--- title: Release 2022.10 slug: "2022.10" --- ## Breaking changes - Several challenge components have been renamed to better match the rest of the challenges - The SAML Source has been updated to use connection objects instead of directly creating users. ## New features - Support for OAuth2 Device flow See more in the OAuth2 provider docs [here](../providers/oauth2/device_code). This flow allows users to authenticate on devices that have limited input possibilities and or no browser access. - Customizable payload for SMS Authenticator stage when using Generic provider. - Revamped SAML Source The SAML source uses connection objects and the same Flow manager as the OAuth and Plex source. Additionally error-handling has been improved. This also allows for mapping fields from SAML Source to users. ## API Changes #### What's New --- ##### `POST` /flows/instances/import/ ##### `GET` /sources/user_connections/saml/ ##### `POST` /sources/user_connections/saml/ ##### `GET` /sources/user_connections/saml/{id}/ ##### `PUT` /sources/user_connections/saml/{id}/ ##### `DELETE` /sources/user_connections/saml/{id}/ ##### `PATCH` /sources/user_connections/saml/{id}/ ##### `GET` /sources/user_connections/saml/{id}/used_by/ #### What's Deleted --- ##### `POST` /flows/instances/import_flow/ #### What's Changed --- ##### `GET` /core/tenants/{tenant_uuid}/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Added property `flow_device_code` (string) ##### `PUT` /core/tenants/{tenant_uuid}/ ###### Request: Changed content type : `application/json` - Added property `flow_device_code` (string) ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Added property `flow_device_code` (string) ##### `PATCH` /core/tenants/{tenant_uuid}/ ###### Request: Changed content type : `application/json` - Added property `flow_device_code` (string) ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Added property `flow_device_code` (string) ##### `GET` /propertymappings/notification/{pm_uuid}/ ###### Parameters: Changed: `pm_uuid` in `path` > A UUID string identifying this Webhook Mapping. ##### `PUT` /propertymappings/notification/{pm_uuid}/ ###### Parameters: Changed: `pm_uuid` in `path` > A UUID string identifying this Webhook Mapping. ##### `DELETE` /propertymappings/notification/{pm_uuid}/ ###### Parameters: Changed: `pm_uuid` in `path` > A UUID string identifying this Webhook Mapping. ##### `PATCH` /propertymappings/notification/{pm_uuid}/ ###### Parameters: Changed: `pm_uuid` in `path` > A UUID string identifying this Webhook Mapping. ##### `GET` /admin/metrics/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` New required properties: - `authorizations_per_1h` * Added property `authorizations_per_1h` (array) Items (object): > Coordinates for diagrams - Property `x_cord` (integer) - Property `y_cord` (integer) ##### `POST` /core/tenants/ ###### Request: Changed content type : `application/json` - Added property `flow_device_code` (string) ###### Return Type: Changed response : **201 Created** - Changed content type : `application/json` - Added property `flow_device_code` (string) ##### `GET` /core/tenants/ ###### Parameters: Added: `flow_device_code` in `query` ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `results` (array) Changed items (object): > Tenant Serializer - Added property `flow_device_code` (string) ##### `GET` /core/tenants/current/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Added property `flow_device_code` (string) ##### `GET` /crypto/certificatekeypairs/ ###### Parameters: Added: `include_details` in `query` ##### `GET` /propertymappings/notification/{pm_uuid}/used_by/ ###### Parameters: Changed: `pm_uuid` in `path` > A UUID string identifying this Webhook Mapping. ##### `GET` /root/config/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `capabilities` (array) Changed items (string): Added enum value: - `can_debug` ##### `GET` /sources/oauth/{slug}/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `provider_type` (string) Added enum value: - `twitch` ##### `PUT` /sources/oauth/{slug}/ ###### Request: Changed content type : `application/json` - Changed property `provider_type` (string) Added enum value: - `twitch` ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `provider_type` (string) Added enum value: - `twitch` ##### `PATCH` /sources/oauth/{slug}/ ###### Request: Changed content type : `application/json` - Changed property `provider_type` (string) Added enum value: - `twitch` ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `provider_type` (string) Added enum value: - `twitch` ##### `POST` /sources/oauth/ ###### Request: Changed content type : `application/json` - Changed property `provider_type` (string) Added enum value: - `twitch` ###### Return Type: Changed response : **201 Created** - Changed content type : `application/json` - Changed property `provider_type` (string) Added enum value: - `twitch` ##### `GET` /sources/oauth/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `results` (array) Changed items (object): > OAuth Source Serializer - Changed property `provider_type` (string) Added enum value: - `twitch` ##### `GET` /stages/authenticator/sms/{stage_uuid}/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Added property `mapping` (string) > Optionally modify the payload being sent to custom providers. ##### `PUT` /stages/authenticator/sms/{stage_uuid}/ ###### Request: Changed content type : `application/json` - Added property `mapping` (string) > Optionally modify the payload being sent to custom providers. ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Added property `mapping` (string) > Optionally modify the payload being sent to custom providers. ##### `PATCH` /stages/authenticator/sms/{stage_uuid}/ ###### Request: Changed content type : `application/json` - Added property `mapping` (string) > Optionally modify the payload being sent to custom providers. ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Added property `mapping` (string) > Optionally modify the payload being sent to custom providers. ##### `GET` /flows/executor/{flow_slug}/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` Deleted 'ak-flow-sources-plex' component Deleted 'ak-flow-sources-oauth-apple' component Added 'ak-provider-oauth2-device-code' component: - Property `type` (string) Enum values: - `native` - `shell` - `redirect` - Property `flow_info` (object) > Contextual flow information for a challenge - Property `title` (string) - Property `background` (string) - Property `cancel_url` (string) - Property `layout` (string) Enum values: - `stacked` - `content_left` - `content_right` - `sidebar_left` - `sidebar_right` - Property `component` (string) - Property `response_errors` (object) Added 'ak-source-oauth-apple' component: - Property `type` (string) - Property `flow_info` (object) > Contextual flow information for a challenge - Property `component` (string) - Property `response_errors` (object) - Property `client_id` (string) - Property `scope` (string) - Property `redirect_uri` (string) - Property `state` (string) Added 'ak-source-plex' component: - Property `type` (string) - Property `flow_info` (object) > Contextual flow information for a challenge - Property `component` (string) - Property `response_errors` (object) - Property `client_id` (string) - Property `slug` (string) Added 'ak-provider-oauth2-device-code-finish' component: - Property `type` (string) - Property `flow_info` (object) > Contextual flow information for a challenge - Property `component` (string) - Property `response_errors` (object) Updated `ak-stage-identification` component: - Changed property `sources` (array) Changed items (object): > Serializer for Login buttons of sources - Changed property `challenge` (object) Deleted 'ak-flow-sources-plex' component Deleted 'ak-flow-sources-oauth-apple' component Added 'ak-source-oauth-apple' component: Added 'ak-source-plex' component: ##### `POST` /flows/executor/{flow_slug}/ ###### Request: Changed content type : `application/json` Deleted 'ak-flow-sources-plex' component Deleted 'ak-flow-sources-oauth-apple' component Added 'ak-provider-oauth2-device-code' component: - Property `component` (string) - Property `code` (integer) Added 'ak-source-oauth-apple' component: - Property `component` (string) Added 'ak-source-plex' component: - Property `component` (string) Added 'ak-provider-oauth2-device-code-finish' component: - Property `component` (string) ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` Deleted 'ak-flow-sources-plex' component Deleted 'ak-flow-sources-oauth-apple' component Added 'ak-provider-oauth2-device-code' component: Added 'ak-source-oauth-apple' component: Added 'ak-source-plex' component: Added 'ak-provider-oauth2-device-code-finish' component: Updated `ak-stage-identification` component: - Changed property `sources` (array) Changed items (object): > Serializer for Login buttons of sources - Changed property `challenge` (object) Deleted 'ak-flow-sources-plex' component Deleted 'ak-flow-sources-oauth-apple' component Added 'ak-source-oauth-apple' component: Added 'ak-source-plex' component: ##### `POST` /stages/authenticator/sms/ ###### Request: Changed content type : `application/json` - Added property `mapping` (string) > Optionally modify the payload being sent to custom providers. ###### Return Type: Changed response : **201 Created** - Changed content type : `application/json` - Added property `mapping` (string) > Optionally modify the payload being sent to custom providers. ##### `GET` /stages/authenticator/sms/ ###### Parameters: Added: `mapping` in `query` ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `results` (array) Changed items (object): > AuthenticatorSMSStage Serializer - Added property `mapping` (string) > Optionally modify the payload being sent to custom providers. ## Minor changes/fixes - \*: improve error handling in ldap outpost, ignore additional errors - admin: add authorisations metric (#3811) - blueprints: fix error when exporting objects with lazily translated strings - core: fallback to empty user object for PropertyMappingEvaluator - core: fix messages not being shown when no client is connected - core: fix title in generic error template - crypto: fix cert_expiry not having the correct format - crypto: fix import_certificate checking private key as certificate - crypto: make certificate parsing optional for crypto api (#3711) - flows: always show flow inspector in debug mode, don't require admin in debug (#3786) - flows: improved import (show logs, improve UI) (#3807) - flows: optimise queries for flow and stage API endpoints - internal: limit body size - outposts/ldap: increase compatibility with different types in user and group attributes - providers/oauth2: add all hardcoded claims to claims_supported list - providers/oauth2: add device flow (#3334) - providers/oauth2: exclude at_hash claim if not set instead of being null - providers/oauth2: fix issues with es256 and add tests (#3808) - providers/saml: don't attempt verification of SAML request when no verification certificate is configured - root: add global fallback throttle - root: Add setting to adjust database config for pgbouncer (#3769) - root: decrease default token size to 60 chars for compatibility (#3710) - root: save email template directory in config - sources/oauth: add Twitch OAuth source (#3746) - sources/oauth: allow overriding of all scopes - sources/saml: improve error handling for missing assertion and missing subject - sources/saml: revamp SAML Source (#3785) - stages/authenticator_sms: make sms stage payload customisable (#3780) - stages/email: don't check that email templates exist on startup - web: use drawSelection to workaround cursor bug when using CodeMirror with ShadowDOM in firefox - web/\*: fix blank api drawer - web/admin: allow web-based sources to have empty enrollment/authentication flow - web/admin: rework scrolling in modals, ensure overlay covers everything - web/admin: set card headers and icons in card class - web/flows: improve display for action-showing stages - web/flows: update flow background - website/docs: add warning to trace log level ## Upgrading This release does not introduce any new requirements. ### docker-compose Download the docker-compose file for 2022.10 from [here](https://goauthentik.io/version/2022.10/docker-compose.yml). Afterwards, simply run `docker-compose up -d`. ### Kubernetes Update your values to use the new images: ```yaml image: repository: ghcr.io/goauthentik/server tag: 2022.10.1 ```