + schema: + type: string + format: uuid + tags: + - stages + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/PaginatedDummyStageList' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + post: + operationId: stages_dummy_create + description: DummyStage Viewset + tags: + - stages + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/DummyStageRequest' + required: true + security: + - authentik: [] + responses: + '201': + content: + application/json: + schema: + $ref: '#/components/schemas/DummyStage' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /stages/dummy/{stage_uuid}/: + get: + operationId: stages_dummy_retrieve + description: DummyStage Viewset + parameters: + - in: path + name: stage_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Dummy Stage. + required: true + tags: + - stages + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/DummyStage' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + put: + operationId: stages_dummy_update + description: DummyStage Viewset + parameters: + - in: path + name: stage_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Dummy Stage. + required: true + tags: + - stages + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/DummyStageRequest' + required: true + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/DummyStage' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + patch: + operationId: stages_dummy_partial_update + description: DummyStage Viewset + parameters: + - in: path + name: stage_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Dummy Stage. + required: true + tags: + - stages + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/PatchedDummyStageRequest' + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/DummyStage' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + delete: + operationId: stages_dummy_destroy + description: DummyStage Viewset + parameters: + - in: path + name: stage_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Dummy Stage. + required: true + tags: + - stages + security: + - authentik: [] + responses: + '204': + description: No response body + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /stages/dummy/{stage_uuid}/used_by/: + get: + operationId: stages_dummy_used_by_list + description: Get a list of all objects that use this object + parameters: + - in: path + name: stage_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Dummy Stage. + required: true + tags: + - stages + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/UsedBy' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /stages/email/: + get: + operationId: stages_email_list + description: EmailStage Viewset + parameters: + - in: query + name: activate_user_on_success + schema: + type: boolean + - in: query + name: from_address + schema: + type: string + - in: query + name: host + schema: + type: string + - in: query + name: name + schema: + type: string + - name: ordering + required: false + in: query + description: Which field to use when ordering the results. + schema: + type: string + - name: page + required: false + in: query + description: A page number within the paginated result set. + schema: + type: integer + - name: page_size + required: false + in: query + description: Number of results to return per page. + schema: + type: integer + - in: query + name: port + schema: + type: integer + - name: search + required: false + in: query + description: A search term. + schema: + type: string + - in: query + name: subject + schema: + type: string + - in: query + name: template + schema: + type: string + - in: query + name: timeout + schema: + type: integer + - in: query + name: token_expiry + schema: + type: integer + - in: query + name: use_global_settings + schema: + type: boolean + - in: query + name: use_ssl + schema: + type: boolean + - in: query + name: use_tls + schema: + type: boolean + - in: query + name: username + schema: + type: string + tags: + - stages + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/PaginatedEmailStageList' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + post: + operationId: stages_email_create + description: EmailStage Viewset + tags: + - stages + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/EmailStageRequest' + required: true + security: + - authentik: [] + responses: + '201': + content: + application/json: + schema: + $ref: '#/components/schemas/EmailStage' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /stages/email/{stage_uuid}/: + get: + operationId: stages_email_retrieve + description: EmailStage Viewset + parameters: + - in: path + name: stage_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Email Stage. + required: true + tags: + - stages + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/EmailStage' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + put: + operationId: stages_email_update + description: EmailStage Viewset + parameters: + - in: path + name: stage_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Email Stage. + required: true + tags: + - stages + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/EmailStageRequest' + required: true + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/EmailStage' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + patch: + operationId: stages_email_partial_update + description: EmailStage Viewset + parameters: + - in: path + name: stage_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Email Stage. + required: true + tags: + - stages + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/PatchedEmailStageRequest' + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/EmailStage' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + delete: + operationId: stages_email_destroy + description: EmailStage Viewset + parameters: + - in: path + name: stage_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Email Stage. + required: true + tags: + - stages + security: + - authentik: [] + responses: + '204': + description: No response body + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /stages/email/{stage_uuid}/used_by/: + get: + operationId: stages_email_used_by_list + description: Get a list of all objects that use this object + parameters: + - in: path + name: stage_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Email Stage. + required: true + tags: + - stages + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/UsedBy' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /stages/email/templates/: + get: + operationId: stages_email_templates_list + description: Get all available templates, including custom templates + tags: + - stages + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/TypeCreate' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /stages/identification/: + get: + operationId: stages_identification_list + description: IdentificationStage Viewset + parameters: + - in: query + name: case_insensitive_matching + schema: + type: boolean + - in: query + name: enrollment_flow + schema: + type: string + format: uuid + - in: query + name: name + schema: + type: string + - name: ordering + required: false + in: query + description: Which field to use when ordering the results. + schema: + type: string + - name: page + required: false + in: query + description: A page number within the paginated result set. + schema: + type: integer + - name: page_size + required: false + in: query + description: Number of results to return per page. + schema: + type: integer + - in: query + name: password_stage + schema: + type: string + format: uuid + - in: query + name: passwordless_flow + schema: + type: string + format: uuid + - in: query + name: recovery_flow + schema: + type: string + format: uuid + - name: search + required: false + in: query + description: A search term. + schema: + type: string + - in: query + name: show_matched_user + schema: + type: boolean + - in: query + name: show_source_labels + schema: + type: boolean + tags: + - stages + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/PaginatedIdentificationStageList' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + post: + operationId: stages_identification_create + description: IdentificationStage Viewset + tags: + - stages + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/IdentificationStageRequest' + required: true + security: + - authentik: [] + responses: + '201': + content: + application/json: + schema: + $ref: '#/components/schemas/IdentificationStage' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /stages/identification/{stage_uuid}/: + get: + operationId: stages_identification_retrieve + description: IdentificationStage Viewset + parameters: + - in: path + name: stage_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Identification Stage. + required: true + tags: + - stages + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/IdentificationStage' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + put: + operationId: stages_identification_update + description: IdentificationStage Viewset + parameters: + - in: path + name: stage_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Identification Stage. + required: true + tags: + - stages + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/IdentificationStageRequest' + required: true + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/IdentificationStage' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + patch: + operationId: stages_identification_partial_update + description: IdentificationStage Viewset + parameters: + - in: path + name: stage_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Identification Stage. + required: true + tags: + - stages + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/PatchedIdentificationStageRequest' + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/IdentificationStage' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + delete: + operationId: stages_identification_destroy + description: IdentificationStage Viewset + parameters: + - in: path + name: stage_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Identification Stage. + required: true + tags: + - stages + security: + - authentik: [] + responses: + '204': + description: No response body + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /stages/identification/{stage_uuid}/used_by/: + get: + operationId: stages_identification_used_by_list + description: Get a list of all objects that use this object + parameters: + - in: path + name: stage_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Identification Stage. + required: true + tags: + - stages + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/UsedBy' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /stages/invitation/invitations/: + get: + operationId: stages_invitation_invitations_list + description: Invitation Viewset + parameters: + - in: query + name: created_by__username + schema: + type: string + - in: query + name: expires + schema: + type: string + format: date-time + - in: query + name: flow__slug + schema: + type: string + - in: query + name: name + schema: + type: string + - name: ordering + required: false + in: query + description: Which field to use when ordering the results. + schema: + type: string + - name: page + required: false + in: query + description: A page number within the paginated result set. + schema: + type: integer + - name: page_size + required: false + in: query + description: Number of results to return per page. + schema: + type: integer + - name: search + required: false + in: query + description: A search term. + schema: + type: string + tags: + - stages + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/PaginatedInvitationList' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + post: + operationId: stages_invitation_invitations_create + description: Invitation Viewset + tags: + - stages + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/InvitationRequest' + required: true + security: + - authentik: [] + responses: + '201': + content: + application/json: + schema: + $ref: '#/components/schemas/Invitation' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /stages/invitation/invitations/{invite_uuid}/: + get: + operationId: stages_invitation_invitations_retrieve + description: Invitation Viewset + parameters: + - in: path + name: invite_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Invitation. + required: true + tags: + - stages + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/Invitation' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + put: + operationId: stages_invitation_invitations_update + description: Invitation Viewset + parameters: + - in: path + name: invite_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Invitation. + required: true + tags: + - stages + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/InvitationRequest' + required: true + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/Invitation' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + patch: + operationId: stages_invitation_invitations_partial_update + description: Invitation Viewset + parameters: + - in: path + name: invite_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Invitation. + required: true + tags: + - stages + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/PatchedInvitationRequest' + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/Invitation' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + delete: + operationId: stages_invitation_invitations_destroy + description: Invitation Viewset + parameters: + - in: path + name: invite_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Invitation. + required: true + tags: + - stages + security: + - authentik: [] + responses: + '204': + description: No response body + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /stages/invitation/invitations/{invite_uuid}/used_by/: + get: + operationId: stages_invitation_invitations_used_by_list + description: Get a list of all objects that use this object + parameters: + - in: path + name: invite_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Invitation. + required: true + tags: + - stages + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/UsedBy' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /stages/invitation/stages/: + get: + operationId: stages_invitation_stages_list + description: InvitationStage Viewset + parameters: + - in: query + name: continue_flow_without_invitation + schema: + type: boolean + - in: query + name: name + schema: + type: string + - in: query + name: no_flows + schema: + type: boolean + - name: ordering + required: false + in: query + description: Which field to use when ordering the results. + schema: + type: string + - name: page + required: false + in: query + description: A page number within the paginated result set. + schema: + type: integer + - name: page_size + required: false + in: query + description: Number of results to return per page. + schema: + type: integer + - name: search + required: false + in: query + description: A search term. + schema: + type: string + - in: query + name: stage_uuid + schema: + type: string + format: uuid + tags: + - stages + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/PaginatedInvitationStageList' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + post: + operationId: stages_invitation_stages_create + description: InvitationStage Viewset + tags: + - stages + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/InvitationStageRequest' + required: true + security: + - authentik: [] + responses: + '201': + content: + application/json: + schema: + $ref: '#/components/schemas/InvitationStage' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /stages/invitation/stages/{stage_uuid}/: + get: + operationId: stages_invitation_stages_retrieve + description: InvitationStage Viewset + parameters: + - in: path + name: stage_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Invitation Stage. + required: true + tags: + - stages + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/InvitationStage' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + put: + operationId: stages_invitation_stages_update + description: InvitationStage Viewset + parameters: + - in: path + name: stage_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Invitation Stage. + required: true + tags: + - stages + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/InvitationStageRequest' + required: true + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/InvitationStage' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + patch: + operationId: stages_invitation_stages_partial_update + description: InvitationStage Viewset + parameters: + - in: path + name: stage_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Invitation Stage. + required: true + tags: + - stages + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/PatchedInvitationStageRequest' + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/InvitationStage' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + delete: + operationId: stages_invitation_stages_destroy + description: InvitationStage Viewset + parameters: + - in: path + name: stage_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Invitation Stage. + required: true + tags: + - stages + security: + - authentik: [] + responses: + '204': + description: No response body + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /stages/invitation/stages/{stage_uuid}/used_by/: + get: + operationId: stages_invitation_stages_used_by_list + description: Get a list of all objects that use this object + parameters: + - in: path + name: stage_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Invitation Stage. + required: true + tags: + - stages + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/UsedBy' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /stages/password/: + get: + operationId: stages_password_list + description: PasswordStage Viewset + parameters: + - in: query + name: configure_flow + schema: + type: string + format: uuid + - in: query + name: failed_attempts_before_cancel + schema: + type: integer + - in: query + name: name + schema: + type: string + - name: ordering + required: false + in: query + description: Which field to use when ordering the results. + schema: + type: string + - name: page + required: false + in: query + description: A page number within the paginated result set. + schema: + type: integer + - name: page_size + required: false + in: query + description: Number of results to return per page. + schema: + type: integer + - name: search + required: false + in: query + description: A search term. + schema: + type: string + tags: + - stages + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/PaginatedPasswordStageList' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + post: + operationId: stages_password_create + description: PasswordStage Viewset + tags: + - stages + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/PasswordStageRequest' + required: true + security: + - authentik: [] + responses: + '201': + content: + application/json: + schema: + $ref: '#/components/schemas/PasswordStage' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /stages/password/{stage_uuid}/: + get: + operationId: stages_password_retrieve + description: PasswordStage Viewset + parameters: + - in: path + name: stage_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Password Stage. + required: true + tags: + - stages + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/PasswordStage' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + put: + operationId: stages_password_update + description: PasswordStage Viewset + parameters: + - in: path + name: stage_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Password Stage. + required: true + tags: + - stages + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/PasswordStageRequest' + required: true + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/PasswordStage' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + patch: + operationId: stages_password_partial_update + description: PasswordStage Viewset + parameters: + - in: path + name: stage_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Password Stage. + required: true + tags: + - stages + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/PatchedPasswordStageRequest' + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/PasswordStage' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + delete: + operationId: stages_password_destroy + description: PasswordStage Viewset + parameters: + - in: path + name: stage_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Password Stage. + required: true + tags: + - stages + security: + - authentik: [] + responses: + '204': + description: No response body + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /stages/password/{stage_uuid}/used_by/: + get: + operationId: stages_password_used_by_list + description: Get a list of all objects that use this object + parameters: + - in: path + name: stage_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Password Stage. + required: true + tags: + - stages + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/UsedBy' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /stages/prompt/prompts/: + get: + operationId: stages_prompt_prompts_list + description: Prompt Viewset + parameters: + - in: query + name: field_key + schema: + type: string + - in: query + name: label + schema: + type: string + - name: ordering + required: false + in: query + description: Which field to use when ordering the results. + schema: + type: string + - name: page + required: false + in: query + description: A page number within the paginated result set. + schema: + type: integer + - name: page_size + required: false + in: query + description: Number of results to return per page. + schema: + type: integer + - in: query + name: placeholder + schema: + type: string + - name: search + required: false + in: query + description: A search term. + schema: + type: string + - in: query + name: type + schema: + type: string + enum: + - ak-locale + - checkbox + - date + - date-time + - email + - file + - hidden + - number + - password + - separator + - static + - text + - text_read_only + - username + tags: + - stages + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/PaginatedPromptList' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + post: + operationId: stages_prompt_prompts_create + description: Prompt Viewset + tags: + - stages + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/PromptRequest' + required: true + security: + - authentik: [] + responses: + '201': + content: + application/json: + schema: + $ref: '#/components/schemas/Prompt' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /stages/prompt/prompts/{prompt_uuid}/: + get: + operationId: stages_prompt_prompts_retrieve + description: Prompt Viewset + parameters: + - in: path + name: prompt_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Prompt. + required: true + tags: + - stages + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/Prompt' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + put: + operationId: stages_prompt_prompts_update + description: Prompt Viewset + parameters: + - in: path + name: prompt_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Prompt. + required: true + tags: + - stages + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/PromptRequest' + required: true + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/Prompt' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + patch: + operationId: stages_prompt_prompts_partial_update + description: Prompt Viewset + parameters: + - in: path + name: prompt_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Prompt. + required: true + tags: + - stages + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/PatchedPromptRequest' + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/Prompt' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + delete: + operationId: stages_prompt_prompts_destroy + description: Prompt Viewset + parameters: + - in: path + name: prompt_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Prompt. + required: true + tags: + - stages + security: + - authentik: [] + responses: + '204': + description: No response body + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /stages/prompt/prompts/{prompt_uuid}/used_by/: + get: + operationId: stages_prompt_prompts_used_by_list + description: Get a list of all objects that use this object + parameters: + - in: path + name: prompt_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Prompt. + required: true + tags: + - stages + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/UsedBy' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /stages/prompt/stages/: + get: + operationId: stages_prompt_stages_list + description: PromptStage Viewset + parameters: + - in: query + name: fields + schema: + type: array + items: + type: string + format: uuid + explode: true + style: form + - in: query + name: name + schema: + type: string + - name: ordering + required: false + in: query + description: Which field to use when ordering the results. + schema: + type: string + - name: page + required: false + in: query + description: A page number within the paginated result set. + schema: + type: integer + - name: page_size + required: false + in: query + description: Number of results to return per page. + schema: + type: integer + - name: search + required: false + in: query + description: A search term. + schema: + type: string + - in: query + name: stage_uuid + schema: + type: string + format: uuid + - in: query + name: validation_policies + schema: + type: array + items: + type: string + format: uuid + explode: true + style: form + tags: + - stages + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/PaginatedPromptStageList' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + post: + operationId: stages_prompt_stages_create + description: PromptStage Viewset + tags: + - stages + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/PromptStageRequest' + required: true + security: + - authentik: [] + responses: + '201': + content: + application/json: + schema: + $ref: '#/components/schemas/PromptStage' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /stages/prompt/stages/{stage_uuid}/: + get: + operationId: stages_prompt_stages_retrieve + description: PromptStage Viewset + parameters: + - in: path + name: stage_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Prompt Stage. + required: true + tags: + - stages + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/PromptStage' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + put: + operationId: stages_prompt_stages_update + description: PromptStage Viewset + parameters: + - in: path + name: stage_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Prompt Stage. + required: true + tags: + - stages + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/PromptStageRequest' + required: true + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/PromptStage' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + patch: + operationId: stages_prompt_stages_partial_update + description: PromptStage Viewset + parameters: + - in: path + name: stage_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Prompt Stage. + required: true + tags: + - stages + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/PatchedPromptStageRequest' + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/PromptStage' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + delete: + operationId: stages_prompt_stages_destroy + description: PromptStage Viewset + parameters: + - in: path + name: stage_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Prompt Stage. + required: true + tags: + - stages + security: + - authentik: [] + responses: + '204': + description: No response body + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /stages/prompt/stages/{stage_uuid}/used_by/: + get: + operationId: stages_prompt_stages_used_by_list + description: Get a list of all objects that use this object + parameters: + - in: path + name: stage_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Prompt Stage. + required: true + tags: + - stages + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/UsedBy' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /stages/user_delete/: + get: + operationId: stages_user_delete_list + description: UserDeleteStage Viewset + parameters: + - in: query + name: name + schema: + type: string + - name: ordering + required: false + in: query + description: Which field to use when ordering the results. + schema: + type: string + - name: page + required: false + in: query + description: A page number within the paginated result set. + schema: + type: integer + - name: page_size + required: false + in: query + description: Number of results to return per page. + schema: + type: integer + - name: search + required: false + in: query + description: A search term. + schema: + type: string + - in: query + name: stage_uuid + schema: + type: string + format: uuid + tags: + - stages + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/PaginatedUserDeleteStageList' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + post: + operationId: stages_user_delete_create + description: UserDeleteStage Viewset + tags: + - stages + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/UserDeleteStageRequest' + required: true + security: + - authentik: [] + responses: + '201': + content: + application/json: + schema: + $ref: '#/components/schemas/UserDeleteStage' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /stages/user_delete/{stage_uuid}/: + get: + operationId: stages_user_delete_retrieve + description: UserDeleteStage Viewset + parameters: + - in: path + name: stage_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this User Delete Stage. + required: true + tags: + - stages + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/UserDeleteStage' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + put: + operationId: stages_user_delete_update + description: UserDeleteStage Viewset + parameters: + - in: path + name: stage_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this User Delete Stage. + required: true + tags: + - stages + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/UserDeleteStageRequest' + required: true + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/UserDeleteStage' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + patch: + operationId: stages_user_delete_partial_update + description: UserDeleteStage Viewset + parameters: + - in: path + name: stage_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this User Delete Stage. + required: true + tags: + - stages + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/PatchedUserDeleteStageRequest' + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/UserDeleteStage' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + delete: + operationId: stages_user_delete_destroy + description: UserDeleteStage Viewset + parameters: + - in: path + name: stage_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this User Delete Stage. + required: true + tags: + - stages + security: + - authentik: [] + responses: + '204': + description: No response body + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /stages/user_delete/{stage_uuid}/used_by/: + get: + operationId: stages_user_delete_used_by_list + description: Get a list of all objects that use this object + parameters: + - in: path + name: stage_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this User Delete Stage. + required: true + tags: + - stages + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/UsedBy' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /stages/user_login/: + get: + operationId: stages_user_login_list + description: UserLoginStage Viewset + parameters: + - in: query + name: name + schema: + type: string + - name: ordering + required: false + in: query + description: Which field to use when ordering the results. + schema: + type: string + - name: page + required: false + in: query + description: A page number within the paginated result set. + schema: + type: integer + - name: page_size + required: false + in: query + description: Number of results to return per page. + schema: + type: integer + - name: search + required: false + in: query + description: A search term. + schema: + type: string + - in: query + name: session_duration + schema: + type: string + - in: query + name: stage_uuid + schema: + type: string + format: uuid + tags: + - stages + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/PaginatedUserLoginStageList' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + post: + operationId: stages_user_login_create + description: UserLoginStage Viewset + tags: + - stages + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/UserLoginStageRequest' + required: true + security: + - authentik: [] + responses: + '201': + content: + application/json: + schema: + $ref: '#/components/schemas/UserLoginStage' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /stages/user_login/{stage_uuid}/: + get: + operationId: stages_user_login_retrieve + description: UserLoginStage Viewset + parameters: + - in: path + name: stage_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this User Login Stage. + required: true + tags: + - stages + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/UserLoginStage' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + put: + operationId: stages_user_login_update + description: UserLoginStage Viewset + parameters: + - in: path + name: stage_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this User Login Stage. + required: true + tags: + - stages + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/UserLoginStageRequest' + required: true + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/UserLoginStage' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + patch: + operationId: stages_user_login_partial_update + description: UserLoginStage Viewset + parameters: + - in: path + name: stage_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this User Login Stage. + required: true + tags: + - stages + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/PatchedUserLoginStageRequest' + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/UserLoginStage' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + delete: + operationId: stages_user_login_destroy + description: UserLoginStage Viewset + parameters: + - in: path + name: stage_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this User Login Stage. + required: true + tags: + - stages + security: + - authentik: [] + responses: + '204': + description: No response body + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /stages/user_login/{stage_uuid}/used_by/: + get: + operationId: stages_user_login_used_by_list + description: Get a list of all objects that use this object + parameters: + - in: path + name: stage_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this User Login Stage. + required: true + tags: + - stages + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/UsedBy' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /stages/user_logout/: + get: + operationId: stages_user_logout_list + description: UserLogoutStage Viewset + parameters: + - in: query + name: name + schema: + type: string + - name: ordering + required: false + in: query + description: Which field to use when ordering the results. + schema: + type: string + - name: page + required: false + in: query + description: A page number within the paginated result set. + schema: + type: integer + - name: page_size + required: false + in: query + description: Number of results to return per page. + schema: + type: integer + - name: search + required: false + in: query + description: A search term. + schema: + type: string + - in: query + name: stage_uuid + schema: + type: string + format: uuid + tags: + - stages + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/PaginatedUserLogoutStageList' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + post: + operationId: stages_user_logout_create + description: UserLogoutStage Viewset + tags: + - stages + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/UserLogoutStageRequest' + required: true + security: + - authentik: [] + responses: + '201': + content: + application/json: + schema: + $ref: '#/components/schemas/UserLogoutStage' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /stages/user_logout/{stage_uuid}/: + get: + operationId: stages_user_logout_retrieve + description: UserLogoutStage Viewset + parameters: + - in: path + name: stage_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this User Logout Stage. + required: true + tags: + - stages + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/UserLogoutStage' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + put: + operationId: stages_user_logout_update + description: UserLogoutStage Viewset + parameters: + - in: path + name: stage_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this User Logout Stage. + required: true + tags: + - stages + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/UserLogoutStageRequest' + required: true + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/UserLogoutStage' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + patch: + operationId: stages_user_logout_partial_update + description: UserLogoutStage Viewset + parameters: + - in: path + name: stage_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this User Logout Stage. + required: true + tags: + - stages + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/PatchedUserLogoutStageRequest' + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/UserLogoutStage' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + delete: + operationId: stages_user_logout_destroy + description: UserLogoutStage Viewset + parameters: + - in: path + name: stage_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this User Logout Stage. + required: true + tags: + - stages + security: + - authentik: [] + responses: + '204': + description: No response body + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /stages/user_logout/{stage_uuid}/used_by/: + get: + operationId: stages_user_logout_used_by_list + description: Get a list of all objects that use this object + parameters: + - in: path + name: stage_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this User Logout Stage. + required: true + tags: + - stages + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/UsedBy' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /stages/user_write/: + get: + operationId: stages_user_write_list + description: UserWriteStage Viewset + parameters: + - in: query + name: can_create_users + schema: + type: boolean + - in: query + name: create_users_as_inactive + schema: + type: boolean + - in: query + name: create_users_group + schema: + type: string + format: uuid + - in: query + name: name + schema: + type: string + - name: ordering + required: false + in: query + description: Which field to use when ordering the results. + schema: + type: string + - name: page + required: false + in: query + description: A page number within the paginated result set. + schema: + type: integer + - name: page_size + required: false + in: query + description: Number of results to return per page. + schema: + type: integer + - name: search + required: false + in: query + description: A search term. + schema: + type: string + - in: query + name: stage_uuid + schema: + type: string + format: uuid + - in: query + name: user_path_template + schema: + type: string + tags: + - stages + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/PaginatedUserWriteStageList' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + post: + operationId: stages_user_write_create + description: UserWriteStage Viewset + tags: + - stages + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/UserWriteStageRequest' + required: true + security: + - authentik: [] + responses: + '201': + content: + application/json: + schema: + $ref: '#/components/schemas/UserWriteStage' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /stages/user_write/{stage_uuid}/: + get: + operationId: stages_user_write_retrieve + description: UserWriteStage Viewset + parameters: + - in: path + name: stage_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this User Write Stage. + required: true + tags: + - stages + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/UserWriteStage' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + put: + operationId: stages_user_write_update + description: UserWriteStage Viewset + parameters: + - in: path + name: stage_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this User Write Stage. + required: true + tags: + - stages + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/UserWriteStageRequest' + required: true + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/UserWriteStage' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + patch: + operationId: stages_user_write_partial_update + description: UserWriteStage Viewset + parameters: + - in: path + name: stage_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this User Write Stage. + required: true + tags: + - stages + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/PatchedUserWriteStageRequest' + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/UserWriteStage' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + delete: + operationId: stages_user_write_destroy + description: UserWriteStage Viewset + parameters: + - in: path + name: stage_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this User Write Stage. + required: true + tags: + - stages + security: + - authentik: [] + responses: + '204': + description: No response body + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /stages/user_write/{stage_uuid}/used_by/: + get: + operationId: stages_user_write_used_by_list + description: Get a list of all objects that use this object + parameters: + - in: path + name: stage_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this User Write Stage. + required: true + tags: + - stages + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/UsedBy' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' +components: + schemas: + AccessDeniedChallenge: + type: object + description: Challenge when a flow's active stage calls `stage_invalid()`. + properties: + type: + $ref: '#/components/schemas/ChallengeChoices' + flow_info: + $ref: '#/components/schemas/ContextualFlowInfo' + component: + type: string + default: ak-stage-access-denied + response_errors: + type: object + additionalProperties: + type: array + items: + $ref: '#/components/schemas/ErrorDetail' + pending_user: + type: string + pending_user_avatar: + type: string + error_message: + type: string + required: + - pending_user + - pending_user_avatar + - type + App: + type: object + description: Serialize Application info + properties: + name: + type: string + label: + type: string + required: + - label + - name + AppEnum: + enum: + - authentik.admin + - authentik.api + - authentik.crypto + - authentik.events + - authentik.flows + - authentik.lib + - authentik.outposts + - authentik.policies.dummy + - authentik.policies.event_matcher + - authentik.policies.expiry + - authentik.policies.expression + - authentik.policies.hibp + - authentik.policies.password + - authentik.policies.reputation + - authentik.policies + - authentik.providers.ldap + - authentik.providers.oauth2 + - authentik.providers.proxy + - authentik.providers.saml + - authentik.recovery + - authentik.sources.ldap + - authentik.sources.oauth + - authentik.sources.plex + - authentik.sources.saml + - authentik.stages.authenticator_duo + - authentik.stages.authenticator_sms + - authentik.stages.authenticator_static + - authentik.stages.authenticator_totp + - authentik.stages.authenticator_validate + - authentik.stages.authenticator_webauthn + - authentik.stages.captcha + - authentik.stages.consent + - authentik.stages.deny + - authentik.stages.dummy + - authentik.stages.email + - authentik.stages.identification + - authentik.stages.invitation + - authentik.stages.password + - authentik.stages.prompt + - authentik.stages.user_delete + - authentik.stages.user_login + - authentik.stages.user_logout + - authentik.stages.user_write + - authentik.tenants + - authentik.blueprints + - authentik.core + type: string + AppleChallengeResponseRequest: + type: object + description: Pseudo class for plex response + properties: + component: + type: string + minLength: 1 + default: ak-source-oauth-apple + AppleLoginChallenge: + type: object + description: Special challenge for apple-native authentication flow, which happens + on the client. + properties: + type: + $ref: '#/components/schemas/ChallengeChoices' + flow_info: + $ref: '#/components/schemas/ContextualFlowInfo' + component: + type: string + default: ak-source-oauth-apple + response_errors: + type: object + additionalProperties: + type: array + items: + $ref: '#/components/schemas/ErrorDetail' + client_id: + type: string + scope: + type: string + redirect_uri: + type: string + state: + type: string + required: + - client_id + - redirect_uri + - scope + - state + - type + Application: + type: object + description: Application Serializer + properties: + pk: + type: string + format: uuid + readOnly: true + title: Pbm uuid + name: + type: string + description: Application's display Name. + slug: + type: string + description: Internal application name, used in URLs. + maxLength: 50 + pattern: ^[-a-zA-Z0-9_]+$ + provider: + type: integer + nullable: true + provider_obj: + allOf: + - $ref: '#/components/schemas/Provider' + readOnly: true + launch_url: + type: string + nullable: true + readOnly: true + open_in_new_tab: + type: boolean + description: Open launch URL in a new browser tab or window. + meta_launch_url: + type: string + format: uri + meta_icon: + type: string + nullable: true + readOnly: true + meta_description: + type: string + meta_publisher: + type: string + policy_engine_mode: + $ref: '#/components/schemas/PolicyEngineMode' + group: + type: string + required: + - launch_url + - meta_icon + - name + - pk + - provider_obj + - slug + ApplicationRequest: + type: object + description: Application Serializer + properties: + name: + type: string + minLength: 1 + description: Application's display Name. + slug: + type: string + minLength: 1 + description: Internal application name, used in URLs. + maxLength: 50 + pattern: ^[-a-zA-Z0-9_]+$ + provider: + type: integer + nullable: true + open_in_new_tab: + type: boolean + description: Open launch URL in a new browser tab or window. + meta_launch_url: + type: string + format: uri + meta_description: + type: string + meta_publisher: + type: string + policy_engine_mode: + $ref: '#/components/schemas/PolicyEngineMode' + group: + type: string + required: + - name + - slug + AuthTypeEnum: + enum: + - basic + - bearer + type: string + AuthenticateWebAuthnStage: + type: object + description: AuthenticateWebAuthnStage Serializer + properties: + pk: + type: string + format: uuid + readOnly: true + title: Stage uuid + name: + type: string + component: + type: string + readOnly: true + verbose_name: + type: string + readOnly: true + verbose_name_plural: + type: string + readOnly: true + meta_model_name: + type: string + readOnly: true + flow_set: + type: array + items: + $ref: '#/components/schemas/FlowSet' + configure_flow: + type: string + format: uuid + nullable: true + description: Flow used by an authenticated user to configure this Stage. + If empty, user will not be able to configure this stage. + user_verification: + $ref: '#/components/schemas/UserVerificationEnum' + authenticator_attachment: + allOf: + - $ref: '#/components/schemas/AuthenticatorAttachmentEnum' + nullable: true + resident_key_requirement: + $ref: '#/components/schemas/ResidentKeyRequirementEnum' + required: + - component + - meta_model_name + - name + - pk + - verbose_name + - verbose_name_plural + AuthenticateWebAuthnStageRequest: + type: object + description: AuthenticateWebAuthnStage Serializer + properties: + name: + type: string + minLength: 1 + flow_set: + type: array + items: + $ref: '#/components/schemas/FlowSetRequest' + configure_flow: + type: string + format: uuid + nullable: true + description: Flow used by an authenticated user to configure this Stage. + If empty, user will not be able to configure this stage. + user_verification: + $ref: '#/components/schemas/UserVerificationEnum' + authenticator_attachment: + allOf: + - $ref: '#/components/schemas/AuthenticatorAttachmentEnum' + nullable: true + resident_key_requirement: + $ref: '#/components/schemas/ResidentKeyRequirementEnum' + required: + - name + AuthenticatedSession: + type: object + description: AuthenticatedSession Serializer + properties: + uuid: + type: string + format: uuid + current: + type: boolean + readOnly: true + user_agent: + type: object + description: User agent details + properties: + device: + type: object + description: User agent device + properties: + brand: + type: string + family: + type: string + model: + type: string + required: + - brand + - family + - model + os: + type: object + description: User agent os + properties: + family: + type: string + major: + type: string + minor: + type: string + patch: + type: string + patch_minor: + type: string + required: + - family + - major + - minor + - patch + - patch_minor + user_agent: + type: object + description: User agent browser + properties: + family: + type: string + major: + type: string + minor: + type: string + patch: + type: string + required: + - family + - major + - minor + - patch + string: + type: string + required: + - device + - os + - string + - user_agent + readOnly: true + geo_ip: + type: object + description: GeoIP Details + properties: + continent: + type: string + country: + type: string + lat: + type: number + format: double + long: + type: number + format: double + city: + type: string + required: + - city + - continent + - country + - lat + - long + nullable: true + readOnly: true + user: + type: integer + last_ip: + type: string + last_user_agent: + type: string + last_used: + type: string + format: date-time + readOnly: true + expires: + type: string + format: date-time + required: + - current + - geo_ip + - last_ip + - last_used + - user + - user_agent + AuthenticationEnum: + enum: + - none + - require_authenticated + - require_unauthenticated + - require_superuser + type: string + AuthenticatorAttachmentEnum: + enum: + - platform + - cross-platform + type: string + AuthenticatorDuoChallenge: + type: object + description: Duo Challenge + properties: + type: + $ref: '#/components/schemas/ChallengeChoices' + flow_info: + $ref: '#/components/schemas/ContextualFlowInfo' + component: + type: string + default: ak-stage-authenticator-duo + response_errors: + type: object + additionalProperties: + type: array + items: + $ref: '#/components/schemas/ErrorDetail' + pending_user: + type: string + pending_user_avatar: + type: string + activation_barcode: + type: string + activation_code: + type: string + stage_uuid: + type: string + required: + - activation_barcode + - activation_code + - pending_user + - pending_user_avatar + - stage_uuid + - type + AuthenticatorDuoChallengeResponseRequest: + type: object + description: Pseudo class for duo response + properties: + component: + type: string + minLength: 1 + default: ak-stage-authenticator-duo + AuthenticatorDuoStage: + type: object + description: AuthenticatorDuoStage Serializer + properties: + pk: + type: string + format: uuid + readOnly: true + title: Stage uuid + name: + type: string + component: + type: string + readOnly: true + verbose_name: + type: string + readOnly: true + verbose_name_plural: + type: string + readOnly: true + meta_model_name: + type: string + readOnly: true + flow_set: + type: array + items: + $ref: '#/components/schemas/FlowSet' + configure_flow: + type: string + format: uuid + nullable: true + description: Flow used by an authenticated user to configure this Stage. + If empty, user will not be able to configure this stage. + client_id: + type: string + api_hostname: + type: string + admin_integration_key: + type: string + required: + - api_hostname + - client_id + - component + - meta_model_name + - name + - pk + - verbose_name + - verbose_name_plural + AuthenticatorDuoStageDeviceImportResponse: + type: object + properties: + count: + type: integer + readOnly: true + error: + type: string + readOnly: true + required: + - count + - error + AuthenticatorDuoStageManualDeviceImportRequest: + type: object + properties: + duo_user_id: + type: string + minLength: 1 + username: + type: string + minLength: 1 + required: + - duo_user_id + - username + AuthenticatorDuoStageRequest: + type: object + description: AuthenticatorDuoStage Serializer + properties: + name: + type: string + minLength: 1 + flow_set: + type: array + items: + $ref: '#/components/schemas/FlowSetRequest' + configure_flow: + type: string + format: uuid + nullable: true + description: Flow used by an authenticated user to configure this Stage. + If empty, user will not be able to configure this stage. + client_id: + type: string + minLength: 1 + client_secret: + type: string + writeOnly: true + minLength: 1 + api_hostname: + type: string + minLength: 1 + admin_integration_key: + type: string + admin_secret_key: + type: string + writeOnly: true + required: + - api_hostname + - client_id + - client_secret + - name + AuthenticatorSMSChallenge: + type: object + description: SMS Setup challenge + properties: + type: + $ref: '#/components/schemas/ChallengeChoices' + flow_info: + $ref: '#/components/schemas/ContextualFlowInfo' + component: + type: string + default: ak-stage-authenticator-sms + response_errors: + type: object + additionalProperties: + type: array + items: + $ref: '#/components/schemas/ErrorDetail' + pending_user: + type: string + pending_user_avatar: + type: string + phone_number_required: + type: boolean + default: true + required: + - pending_user + - pending_user_avatar + - type + AuthenticatorSMSChallengeResponseRequest: + type: object + description: SMS Challenge response, device is set by get_response_instance + properties: + component: + type: string + minLength: 1 + default: ak-stage-authenticator-sms + code: + type: integer + phone_number: + type: string + minLength: 1 + AuthenticatorSMSStage: + type: object + description: AuthenticatorSMSStage Serializer + properties: + pk: + type: string + format: uuid + readOnly: true + title: Stage uuid + name: + type: string + component: + type: string + readOnly: true + verbose_name: + type: string + readOnly: true + verbose_name_plural: + type: string + readOnly: true + meta_model_name: + type: string + readOnly: true + flow_set: + type: array + items: + $ref: '#/components/schemas/FlowSet' + configure_flow: + type: string + format: uuid + nullable: true + description: Flow used by an authenticated user to configure this Stage. + If empty, user will not be able to configure this stage. + provider: + $ref: '#/components/schemas/ProviderEnum' + from_number: + type: string + account_sid: + type: string + auth: + type: string + auth_password: + type: string + auth_type: + $ref: '#/components/schemas/AuthTypeEnum' + verify_only: + type: boolean + description: When enabled, the Phone number is only used during enrollment + to verify the users authenticity. Only a hash of the phone number is saved + to ensure it is not re-used in the future. + mapping: + type: string + format: uuid + nullable: true + description: Optionally modify the payload being sent to custom providers. + required: + - account_sid + - auth + - component + - from_number + - meta_model_name + - name + - pk + - provider + - verbose_name + - verbose_name_plural + AuthenticatorSMSStageRequest: + type: object + description: AuthenticatorSMSStage Serializer + properties: + name: + type: string + minLength: 1 + flow_set: + type: array + items: + $ref: '#/components/schemas/FlowSetRequest' + configure_flow: + type: string + format: uuid + nullable: true + description: Flow used by an authenticated user to configure this Stage. + If empty, user will not be able to configure this stage. + provider: + $ref: '#/components/schemas/ProviderEnum' + from_number: + type: string + minLength: 1 + account_sid: + type: string + minLength: 1 + auth: + type: string + minLength: 1 + auth_password: + type: string + auth_type: + $ref: '#/components/schemas/AuthTypeEnum' + verify_only: + type: boolean + description: When enabled, the Phone number is only used during enrollment + to verify the users authenticity. Only a hash of the phone number is saved + to ensure it is not re-used in the future. + mapping: + type: string + format: uuid + nullable: true + description: Optionally modify the payload being sent to custom providers. + required: + - account_sid + - auth + - from_number + - name + - provider + AuthenticatorStaticChallenge: + type: object + description: Static authenticator challenge + properties: + type: + $ref: '#/components/schemas/ChallengeChoices' + flow_info: + $ref: '#/components/schemas/ContextualFlowInfo' + component: + type: string + default: ak-stage-authenticator-static + response_errors: + type: object + additionalProperties: + type: array + items: + $ref: '#/components/schemas/ErrorDetail' + pending_user: + type: string + pending_user_avatar: + type: string + codes: + type: array + items: + type: string + required: + - codes + - pending_user + - pending_user_avatar + - type + AuthenticatorStaticChallengeResponseRequest: + type: object + description: Pseudo class for static response + properties: + component: + type: string + minLength: 1 + default: ak-stage-authenticator-static + AuthenticatorStaticStage: + type: object + description: AuthenticatorStaticStage Serializer + properties: + pk: + type: string + format: uuid + readOnly: true + title: Stage uuid + name: + type: string + component: + type: string + readOnly: true + verbose_name: + type: string + readOnly: true + verbose_name_plural: + type: string + readOnly: true + meta_model_name: + type: string + readOnly: true + flow_set: + type: array + items: + $ref: '#/components/schemas/FlowSet' + configure_flow: + type: string + format: uuid + nullable: true + description: Flow used by an authenticated user to configure this Stage. + If empty, user will not be able to configure this stage. + token_count: + type: integer + maximum: 2147483647 + minimum: -2147483648 + required: + - component + - meta_model_name + - name + - pk + - verbose_name + - verbose_name_plural + AuthenticatorStaticStageRequest: + type: object + description: AuthenticatorStaticStage Serializer + properties: + name: + type: string + minLength: 1 + flow_set: + type: array + items: + $ref: '#/components/schemas/FlowSetRequest' + configure_flow: + type: string + format: uuid + nullable: true + description: Flow used by an authenticated user to configure this Stage. + If empty, user will not be able to configure this stage. + token_count: + type: integer + maximum: 2147483647 + minimum: -2147483648 + required: + - name + AuthenticatorTOTPChallenge: + type: object + description: TOTP Setup challenge + properties: + type: + $ref: '#/components/schemas/ChallengeChoices' + flow_info: + $ref: '#/components/schemas/ContextualFlowInfo' + component: + type: string + default: ak-stage-authenticator-totp + response_errors: + type: object + additionalProperties: + type: array + items: + $ref: '#/components/schemas/ErrorDetail' + pending_user: + type: string + pending_user_avatar: + type: string + config_url: + type: string + required: + - config_url + - pending_user + - pending_user_avatar + - type + AuthenticatorTOTPChallengeResponseRequest: + type: object + description: TOTP Challenge response, device is set by get_response_instance + properties: + component: + type: string + minLength: 1 + default: ak-stage-authenticator-totp + code: + type: integer + required: + - code + AuthenticatorTOTPStage: + type: object + description: AuthenticatorTOTPStage Serializer + properties: + pk: + type: string + format: uuid + readOnly: true + title: Stage uuid + name: + type: string + component: + type: string + readOnly: true + verbose_name: + type: string + readOnly: true + verbose_name_plural: + type: string + readOnly: true + meta_model_name: + type: string + readOnly: true + flow_set: + type: array + items: + $ref: '#/components/schemas/FlowSet' + configure_flow: + type: string + format: uuid + nullable: true + description: Flow used by an authenticated user to configure this Stage. + If empty, user will not be able to configure this stage. + digits: + allOf: + - $ref: '#/components/schemas/DigitsEnum' + minimum: -2147483648 + maximum: 2147483647 + required: + - component + - digits + - meta_model_name + - name + - pk + - verbose_name + - verbose_name_plural + AuthenticatorTOTPStageRequest: + type: object + description: AuthenticatorTOTPStage Serializer + properties: + name: + type: string + minLength: 1 + flow_set: + type: array + items: + $ref: '#/components/schemas/FlowSetRequest' + configure_flow: + type: string + format: uuid + nullable: true + description: Flow used by an authenticated user to configure this Stage. + If empty, user will not be able to configure this stage. + digits: + allOf: + - $ref: '#/components/schemas/DigitsEnum' + minimum: -2147483648 + maximum: 2147483647 + required: + - digits + - name + AuthenticatorValidateStage: + type: object + description: AuthenticatorValidateStage Serializer + properties: + pk: + type: string + format: uuid + readOnly: true + title: Stage uuid + name: + type: string + component: + type: string + readOnly: true + verbose_name: + type: string + readOnly: true + verbose_name_plural: + type: string + readOnly: true + meta_model_name: + type: string + readOnly: true + flow_set: + type: array + items: + $ref: '#/components/schemas/FlowSet' + not_configured_action: + $ref: '#/components/schemas/NotConfiguredActionEnum' + device_classes: + type: array + items: + $ref: '#/components/schemas/DeviceClassesEnum' + description: Device classes which can be used to authenticate + configuration_stages: + type: array + items: + type: string + format: uuid + description: Stages used to configure Authenticator when user doesn't have + any compatible devices. After this configuration Stage passes, the user + is not prompted again. + last_auth_threshold: + type: string + description: If any of the user's device has been used within this threshold, + this stage will be skipped + webauthn_user_verification: + allOf: + - $ref: '#/components/schemas/UserVerificationEnum' + description: Enforce user verification for WebAuthn devices. + required: + - component + - meta_model_name + - name + - pk + - verbose_name + - verbose_name_plural + AuthenticatorValidateStageRequest: + type: object + description: AuthenticatorValidateStage Serializer + properties: + name: + type: string + minLength: 1 + flow_set: + type: array + items: + $ref: '#/components/schemas/FlowSetRequest' + not_configured_action: + $ref: '#/components/schemas/NotConfiguredActionEnum' + device_classes: + type: array + items: + $ref: '#/components/schemas/DeviceClassesEnum' + description: Device classes which can be used to authenticate + configuration_stages: + type: array + items: + type: string + format: uuid + description: Stages used to configure Authenticator when user doesn't have + any compatible devices. After this configuration Stage passes, the user + is not prompted again. + last_auth_threshold: + type: string + minLength: 1 + description: If any of the user's device has been used within this threshold, + this stage will be skipped + webauthn_user_verification: + allOf: + - $ref: '#/components/schemas/UserVerificationEnum' + description: Enforce user verification for WebAuthn devices. + required: + - name + AuthenticatorValidationChallenge: + type: object + description: Authenticator challenge + properties: + type: + $ref: '#/components/schemas/ChallengeChoices' + flow_info: + $ref: '#/components/schemas/ContextualFlowInfo' + component: + type: string + default: ak-stage-authenticator-validate + response_errors: + type: object + additionalProperties: + type: array + items: + $ref: '#/components/schemas/ErrorDetail' + pending_user: + type: string + pending_user_avatar: + type: string + device_challenges: + type: array + items: + $ref: '#/components/schemas/DeviceChallenge' + configuration_stages: + type: array + items: + $ref: '#/components/schemas/SelectableStage' + required: + - configuration_stages + - device_challenges + - pending_user + - pending_user_avatar + - type + AuthenticatorValidationChallengeResponseRequest: + type: object + description: Challenge used for Code-based and WebAuthn authenticators + properties: + component: + type: string + minLength: 1 + default: ak-stage-authenticator-validate + selected_challenge: + $ref: '#/components/schemas/DeviceChallengeRequest' + selected_stage: + type: string + minLength: 1 + code: + type: string + minLength: 1 + webauthn: + type: object + additionalProperties: {} + duo: + type: integer + AuthenticatorWebAuthnChallenge: + type: object + description: WebAuthn Challenge + properties: + type: + $ref: '#/components/schemas/ChallengeChoices' + flow_info: + $ref: '#/components/schemas/ContextualFlowInfo' + component: + type: string + default: ak-stage-authenticator-webauthn + response_errors: + type: object + additionalProperties: + type: array + items: + $ref: '#/components/schemas/ErrorDetail' + pending_user: + type: string + pending_user_avatar: + type: string + registration: + type: object + additionalProperties: {} + required: + - pending_user + - pending_user_avatar + - registration + - type + AuthenticatorWebAuthnChallengeResponseRequest: + type: object + description: WebAuthn Challenge response + properties: + component: + type: string + minLength: 1 + default: ak-stage-authenticator-webauthn + response: + type: object + additionalProperties: {} + required: + - response + AutoSubmitChallengeResponseRequest: + type: object + description: Pseudo class for autosubmit response + properties: + component: + type: string + minLength: 1 + default: ak-stage-autosubmit + AutosubmitChallenge: + type: object + description: Autosubmit challenge used to send and navigate a POST request + properties: + type: + $ref: '#/components/schemas/ChallengeChoices' + flow_info: + $ref: '#/components/schemas/ContextualFlowInfo' + component: + type: string + default: ak-stage-autosubmit + response_errors: + type: object + additionalProperties: + type: array + items: + $ref: '#/components/schemas/ErrorDetail' + url: + type: string + attrs: + type: object + additionalProperties: + type: string + title: + type: string + required: + - attrs + - type + - url + BackendsEnum: + enum: + - authentik.core.auth.InbuiltBackend + - authentik.core.auth.TokenBackend + - authentik.sources.ldap.auth.LDAPBackend + type: string + BindingTypeEnum: + enum: + - REDIRECT + - POST + - POST_AUTO + type: string + BlueprintFile: + type: object + properties: + path: + type: string + last_m: + type: string + format: date-time + hash: + type: string + meta: + allOf: + - $ref: '#/components/schemas/Metadata' + readOnly: true + required: + - hash + - last_m + - meta + - path + BlueprintInstance: + type: object + description: Info about a single blueprint instance file + properties: + pk: + type: string + format: uuid + readOnly: true + title: Instance uuid + name: + type: string + path: + type: string + context: + type: object + additionalProperties: {} + last_applied: + type: string + format: date-time + readOnly: true + last_applied_hash: + type: string + readOnly: true + status: + allOf: + - $ref: '#/components/schemas/BlueprintInstanceStatusEnum' + readOnly: true + enabled: + type: boolean + managed_models: + type: array + items: + type: string + readOnly: true + metadata: + type: object + additionalProperties: {} + readOnly: true + required: + - last_applied + - last_applied_hash + - managed_models + - metadata + - name + - path + - pk + - status + BlueprintInstanceRequest: + type: object + description: Info about a single blueprint instance file + properties: + name: + type: string + minLength: 1 + path: + type: string + minLength: 1 + context: + type: object + additionalProperties: {} + enabled: + type: boolean + required: + - name + - path + BlueprintInstanceStatusEnum: + enum: + - successful + - warning + - error + - orphaned + - unknown + type: string + Cache: + type: object + description: Generic cache stats for an object + properties: + count: + type: integer + readOnly: true + required: + - count + CapabilitiesEnum: + enum: + - can_save_media + - can_geo_ip + - can_impersonate + - can_debug + type: string + CaptchaChallenge: + type: object + description: Site public key + properties: + type: + $ref: '#/components/schemas/ChallengeChoices' + flow_info: + $ref: '#/components/schemas/ContextualFlowInfo' + component: + type: string + default: ak-stage-captcha + response_errors: + type: object + additionalProperties: + type: array + items: + $ref: '#/components/schemas/ErrorDetail' + pending_user: + type: string + pending_user_avatar: + type: string + site_key: + type: string + js_url: + type: string + readOnly: true + required: + - js_url + - pending_user + - pending_user_avatar + - site_key + - type + CaptchaChallengeResponseRequest: + type: object + description: Validate captcha token + properties: + component: + type: string + minLength: 1 + default: ak-stage-captcha + token: + type: string + minLength: 1 + required: + - token + CaptchaStage: + type: object + description: CaptchaStage Serializer + properties: + pk: + type: string + format: uuid + readOnly: true + title: Stage uuid + name: + type: string + component: + type: string + readOnly: true + verbose_name: + type: string + readOnly: true + verbose_name_plural: + type: string + readOnly: true + meta_model_name: + type: string + readOnly: true + flow_set: + type: array + items: + $ref: '#/components/schemas/FlowSet' + public_key: + type: string + description: Public key, acquired your captcha Provider. + js_url: + type: string + api_url: + type: string + required: + - component + - meta_model_name + - name + - pk + - public_key + - verbose_name + - verbose_name_plural + CaptchaStageRequest: + type: object + description: CaptchaStage Serializer + properties: + name: + type: string + minLength: 1 + flow_set: + type: array + items: + $ref: '#/components/schemas/FlowSetRequest' + public_key: + type: string + minLength: 1 + description: Public key, acquired your captcha Provider. + private_key: + type: string + writeOnly: true + minLength: 1 + description: Private key, acquired your captcha Provider. + js_url: + type: string + minLength: 1 + api_url: + type: string + minLength: 1 + required: + - name + - private_key + - public_key + CertificateData: + type: object + description: Get CertificateKeyPair's data + properties: + data: + type: string + readOnly: true + required: + - data + CertificateGenerationRequest: + type: object + description: Certificate generation parameters + properties: + common_name: + type: string + minLength: 1 + subject_alt_name: + type: string + validity_days: + type: integer + required: + - common_name + - validity_days + CertificateKeyPair: + type: object + description: CertificateKeyPair Serializer + properties: + pk: + type: string + format: uuid + readOnly: true + title: Kp uuid + name: + type: string + fingerprint_sha256: + type: string + nullable: true + readOnly: true + fingerprint_sha1: + type: string + nullable: true + readOnly: true + cert_expiry: + type: string + format: date-time + nullable: true + readOnly: true + cert_subject: + type: string + nullable: true + readOnly: true + private_key_available: + type: boolean + readOnly: true + private_key_type: + type: string + nullable: true + readOnly: true + certificate_download_url: + type: string + readOnly: true + private_key_download_url: + type: string + readOnly: true + managed: + type: string + nullable: true + title: Managed by authentik + description: Objects which are managed by authentik. These objects are created + and updated automatically. This is flag only indicates that an object + can be overwritten by migrations. You can still modify the objects via + the API, but expect changes to be overwritten in a later update. + required: + - cert_expiry + - cert_subject + - certificate_download_url + - fingerprint_sha1 + - fingerprint_sha256 + - name + - pk + - private_key_available + - private_key_download_url + - private_key_type + CertificateKeyPairRequest: + type: object + description: CertificateKeyPair Serializer + properties: + name: + type: string + minLength: 1 + certificate_data: + type: string + writeOnly: true + minLength: 1 + description: PEM-encoded Certificate data + key_data: + type: string + writeOnly: true + description: Optional Private Key. If this is set, you can use this keypair + for encryption. + managed: + type: string + nullable: true + minLength: 1 + title: Managed by authentik + description: Objects which are managed by authentik. These objects are created + and updated automatically. This is flag only indicates that an object + can be overwritten by migrations. You can still modify the objects via + the API, but expect changes to be overwritten in a later update. + required: + - certificate_data + - name + ChallengeChoices: + enum: + - native + - shell + - redirect + type: string + ChallengeTypes: + oneOf: + - $ref: '#/components/schemas/AccessDeniedChallenge' + - $ref: '#/components/schemas/AppleLoginChallenge' + - $ref: '#/components/schemas/AuthenticatorDuoChallenge' + - $ref: '#/components/schemas/AuthenticatorSMSChallenge' + - $ref: '#/components/schemas/AuthenticatorStaticChallenge' + - $ref: '#/components/schemas/AuthenticatorTOTPChallenge' + - $ref: '#/components/schemas/AuthenticatorValidationChallenge' + - $ref: '#/components/schemas/AuthenticatorWebAuthnChallenge' + - $ref: '#/components/schemas/AutosubmitChallenge' + - $ref: '#/components/schemas/CaptchaChallenge' + - $ref: '#/components/schemas/ConsentChallenge' + - $ref: '#/components/schemas/DummyChallenge' + - $ref: '#/components/schemas/EmailChallenge' + - $ref: '#/components/schemas/FlowErrorChallenge' + - $ref: '#/components/schemas/IdentificationChallenge' + - $ref: '#/components/schemas/OAuthDeviceCodeChallenge' + - $ref: '#/components/schemas/OAuthDeviceCodeFinishChallenge' + - $ref: '#/components/schemas/PasswordChallenge' + - $ref: '#/components/schemas/PlexAuthenticationChallenge' + - $ref: '#/components/schemas/PromptChallenge' + - $ref: '#/components/schemas/RedirectChallenge' + - $ref: '#/components/schemas/ShellChallenge' + discriminator: + propertyName: component + mapping: + ak-stage-access-denied: '#/components/schemas/AccessDeniedChallenge' + ak-source-oauth-apple: '#/components/schemas/AppleLoginChallenge' + ak-stage-authenticator-duo: '#/components/schemas/AuthenticatorDuoChallenge' + ak-stage-authenticator-sms: '#/components/schemas/AuthenticatorSMSChallenge' + ak-stage-authenticator-static: '#/components/schemas/AuthenticatorStaticChallenge' + ak-stage-authenticator-totp: '#/components/schemas/AuthenticatorTOTPChallenge' + ak-stage-authenticator-validate: '#/components/schemas/AuthenticatorValidationChallenge' + ak-stage-authenticator-webauthn: '#/components/schemas/AuthenticatorWebAuthnChallenge' + ak-stage-autosubmit: '#/components/schemas/AutosubmitChallenge' + ak-stage-captcha: '#/components/schemas/CaptchaChallenge' + ak-stage-consent: '#/components/schemas/ConsentChallenge' + ak-stage-dummy: '#/components/schemas/DummyChallenge' + ak-stage-email: '#/components/schemas/EmailChallenge' + xak-flow-error: '#/components/schemas/FlowErrorChallenge' + ak-stage-identification: '#/components/schemas/IdentificationChallenge' + ak-provider-oauth2-device-code: '#/components/schemas/OAuthDeviceCodeChallenge' + ak-provider-oauth2-device-code-finish: '#/components/schemas/OAuthDeviceCodeFinishChallenge' + ak-stage-password: '#/components/schemas/PasswordChallenge' + ak-source-plex: '#/components/schemas/PlexAuthenticationChallenge' + ak-stage-prompt: '#/components/schemas/PromptChallenge' + xak-flow-redirect: '#/components/schemas/RedirectChallenge' + xak-flow-shell: '#/components/schemas/ShellChallenge' + ClientTypeEnum: + enum: + - confidential + - public + type: string + Config: + type: object + description: Serialize authentik Config into DRF Object + properties: + error_reporting: + $ref: '#/components/schemas/ErrorReportingConfig' + capabilities: + type: array + items: + $ref: '#/components/schemas/CapabilitiesEnum' + cache_timeout: + type: integer + cache_timeout_flows: + type: integer + cache_timeout_policies: + type: integer + cache_timeout_reputation: + type: integer + required: + - cache_timeout + - cache_timeout_flows + - cache_timeout_policies + - cache_timeout_reputation + - capabilities + - error_reporting + ConsentChallenge: + type: object + description: Challenge info for consent screens + properties: + type: + $ref: '#/components/schemas/ChallengeChoices' + flow_info: + $ref: '#/components/schemas/ContextualFlowInfo' + component: + type: string + default: ak-stage-consent + response_errors: + type: object + additionalProperties: + type: array + items: + $ref: '#/components/schemas/ErrorDetail' + pending_user: + type: string + pending_user_avatar: + type: string + header_text: + type: string + permissions: + type: array + items: + $ref: '#/components/schemas/Permission' + additional_permissions: + type: array + items: + $ref: '#/components/schemas/Permission' + token: + type: string + required: + - additional_permissions + - pending_user + - pending_user_avatar + - permissions + - token + - type + ConsentChallengeResponseRequest: + type: object + description: Consent challenge response, any valid response request is valid + properties: + component: + type: string + minLength: 1 + default: ak-stage-consent + token: + type: string + minLength: 1 + required: + - token + ConsentStage: + type: object + description: ConsentStage Serializer + properties: + pk: + type: string + format: uuid + readOnly: true + title: Stage uuid + name: + type: string + component: + type: string + readOnly: true + verbose_name: + type: string + readOnly: true + verbose_name_plural: + type: string + readOnly: true + meta_model_name: + type: string + readOnly: true + flow_set: + type: array + items: + $ref: '#/components/schemas/FlowSet' + mode: + $ref: '#/components/schemas/ConsentStageModeEnum' + consent_expire_in: + type: string + title: Consent expires in + description: 'Offset after which consent expires. (Format: hours=1;minutes=2;seconds=3).' + required: + - component + - meta_model_name + - name + - pk + - verbose_name + - verbose_name_plural + ConsentStageModeEnum: + enum: + - always_require + - permanent + - expiring + type: string + ConsentStageRequest: + type: object + description: ConsentStage Serializer + properties: + name: + type: string + minLength: 1 + flow_set: + type: array + items: + $ref: '#/components/schemas/FlowSetRequest' + mode: + $ref: '#/components/schemas/ConsentStageModeEnum' + consent_expire_in: + type: string + minLength: 1 + title: Consent expires in + description: 'Offset after which consent expires. (Format: hours=1;minutes=2;seconds=3).' + required: + - name + ContextualFlowInfo: + type: object + description: Contextual flow information for a challenge + properties: + title: + type: string + background: + type: string + cancel_url: + type: string + layout: + $ref: '#/components/schemas/LayoutEnum' + required: + - cancel_url + - layout + Coordinate: + type: object + description: Coordinates for diagrams + properties: + x_cord: + type: integer + readOnly: true + y_cord: + type: integer + readOnly: true + required: + - x_cord + - y_cord + CurrentTenant: + type: object + description: Partial tenant information for styling + properties: + matched_domain: + type: string + branding_title: + type: string + branding_logo: + type: string + branding_favicon: + type: string + ui_footer_links: + type: array + items: + $ref: '#/components/schemas/FooterLink' + readOnly: true + default: [] + flow_authentication: + type: string + flow_invalidation: + type: string + flow_recovery: + type: string + flow_unenrollment: + type: string + flow_user_settings: + type: string + flow_device_code: + type: string + default_locale: + type: string + readOnly: true + required: + - branding_favicon + - branding_logo + - branding_title + - default_locale + - matched_domain + - ui_footer_links + DeniedActionEnum: + enum: + - message_continue + - message + - continue + type: string + DenyStage: + type: object + description: DenyStage Serializer + properties: + pk: + type: string + format: uuid + readOnly: true + title: Stage uuid + name: + type: string + component: + type: string + readOnly: true + verbose_name: + type: string + readOnly: true + verbose_name_plural: + type: string + readOnly: true + meta_model_name: + type: string + readOnly: true + flow_set: + type: array + items: + $ref: '#/components/schemas/FlowSet' + required: + - component + - meta_model_name + - name + - pk + - verbose_name + - verbose_name_plural + DenyStageRequest: + type: object + description: DenyStage Serializer + properties: + name: + type: string + minLength: 1 + flow_set: + type: array + items: + $ref: '#/components/schemas/FlowSetRequest' + required: + - name + Device: + type: object + description: Serializer for Duo authenticator devices + properties: + verbose_name: + type: string + readOnly: true + verbose_name_plural: + type: string + readOnly: true + meta_model_name: + type: string + readOnly: true + pk: + type: integer + name: + type: string + type: + type: string + readOnly: true + confirmed: + type: boolean + required: + - confirmed + - meta_model_name + - name + - pk + - type + - verbose_name + - verbose_name_plural + DeviceChallenge: + type: object + description: Single device challenge + properties: + device_class: + type: string + device_uid: + type: string + challenge: + type: object + additionalProperties: {} + required: + - challenge + - device_class + - device_uid + DeviceChallengeRequest: + type: object + description: Single device challenge + properties: + device_class: + type: string + minLength: 1 + device_uid: + type: string + minLength: 1 + challenge: + type: object + additionalProperties: {} + required: + - challenge + - device_class + - device_uid + DeviceClassesEnum: + enum: + - static + - totp + - webauthn + - duo + - sms + type: string + DigestAlgorithmEnum: + enum: + - http://www.w3.org/2000/09/xmldsig#sha1 + - http://www.w3.org/2001/04/xmlenc#sha256 + - http://www.w3.org/2001/04/xmldsig-more#sha384 + - http://www.w3.org/2001/04/xmlenc#sha512 + type: string + DigitsEnum: + enum: + - 6 + - 8 + type: integer + DockerServiceConnection: + type: object + description: DockerServiceConnection Serializer + properties: + pk: + type: string + format: uuid + readOnly: true + title: Uuid + name: + type: string + local: + type: boolean + description: If enabled, use the local connection. Required Docker socket/Kubernetes + Integration + component: + type: string + readOnly: true + verbose_name: + type: string + readOnly: true + verbose_name_plural: + type: string + readOnly: true + meta_model_name: + type: string + readOnly: true + url: + type: string + description: Can be in the format of 'unix://' when connecting to + a local docker daemon, or 'https://:2376' when connecting to + a remote system. + tls_verification: + type: string + format: uuid + nullable: true + description: CA which the endpoint's Certificate is verified against. Can + be left empty for no validation. + tls_authentication: + type: string + format: uuid + nullable: true + description: Certificate/Key used for authentication. Can be left empty + for no authentication. + required: + - component + - meta_model_name + - name + - pk + - url + - verbose_name + - verbose_name_plural + DockerServiceConnectionRequest: + type: object + description: DockerServiceConnection Serializer + properties: + name: + type: string + minLength: 1 + local: + type: boolean + description: If enabled, use the local connection. Required Docker socket/Kubernetes + Integration + url: + type: string + minLength: 1 + description: Can be in the format of 'unix://' when connecting to + a local docker daemon, or 'https://:2376' when connecting to + a remote system. + tls_verification: + type: string + format: uuid + nullable: true + description: CA which the endpoint's Certificate is verified against. Can + be left empty for no validation. + tls_authentication: + type: string + format: uuid + nullable: true + description: Certificate/Key used for authentication. Can be left empty + for no authentication. + required: + - name + - url + DummyChallenge: + type: object + description: Dummy challenge + properties: + type: + $ref: '#/components/schemas/ChallengeChoices' + flow_info: + $ref: '#/components/schemas/ContextualFlowInfo' + component: + type: string + default: ak-stage-dummy + response_errors: + type: object + additionalProperties: + type: array + items: + $ref: '#/components/schemas/ErrorDetail' + required: + - type + DummyChallengeResponseRequest: + type: object + description: Dummy challenge response + properties: + component: + type: string + minLength: 1 + default: ak-stage-dummy + DummyPolicy: + type: object + description: Dummy Policy Serializer + properties: + pk: + type: string + format: uuid + readOnly: true + title: Policy uuid + name: + type: string + nullable: true + execution_logging: + type: boolean + description: When this option is enabled, all executions of this policy + will be logged. By default, only execution errors are logged. + component: + type: string + readOnly: true + verbose_name: + type: string + readOnly: true + verbose_name_plural: + type: string + readOnly: true + meta_model_name: + type: string + readOnly: true + bound_to: + type: integer + readOnly: true + result: + type: boolean + wait_min: + type: integer + maximum: 2147483647 + minimum: -2147483648 + wait_max: + type: integer + maximum: 2147483647 + minimum: -2147483648 + required: + - bound_to + - component + - meta_model_name + - pk + - verbose_name + - verbose_name_plural + DummyPolicyRequest: + type: object + description: Dummy Policy Serializer + properties: + name: + type: string + nullable: true + execution_logging: + type: boolean + description: When this option is enabled, all executions of this policy + will be logged. By default, only execution errors are logged. + result: + type: boolean + wait_min: + type: integer + maximum: 2147483647 + minimum: -2147483648 + wait_max: + type: integer + maximum: 2147483647 + minimum: -2147483648 + DummyStage: + type: object + description: DummyStage Serializer + properties: + pk: + type: string + format: uuid + readOnly: true + title: Stage uuid + name: + type: string + component: + type: string + readOnly: true + verbose_name: + type: string + readOnly: true + verbose_name_plural: + type: string + readOnly: true + meta_model_name: + type: string + readOnly: true + flow_set: + type: array + items: + $ref: '#/components/schemas/FlowSet' + required: + - component + - meta_model_name + - name + - pk + - verbose_name + - verbose_name_plural + DummyStageRequest: + type: object + description: DummyStage Serializer + properties: + name: + type: string + minLength: 1 + flow_set: + type: array + items: + $ref: '#/components/schemas/FlowSetRequest' + required: + - name + DuoDevice: + type: object + description: Serializer for Duo authenticator devices + properties: + pk: + type: integer + readOnly: true + title: ID + name: + type: string + description: The human-readable name of this device. + maxLength: 64 + required: + - name + - pk + DuoDeviceEnrollmentStatus: + type: object + properties: + duo_response: + $ref: '#/components/schemas/DuoResponseEnum' + required: + - duo_response + DuoDeviceRequest: + type: object + description: Serializer for Duo authenticator devices + properties: + name: + type: string + minLength: 1 + description: The human-readable name of this device. + maxLength: 64 + required: + - name + DuoResponseEnum: + enum: + - success + - waiting + - invalid + type: string + EmailChallenge: + type: object + description: Email challenge + properties: + type: + $ref: '#/components/schemas/ChallengeChoices' + flow_info: + $ref: '#/components/schemas/ContextualFlowInfo' + component: + type: string + default: ak-stage-email + response_errors: + type: object + additionalProperties: + type: array + items: + $ref: '#/components/schemas/ErrorDetail' + required: + - type + EmailChallengeResponseRequest: + type: object + description: |- + Email challenge resposen. No fields. This challenge is + always declared invalid to give the user a chance to retry + properties: + component: + type: string + minLength: 1 + default: ak-stage-email + EmailStage: + type: object + description: EmailStage Serializer + properties: + pk: + type: string + format: uuid + readOnly: true + title: Stage uuid + name: + type: string + component: + type: string + readOnly: true + verbose_name: + type: string + readOnly: true + verbose_name_plural: + type: string + readOnly: true + meta_model_name: + type: string + readOnly: true + flow_set: + type: array + items: + $ref: '#/components/schemas/FlowSet' + use_global_settings: + type: boolean + description: When enabled, global Email connection settings will be used + and connection settings below will be ignored. + host: + type: string + port: + type: integer + maximum: 2147483647 + minimum: -2147483648 + username: + type: string + use_tls: + type: boolean + use_ssl: + type: boolean + timeout: + type: integer + maximum: 2147483647 + minimum: -2147483648 + from_address: + type: string + format: email + maxLength: 254 + token_expiry: + type: integer + maximum: 2147483647 + minimum: -2147483648 + description: Time in minutes the token sent is valid. + subject: + type: string + template: + type: string + activate_user_on_success: + type: boolean + description: Activate users upon completion of stage. + required: + - component + - meta_model_name + - name + - pk + - verbose_name + - verbose_name_plural + EmailStageRequest: + type: object + description: EmailStage Serializer + properties: + name: + type: string + minLength: 1 + flow_set: + type: array + items: + $ref: '#/components/schemas/FlowSetRequest' + use_global_settings: + type: boolean + description: When enabled, global Email connection settings will be used + and connection settings below will be ignored. + host: + type: string + minLength: 1 + port: + type: integer + maximum: 2147483647 + minimum: -2147483648 + username: + type: string + password: + type: string + writeOnly: true + use_tls: + type: boolean + use_ssl: + type: boolean + timeout: + type: integer + maximum: 2147483647 + minimum: -2147483648 + from_address: + type: string + format: email + minLength: 1 + maxLength: 254 + token_expiry: + type: integer + maximum: 2147483647 + minimum: -2147483648 + description: Time in minutes the token sent is valid. + subject: + type: string + minLength: 1 + template: + type: string + minLength: 1 + activate_user_on_success: + type: boolean + description: Activate users upon completion of stage. + required: + - name + ErrorDetail: + type: object + description: Serializer for rest_framework's error messages + properties: + string: + type: string + code: + type: string + required: + - code + - string + ErrorReportingConfig: + type: object + description: Config for error reporting + properties: + enabled: + type: boolean + readOnly: true + sentry_dsn: + type: string + readOnly: true + environment: + type: string + readOnly: true + send_pii: + type: boolean + readOnly: true + traces_sample_rate: + type: number + format: double + readOnly: true + required: + - enabled + - environment + - send_pii + - sentry_dsn + - traces_sample_rate + Event: + type: object + description: Event Serializer + properties: + pk: + type: string + format: uuid + readOnly: true + title: Event uuid + user: + type: object + additionalProperties: {} + action: + $ref: '#/components/schemas/EventActions' + app: + type: string + context: + type: object + additionalProperties: {} + client_ip: + type: string + nullable: true + created: + type: string + format: date-time + readOnly: true + expires: + type: string + format: date-time + tenant: + type: object + additionalProperties: {} + required: + - action + - app + - created + - pk + EventActions: + enum: + - login + - login_failed + - logout + - user_write + - suspicious_request + - password_set + - secret_view + - secret_rotate + - invitation_used + - authorize_application + - source_linked + - impersonation_started + - impersonation_ended + - flow_execution + - policy_execution + - policy_exception + - property_mapping_exception + - system_task_execution + - system_task_exception + - system_exception + - configuration_error + - model_created + - model_updated + - model_deleted + - email_sent + - update_available + - custom_ + type: string + EventMatcherPolicy: + type: object + description: Event Matcher Policy Serializer + properties: + pk: + type: string + format: uuid + readOnly: true + title: Policy uuid + name: + type: string + nullable: true + execution_logging: + type: boolean + description: When this option is enabled, all executions of this policy + will be logged. By default, only execution errors are logged. + component: + type: string + readOnly: true + verbose_name: + type: string + readOnly: true + verbose_name_plural: + type: string + readOnly: true + meta_model_name: + type: string + readOnly: true + bound_to: + type: integer + readOnly: true + action: + allOf: + - $ref: '#/components/schemas/EventActions' + description: Match created events with this action type. When left empty, + all action types will be matched. + client_ip: + type: string + description: Matches Event's Client IP (strict matching, for network matching + use an Expression Policy) + app: + allOf: + - $ref: '#/components/schemas/AppEnum' + description: Match events created by selected application. When left empty, + all applications are matched. + required: + - bound_to + - component + - meta_model_name + - pk + - verbose_name + - verbose_name_plural + EventMatcherPolicyRequest: + type: object + description: Event Matcher Policy Serializer + properties: + name: + type: string + nullable: true + execution_logging: + type: boolean + description: When this option is enabled, all executions of this policy + will be logged. By default, only execution errors are logged. + action: + allOf: + - $ref: '#/components/schemas/EventActions' + description: Match created events with this action type. When left empty, + all action types will be matched. + client_ip: + type: string + description: Matches Event's Client IP (strict matching, for network matching + use an Expression Policy) + app: + allOf: + - $ref: '#/components/schemas/AppEnum' + description: Match events created by selected application. When left empty, + all applications are matched. + EventRequest: + type: object + description: Event Serializer + properties: + user: + type: object + additionalProperties: {} + action: + $ref: '#/components/schemas/EventActions' + app: + type: string + minLength: 1 + context: + type: object + additionalProperties: {} + client_ip: + type: string + nullable: true + minLength: 1 + expires: + type: string + format: date-time + tenant: + type: object + additionalProperties: {} + required: + - action + - app + EventTopPerUser: + type: object + description: Response object of Event's top_per_user + properties: + application: + type: object + additionalProperties: {} + counted_events: + type: integer + unique_users: + type: integer + required: + - application + - counted_events + - unique_users + ExpiringBaseGrantModel: + type: object + description: Serializer for BaseGrantModel and ExpiringBaseGrant + properties: + pk: + type: integer + readOnly: true + title: ID + provider: + $ref: '#/components/schemas/OAuth2Provider' + user: + $ref: '#/components/schemas/User' + is_expired: + type: boolean + readOnly: true + expires: + type: string + format: date-time + scope: + type: array + items: + type: string + required: + - is_expired + - pk + - provider + - scope + - user + ExpressionPolicy: + type: object + description: Group Membership Policy Serializer + properties: + pk: + type: string + format: uuid + readOnly: true + title: Policy uuid + name: + type: string + nullable: true + execution_logging: + type: boolean + description: When this option is enabled, all executions of this policy + will be logged. By default, only execution errors are logged. + component: + type: string + readOnly: true + verbose_name: + type: string + readOnly: true + verbose_name_plural: + type: string + readOnly: true + meta_model_name: + type: string + readOnly: true + bound_to: + type: integer + readOnly: true + expression: + type: string + required: + - bound_to + - component + - expression + - meta_model_name + - pk + - verbose_name + - verbose_name_plural + ExpressionPolicyRequest: + type: object + description: Group Membership Policy Serializer + properties: + name: + type: string + nullable: true + execution_logging: + type: boolean + description: When this option is enabled, all executions of this policy + will be logged. By default, only execution errors are logged. + expression: + type: string + minLength: 1 + required: + - expression + FilePathRequest: + type: object + description: Serializer to upload file + properties: + url: + type: string + minLength: 1 + required: + - url + FileUploadRequest: + type: object + description: Serializer to upload file + properties: + file: + type: string + format: binary + clear: + type: boolean + default: false + Flow: + type: object + description: Flow Serializer + properties: + pk: + type: string + format: uuid + readOnly: true + title: Flow uuid + policybindingmodel_ptr_id: + type: string + format: uuid + readOnly: true + name: + type: string + slug: + type: string + description: Visible in the URL. + maxLength: 50 + pattern: ^[-a-zA-Z0-9_]+$ + title: + type: string + description: Shown as the Title in Flow pages. + designation: + allOf: + - $ref: '#/components/schemas/FlowDesignationEnum' + description: Decides what this Flow is used for. For example, the Authentication + flow is redirect to when an un-authenticated user visits authentik. + background: + type: string + readOnly: true + stages: + type: array + items: + type: string + format: uuid + readOnly: true + policies: + type: array + items: + type: string + format: uuid + readOnly: true + cache_count: + type: integer + readOnly: true + policy_engine_mode: + $ref: '#/components/schemas/PolicyEngineMode' + compatibility_mode: + type: boolean + description: Enable compatibility mode, increases compatibility with password + managers on mobile devices. + export_url: + type: string + readOnly: true + layout: + $ref: '#/components/schemas/LayoutEnum' + denied_action: + allOf: + - $ref: '#/components/schemas/DeniedActionEnum' + description: Configure what should happen when a flow denies access to a + user. + authentication: + allOf: + - $ref: '#/components/schemas/AuthenticationEnum' + description: Required level of authentication and authorization to access + a flow. + required: + - background + - cache_count + - designation + - export_url + - name + - pk + - policies + - policybindingmodel_ptr_id + - slug + - stages + - title + FlowChallengeResponseRequest: + oneOf: + - $ref: '#/components/schemas/AppleChallengeResponseRequest' + - $ref: '#/components/schemas/AuthenticatorDuoChallengeResponseRequest' + - $ref: '#/components/schemas/AuthenticatorSMSChallengeResponseRequest' + - $ref: '#/components/schemas/AuthenticatorStaticChallengeResponseRequest' + - $ref: '#/components/schemas/AuthenticatorTOTPChallengeResponseRequest' + - $ref: '#/components/schemas/AuthenticatorValidationChallengeResponseRequest' + - $ref: '#/components/schemas/AuthenticatorWebAuthnChallengeResponseRequest' + - $ref: '#/components/schemas/AutoSubmitChallengeResponseRequest' + - $ref: '#/components/schemas/CaptchaChallengeResponseRequest' + - $ref: '#/components/schemas/ConsentChallengeResponseRequest' + - $ref: '#/components/schemas/DummyChallengeResponseRequest' + - $ref: '#/components/schemas/EmailChallengeResponseRequest' + - $ref: '#/components/schemas/IdentificationChallengeResponseRequest' + - $ref: '#/components/schemas/OAuthDeviceCodeChallengeResponseRequest' + - $ref: '#/components/schemas/OAuthDeviceCodeFinishChallengeResponseRequest' + - $ref: '#/components/schemas/PasswordChallengeResponseRequest' + - $ref: '#/components/schemas/PlexAuthenticationChallengeResponseRequest' + - $ref: '#/components/schemas/PromptChallengeResponseRequest' + discriminator: + propertyName: component + mapping: + ak-source-oauth-apple: '#/components/schemas/AppleChallengeResponseRequest' + ak-stage-authenticator-duo: '#/components/schemas/AuthenticatorDuoChallengeResponseRequest' + ak-stage-authenticator-sms: '#/components/schemas/AuthenticatorSMSChallengeResponseRequest' + ak-stage-authenticator-static: '#/components/schemas/AuthenticatorStaticChallengeResponseRequest' + ak-stage-authenticator-totp: '#/components/schemas/AuthenticatorTOTPChallengeResponseRequest' + ak-stage-authenticator-validate: '#/components/schemas/AuthenticatorValidationChallengeResponseRequest' + ak-stage-authenticator-webauthn: '#/components/schemas/AuthenticatorWebAuthnChallengeResponseRequest' + ak-stage-autosubmit: '#/components/schemas/AutoSubmitChallengeResponseRequest' + ak-stage-captcha: '#/components/schemas/CaptchaChallengeResponseRequest' + ak-stage-consent: '#/components/schemas/ConsentChallengeResponseRequest' + ak-stage-dummy: '#/components/schemas/DummyChallengeResponseRequest' + ak-stage-email: '#/components/schemas/EmailChallengeResponseRequest' + ak-stage-identification: '#/components/schemas/IdentificationChallengeResponseRequest' + ak-provider-oauth2-device-code: '#/components/schemas/OAuthDeviceCodeChallengeResponseRequest' + ak-provider-oauth2-device-code-finish: '#/components/schemas/OAuthDeviceCodeFinishChallengeResponseRequest' + ak-stage-password: '#/components/schemas/PasswordChallengeResponseRequest' + ak-source-plex: '#/components/schemas/PlexAuthenticationChallengeResponseRequest' + ak-stage-prompt: '#/components/schemas/PromptChallengeResponseRequest' + FlowDesignationEnum: + enum: + - authentication + - authorization + - invalidation + - enrollment + - unenrollment + - recovery + - stage_configuration + type: string + FlowDiagram: + type: object + description: response of the flow's diagram action + properties: + diagram: + type: string + readOnly: true + required: + - diagram + FlowErrorChallenge: + type: object + description: |- + Challenge class when an unhandled error occurs during a stage. Normal users + are shown an error message, superusers are shown a full stacktrace. + properties: + type: + $ref: '#/components/schemas/ChallengeChoices' + flow_info: + $ref: '#/components/schemas/ContextualFlowInfo' + component: + type: string + default: xak-flow-error + response_errors: + type: object + additionalProperties: + type: array + items: + $ref: '#/components/schemas/ErrorDetail' + pending_user: + type: string + pending_user_avatar: + type: string + request_id: + type: string + error: + type: string + traceback: + type: string + required: + - pending_user + - pending_user_avatar + - request_id + - type + FlowImportResult: + type: object + description: Logs of an attempted flow import + properties: + logs: + type: array + items: + type: object + additionalProperties: {} + readOnly: true + success: + type: boolean + readOnly: true + required: + - logs + - success + FlowInspection: + type: object + description: Serializer for inspect endpoint + properties: + plans: + type: array + items: + $ref: '#/components/schemas/FlowInspectorPlan' + current_plan: + $ref: '#/components/schemas/FlowInspectorPlan' + is_completed: + type: boolean + required: + - is_completed + - plans + FlowInspectorPlan: + type: object + description: Serializer for an active FlowPlan + properties: + current_stage: + allOf: + - $ref: '#/components/schemas/FlowStageBinding' + readOnly: true + next_planned_stage: + allOf: + - $ref: '#/components/schemas/FlowStageBinding' + readOnly: true + plan_context: + type: object + additionalProperties: {} + readOnly: true + session_id: + type: string + readOnly: true + required: + - current_stage + - next_planned_stage + - plan_context + - session_id + FlowRequest: + type: object + description: Flow Serializer + properties: + name: + type: string + minLength: 1 + slug: + type: string + minLength: 1 + description: Visible in the URL. + maxLength: 50 + pattern: ^[-a-zA-Z0-9_]+$ + title: + type: string + minLength: 1 + description: Shown as the Title in Flow pages. + designation: + allOf: + - $ref: '#/components/schemas/FlowDesignationEnum' + description: Decides what this Flow is used for. For example, the Authentication + flow is redirect to when an un-authenticated user visits authentik. + policy_engine_mode: + $ref: '#/components/schemas/PolicyEngineMode' + compatibility_mode: + type: boolean + description: Enable compatibility mode, increases compatibility with password + managers on mobile devices. + layout: + $ref: '#/components/schemas/LayoutEnum' + denied_action: + allOf: + - $ref: '#/components/schemas/DeniedActionEnum' + description: Configure what should happen when a flow denies access to a + user. + authentication: + allOf: + - $ref: '#/components/schemas/AuthenticationEnum' + description: Required level of authentication and authorization to access + a flow. + required: + - designation + - name + - slug + - title + FlowSet: + type: object + description: Stripped down flow serializer + properties: + pk: + type: string + format: uuid + readOnly: true + title: Flow uuid + policybindingmodel_ptr_id: + type: string + format: uuid + readOnly: true + name: + type: string + slug: + type: string + description: Visible in the URL. + maxLength: 50 + pattern: ^[-a-zA-Z0-9_]+$ + title: + type: string + description: Shown as the Title in Flow pages. + designation: + allOf: + - $ref: '#/components/schemas/FlowDesignationEnum' + description: Decides what this Flow is used for. For example, the Authentication + flow is redirect to when an un-authenticated user visits authentik. + background: + type: string + readOnly: true + policy_engine_mode: + $ref: '#/components/schemas/PolicyEngineMode' + compatibility_mode: + type: boolean + description: Enable compatibility mode, increases compatibility with password + managers on mobile devices. + export_url: + type: string + readOnly: true + layout: + $ref: '#/components/schemas/LayoutEnum' + denied_action: + allOf: + - $ref: '#/components/schemas/DeniedActionEnum' + description: Configure what should happen when a flow denies access to a + user. + required: + - background + - designation + - export_url + - name + - pk + - policybindingmodel_ptr_id + - slug + - title + FlowSetRequest: + type: object + description: Stripped down flow serializer + properties: + name: + type: string + minLength: 1 + slug: + type: string + minLength: 1 + description: Visible in the URL. + maxLength: 50 + pattern: ^[-a-zA-Z0-9_]+$ + title: + type: string + minLength: 1 + description: Shown as the Title in Flow pages. + designation: + allOf: + - $ref: '#/components/schemas/FlowDesignationEnum' + description: Decides what this Flow is used for. For example, the Authentication + flow is redirect to when an un-authenticated user visits authentik. + policy_engine_mode: + $ref: '#/components/schemas/PolicyEngineMode' + compatibility_mode: + type: boolean + description: Enable compatibility mode, increases compatibility with password + managers on mobile devices. + layout: + $ref: '#/components/schemas/LayoutEnum' + denied_action: + allOf: + - $ref: '#/components/schemas/DeniedActionEnum' + description: Configure what should happen when a flow denies access to a + user. + required: + - designation + - name + - slug + - title + FlowStageBinding: + type: object + description: FlowStageBinding Serializer + properties: + pk: + type: string + format: uuid + readOnly: true + title: Fsb uuid + policybindingmodel_ptr_id: + type: string + format: uuid + readOnly: true + target: + type: string + format: uuid + stage: + type: string + format: uuid + stage_obj: + allOf: + - $ref: '#/components/schemas/Stage' + readOnly: true + evaluate_on_plan: + type: boolean + description: Evaluate policies during the Flow planning process. Disable + this for input-based policies. + re_evaluate_policies: + type: boolean + description: Evaluate policies when the Stage is present to the user. + order: + type: integer + maximum: 2147483647 + minimum: -2147483648 + policy_engine_mode: + $ref: '#/components/schemas/PolicyEngineMode' + invalid_response_action: + allOf: + - $ref: '#/components/schemas/InvalidResponseActionEnum' + description: Configure how the flow executor should handle an invalid response + to a challenge. RETRY returns the error message and a similar challenge + to the executor. RESTART restarts the flow from the beginning, and RESTART_WITH_CONTEXT + restarts the flow while keeping the current context. + required: + - order + - pk + - policybindingmodel_ptr_id + - stage + - stage_obj + - target + FlowStageBindingRequest: + type: object + description: FlowStageBinding Serializer + properties: + target: + type: string + format: uuid + stage: + type: string + format: uuid + evaluate_on_plan: + type: boolean + description: Evaluate policies during the Flow planning process. Disable + this for input-based policies. + re_evaluate_policies: + type: boolean + description: Evaluate policies when the Stage is present to the user. + order: + type: integer + maximum: 2147483647 + minimum: -2147483648 + policy_engine_mode: + $ref: '#/components/schemas/PolicyEngineMode' + invalid_response_action: + allOf: + - $ref: '#/components/schemas/InvalidResponseActionEnum' + description: Configure how the flow executor should handle an invalid response + to a challenge. RETRY returns the error message and a similar challenge + to the executor. RESTART restarts the flow from the beginning, and RESTART_WITH_CONTEXT + restarts the flow while keeping the current context. + required: + - order + - stage + - target + FooterLink: + type: object + description: Links returned in Config API + properties: + href: + type: string + readOnly: true + name: + type: string + readOnly: true + required: + - href + - name + GenericError: + type: object + description: Generic API Error + properties: + detail: + type: string + code: + type: string + required: + - detail + Group: + type: object + description: Group Serializer + properties: + pk: + type: string + format: uuid + readOnly: true + title: Group uuid + num_pk: + type: integer + readOnly: true + name: + type: string + maxLength: 80 + is_superuser: + type: boolean + description: Users added to this group will be superusers. + parent: + type: string + format: uuid + nullable: true + parent_name: + type: string + readOnly: true + users: + type: array + items: + type: integer + attributes: + type: object + additionalProperties: {} + users_obj: + type: array + items: + $ref: '#/components/schemas/GroupMember' + readOnly: true + required: + - name + - num_pk + - parent_name + - pk + - users_obj + GroupMember: + type: object + description: Stripped down user serializer to show relevant users for groups + properties: + pk: + type: integer + readOnly: true + title: ID + username: + type: string + description: Required. 150 characters or fewer. Letters, digits and @/./+/-/_ + only. + pattern: ^[\w.@+-]+$ + maxLength: 150 + name: + type: string + description: User's display name. + is_active: + type: boolean + title: Active + description: Designates whether this user should be treated as active. Unselect + this instead of deleting accounts. + last_login: + type: string + format: date-time + nullable: true + email: + type: string + format: email + title: Email address + maxLength: 254 + avatar: + type: string + readOnly: true + attributes: + type: object + additionalProperties: {} + uid: + type: string + readOnly: true + required: + - avatar + - name + - pk + - uid + - username + GroupMemberRequest: + type: object + description: Stripped down user serializer to show relevant users for groups + properties: + username: + type: string + minLength: 1 + description: Required. 150 characters or fewer. Letters, digits and @/./+/-/_ + only. + pattern: ^[\w.@+-]+$ + maxLength: 150 + name: + type: string + minLength: 1 + description: User's display name. + is_active: + type: boolean + title: Active + description: Designates whether this user should be treated as active. Unselect + this instead of deleting accounts. + last_login: + type: string + format: date-time + nullable: true + email: + type: string + format: email + title: Email address + maxLength: 254 + attributes: + type: object + additionalProperties: {} + required: + - name + - username + GroupRequest: + type: object + description: Group Serializer + properties: + name: + type: string + minLength: 1 + maxLength: 80 + is_superuser: + type: boolean + description: Users added to this group will be superusers. + parent: + type: string + format: uuid + nullable: true + users: + type: array + items: + type: integer + attributes: + type: object + additionalProperties: {} + required: + - name + HaveIBeenPwendPolicy: + type: object + description: Have I Been Pwned Policy Serializer + properties: + pk: + type: string + format: uuid + readOnly: true + title: Policy uuid + name: + type: string + nullable: true + execution_logging: + type: boolean + description: When this option is enabled, all executions of this policy + will be logged. By default, only execution errors are logged. + component: + type: string + readOnly: true + verbose_name: + type: string + readOnly: true + verbose_name_plural: + type: string + readOnly: true + meta_model_name: + type: string + readOnly: true + bound_to: + type: integer + readOnly: true + password_field: + type: string + description: Field key to check, field keys defined in Prompt stages are + available. + allowed_count: + type: integer + maximum: 2147483647 + minimum: -2147483648 + required: + - bound_to + - component + - meta_model_name + - pk + - verbose_name + - verbose_name_plural + HaveIBeenPwendPolicyRequest: + type: object + description: Have I Been Pwned Policy Serializer + properties: + name: + type: string + nullable: true + execution_logging: + type: boolean + description: When this option is enabled, all executions of this policy + will be logged. By default, only execution errors are logged. + password_field: + type: string + minLength: 1 + description: Field key to check, field keys defined in Prompt stages are + available. + allowed_count: + type: integer + maximum: 2147483647 + minimum: -2147483648 + IdentificationChallenge: + type: object + description: Identification challenges with all UI elements + properties: + type: + $ref: '#/components/schemas/ChallengeChoices' + flow_info: + $ref: '#/components/schemas/ContextualFlowInfo' + component: + type: string + default: ak-stage-identification + response_errors: + type: object + additionalProperties: + type: array + items: + $ref: '#/components/schemas/ErrorDetail' + user_fields: + type: array + items: + type: string + nullable: true + password_fields: + type: boolean + application_pre: + type: string + enroll_url: + type: string + recovery_url: + type: string + passwordless_url: + type: string + primary_action: + type: string + sources: + type: array + items: + $ref: '#/components/schemas/LoginSource' + show_source_labels: + type: boolean + required: + - password_fields + - primary_action + - show_source_labels + - type + - user_fields + IdentificationChallengeResponseRequest: + type: object + description: Identification challenge + properties: + component: + type: string + minLength: 1 + default: ak-stage-identification + uid_field: + type: string + minLength: 1 + password: + type: string + nullable: true + required: + - uid_field + IdentificationStage: + type: object + description: IdentificationStage Serializer + properties: + pk: + type: string + format: uuid + readOnly: true + title: Stage uuid + name: + type: string + component: + type: string + readOnly: true + verbose_name: + type: string + readOnly: true + verbose_name_plural: + type: string + readOnly: true + meta_model_name: + type: string + readOnly: true + flow_set: + type: array + items: + $ref: '#/components/schemas/FlowSet' + user_fields: + type: array + items: + $ref: '#/components/schemas/UserFieldsEnum' + description: Fields of the user object to match against. (Hold shift to + select multiple options) + password_stage: + type: string + format: uuid + nullable: true + description: When set, shows a password field, instead of showing the password + field as seaprate step. + case_insensitive_matching: + type: boolean + description: When enabled, user fields are matched regardless of their casing. + show_matched_user: + type: boolean + description: When a valid username/email has been entered, and this option + is enabled, the user's username and avatar will be shown. Otherwise, the + text that the user entered will be shown + enrollment_flow: + type: string + format: uuid + nullable: true + description: Optional enrollment flow, which is linked at the bottom of + the page. + recovery_flow: + type: string + format: uuid + nullable: true + description: Optional recovery flow, which is linked at the bottom of the + page. + passwordless_flow: + type: string + format: uuid + nullable: true + description: Optional passwordless flow, which is linked at the bottom of + the page. + sources: + type: array + items: + type: string + format: uuid + description: Specify which sources should be shown. + show_source_labels: + type: boolean + required: + - component + - meta_model_name + - name + - pk + - verbose_name + - verbose_name_plural + IdentificationStageRequest: + type: object + description: IdentificationStage Serializer + properties: + name: + type: string + minLength: 1 + flow_set: + type: array + items: + $ref: '#/components/schemas/FlowSetRequest' + user_fields: + type: array + items: + $ref: '#/components/schemas/UserFieldsEnum' + description: Fields of the user object to match against. (Hold shift to + select multiple options) + password_stage: + type: string + format: uuid + nullable: true + description: When set, shows a password field, instead of showing the password + field as seaprate step. + case_insensitive_matching: + type: boolean + description: When enabled, user fields are matched regardless of their casing. + show_matched_user: + type: boolean + description: When a valid username/email has been entered, and this option + is enabled, the user's username and avatar will be shown. Otherwise, the + text that the user entered will be shown + enrollment_flow: + type: string + format: uuid + nullable: true + description: Optional enrollment flow, which is linked at the bottom of + the page. + recovery_flow: + type: string + format: uuid + nullable: true + description: Optional recovery flow, which is linked at the bottom of the + page. + passwordless_flow: + type: string + format: uuid + nullable: true + description: Optional passwordless flow, which is linked at the bottom of + the page. + sources: + type: array + items: + type: string + format: uuid + description: Specify which sources should be shown. + show_source_labels: + type: boolean + required: + - name + IntentEnum: + enum: + - verification + - api + - recovery + - app_password + type: string + InvalidResponseActionEnum: + enum: + - retry + - restart + - restart_with_context + type: string + Invitation: + type: object + description: Invitation Serializer + properties: + pk: + type: string + format: uuid + readOnly: true + title: Invite uuid + name: + type: string + maxLength: 50 + pattern: ^[-a-zA-Z0-9_]+$ + expires: + type: string + format: date-time + fixed_data: + type: object + additionalProperties: {} + created_by: + allOf: + - $ref: '#/components/schemas/GroupMember' + readOnly: true + single_use: + type: boolean + description: When enabled, the invitation will be deleted after usage. + flow: + type: string + format: uuid + nullable: true + description: When set, only the configured flow can use this invitation. + flow_obj: + allOf: + - $ref: '#/components/schemas/Flow' + readOnly: true + required: + - created_by + - flow_obj + - name + - pk + InvitationRequest: + type: object + description: Invitation Serializer + properties: + name: + type: string + minLength: 1 + maxLength: 50 + pattern: ^[-a-zA-Z0-9_]+$ + expires: + type: string + format: date-time + fixed_data: + type: object + additionalProperties: {} + single_use: + type: boolean + description: When enabled, the invitation will be deleted after usage. + flow: + type: string + format: uuid + nullable: true + description: When set, only the configured flow can use this invitation. + required: + - name + InvitationStage: + type: object + description: InvitationStage Serializer + properties: + pk: + type: string + format: uuid + readOnly: true + title: Stage uuid + name: + type: string + component: + type: string + readOnly: true + verbose_name: + type: string + readOnly: true + verbose_name_plural: + type: string + readOnly: true + meta_model_name: + type: string + readOnly: true + flow_set: + type: array + items: + $ref: '#/components/schemas/FlowSet' + continue_flow_without_invitation: + type: boolean + description: If this flag is set, this Stage will jump to the next Stage + when no Invitation is given. By default this Stage will cancel the Flow + when no invitation is given. + required: + - component + - meta_model_name + - name + - pk + - verbose_name + - verbose_name_plural + InvitationStageRequest: + type: object + description: InvitationStage Serializer + properties: + name: + type: string + minLength: 1 + flow_set: + type: array + items: + $ref: '#/components/schemas/FlowSetRequest' + continue_flow_without_invitation: + type: boolean + description: If this flag is set, this Stage will jump to the next Stage + when no Invitation is given. By default this Stage will cancel the Flow + when no invitation is given. + required: + - name + IssuerModeEnum: + enum: + - global + - per_provider + type: string + KubernetesServiceConnection: + type: object + description: KubernetesServiceConnection Serializer + properties: + pk: + type: string + format: uuid + readOnly: true + title: Uuid + name: + type: string + local: + type: boolean + description: If enabled, use the local connection. Required Docker socket/Kubernetes + Integration + component: + type: string + readOnly: true + verbose_name: + type: string + readOnly: true + verbose_name_plural: + type: string + readOnly: true + meta_model_name: + type: string + readOnly: true + kubeconfig: + type: object + additionalProperties: {} + description: Paste your kubeconfig here. authentik will automatically use + the currently selected context. + verify_ssl: + type: boolean + description: Verify SSL Certificates of the Kubernetes API endpoint + required: + - component + - meta_model_name + - name + - pk + - verbose_name + - verbose_name_plural + KubernetesServiceConnectionRequest: + type: object + description: KubernetesServiceConnection Serializer + properties: + name: + type: string + minLength: 1 + local: + type: boolean + description: If enabled, use the local connection. Required Docker socket/Kubernetes + Integration + kubeconfig: + type: object + additionalProperties: {} + description: Paste your kubeconfig here. authentik will automatically use + the currently selected context. + verify_ssl: + type: boolean + description: Verify SSL Certificates of the Kubernetes API endpoint + required: + - name + LDAPAPIAccessMode: + enum: + - direct + - cached + type: string + LDAPOutpostConfig: + type: object + description: LDAPProvider Serializer + properties: + pk: + type: integer + readOnly: true + title: ID + name: + type: string + base_dn: + type: string + description: DN under which objects are accessible. + bind_flow_slug: + type: string + application_slug: + type: string + search_group: + type: string + format: uuid + nullable: true + description: Users in this group can do search queries. If not set, every + user can execute search queries. + certificate: + type: string + format: uuid + nullable: true + tls_server_name: + type: string + uid_start_number: + type: integer + maximum: 2147483647 + minimum: -2147483648 + description: The start for uidNumbers, this number is added to the user.Pk + to make sure that the numbers aren't too low for POSIX users. Default + is 2000 to ensure that we don't collide with local users uidNumber + gid_start_number: + type: integer + maximum: 2147483647 + minimum: -2147483648 + description: The start for gidNumbers, this number is added to a number + generated from the group.Pk to make sure that the numbers aren't too low + for POSIX groups. Default is 4000 to ensure that we don't collide with + local groups or users primary groups gidNumber + search_mode: + $ref: '#/components/schemas/LDAPAPIAccessMode' + bind_mode: + $ref: '#/components/schemas/LDAPAPIAccessMode' + required: + - application_slug + - bind_flow_slug + - name + - pk + LDAPPropertyMapping: + type: object + description: LDAP PropertyMapping Serializer + properties: + pk: + type: string + format: uuid + readOnly: true + title: Pm uuid + managed: + type: string + nullable: true + title: Managed by authentik + description: Objects which are managed by authentik. These objects are created + and updated automatically. This is flag only indicates that an object + can be overwritten by migrations. You can still modify the objects via + the API, but expect changes to be overwritten in a later update. + name: + type: string + expression: + type: string + component: + type: string + readOnly: true + verbose_name: + type: string + readOnly: true + verbose_name_plural: + type: string + readOnly: true + meta_model_name: + type: string + readOnly: true + object_field: + type: string + required: + - component + - expression + - meta_model_name + - name + - object_field + - pk + - verbose_name + - verbose_name_plural + LDAPPropertyMappingRequest: + type: object + description: LDAP PropertyMapping Serializer + properties: + managed: + type: string + nullable: true + minLength: 1 + title: Managed by authentik + description: Objects which are managed by authentik. These objects are created + and updated automatically. This is flag only indicates that an object + can be overwritten by migrations. You can still modify the objects via + the API, but expect changes to be overwritten in a later update. + name: + type: string + minLength: 1 + expression: + type: string + minLength: 1 + object_field: + type: string + minLength: 1 + required: + - expression + - name + - object_field + LDAPProvider: + type: object + description: LDAPProvider Serializer + properties: + pk: + type: integer + readOnly: true + title: ID + name: + type: string + authorization_flow: + type: string + format: uuid + description: Flow used when authorizing this provider. + property_mappings: + type: array + items: + type: string + format: uuid + component: + type: string + readOnly: true + assigned_application_slug: + type: string + description: Internal application name, used in URLs. + readOnly: true + assigned_application_name: + type: string + description: Application's display Name. + readOnly: true + verbose_name: + type: string + readOnly: true + verbose_name_plural: + type: string + readOnly: true + meta_model_name: + type: string + readOnly: true + base_dn: + type: string + description: DN under which objects are accessible. + search_group: + type: string + format: uuid + nullable: true + description: Users in this group can do search queries. If not set, every + user can execute search queries. + certificate: + type: string + format: uuid + nullable: true + tls_server_name: + type: string + uid_start_number: + type: integer + maximum: 2147483647 + minimum: -2147483648 + description: The start for uidNumbers, this number is added to the user.Pk + to make sure that the numbers aren't too low for POSIX users. Default + is 2000 to ensure that we don't collide with local users uidNumber + gid_start_number: + type: integer + maximum: 2147483647 + minimum: -2147483648 + description: The start for gidNumbers, this number is added to a number + generated from the group.Pk to make sure that the numbers aren't too low + for POSIX groups. Default is 4000 to ensure that we don't collide with + local groups or users primary groups gidNumber + outpost_set: + type: array + items: + type: string + readOnly: true + search_mode: + $ref: '#/components/schemas/LDAPAPIAccessMode' + bind_mode: + $ref: '#/components/schemas/LDAPAPIAccessMode' + required: + - assigned_application_name + - assigned_application_slug + - authorization_flow + - component + - meta_model_name + - name + - outpost_set + - pk + - verbose_name + - verbose_name_plural + LDAPProviderRequest: + type: object + description: LDAPProvider Serializer + properties: + name: + type: string + minLength: 1 + authorization_flow: + type: string + format: uuid + description: Flow used when authorizing this provider. + property_mappings: + type: array + items: + type: string + format: uuid + base_dn: + type: string + minLength: 1 + description: DN under which objects are accessible. + search_group: + type: string + format: uuid + nullable: true + description: Users in this group can do search queries. If not set, every + user can execute search queries. + certificate: + type: string + format: uuid + nullable: true + tls_server_name: + type: string + uid_start_number: + type: integer + maximum: 2147483647 + minimum: -2147483648 + description: The start for uidNumbers, this number is added to the user.Pk + to make sure that the numbers aren't too low for POSIX users. Default + is 2000 to ensure that we don't collide with local users uidNumber + gid_start_number: + type: integer + maximum: 2147483647 + minimum: -2147483648 + description: The start for gidNumbers, this number is added to a number + generated from the group.Pk to make sure that the numbers aren't too low + for POSIX groups. Default is 4000 to ensure that we don't collide with + local groups or users primary groups gidNumber + search_mode: + $ref: '#/components/schemas/LDAPAPIAccessMode' + bind_mode: + $ref: '#/components/schemas/LDAPAPIAccessMode' + required: + - authorization_flow + - name + LDAPSource: + type: object + description: LDAP Source Serializer + properties: + pk: + type: string + format: uuid + readOnly: true + title: Pbm uuid + name: + type: string + description: Source's display Name. + slug: + type: string + description: Internal source name, used in URLs. + maxLength: 50 + pattern: ^[-a-zA-Z0-9_]+$ + enabled: + type: boolean + authentication_flow: + type: string + format: uuid + nullable: true + description: Flow to use when authenticating existing users. + enrollment_flow: + type: string + format: uuid + nullable: true + description: Flow to use when enrolling new users. + component: + type: string + readOnly: true + verbose_name: + type: string + readOnly: true + verbose_name_plural: + type: string + readOnly: true + meta_model_name: + type: string + readOnly: true + policy_engine_mode: + $ref: '#/components/schemas/PolicyEngineMode' + user_matching_mode: + allOf: + - $ref: '#/components/schemas/UserMatchingModeEnum' + description: How the source determines if an existing user should be authenticated + or a new user enrolled. + managed: + type: string + nullable: true + title: Managed by authentik + description: Objects which are managed by authentik. These objects are created + and updated automatically. This is flag only indicates that an object + can be overwritten by migrations. You can still modify the objects via + the API, but expect changes to be overwritten in a later update. + readOnly: true + user_path_template: + type: string + icon: + type: string + nullable: true + readOnly: true + server_uri: + type: string + format: uri + peer_certificate: + type: string + format: uuid + nullable: true + description: Optionally verify the LDAP Server's Certificate against the + CA Chain in this keypair. + bind_cn: + type: string + start_tls: + type: boolean + title: Enable Start TLS + base_dn: + type: string + additional_user_dn: + type: string + title: Addition User DN + description: Prepended to Base DN for User-queries. + additional_group_dn: + type: string + title: Addition Group DN + description: Prepended to Base DN for Group-queries. + user_object_filter: + type: string + description: Consider Objects matching this filter to be Users. + group_object_filter: + type: string + description: Consider Objects matching this filter to be Groups. + group_membership_field: + type: string + description: Field which contains members of a group. + object_uniqueness_field: + type: string + description: Field which contains a unique Identifier. + sync_users: + type: boolean + sync_users_password: + type: boolean + description: When a user changes their password, sync it back to LDAP. This + can only be enabled on a single LDAP source. + sync_groups: + type: boolean + sync_parent_group: + type: string + format: uuid + nullable: true + property_mappings: + type: array + items: + type: string + format: uuid + property_mappings_group: + type: array + items: + type: string + format: uuid + description: Property mappings used for group creation/updating. + required: + - base_dn + - component + - icon + - managed + - meta_model_name + - name + - pk + - server_uri + - slug + - verbose_name + - verbose_name_plural + LDAPSourceRequest: + type: object + description: LDAP Source Serializer + properties: + name: + type: string + minLength: 1 + description: Source's display Name. + slug: + type: string + minLength: 1 + description: Internal source name, used in URLs. + maxLength: 50 + pattern: ^[-a-zA-Z0-9_]+$ + enabled: + type: boolean + authentication_flow: + type: string + format: uuid + nullable: true + description: Flow to use when authenticating existing users. + enrollment_flow: + type: string + format: uuid + nullable: true + description: Flow to use when enrolling new users. + policy_engine_mode: + $ref: '#/components/schemas/PolicyEngineMode' + user_matching_mode: + allOf: + - $ref: '#/components/schemas/UserMatchingModeEnum' + description: How the source determines if an existing user should be authenticated + or a new user enrolled. + user_path_template: + type: string + minLength: 1 + server_uri: + type: string + minLength: 1 + format: uri + peer_certificate: + type: string + format: uuid + nullable: true + description: Optionally verify the LDAP Server's Certificate against the + CA Chain in this keypair. + bind_cn: + type: string + bind_password: + type: string + writeOnly: true + start_tls: + type: boolean + title: Enable Start TLS + base_dn: + type: string + minLength: 1 + additional_user_dn: + type: string + title: Addition User DN + description: Prepended to Base DN for User-queries. + additional_group_dn: + type: string + title: Addition Group DN + description: Prepended to Base DN for Group-queries. + user_object_filter: + type: string + minLength: 1 + description: Consider Objects matching this filter to be Users. + group_object_filter: + type: string + minLength: 1 + description: Consider Objects matching this filter to be Groups. + group_membership_field: + type: string + minLength: 1 + description: Field which contains members of a group. + object_uniqueness_field: + type: string + minLength: 1 + description: Field which contains a unique Identifier. + sync_users: + type: boolean + sync_users_password: + type: boolean + description: When a user changes their password, sync it back to LDAP. This + can only be enabled on a single LDAP source. + sync_groups: + type: boolean + sync_parent_group: + type: string + format: uuid + nullable: true + property_mappings: + type: array + items: + type: string + format: uuid + property_mappings_group: + type: array + items: + type: string + format: uuid + description: Property mappings used for group creation/updating. + required: + - base_dn + - name + - server_uri + - slug + LayoutEnum: + enum: + - stacked + - content_left + - content_right + - sidebar_left + - sidebar_right + type: string + Link: + type: object + description: Returns a single link + properties: + link: + type: string + required: + - link + LoginChallengeTypes: + oneOf: + - $ref: '#/components/schemas/RedirectChallenge' + - $ref: '#/components/schemas/PlexAuthenticationChallenge' + - $ref: '#/components/schemas/AppleLoginChallenge' + discriminator: + propertyName: component + mapping: + xak-flow-redirect: '#/components/schemas/RedirectChallenge' + ak-source-plex: '#/components/schemas/PlexAuthenticationChallenge' + ak-source-oauth-apple: '#/components/schemas/AppleLoginChallenge' + LoginMetrics: + type: object + description: Login Metrics per 1h + properties: + logins_per_1h: + type: array + items: + $ref: '#/components/schemas/Coordinate' + readOnly: true + logins_failed_per_1h: + type: array + items: + $ref: '#/components/schemas/Coordinate' + readOnly: true + authorizations_per_1h: + type: array + items: + $ref: '#/components/schemas/Coordinate' + readOnly: true + required: + - authorizations_per_1h + - logins_failed_per_1h + - logins_per_1h + LoginSource: + type: object + description: Serializer for Login buttons of sources + properties: + name: + type: string + icon_url: + type: string + nullable: true + challenge: + $ref: '#/components/schemas/LoginChallengeTypes' + required: + - challenge + - name + Metadata: + type: object + description: Serializer for blueprint metadata + properties: + name: + type: string + labels: + type: object + additionalProperties: {} + required: + - labels + - name + NameIdPolicyEnum: + enum: + - urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress + - urn:oasis:names:tc:SAML:2.0:nameid-format:persistent + - urn:oasis:names:tc:SAML:2.0:nameid-format:X509SubjectName + - urn:oasis:names:tc:SAML:2.0:nameid-format:WindowsDomainQualifiedName + - urn:oasis:names:tc:SAML:2.0:nameid-format:transient + type: string + NotConfiguredActionEnum: + enum: + - skip + - deny + - configure + type: string + Notification: + type: object + description: Notification Serializer + properties: + pk: + type: string + format: uuid + readOnly: true + title: Uuid + severity: + allOf: + - $ref: '#/components/schemas/SeverityEnum' + readOnly: true + body: + type: string + readOnly: true + created: + type: string + format: date-time + readOnly: true + event: + $ref: '#/components/schemas/Event' + seen: + type: boolean + required: + - body + - created + - pk + - severity + NotificationRequest: + type: object + description: Notification Serializer + properties: + event: + $ref: '#/components/schemas/EventRequest' + seen: + type: boolean + NotificationRule: + type: object + description: NotificationRule Serializer + properties: + pk: + type: string + format: uuid + readOnly: true + title: Pbm uuid + name: + type: string + transports: + type: array + items: + type: string + format: uuid + description: Select which transports should be used to notify the user. + If none are selected, the notification will only be shown in the authentik + UI. + severity: + allOf: + - $ref: '#/components/schemas/SeverityEnum' + description: Controls which severity level the created notifications will + have. + group: + type: string + format: uuid + nullable: true + description: Define which group of users this notification should be sent + and shown to. If left empty, Notification won't ben sent. + group_obj: + allOf: + - $ref: '#/components/schemas/Group' + readOnly: true + required: + - group_obj + - name + - pk + NotificationRuleRequest: + type: object + description: NotificationRule Serializer + properties: + name: + type: string + minLength: 1 + transports: + type: array + items: + type: string + format: uuid + description: Select which transports should be used to notify the user. + If none are selected, the notification will only be shown in the authentik + UI. + severity: + allOf: + - $ref: '#/components/schemas/SeverityEnum' + description: Controls which severity level the created notifications will + have. + group: + type: string + format: uuid + nullable: true + description: Define which group of users this notification should be sent + and shown to. If left empty, Notification won't ben sent. + required: + - name + NotificationTransport: + type: object + description: NotificationTransport Serializer + properties: + pk: + type: string + format: uuid + readOnly: true + title: Uuid + name: + type: string + mode: + $ref: '#/components/schemas/NotificationTransportModeEnum' + mode_verbose: + type: string + readOnly: true + webhook_url: + type: string + format: uri + webhook_mapping: + type: string + format: uuid + nullable: true + send_once: + type: boolean + description: Only send notification once, for example when sending a webhook + into a chat channel. + required: + - mode_verbose + - name + - pk + NotificationTransportModeEnum: + enum: + - local + - webhook + - webhook_slack + - email + type: string + NotificationTransportRequest: + type: object + description: NotificationTransport Serializer + properties: + name: + type: string + minLength: 1 + mode: + $ref: '#/components/schemas/NotificationTransportModeEnum' + webhook_url: + type: string + format: uri + webhook_mapping: + type: string + format: uuid + nullable: true + send_once: + type: boolean + description: Only send notification once, for example when sending a webhook + into a chat channel. + required: + - name + NotificationTransportTest: + type: object + description: Notification test serializer + properties: + messages: + type: array + items: + type: string + required: + - messages + NotificationWebhookMapping: + type: object + description: NotificationWebhookMapping Serializer + properties: + pk: + type: string + format: uuid + readOnly: true + title: Pm uuid + name: + type: string + expression: + type: string + required: + - expression + - name + - pk + NotificationWebhookMappingRequest: + type: object + description: NotificationWebhookMapping Serializer + properties: + name: + type: string + minLength: 1 + expression: + type: string + minLength: 1 + required: + - expression + - name + OAuth2Provider: + type: object + description: OAuth2Provider Serializer + properties: + pk: + type: integer + readOnly: true + title: ID + name: + type: string + authorization_flow: + type: string + format: uuid + description: Flow used when authorizing this provider. + property_mappings: + type: array + items: + type: string + format: uuid + component: + type: string + readOnly: true + assigned_application_slug: + type: string + description: Internal application name, used in URLs. + readOnly: true + assigned_application_name: + type: string + description: Application's display Name. + readOnly: true + verbose_name: + type: string + readOnly: true + verbose_name_plural: + type: string + readOnly: true + meta_model_name: + type: string + readOnly: true + client_type: + allOf: + - $ref: '#/components/schemas/ClientTypeEnum' + description: Confidential clients are capable of maintaining the confidentiality + of their credentials. Public clients are incapable + client_id: + type: string + maxLength: 255 + client_secret: + type: string + maxLength: 255 + access_code_validity: + type: string + description: 'Access codes not valid on or after current time + this value + (Format: hours=1;minutes=2;seconds=3).' + token_validity: + type: string + description: 'Tokens not valid on or after current time + this value (Format: + hours=1;minutes=2;seconds=3).' + include_claims_in_id_token: + type: boolean + description: Include User claims from scopes in the id_token, for applications + that don't access the userinfo endpoint. + signing_key: + type: string + format: uuid + nullable: true + description: Key used to sign the tokens. Only required when JWT Algorithm + is set to RS256. + redirect_uris: + type: string + description: Enter each URI on a new line. + sub_mode: + allOf: + - $ref: '#/components/schemas/SubModeEnum' + description: Configure what data should be used as unique User Identifier. + For most cases, the default should be fine. + issuer_mode: + allOf: + - $ref: '#/components/schemas/IssuerModeEnum' + description: Configure how the issuer field of the ID Token should be filled. + jwks_sources: + type: array + items: + type: string + format: uuid + title: Any JWT signed by the JWK of the selected source can be used to + authenticate. + title: Any JWT signed by the JWK of the selected source can be used to authenticate. + required: + - assigned_application_name + - assigned_application_slug + - authorization_flow + - component + - meta_model_name + - name + - pk + - verbose_name + - verbose_name_plural + OAuth2ProviderRequest: + type: object + description: OAuth2Provider Serializer + properties: + name: + type: string + minLength: 1 + authorization_flow: + type: string + format: uuid + description: Flow used when authorizing this provider. + property_mappings: + type: array + items: + type: string + format: uuid + client_type: + allOf: + - $ref: '#/components/schemas/ClientTypeEnum' + description: Confidential clients are capable of maintaining the confidentiality + of their credentials. Public clients are incapable + client_id: + type: string + minLength: 1 + maxLength: 255 + client_secret: + type: string + maxLength: 255 + access_code_validity: + type: string + minLength: 1 + description: 'Access codes not valid on or after current time + this value + (Format: hours=1;minutes=2;seconds=3).' + token_validity: + type: string + minLength: 1 + description: 'Tokens not valid on or after current time + this value (Format: + hours=1;minutes=2;seconds=3).' + include_claims_in_id_token: + type: boolean + description: Include User claims from scopes in the id_token, for applications + that don't access the userinfo endpoint. + signing_key: + type: string + format: uuid + nullable: true + description: Key used to sign the tokens. Only required when JWT Algorithm + is set to RS256. + redirect_uris: + type: string + description: Enter each URI on a new line. + sub_mode: + allOf: + - $ref: '#/components/schemas/SubModeEnum' + description: Configure what data should be used as unique User Identifier. + For most cases, the default should be fine. + issuer_mode: + allOf: + - $ref: '#/components/schemas/IssuerModeEnum' + description: Configure how the issuer field of the ID Token should be filled. + jwks_sources: + type: array + items: + type: string + format: uuid + title: Any JWT signed by the JWK of the selected source can be used to + authenticate. + title: Any JWT signed by the JWK of the selected source can be used to authenticate. + required: + - authorization_flow + - name + OAuth2ProviderSetupURLs: + type: object + description: OAuth2 Provider Metadata serializer + properties: + issuer: + type: string + readOnly: true + authorize: + type: string + readOnly: true + token: + type: string + readOnly: true + user_info: + type: string + readOnly: true + provider_info: + type: string + readOnly: true + logout: + type: string + readOnly: true + jwks: + type: string + readOnly: true + required: + - authorize + - issuer + - jwks + - logout + - provider_info + - token + - user_info + OAuthDeviceCodeChallenge: + type: object + description: OAuth Device code challenge + properties: + type: + $ref: '#/components/schemas/ChallengeChoices' + flow_info: + $ref: '#/components/schemas/ContextualFlowInfo' + component: + type: string + default: ak-provider-oauth2-device-code + response_errors: + type: object + additionalProperties: + type: array + items: + $ref: '#/components/schemas/ErrorDetail' + required: + - type + OAuthDeviceCodeChallengeResponseRequest: + type: object + description: Response that includes the user-entered device code + properties: + component: + type: string + minLength: 1 + default: ak-provider-oauth2-device-code + code: + type: integer + required: + - code + OAuthDeviceCodeFinishChallenge: + type: object + description: Final challenge after user enters their code + properties: + type: + $ref: '#/components/schemas/ChallengeChoices' + flow_info: + $ref: '#/components/schemas/ContextualFlowInfo' + component: + type: string + default: ak-provider-oauth2-device-code-finish + response_errors: + type: object + additionalProperties: + type: array + items: + $ref: '#/components/schemas/ErrorDetail' + required: + - type + OAuthDeviceCodeFinishChallengeResponseRequest: + type: object + description: Response that device has been authenticated and tab can be closed + properties: + component: + type: string + minLength: 1 + default: ak-provider-oauth2-device-code-finish + OAuthSource: + type: object + description: OAuth Source Serializer + properties: + pk: + type: string + format: uuid + readOnly: true + title: Pbm uuid + name: + type: string + description: Source's display Name. + slug: + type: string + description: Internal source name, used in URLs. + maxLength: 50 + pattern: ^[-a-zA-Z0-9_]+$ + enabled: + type: boolean + authentication_flow: + type: string + format: uuid + nullable: true + description: Flow to use when authenticating existing users. + enrollment_flow: + type: string + format: uuid + nullable: true + description: Flow to use when enrolling new users. + component: + type: string + readOnly: true + verbose_name: + type: string + readOnly: true + verbose_name_plural: + type: string + readOnly: true + meta_model_name: + type: string + readOnly: true + policy_engine_mode: + $ref: '#/components/schemas/PolicyEngineMode' + user_matching_mode: + allOf: + - $ref: '#/components/schemas/UserMatchingModeEnum' + description: How the source determines if an existing user should be authenticated + or a new user enrolled. + managed: + type: string + nullable: true + title: Managed by authentik + description: Objects which are managed by authentik. These objects are created + and updated automatically. This is flag only indicates that an object + can be overwritten by migrations. You can still modify the objects via + the API, but expect changes to be overwritten in a later update. + readOnly: true + user_path_template: + type: string + icon: + type: string + nullable: true + readOnly: true + provider_type: + $ref: '#/components/schemas/ProviderTypeEnum' + request_token_url: + type: string + nullable: true + description: URL used to request the initial token. This URL is only required + for OAuth 1. + maxLength: 255 + authorization_url: + type: string + nullable: true + description: URL the user is redirect to to conest the flow. + maxLength: 255 + access_token_url: + type: string + nullable: true + description: URL used by authentik to retrieve tokens. + maxLength: 255 + profile_url: + type: string + nullable: true + description: URL used by authentik to get user information. + maxLength: 255 + consumer_key: + type: string + callback_url: + type: string + readOnly: true + additional_scopes: + type: string + type: + allOf: + - $ref: '#/components/schemas/SourceType' + readOnly: true + oidc_well_known_url: + type: string + oidc_jwks_url: + type: string + oidc_jwks: + type: object + additionalProperties: {} + required: + - callback_url + - component + - consumer_key + - icon + - managed + - meta_model_name + - name + - pk + - provider_type + - slug + - type + - verbose_name + - verbose_name_plural + OAuthSourceRequest: + type: object + description: OAuth Source Serializer + properties: + name: + type: string + minLength: 1 + description: Source's display Name. + slug: + type: string + minLength: 1 + description: Internal source name, used in URLs. + maxLength: 50 + pattern: ^[-a-zA-Z0-9_]+$ + enabled: + type: boolean + authentication_flow: + type: string + format: uuid + nullable: true + description: Flow to use when authenticating existing users. + enrollment_flow: + type: string + format: uuid + nullable: true + description: Flow to use when enrolling new users. + policy_engine_mode: + $ref: '#/components/schemas/PolicyEngineMode' + user_matching_mode: + allOf: + - $ref: '#/components/schemas/UserMatchingModeEnum' + description: How the source determines if an existing user should be authenticated + or a new user enrolled. + user_path_template: + type: string + minLength: 1 + provider_type: + $ref: '#/components/schemas/ProviderTypeEnum' + request_token_url: + type: string + nullable: true + minLength: 1 + description: URL used to request the initial token. This URL is only required + for OAuth 1. + maxLength: 255 + authorization_url: + type: string + nullable: true + minLength: 1 + description: URL the user is redirect to to conest the flow. + maxLength: 255 + access_token_url: + type: string + nullable: true + minLength: 1 + description: URL used by authentik to retrieve tokens. + maxLength: 255 + profile_url: + type: string + nullable: true + minLength: 1 + description: URL used by authentik to get user information. + maxLength: 255 + consumer_key: + type: string + minLength: 1 + consumer_secret: + type: string + writeOnly: true + minLength: 1 + additional_scopes: + type: string + oidc_well_known_url: + type: string + oidc_jwks_url: + type: string + oidc_jwks: + type: object + additionalProperties: {} + required: + - consumer_key + - consumer_secret + - name + - provider_type + - slug + OpenIDConnectConfiguration: + type: object + description: rest_framework Serializer for OIDC Configuration + properties: + issuer: + type: string + authorization_endpoint: + type: string + token_endpoint: + type: string + userinfo_endpoint: + type: string + end_session_endpoint: + type: string + introspection_endpoint: + type: string + jwks_uri: + type: string + response_types_supported: + type: array + items: + type: string + id_token_signing_alg_values_supported: + type: array + items: + type: string + subject_types_supported: + type: array + items: + type: string + token_endpoint_auth_methods_supported: + type: array + items: + type: string + required: + - authorization_endpoint + - end_session_endpoint + - id_token_signing_alg_values_supported + - introspection_endpoint + - issuer + - jwks_uri + - response_types_supported + - subject_types_supported + - token_endpoint + - token_endpoint_auth_methods_supported + - userinfo_endpoint + Outpost: + type: object + description: Outpost Serializer + properties: + pk: + type: string + format: uuid + readOnly: true + title: Uuid + name: + type: string + type: + $ref: '#/components/schemas/OutpostTypeEnum' + providers: + type: array + items: + type: integer + providers_obj: + type: array + items: + $ref: '#/components/schemas/Provider' + readOnly: true + service_connection: + type: string + format: uuid + nullable: true + description: Select Service-Connection authentik should use to manage this + outpost. Leave empty if authentik should not handle the deployment. + service_connection_obj: + allOf: + - $ref: '#/components/schemas/ServiceConnection' + readOnly: true + token_identifier: + type: string + readOnly: true + config: + type: object + additionalProperties: {} + managed: + type: string + nullable: true + title: Managed by authentik + description: Objects which are managed by authentik. These objects are created + and updated automatically. This is flag only indicates that an object + can be overwritten by migrations. You can still modify the objects via + the API, but expect changes to be overwritten in a later update. + required: + - config + - name + - pk + - providers + - providers_obj + - service_connection_obj + - token_identifier + - type + OutpostDefaultConfig: + type: object + description: Global default outpost config + properties: + config: + type: object + additionalProperties: {} + readOnly: true + required: + - config + OutpostHealth: + type: object + description: Outpost health status + properties: + last_seen: + type: string + format: date-time + readOnly: true + version: + type: string + readOnly: true + version_should: + type: string + readOnly: true + version_outdated: + type: boolean + readOnly: true + build_hash: + type: string + readOnly: true + build_hash_should: + type: string + readOnly: true + required: + - build_hash + - build_hash_should + - last_seen + - version + - version_outdated + - version_should + OutpostRequest: + type: object + description: Outpost Serializer + properties: + name: + type: string + minLength: 1 + type: + $ref: '#/components/schemas/OutpostTypeEnum' + providers: + type: array + items: + type: integer + service_connection: + type: string + format: uuid + nullable: true + description: Select Service-Connection authentik should use to manage this + outpost. Leave empty if authentik should not handle the deployment. + config: + type: object + additionalProperties: {} + managed: + type: string + nullable: true + minLength: 1 + title: Managed by authentik + description: Objects which are managed by authentik. These objects are created + and updated automatically. This is flag only indicates that an object + can be overwritten by migrations. You can still modify the objects via + the API, but expect changes to be overwritten in a later update. + required: + - config + - name + - providers + - type + OutpostTypeEnum: + enum: + - proxy + - ldap + type: string + PaginatedApplicationList: + type: object + properties: + pagination: + type: object + properties: + next: + type: number + previous: + type: number + count: + type: number + current: + type: number + total_pages: + type: number + start_index: + type: number + end_index: + type: number + required: + - next + - previous + - count + - current + - total_pages + - start_index + - end_index + results: + type: array + items: + $ref: '#/components/schemas/Application' + required: + - pagination + - results + PaginatedAuthenticateWebAuthnStageList: + type: object + properties: + pagination: + type: object + properties: + next: + type: number + previous: + type: number + count: + type: number + current: + type: number + total_pages: + type: number + start_index: + type: number + end_index: + type: number + required: + - next + - previous + - count + - current + - total_pages + - start_index + - end_index + results: + type: array + items: + $ref: '#/components/schemas/AuthenticateWebAuthnStage' + required: + - pagination + - results + PaginatedAuthenticatedSessionList: + type: object + properties: + pagination: + type: object + properties: + next: + type: number + previous: + type: number + count: + type: number + current: + type: number + total_pages: + type: number + start_index: + type: number + end_index: + type: number + required: + - next + - previous + - count + - current + - total_pages + - start_index + - end_index + results: + type: array + items: + $ref: '#/components/schemas/AuthenticatedSession' + required: + - pagination + - results + PaginatedAuthenticatorDuoStageList: + type: object + properties: + pagination: + type: object + properties: + next: + type: number + previous: + type: number + count: + type: number + current: + type: number + total_pages: + type: number + start_index: + type: number + end_index: + type: number + required: + - next + - previous + - count + - current + - total_pages + - start_index + - end_index + results: + type: array + items: + $ref: '#/components/schemas/AuthenticatorDuoStage' + required: + - pagination + - results + PaginatedAuthenticatorSMSStageList: + type: object + properties: + pagination: + type: object + properties: + next: + type: number + previous: + type: number + count: + type: number + current: + type: number + total_pages: + type: number + start_index: + type: number + end_index: + type: number + required: + - next + - previous + - count + - current + - total_pages + - start_index + - end_index + results: + type: array + items: + $ref: '#/components/schemas/AuthenticatorSMSStage' + required: + - pagination + - results + PaginatedAuthenticatorStaticStageList: + type: object + properties: + pagination: + type: object + properties: + next: + type: number + previous: + type: number + count: + type: number + current: + type: number + total_pages: + type: number + start_index: + type: number + end_index: + type: number + required: + - next + - previous + - count + - current + - total_pages + - start_index + - end_index + results: + type: array + items: + $ref: '#/components/schemas/AuthenticatorStaticStage' + required: + - pagination + - results + PaginatedAuthenticatorTOTPStageList: + type: object + properties: + pagination: + type: object + properties: + next: + type: number + previous: + type: number + count: + type: number + current: + type: number + total_pages: + type: number + start_index: + type: number + end_index: + type: number + required: + - next + - previous + - count + - current + - total_pages + - start_index + - end_index + results: + type: array + items: + $ref: '#/components/schemas/AuthenticatorTOTPStage' + required: + - pagination + - results + PaginatedAuthenticatorValidateStageList: + type: object + properties: + pagination: + type: object + properties: + next: + type: number + previous: + type: number + count: + type: number + current: + type: number + total_pages: + type: number + start_index: + type: number + end_index: + type: number + required: + - next + - previous + - count + - current + - total_pages + - start_index + - end_index + results: + type: array + items: + $ref: '#/components/schemas/AuthenticatorValidateStage' + required: + - pagination + - results + PaginatedBlueprintInstanceList: + type: object + properties: + pagination: + type: object + properties: + next: + type: number + previous: + type: number + count: + type: number + current: + type: number + total_pages: + type: number + start_index: + type: number + end_index: + type: number + required: + - next + - previous + - count + - current + - total_pages + - start_index + - end_index + results: + type: array + items: + $ref: '#/components/schemas/BlueprintInstance' + required: + - pagination + - results + PaginatedCaptchaStageList: + type: object + properties: + pagination: + type: object + properties: + next: + type: number + previous: + type: number + count: + type: number + current: + type: number + total_pages: + type: number + start_index: + type: number + end_index: + type: number + required: + - next + - previous + - count + - current + - total_pages + - start_index + - end_index + results: + type: array + items: + $ref: '#/components/schemas/CaptchaStage' + required: + - pagination + - results + PaginatedCertificateKeyPairList: + type: object + properties: + pagination: + type: object + properties: + next: + type: number + previous: + type: number + count: + type: number + current: + type: number + total_pages: + type: number + start_index: + type: number + end_index: + type: number + required: + - next + - previous + - count + - current + - total_pages + - start_index + - end_index + results: + type: array + items: + $ref: '#/components/schemas/CertificateKeyPair' + required: + - pagination + - results + PaginatedConsentStageList: + type: object + properties: + pagination: + type: object + properties: + next: + type: number + previous: + type: number + count: + type: number + current: + type: number + total_pages: + type: number + start_index: + type: number + end_index: + type: number + required: + - next + - previous + - count + - current + - total_pages + - start_index + - end_index + results: + type: array + items: + $ref: '#/components/schemas/ConsentStage' + required: + - pagination + - results + PaginatedDenyStageList: + type: object + properties: + pagination: + type: object + properties: + next: + type: number + previous: + type: number + count: + type: number + current: + type: number + total_pages: + type: number + start_index: + type: number + end_index: + type: number + required: + - next + - previous + - count + - current + - total_pages + - start_index + - end_index + results: + type: array + items: + $ref: '#/components/schemas/DenyStage' + required: + - pagination + - results + PaginatedDockerServiceConnectionList: + type: object + properties: + pagination: + type: object + properties: + next: + type: number + previous: + type: number + count: + type: number + current: + type: number + total_pages: + type: number + start_index: + type: number + end_index: + type: number + required: + - next + - previous + - count + - current + - total_pages + - start_index + - end_index + results: + type: array + items: + $ref: '#/components/schemas/DockerServiceConnection' + required: + - pagination + - results + PaginatedDummyPolicyList: + type: object + properties: + pagination: + type: object + properties: + next: + type: number + previous: + type: number + count: + type: number + current: + type: number + total_pages: + type: number + start_index: + type: number + end_index: + type: number + required: + - next + - previous + - count + - current + - total_pages + - start_index + - end_index + results: + type: array + items: + $ref: '#/components/schemas/DummyPolicy' + required: + - pagination + - results + PaginatedDummyStageList: + type: object + properties: + pagination: + type: object + properties: + next: + type: number + previous: + type: number + count: + type: number + current: + type: number + total_pages: + type: number + start_index: + type: number + end_index: + type: number + required: + - next + - previous + - count + - current + - total_pages + - start_index + - end_index + results: + type: array + items: + $ref: '#/components/schemas/DummyStage' + required: + - pagination + - results + PaginatedDuoDeviceList: + type: object + properties: + pagination: + type: object + properties: + next: + type: number + previous: + type: number + count: + type: number + current: + type: number + total_pages: + type: number + start_index: + type: number + end_index: + type: number + required: + - next + - previous + - count + - current + - total_pages + - start_index + - end_index + results: + type: array + items: + $ref: '#/components/schemas/DuoDevice' + required: + - pagination + - results + PaginatedEmailStageList: + type: object + properties: + pagination: + type: object + properties: + next: + type: number + previous: + type: number + count: + type: number + current: + type: number + total_pages: + type: number + start_index: + type: number + end_index: + type: number + required: + - next + - previous + - count + - current + - total_pages + - start_index + - end_index + results: + type: array + items: + $ref: '#/components/schemas/EmailStage' + required: + - pagination + - results + PaginatedEventList: + type: object + properties: + pagination: + type: object + properties: + next: + type: number + previous: + type: number + count: + type: number + current: + type: number + total_pages: + type: number + start_index: + type: number + end_index: + type: number + required: + - next + - previous + - count + - current + - total_pages + - start_index + - end_index + results: + type: array + items: + $ref: '#/components/schemas/Event' + required: + - pagination + - results + PaginatedEventMatcherPolicyList: + type: object + properties: + pagination: + type: object + properties: + next: + type: number + previous: + type: number + count: + type: number + current: + type: number + total_pages: + type: number + start_index: + type: number + end_index: + type: number + required: + - next + - previous + - count + - current + - total_pages + - start_index + - end_index + results: + type: array + items: + $ref: '#/components/schemas/EventMatcherPolicy' + required: + - pagination + - results + PaginatedExpiringBaseGrantModelList: + type: object + properties: + pagination: + type: object + properties: + next: + type: number + previous: + type: number + count: + type: number + current: + type: number + total_pages: + type: number + start_index: + type: number + end_index: + type: number + required: + - next + - previous + - count + - current + - total_pages + - start_index + - end_index + results: + type: array + items: + $ref: '#/components/schemas/ExpiringBaseGrantModel' + required: + - pagination + - results + PaginatedExpressionPolicyList: + type: object + properties: + pagination: + type: object + properties: + next: + type: number + previous: + type: number + count: + type: number + current: + type: number + total_pages: + type: number + start_index: + type: number + end_index: + type: number + required: + - next + - previous + - count + - current + - total_pages + - start_index + - end_index + results: + type: array + items: + $ref: '#/components/schemas/ExpressionPolicy' + required: + - pagination + - results + PaginatedFlowList: + type: object + properties: + pagination: + type: object + properties: + next: + type: number + previous: + type: number + count: + type: number + current: + type: number + total_pages: + type: number + start_index: + type: number + end_index: + type: number + required: + - next + - previous + - count + - current + - total_pages + - start_index + - end_index + results: + type: array + items: + $ref: '#/components/schemas/Flow' + required: + - pagination + - results + PaginatedFlowStageBindingList: + type: object + properties: + pagination: + type: object + properties: + next: + type: number + previous: + type: number + count: + type: number + current: + type: number + total_pages: + type: number + start_index: + type: number + end_index: + type: number + required: + - next + - previous + - count + - current + - total_pages + - start_index + - end_index + results: + type: array + items: + $ref: '#/components/schemas/FlowStageBinding' + required: + - pagination + - results + PaginatedGroupList: + type: object + properties: + pagination: + type: object + properties: + next: + type: number + previous: + type: number + count: + type: number + current: + type: number + total_pages: + type: number + start_index: + type: number + end_index: + type: number + required: + - next + - previous + - count + - current + - total_pages + - start_index + - end_index + results: + type: array + items: + $ref: '#/components/schemas/Group' + required: + - pagination + - results + PaginatedHaveIBeenPwendPolicyList: + type: object + properties: + pagination: + type: object + properties: + next: + type: number + previous: + type: number + count: + type: number + current: + type: number + total_pages: + type: number + start_index: + type: number + end_index: + type: number + required: + - next + - previous + - count + - current + - total_pages + - start_index + - end_index + results: + type: array + items: + $ref: '#/components/schemas/HaveIBeenPwendPolicy' + required: + - pagination + - results + PaginatedIdentificationStageList: + type: object + properties: + pagination: + type: object + properties: + next: + type: number + previous: + type: number + count: + type: number + current: + type: number + total_pages: + type: number + start_index: + type: number + end_index: + type: number + required: + - next + - previous + - count + - current + - total_pages + - start_index + - end_index + results: + type: array + items: + $ref: '#/components/schemas/IdentificationStage' + required: + - pagination + - results + PaginatedInvitationList: + type: object + properties: + pagination: + type: object + properties: + next: + type: number + previous: + type: number + count: + type: number + current: + type: number + total_pages: + type: number + start_index: + type: number + end_index: + type: number + required: + - next + - previous + - count + - current + - total_pages + - start_index + - end_index + results: + type: array + items: + $ref: '#/components/schemas/Invitation' + required: + - pagination + - results + PaginatedInvitationStageList: + type: object + properties: + pagination: + type: object + properties: + next: + type: number + previous: + type: number + count: + type: number + current: + type: number + total_pages: + type: number + start_index: + type: number + end_index: + type: number + required: + - next + - previous + - count + - current + - total_pages + - start_index + - end_index + results: + type: array + items: + $ref: '#/components/schemas/InvitationStage' + required: + - pagination + - results + PaginatedKubernetesServiceConnectionList: + type: object + properties: + pagination: + type: object + properties: + next: + type: number + previous: + type: number + count: + type: number + current: + type: number + total_pages: + type: number + start_index: + type: number + end_index: + type: number + required: + - next + - previous + - count + - current + - total_pages + - start_index + - end_index + results: + type: array + items: + $ref: '#/components/schemas/KubernetesServiceConnection' + required: + - pagination + - results + PaginatedLDAPOutpostConfigList: + type: object + properties: + pagination: + type: object + properties: + next: + type: number + previous: + type: number + count: + type: number + current: + type: number + total_pages: + type: number + start_index: + type: number + end_index: + type: number + required: + - next + - previous + - count + - current + - total_pages + - start_index + - end_index + results: + type: array + items: + $ref: '#/components/schemas/LDAPOutpostConfig' + required: + - pagination + - results + PaginatedLDAPPropertyMappingList: + type: object + properties: + pagination: + type: object + properties: + next: + type: number + previous: + type: number + count: + type: number + current: + type: number + total_pages: + type: number + start_index: + type: number + end_index: + type: number + required: + - next + - previous + - count + - current + - total_pages + - start_index + - end_index + results: + type: array + items: + $ref: '#/components/schemas/LDAPPropertyMapping' + required: + - pagination + - results + PaginatedLDAPProviderList: + type: object + properties: + pagination: + type: object + properties: + next: + type: number + previous: + type: number + count: + type: number + current: + type: number + total_pages: + type: number + start_index: + type: number + end_index: + type: number + required: + - next + - previous + - count + - current + - total_pages + - start_index + - end_index + results: + type: array + items: + $ref: '#/components/schemas/LDAPProvider' + required: + - pagination + - results + PaginatedLDAPSourceList: + type: object + properties: + pagination: + type: object + properties: + next: + type: number + previous: + type: number + count: + type: number + current: + type: number + total_pages: + type: number + start_index: + type: number + end_index: + type: number + required: + - next + - previous + - count + - current + - total_pages + - start_index + - end_index + results: + type: array + items: + $ref: '#/components/schemas/LDAPSource' + required: + - pagination + - results + PaginatedNotificationList: + type: object + properties: + pagination: + type: object + properties: + next: + type: number + previous: + type: number + count: + type: number + current: + type: number + total_pages: + type: number + start_index: + type: number + end_index: + type: number + required: + - next + - previous + - count + - current + - total_pages + - start_index + - end_index + results: + type: array + items: + $ref: '#/components/schemas/Notification' + required: + - pagination + - results + PaginatedNotificationRuleList: + type: object + properties: + pagination: + type: object + properties: + next: + type: number + previous: + type: number + count: + type: number + current: + type: number + total_pages: + type: number + start_index: + type: number + end_index: + type: number + required: + - next + - previous + - count + - current + - total_pages + - start_index + - end_index + results: + type: array + items: + $ref: '#/components/schemas/NotificationRule' + required: + - pagination + - results + PaginatedNotificationTransportList: + type: object + properties: + pagination: + type: object + properties: + next: + type: number + previous: + type: number + count: + type: number + current: + type: number + total_pages: + type: number + start_index: + type: number + end_index: + type: number + required: + - next + - previous + - count + - current + - total_pages + - start_index + - end_index + results: + type: array + items: + $ref: '#/components/schemas/NotificationTransport' + required: + - pagination + - results + PaginatedNotificationWebhookMappingList: + type: object + properties: + pagination: + type: object + properties: + next: + type: number + previous: + type: number + count: + type: number + current: + type: number + total_pages: + type: number + start_index: + type: number + end_index: + type: number + required: + - next + - previous + - count + - current + - total_pages + - start_index + - end_index + results: + type: array + items: + $ref: '#/components/schemas/NotificationWebhookMapping' + required: + - pagination + - results + PaginatedOAuth2ProviderList: + type: object + properties: + pagination: + type: object + properties: + next: + type: number + previous: + type: number + count: + type: number + current: + type: number + total_pages: + type: number + start_index: + type: number + end_index: + type: number + required: + - next + - previous + - count + - current + - total_pages + - start_index + - end_index + results: + type: array + items: + $ref: '#/components/schemas/OAuth2Provider' + required: + - pagination + - results + PaginatedOAuthSourceList: + type: object + properties: + pagination: + type: object + properties: + next: + type: number + previous: + type: number + count: + type: number + current: + type: number + total_pages: + type: number + start_index: + type: number + end_index: + type: number + required: + - next + - previous + - count + - current + - total_pages + - start_index + - end_index + results: + type: array + items: + $ref: '#/components/schemas/OAuthSource' + required: + - pagination + - results + PaginatedOutpostList: + type: object + properties: + pagination: + type: object + properties: + next: + type: number + previous: + type: number + count: + type: number + current: + type: number + total_pages: + type: number + start_index: + type: number + end_index: + type: number + required: + - next + - previous + - count + - current + - total_pages + - start_index + - end_index + results: + type: array + items: + $ref: '#/components/schemas/Outpost' + required: + - pagination + - results + PaginatedPasswordExpiryPolicyList: + type: object + properties: + pagination: + type: object + properties: + next: + type: number + previous: + type: number + count: + type: number + current: + type: number + total_pages: + type: number + start_index: + type: number + end_index: + type: number + required: + - next + - previous + - count + - current + - total_pages + - start_index + - end_index + results: + type: array + items: + $ref: '#/components/schemas/PasswordExpiryPolicy' + required: + - pagination + - results + PaginatedPasswordPolicyList: + type: object + properties: + pagination: + type: object + properties: + next: + type: number + previous: + type: number + count: + type: number + current: + type: number + total_pages: + type: number + start_index: + type: number + end_index: + type: number + required: + - next + - previous + - count + - current + - total_pages + - start_index + - end_index + results: + type: array + items: + $ref: '#/components/schemas/PasswordPolicy' + required: + - pagination + - results + PaginatedPasswordStageList: + type: object + properties: + pagination: + type: object + properties: + next: + type: number + previous: + type: number + count: + type: number + current: + type: number + total_pages: + type: number + start_index: + type: number + end_index: + type: number + required: + - next + - previous + - count + - current + - total_pages + - start_index + - end_index + results: + type: array + items: + $ref: '#/components/schemas/PasswordStage' + required: + - pagination + - results + PaginatedPlexSourceConnectionList: + type: object + properties: + pagination: + type: object + properties: + next: + type: number + previous: + type: number + count: + type: number + current: + type: number + total_pages: + type: number + start_index: + type: number + end_index: + type: number + required: + - next + - previous + - count + - current + - total_pages + - start_index + - end_index + results: + type: array + items: + $ref: '#/components/schemas/PlexSourceConnection' + required: + - pagination + - results + PaginatedPlexSourceList: + type: object + properties: + pagination: + type: object + properties: + next: + type: number + previous: + type: number + count: + type: number + current: + type: number + total_pages: + type: number + start_index: + type: number + end_index: + type: number + required: + - next + - previous + - count + - current + - total_pages + - start_index + - end_index + results: + type: array + items: + $ref: '#/components/schemas/PlexSource' + required: + - pagination + - results + PaginatedPolicyBindingList: + type: object + properties: + pagination: + type: object + properties: + next: + type: number + previous: + type: number + count: + type: number + current: + type: number + total_pages: + type: number + start_index: + type: number + end_index: + type: number + required: + - next + - previous + - count + - current + - total_pages + - start_index + - end_index + results: + type: array + items: + $ref: '#/components/schemas/PolicyBinding' + required: + - pagination + - results + PaginatedPolicyList: + type: object + properties: + pagination: + type: object + properties: + next: + type: number + previous: + type: number + count: + type: number + current: + type: number + total_pages: + type: number + start_index: + type: number + end_index: + type: number + required: + - next + - previous + - count + - current + - total_pages + - start_index + - end_index + results: + type: array + items: + $ref: '#/components/schemas/Policy' + required: + - pagination + - results + PaginatedPromptList: + type: object + properties: + pagination: + type: object + properties: + next: + type: number + previous: + type: number + count: + type: number + current: + type: number + total_pages: + type: number + start_index: + type: number + end_index: + type: number + required: + - next + - previous + - count + - current + - total_pages + - start_index + - end_index + results: + type: array + items: + $ref: '#/components/schemas/Prompt' + required: + - pagination + - results + PaginatedPromptStageList: + type: object + properties: + pagination: + type: object + properties: + next: + type: number + previous: + type: number + count: + type: number + current: + type: number + total_pages: + type: number + start_index: + type: number + end_index: + type: number + required: + - next + - previous + - count + - current + - total_pages + - start_index + - end_index + results: + type: array + items: + $ref: '#/components/schemas/PromptStage' + required: + - pagination + - results + PaginatedPropertyMappingList: + type: object + properties: + pagination: + type: object + properties: + next: + type: number + previous: + type: number + count: + type: number + current: + type: number + total_pages: + type: number + start_index: + type: number + end_index: + type: number + required: + - next + - previous + - count + - current + - total_pages + - start_index + - end_index + results: + type: array + items: + $ref: '#/components/schemas/PropertyMapping' + required: + - pagination + - results + PaginatedProviderList: + type: object + properties: + pagination: + type: object + properties: + next: + type: number + previous: + type: number + count: + type: number + current: + type: number + total_pages: + type: number + start_index: + type: number + end_index: + type: number + required: + - next + - previous + - count + - current + - total_pages + - start_index + - end_index + results: + type: array + items: + $ref: '#/components/schemas/Provider' + required: + - pagination + - results + PaginatedProxyOutpostConfigList: + type: object + properties: + pagination: + type: object + properties: + next: + type: number + previous: + type: number + count: + type: number + current: + type: number + total_pages: + type: number + start_index: + type: number + end_index: + type: number + required: + - next + - previous + - count + - current + - total_pages + - start_index + - end_index + results: + type: array + items: + $ref: '#/components/schemas/ProxyOutpostConfig' + required: + - pagination + - results + PaginatedProxyProviderList: + type: object + properties: + pagination: + type: object + properties: + next: + type: number + previous: + type: number + count: + type: number + current: + type: number + total_pages: + type: number + start_index: + type: number + end_index: + type: number + required: + - next + - previous + - count + - current + - total_pages + - start_index + - end_index + results: + type: array + items: + $ref: '#/components/schemas/ProxyProvider' + required: + - pagination + - results + PaginatedRefreshTokenModelList: + type: object + properties: + pagination: + type: object + properties: + next: + type: number + previous: + type: number + count: + type: number + current: + type: number + total_pages: + type: number + start_index: + type: number + end_index: + type: number + required: + - next + - previous + - count + - current + - total_pages + - start_index + - end_index + results: + type: array + items: + $ref: '#/components/schemas/RefreshTokenModel' + required: + - pagination + - results + PaginatedReputationList: + type: object + properties: + pagination: + type: object + properties: + next: + type: number + previous: + type: number + count: + type: number + current: + type: number + total_pages: + type: number + start_index: + type: number + end_index: + type: number + required: + - next + - previous + - count + - current + - total_pages + - start_index + - end_index + results: + type: array + items: + $ref: '#/components/schemas/Reputation' + required: + - pagination + - results + PaginatedReputationPolicyList: + type: object + properties: + pagination: + type: object + properties: + next: + type: number + previous: + type: number + count: + type: number + current: + type: number + total_pages: + type: number + start_index: + type: number + end_index: + type: number + required: + - next + - previous + - count + - current + - total_pages + - start_index + - end_index + results: + type: array + items: + $ref: '#/components/schemas/ReputationPolicy' + required: + - pagination + - results + PaginatedSAMLPropertyMappingList: + type: object + properties: + pagination: + type: object + properties: + next: + type: number + previous: + type: number + count: + type: number + current: + type: number + total_pages: + type: number + start_index: + type: number + end_index: + type: number + required: + - next + - previous + - count + - current + - total_pages + - start_index + - end_index + results: + type: array + items: + $ref: '#/components/schemas/SAMLPropertyMapping' + required: + - pagination + - results + PaginatedSAMLProviderList: + type: object + properties: + pagination: + type: object + properties: + next: + type: number + previous: + type: number + count: + type: number + current: + type: number + total_pages: + type: number + start_index: + type: number + end_index: + type: number + required: + - next + - previous + - count + - current + - total_pages + - start_index + - end_index + results: + type: array + items: + $ref: '#/components/schemas/SAMLProvider' + required: + - pagination + - results + PaginatedSAMLSourceList: + type: object + properties: + pagination: + type: object + properties: + next: + type: number + previous: + type: number + count: + type: number + current: + type: number + total_pages: + type: number + start_index: + type: number + end_index: + type: number + required: + - next + - previous + - count + - current + - total_pages + - start_index + - end_index + results: + type: array + items: + $ref: '#/components/schemas/SAMLSource' + required: + - pagination + - results + PaginatedSMSDeviceList: + type: object + properties: + pagination: + type: object + properties: + next: + type: number + previous: + type: number + count: + type: number + current: + type: number + total_pages: + type: number + start_index: + type: number + end_index: + type: number + required: + - next + - previous + - count + - current + - total_pages + - start_index + - end_index + results: + type: array + items: + $ref: '#/components/schemas/SMSDevice' + required: + - pagination + - results + PaginatedScopeMappingList: + type: object + properties: + pagination: + type: object + properties: + next: + type: number + previous: + type: number + count: + type: number + current: + type: number + total_pages: + type: number + start_index: + type: number + end_index: + type: number + required: + - next + - previous + - count + - current + - total_pages + - start_index + - end_index + results: + type: array + items: + $ref: '#/components/schemas/ScopeMapping' + required: + - pagination + - results + PaginatedServiceConnectionList: + type: object + properties: + pagination: + type: object + properties: + next: + type: number + previous: + type: number + count: + type: number + current: + type: number + total_pages: + type: number + start_index: + type: number + end_index: + type: number + required: + - next + - previous + - count + - current + - total_pages + - start_index + - end_index + results: + type: array + items: + $ref: '#/components/schemas/ServiceConnection' + required: + - pagination + - results + PaginatedSourceList: + type: object + properties: + pagination: + type: object + properties: + next: + type: number + previous: + type: number + count: + type: number + current: + type: number + total_pages: + type: number + start_index: + type: number + end_index: + type: number + required: + - next + - previous + - count + - current + - total_pages + - start_index + - end_index + results: + type: array + items: + $ref: '#/components/schemas/Source' + required: + - pagination + - results + PaginatedStageList: + type: object + properties: + pagination: + type: object + properties: + next: + type: number + previous: + type: number + count: + type: number + current: + type: number + total_pages: + type: number + start_index: + type: number + end_index: + type: number + required: + - next + - previous + - count + - current + - total_pages + - start_index + - end_index + results: + type: array + items: + $ref: '#/components/schemas/Stage' + required: + - pagination + - results + PaginatedStaticDeviceList: + type: object + properties: + pagination: + type: object + properties: + next: + type: number + previous: + type: number + count: + type: number + current: + type: number + total_pages: + type: number + start_index: + type: number + end_index: + type: number + required: + - next + - previous + - count + - current + - total_pages + - start_index + - end_index + results: + type: array + items: + $ref: '#/components/schemas/StaticDevice' + required: + - pagination + - results + PaginatedTOTPDeviceList: + type: object + properties: + pagination: + type: object + properties: + next: + type: number + previous: + type: number + count: + type: number + current: + type: number + total_pages: + type: number + start_index: + type: number + end_index: + type: number + required: + - next + - previous + - count + - current + - total_pages + - start_index + - end_index + results: + type: array + items: + $ref: '#/components/schemas/TOTPDevice' + required: + - pagination + - results + PaginatedTenantList: + type: object + properties: + pagination: + type: object + properties: + next: + type: number + previous: + type: number + count: + type: number + current: + type: number + total_pages: + type: number + start_index: + type: number + end_index: + type: number + required: + - next + - previous + - count + - current + - total_pages + - start_index + - end_index + results: + type: array + items: + $ref: '#/components/schemas/Tenant' + required: + - pagination + - results + PaginatedTokenList: + type: object + properties: + pagination: + type: object + properties: + next: + type: number + previous: + type: number + count: + type: number + current: + type: number + total_pages: + type: number + start_index: + type: number + end_index: + type: number + required: + - next + - previous + - count + - current + - total_pages + - start_index + - end_index + results: + type: array + items: + $ref: '#/components/schemas/Token' + required: + - pagination + - results + PaginatedUserConsentList: + type: object + properties: + pagination: + type: object + properties: + next: + type: number + previous: + type: number + count: + type: number + current: + type: number + total_pages: + type: number + start_index: + type: number + end_index: + type: number + required: + - next + - previous + - count + - current + - total_pages + - start_index + - end_index + results: + type: array + items: + $ref: '#/components/schemas/UserConsent' + required: + - pagination + - results + PaginatedUserDeleteStageList: + type: object + properties: + pagination: + type: object + properties: + next: + type: number + previous: + type: number + count: + type: number + current: + type: number + total_pages: + type: number + start_index: + type: number + end_index: + type: number + required: + - next + - previous + - count + - current + - total_pages + - start_index + - end_index + results: + type: array + items: + $ref: '#/components/schemas/UserDeleteStage' + required: + - pagination + - results + PaginatedUserList: + type: object + properties: + pagination: + type: object + properties: + next: + type: number + previous: + type: number + count: + type: number + current: + type: number + total_pages: + type: number + start_index: + type: number + end_index: + type: number + required: + - next + - previous + - count + - current + - total_pages + - start_index + - end_index + results: + type: array + items: + $ref: '#/components/schemas/User' + required: + - pagination + - results + PaginatedUserLoginStageList: + type: object + properties: + pagination: + type: object + properties: + next: + type: number + previous: + type: number + count: + type: number + current: + type: number + total_pages: + type: number + start_index: + type: number + end_index: + type: number + required: + - next + - previous + - count + - current + - total_pages + - start_index + - end_index + results: + type: array + items: + $ref: '#/components/schemas/UserLoginStage' + required: + - pagination + - results + PaginatedUserLogoutStageList: + type: object + properties: + pagination: + type: object + properties: + next: + type: number + previous: + type: number + count: + type: number + current: + type: number + total_pages: + type: number + start_index: + type: number + end_index: + type: number + required: + - next + - previous + - count + - current + - total_pages + - start_index + - end_index + results: + type: array + items: + $ref: '#/components/schemas/UserLogoutStage' + required: + - pagination + - results + PaginatedUserOAuthSourceConnectionList: + type: object + properties: + pagination: + type: object + properties: + next: + type: number + previous: + type: number + count: + type: number + current: + type: number + total_pages: + type: number + start_index: + type: number + end_index: + type: number + required: + - next + - previous + - count + - current + - total_pages + - start_index + - end_index + results: + type: array + items: + $ref: '#/components/schemas/UserOAuthSourceConnection' + required: + - pagination + - results + PaginatedUserSAMLSourceConnectionList: + type: object + properties: + pagination: + type: object + properties: + next: + type: number + previous: + type: number + count: + type: number + current: + type: number + total_pages: + type: number + start_index: + type: number + end_index: + type: number + required: + - next + - previous + - count + - current + - total_pages + - start_index + - end_index + results: + type: array + items: + $ref: '#/components/schemas/UserSAMLSourceConnection' + required: + - pagination + - results + PaginatedUserSourceConnectionList: + type: object + properties: + pagination: + type: object + properties: + next: + type: number + previous: + type: number + count: + type: number + current: + type: number + total_pages: + type: number + start_index: + type: number + end_index: + type: number + required: + - next + - previous + - count + - current + - total_pages + - start_index + - end_index + results: + type: array + items: + $ref: '#/components/schemas/UserSourceConnection' + required: + - pagination + - results + PaginatedUserWriteStageList: + type: object + properties: + pagination: + type: object + properties: + next: + type: number + previous: + type: number + count: + type: number + current: + type: number + total_pages: + type: number + start_index: + type: number + end_index: + type: number + required: + - next + - previous + - count + - current + - total_pages + - start_index + - end_index + results: + type: array + items: + $ref: '#/components/schemas/UserWriteStage' + required: + - pagination + - results + PaginatedWebAuthnDeviceList: + type: object + properties: + pagination: + type: object + properties: + next: + type: number + previous: + type: number + count: + type: number + current: + type: number + total_pages: + type: number + start_index: + type: number + end_index: + type: number + required: + - next + - previous + - count + - current + - total_pages + - start_index + - end_index + results: + type: array + items: + $ref: '#/components/schemas/WebAuthnDevice' + required: + - pagination + - results + PasswordChallenge: + type: object + description: Password challenge UI fields + properties: + type: + $ref: '#/components/schemas/ChallengeChoices' + flow_info: + $ref: '#/components/schemas/ContextualFlowInfo' + component: + type: string + default: ak-stage-password + response_errors: + type: object + additionalProperties: + type: array + items: + $ref: '#/components/schemas/ErrorDetail' + pending_user: + type: string + pending_user_avatar: + type: string + recovery_url: + type: string + required: + - pending_user + - pending_user_avatar + - type + PasswordChallengeResponseRequest: + type: object + description: Password challenge response + properties: + component: + type: string + minLength: 1 + default: ak-stage-password + password: + type: string + minLength: 1 + required: + - password + PasswordExpiryPolicy: + type: object + description: Password Expiry Policy Serializer + properties: + pk: + type: string + format: uuid + readOnly: true + title: Policy uuid + name: + type: string + nullable: true + execution_logging: + type: boolean + description: When this option is enabled, all executions of this policy + will be logged. By default, only execution errors are logged. + component: + type: string + readOnly: true + verbose_name: + type: string + readOnly: true + verbose_name_plural: + type: string + readOnly: true + meta_model_name: + type: string + readOnly: true + bound_to: + type: integer + readOnly: true + days: + type: integer + maximum: 2147483647 + minimum: -2147483648 + deny_only: + type: boolean + required: + - bound_to + - component + - days + - meta_model_name + - pk + - verbose_name + - verbose_name_plural + PasswordExpiryPolicyRequest: + type: object + description: Password Expiry Policy Serializer + properties: + name: + type: string + nullable: true + execution_logging: + type: boolean + description: When this option is enabled, all executions of this policy + will be logged. By default, only execution errors are logged. + days: + type: integer + maximum: 2147483647 + minimum: -2147483648 + deny_only: + type: boolean + required: + - days + PasswordPolicy: + type: object + description: Password Policy Serializer + properties: + pk: + type: string + format: uuid + readOnly: true + title: Policy uuid + name: + type: string + nullable: true + execution_logging: + type: boolean + description: When this option is enabled, all executions of this policy + will be logged. By default, only execution errors are logged. + component: + type: string + readOnly: true + verbose_name: + type: string + readOnly: true + verbose_name_plural: + type: string + readOnly: true + meta_model_name: + type: string + readOnly: true + bound_to: + type: integer + readOnly: true + password_field: + type: string + description: Field key to check, field keys defined in Prompt stages are + available. + amount_digits: + type: integer + maximum: 2147483647 + minimum: 0 + amount_uppercase: + type: integer + maximum: 2147483647 + minimum: 0 + amount_lowercase: + type: integer + maximum: 2147483647 + minimum: 0 + amount_symbols: + type: integer + maximum: 2147483647 + minimum: 0 + length_min: + type: integer + maximum: 2147483647 + minimum: 0 + symbol_charset: + type: string + error_message: + type: string + check_static_rules: + type: boolean + check_have_i_been_pwned: + type: boolean + check_zxcvbn: + type: boolean + hibp_allowed_count: + type: integer + maximum: 2147483647 + minimum: 0 + description: How many times the password hash is allowed to be on haveibeenpwned + zxcvbn_score_threshold: + type: integer + maximum: 2147483647 + minimum: 0 + description: If the zxcvbn score is equal or less than this value, the policy + will fail. + required: + - bound_to + - component + - meta_model_name + - pk + - verbose_name + - verbose_name_plural + PasswordPolicyRequest: + type: object + description: Password Policy Serializer + properties: + name: + type: string + nullable: true + execution_logging: + type: boolean + description: When this option is enabled, all executions of this policy + will be logged. By default, only execution errors are logged. + password_field: + type: string + minLength: 1 + description: Field key to check, field keys defined in Prompt stages are + available. + amount_digits: + type: integer + maximum: 2147483647 + minimum: 0 + amount_uppercase: + type: integer + maximum: 2147483647 + minimum: 0 + amount_lowercase: + type: integer + maximum: 2147483647 + minimum: 0 + amount_symbols: + type: integer + maximum: 2147483647 + minimum: 0 + length_min: + type: integer + maximum: 2147483647 + minimum: 0 + symbol_charset: + type: string + minLength: 1 + error_message: + type: string + check_static_rules: + type: boolean + check_have_i_been_pwned: + type: boolean + check_zxcvbn: + type: boolean + hibp_allowed_count: + type: integer + maximum: 2147483647 + minimum: 0 + description: How many times the password hash is allowed to be on haveibeenpwned + zxcvbn_score_threshold: + type: integer + maximum: 2147483647 + minimum: 0 + description: If the zxcvbn score is equal or less than this value, the policy + will fail. + PasswordStage: + type: object + description: PasswordStage Serializer + properties: + pk: + type: string + format: uuid + readOnly: true + title: Stage uuid + name: + type: string + component: + type: string + readOnly: true + verbose_name: + type: string + readOnly: true + verbose_name_plural: + type: string + readOnly: true + meta_model_name: + type: string + readOnly: true + flow_set: + type: array + items: + $ref: '#/components/schemas/FlowSet' + backends: + type: array + items: + $ref: '#/components/schemas/BackendsEnum' + description: Selection of backends to test the password against. + configure_flow: + type: string + format: uuid + nullable: true + description: Flow used by an authenticated user to configure this Stage. + If empty, user will not be able to configure this stage. + failed_attempts_before_cancel: + type: integer + maximum: 2147483647 + minimum: -2147483648 + description: How many attempts a user has before the flow is canceled. To + lock the user out, use a reputation policy and a user_write stage. + required: + - backends + - component + - meta_model_name + - name + - pk + - verbose_name + - verbose_name_plural + PasswordStageRequest: + type: object + description: PasswordStage Serializer + properties: + name: + type: string + minLength: 1 + flow_set: + type: array + items: + $ref: '#/components/schemas/FlowSetRequest' + backends: + type: array + items: + $ref: '#/components/schemas/BackendsEnum' + description: Selection of backends to test the password against. + configure_flow: + type: string + format: uuid + nullable: true + description: Flow used by an authenticated user to configure this Stage. + If empty, user will not be able to configure this stage. + failed_attempts_before_cancel: + type: integer + maximum: 2147483647 + minimum: -2147483648 + description: How many attempts a user has before the flow is canceled. To + lock the user out, use a reputation policy and a user_write stage. + required: + - backends + - name + PatchedApplicationRequest: + type: object + description: Application Serializer + properties: + name: + type: string + minLength: 1 + description: Application's display Name. + slug: + type: string + minLength: 1 + description: Internal application name, used in URLs. + maxLength: 50 + pattern: ^[-a-zA-Z0-9_]+$ + provider: + type: integer + nullable: true + open_in_new_tab: + type: boolean + description: Open launch URL in a new browser tab or window. + meta_launch_url: + type: string + format: uri + meta_description: + type: string + meta_publisher: + type: string + policy_engine_mode: + $ref: '#/components/schemas/PolicyEngineMode' + group: + type: string + PatchedAuthenticateWebAuthnStageRequest: + type: object + description: AuthenticateWebAuthnStage Serializer + properties: + name: + type: string + minLength: 1 + flow_set: + type: array + items: + $ref: '#/components/schemas/FlowSetRequest' + configure_flow: + type: string + format: uuid + nullable: true + description: Flow used by an authenticated user to configure this Stage. + If empty, user will not be able to configure this stage. + user_verification: + $ref: '#/components/schemas/UserVerificationEnum' + authenticator_attachment: + allOf: + - $ref: '#/components/schemas/AuthenticatorAttachmentEnum' + nullable: true + resident_key_requirement: + $ref: '#/components/schemas/ResidentKeyRequirementEnum' + PatchedAuthenticatorDuoStageRequest: + type: object + description: AuthenticatorDuoStage Serializer + properties: + name: + type: string + minLength: 1 + flow_set: + type: array + items: + $ref: '#/components/schemas/FlowSetRequest' + configure_flow: + type: string + format: uuid + nullable: true + description: Flow used by an authenticated user to configure this Stage. + If empty, user will not be able to configure this stage. + client_id: + type: string + minLength: 1 + client_secret: + type: string + writeOnly: true + minLength: 1 + api_hostname: + type: string + minLength: 1 + admin_integration_key: + type: string + admin_secret_key: + type: string + writeOnly: true + PatchedAuthenticatorSMSStageRequest: + type: object + description: AuthenticatorSMSStage Serializer + properties: + name: + type: string + minLength: 1 + flow_set: + type: array + items: + $ref: '#/components/schemas/FlowSetRequest' + configure_flow: + type: string + format: uuid + nullable: true + description: Flow used by an authenticated user to configure this Stage. + If empty, user will not be able to configure this stage. + provider: + $ref: '#/components/schemas/ProviderEnum' + from_number: + type: string + minLength: 1 + account_sid: + type: string + minLength: 1 + auth: + type: string + minLength: 1 + auth_password: + type: string + auth_type: + $ref: '#/components/schemas/AuthTypeEnum' + verify_only: + type: boolean + description: When enabled, the Phone number is only used during enrollment + to verify the users authenticity. Only a hash of the phone number is saved + to ensure it is not re-used in the future. + mapping: + type: string + format: uuid + nullable: true + description: Optionally modify the payload being sent to custom providers. + PatchedAuthenticatorStaticStageRequest: + type: object + description: AuthenticatorStaticStage Serializer + properties: + name: + type: string + minLength: 1 + flow_set: + type: array + items: + $ref: '#/components/schemas/FlowSetRequest' + configure_flow: + type: string + format: uuid + nullable: true + description: Flow used by an authenticated user to configure this Stage. + If empty, user will not be able to configure this stage. + token_count: + type: integer + maximum: 2147483647 + minimum: -2147483648 + PatchedAuthenticatorTOTPStageRequest: + type: object + description: AuthenticatorTOTPStage Serializer + properties: + name: + type: string + minLength: 1 + flow_set: + type: array + items: + $ref: '#/components/schemas/FlowSetRequest' + configure_flow: + type: string + format: uuid + nullable: true + description: Flow used by an authenticated user to configure this Stage. + If empty, user will not be able to configure this stage. + digits: + allOf: + - $ref: '#/components/schemas/DigitsEnum' + minimum: -2147483648 + maximum: 2147483647 + PatchedAuthenticatorValidateStageRequest: + type: object + description: AuthenticatorValidateStage Serializer + properties: + name: + type: string + minLength: 1 + flow_set: + type: array + items: + $ref: '#/components/schemas/FlowSetRequest' + not_configured_action: + $ref: '#/components/schemas/NotConfiguredActionEnum' + device_classes: + type: array + items: + $ref: '#/components/schemas/DeviceClassesEnum' + description: Device classes which can be used to authenticate + configuration_stages: + type: array + items: + type: string + format: uuid + description: Stages used to configure Authenticator when user doesn't have + any compatible devices. After this configuration Stage passes, the user + is not prompted again. + last_auth_threshold: + type: string + minLength: 1 + description: If any of the user's device has been used within this threshold, + this stage will be skipped + webauthn_user_verification: + allOf: + - $ref: '#/components/schemas/UserVerificationEnum' + description: Enforce user verification for WebAuthn devices. + PatchedBlueprintInstanceRequest: + type: object + description: Info about a single blueprint instance file + properties: + name: + type: string + minLength: 1 + path: + type: string + minLength: 1 + context: + type: object + additionalProperties: {} + enabled: + type: boolean + PatchedCaptchaStageRequest: + type: object + description: CaptchaStage Serializer + properties: + name: + type: string + minLength: 1 + flow_set: + type: array + items: + $ref: '#/components/schemas/FlowSetRequest' + public_key: + type: string + minLength: 1 + description: Public key, acquired your captcha Provider. + private_key: + type: string + writeOnly: true + minLength: 1 + description: Private key, acquired your captcha Provider. + js_url: + type: string + minLength: 1 + api_url: + type: string + minLength: 1 + PatchedCertificateKeyPairRequest: + type: object + description: CertificateKeyPair Serializer + properties: + name: + type: string + minLength: 1 + certificate_data: + type: string + writeOnly: true + minLength: 1 + description: PEM-encoded Certificate data + key_data: + type: string + writeOnly: true + description: Optional Private Key. If this is set, you can use this keypair + for encryption. + managed: + type: string + nullable: true + minLength: 1 + title: Managed by authentik + description: Objects which are managed by authentik. These objects are created + and updated automatically. This is flag only indicates that an object + can be overwritten by migrations. You can still modify the objects via + the API, but expect changes to be overwritten in a later update. + PatchedConsentStageRequest: + type: object + description: ConsentStage Serializer + properties: + name: + type: string + minLength: 1 + flow_set: + type: array + items: + $ref: '#/components/schemas/FlowSetRequest' + mode: + $ref: '#/components/schemas/ConsentStageModeEnum' + consent_expire_in: + type: string + minLength: 1 + title: Consent expires in + description: 'Offset after which consent expires. (Format: hours=1;minutes=2;seconds=3).' + PatchedDenyStageRequest: + type: object + description: DenyStage Serializer + properties: + name: + type: string + minLength: 1 + flow_set: + type: array + items: + $ref: '#/components/schemas/FlowSetRequest' + PatchedDockerServiceConnectionRequest: + type: object + description: DockerServiceConnection Serializer + properties: + name: + type: string + minLength: 1 + local: + type: boolean + description: If enabled, use the local connection. Required Docker socket/Kubernetes + Integration + url: + type: string + minLength: 1 + description: Can be in the format of 'unix://' when connecting to + a local docker daemon, or 'https://:2376' when connecting to + a remote system. + tls_verification: + type: string + format: uuid + nullable: true + description: CA which the endpoint's Certificate is verified against. Can + be left empty for no validation. + tls_authentication: + type: string + format: uuid + nullable: true + description: Certificate/Key used for authentication. Can be left empty + for no authentication. + PatchedDummyPolicyRequest: + type: object + description: Dummy Policy Serializer + properties: + name: + type: string + nullable: true + execution_logging: + type: boolean + description: When this option is enabled, all executions of this policy + will be logged. By default, only execution errors are logged. + result: + type: boolean + wait_min: + type: integer + maximum: 2147483647 + minimum: -2147483648 + wait_max: + type: integer + maximum: 2147483647 + minimum: -2147483648 + PatchedDummyStageRequest: + type: object + description: DummyStage Serializer + properties: + name: + type: string + minLength: 1 + flow_set: + type: array + items: + $ref: '#/components/schemas/FlowSetRequest' + PatchedDuoDeviceRequest: + type: object + description: Serializer for Duo authenticator devices + properties: + name: + type: string + minLength: 1 + description: The human-readable name of this device. + maxLength: 64 + PatchedEmailStageRequest: + type: object + description: EmailStage Serializer + properties: + name: + type: string + minLength: 1 + flow_set: + type: array + items: + $ref: '#/components/schemas/FlowSetRequest' + use_global_settings: + type: boolean + description: When enabled, global Email connection settings will be used + and connection settings below will be ignored. + host: + type: string + minLength: 1 + port: + type: integer + maximum: 2147483647 + minimum: -2147483648 + username: + type: string + password: + type: string + writeOnly: true + use_tls: + type: boolean + use_ssl: + type: boolean + timeout: + type: integer + maximum: 2147483647 + minimum: -2147483648 + from_address: + type: string + format: email + minLength: 1 + maxLength: 254 + token_expiry: + type: integer + maximum: 2147483647 + minimum: -2147483648 + description: Time in minutes the token sent is valid. + subject: + type: string + minLength: 1 + template: + type: string + minLength: 1 + activate_user_on_success: + type: boolean + description: Activate users upon completion of stage. + PatchedEventMatcherPolicyRequest: + type: object + description: Event Matcher Policy Serializer + properties: + name: + type: string + nullable: true + execution_logging: + type: boolean + description: When this option is enabled, all executions of this policy + will be logged. By default, only execution errors are logged. + action: + allOf: + - $ref: '#/components/schemas/EventActions' + description: Match created events with this action type. When left empty, + all action types will be matched. + client_ip: + type: string + description: Matches Event's Client IP (strict matching, for network matching + use an Expression Policy) + app: + allOf: + - $ref: '#/components/schemas/AppEnum' + description: Match events created by selected application. When left empty, + all applications are matched. + PatchedEventRequest: + type: object + description: Event Serializer + properties: + user: + type: object + additionalProperties: {} + action: + $ref: '#/components/schemas/EventActions' + app: + type: string + minLength: 1 + context: + type: object + additionalProperties: {} + client_ip: + type: string + nullable: true + minLength: 1 + expires: + type: string + format: date-time + tenant: + type: object + additionalProperties: {} + PatchedExpressionPolicyRequest: + type: object + description: Group Membership Policy Serializer + properties: + name: + type: string + nullable: true + execution_logging: + type: boolean + description: When this option is enabled, all executions of this policy + will be logged. By default, only execution errors are logged. + expression: + type: string + minLength: 1 + PatchedFlowRequest: + type: object + description: Flow Serializer + properties: + name: + type: string + minLength: 1 + slug: + type: string + minLength: 1 + description: Visible in the URL. + maxLength: 50 + pattern: ^[-a-zA-Z0-9_]+$ + title: + type: string + minLength: 1 + description: Shown as the Title in Flow pages. + designation: + allOf: + - $ref: '#/components/schemas/FlowDesignationEnum' + description: Decides what this Flow is used for. For example, the Authentication + flow is redirect to when an un-authenticated user visits authentik. + policy_engine_mode: + $ref: '#/components/schemas/PolicyEngineMode' + compatibility_mode: + type: boolean + description: Enable compatibility mode, increases compatibility with password + managers on mobile devices. + layout: + $ref: '#/components/schemas/LayoutEnum' + denied_action: + allOf: + - $ref: '#/components/schemas/DeniedActionEnum' + description: Configure what should happen when a flow denies access to a + user. + authentication: + allOf: + - $ref: '#/components/schemas/AuthenticationEnum' + description: Required level of authentication and authorization to access + a flow. + PatchedFlowStageBindingRequest: + type: object + description: FlowStageBinding Serializer + properties: + target: + type: string + format: uuid + stage: + type: string + format: uuid + evaluate_on_plan: + type: boolean + description: Evaluate policies during the Flow planning process. Disable + this for input-based policies. + re_evaluate_policies: + type: boolean + description: Evaluate policies when the Stage is present to the user. + order: + type: integer + maximum: 2147483647 + minimum: -2147483648 + policy_engine_mode: + $ref: '#/components/schemas/PolicyEngineMode' + invalid_response_action: + allOf: + - $ref: '#/components/schemas/InvalidResponseActionEnum' + description: Configure how the flow executor should handle an invalid response + to a challenge. RETRY returns the error message and a similar challenge + to the executor. RESTART restarts the flow from the beginning, and RESTART_WITH_CONTEXT + restarts the flow while keeping the current context. + PatchedGroupRequest: + type: object + description: Group Serializer + properties: + name: + type: string + minLength: 1 + maxLength: 80 + is_superuser: + type: boolean + description: Users added to this group will be superusers. + parent: + type: string + format: uuid + nullable: true + users: + type: array + items: + type: integer + attributes: + type: object + additionalProperties: {} + PatchedHaveIBeenPwendPolicyRequest: + type: object + description: Have I Been Pwned Policy Serializer + properties: + name: + type: string + nullable: true + execution_logging: + type: boolean + description: When this option is enabled, all executions of this policy + will be logged. By default, only execution errors are logged. + password_field: + type: string + minLength: 1 + description: Field key to check, field keys defined in Prompt stages are + available. + allowed_count: + type: integer + maximum: 2147483647 + minimum: -2147483648 + PatchedIdentificationStageRequest: + type: object + description: IdentificationStage Serializer + properties: + name: + type: string + minLength: 1 + flow_set: + type: array + items: + $ref: '#/components/schemas/FlowSetRequest' + user_fields: + type: array + items: + $ref: '#/components/schemas/UserFieldsEnum' + description: Fields of the user object to match against. (Hold shift to + select multiple options) + password_stage: + type: string + format: uuid + nullable: true + description: When set, shows a password field, instead of showing the password + field as seaprate step. + case_insensitive_matching: + type: boolean + description: When enabled, user fields are matched regardless of their casing. + show_matched_user: + type: boolean + description: When a valid username/email has been entered, and this option + is enabled, the user's username and avatar will be shown. Otherwise, the + text that the user entered will be shown + enrollment_flow: + type: string + format: uuid + nullable: true + description: Optional enrollment flow, which is linked at the bottom of + the page. + recovery_flow: + type: string + format: uuid + nullable: true + description: Optional recovery flow, which is linked at the bottom of the + page. + passwordless_flow: + type: string + format: uuid + nullable: true + description: Optional passwordless flow, which is linked at the bottom of + the page. + sources: + type: array + items: + type: string + format: uuid + description: Specify which sources should be shown. + show_source_labels: + type: boolean + PatchedInvitationRequest: + type: object + description: Invitation Serializer + properties: + name: + type: string + minLength: 1 + maxLength: 50 + pattern: ^[-a-zA-Z0-9_]+$ + expires: + type: string + format: date-time + fixed_data: + type: object + additionalProperties: {} + single_use: + type: boolean + description: When enabled, the invitation will be deleted after usage. + flow: + type: string + format: uuid + nullable: true + description: When set, only the configured flow can use this invitation. + PatchedInvitationStageRequest: + type: object + description: InvitationStage Serializer + properties: + name: + type: string + minLength: 1 + flow_set: + type: array + items: + $ref: '#/components/schemas/FlowSetRequest' + continue_flow_without_invitation: + type: boolean + description: If this flag is set, this Stage will jump to the next Stage + when no Invitation is given. By default this Stage will cancel the Flow + when no invitation is given. + PatchedKubernetesServiceConnectionRequest: + type: object + description: KubernetesServiceConnection Serializer + properties: + name: + type: string + minLength: 1 + local: + type: boolean + description: If enabled, use the local connection. Required Docker socket/Kubernetes + Integration + kubeconfig: + type: object + additionalProperties: {} + description: Paste your kubeconfig here. authentik will automatically use + the currently selected context. + verify_ssl: + type: boolean + description: Verify SSL Certificates of the Kubernetes API endpoint + PatchedLDAPPropertyMappingRequest: + type: object + description: LDAP PropertyMapping Serializer + properties: + managed: + type: string + nullable: true + minLength: 1 + title: Managed by authentik + description: Objects which are managed by authentik. These objects are created + and updated automatically. This is flag only indicates that an object + can be overwritten by migrations. You can still modify the objects via + the API, but expect changes to be overwritten in a later update. + name: + type: string + minLength: 1 + expression: + type: string + minLength: 1 + object_field: + type: string + minLength: 1 + PatchedLDAPProviderRequest: + type: object + description: LDAPProvider Serializer + properties: + name: + type: string + minLength: 1 + authorization_flow: + type: string + format: uuid + description: Flow used when authorizing this provider. + property_mappings: + type: array + items: + type: string + format: uuid + base_dn: + type: string + minLength: 1 + description: DN under which objects are accessible. + search_group: + type: string + format: uuid + nullable: true + description: Users in this group can do search queries. If not set, every + user can execute search queries. + certificate: + type: string + format: uuid + nullable: true + tls_server_name: + type: string + uid_start_number: + type: integer + maximum: 2147483647 + minimum: -2147483648 + description: The start for uidNumbers, this number is added to the user.Pk + to make sure that the numbers aren't too low for POSIX users. Default + is 2000 to ensure that we don't collide with local users uidNumber + gid_start_number: + type: integer + maximum: 2147483647 + minimum: -2147483648 + description: The start for gidNumbers, this number is added to a number + generated from the group.Pk to make sure that the numbers aren't too low + for POSIX groups. Default is 4000 to ensure that we don't collide with + local groups or users primary groups gidNumber + search_mode: + $ref: '#/components/schemas/LDAPAPIAccessMode' + bind_mode: + $ref: '#/components/schemas/LDAPAPIAccessMode' + PatchedLDAPSourceRequest: + type: object + description: LDAP Source Serializer + properties: + name: + type: string + minLength: 1 + description: Source's display Name. + slug: + type: string + minLength: 1 + description: Internal source name, used in URLs. + maxLength: 50 + pattern: ^[-a-zA-Z0-9_]+$ + enabled: + type: boolean + authentication_flow: + type: string + format: uuid + nullable: true + description: Flow to use when authenticating existing users. + enrollment_flow: + type: string + format: uuid + nullable: true + description: Flow to use when enrolling new users. + policy_engine_mode: + $ref: '#/components/schemas/PolicyEngineMode' + user_matching_mode: + allOf: + - $ref: '#/components/schemas/UserMatchingModeEnum' + description: How the source determines if an existing user should be authenticated + or a new user enrolled. + user_path_template: + type: string + minLength: 1 + server_uri: + type: string + minLength: 1 + format: uri + peer_certificate: + type: string + format: uuid + nullable: true + description: Optionally verify the LDAP Server's Certificate against the + CA Chain in this keypair. + bind_cn: + type: string + bind_password: + type: string + writeOnly: true + start_tls: + type: boolean + title: Enable Start TLS + base_dn: + type: string + minLength: 1 + additional_user_dn: + type: string + title: Addition User DN + description: Prepended to Base DN for User-queries. + additional_group_dn: + type: string + title: Addition Group DN + description: Prepended to Base DN for Group-queries. + user_object_filter: + type: string + minLength: 1 + description: Consider Objects matching this filter to be Users. + group_object_filter: + type: string + minLength: 1 + description: Consider Objects matching this filter to be Groups. + group_membership_field: + type: string + minLength: 1 + description: Field which contains members of a group. + object_uniqueness_field: + type: string + minLength: 1 + description: Field which contains a unique Identifier. + sync_users: + type: boolean + sync_users_password: + type: boolean + description: When a user changes their password, sync it back to LDAP. This + can only be enabled on a single LDAP source. + sync_groups: + type: boolean + sync_parent_group: + type: string + format: uuid + nullable: true + property_mappings: + type: array + items: + type: string + format: uuid + property_mappings_group: + type: array + items: + type: string + format: uuid + description: Property mappings used for group creation/updating. + PatchedNotificationRequest: + type: object + description: Notification Serializer + properties: + event: + $ref: '#/components/schemas/EventRequest' + seen: + type: boolean + PatchedNotificationRuleRequest: + type: object + description: NotificationRule Serializer + properties: + name: + type: string + minLength: 1 + transports: + type: array + items: + type: string + format: uuid + description: Select which transports should be used to notify the user. + If none are selected, the notification will only be shown in the authentik + UI. + severity: + allOf: + - $ref: '#/components/schemas/SeverityEnum' + description: Controls which severity level the created notifications will + have. + group: + type: string + format: uuid + nullable: true + description: Define which group of users this notification should be sent + and shown to. If left empty, Notification won't ben sent. + PatchedNotificationTransportRequest: + type: object + description: NotificationTransport Serializer + properties: + name: + type: string + minLength: 1 + mode: + $ref: '#/components/schemas/NotificationTransportModeEnum' + webhook_url: + type: string + format: uri + webhook_mapping: + type: string + format: uuid + nullable: true + send_once: + type: boolean + description: Only send notification once, for example when sending a webhook + into a chat channel. + PatchedNotificationWebhookMappingRequest: + type: object + description: NotificationWebhookMapping Serializer + properties: + name: + type: string + minLength: 1 + expression: + type: string + minLength: 1 + PatchedOAuth2ProviderRequest: + type: object + description: OAuth2Provider Serializer + properties: + name: + type: string + minLength: 1 + authorization_flow: + type: string + format: uuid + description: Flow used when authorizing this provider. + property_mappings: + type: array + items: + type: string + format: uuid + client_type: + allOf: + - $ref: '#/components/schemas/ClientTypeEnum' + description: Confidential clients are capable of maintaining the confidentiality + of their credentials. Public clients are incapable + client_id: + type: string + minLength: 1 + maxLength: 255 + client_secret: + type: string + maxLength: 255 + access_code_validity: + type: string + minLength: 1 + description: 'Access codes not valid on or after current time + this value + (Format: hours=1;minutes=2;seconds=3).' + token_validity: + type: string + minLength: 1 + description: 'Tokens not valid on or after current time + this value (Format: + hours=1;minutes=2;seconds=3).' + include_claims_in_id_token: + type: boolean + description: Include User claims from scopes in the id_token, for applications + that don't access the userinfo endpoint. + signing_key: + type: string + format: uuid + nullable: true + description: Key used to sign the tokens. Only required when JWT Algorithm + is set to RS256. + redirect_uris: + type: string + description: Enter each URI on a new line. + sub_mode: + allOf: + - $ref: '#/components/schemas/SubModeEnum' + description: Configure what data should be used as unique User Identifier. + For most cases, the default should be fine. + issuer_mode: + allOf: + - $ref: '#/components/schemas/IssuerModeEnum' + description: Configure how the issuer field of the ID Token should be filled. + jwks_sources: + type: array + items: + type: string + format: uuid + title: Any JWT signed by the JWK of the selected source can be used to + authenticate. + title: Any JWT signed by the JWK of the selected source can be used to authenticate. + PatchedOAuthSourceRequest: + type: object + description: OAuth Source Serializer + properties: + name: + type: string + minLength: 1 + description: Source's display Name. + slug: + type: string + minLength: 1 + description: Internal source name, used in URLs. + maxLength: 50 + pattern: ^[-a-zA-Z0-9_]+$ + enabled: + type: boolean + authentication_flow: + type: string + format: uuid + nullable: true + description: Flow to use when authenticating existing users. + enrollment_flow: + type: string + format: uuid + nullable: true + description: Flow to use when enrolling new users. + policy_engine_mode: + $ref: '#/components/schemas/PolicyEngineMode' + user_matching_mode: + allOf: + - $ref: '#/components/schemas/UserMatchingModeEnum' + description: How the source determines if an existing user should be authenticated + or a new user enrolled. + user_path_template: + type: string + minLength: 1 + provider_type: + $ref: '#/components/schemas/ProviderTypeEnum' + request_token_url: + type: string + nullable: true + minLength: 1 + description: URL used to request the initial token. This URL is only required + for OAuth 1. + maxLength: 255 + authorization_url: + type: string + nullable: true + minLength: 1 + description: URL the user is redirect to to conest the flow. + maxLength: 255 + access_token_url: + type: string + nullable: true + minLength: 1 + description: URL used by authentik to retrieve tokens. + maxLength: 255 + profile_url: + type: string + nullable: true + minLength: 1 + description: URL used by authentik to get user information. + maxLength: 255 + consumer_key: + type: string + minLength: 1 + consumer_secret: + type: string + writeOnly: true + minLength: 1 + additional_scopes: + type: string + oidc_well_known_url: + type: string + oidc_jwks_url: + type: string + oidc_jwks: + type: object + additionalProperties: {} + PatchedOutpostRequest: + type: object + description: Outpost Serializer + properties: + name: + type: string + minLength: 1 + type: + $ref: '#/components/schemas/OutpostTypeEnum' + providers: + type: array + items: + type: integer + service_connection: + type: string + format: uuid + nullable: true + description: Select Service-Connection authentik should use to manage this + outpost. Leave empty if authentik should not handle the deployment. + config: + type: object + additionalProperties: {} + managed: + type: string + nullable: true + minLength: 1 + title: Managed by authentik + description: Objects which are managed by authentik. These objects are created + and updated automatically. This is flag only indicates that an object + can be overwritten by migrations. You can still modify the objects via + the API, but expect changes to be overwritten in a later update. + PatchedPasswordExpiryPolicyRequest: + type: object + description: Password Expiry Policy Serializer + properties: + name: + type: string + nullable: true + execution_logging: + type: boolean + description: When this option is enabled, all executions of this policy + will be logged. By default, only execution errors are logged. + days: + type: integer + maximum: 2147483647 + minimum: -2147483648 + deny_only: + type: boolean + PatchedPasswordPolicyRequest: + type: object + description: Password Policy Serializer + properties: + name: + type: string + nullable: true + execution_logging: + type: boolean + description: When this option is enabled, all executions of this policy + will be logged. By default, only execution errors are logged. + password_field: + type: string + minLength: 1 + description: Field key to check, field keys defined in Prompt stages are + available. + amount_digits: + type: integer + maximum: 2147483647 + minimum: 0 + amount_uppercase: + type: integer + maximum: 2147483647 + minimum: 0 + amount_lowercase: + type: integer + maximum: 2147483647 + minimum: 0 + amount_symbols: + type: integer + maximum: 2147483647 + minimum: 0 + length_min: + type: integer + maximum: 2147483647 + minimum: 0 + symbol_charset: + type: string + minLength: 1 + error_message: + type: string + check_static_rules: + type: boolean + check_have_i_been_pwned: + type: boolean + check_zxcvbn: + type: boolean + hibp_allowed_count: + type: integer + maximum: 2147483647 + minimum: 0 + description: How many times the password hash is allowed to be on haveibeenpwned + zxcvbn_score_threshold: + type: integer + maximum: 2147483647 + minimum: 0 + description: If the zxcvbn score is equal or less than this value, the policy + will fail. + PatchedPasswordStageRequest: + type: object + description: PasswordStage Serializer + properties: + name: + type: string + minLength: 1 + flow_set: + type: array + items: + $ref: '#/components/schemas/FlowSetRequest' + backends: + type: array + items: + $ref: '#/components/schemas/BackendsEnum' + description: Selection of backends to test the password against. + configure_flow: + type: string + format: uuid + nullable: true + description: Flow used by an authenticated user to configure this Stage. + If empty, user will not be able to configure this stage. + failed_attempts_before_cancel: + type: integer + maximum: 2147483647 + minimum: -2147483648 + description: How many attempts a user has before the flow is canceled. To + lock the user out, use a reputation policy and a user_write stage. + PatchedPlexSourceConnectionRequest: + type: object + description: Plex Source connection Serializer + properties: + identifier: + type: string + minLength: 1 + plex_token: + type: string + minLength: 1 + PatchedPlexSourceRequest: + type: object + description: Plex Source Serializer + properties: + name: + type: string + minLength: 1 + description: Source's display Name. + slug: + type: string + minLength: 1 + description: Internal source name, used in URLs. + maxLength: 50 + pattern: ^[-a-zA-Z0-9_]+$ + enabled: + type: boolean + authentication_flow: + type: string + format: uuid + nullable: true + description: Flow to use when authenticating existing users. + enrollment_flow: + type: string + format: uuid + nullable: true + description: Flow to use when enrolling new users. + policy_engine_mode: + $ref: '#/components/schemas/PolicyEngineMode' + user_matching_mode: + allOf: + - $ref: '#/components/schemas/UserMatchingModeEnum' + description: How the source determines if an existing user should be authenticated + or a new user enrolled. + user_path_template: + type: string + minLength: 1 + client_id: + type: string + minLength: 1 + description: Client identifier used to talk to Plex. + allowed_servers: + type: array + items: + type: string + minLength: 1 + description: Which servers a user has to be a member of to be granted access. + Empty list allows every server. + allow_friends: + type: boolean + description: Allow friends to authenticate, even if you don't share a server. + plex_token: + type: string + minLength: 1 + description: Plex token used to check friends + PatchedPolicyBindingRequest: + type: object + description: PolicyBinding Serializer + properties: + policy: + type: string + format: uuid + nullable: true + group: + type: string + format: uuid + nullable: true + user: + type: integer + nullable: true + target: + type: string + format: uuid + negate: + type: boolean + description: Negates the outcome of the policy. Messages are unaffected. + enabled: + type: boolean + order: + type: integer + maximum: 2147483647 + minimum: -2147483648 + timeout: + type: integer + maximum: 2147483647 + minimum: -2147483648 + description: Timeout after which Policy execution is terminated. + PatchedPromptRequest: + type: object + description: Prompt Serializer + properties: + field_key: + type: string + minLength: 1 + description: Name of the form field, also used to store the value + label: + type: string + minLength: 1 + type: + $ref: '#/components/schemas/PromptTypeEnum' + required: + type: boolean + placeholder: + type: string + order: + type: integer + maximum: 2147483647 + minimum: -2147483648 + promptstage_set: + type: array + items: + $ref: '#/components/schemas/StageRequest' + sub_text: + type: string + placeholder_expression: + type: boolean + PatchedPromptStageRequest: + type: object + description: PromptStage Serializer + properties: + name: + type: string + minLength: 1 + flow_set: + type: array + items: + $ref: '#/components/schemas/FlowSetRequest' + fields: + type: array + items: + type: string + format: uuid + validation_policies: + type: array + items: + type: string + format: uuid + PatchedProxyProviderRequest: + type: object + description: ProxyProvider Serializer + properties: + name: + type: string + minLength: 1 + authorization_flow: + type: string + format: uuid + description: Flow used when authorizing this provider. + property_mappings: + type: array + items: + type: string + format: uuid + internal_host: + type: string + format: uri + external_host: + type: string + minLength: 1 + format: uri + internal_host_ssl_validation: + type: boolean + description: Validate SSL Certificates of upstream servers + certificate: + type: string + format: uuid + nullable: true + skip_path_regex: + type: string + description: Regular expressions for which authentication is not required. + Each new line is interpreted as a new Regular Expression. + basic_auth_enabled: + type: boolean + title: Set HTTP-Basic Authentication + description: Set a custom HTTP-Basic Authentication header based on values + from authentik. + basic_auth_password_attribute: + type: string + title: HTTP-Basic Password Key + description: User/Group Attribute used for the password part of the HTTP-Basic + Header. + basic_auth_user_attribute: + type: string + title: HTTP-Basic Username Key + description: User/Group Attribute used for the user part of the