This repository has been archived on 2024-05-31. You can view files and clone it, but cannot push or open issues or pull requests.
authentik/website/docs/releases/2023/v2023.8.md
Marc 'risson' Schmitt 95132082e1
website/docs: add operations category
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
2023-12-27 15:34:47 +01:00

1310 lines
51 KiB
Markdown

---
title: Release 2023.8
slug: "/releases/2023.8"
---
## Breaking changes
- Removal of PostgreSQL 11 support
As announced in the [2023.5](./v2023.5.md) release notes (and postponed by a release), this release requires PostgreSQL 12 or newer. This is due to a changed requirement in a framework we use, Django.
This does not affect docker-compose installations (as these already ship with PostgreSQL 12), however it is still recommended to upgrade to a newer version when convenient.
For Kubernetes install, a manual one-time migration has to be done: [Upgrading PostgreSQL on Kubernetes](../../operations/postgres_upgrade_kubernetes.md)
- Changed nested Group membership behaviour
In previous versions, nested groups were handled very inconsistently. Binding a group to an application/etc would check the membership recursively, however when using `user.ak_groups.all()` would only return direct memberships. Additionally, using `user.group_attributes()` would do the same and only merge all group attributes for direct memberships.
This has been changed to always use the same logic as when checking for access, which means dealing with complex group structures is a lot more consistent.
Policies that do use `user.ak_groups.all()` will retain the current behaviour, to use the new behaviour replace the call with `user.all_groups()`.
## New features
- Enterprise (preview)
This is the first release to include the _Enterprise_ section, where you can acquire a license in our Customer Portal and get enterprise licenses for your authentik instance. See more info [here](../../enterprise/index.md)
- Config reloading
For better security and to better support running in a cloud-native environment, authentik now supports dynamic PostgreSQL and Email credentials. In previous versions, both the authentik server and worker containers required restarting to detect the new credentials. In 2023.8, these credentials are automatically refreshed just before they are used. This means you can use something like [Hashicorp Vault](https://vaultproject.io) to manage short-term credentials that are rotated once a day or even more frequently without needing to restart authentik.
## Upgrading
This release changes the PostgreSQL dependency to require Version 12 or later, which only affects Kubernetes installs. See [here](../../operations/postgres_upgrade_kubernetes.md) for more info on upgrading.
### docker-compose
To upgrade, download the new docker-compose file and update the Docker stack with the new version, using these commands:
```
wget -O docker-compose.yml https://goauthentik.io/version/2023.8/docker-compose.yml
docker-compose up -d
```
The `-O` flag retains the downloaded file's name, overwriting any existing local file with the same name.
### Kubernetes
Update your values to use the new images:
```yaml
image:
repository: ghcr.io/goauthentik/server
tag: 2023.8.0
```
## Minor changes/fixes
- \*: fix api errors raised in general validate() to specify a field (#6663)
- api: optimise pagination in API schema (#6478)
- blueprints: fix blueprint importer logging potentially sensitive data (#6567)
- blueprints: fix tag values not resolved correctly (#6653)
- blueprints: prevent duplicate password stage in default flow when using combined identification stage (#6432)
- core: bump django from 4.1.7 to 4.2 (#5238)
- core: fix UUID filter field for users api (#6203)
- core: fix filtering users by type attribute (#6638)
- core: rework recursive group membership (#6017)
- enterprise: add more info to enterprise forecast (#6292)
