---
title: Release 2023.2
slug: "/releases/2023.2"
---

## New features

-   Proxy provider logout improvements

    In previous versions, logging out of a single proxied application would only invalidate that application's session. Starting with this release, when logging out of a proxied application (via the _/outpost.goauthentik.io/sign_out_ URL), all the users session within the outpost are terminated. Sessions in other outposts and with other protocols are unaffected.

-   UX Improvements

    As with the previous improvements, we've made a lot of minor improvements to the general authentik UX to make your life easier.

## Upgrading

This release does not introduce any new requirements.

### docker-compose

Download the docker-compose file for 2023.2 from [here](https://goauthentik.io/version/2023.2/docker-compose.yml). Afterwards, simply run `docker-compose up -d`.

### Kubernetes

Update your values to use the new images:

```yaml
image:
    repository: ghcr.io/goauthentik/server
    tag: 2023.2.0
```

## Minor changes/fixes

-   \*/saml: disable pretty_print, add signature tests
-   blueprints: don't update default tenant
-   blueprints: handle error when blueprint entry identifier field does not exist
-   core: delete session when user is set to inactive
-   core: fix inconsistent branding in end_session view
-   core: fix token's set_key accessing data incorrectly
-   events: improve sanitising for tuples and sets
-   events: prevent error when request fails without response
-   internal: fix cache-control header
-   providers/ldap: add unbind flow execution (#4484)
-   providers/ldap: fix error not being checked correctly when fetching users
-   providers/oauth2: add user id as "sub" mode
-   providers/oauth2: only set auth_time in ID token when a login event is stored in the session
-   providers/oauth2: optimise client credentials JWT database lookup (#4606)
-   providers/proxy: outpost wide logout implementation (#4605)
-   stages/authenticator_validate: fix error with passwordless webauthn login
-   stages/prompt: field name (#4497)
-   stages/prompt: fix mismatched name field in migration
-   stages/user_write: fix migration setting wrong value, fix form
-   web/admin: fix certificate filtering for SAML verification certificate
-   web/admin: fix dark theme for hover on tables
-   web/admin: fix token edit button
-   web/admin: rework event info page to show all event infos
-   web/elements: add dropdown css to DOM directly instead of including
-   web/elements: fix ak-expand not using correct font
-   web/elements: fix clashing page url param
-   web/elements: fix click propagation from modal into table
-   web/elements: improve codemirror contrast in dark theme
-   web/elements: make table rows clickable to select items
-   web/elements: persist table page in URL parameters
-   web/flows: improve handling of flow info
-   web/user: filter tokens by username
-   web/user: refactor loading of data in userinterface

## API Changes

#### What's New

---

##### `POST` /admin/system/

#### What's Changed

---

##### `POST` /core/tokens/{identifier}/set_key/

##### `GET` /providers/oauth2/{id}/

###### Return Type:

Changed response : **200 OK**

-   Changed content type : `application/json`

    -   Changed property `sub_mode` (string)

        > Configure what data should be used as unique User Identifier. For most cases, the default should be fine.

        Added enum value:

        -   `user_id`

##### `PUT` /providers/oauth2/{id}/

###### Request:

Changed content type : `application/json`

-   Changed property `sub_mode` (string)

    > Configure what data should be used as unique User Identifier. For most cases, the default should be fine.

    Added enum value:

    -   `user_id`

###### Return Type:

Changed response : **200 OK**

-   Changed content type : `application/json`

    -   Changed property `sub_mode` (string)

        > Configure what data should be used as unique User Identifier. For most cases, the default should be fine.

        Added enum value:

        -   `user_id`

##### `PATCH` /providers/oauth2/{id}/

###### Request:

Changed content type : `application/json`

-   Changed property `sub_mode` (string)

    > Configure what data should be used as unique User Identifier. For most cases, the default should be fine.

    Added enum value:

    -   `user_id`

###### Return Type:

Changed response : **200 OK**

-   Changed content type : `application/json`

    -   Changed property `sub_mode` (string)

        > Configure what data should be used as unique User Identifier. For most cases, the default should be fine.

        Added enum value:

        -   `user_id`

##### `POST` /providers/oauth2/

###### Request:

Changed content type : `application/json`

-   Changed property `sub_mode` (string)

    > Configure what data should be used as unique User Identifier. For most cases, the default should be fine.

