diff --git a/website/docs/releases/v2022.10.md b/website/docs/releases/v2022.10.md new file mode 100644 index 000000000..7447f1768 --- /dev/null +++ b/website/docs/releases/v2022.10.md @@ -0,0 +1,946 @@ +--- +title: Release 2022.10 +slug: "2022.10" +--- + +## Breaking changes + +- Several challenge components have been renamed to better match the rest of the challenges +- The SAML Source has been updated to use connection objects instead of directly creating users. + +## New features + +- Support for OAuth2 Device flow + + See more in the OAuth2 provider docs [here](../providers/oauth2/device_code). This flow allows users to authenticate on devices that have limited input possibilities and or no browser access. + +- Customizable payload for SMS Authenticator stage when using Generic provider. +- Revamped SAML Source + + The SAML source uses connection objects and the same Flow manager as the OAuth and Plex source. Additionally error-handling has been improved. + + This also allows for mapping fields from SAML Source to users. + +## API Changes + +#### What's New + +--- + +##### `GET` /sources/user_connections/saml/ + +##### `POST` /sources/user_connections/saml/ + +##### `GET` /sources/user_connections/saml/{id}/ + +##### `PUT` /sources/user_connections/saml/{id}/ + +##### `DELETE` /sources/user_connections/saml/{id}/ + +##### `PATCH` /sources/user_connections/saml/{id}/ + +##### `GET` /sources/user_connections/saml/{id}/used_by/ + +#### What's Changed + +--- + +##### `GET` /core/tenants/{tenant_uuid}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Added property `flow_device_code` (string) + +##### `PUT` /core/tenants/{tenant_uuid}/ + +###### Request: + +Changed content type : `application/json` + +- Added property `flow_device_code` (string) + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Added property `flow_device_code` (string) + +##### `PATCH` /core/tenants/{tenant_uuid}/ + +###### Request: + +Changed content type : `application/json` + +- Added property `flow_device_code` (string) + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Added property `flow_device_code` (string) + +##### `GET` /propertymappings/notification/{pm_uuid}/ + +###### Parameters: + +Changed: `pm_uuid` in `path` + +> A UUID string identifying this Webhook Mapping. + +##### `PUT` /propertymappings/notification/{pm_uuid}/ + +###### Parameters: + +Changed: `pm_uuid` in `path` + +> A UUID string identifying this Webhook Mapping. + +##### `DELETE` /propertymappings/notification/{pm_uuid}/ + +###### Parameters: + +Changed: `pm_uuid` in `path` + +> A UUID string identifying this Webhook Mapping. + +##### `PATCH` /propertymappings/notification/{pm_uuid}/ + +###### Parameters: + +Changed: `pm_uuid` in `path` + +> A UUID string identifying this Webhook Mapping. + +##### `POST` /core/tenants/ + +###### Request: + +Changed content type : `application/json` + +- Added property `flow_device_code` (string) + +###### Return Type: + +Changed response : **201 Created** + +- Changed content type : `application/json` + + - Added property `flow_device_code` (string) + +##### `GET` /core/tenants/ + +###### Parameters: + +Added: `flow_device_code` in `query` + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `results` (array) + + Changed items (object): > Tenant Serializer + + - Added property `flow_device_code` (string) + +##### `GET` /core/tenants/current/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Added property `flow_device_code` (string) + +##### `GET` /crypto/certificatekeypairs/ + +###### Parameters: + +Added: `include_details` in `query` + +##### `GET` /propertymappings/notification/{pm_uuid}/used_by/ + +###### Parameters: + +Changed: `pm_uuid` in `path` + +> A UUID string identifying this Webhook Mapping. + +##### `GET` /root/config/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `capabilities` (array) + + Changed items (string): + + Added enum value: + + - `can_debug` + +##### `GET` /sources/oauth/{slug}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `provider_type` (string) + + Added enum value: + + - `twitch` + +##### `PUT` /sources/oauth/{slug}/ + +###### Request: + +Changed content type : `application/json` + +- Changed property `provider_type` (string) + + Added enum value: + + - `twitch` + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `provider_type` (string) + + Added enum value: + + - `twitch` + +##### `PATCH` /sources/oauth/{slug}/ + +###### Request: + +Changed