- enterprise: initial enterprise (#5721)
- events: fix authentik_system_tasks metric status label (#6252)
- events: fix monitored task not removing state (#6386)
- outposts/ldap: add more tests (#6188)
- outposts/ldap: add test for attribute filtering (#6189)
- outposts: Fix infinite self-recursion in traefik reconciler (#6336)
- outposts: fix Kubernetes patch processing (#6338)
- outposts: make metrics compliant with Prometheus best-practices (#6398)
- outposts: support json patch for Kubernetes (#6319)
- providers/oauth2: fix aud (Audience) field type which can be a list of… (#6447)
- providers/oauth2: fix grant_type password raising an exception (#6333)
- providers/oauth2: fix id_token being saved incorrectly leading to lost claims (#6645)
- providers/proxy: fix JWKS URL in embedded outpost (#6644)
- providers/proxy: only intercept auth header when a value is set (#6488)
- providers/proxy: set outpost session cookie to httponly and secure wh… (#6482)
- root: always use persistent database connections (#6560)
- root: config: config discovery parity between Go and Python
- root: config: remove redundant default configs
- root: migrate bootstrap to blueprints (#6433)
- root: partial Live-updating config (#5959)
- root: replace builtin psycopg libpq binary implementation with distro… (#6448)
- root: set csrf cookie's secure flag same as session (#6350)
- sources/ldap: check nsaccountlock for FreeIPA/389-ds (#6270)
- sources/ldap: fix ldap_sync cli command not running in foreground (#6325)
- sources/ldap: fix syncing large LDAP directories (#6384)
- stages/authenticator_static: make static token size adjustable (#6565)
- web/admin: adjust style of page header (#6355)
- web/admin: fix EventMatcherPolicyForm empty values (#6539)
- web/admin: fix admin overview layout (#6220)
- web/admin: fix user sorting by active field (#6485)
- web/admin: hide pagination when no data is loaded yet (#6353)
- web/admin: make version clickable for stable releases (#6626)
- web/admin: only show token expiry when token is set to expire (#6643)
- web/admin: set required flag to false for user attributes (#6418)
- web/common: make API errors more prominent in developer tools (#6637)
- web/elements: improve table error handling, prevent infinite loading … (#6636)
- web/flows: fix identification stage band color (#6489)
- web/flows: update flow background (#6579)
- web/user: fix alignment between image icons and fallback text icons (#6416)
- web/user: fix app icon size for user interface
- web/user: fix background alignment (#6383)
- web/user: fix user settings colours on dark theme (#6499)
- web/user: fix user settings elements not being in cards (#6608)
- web/user: only render expand element when required (#6641)
- web: fix app icon rendering, style refinements (#6409)
- web: refactor locale handler into top-level context handler (#6022)
- web: replace deprecated terser rollup plugin, remove unused plugin (#6615)
- web: rework and expand tooltips (#6435)
## Fixed in 2023.8.1
- blueprints: fix policy exception causing password stage to be skipped after upgrade (#6674)
- root: revert persistent connections causing postgres out of connections errors (#6677)
- web: fix notification drawer scrolling (#6675)
- web/admin: fix version link to release notes (#6676)
## Fixed in 2023.8.2
- core: make groups' parent_name nullable as it might not be set (#6700)
- crypto: fix certificate has_key filter (#6727)
- events: fix missing application names from most used applications (#6689)
- policies/reputation: fix reputation not expiring (#6714)
- providers/oauth2: fix incorrect scope permissions shown (#6696)
- providers/saml: fix SAML metadata import API requiring flow slug inst… (#6729)
- root: expand exception logging (#6690)
- web/admin: clear other options depending on what the binding targets (#6703)
