--- title: Release 2023.2 slug: "/releases/2023.2" --- ## New features - Proxy provider logout improvements In previous versions, logging out of a single proxied application would only invalidate that application's session. Starting with this release, when logging out of a proxied application (via the _/outpost.goauthentik.io/sign_out_ URL), all the users session within the outpost are terminated. Sessions in other outposts and with other protocols are unaffected. - UX Improvements As with the previous improvements, we've made a lot of minor improvements to the general authentik UX to make your life easier. ## Upgrading This release does not introduce any new requirements. ### docker-compose Download the docker-compose file for 2023.2 from [here](https://goauthentik.io/version/2023.2/docker-compose.yml). Afterwards, simply run `docker-compose up -d`. ### Kubernetes Update your values to use the new images: ```yaml image: repository: ghcr.io/goauthentik/server tag: 2023.2.0 ``` ## Minor changes/fixes - \*/saml: disable pretty_print, add signature tests - blueprints: don't update default tenant - blueprints: handle error when blueprint entry identifier field does not exist - core: delete session when user is set to inactive - core: fix inconsistent branding in end_session view - core: fix token's set_key accessing data incorrectly - events: improve sanitising for tuples and sets - events: prevent error when request fails without response - internal: fix cache-control header - providers/ldap: add unbind flow execution (#4484) - providers/ldap: fix error not being checked correctly when fetching users - providers/oauth2: add user id as "sub" mode - providers/oauth2: only set auth_time in ID token when a login event is stored in the session - providers/oauth2: optimise client credentials JWT database lookup (#4606) - providers/proxy: outpost wide logout implementation (#4605) - stages/authenticator_validate: fix error with passwordless webauthn login - stages/prompt: field name (#4497) - stages/prompt: fix mismatched name field in migration - stages/user_write: fix migration setting wrong value, fix form - web/admin: fix certificate filtering for SAML verification certificate - web/admin: fix dark theme for hover on tables - web/admin: fix token edit button - web/admin: rework event info page to show all event infos - web/elements: add dropdown css to DOM directly instead of including - web/elements: fix ak-expand not using correct font - web/elements: fix clashing page url param - web/elements: fix click propagation from modal into table - web/elements: improve codemirror contrast in dark theme - web/elements: make table rows clickable to select items - web/elements: persist table page in URL parameters - web/flows: improve handling of flow info - web/user: filter tokens by username - web/user: refactor loading of data in userinterface ## API Changes #### What's New --- ##### `POST` /admin/system/ #### What's Changed --- ##### `POST` /core/tokens/{identifier}/set_key/ ##### `GET` /providers/oauth2/{id}/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `sub_mode` (string) > Configure what data should be used as unique User Identifier. For most cases, the default should be fine. Added enum value: - `user_id` ##### `PUT` /providers/oauth2/{id}/ ###### Request: Changed content type : `application/json` - Changed property `sub_mode` (string) > Configure what data should be used as unique User Identifier. For most cases, the default should be fine. Added enum value: - `user_id` ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `sub_mode` (string) > Configure what data should be used as unique User Identifier. For most cases, the default should be fine. Added enum value: - `user_id` ##### `PATCH` /providers/oauth2/{id}/ ###### Request: Changed content type : `application/json` - Changed property `sub_mode` (string) > Configure what data should be used as unique User Identifier. For most cases, the default should be fine. Added enum value: - `user_id` ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `sub_mode` (string) > Configure what data should be used as unique User Identifier. For most cases, the default should be fine. Added enum value: - `user_id` ##### `POST` /providers/oauth2/ ###### Request: Changed content type : `application/json` - Changed property `sub_mode` (string) > Configure what data should be used as unique User Identifier. For most cases, the default should be fine. Added enum value: - `user_id` ###### Return Type: Changed response : **201 Created** - Changed content type : `application/json` - Changed property `sub_mode` (string) > Configure what data should be used as unique User Identifier. For most cases, the default should be fine. Added enum value: - `user_id` ##### `GET` /providers/oauth2/ ###### Parameters: Changed: `sub_mode` in `query` > Configure what data should be used as unique User Identifier. For most cases, the default should be fine. ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `results` (array) Changed items (object): > OAuth2Provider Serializer - Changed property `sub_mode` (string) > Configure what data should be used as unique User Identifier. For most cases, the default should be fine. Added enum value: - `user_id` ##### `GET` /oauth2/authorization_codes/{id}/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `provider` (object) > OAuth2Provider Serializer - Changed property `sub_mode` (string) > Configure what data should be used as unique User Identifier. For most cases, the default should be fine. Added enum value: - `user_id` ##### `GET` /oauth2/refresh_tokens/{id}/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `provider` (object) > OAuth2Provider Serializer - Changed property `sub_mode` (string) > Configure what data should be used as unique User Identifier. For most cases, the default should be fine. Added enum value: - `user_id` ##### `GET` /oauth2/authorization_codes/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `results` (array) Changed items (object): > Serializer for BaseGrantModel and ExpiringBaseGrant - Changed property `provider` (object) > OAuth2Provider Serializer - Changed property `sub_mode` (string) > Configure what data should be used as unique User Identifier. For most cases, the default should be fine. Added enum value: - `user_id` ##### `GET` /oauth2/refresh_tokens/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `results` (array) Changed items (object): > Serializer for BaseGrantModel and RefreshToken - Changed property `provider` (object) > OAuth2Provider Serializer - Changed property `sub_mode` (string) > Configure what data should be used as unique User Identifier. For most cases, the default should be fine. Added enum value: - `user_id` ##### `GET` /stages/prompt/prompts/{prompt_uuid}/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` New required properties: - `name` * Added property `name` (string) ##### `PUT` /stages/prompt/prompts/{prompt_uuid}/ ###### Request: Changed content type : `application/json` New required properties: - `name` * Added property `name` (string) ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` New required properties: - `name` * Added property `name` (string) ##### `PATCH` /stages/prompt/prompts/{prompt_uuid}/ ###### Request: Changed content type : `application/json` - Added property `name` (string) ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` New required properties: - `name` * Added property `name` (string) ##### `POST` /stages/prompt/prompts/ ###### Request: Changed content type : `application/json` New required properties: - `name` * Added property `name` (string) ###### Return Type: Changed response : **201 Created** - Changed content type : `application/json` New required properties: - `name` * Added property `name` (string) ##### `GET` /stages/prompt/prompts/ ###### Parameters: Added: `name` in `query` ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `results` (array) Changed items (object): > Prompt Serializer New required properties: - `name` * Added property `name` (string)