    Added enum value:

    -   `user_id`

###### Return Type:

Changed response : **201 Created**

-   Changed content type : `application/json`

    -   Changed property `sub_mode` (string)

        > Configure what data should be used as unique User Identifier. For most cases, the default should be fine.

        Added enum value:

        -   `user_id`

##### `GET` /providers/oauth2/

###### Parameters:

Changed: `sub_mode` in `query`

> Configure what data should be used as unique User Identifier. For most cases, the default should be fine.

###### Return Type:

Changed response : **200 OK**

-   Changed content type : `application/json`

    -   Changed property `results` (array)

        Changed items (object): > OAuth2Provider Serializer

        -   Changed property `sub_mode` (string)

            > Configure what data should be used as unique User Identifier. For most cases, the default should be fine.

            Added enum value:

            -   `user_id`

##### `GET` /oauth2/authorization_codes/{id}/

###### Return Type:

Changed response : **200 OK**

-   Changed content type : `application/json`

    -   Changed property `provider` (object)

        > OAuth2Provider Serializer

        -   Changed property `sub_mode` (string)

            > Configure what data should be used as unique User Identifier. For most cases, the default should be fine.

            Added enum value:

            -   `user_id`

##### `GET` /oauth2/refresh_tokens/{id}/

###### Return Type:

Changed response : **200 OK**

-   Changed content type : `application/json`

    -   Changed property `provider` (object)

        > OAuth2Provider Serializer

        -   Changed property `sub_mode` (string)

            > Configure what data should be used as unique User Identifier. For most cases, the default should be fine.

            Added enum value:

            -   `user_id`

##### `GET` /oauth2/authorization_codes/

###### Return Type:

Changed response : **200 OK**

-   Changed content type : `application/json`

    -   Changed property `results` (array)

        Changed items (object): > Serializer for BaseGrantModel and ExpiringBaseGrant

        -   Changed property `provider` (object)

            > OAuth2Provider Serializer

            -   Changed property `sub_mode` (string)

                > Configure what data should be used as unique User Identifier. For most cases, the default should be fine.

                Added enum value:

                -   `user_id`

##### `GET` /oauth2/refresh_tokens/

###### Return Type:

Changed response : **200 OK**

-   Changed content type : `application/json`

    -   Changed property `results` (array)

        Changed items (object): > Serializer for BaseGrantModel and RefreshToken

        -   Changed property `provider` (object)

            > OAuth2Provider Serializer

            -   Changed property `sub_mode` (string)

                > Configure what data should be used as unique User Identifier. For most cases, the default should be fine.

                Added enum value:

                -   `user_id`

##### `GET` /stages/prompt/prompts/{prompt_uuid}/

###### Return Type:

Changed response : **200 OK**

-   Changed content type : `application/json`

    New required properties:

    -   `name`

    *   Added property `name` (string)

##### `PUT` /stages/prompt/prompts/{prompt_uuid}/

###### Request:

Changed content type : `application/json`

New required properties:

-   `name`

*   Added property `name` (string)

###### Return Type:

Changed response : **200 OK**

-   Changed content type : `application/json`

    New required properties:

    -   `name`

    *   Added property `name` (string)

##### `PATCH` /stages/prompt/prompts/{prompt_uuid}/

###### Request:

Changed content type : `application/json`

-   Added property `name` (string)

###### Return Type:

Changed response : **200 OK**

-   Changed content type : `application/json`

    New required properties:

    -   `name`

    *   Added property `name` (string)

##### `POST` /stages/prompt/prompts/

###### Request:

Changed content type : `application/json`

New required properties:

-   `name`

*   Added property `name` (string)

###### Return Type:

Changed response : **201 Created**

-   Changed content type : `application/json`

    New required properties:

    -   `name`

    *   Added property `name` (string)

##### `GET` /stages/prompt/prompts/

###### Parameters:

Added: `name` in `query`

###### Return Type:

Changed response : **200 OK**

-   Changed content type : `application/json`

    -   Changed property `results` (array)

        Changed items (object): > Prompt Serializer

        New required properties:

        -   `name`

        *   Added property `name` (string)