- web/admin: fix ak-toggle-group for policy and blueprint uses (#6687)
## Fixed in 2023.8.3
- core: bump celery from 5.3.1 to 5.3.4
- core: bump django from 4.2.4 to 4.2.5 (#6751)
- core: remove celery's duplicate max_tasks_per_child (#6840)
- policies/reputation: require either check to be enabled (#6764)
- providers/scim: check that a provider exists before starting scim task (#6841)
- root: fix broken celery dependency (#6744)
- root: lock node to 20.5 (#6776)
- sources/ldap: dont prefetch useless items (#6812)
- sources/ldap: fix FreeIPA nsaccountlock sync (#6745)
- sources/ldap: fix task timeout for ldap_sync_all and ldap_sync_single (#6809)
- stages/password: fix failed_attempts_before_cancel allowing one too m… (#6763)
- web/admin: fix application icon size (#6738)
- web/admin: fix not being able to unset flows (#6838)
- web/admin: fix not being able to unset certificates (#6767)
- web: don't import entire SourceViewPage in flow and user interface (#6761)
- web: replace ampersand (#6737)
## Fixed in 2023.8.4
- security: fix [GHSA-rjvp-29xq-f62w](../security/GHSA-rjvp-29xq-f62w), Reported by [@devSparkle](https://github.com/devSparkle)
## Fixed in 2023.8.5
- security: fix [CVE-2023-48228](../../security/CVE-2023-48228.md), Reported by [@Sapd](https://github.com/Sapd) (#7666)
## API Changes
#### What's New
---
##### `GET` /enterprise/license/
##### `POST` /enterprise/license/
##### `GET` /enterprise/license/&#123;license_uuid&#125;/
##### `PUT` /enterprise/license/&#123;license_uuid&#125;/
##### `DELETE` /enterprise/license/&#123;license_uuid&#125;/
##### `PATCH` /enterprise/license/&#123;license_uuid&#125;/
##### `GET` /enterprise/license/&#123;license_uuid&#125;/used_by/
##### `GET` /enterprise/license/forecast/
##### `GET` /enterprise/license/get_install_id/
##### `GET` /enterprise/license/summary/
#### What's Changed
---
##### `GET` /policies/event_matcher/&#123;policy_uuid&#125;/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `app` (string)
> - `authentik.admin` - authentik Admin
> - `authentik.api` - authentik API
> - `authentik.crypto` - authentik Crypto
> - `authentik.events` - authentik Events
> - `authentik.flows` - authentik Flows
> - `authentik.outposts` - authentik Outpost
> - `authentik.policies.dummy` - authentik Policies.Dummy
> - `authentik.policies.event_matcher` - authentik Policies.Event Matcher
> - `authentik.policies.expiry` - authentik Policies.Expiry
> - `authentik.policies.expression` - authentik Policies.Expression
> - `authentik.policies.password` - authentik Policies.Password
> - `authentik.policies.reputation` - authentik Policies.Reputation
> - `authentik.policies` - authentik Policies
> - `authentik.providers.ldap` - authentik Providers.LDAP
> - `authentik.providers.oauth2` - authentik Providers.OAuth2
> - `authentik.providers.proxy` - authentik Providers.Proxy
> - `authentik.providers.radius` - authentik Providers.Radius
> - `authentik.providers.saml` - authentik Providers.SAML
> - `authentik.providers.scim` - authentik Providers.SCIM
> - `authentik.recovery` - authentik Recovery
> - `authentik.sources.ldap` - authentik Sources.LDAP
> - `authentik.sources.oauth` - authentik Sources.OAuth
> - `authentik.sources.plex` - authentik Sources.Plex
> - `authentik.sources.saml` - authentik Sources.SAML
> - `authentik.stages.authenticator_duo` - authentik Stages.Authenticator.Duo
> - `authentik.stages.authenticator_sms` - authentik Stages.Authenticator.SMS
> - `authentik.stages.authenticator_static` - authentik Stages.Authenticator.Static
> - `authentik.stages.authenticator_totp` - authentik Stages.Authenticator.TOTP
> - `authentik.stages.authenticator_validate` - authentik Stages.Authenticator.Validate
> - `authentik.stages.authenticator_webauthn` - authentik Stages.Authenticator.WebAuthn
> - `authentik.stages.captcha` - authentik Stages.Captcha
> - `authentik.stages.consent` - authentik Stages.Consent