HTTP-Basic + Header. If not set, the user's Email address is used. + mode: + allOf: + - $ref: '#/components/schemas/ProxyMode' + description: Enable support for forwardAuth in traefik and nginx auth_request. + Exclusive with internal_host. + cookie_domain: + type: string + token_validity: + type: string + minLength: 1 + description: 'Tokens not valid on or after current time + this value (Format: + hours=1;minutes=2;seconds=3).' + PatchedReputationPolicyRequest: + type: object + description: Reputation Policy Serializer + properties: + name: + type: string + nullable: true + execution_logging: + type: boolean + description: When this option is enabled, all executions of this policy + will be logged. By default, only execution errors are logged. + check_ip: + type: boolean + check_username: + type: boolean + threshold: + type: integer + maximum: 2147483647 + minimum: -2147483648 + PatchedSAMLPropertyMappingRequest: + type: object + description: SAMLPropertyMapping Serializer + properties: + managed: + type: string + nullable: true + minLength: 1 + title: Managed by authentik + description: Objects which are managed by authentik. These objects are created + and updated automatically. This is flag only indicates that an object + can be overwritten by migrations. You can still modify the objects via + the API, but expect changes to be overwritten in a later update. + name: + type: string + minLength: 1 + expression: + type: string + minLength: 1 + saml_name: + type: string + minLength: 1 + friendly_name: + type: string + nullable: true + PatchedSAMLProviderRequest: + type: object + description: SAMLProvider Serializer + properties: + name: + type: string + minLength: 1 + authorization_flow: + type: string + format: uuid + description: Flow used when authorizing this provider. + property_mappings: + type: array + items: + type: string + format: uuid + acs_url: + type: string + format: uri + minLength: 1 + maxLength: 200 + audience: + type: string + description: Value of the audience restriction field of the assertion. When + left empty, no audience restriction will be added. + issuer: + type: string + minLength: 1 + description: Also known as EntityID + assertion_valid_not_before: + type: string + minLength: 1 + description: 'Assertion valid not before current time + this value (Format: + hours=-1;minutes=-2;seconds=-3).' + assertion_valid_not_on_or_after: + type: string + minLength: 1 + description: 'Assertion not valid on or after current time + this value + (Format: hours=1;minutes=2;seconds=3).' + session_valid_not_on_or_after: + type: string + minLength: 1 + description: 'Session not valid on or after current time + this value (Format: + hours=1;minutes=2;seconds=3).' + name_id_mapping: + type: string + format: uuid + nullable: true + title: NameID Property Mapping + description: Configure how the NameID value will be created. When left empty, + the NameIDPolicy of the incoming request will be considered + digest_algorithm: + $ref: '#/components/schemas/DigestAlgorithmEnum' + signature_algorithm: + $ref: '#/components/schemas/SignatureAlgorithmEnum' + signing_kp: + type: string + format: uuid + nullable: true + title: Signing Keypair + description: Keypair used to sign outgoing Responses going to the Service + Provider. + verification_kp: + type: string + format: uuid + nullable: true + title: Verification Certificate + description: When selected, incoming assertion's Signatures will be validated + against this certificate. To allow unsigned Requests, leave on default. + sp_binding: + allOf: + - $ref: '#/components/schemas/SpBindingEnum' + title: Service Provider Binding + description: This determines how authentik sends the response back to the + Service Provider. + PatchedSAMLSourceRequest: + type: object + description: SAMLSource Serializer + properties: + name: + type: string + minLength: 1 + description: Source's display Name. + slug: + type: string + minLength: 1 + description: Internal source name, used in URLs. + maxLength: 50 + pattern: ^[-a-zA-Z0-9_]+$ + enabled: + type: boolean + authentication_flow: + type: string + format: uuid + nullable: true + description: Flow to use when authenticating existing users. + enrollment_flow: + type: string + format: uuid + nullable: true + description: Flow to use when enrolling new users. + policy_engine_mode: + $ref: '#/components/schemas/PolicyEngineMode' + user_matching_mode: + allOf: + - $ref: '#/components/schemas/UserMatchingModeEnum' + description: How the source determines if an existing user should be authenticated + or a new user enrolled. + user_path_template: + type: string + minLength: 1 + pre_authentication_flow: + type: string + format: uuid + description: Flow used before authentication. + issuer: + type: string + description: Also known as Entity ID. Defaults the Metadata URL. + sso_url: + type: string + format: uri + minLength: 1 + description: URL that the initial Login request is sent to. + maxLength: 200 + slo_url: + type: string + format: uri + nullable: true + description: Optional URL if your IDP supports Single-Logout. + maxLength: 200 + allow_idp_initiated: + type: boolean + description: Allows authentication flows initiated by the IdP. This can + be a security risk, as no validation of the request ID is done. + name_id_policy: + allOf: + - $ref: '#/components/schemas/NameIdPolicyEnum' + description: NameID Policy sent to the IdP. Can be unset, in which case + no Policy is sent. + binding_type: + $ref: '#/components/schemas/BindingTypeEnum' + signing_kp: + type: string + format: uuid + nullable: true + title: Signing Keypair + description: Keypair which is used to sign outgoing requests. Leave empty + to disable signing. + digest_algorithm: + $ref: '#/components/schemas/DigestAlgorithmEnum' + signature_algorithm: + $ref: '#/components/schemas/SignatureAlgorithmEnum' + temporary_user_delete_after: + type: string + minLength: 1 + title: Delete temporary users after + description: 'Time offset when temporary users should be deleted. This only + applies if your IDP uses the NameID Format ''transient'', and the user + doesn''t log out manually. (Format: hours=1;minutes=2;seconds=3).' + PatchedSMSDeviceRequest: + type: object + description: Serializer for sms authenticator devices + properties: + name: + type: string + minLength: 1 + description: The human-readable name of this device. + maxLength: 64 + PatchedScopeMappingRequest: + type: object + description: ScopeMapping Serializer + properties: + managed: + type: string + nullable: true + minLength: 1 + title: Managed by authentik + description: Objects which are managed by authentik. These objects are created + and updated automatically. This is flag only indicates that an object + can be overwritten by migrations. You can still modify the objects via + the API, but expect changes to be overwritten in a later update. + name: + type: string + minLength: 1 + expression: + type: string + minLength: 1 + scope_name: + type: string + minLength: 1 + description: Scope used by the client + description: + type: string + description: Description shown to the user when consenting. If left empty, + the user won't be informed. + PatchedStaticDeviceRequest: + type: object + description: Serializer for static authenticator devices + properties: + name: + type: string + minLength: 1 + description: The human-readable name of this device. + maxLength: 64 + PatchedTOTPDeviceRequest: + type: object + description: Serializer for totp authenticator devices + properties: + name: + type: string + minLength: 1 + description: The human-readable name of this device. + maxLength: 64 + PatchedTenantRequest: + type: object + description: Tenant Serializer + properties: + domain: + type: string + minLength: 1 + description: Domain that activates this tenant. Can be a superset, i.e. + `a.b` for `aa.b` and `ba.b` + default: + type: boolean + branding_title: + type: string + minLength: 1 + branding_logo: + type: string + minLength: 1 + branding_favicon: + type: string + minLength: 1 + flow_authentication: + type: string + format: uuid + nullable: true + flow_invalidation: + type: string + format: uuid + nullable: true + flow_recovery: + type: string + format: uuid + nullable: true + flow_unenrollment: + type: string + format: uuid + nullable: true + flow_user_settings: + type: string + format: uuid + nullable: true + flow_device_code: + type: string + format: uuid + nullable: true + event_retention: + type: string + minLength: 1 + description: 'Events will be deleted after this duration.(Format: weeks=3;days=2;hours=3,seconds=2).' + web_certificate: + type: string + format: uuid + nullable: true + description: Web Certificate used by the authentik Core webserver. + attributes: + type: object + additionalProperties: {} + PatchedTokenRequest: + type: object + description: Token Serializer + properties: + managed: + type: string + nullable: true + minLength: 1 + title: Managed by authentik + description: Objects which are managed by authentik. These objects are created + and updated automatically. This is flag only indicates that an object + can be overwritten by migrations. You can still modify the objects via + the API, but expect changes to be overwritten in a later update. + identifier: + type: string + minLength: 1 + maxLength: 255 + pattern: ^[-a-zA-Z0-9_]+$ + intent: + $ref: '#/components/schemas/IntentEnum' + user: + type: integer + description: + type: string + expires: + type: string + format: date-time + expiring: + type: boolean + PatchedUserDeleteStageRequest: + type: object + description: UserDeleteStage Serializer + properties: + name: + type: string + minLength: 1 + flow_set: + type: array + items: + $ref: '#/components/schemas/FlowSetRequest' + PatchedUserLoginStageRequest: + type: object + description: UserLoginStage Serializer + properties: + name: + type: string + minLength: 1 + flow_set: + type: array + items: + $ref: '#/components/schemas/FlowSetRequest' + session_duration: + type: string + minLength: 1 + description: 'Determines how long a session lasts. Default of 0 means that + the sessions lasts until the browser is closed. (Format: hours=-1;minutes=-2;seconds=-3)' + PatchedUserLogoutStageRequest: + type: object + description: UserLogoutStage Serializer + properties: + name: + type: string + minLength: 1 + flow_set: + type: array + items: + $ref: '#/components/schemas/FlowSetRequest' + PatchedUserOAuthSourceConnectionRequest: + type: object + description: OAuth Source Serializer + properties: + user: + type: integer + identifier: + type: string + minLength: 1 + maxLength: 255 + access_token: + type: string + writeOnly: true + nullable: true + PatchedUserRequest: + type: object + description: User Serializer + properties: + username: + type: string + minLength: 1 + maxLength: 150 + name: + type: string + description: User's display name. + is_active: + type: boolean + title: Active + description: Designates whether this user should be treated as active. Unselect + this instead of deleting accounts. + last_login: + type: string + format: date-time + nullable: true + groups: + type: array + items: + type: string + format: uuid + email: + type: string + format: email + title: Email address + maxLength: 254 + attributes: + type: object + additionalProperties: {} + path: + type: string + minLength: 1 + PatchedUserSAMLSourceConnectionRequest: + type: object + description: SAML Source Serializer + properties: + user: + type: integer + identifier: + type: string + minLength: 1 + PatchedUserWriteStageRequest: + type: object + description: UserWriteStage Serializer + properties: + name: + type: string + minLength: 1 + flow_set: + type: array + items: + $ref: '#/components/schemas/FlowSetRequest' + create_users_as_inactive: + type: boolean + description: When set, newly created users are inactive and cannot login. + create_users_group: + type: string + format: uuid + nullable: true + description: Optionally add newly created users to this group. + can_create_users: + type: boolean + description: When set, this stage can create users. If not enabled and no + user is available, stage will fail. + user_path_template: + type: string + PatchedWebAuthnDeviceRequest: + type: object + description: Serializer for WebAuthn authenticator devices + properties: + name: + type: string + minLength: 1 + maxLength: 200 + Permission: + type: object + description: Permission used for consent + properties: + name: + type: string + id: + type: string + required: + - id + - name + PlexAuthenticationChallenge: + type: object + description: Challenge shown to the user in identification stage + properties: + type: + $ref: '#/components/schemas/ChallengeChoices' + flow_info: + $ref: '#/components/schemas/ContextualFlowInfo' + component: + type: string + default: ak-source-plex + response_errors: + type: object + additionalProperties: + type: array + items: + $ref: '#/components/schemas/ErrorDetail' + client_id: + type: string + slug: + type: string + required: + - client_id + - slug + - type + PlexAuthenticationChallengeResponseRequest: + type: object + description: Pseudo class for plex response + properties: + component: + type: string + minLength: 1 + default: ak-source-plex + PlexSource: + type: object + description: Plex Source Serializer + properties: + pk: + type: string + format: uuid + readOnly: true + title: Pbm uuid + name: + type: string + description: Source's display Name. + slug: + type: string + description: Internal source name, used in URLs. + maxLength: 50 + pattern: ^[-a-zA-Z0-9_]+$ + enabled: + type: boolean + authentication_flow: + type: string + format: uuid + nullable: true + description: Flow to use when authenticating existing users. + enrollment_flow: + type: string + format: uuid + nullable: true + description: Flow to use when enrolling new users. + component: + type: string + readOnly: true + verbose_name: + type: string + readOnly: true + verbose_name_plural: + type: string + readOnly: true + meta_model_name: + type: string + readOnly: true + policy_engine_mode: + $ref: '#/components/schemas/PolicyEngineMode' + user_matching_mode: + allOf: + - $ref: '#/components/schemas/UserMatchingModeEnum' + description: How the source determines if an existing user should be authenticated + or a new user enrolled. + managed: + type: string + nullable: true + title: Managed by authentik + description: Objects which are managed by authentik. These objects are created + and updated automatically. This is flag only indicates that an object + can be overwritten by migrations. You can still modify the objects via + the API, but expect changes to be overwritten in a later update. + readOnly: true + user_path_template: + type: string + icon: + type: string + nullable: true + readOnly: true + client_id: + type: string + description: Client identifier used to talk to Plex. + allowed_servers: + type: array + items: + type: string + description: Which servers a user has to be a member of to be granted access. + Empty list allows every server. + allow_friends: + type: boolean + description: Allow friends to authenticate, even if you don't share a server. + plex_token: + type: string + description: Plex token used to check friends + required: + - component + - icon + - managed + - meta_model_name + - name + - pk + - plex_token + - slug + - verbose_name + - verbose_name_plural + PlexSourceConnection: + type: object + description: Plex Source connection Serializer + properties: + pk: + type: integer + readOnly: true + title: ID + user: + type: integer + readOnly: true + source: + allOf: + - $ref: '#/components/schemas/Source' + readOnly: true + identifier: + type: string + plex_token: + type: string + required: + - identifier + - pk + - plex_token + - source + - user + PlexSourceConnectionRequest: + type: object + description: Plex Source connection Serializer + properties: + identifier: + type: string + minLength: 1 + plex_token: + type: string + minLength: 1 + required: + - identifier + - plex_token + PlexSourceRequest: + type: object + description: Plex Source Serializer + properties: + name: + type: string + minLength: 1 + description: Source's display Name. + slug: + type: string + minLength: 1 + description: Internal source name, used in URLs. + maxLength: 50 + pattern: ^[-a-zA-Z0-9_]+$ + enabled: + type: boolean + authentication_flow: + type: string + format: uuid + nullable: true + description: Flow to use when authenticating existing users. + enrollment_flow: + type: string + format: uuid + nullable: true + description: Flow to use when enrolling new users. + policy_engine_mode: + $ref: '#/components/schemas/PolicyEngineMode' + user_matching_mode: + allOf: + - $ref: '#/components/schemas/UserMatchingModeEnum' + description: How the source determines if an existing user should be authenticated + or a new user enrolled. + user_path_template: + type: string + minLength: 1 + client_id: + type: string + minLength: 1 + description: Client identifier used to talk to Plex. + allowed_servers: + type: array + items: + type: string + minLength: 1 + description: Which servers a user has to be a member of to be granted access. + Empty list allows every server. + allow_friends: + type: boolean + description: Allow friends to authenticate, even if you don't share a server. + plex_token: + type: string + minLength: 1 + description: Plex token used to check friends + required: + - name + - plex_token + - slug + PlexTokenRedeemRequest: + type: object + description: Serializer to redeem a plex token + properties: + plex_token: + type: string + minLength: 1 + required: + - plex_token + Policy: + type: object + description: Policy Serializer + properties: + pk: + type: string + format: uuid + readOnly: true + title: Policy uuid + name: + type: string + nullable: true + execution_logging: + type: boolean + description: When this option is enabled, all executions of this policy + will be logged. By default, only execution errors are logged. + component: + type: string + readOnly: true + verbose_name: + type: string + readOnly: true + verbose_name_plural: + type: string + readOnly: true + meta_model_name: + type: string + readOnly: true + bound_to: + type: integer + readOnly: true + required: + - bound_to + - component + - meta_model_name + - pk + - verbose_name + - verbose_name_plural + PolicyBinding: + type: object + description: PolicyBinding Serializer + properties: + pk: + type: string + format: uuid + readOnly: true + title: Policy binding uuid + policy: + type: string + format: uuid + nullable: true + group: + type: string + format: uuid + nullable: true + user: + type: integer + nullable: true + policy_obj: + allOf: + - $ref: '#/components/schemas/Policy' + readOnly: true + group_obj: + allOf: + - $ref: '#/components/schemas/Group' + readOnly: true + user_obj: + allOf: + - $ref: '#/components/schemas/User' + readOnly: true + target: + type: string + format: uuid + negate: + type: boolean + description: Negates the outcome of the policy. Messages are unaffected. + enabled: + type: boolean + order: + type: integer + maximum: 2147483647 + minimum: -2147483648 + timeout: + type: integer + maximum: 2147483647 + minimum: -2147483648 + description: Timeout after which Policy execution is terminated. + required: + - group_obj + - order + - pk + - policy_obj + - target + - user_obj + PolicyBindingRequest: + type: object + description: PolicyBinding Serializer + properties: + policy: + type: string + format: uuid + nullable: true + group: + type: string + format: uuid + nullable: true + user: + type: integer + nullable: true + target: + type: string + format: uuid + negate: + type: boolean + description: Negates the outcome of the policy. Messages are unaffected. + enabled: + type: boolean + order: + type: integer + maximum: 2147483647 + minimum: -2147483648 + timeout: + type: integer + maximum: 2147483647 + minimum: -2147483648 + description: Timeout after which Policy execution is terminated. + required: + - order + - target + PolicyEngineMode: + enum: + - all + - any + type: string + PolicyRequest: + type: object + description: Policy Serializer + properties: + name: + type: string + nullable: true + execution_logging: + type: boolean + description: When this option is enabled, all executions of this policy + will be logged. By default, only execution errors are logged. + PolicyTestRequest: + type: object + description: Test policy execution for a user with context + properties: + user: + type: integer + context: + type: object + additionalProperties: {} + required: + - user + PolicyTestResult: + type: object + description: result of a policy test + properties: + passing: + type: boolean + messages: + type: array + items: + type: string + readOnly: true + log_messages: + type: array + items: + type: object + additionalProperties: {} + readOnly: true + required: + - log_messages + - messages + - passing + Prompt: + type: object + description: Prompt Serializer + properties: + pk: + type: string + format: uuid + readOnly: true + title: Prompt uuid + field_key: + type: string + description: Name of the form field, also used to store the value + label: + type: string + type: + $ref: '#/components/schemas/PromptTypeEnum' + required: + type: boolean + placeholder: + type: string + order: + type: integer + maximum: 2147483647 + minimum: -2147483648 + promptstage_set: + type: array + items: + $ref: '#/components/schemas/Stage' + sub_text: + type: string + placeholder_expression: + type: boolean + required: + - field_key + - label + - pk + - type + PromptChallenge: + type: object + description: Initial challenge being sent, define fields + properties: + type: + $ref: '#/components/schemas/ChallengeChoices' + flow_info: + $ref: '#/components/schemas/ContextualFlowInfo' + component: + type: string + default: ak-stage-prompt + response_errors: + type: object + additionalProperties: + type: array + items: + $ref: '#/components/schemas/ErrorDetail' + fields: + type: array + items: + $ref: '#/components/schemas/StagePrompt' + required: + - fields + - type + PromptChallengeResponseRequest: + type: object + description: |- + Validate response, fields are dynamically created based + on the stage + properties: + component: + type: string + minLength: 1 + default: ak-stage-prompt + additionalProperties: {} + PromptRequest: + type: object + description: Prompt Serializer + properties: + field_key: + type: string + minLength: 1 + description: Name of the form field, also used to store the value + label: + type: string + minLength: 1 + type: + $ref: '#/components/schemas/PromptTypeEnum' + required: + type: boolean + placeholder: + type: string + order: + type: integer + maximum: 2147483647 + minimum: -2147483648 + promptstage_set: + type: array + items: + $ref: '#/components/schemas/StageRequest' + sub_text: + type: string + placeholder_expression: + type: boolean + required: + - field_key + - label + - type + PromptStage: + type: object + description: PromptStage Serializer + properties: + pk: + type: string + format: uuid + readOnly: true + title: Stage uuid + name: + type: string + component: + type: string + readOnly: true + verbose_name: + type: string + readOnly: true + verbose_name_plural: + type: string + readOnly: true + meta_model_name: + type: string + readOnly: true + flow_set: + type: array + items: + $ref: '#/components/schemas/FlowSet' + fields: + type: array + items: + type: string + format: uuid + validation_policies: + type: array + items: + type: string + format: uuid + required: + - component + - fields + - meta_model_name + - name + - pk + - verbose_name + - verbose_name_plural + PromptStageRequest: + type: object + description: PromptStage Serializer + properties: + name: + type: string + minLength: 1 + flow_set: + type: array + items: + $ref: '#/components/schemas/FlowSetRequest' + fields: + type: array + items: + type: string + format: uuid + validation_policies: + type: array + items: + type: string + format: uuid + required: + - fields + - name + PromptTypeEnum: + enum: + - text + - text_read_only + - username + - email + - password + - number + - checkbox + - date + - date-time + - file + - separator + - hidden + - static + - ak-locale + type: string + PropertyMapping: + type: object + description: PropertyMapping Serializer + properties: + pk: + type: string + format: uuid + readOnly: true + title: Pm uuid + managed: + type: string + nullable: true + title: Managed by authentik + description: Objects which are managed by authentik. These objects are created + and updated automatically. This is flag only indicates that an object + can be overwritten by migrations. You can still modify the objects via + the API, but expect changes to be overwritten in a later update. + name: + type: string + expression: + type: string + component: + type: string + readOnly: true + verbose_name: + type: string + readOnly: true + verbose_name_plural: + type: string + readOnly: true + meta_model_name: + type: string + readOnly: true + required: + - component + - expression + - meta_model_name + - name + - pk + - verbose_name + - verbose_name_plural + PropertyMappingPreview: + type: object + description: Preview how the current user is mapped via the property mappings + selected in a provider + properties: + preview: + type: object + additionalProperties: {} + readOnly: true + required: + - preview + PropertyMappingTestResult: + type: object + description: Result of a Property-mapping test + properties: + result: + type: string + readOnly: true + successful: + type: boolean + readOnly: true + required: + - result + - successful + Provider: + type: object + description: Provider Serializer + properties: + pk: + type: integer + readOnly: true + title: ID + name: + type: string + authorization_flow: + type: string + format: uuid + description: Flow used when authorizing this provider. + property_mappings: + type: array + items: + type: string + format: uuid + component: + type: string + readOnly: true + assigned_application_slug: + type: string + description: Internal application name, used in URLs. + readOnly: true + assigned_application_name: + type: string + description: Application's display Name. + readOnly: true + verbose_name: + type: string + readOnly: true + verbose_name_plural: + type: string + readOnly: true + meta_model_name: + type: string + readOnly: true + required: + - assigned_application_name + - assigned_application_slug + - authorization_flow + - component + - meta_model_name + - name + - pk + - verbose_name + - verbose_name_plural + ProviderEnum: + enum: + - twilio + - generic + type: string + ProviderRequest: + type: object + description: Provider Serializer + properties: + name: + type: string + minLength: 1 + authorization_flow: + type: string + format: uuid + description: Flow used when authorizing this provider. + property_mappings: + type: array + items: + type: string + format: uuid + required: + - authorization_flow + - name + ProviderTypeEnum: + enum: + - apple + - azuread + - discord + - facebook + - github + - google + - openidconnect + - okta + - reddit + - twitter + - mailcow + - twitch + type: string + ProxyMode: + enum: + - proxy + - forward_single + - forward_domain + type: string + ProxyOutpostConfig: + type: object + description: Proxy provider serializer for outposts + properties: + pk: + type: integer + readOnly: true + title: ID + name: + type: string + internal_host: + type: string + format: uri + external_host: + type: string + format: uri + internal_host_ssl_validation: + type: boolean + description: Validate SSL Certificates of upstream servers + client_id: + type: string + maxLength: 255 + client_secret: + type: string + maxLength: 255 + oidc_configuration: + allOf: + - $ref: '#/components/schemas/OpenIDConnectConfiguration' + readOnly: true + cookie_secret: + type: string + certificate: + type: string + format: uuid + nullable: true + skip_path_regex: + type: string + description: Regular expressions for which authentication is not required. + Each new line is interpreted as a new Regular Expression. + basic_auth_enabled: + type: boolean + title: Set HTTP-Basic Authentication + description: Set a custom HTTP-Basic Authentication header based on values + from authentik. + basic_auth_password_attribute: + type: string + title: HTTP-Basic Password Key + description: User/Group Attribute used for the password part of the HTTP-Basic + Header. + basic_auth_user_attribute: + type: string + title: HTTP-Basic Username Key + description: User/Group Attribute used for the user part of the HTTP-Basic + Header. If not set, the user's Email address is used. + mode: + allOf: + - $ref: '#/components/schemas/ProxyMode' + description: Enable support for forwardAuth in traefik and nginx auth_request. + Exclusive with internal_host. + cookie_domain: + type: string + token_validity: + type: number + format: double + nullable: true + readOnly: true + scopes_to_request: + type: array + items: + type: string + readOnly: true + assigned_application_slug: + type: string + description: Internal application name, used in URLs. + readOnly: true + assigned_application_name: + type: string + description: Application's display Name. + readOnly: true + required: + - assigned_application_name + - assigned_application_slug + - external_host + - name + - oidc_configuration + - pk + - scopes_to_request + - token_validity + ProxyProvider: + type: object + description: ProxyProvider Serializer + properties: + pk: + type: integer + readOnly: true + title: ID + name: + type: string + authorization_flow: + type: string + format: uuid + description: Flow used when authorizing this provider. + property_mappings: + type: array + items: + type: string + format: uuid + component: + type: string + readOnly: true + assigned_application_slug: + type: string + description: Internal application name, used in URLs. + readOnly: true + assigned_application_name: + type: string + description: Application's display Name. + readOnly: true + verbose_name: + type: string + readOnly: true + verbose_name_plural: + type: string + readOnly: true + meta_model_name: + type: string + readOnly: true + internal_host: + type: string + format: uri + external_host: + type: string + format: uri + internal_host_ssl_validation: + type: boolean + description: Validate SSL Certificates of upstream servers + certificate: + type: string + format: uuid + nullable: true + skip_path_regex: + type: string + description: Regular expressions for which authentication is not required. + Each new line is interpreted as a new Regular Expression. + basic_auth_enabled: + type: boolean + title: Set HTTP-Basic Authentication + description: Set a custom HTTP-Basic Authentication header based on values + from authentik. + basic_auth_password_attribute: + type: string + title: HTTP-Basic Password Key + description: User/Group Attribute used for the password part of the HTTP-Basic + Header. + basic_auth_user_attribute: + type: string + title: HTTP-Basic Username Key + description: User/Group Attribute used for the user part of the HTTP-Basic + Header. If not set, the user's Email address is used. + mode: + allOf: + - $ref: '#/components/schemas/ProxyMode' + description: Enable support for forwardAuth in traefik and nginx auth_request. + Exclusive with internal_host. + redirect_uris: + type: string + readOnly: true + cookie_domain: + type: string + token_validity: + type: string + description: 'Tokens not valid on or after current time + this value (Format: + hours=1;minutes=2;seconds=3).' + outpost_set: + type: array + items: + type: string + readOnly: true + required: + - assigned_application_name + - assigned_application_slug + - authorization_flow + - component + - external_host + - meta_model_name + - name + - outpost_set + - pk + - redirect_uris + - verbose_name + - verbose_name_plural + ProxyProviderRequest: + type: object + description: ProxyProvider Serializer + properties: + name: + type: string + minLength: 1 + authorization_flow: + type: string + format: uuid + description: Flow used when authorizing this provider. + property_mappings: + type: array + items: + type: string + format: uuid + internal_host: + type: string + format: uri + external_host: + type: string + minLength: 1 + format: uri + internal_host_ssl_validation: + type: boolean + description: Validate SSL Certificates of upstream servers + certificate: + type: string + format: uuid + nullable: true + skip_path_regex: + type: string + description: Regular expressions for which authentication is not required. + Each new line is interpreted as a new Regular Expression. + basic_auth_enabled: + type: boolean + title: Set HTTP-Basic Authentication + description: Set a custom HTTP-Basic Authentication header based on values + from authentik. + basic_auth_password_attribute: + type: string + title: HTTP-Basic Password Key + description: User/Group Attribute used for the password part of the HTTP-Basic + Header. + basic_auth_user_attribute: + type: string + title: HTTP-Basic Username Key + description: User/Group Attribute used for the user part of the HTTP-Basic + Header. If not set, the user's Email address is used. + mode: + allOf: + - $ref: '#/components/schemas/ProxyMode' + description: Enable support for forwardAuth in traefik and nginx auth_request. + Exclusive with internal_host. + cookie_domain: + type: string + token_validity: + type: string + minLength: 1 + description: 'Tokens not valid on or after current time + this value (Format: + hours=1;minutes=2;seconds=3).' + required: + - authorization_flow + - external_host + - name + RedirectChallenge: + type: object + description: Challenge type to redirect the client + properties: + type: + $ref: '#/components/schemas/ChallengeChoices' + flow_info: + $ref: '#/components/schemas/ContextualFlowInfo' + component: + type: string + default: xak-flow-redirect + response_errors: + type: object + additionalProperties: + type: array + items: + $ref: '#/components/schemas/ErrorDetail' + to: + type: string + required: + - to + - type + RefreshTokenModel: + type: object + description: Serializer for BaseGrantModel and RefreshToken + properties: + pk: + type: integer + readOnly: true + title: ID + provider: + $ref: '#/components/schemas/OAuth2Provider' + user: + $ref: '#/components/schemas/User' + is_expired: + type: boolean + readOnly: true + expires: + type: string + format: date-time + scope: + type: array + items: + type: string + id_token: + type: string + readOnly: true + revoked: + type: boolean + required: + - id_token + - is_expired + - pk + - provider + - scope + - user + Reputation: + type: object + description: Reputation Serializer + properties: + pk: + type: string + format: uuid + title: Reputation uuid + identifier: + type: string + ip: + type: string + ip_geo_data: + type: object + additionalProperties: {} + score: + type: integer + maximum: 9223372036854775807 + minimum: -9223372036854775808 + format: int64 + updated: + type: string + format: date-time + readOnly: true + required: + - identifier + - ip + - updated + ReputationPolicy: + type: object + description: Reputation Policy Serializer + properties: + pk: + type: string + format: uuid + readOnly: true + title: Policy uuid + name: + type: string + nullable: true + execution_logging: + type: boolean + description: When this option is enabled, all executions of this policy + will be logged. By default, only execution errors are logged. + component: + type: string + readOnly: true + verbose_name: + type: string + readOnly: true + verbose_name_plural: + type: string + readOnly: true + meta_model_name: + type: string + readOnly: true + bound_to: + type: integer + readOnly: true + check_ip: + type: boolean + check_username: + type: boolean + threshold: + type: integer + maximum: 2147483647 + minimum: -2147483648 + required: + - bound_to + - component + - meta_model_name + - pk + - verbose_name + - verbose_name_plural + ReputationPolicyRequest: + type: object + description: Reputation Policy Serializer + properties: + name: + type: string + nullable: true + execution_logging: + type: boolean + description: When this option is enabled, all executions of this policy + will be logged. By default, only execution errors are logged. + check_ip: + type: boolean + check_username: + type: boolean + threshold: + type: integer + maximum: 2147483647 + minimum: -2147483648 + ResidentKeyRequirementEnum: + enum: + - discouraged + - preferred + - required + type: string + SAMLMetadata: + type: object + description: SAML Provider Metadata serializer + properties: + metadata: + type: string + readOnly: true + download_url: + type: string + readOnly: true + required: + - download_url + - metadata + SAMLPropertyMapping: + type: object + description: SAMLPropertyMapping Serializer + properties: + pk: + type: string + format: uuid + readOnly: true + title: Pm uuid + managed: + type: string + nullable: true + title: Managed by authentik + description: Objects which are managed by authentik. These objects are created + and updated automatically. This is flag only indicates that an object + can be overwritten by migrations. You can still modify the objects via + the API, but expect changes to be overwritten in a later update. + name: + type: string + expression: + type: string + component: + type: string + readOnly: true + verbose_name: + type: string + readOnly: true + verbose_name_plural: + type: string + readOnly: true + meta_model_name: + type: string + readOnly: true + saml_name: + type: string + friendly_name: + type: string + nullable: true + required: + - component + - expression + - meta_model_name + - name + - pk + - saml_name + - verbose_name + - verbose_name_plural + SAMLPropertyMappingRequest: + type: object + description: SAMLPropertyMapping Serializer + properties: + managed: + type: string + nullable: true + minLength: 1 + title: Managed by authentik + description: Objects which are managed by authentik. These objects are created + and updated automatically. This is flag only indicates that an object + can be overwritten by migrations. You can still modify the objects via + the API, but expect changes to be overwritten in a later update. + name: + type: string + minLength: 1 + expression: + type: string + minLength: 1 + saml_name: + type: string + minLength: 1 + friendly_name: + type: string + nullable: true + required: + - expression + - name + - saml_name + SAMLProvider: + type: object + description: SAMLProvider Serializer + properties: + pk: + type: integer + readOnly: true + title: ID + name: + type: string + authorization_flow: + type: string + format: uuid + description: Flow used when authorizing this provider. + property_mappings: + type: array + items: + type: string + format: uuid + component: + type: string + readOnly: true + assigned_application_slug: + type: string + description: Internal application name, used in URLs. + readOnly: true + assigned_application_name: + type: string + description: Application's display Name. + readOnly: true + verbose_name: + type: string + readOnly: true + verbose_name_plural: + type: string + readOnly: true + meta_model_name: + type: string + readOnly: true + acs_url: + type: string + format: uri + maxLength: 200 + audience: + type: string + description: Value of the audience restriction field of the assertion. When + left empty, no audience restriction will be added. + issuer: + type: string + description: Also known as EntityID + assertion_valid_not_before: + type: string + description: 'Assertion valid not before current time + this value (Format: + hours=-1;minutes=-2;seconds=-3).' + assertion_valid_not_on_or_after: + type: string + description: 'Assertion not valid on or after current time + this value + (Format: hours=1;minutes=2;seconds=3).' + session_valid_not_on_or_after: + type: string + description: 'Session not valid on or after current time + this value (Format: + hours=1;minutes=2;seconds=3).' + name_id_mapping: + type: string + format: uuid + nullable: true + title: NameID Property Mapping + description: Configure how the NameID value will be created. When left empty, + the NameIDPolicy of the incoming request will be considered + digest_algorithm: + $ref: '#/components/schemas/DigestAlgorithmEnum' + signature_algorithm: + $ref: '#/components/schemas/SignatureAlgorithmEnum' + signing_kp: + type: string + format: uuid + nullable: true + title: Signing Keypair + description: Keypair used to sign outgoing Responses going to the Service + Provider. + verification_kp: + type: string + format: uuid + nullable: true + title: Verification Certificate + description: When selected, incoming assertion's Signatures will be validated + against this certificate. To allow unsigned Requests, leave on default. + sp_binding: + allOf: + - $ref: '#/components/schemas/SpBindingEnum' + title: Service Provider Binding + description: This determines how authentik sends the response back to the + Service Provider. + url_download_metadata: + type: string + readOnly: true + url_sso_post: + type: string + readOnly: true + url_sso_redirect: + type: string + readOnly: true + url_sso_init: + type: string + readOnly: true + required: + - acs_url + - assigned_application_name + - assigned_application_slug + - authorization_flow + - component + - meta_model_name + - name + - pk + - url_download_metadata + - url_sso_init + - url_sso_post + - url_sso_redirect + - verbose_name + - verbose_name_plural + SAMLProviderImportRequest: + type: object + description: Import saml provider from XML Metadata + properties: + name: + type: string + minLength: 1 + authorization_flow: + type: string + minLength: 1 + description: Visible in the URL. + file: + type: string + format: binary + required: + - authorization_flow + - file + - name + SAMLProviderRequest: + type: object + description: SAMLProvider Serializer + properties: + name: + type: string + minLength: 1 + authorization_flow: + type: string + format: uuid + description: Flow used when authorizing this provider. + property_mappings: + type: array + items: + type: string + format: uuid + acs_url: + type: string + format: uri + minLength: 1 + maxLength: 200 + audience: + type: string + description: Value of the audience restriction field of the assertion. When + left empty, no audience restriction will be added. + issuer: + type: string + minLength: 1 + description: Also known as EntityID + assertion_valid_not_before: + type: string + minLength: 1 + description: 'Assertion valid not before current time + this value (Format: + hours=-1;minutes=-2;seconds=-3).' + assertion_valid_not_on_or_after: + type: string + minLength: 1 + description: 'Assertion not valid on or after current time + this value + (Format: hours=1;minutes=2;seconds=3).' + session_valid_not_on_or_after: + type: string + minLength: 1 + description: 'Session not valid on or after current time + this value (Format: + hours=1;minutes=2;seconds=3).' + name_id_mapping: + type: string + format: uuid + nullable: true + title: NameID Property Mapping + description: Configure how the NameID value will be created. When left empty, + the NameIDPolicy of the incoming request will be considered + digest_algorithm: + $ref: '#/components/schemas/DigestAlgorithmEnum' + signature_algorithm: + $ref: '#/components/schemas/SignatureAlgorithmEnum' + signing_kp: + type: string + format: uuid + nullable: true + title: Signing Keypair + description: Keypair used to sign outgoing Responses going to the Service + Provider. + verification_kp: + type: string + format: uuid + nullable: true + title: Verification Certificate + description: When selected, incoming assertion's Signatures will be validated + against this certificate. To allow unsigned Requests, leave on default. + sp_binding: + allOf: + - $ref: '#/components/schemas/SpBindingEnum' + title: Service Provider Binding + description: This determines how authentik sends the response back to the + Service Provider. + required: + - acs_url + - authorization_flow + - name + SAMLSource: + type: object + description: SAMLSource Serializer + properties: + pk: + type: string + format: uuid + readOnly: true + title: Pbm uuid + name: + type: string + description: Source's display Name. + slug: + type: string + description: Internal source name, used in URLs. + maxLength: 50 + pattern: ^[-a-zA-Z0-9_]+$ + enabled: + type: boolean + authentication_flow: + type: string + format: uuid + nullable: true + description: Flow to use when authenticating existing users. + enrollment_flow: + type: string + format: uuid + nullable: true + description: Flow to use when enrolling new users. + component: + type: string + readOnly: true + verbose_name: + type: string + readOnly: true + verbose_name_plural: + type: string + readOnly: true + meta_model_name: + type: string + readOnly: true + policy_engine_mode: + $ref: '#/components/schemas/PolicyEngineMode' + user_matching_mode: + allOf: + - $ref: '#/components/schemas/UserMatchingModeEnum' + description: How the source determines if an existing user should be authenticated + or a new user enrolled. + managed: + type: string + nullable: true + title: Managed by authentik + description: Objects which are managed by authentik. These objects are created + and updated automatically. This is flag only indicates that an object + can be overwritten by migrations. You can still modify the objects via + the API, but expect changes to be overwritten in a later update. + readOnly: true + user_path_template: + type: string + icon: + type: string + nullable: true + readOnly: true + pre_authentication_flow: + type: string + format: uuid + description: Flow used before authentication. + issuer: + type: string + description: Also known as Entity ID. Defaults the Metadata URL. + sso_url: + type: string + format: uri + description: URL that the initial Login request is sent to. + maxLength: 200 + slo_url: + type: string + format: uri + nullable: true + description: Optional URL if your IDP supports Single-Logout. + maxLength: 200 + allow_idp_initiated: + type: boolean + description: Allows authentication flows initiated by the IdP. This can + be a security risk, as no validation of the request ID is done. + name_id_policy: + allOf: + - $ref: '#/components/schemas/NameIdPolicyEnum' + description: NameID Policy sent to the IdP. Can be unset, in which case + no Policy is sent. + binding_type: + $ref: '#/components/schemas/BindingTypeEnum' + signing_kp: + type: string + format: uuid + nullable: true + title: Signing Keypair + description: Keypair which is used to sign outgoing requests. Leave empty + to disable signing. + digest_algorithm: + $ref: '#/components/schemas/DigestAlgorithmEnum' + signature_algorithm: + $ref: '#/components/schemas/SignatureAlgorithmEnum' + temporary_user_delete_after: + type: string + title: Delete temporary users after + description: 'Time offset when temporary users should be deleted. This only + applies if your IDP uses the NameID Format ''transient'', and the user + doesn''t log out manually. (Format: hours=1;minutes=2;seconds=3).' + required: + - component + - icon + - managed + - meta_model_name + - name + - pk + - pre_authentication_flow + - slug + - sso_url + - verbose_name + - verbose_name_plural + SAMLSourceRequest: + type: object + description: SAMLSource Serializer + properties: + name: + type: string + minLength: 1 + description: Source's display Name. + slug: + type: string + minLength: 1 + description: Internal source name, used in URLs. + maxLength: 50 + pattern: ^[-a-zA-Z0-9_]+$ + enabled: + type: boolean + authentication_flow: + type: string + format: uuid + nullable: true + description: Flow to use when authenticating existing users. + enrollment_flow: + type: string + format: uuid + nullable: true + description: Flow to use when enrolling new users. + policy_engine_mode: + $ref: '#/components/schemas/PolicyEngineMode' + user_matching_mode: + allOf: + - $ref: '#/components/schemas/UserMatchingModeEnum' + description: How the source determines if an existing user should be authenticated + or a new user enrolled. + user_path_template: + type: string + minLength: 1 + pre_authentication_flow: + type: string + format: uuid + description: Flow used before authentication. + issuer: + type: string + description: Also known as Entity ID. Defaults the Metadata URL. + sso_url: + type: string + format: uri + minLength: 1 + description: URL that the initial Login request is sent to. + maxLength: 200 + slo_url: + type: string + format: uri + nullable: true + description: Optional URL if your IDP supports Single-Logout. + maxLength: 200 + allow_idp_initiated: + type: boolean + description: Allows authentication flows initiated by the IdP. This can + be a security risk, as no validation of the request ID is done. + name_id_policy: + allOf: + - $ref: '#/components/schemas/NameIdPolicyEnum' + description: NameID Policy sent to the IdP. Can be unset, in which case + no Policy is sent. + binding_type: + $ref: '#/components/schemas/BindingTypeEnum' + signing_kp: + type: string + format: uuid + nullable: true + title: Signing Keypair + description: Keypair which is used to sign outgoing requests. Leave empty + to disable signing. + digest_algorithm: + $ref: '#/components/schemas/DigestAlgorithmEnum' + signature_algorithm: + $ref: '#/components/schemas/SignatureAlgorithmEnum' + temporary_user_delete_after: + type: string + minLength: 1 + title: Delete temporary users after + description: 'Time offset when temporary users should be deleted. This only + applies if your IDP uses the NameID Format ''transient'', and the user + doesn''t log out manually. (Format: hours=1;minutes=2;seconds=3).' + required: + - name + - pre_authentication_flow + - slug + - sso_url + SMSDevice: + type: object + description: Serializer for sms authenticator devices + properties: + name: + type: string + description: The human-readable name of this device. + maxLength: 64 + pk: + type: integer + readOnly: true + title: ID + phone_number: + type: string + readOnly: true + required: + - name + - phone_number + - pk + SMSDeviceRequest: + type: object + description: Serializer for sms authenticator devices + properties: + name: + type: string + minLength: 1 + description: The human-readable name of this device. + maxLength: 64 + required: + - name + ScopeMapping: + type: object + description: ScopeMapping Serializer + properties: + pk: + type: string + format: uuid + readOnly: true + title: Pm uuid + managed: + type: string + nullable: true + title: Managed by authentik + description: Objects which are managed by authentik. These objects are created + and updated automatically. This is flag only indicates that an object + can be overwritten by migrations. You can still modify the objects via + the API, but expect changes to be overwritten in a later update. + name: + type: string + expression: + type: string + component: + type: string + readOnly: true + verbose_name: + type: string + readOnly: true + verbose_name_plural: + type: string + readOnly: true + meta_model_name: + type: string + readOnly: true + scope_name: + type: string + description: Scope used by the client + description: + type: string + description: Description shown to the user when consenting. If left empty, + the user won't be informed. + required: + - component + - expression + - meta_model_name + - name + - pk + - scope_name + - verbose_name + - verbose_name_plural + ScopeMappingRequest: + type: object + description: ScopeMapping Serializer + properties: + managed: + type: string + nullable: true + minLength: 1 + title: Managed by authentik + description: Objects which are managed by authentik. These objects are created + and updated automatically. This is flag only indicates that an object + can be overwritten by migrations. You can still modify the objects via + the API, but expect changes to be overwritten in a later update. + name: + type: string + minLength: 1 + expression: + type: string + minLength: 1 + scope_name: + type: string + minLength: 1 + description: Scope used by the client + description: + type: string + description: Description shown to the user when consenting. If left empty, + the user won't be informed. + required: + - expression + - name + - scope_name + SelectableStage: + type: object + description: Serializer for stages which can be selected by users + properties: + pk: + type: string + format: uuid + name: + type: string + verbose_name: + type: string + meta_model_name: + type: string + required: + - meta_model_name + - name + - pk + - verbose_name + ServiceConnection: + type: object + description: ServiceConnection Serializer + properties: + pk: + type: string + format: uuid + readOnly: true + title: Uuid + name: + type: string + local: + type: boolean + description: If enabled, use the local connection. Required Docker socket/Kubernetes + Integration + component: + type: string + readOnly: true + verbose_name: + type: string + readOnly: true + verbose_name_plural: + type: string + readOnly: true + meta_model_name: + type: string + readOnly: true + required: + - component + - meta_model_name + - name + - pk + - verbose_name + - verbose_name_plural + ServiceConnectionRequest: + type: object + description: ServiceConnection Serializer + properties: + name: + type: string + minLength: 1 + local: + type: boolean + description: If enabled, use the local connection. Required Docker socket/Kubernetes + Integration + required: + - name + ServiceConnectionState: + type: object + description: Serializer for Service connection state + properties: + healthy: + type: boolean + readOnly: true + version: + type: string + readOnly: true + required: + - healthy + - version + SessionUser: + type: object + description: |- + Response for the /user/me endpoint, returns the currently active user (as `user` property) + and, if this user is being impersonated, the original user in the `original` property. + properties: + user: + $ref: '#/components/schemas/UserSelf' + original: + $ref: '#/components/schemas/UserSelf' + required: + - user + SeverityEnum: + enum: + - notice + - warning + - alert + type: string + ShellChallenge: + type: object + description: challenge type to render HTML as-is + properties: + type: + $ref: '#/components/schemas/ChallengeChoices' + flow_info: + $ref: '#/components/schemas/ContextualFlowInfo' + component: + type: string + default: xak-flow-shell + response_errors: + type: object + additionalProperties: + type: array + items: + $ref: '#/components/schemas/ErrorDetail' + body: + type: string + required: + - body + - type + SignatureAlgorithmEnum: + enum: + - http://www.w3.org/2000/09/xmldsig#rsa-sha1 + - http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 + - http://www.w3.org/2001/04/xmldsig-more#rsa-sha384 + - http://www.w3.org/2001/04/xmldsig-more#rsa-sha512 + - http://www.w3.org/2000/09/xmldsig#dsa-sha1 + type: string + Source: + type: object + description: Source Serializer + properties: + pk: + type: string + format: uuid + readOnly: true + title: Pbm uuid + name: + type: string + description: Source's display Name. + slug: + type: string + description: Internal source name, used in URLs. + maxLength: 50 + pattern: ^[-a-zA-Z0-9_]+$ + enabled: + type: boolean + authentication_flow: + type: string + format: uuid + nullable: true + description: Flow to use when authenticating existing users. + enrollment_flow: + type: string + format: uuid + nullable: true + description: Flow to use when enrolling new users. + component: + type: string + readOnly: true + verbose_name: + type: string + readOnly: true + verbose_name_plural: + type: string + readOnly: true + meta_model_name: + type: string + readOnly: true + policy_engine_mode: + $ref: '#/components/schemas/PolicyEngineMode' + user_matching_mode: + allOf: + - $ref: '#/components/schemas/UserMatchingModeEnum' + description: How the source determines if an existing user should be authenticated + or a new user enrolled. + managed: + type: string + nullable: true + title: Managed by authentik + description: Objects which are managed by authentik. These objects are created + and updated automatically. This is flag only indicates that an object + can be overwritten by migrations. You can still modify the objects via + the API, but expect changes to be overwritten in a later update. + readOnly: true + user_path_template: + type: string + icon: + type: string + nullable: true + readOnly: true + required: + - component + - icon + - managed + - meta_model_name + - name + - pk + - slug + - verbose_name + - verbose_name_plural + SourceRequest: + type: object + description: Source Serializer + properties: + name: + type: string + minLength: 1 + description: Source's display Name. + slug: + type: string + minLength: 1 + description: Internal source name, used in URLs. + maxLength: 50 + pattern: ^[-a-zA-Z0-9_]+$ + enabled: + type: boolean + authentication_flow: + type: string + format: uuid + nullable: true + description: Flow to use when authenticating existing users. + enrollment_flow: + type: string + format: uuid + nullable: true + description: Flow to use when enrolling new users. + policy_engine_mode: + $ref: '#/components/schemas/PolicyEngineMode' + user_matching_mode: + allOf: + - $ref: '#/components/schemas/UserMatchingModeEnum' + description: How the source determines if an existing user should be authenticated + or a new user enrolled. + user_path_template: + type: string + minLength: 1 + required: + - name + - slug + SourceType: + type: object + description: Serializer for SourceType + properties: + name: + type: string + slug: + type: string + urls_customizable: + type: boolean + request_token_url: + type: string + readOnly: true + nullable: true + authorization_url: + type: string + readOnly: true + nullable: true + access_token_url: + type: string + readOnly: true + nullable: true + profile_url: + type: string + readOnly: true + nullable: true + required: + - access_token_url + - authorization_url + - name + - profile_url + - request_token_url + - slug + - urls_customizable + SpBindingEnum: + enum: + - redirect + - post + type: string + Stage: + type: object + description: Stage Serializer + properties: + pk: + type: string + format: uuid + readOnly: true + title: Stage uuid + name: + type: string + component: + type: string + readOnly: true + verbose_name: + type: string + readOnly: true + verbose_name_plural: + type: string + readOnly: true + meta_model_name: + type: string + readOnly: true + flow_set: + type: array + items: + $ref: '#/components/schemas/FlowSet' + required: + - component + - meta_model_name + - name + - pk + - verbose_name + - verbose_name_plural + StagePrompt: + type: object + description: Serializer for a single Prompt field + properties: + field_key: + type: string + label: + type: string + type: + $ref: '#/components/schemas/PromptTypeEnum' + required: + type: boolean + placeholder: + type: string + order: + type: integer + sub_text: + type: string + required: + - field_key + - label + - order + - placeholder + - required + - sub_text + - type + StageRequest: + type: object + description: Stage Serializer + properties: + name: + type: string + minLength: 1 + flow_set: + type: array + items: + $ref: '#/components/schemas/FlowSetRequest' + required: + - name + StaticDevice: + type: object + description: Serializer for static authenticator devices + properties: + name: + type: string + description: The human-readable name of this device. + maxLength: 64 + token_set: + type: array + items: + $ref: '#/components/schemas/StaticDeviceToken' + readOnly: true + pk: + type: integer + readOnly: true + title: ID + required: + - name + - pk + - token_set + StaticDeviceRequest: + type: object + description: Serializer for static authenticator devices + properties: + name: + type: string + minLength: 1 + description: The human-readable name of this device. + maxLength: 64 + required: + - name + StaticDeviceToken: + type: object + description: Serializer for static device's tokens + properties: + token: + type: string + maxLength: 16 + required: + - token + StaticDeviceTokenRequest: + type: object + description: Serializer for static device's tokens + properties: + token: + type: string + minLength: 1 + maxLength: 16 + required: + - token + SubModeEnum: + enum: + - hashed_user_id + - user_username + - user_email + - user_upn + type: string + System: + type: object + description: Get system information. + properties: + env: + type: object + additionalProperties: + type: string + readOnly: true + http_headers: + type: object + additionalProperties: + type: string + readOnly: true + http_host: + type: string + readOnly: true + http_is_secure: + type: boolean + readOnly: true + runtime: + type: object + description: Runtime information + properties: + python_version: + type: string + gunicorn_version: + type: string + environment: + type: string + architecture: + type: string + platform: + type: string + uname: + type: string + required: + - architecture + - environment + - gunicorn_version + - platform + - python_version + - uname + readOnly: true + tenant: + type: string + readOnly: true + server_time: + type: string + format: date-time + readOnly: true + embedded_outpost_host: + type: string + readOnly: true + required: + - embedded_outpost_host + - env + - http_headers + - http_host + - http_is_secure + - runtime + - server_time + - tenant + TOTPDevice: + type: object + description: Serializer for totp authenticator devices + properties: + name: + type: string + description: The human-readable name of this device. + maxLength: 64 + pk: + type: integer + readOnly: true + title: ID + required: + - name + - pk + TOTPDeviceRequest: + type: object + description: Serializer for totp authenticator devices + properties: + name: + type: string + minLength: 1 + description: The human-readable name of this device. + maxLength: 64 + required: + - name + Task: + type: object + description: Serialize TaskInfo and TaskResult + properties: + task_name: + type: string + task_description: + type: string + task_finish_timestamp: + type: string + format: date-time + status: + $ref: '#/components/schemas/TaskStatusEnum' + messages: + type: array + items: {} + required: + - messages + - status + - task_description + - task_finish_timestamp + - task_name + TaskStatusEnum: + enum: + - SUCCESSFUL + - WARNING + - ERROR + - UNKNOWN + type: string + Tenant: + type: object + description: Tenant Serializer + properties: + tenant_uuid: + type: string + format: uuid + readOnly: true + domain: + type: string + description: Domain that activates this tenant. Can be a superset, i.e. + `a.b` for `aa.b` and `ba.b` + default: + type: boolean + branding_title: + type: string + branding_logo: + type: string + branding_favicon: + type: string + flow_authentication: + type: string + format: uuid + nullable: true + flow_invalidation: + type: string + format: uuid + nullable: true + flow_recovery: + type: string + format: uuid + nullable: true + flow_unenrollment: + type: string + format: uuid + nullable: true + flow_user_settings: + type: string + format: uuid + nullable: true + flow_device_code: + type: string + format: uuid + nullable: true + event_retention: + type: string + description: 'Events will be deleted after this duration.(Format: weeks=3;days=2;hours=3,seconds=2).' + web_certificate: + type: string + format: uuid + nullable: true + description: Web Certificate used by the authentik Core webserver. + attributes: + type: object + additionalProperties: {} + required: + - domain + - tenant_uuid + TenantRequest: + type: object + description: Tenant Serializer + properties: + domain: + type: string + minLength: 1 + description: Domain that activates this tenant. Can be a superset, i.e. + `a.b` for `aa.b` and `ba.b` + default: + type: boolean + branding_title: + type: string + minLength: 1 + branding_logo: + type: string + minLength: 1 + branding_favicon: + type: string + minLength: 1 + flow_authentication: + type: string + format: uuid + nullable: true + flow_invalidation: + type: string + format: uuid + nullable: true + flow_recovery: + type: string + format: uuid + nullable: true + flow_unenrollment: + type: string + format: uuid + nullable: true + flow_user_settings: + type: string + format: uuid + nullable: true + flow_device_code: + type: string + format: uuid + nullable: true + event_retention: + type: string + minLength: 1 + description: 'Events will be deleted after this duration.(Format: weeks=3;days=2;hours=3,seconds=2).' + web_certificate: + type: string + format: uuid + nullable: true + description: Web Certificate used by the authentik Core webserver. + attributes: + type: object + additionalProperties: {} + required: + - domain + Token: + type: object + description: Token Serializer + properties: + pk: + type: string + format: uuid + readOnly: true + title: Token uuid + managed: + type: string + nullable: true + title: Managed by authentik + description: Objects which are managed by authentik. These objects are created + and updated automatically. This is flag only indicates that an object + can be overwritten by migrations. You can still modify the objects via + the API, but expect changes to be overwritten in a later update. + identifier: + type: string + maxLength: 255 + pattern: ^[-a-zA-Z0-9_]+$ + intent: + $ref: '#/components/schemas/IntentEnum' + user: + type: integer + user_obj: + allOf: + - $ref: '#/components/schemas/User' + readOnly: true + description: + type: string + expires: + type: string + format: date-time + expiring: + type: boolean + required: + - identifier + - pk + - user_obj + TokenRequest: + type: object + description: Token Serializer + properties: + managed: + type: string + nullable: true + minLength: 1 + title: Managed by authentik + description: Objects which are managed by authentik. These objects are created + and updated automatically. This is flag only indicates that an object + can be overwritten by migrations. You can still modify the objects via + the API, but expect changes to be overwritten in a later update. + identifier: + type: string + minLength: 1 + maxLength: 255 + pattern: ^[-a-zA-Z0-9_]+$ + intent: + $ref: '#/components/schemas/IntentEnum' + user: + type: integer + description: + type: string + expires: + type: string + format: date-time + expiring: + type: boolean + required: + - identifier + TokenSetKeyRequest: + type: object + properties: + key: + type: string + minLength: 1 + required: + - key + TokenView: + type: object + description: Show token's current key + properties: + key: + type: string + readOnly: true + required: + - key + TypeCreate: + type: object + description: Types of an object that can be created + properties: + name: + type: string + description: + type: string + component: + type: string + model_name: + type: string + required: + - component + - description + - model_name + - name + UsedBy: + type: object + description: A list of all objects referencing the queried object + properties: + app: + type: string + model_name: + type: string + pk: + type: string + name: + type: string + action: + $ref: '#/components/schemas/UsedByActionEnum' + required: + - action + - app + - model_name + - name + - pk + UsedByActionEnum: + enum: + - CASCADE + - CASCADE_MANY + - SET_NULL + - SET_DEFAULT + type: string + User: + type: object + description: User Serializer + properties: + pk: + type: integer + readOnly: true + title: ID + username: + type: string + maxLength: 150 + name: + type: string + description: User's display name. + is_active: + type: boolean + title: Active + description: Designates whether this user should be treated as active. Unselect + this instead of deleting accounts. + last_login: + type: string + format: date-time + nullable: true + is_superuser: + type: boolean + readOnly: true + groups: + type: array + items: + type: string + format: uuid + groups_obj: + type: array + items: + $ref: '#/components/schemas/UserGroup' + readOnly: true + email: + type: string + format: email + title: Email address + maxLength: 254 + avatar: + type: string + readOnly: true + attributes: + type: object + additionalProperties: {} + uid: + type: string + readOnly: true + path: + type: string + required: + - avatar + - groups + - groups_obj + - is_superuser + - name + - pk + - uid + - username + UserConsent: + type: object + description: UserConsent Serializer + properties: + pk: + type: integer + readOnly: true + title: ID + expires: + type: string + format: date-time + user: + $ref: '#/components/schemas/User' + application: + $ref: '#/components/schemas/Application' + permissions: + type: string + default: '' + required: + - application + - pk + - user + UserDeleteStage: + type: object + description: UserDeleteStage Serializer + properties: + pk: + type: string + format: uuid + readOnly: true + title: Stage uuid + name: + type: string + component: + type: string + readOnly: true + verbose_name: + type: string + readOnly: true + verbose_name_plural: + type: string + readOnly: true + meta_model_name: + type: string + readOnly: true + flow_set: + type: array + items: + $ref: '#/components/schemas/FlowSet' + required: + - component + - meta_model_name + - name + - pk + - verbose_name + - verbose_name_plural + UserDeleteStageRequest: + type: object + description: UserDeleteStage Serializer + properties: + name: + type: string + minLength: 1 + flow_set: + type: array + items: + $ref: '#/components/schemas/FlowSetRequest' + required: + - name + UserFieldsEnum: + enum: + - email + - username + - upn + type: string + UserGroup: + type: object + description: Simplified Group Serializer for user's groups + properties: + pk: + type: string + format: uuid + readOnly: true + title: Group uuid + num_pk: + type: integer + readOnly: true + name: + type: string + maxLength: 80 + is_superuser: + type: boolean + description: Users added to this group will be superusers. + parent: + type: string + format: uuid + nullable: true + parent_name: + type: string + readOnly: true + attributes: + type: object + additionalProperties: {} + required: + - name + - num_pk + - parent_name + - pk + UserGroupRequest: + type: object + description: Simplified Group Serializer for user's groups + properties: + name: + type: string + minLength: 1 + maxLength: 80 + is_superuser: + type: boolean + description: Users added to this group will be superusers. + parent: + type: string + format: uuid + nullable: true + attributes: + type: object + additionalProperties: {} + required: + - name + UserLoginStage: + type: object + description: UserLoginStage Serializer + properties: + pk: + type: string + format: uuid + readOnly: true + title: Stage uuid + name: + type: string + component: + type: string + readOnly: true + verbose_name: + type: string + readOnly: true + verbose_name_plural: + type: string + readOnly: true + meta_model_name: + type: string + readOnly: true + flow_set: + type: array + items: + $ref: '#/components/schemas/FlowSet' + session_duration: + type: string + description: 'Determines how long a session lasts. Default of 0 means that + the sessions lasts until the browser is closed. (Format: hours=-1;minutes=-2;seconds=-3)' + required: + - component + - meta_model_name + - name + - pk + - verbose_name + - verbose_name_plural + UserLoginStageRequest: + type: object + description: UserLoginStage Serializer + properties: + name: + type: string + minLength: 1 + flow_set: + type: array + items: + $ref: '#/components/schemas/FlowSetRequest' + session_duration: + type: string + minLength: 1 + description: 'Determines how long a session lasts. Default of 0 means that + the sessions lasts until the browser is closed. (Format: hours=-1;minutes=-2;seconds=-3)' + required: + - name + UserLogoutStage: + type: object + description: UserLogoutStage Serializer + properties: + pk: + type: string + format: uuid + readOnly: true + title: Stage uuid + name: + type: string + component: + type: string + readOnly: true + verbose_name: + type: string + readOnly: true + verbose_name_plural: + type: string + readOnly: true + meta_model_name: + type: string + readOnly: true + flow_set: + type: array + items: + $ref: '#/components/schemas/FlowSet' + required: + - component + - meta_model_name + - name + - pk + - verbose_name + - verbose_name_plural + UserLogoutStageRequest: + type: object + description: UserLogoutStage Serializer + properties: + name: + type: string + minLength: 1 + flow_set: + type: array + items: + $ref: '#/components/schemas/FlowSetRequest' + required: + - name + UserMatchingModeEnum: + enum: + - identifier + - email_link + - email_deny + - username_link + - username_deny + type: string + UserMetrics: + type: object + description: User Metrics + properties: + logins_per_1h: + type: array + items: + $ref: '#/components/schemas/Coordinate' + readOnly: true + logins_failed_per_1h: + type: array + items: + $ref: '#/components/schemas/Coordinate' + readOnly: true + authorizations_per_1h: + type: array + items: + $ref: '#/components/schemas/Coordinate' + readOnly: true + required: + - authorizations_per_1h + - logins_failed_per_1h + - logins_per_1h + UserOAuthSourceConnection: + type: object + description: OAuth Source Serializer + properties: + pk: + type: integer + readOnly: true + title: ID + user: + type: integer + source: + allOf: + - $ref: '#/components/schemas/Source' + readOnly: true + identifier: + type: string + maxLength: 255 + required: + - identifier + - pk + - source + - user + UserOAuthSourceConnectionRequest: + type: object + description: OAuth Source Serializer + properties: + user: + type: integer + identifier: + type: string + minLength: 1 + maxLength: 255 + access_token: + type: string + writeOnly: true + nullable: true + required: + - identifier + - user + UserPasswordSetRequest: + type: object + properties: + password: + type: string + minLength: 1 + required: + - password + UserPath: + type: object + properties: + paths: + type: array + items: + type: string + readOnly: true + required: + - paths + UserRequest: + type: object + description: User Serializer + properties: + username: + type: string + minLength: 1 + maxLength: 150 + name: + type: string + description: User's display name. + is_active: + type: boolean + title: Active + description: Designates whether this user should be treated as active. Unselect + this instead of deleting accounts. + last_login: + type: string + format: date-time + nullable: true + groups: + type: array + items: + type: string + format: uuid + email: + type: string + format: email + title: Email address + maxLength: 254 + attributes: + type: object + additionalProperties: {} + path: + type: string + minLength: 1 + required: + - groups + - name + - username + UserSAMLSourceConnection: + type: object + description: SAML Source Serializer + properties: + pk: + type: integer + readOnly: true + title: ID + user: + type: integer + source: + allOf: + - $ref: '#/components/schemas/Source' + readOnly: true + identifier: + type: string + required: + - identifier + - pk + - source + - user + UserSAMLSourceConnectionRequest: + type: object + description: SAML Source Serializer + properties: + user: + type: integer + identifier: + type: string + minLength: 1 + required: + - identifier + - user + UserSelf: + type: object + description: User Serializer for information a user can retrieve about themselves + properties: + pk: + type: integer + readOnly: true + title: ID + username: + type: string + description: Required. 150 characters or fewer. Letters, digits and @/./+/-/_ + only. + pattern: ^[\w.@+-]+$ + maxLength: 150 + name: + type: string + description: User's display name. + is_active: + type: boolean + readOnly: true + title: Active + description: Designates whether this user should be treated as active. Unselect + this instead of deleting accounts. + is_superuser: + type: boolean + readOnly: true + groups: + type: array + items: + $ref: '#/components/schemas/UserSelfGroups' + readOnly: true + email: + type: string + format: email + title: Email address + maxLength: 254 + avatar: + type: string + readOnly: true + uid: + type: string + readOnly: true + settings: + type: object + additionalProperties: {} + readOnly: true + required: + - avatar + - groups + - is_active + - is_superuser + - name + - pk + - settings + - uid + - username + UserSelfGroups: + type: object + properties: + name: + type: string + readOnly: true + pk: + type: string + readOnly: true + required: + - name + - pk + UserServiceAccountRequest: + type: object + properties: + name: + type: string + minLength: 1 + create_group: + type: boolean + default: false + required: + - name + UserServiceAccountResponse: + type: object + properties: + username: + type: string + token: + type: string + user_uid: + type: string + user_pk: + type: integer + group_pk: + type: string + required: + - token + - user_pk + - user_uid + - username + UserSetting: + type: object + description: Serializer for User settings for stages and sources + properties: + object_uid: + type: string + component: + type: string + title: + type: string + configure_url: + type: string + icon_url: + type: string + required: + - component + - object_uid + - title + UserSourceConnection: + type: object + description: OAuth Source Serializer + properties: + pk: + type: integer + readOnly: true + title: ID + user: + type: integer + readOnly: true + source: + allOf: + - $ref: '#/components/schemas/Source' + readOnly: true + created: + type: string + format: date-time + readOnly: true + required: + - created + - pk + - source + - user + UserVerificationEnum: + enum: + - required + - preferred + - discouraged + type: string + UserWriteStage: + type: object + description: UserWriteStage Serializer + properties: + pk: + type: string + format: uuid + readOnly: true + title: Stage uuid + name: + type: string + component: + type: string + readOnly: true + verbose_name: + type: string + readOnly: true + verbose_name_plural: + type: string + readOnly: true + meta_model_name: + type: string + readOnly: true + flow_set: + type: array + items: + $ref: '#/components/schemas/FlowSet' + create_users_as_inactive: + type: boolean + description: When set, newly created users are inactive and cannot login. + create_users_group: + type: string + format: uuid + nullable: true + description: Optionally add newly created users to this group. + can_create_users: + type: boolean + description: When set, this stage can create users. If not enabled and no + user is available, stage will fail. + user_path_template: + type: string + required: + - component + - meta_model_name + - name + - pk + - verbose_name + - verbose_name_plural + UserWriteStageRequest: + type: object + description: UserWriteStage Serializer + properties: + name: + type: string + minLength: 1 + flow_set: + type: array + items: + $ref: '#/components/schemas/FlowSetRequest' + create_users_as_inactive: + type: boolean + description: When set, newly created users are inactive and cannot login. + create_users_group: + type: string + format: uuid + nullable: true + description: Optionally add newly created users to this group. + can_create_users: + type: boolean + description: When set, this stage can create users. If not enabled and no + user is available, stage will fail. + user_path_template: + type: string + required: + - name + ValidationError: + type: object + description: Validation Error + properties: + non_field_errors: + type: array + items: + type: string + code: + type: string + additionalProperties: {} + Version: + type: object + description: Get running and latest version. + properties: + version_current: + type: string + readOnly: true + version_latest: + type: string + readOnly: true + build_hash: + type: string + readOnly: true + outdated: + type: boolean + readOnly: true + required: + - build_hash + - outdated + - version_current + - version_latest + WebAuthnDevice: + type: object + description: Serializer for WebAuthn authenticator devices + properties: + pk: + type: integer + readOnly: true + title: ID + name: + type: string + maxLength: 200 + created_on: + type: string + format: date-time + readOnly: true + required: + - created_on + - name + - pk + WebAuthnDeviceRequest: + type: object + description: Serializer for WebAuthn authenticator devices + properties: + name: + type: string + minLength: 1 + maxLength: 200 + required: + - name + Workers: + type: object + properties: + count: + type: integer + required: + - count + securitySchemes: + authentik: + type: apiKey + in: header + name: Authorization + scheme: bearer +servers: +- url: /api/v3/