api: add v3

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2021-09-02 17:40:02 +02:00
parent 5e200655d9
commit f0db408699
13 changed files with 323 additions and 1416 deletions

View file

@ -1,8 +1,10 @@
"""authentik api urls"""
from django.urls import include, path
from authentik.api.v2.urls import urlpatterns as v2_urls
from authentik.api.v3.urls import urlpatterns as v3_urls
urlpatterns = [
path("v2beta/", include(v2_urls)),
# Remove in 2022.1
path("v2beta/", include(v3_urls)),
path("v3/", include(v3_urls)),
]

View file

@ -1,4 +1,4 @@
"""api v2 urls"""
"""api v3 urls"""
from django.urls import path
from django.views.decorators.csrf import csrf_exempt
from drf_spectacular.views import SpectacularAPIView
@ -10,8 +10,8 @@ from authentik.admin.api.system import SystemView
from authentik.admin.api.tasks import TaskViewSet
from authentik.admin.api.version import VersionView
from authentik.admin.api.workers import WorkerView
from authentik.api.v2.config import ConfigView
from authentik.api.v2.sentry import SentryTunnelView
from authentik.api.v3.config import ConfigView
from authentik.api.v3.sentry import SentryTunnelView
from authentik.api.views import APIBrowserView
from authentik.core.api.applications import ApplicationViewSet
from authentik.core.api.authenticated_sessions import AuthenticatedSessionViewSet

View file

@ -150,12 +150,20 @@ SPECTACULAR_SETTINGS = {
"DESCRIPTION": "Making authentication simple.",
"VERSION": __version__,
"COMPONENT_SPLIT_REQUEST": True,
"SCHEMA_PATH_PREFIX": "/api/v([0-9]+(beta)?)",
"SCHEMA_PATH_PREFIX_TRIM": True,
"SERVERS": [
{
"url": "http://authentik.tld/api/v3/",
},
{
"url": "http://authentik.tld/api/v2beta/",
},
],
"CONTACT": {
"email": "hello@beryju.org",
},
'AUTHENTICATION_WHITELIST': [
"authentik.api.authentication.TokenAuthentication"
],
"AUTHENTICATION_WHITELIST": ["authentik.api.authentication.TokenAuthentication"],
"LICENSE": {
"name": "GNU GPLv3",
"url": "https://github.com/goauthentik/authentik/blob/master/LICENSE",
@ -183,6 +191,9 @@ REST_FRAMEWORK = {
"rest_framework.filters.OrderingFilter",
"rest_framework.filters.SearchFilter",
],
'DEFAULT_PARSER_CLASSES': [
'rest_framework.parsers.JSONParser',
],
"DEFAULT_PERMISSION_CLASSES": ("rest_framework.permissions.DjangoObjectPermissions",),
"DEFAULT_AUTHENTICATION_CLASSES": (
"authentik.api.authentication.TokenAuthentication",

1691
schema.yml

File diff suppressed because it is too large Load diff

View file

@ -50,7 +50,7 @@ export function tenant(): Promise<CurrentTenant> {
}
export const DEFAULT_CONFIG = new Configuration({
basePath: "",
basePath: "/api/v3",
headers: {
"X-CSRFToken": getCookie("authentik_csrf"),
},

View file

@ -15,7 +15,7 @@ export function configureSentry(canDoPpi: boolean = false): Promise<Config> {
Sentry.init({
dsn: "https://a579bb09306d4f8b8d8847c052d3a1d3@sentry.beryju.org/8",
release: `authentik@${VERSION}`,
tunnel: "/api/v2beta/sentry/",
tunnel: "/api/v3/sentry/",
integrations: [
new Integrations.BrowserTracing({
tracingOrigins: [window.location.host, "localhost"],

View file

@ -2,9 +2,9 @@
title: API
---
Starting with 2021.3.5, every authentik instance has a built-in API browser, which can be accessed at https://authentik.company/api/v2beta/.
Starting with 2021.3.5, every authentik instance has a built-in API browser, which can be accessed at https://authentik.company/api/v3/.
To generate an API client, you can use the OpenAPI v3 schema at https://authentik.company/api/v2beta/schema/.
To generate an API client, you can use the OpenAPI v3 schema at https://authentik.company/api/v3/schema/.
While testing, the API requests are authenticated by your browser session.

View file

@ -10,13 +10,13 @@ However, any flow can be executed via an API from anywhere, in fact that is what
Because the flow executor stores its state in the HTTP Session, so you need to ensure cookies between flow executor requests are persisted.
:::
The main endpoint for flow execution is `/api/v2beta/flows/executor/:slug`.
The main endpoint for flow execution is `/api/v3/flows/executor/:slug`.
This endpoint accepts a query parameter called `query`, in which the flow executor sends the full Query-string.
To initiate a new flow, execute a GET request.
## `GET /api/v2beta/flows/executor/test-flow/`
## `GET /api/v3/flows/executor/test-flow/`
Below is the response, for example for an Identification stage.
@ -45,7 +45,7 @@ Below is the response, for example for an Identification stage.
To respond to this challenge, send a response:
## `POST /api/v2beta/flows/executor/test-flow/`
## `POST /api/v3/flows/executor/test-flow/`
With this body
@ -63,7 +63,7 @@ Depending on the flow, you'll either get a 200 Response with another challenge,
Depending also on the stage, a response might take longer to be returned (especially with the Duo Authenticator validation).
To see the data layout for every stage possible, see the [API Browser](https://goauthentik.io/api/#get-/api/v2beta/flows/executor/-flow_slug-/)
To see the data layout for every stage possible, see the [API Browser](https://goauthentik.io/api/#get-/api/v3/flows/executor/-flow_slug-/)
## Result

View file

@ -10,7 +10,7 @@ Default fields are exposed through auto-generated Property Mappings, which are p
| SSO (Redirect binding) | `/application/saml/<application slug>/sso/binding/redirect/` |
| SSO (POST binding) | `/application/saml/<application slug>/sso/binding/post/` |
| IdP-initiated login | `/application/saml/<application slug>/sso/binding/init/` |
| Metadata Download | `/api/v2beta/providers/saml/<provider uid>/metadata/?download/`|
| Metadata Download | `/api/v3/providers/saml/<provider uid>/metadata/?download/`|
You can download the metadata through the Webinterface, this link might be handy if your software wants to download the metadata directly.

View file

@ -100,6 +100,7 @@ slug: "2021.8"
## Fixed in 2021.8.4
- api: add /api/v3 path
- api: add basic rate limiting for sentry proxy endpoint
- core: fix user_obj being empty on token API
- events: improve logging for task exceptions