> - `authentik.stages.deny` - authentik Stages.Deny
> - `authentik.stages.dummy` - authentik Stages.Dummy
> - `authentik.stages.email` - authentik Stages.Email
> - `authentik.stages.identification` - authentik Stages.Identification
> - `authentik.stages.invitation` - authentik Stages.User Invitation
> - `authentik.stages.password` - authentik Stages.Password
> - `authentik.stages.prompt` - authentik Stages.Prompt
> - `authentik.stages.user_delete` - authentik Stages.User Delete
> - `authentik.stages.user_login` - authentik Stages.User Login
> - `authentik.stages.user_logout` - authentik Stages.User Logout
> - `authentik.stages.user_write` - authentik Stages.User Write
> - `authentik.tenants` - authentik Tenants
> - `authentik.blueprints` - authentik Blueprints
> - `authentik.core` - authentik Core
> - `authentik.enterprise` - authentik Enterprise
Removed enum value:
- `authentik.lib`
##### `PUT` /policies/event_matcher/&#123;policy_uuid&#125;/
###### Request:
Changed content type : `application/json`
- Changed property `app` (string)
> - `authentik.admin` - authentik Admin
> - `authentik.api` - authentik API
> - `authentik.crypto` - authentik Crypto
> - `authentik.events` - authentik Events
> - `authentik.flows` - authentik Flows
> - `authentik.outposts` - authentik Outpost
> - `authentik.policies.dummy` - authentik Policies.Dummy
> - `authentik.policies.event_matcher` - authentik Policies.Event Matcher
> - `authentik.policies.expiry` - authentik Policies.Expiry
> - `authentik.policies.expression` - authentik Policies.Expression
> - `authentik.policies.password` - authentik Policies.Password
> - `authentik.policies.reputation` - authentik Policies.Reputation
> - `authentik.policies` - authentik Policies
> - `authentik.providers.ldap` - authentik Providers.LDAP
> - `authentik.providers.oauth2` - authentik Providers.OAuth2
> - `authentik.providers.proxy` - authentik Providers.Proxy
> - `authentik.providers.radius` - authentik Providers.Radius
> - `authentik.providers.saml` - authentik Providers.SAML
> - `authentik.providers.scim` - authentik Providers.SCIM
> - `authentik.recovery` - authentik Recovery
> - `authentik.sources.ldap` - authentik Sources.LDAP
> - `authentik.sources.oauth` - authentik Sources.OAuth
> - `authentik.sources.plex` - authentik Sources.Plex
> - `authentik.sources.saml` - authentik Sources.SAML
> - `authentik.stages.authenticator_duo` - authentik Stages.Authenticator.Duo
> - `authentik.stages.authenticator_sms` - authentik Stages.Authenticator.SMS
> - `authentik.stages.authenticator_static` - authentik Stages.Authenticator.Static
> - `authentik.stages.authenticator_totp` - authentik Stages.Authenticator.TOTP
> - `authentik.stages.authenticator_validate` - authentik Stages.Authenticator.Validate
> - `authentik.stages.authenticator_webauthn` - authentik Stages.Authenticator.WebAuthn
> - `authentik.stages.captcha` - authentik Stages.Captcha
> - `authentik.stages.consent` - authentik Stages.Consent
> - `authentik.stages.deny` - authentik Stages.Deny
> - `authentik.stages.dummy` - authentik Stages.Dummy
> - `authentik.stages.email` - authentik Stages.Email
> - `authentik.stages.identification` - authentik Stages.Identification
> - `authentik.stages.invitation` - authentik Stages.User Invitation
> - `authentik.stages.password` - authentik Stages.Password
> - `authentik.stages.prompt` - authentik Stages.Prompt
> - `authentik.stages.user_delete` - authentik Stages.User Delete
> - `authentik.stages.user_login` - authentik Stages.User Login
> - `authentik.stages.user_logout` - authentik Stages.User Logout
> - `authentik.stages.user_write` - authentik Stages.User Write
> - `authentik.tenants` - authentik Tenants
> - `authentik.blueprints` - authentik Blueprints
> - `authentik.core` - authentik Core
> - `authentik.enterprise` - authentik Enterprise
Removed enum value:
- `authentik.lib`
