api: add v3
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
parent
5e200655d9
commit
f0db408699
|
@ -1,8 +1,10 @@
|
||||||
"""authentik api urls"""
|
"""authentik api urls"""
|
||||||
from django.urls import include, path
|
from django.urls import include, path
|
||||||
|
|
||||||
from authentik.api.v2.urls import urlpatterns as v2_urls
|
from authentik.api.v3.urls import urlpatterns as v3_urls
|
||||||
|
|
||||||
urlpatterns = [
|
urlpatterns = [
|
||||||
path("v2beta/", include(v2_urls)),
|
# Remove in 2022.1
|
||||||
|
path("v2beta/", include(v3_urls)),
|
||||||
|
path("v3/", include(v3_urls)),
|
||||||
]
|
]
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
"""api v2 urls"""
|
"""api v3 urls"""
|
||||||
from django.urls import path
|
from django.urls import path
|
||||||
from django.views.decorators.csrf import csrf_exempt
|
from django.views.decorators.csrf import csrf_exempt
|
||||||
from drf_spectacular.views import SpectacularAPIView
|
from drf_spectacular.views import SpectacularAPIView
|
||||||
|
@ -10,8 +10,8 @@ from authentik.admin.api.system import SystemView
|
||||||
from authentik.admin.api.tasks import TaskViewSet
|
from authentik.admin.api.tasks import TaskViewSet
|
||||||
from authentik.admin.api.version import VersionView
|
from authentik.admin.api.version import VersionView
|
||||||
from authentik.admin.api.workers import WorkerView
|
from authentik.admin.api.workers import WorkerView
|
||||||
from authentik.api.v2.config import ConfigView
|
from authentik.api.v3.config import ConfigView
|
||||||
from authentik.api.v2.sentry import SentryTunnelView
|
from authentik.api.v3.sentry import SentryTunnelView
|
||||||
from authentik.api.views import APIBrowserView
|
from authentik.api.views import APIBrowserView
|
||||||
from authentik.core.api.applications import ApplicationViewSet
|
from authentik.core.api.applications import ApplicationViewSet
|
||||||
from authentik.core.api.authenticated_sessions import AuthenticatedSessionViewSet
|
from authentik.core.api.authenticated_sessions import AuthenticatedSessionViewSet
|
|
@ -150,12 +150,20 @@ SPECTACULAR_SETTINGS = {
|
||||||
"DESCRIPTION": "Making authentication simple.",
|
"DESCRIPTION": "Making authentication simple.",
|
||||||
"VERSION": __version__,
|
"VERSION": __version__,
|
||||||
"COMPONENT_SPLIT_REQUEST": True,
|
"COMPONENT_SPLIT_REQUEST": True,
|
||||||
|
"SCHEMA_PATH_PREFIX": "/api/v([0-9]+(beta)?)",
|
||||||
|
"SCHEMA_PATH_PREFIX_TRIM": True,
|
||||||
|
"SERVERS": [
|
||||||
|
{
|
||||||
|
"url": "http://authentik.tld/api/v3/",
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"url": "http://authentik.tld/api/v2beta/",
|
||||||
|
},
|
||||||
|
],
|
||||||
"CONTACT": {
|
"CONTACT": {
|
||||||
"email": "hello@beryju.org",
|
"email": "hello@beryju.org",
|
||||||
},
|
},
|
||||||
'AUTHENTICATION_WHITELIST': [
|
"AUTHENTICATION_WHITELIST": ["authentik.api.authentication.TokenAuthentication"],
|
||||||
"authentik.api.authentication.TokenAuthentication"
|
|
||||||
],
|
|
||||||
"LICENSE": {
|
"LICENSE": {
|
||||||
"name": "GNU GPLv3",
|
"name": "GNU GPLv3",
|
||||||
"url": "https://github.com/goauthentik/authentik/blob/master/LICENSE",
|