content type : `application/json` + +- Changed property `provider_type` (string) + + Added enum value: + + - `twitch` + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `provider_type` (string) + + Added enum value: + + - `twitch` + +##### `POST` /sources/oauth/ + +###### Request: + +Changed content type : `application/json` + +- Changed property `provider_type` (string) + + Added enum value: + + - `twitch` + +###### Return Type: + +Changed response : **201 Created** + +- Changed content type : `application/json` + + - Changed property `provider_type` (string) + + Added enum value: + + - `twitch` + +##### `GET` /sources/oauth/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `results` (array) + + Changed items (object): > OAuth Source Serializer + + - Changed property `provider_type` (string) + + Added enum value: + + - `twitch` + +##### `GET` /stages/authenticator/sms/{stage_uuid}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Added property `mapping` (string) + > Optionally modify the payload being sent to custom providers. + +##### `PUT` /stages/authenticator/sms/{stage_uuid}/ + +###### Request: + +Changed content type : `application/json` + +- Added property `mapping` (string) + > Optionally modify the payload being sent to custom providers. + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Added property `mapping` (string) + > Optionally modify the payload being sent to custom providers. + +##### `PATCH` /stages/authenticator/sms/{stage_uuid}/ + +###### Request: + +Changed content type : `application/json` + +- Added property `mapping` (string) + > Optionally modify the payload being sent to custom providers. + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Added property `mapping` (string) + > Optionally modify the payload being sent to custom providers. + +##### `GET` /flows/executor/{flow_slug}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + Deleted 'ak-flow-sources-plex' component + Deleted 'ak-flow-sources-oauth-apple' component + Added 'ak-provider-oauth2-device-code' component: + + - Property `type` (string) + + Enum values: + + - `native` + - `shell` + - `redirect` + + - Property `flow_info` (object) + + > Contextual flow information for a challenge + + - Property `title` (string) + + - Property `background` (string) + + - Property `cancel_url` (string) + + - Property `layout` (string) + + Enum values: + + - `stacked` + - `content_left` + - `content_right` + - `sidebar_left` + - `sidebar_right` + + - Property `component` (string) + + - Property `response_errors` (object) + + Added 'ak-source-oauth-apple' component: + + - Property `type` (string) + + Enum values: + + - `native` + - `shell` + - `redirect` + + - Property `flow_info` (object) + + > Contextual flow information for a challenge + + - Property `title` (string) + + - Property `background` (string) + + - Property `cancel_url` (string) + + - Property `layout` (string) + + Enum values: + + - `stacked` + - `content_left` + - `content_right` + - `sidebar_left` + - `sidebar_right` + + - Property `component` (string) + + - Property `response_errors` (object) + + - Property `client_id` (string) + + - Property `scope` (string) + + - Property `redirect_uri` (string) + + - Property `state` (string) + + Added 'ak-source-plex' component: + + - Property `type` (string) + + Enum values: + + - `native` + - `shell` + - `redirect` + + - Property `flow_info` (object) + + > Contextual flow information for a challenge + + - Property `title` (string) + + - Property `background` (string) + + - Property `cancel_url` (string) + + - Property `layout` (string) + + Enum values: + + - `stacked` + - `content_left` + - `content_right` + - `sidebar_left` + - `sidebar_right` + + - Property `component` (string) + + - Property `response_errors` (object) + + - Property `client_id` (string) + + - Property `slug` (string) + + Added 'ak-provider-oauth2-device-code-finish' component: + + - Property `type` (string) + + Enum values: + + - `native` + - `shell` + - `redirect` + + - Property `flow_info` (object) + + > Contextual flow information for a challenge + + - Property `title` (string) + + - Property `background` (string) + + - Property `cancel_url` (string) + + - Property `layout` (string) + + Enum values: + + - `stacked` + - `content_left` + - `content_right` + - `sidebar_left` + - `sidebar_right` + + - Property `component` (string) + + - Property `response_errors` (object) + + Updated `ak-stage-identification` component: + + - Changed property `sources` (array) + + Changed items (object): > Serializer for Login buttons of sources + + - Changed property `challenge` (object) + + Deleted 'ak-flow-sources-plex' component + Deleted 'ak-flow-sources-oauth-apple' component + Added 'ak-source-oauth-apple' component: + + - Property `type` (string) + + Enum values: + + - `native` + - `shell` + - `redirect` + + - Property `flow_info` (object) + + > Contextual flow information for a challenge + + - Property `title` (string) + + - Property `background` (string) + + - Property `cancel_url` (string) + + - Property `layout` (string) + + Enum values: + + - `stacked` + - `content_left` + - `content_right` + - `sidebar_left` + - `sidebar_right` + + - Property `component` (string) + + - Property `response_errors` (object) + + - Property `client_id` (string) + + - Property `scope` (string) + + - Property `redirect_uri` (string) + + - Property `state` (string) + + Added 'ak-source-plex' component: + + - Property `type` (string) + + Enum values: + + - `native` + - `shell` + - `redirect` + + - Property `flow_info` (object) + + > Contextual flow information for a challenge + + - Property `title` (string) + + - Property `background` (string) + + - Property `cancel_url` (string) + + - Property `layout` (string) + + Enum values: + + - `stacked` + - `content_left` + - `content_right` + - `sidebar_left` + - `sidebar_right` + + - Property `component` (string) + + - Property `response_errors` (object) + + - Property `client_id` (string) + + - Property `slug` (string) + +##### `POST` /flows/executor/{flow_slug}/ + +###### Request: + +Changed content type : `application/json` + +Deleted 'ak-flow-sources-plex' component +Deleted 'ak-flow-sources-oauth-apple' component +Added 'ak-provider-oauth2-device-code' component: + +- Property `component` (string) + +- Property `code` (integer) + +Added 'ak-source-oauth-apple' component: + +- Property `component` (string) + +Added 'ak-source-plex' component: + +- Property `component` (string) + +Added 'ak-provider-oauth2-device-code-finish' component: + +- Property `component` (string) + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + Deleted 'ak-flow-sources-plex' component + Deleted 'ak-flow-sources-oauth-apple' component + Added 'ak-provider-oauth2-device-code' component: + + - Property `type` (string) + + Enum values: + + - `native` + - `shell` + - `redirect` + + - Property `flow_info` (object) + + > Contextual flow information for a challenge + + - Property `title` (string) + + - Property `background` (string) + + - Property `cancel_url` (string) + + - Property `layout` (string) + + Enum values: + + - `stacked` + - `content_left` + - `content_right` + - `sidebar_left` + - `sidebar_right` + + - Property `component` (string) + + - Property `response_errors` (object) + + Added 'ak-source-oauth-apple' component: + + - Property `type` (string) + + Enum values: + + - `native` + - `shell` + - `redirect` + + - Property `flow_info` (object) + + > Contextual flow information for a challenge + + - Property `title` (string) + + - Property `background` (string) + + - Property `cancel_url` (string) + + - Property `layout` (string) + + Enum values: + + - `stacked` + - `content_left` + - `content_right` + - `sidebar_left` + - `sidebar_right` + + - Property `component` (string) + + - Property `response_errors` (object) + + - Property `client_id` (string) + + - Property `scope` (string) + + - Property `redirect_uri` (string) + + - Property `state` (string) + + Added 'ak-source-plex' component: + + - Property `type` (string) + + Enum values: + + - `native` + - `shell` + - `redirect` + + - Property `flow_info` (object) + + > Contextual flow information for a challenge + + - Property `title` (string) + + - Property `background` (string) + + - Property `cancel_url` (string) + + - Property `layout` (string) + + Enum values: + + - `stacked` + - `content_left` + - `content_right` + - `sidebar_left` + - `sidebar_right` + + - Property `component` (string) + + - Property `response_errors` (object) + + - Property `client_id` (string) + + - Property `slug` (string) + + Added 'ak-provider-oauth2-device-code-finish' component: + + - Property `type` (string) + + Enum values: + + - `native` + - `shell` + - `redirect` + + - Property `flow_info` (object) + + > Contextual flow information for a challenge + + - Property `title` (string) + + - Property `background` (string) + + - Property `cancel_url` (string) + + - Property `layout` (string) + + Enum values: + + - `stacked` + - `content_left` + - `content_right` + - `sidebar_left` + - `sidebar_right` + + - Property `component` (string) + + - Property `response_errors` (object) + + Updated `ak-stage-identification` component: + + - Changed property `sources` (array) + + Changed items (object): > Serializer for Login buttons of sources + + - Changed property `challenge` (object) + + Deleted 'ak-flow-sources-plex' component + Deleted 'ak-flow-sources-oauth-apple' component + Added 'ak-source-oauth-apple' component: + + - Property `type` (string) + + Enum values: + + - `native` + - `shell` + - `redirect` + + - Property `flow_info` (object) + + > Contextual flow information for a challenge + + - Property `title` (string) + + - Property `background` (string) + + - Property `cancel_url` (string) + + - Property `layout` (string) + + Enum values: + + - `stacked` + - `content_left` + - `content_right` + - `sidebar_left` + - `sidebar_right` + + - Property `component` (string) + + - Property `response_errors` (object) + + - Property `client_id` (string) + + - Property `scope` (string) + + - Property `redirect_uri` (string) + + - Property `state` (string) + + Added 'ak-source-plex' component: + + - Property `type` (string) + + Enum values: + + - `native` + - `shell` + - `redirect` + + - Property `flow_info` (object) + + > Contextual flow information for a challenge + + - Property `title` (string) + + - Property `background` (string) + + - Property `cancel_url` (string) + + - Property `layout` (string) + + Enum values: + + - `stacked` + - `content_left` + - `content_right` + - `sidebar_left` + - `sidebar_right` + + - Property `component` (string) + + - Property `response_errors` (object) + + - Property `client_id` (string) + + - Property `slug` (string) + +##### `POST` /stages/authenticator/sms/ + +###### Request: + +Changed content type : `application/json` + +- Added property `mapping` (string) + > Optionally modify the payload being sent to custom providers. + +###### Return Type: + +Changed response : **201 Created** + +- Changed content type : `application/json` + + - Added property `mapping` (string) + > Optionally modify the payload being sent to custom providers. + +##### `GET` /stages/authenticator/sms/ + +###### Parameters: + +Added: `mapping` in `query` + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `results` (array) + + Changed items (object): > AuthenticatorSMSStage Serializer + + - Added property `mapping` (string) + > Optionally modify the payload being sent to custom providers. + +## Minor changes/fixes + +- \*: improve error handling in ldap outpost, ignore additional errors +- blueprints: fix error when exporting objects with lazily translated strings +- core: fix messages not being shown when no client is connected +- crypto: fix import_certificate checking private key as certificate +- crypto: make certificate parsing optional for crypto api (#3711) +- flows: always show flow inspector in debug mode, don't require admin in debug (#3786) +- providers/oauth2: add all hardcoded claims to claims_supported list +- providers/oauth2: add device flow (#3334) +- providers/oauth2: exclude at_hash claim if not set instead of being null +- root: Add setting to adjust database config for pgbouncer (#3769) +- root: decrease default token size to 60 chars for compatibility (#3710) +- root: save email template directory in config +- sources/oauth: add Twitch OAuth source (#3746) +- sources/saml: improve error handling for missing assertion and missing subject +- sources/saml: revamp SAML Source (#3785) +- stages/authenticator_sms: make sms stage payload customisable (#3780) +- stages/email: don't check that email templates exist on startup +- web/\*: fix blank api drawer +- web/admin: allow web-based sources to have empty enrollment/authentication flow +- web/admin: set card headers and icons in card class +- web/flows: improve display for action-showing stages +- web/flows: update flow background +- website/docs: add warning to trace log level + +## Upgrading + +This release does not introduce any new requirements. + +### docker-compose + +Download the docker-compose file for 2022.10 from [here](https://goauthentik.io/version/2022.10/docker-compose.yml). Afterwards, simply run `docker-compose up -d`. + +### Kubernetes + +Update your values to use the new images: + +```yaml +image: + repository: ghcr.io/goauthentik/server + tag: 2022.10.1 +```