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `app` (string)
> - `authentik.admin` - authentik Admin
> - `authentik.api` - authentik API
> - `authentik.crypto` - authentik Crypto
> - `authentik.events` - authentik Events
> - `authentik.flows` - authentik Flows
> - `authentik.outposts` - authentik Outpost
> - `authentik.policies.dummy` - authentik Policies.Dummy
> - `authentik.policies.event_matcher` - authentik Policies.Event Matcher
> - `authentik.policies.expiry` - authentik Policies.Expiry
> - `authentik.policies.expression` - authentik Policies.Expression
> - `authentik.policies.password` - authentik Policies.Password
> - `authentik.policies.reputation` - authentik Policies.Reputation
> - `authentik.policies` - authentik Policies
> - `authentik.providers.ldap` - authentik Providers.LDAP
> - `authentik.providers.oauth2` - authentik Providers.OAuth2
> - `authentik.providers.proxy` - authentik Providers.Proxy
> - `authentik.providers.radius` - authentik Providers.Radius
> - `authentik.providers.saml` - authentik Providers.SAML
> - `authentik.providers.scim` - authentik Providers.SCIM
> - `authentik.recovery` - authentik Recovery
> - `authentik.sources.ldap` - authentik Sources.LDAP
> - `authentik.sources.oauth` - authentik Sources.OAuth
> - `authentik.sources.plex` - authentik Sources.Plex
> - `authentik.sources.saml` - authentik Sources.SAML
> - `authentik.stages.authenticator_duo` - authentik Stages.Authenticator.Duo
> - `authentik.stages.authenticator_sms` - authentik Stages.Authenticator.SMS
> - `authentik.stages.authenticator_static` - authentik Stages.Authenticator.Static
> - `authentik.stages.authenticator_totp` - authentik Stages.Authenticator.TOTP
> - `authentik.stages.authenticator_validate` - authentik Stages.Authenticator.Validate
> - `authentik.stages.authenticator_webauthn` - authentik Stages.Authenticator.WebAuthn
> - `authentik.stages.captcha` - authentik Stages.Captcha
> - `authentik.stages.consent` - authentik Stages.Consent
> - `authentik.stages.deny` - authentik Stages.Deny
> - `authentik.stages.dummy` - authentik Stages.Dummy
> - `authentik.stages.email` - authentik Stages.Email
> - `authentik.stages.identification` - authentik Stages.Identification
> - `authentik.stages.invitation` - authentik Stages.User Invitation
> - `authentik.stages.password` - authentik Stages.Password
> - `authentik.stages.prompt` - authentik Stages.Prompt
> - `authentik.stages.user_delete` - authentik Stages.User Delete
> - `authentik.stages.user_login` - authentik Stages.User Login
> - `authentik.stages.user_logout` - authentik Stages.User Logout
> - `authentik.stages.user_write` - authentik Stages.User Write
> - `authentik.tenants` - authentik Tenants
> - `authentik.blueprints` - authentik Blueprints
> - `authentik.core` - authentik Core
> - `authentik.enterprise` - authentik Enterprise
Removed enum value:
- `authentik.lib`
##### `PATCH` /policies/event_matcher/&#123;policy_uuid&#125;/
###### Request:
Changed content type : `application/json`
- Changed property `app` (string)
> - `authentik.admin` - authentik Admin
> - `authentik.api` - authentik API
> - `authentik.crypto` - authentik Crypto
> - `authentik.events` - authentik Events
> - `authentik.flows` - authentik Flows
> - `authentik.outposts` - authentik Outpost
> - `authentik.policies.dummy` - authentik Policies.Dummy
> - `authentik.policies.event_matcher` - authentik Policies.Event Matcher
> - `authentik.policies.expiry` - authentik Policies.Expiry
> - `authentik.policies.expression` - authentik Policies.Expression
> - `authentik.policies.password` - authentik Policies.Password
> - `authentik.policies.reputation` - authentik Policies.Reputation
> - `authentik.policies` - authentik Policies
> - `authentik.providers.ldap` - authentik Providers.LDAP
> - `authentik.providers.oauth2` - authentik Providers.OAuth2
> - `authentik.providers.proxy` - authentik Providers.Proxy