"url": "https://github.com/goauthentik/authentik/blob/master/LICENSE",
|
||||||
|
@ -183,6 +191,9 @@ REST_FRAMEWORK = {
|
||||||
"rest_framework.filters.OrderingFilter",
|
"rest_framework.filters.OrderingFilter",
|
||||||
"rest_framework.filters.SearchFilter",
|
"rest_framework.filters.SearchFilter",
|
||||||
],
|
],
|
||||||
|
'DEFAULT_PARSER_CLASSES': [
|
||||||
|
'rest_framework.parsers.JSONParser',
|
||||||
|
],
|
||||||
"DEFAULT_PERMISSION_CLASSES": ("rest_framework.permissions.DjangoObjectPermissions",),
|
"DEFAULT_PERMISSION_CLASSES": ("rest_framework.permissions.DjangoObjectPermissions",),
|
||||||
"DEFAULT_AUTHENTICATION_CLASSES": (
|
"DEFAULT_AUTHENTICATION_CLASSES": (
|
||||||
"authentik.api.authentication.TokenAuthentication",
|
"authentik.api.authentication.TokenAuthentication",
|
||||||
|
|
1691
schema.yml
1691
schema.yml
File diff suppressed because it is too large
Load diff
|
@ -50,7 +50,7 @@ export function tenant(): Promise<CurrentTenant> {
|
||||||
}
|
}
|
||||||
|
|
||||||
export const DEFAULT_CONFIG = new Configuration({
|
export const DEFAULT_CONFIG = new Configuration({
|
||||||
basePath: "",
|
basePath: "/api/v3",
|
||||||
headers: {
|
headers: {
|
||||||
"X-CSRFToken": getCookie("authentik_csrf"),
|
"X-CSRFToken": getCookie("authentik_csrf"),
|
||||||
},
|
},
|
||||||
|
|
|
@ -15,7 +15,7 @@ export function configureSentry(canDoPpi: boolean = false): Promise<Config> {
|
||||||
Sentry.init({
|
Sentry.init({
|
||||||
dsn: "https://a579bb09306d4f8b8d8847c052d3a1d3@sentry.beryju.org/8",
|
dsn: "https://a579bb09306d4f8b8d8847c052d3a1d3@sentry.beryju.org/8",
|
||||||
release: `authentik@${VERSION}`,
|
release: `authentik@${VERSION}`,
|
||||||
tunnel: "/api/v2beta/sentry/",
|
tunnel: "/api/v3/sentry/",
|
||||||
integrations: [
|
integrations: [
|
||||||
new Integrations.BrowserTracing({
|
new Integrations.BrowserTracing({
|
||||||
tracingOrigins: [window.location.host, "localhost"],
|
tracingOrigins: [window.location.host, "localhost"],
|
||||||
|
|
|
@ -2,9 +2,9 @@
|
||||||
title: API
|
title: API
|
||||||
---
|
---
|
||||||
|
|
||||||
Starting with 2021.3.5, every authentik instance has a built-in API browser, which can be accessed at https://authentik.company/api/v2beta/.
|
Starting with 2021.3.5, every authentik instance has a built-in API browser, which can be accessed at https://authentik.company/api/v3/.
|
||||||
|
|
||||||
To generate an API client, you can use the OpenAPI v3 schema at https://authentik.company/api/v2beta/schema/.
|
To generate an API client, you can use the OpenAPI v3 schema at https://authentik.company/api/v3/schema/.
|
||||||
|
|
||||||
While testing, the API requests are authenticated by your browser session.
|
While testing, the API requests are authenticated by your browser session.
|
||||||
|
|
||||||
|
|
|
@ -10,13 +10,13 @@ However, any flow can be executed via an API from anywhere, in fact that is what
|
||||||
Because the flow executor stores its state in the HTTP Session, so you need to ensure cookies between flow executor requests are persisted.
|
Because the flow executor stores its state in the HTTP Session, so you need to ensure cookies between flow executor requests are persisted.