> - `authentik.providers.radius` - authentik Providers.Radius
> - `authentik.providers.saml` - authentik Providers.SAML
> - `authentik.providers.scim` - authentik Providers.SCIM
> - `authentik.recovery` - authentik Recovery
> - `authentik.sources.ldap` - authentik Sources.LDAP
> - `authentik.sources.oauth` - authentik Sources.OAuth
> - `authentik.sources.plex` - authentik Sources.Plex
> - `authentik.sources.saml` - authentik Sources.SAML
> - `authentik.stages.authenticator_duo` - authentik Stages.Authenticator.Duo
> - `authentik.stages.authenticator_sms` - authentik Stages.Authenticator.SMS
> - `authentik.stages.authenticator_static` - authentik Stages.Authenticator.Static
> - `authentik.stages.authenticator_totp` - authentik Stages.Authenticator.TOTP
> - `authentik.stages.authenticator_validate` - authentik Stages.Authenticator.Validate
> - `authentik.stages.authenticator_webauthn` - authentik Stages.Authenticator.WebAuthn
> - `authentik.stages.captcha` - authentik Stages.Captcha
> - `authentik.stages.consent` - authentik Stages.Consent
> - `authentik.stages.deny` - authentik Stages.Deny
> - `authentik.stages.dummy` - authentik Stages.Dummy
> - `authentik.stages.email` - authentik Stages.Email
> - `authentik.stages.identification` - authentik Stages.Identification
> - `authentik.stages.invitation` - authentik Stages.User Invitation
> - `authentik.stages.password` - authentik Stages.Password
> - `authentik.stages.prompt` - authentik Stages.Prompt
> - `authentik.stages.user_delete` - authentik Stages.User Delete
> - `authentik.stages.user_login` - authentik Stages.User Login
> - `authentik.stages.user_logout` - authentik Stages.User Logout
> - `authentik.stages.user_write` - authentik Stages.User Write
> - `authentik.tenants` - authentik Tenants
> - `authentik.blueprints` - authentik Blueprints
> - `authentik.core` - authentik Core
> - `authentik.enterprise` - authentik Enterprise
Removed enum value:
- `authentik.lib`
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `app` (string)
> - `authentik.admin` - authentik Admin
> - `authentik.api` - authentik API
> - `authentik.crypto` - authentik Crypto
> - `authentik.events` - authentik Events
> - `authentik.flows` - authentik Flows
> - `authentik.outposts` - authentik Outpost
> - `authentik.policies.dummy` - authentik Policies.Dummy
> - `authentik.policies.event_matcher` - authentik Policies.Event Matcher
> - `authentik.policies.expiry` - authentik Policies.Expiry
> - `authentik.policies.expression` - authentik Policies.Expression
> - `authentik.policies.password` - authentik Policies.Password
> - `authentik.policies.reputation` - authentik Policies.Reputation
> - `authentik.policies` - authentik Policies
> - `authentik.providers.ldap` - authentik Providers.LDAP
> - `authentik.providers.oauth2` - authentik Providers.OAuth2
> - `authentik.providers.proxy` - authentik Providers.Proxy
> - `authentik.providers.radius` - authentik Providers.Radius
> - `authentik.providers.saml` - authentik Providers.SAML
> - `authentik.providers.scim` - authentik Providers.SCIM
> - `authentik.recovery` - authentik Recovery
> - `authentik.sources.ldap` - authentik Sources.LDAP
> - `authentik.sources.oauth` - authentik Sources.OAuth
> - `authentik.sources.plex` - authentik Sources.Plex
> - `authentik.sources.saml` - authentik Sources.SAML
> - `authentik.stages.authenticator_duo` - authentik Stages.Authenticator.Duo
> - `authentik.stages.authenticator_sms` - authentik Stages.Authenticator.SMS
> - `authentik.stages.authenticator_static` - authentik Stages.Authenticator.Static
> - `authentik.stages.authenticator_totp` - authentik Stages.Authenticator.TOTP
> - `authentik.stages.authenticator_validate` - authentik Stages.Authenticator.Validate
> - `authentik.stages.authenticator_webauthn` - authentik Stages.Authenticator.WebAuthn
> - `authentik.stages.captcha` - authentik Stages.Captcha