|
||||||
:::
|
:::
|
||||||
|
|
||||||
The main endpoint for flow execution is `/api/v2beta/flows/executor/:slug`.
|
The main endpoint for flow execution is `/api/v3/flows/executor/:slug`.
|
||||||
|
|
||||||
This endpoint accepts a query parameter called `query`, in which the flow executor sends the full Query-string.
|
This endpoint accepts a query parameter called `query`, in which the flow executor sends the full Query-string.
|
||||||
|
|
||||||
To initiate a new flow, execute a GET request.
|
To initiate a new flow, execute a GET request.
|
||||||
|
|
||||||
## `GET /api/v2beta/flows/executor/test-flow/`
|
## `GET /api/v3/flows/executor/test-flow/`
|
||||||
|
|
||||||
Below is the response, for example for an Identification stage.
|
Below is the response, for example for an Identification stage.
|
||||||
|
|
||||||
|
@ -45,7 +45,7 @@ Below is the response, for example for an Identification stage.
|
||||||
|
|
||||||
To respond to this challenge, send a response:
|
To respond to this challenge, send a response:
|
||||||
|
|
||||||
## `POST /api/v2beta/flows/executor/test-flow/`
|
## `POST /api/v3/flows/executor/test-flow/`
|
||||||
|
|
||||||
With this body
|
With this body
|
||||||
|
|
||||||
|
@ -63,7 +63,7 @@ Depending on the flow, you'll either get a 200 Response with another challenge,
|
||||||
|
|
||||||
Depending also on the stage, a response might take longer to be returned (especially with the Duo Authenticator validation).
|
Depending also on the stage, a response might take longer to be returned (especially with the Duo Authenticator validation).
|
||||||
|
|
||||||
To see the data layout for every stage possible, see the [API Browser](https://goauthentik.io/api/#get-/api/v2beta/flows/executor/-flow_slug-/)
|
To see the data layout for every stage possible, see the [API Browser](https://goauthentik.io/api/#get-/api/v3/flows/executor/-flow_slug-/)
|
||||||
|
|
||||||
## Result
|
## Result
|
||||||
|
|
||||||
|
|
|
@ -10,7 +10,7 @@ Default fields are exposed through auto-generated Property Mappings, which are p
|
||||||
| SSO (Redirect binding) | `/application/saml/<application slug>/sso/binding/redirect/` |
|
| SSO (Redirect binding) | `/application/saml/<application slug>/sso/binding/redirect/` |
|
||||||
| SSO (POST binding) | `/application/saml/<application slug>/sso/binding/post/` |
|
| SSO (POST binding) | `/application/saml/<application slug>/sso/binding/post/` |
|
||||||
| IdP-initiated login | `/application/saml/<application slug>/sso/binding/init/` |
|
| IdP-initiated login | `/application/saml/<application slug>/sso/binding/init/` |
|
||||||
| Metadata Download | `/api/v2beta/providers/saml/<provider uid>/metadata/?download/`|
|
| Metadata Download | `/api/v3/providers/saml/<provider uid>/metadata/?download/`|
|
||||||
|
|
||||||
You can download the metadata through the Webinterface, this link might be handy if your software wants to download the metadata directly.
|
You can download the metadata through the Webinterface, this link might be handy if your software wants to download the metadata directly.
|
||||||
|
|
||||||
|
|
|
@ -100,6 +100,7 @@ slug: "2021.8"
|
||||||
|
|
||||||
## Fixed in 2021.8.4
|
## Fixed in 2021.8.4
|
||||||
|
|
||||||
|
- api: add /api/v3 path
|
||||||
- api: add basic rate limiting for sentry proxy endpoint
|
- api: add basic rate limiting for sentry proxy endpoint
|
||||||
- core: fix user_obj being empty on token API
|
- core: fix user_obj being empty on token API
|
||||||
- events: improve logging for task exceptions
|
- events: improve logging for task exceptions
|
||||||
|
|
Reference in a new issue