> - `authentik.stages.consent` - authentik Stages.Consent
> - `authentik.stages.deny` - authentik Stages.Deny
> - `authentik.stages.dummy` - authentik Stages.Dummy
> - `authentik.stages.email` - authentik Stages.Email
> - `authentik.stages.identification` - authentik Stages.Identification
> - `authentik.stages.invitation` - authentik Stages.User Invitation
> - `authentik.stages.password` - authentik Stages.Password
> - `authentik.stages.prompt` - authentik Stages.Prompt
> - `authentik.stages.user_delete` - authentik Stages.User Delete
> - `authentik.stages.user_login` - authentik Stages.User Login
> - `authentik.stages.user_logout` - authentik Stages.User Logout
> - `authentik.stages.user_write` - authentik Stages.User Write
> - `authentik.tenants` - authentik Tenants
> - `authentik.blueprints` - authentik Blueprints
> - `authentik.core` - authentik Core
> - `authentik.enterprise` - authentik Enterprise
Removed enum value:
- `authentik.lib`
##### `GET` /schema/
###### Parameters:
Changed: `lang` in `query`
##### `GET` /core/tenants/
###### Parameters:
Changed: `branding_favicon` in `query`
Changed: `branding_logo` in `query`
Changed: `branding_title` in `query`
Changed: `default` in `query`
Changed: `domain` in `query`
Changed: `event_retention` in `query`
Changed: `flow_authentication` in `query`
Changed: `flow_device_code` in `query`
Changed: `flow_invalidation` in `query`
Changed: `flow_recovery` in `query`
Changed: `flow_unenrollment` in `query`
Changed: `flow_user_settings` in `query`
Changed: `tenant_uuid` in `query`
Changed: `web_certificate` in `query`
##### `GET` /core/tokens/&#123;identifier&#125;/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `user_obj` (object)
> User Serializer
- Added property `type` (string)
> - `internal` - Internal
> - `external` - External
> - `service_account` - Service Account
> - `internal_service_account` - Internal Service Account
Enum values:
- `internal`
- `external`
- `service_account`
- `internal_service_account`
##### `PUT` /core/tokens/&#123;identifier&#125;/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `user_obj` (object)
> User Serializer
- Added property `type` (string)
> - `internal` - Internal
> - `external` - External
> - `service_account` - Service Account
> - `internal_service_account` - Internal Service Account
##### `PATCH` /core/tokens/&#123;identifier&#125;/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `user_obj` (object)
> User Serializer
- Added property `type` (string)
> - `internal` - Internal
> - `external` - External
> - `service_account` - Service Account
> - `internal_service_account` - Internal Service Account
##### `GET` /core/users/&#123;id&#125;/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Added property `type` (string)
> - `internal` - Internal
> - `external` - External
> - `service_account` - Service Account
> - `internal_service_account` - Internal Service Account
##### `PUT` /core/users/&#123;id&#125;/
###### Request:
Changed content type : `application/json`
- Added property `type` (string)
> - `internal` - Internal
> - `external` - External
> - `service_account` - Service Account
> - `internal_service_account` - Internal Service Account
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Added property `type` (string)
> - `internal` - Internal
> - `external` - External
> - `service_account` - Service Account
> - `internal_service_account` - Internal Service Account
##### `PATCH` /core/users/&#123;id&#125;/
###### Request:
Changed content type : `application/json`
- Added property `type` (string)
> - `internal` - Internal
> - `external` - External
> - `service_account` - Service Account
> - `internal_service_account` - Internal Service Account
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Added property `type` (string)
> - `internal` - Internal
> - `external` - External
> - `service_account` - Service Account
> - `internal_service_account` - Internal Service Account
##### `GET` /crypto/certificatekeypairs/
###### Parameters:
Changed: `managed` in `query`
Changed: `name` in `query`
##### `GET` /policies/bindings/&#123;policy_binding_uuid&#125;/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `user_obj` (object)
> User Serializer
- Added property `type` (string)
> - `internal` - Internal
> - `external` - External
> - `service_account` - Service Account
> - `internal_service_account` - Internal Service Account
##### `PUT` /policies/bindings/&#123;policy_binding_uuid&#125;/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `user_obj` (object)
> User Serializer
- Added property `type` (string)
> - `internal` - Internal
> - `external` - External
> - `service_account` - Service Account
> - `internal_service_account` - Internal Service Account
##### `PATCH` /policies/bindings/&#123;policy_binding_uuid&#125;/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `user_obj` (object)
> User Serializer
- Added property `type` (string)
> - `internal` - Internal
> - `external` - External
> - `service_account` - Service Account
> - `internal_service_account` - Internal Service Account
##### `POST` /policies/event_matcher/
###### Request:
Changed content type : `application/json`
- Changed property `app` (string)
> - `authentik.admin` - authentik Admin
> - `authentik.api` - authentik API
> - `authentik.crypto` - authentik Crypto
> - `authentik.events` - authentik Events
> - `authentik.flows` - authentik Flows
> - `authentik.outposts` - authentik Outpost
> - `authentik.policies.dummy` - authentik Policies.Dummy
> - `authentik.policies.event_matcher` - authentik Policies.Event Matcher
> - `authentik.policies.expiry` - authentik Policies.Expiry
> - `authentik.policies.expression` - authentik Policies.Expression
> - `authentik.policies.password` - authentik Policies.Password
> - `authentik.policies.reputation` - authentik Policies.Reputation
> - `authentik.policies` - authentik Policies
> - `authentik.providers.ldap` - authentik Providers.LDAP
> - `authentik.providers.oauth2` - authentik Providers.OAuth2
> - `authentik.providers.proxy` - authentik Providers.Proxy
> - `authentik.providers.radius` - authentik Providers.Radius
> - `authentik.providers.saml` - authentik Providers.SAML
> - `authentik.providers.scim` - authentik Providers.SCIM
> - `authentik.recovery` - authentik Recovery
> - `authentik.sources.ldap` - authentik Sources.LDAP
> - `authentik.sources.oauth` - authentik Sources.OAuth
> - `authentik.sources.plex` - authentik Sources.Plex
> - `authentik.sources.saml` - authentik Sources.SAML
> - `authentik.stages.authenticator_duo` - authentik Stages.Authenticator.Duo
> - `authentik.stages.authenticator_sms` - authentik Stages.Authenticator.SMS
> - `authentik.stages.authenticator_static` - authentik Stages.Authenticator.Static
> - `authentik.stages.authenticator_totp` - authentik Stages.Authenticator.TOTP
> - `authentik.stages.authenticator_validate` - authentik Stages.Authenticator.Validate
> - `authentik.stages.authenticator_webauthn` - authentik Stages.Authenticator.WebAuthn
> - `authentik.stages.captcha` - authentik Stages.Captcha
> - `authentik.stages.consent` - authentik Stages.Consent
> - `authentik.stages.deny` - authentik Stages.Deny
> - `authentik.stages.dummy` - authentik Stages.Dummy
> - `authentik.stages.email` - authentik Stages.Email
> - `authentik.stages.identification` - authentik Stages.Identification
> - `authentik.stages.invitation` - authentik Stages.User Invitation
> - `authentik.stages.password` - authentik Stages.Password
> - `authentik.stages.prompt` - authentik Stages.Prompt
> - `authentik.stages.user_delete` - authentik Stages.User Delete
> - `authentik.stages.user_login` - authentik Stages.User Login
> - `authentik.stages.user_logout` - authentik Stages.User Logout
> - `authentik.stages.user_write` - authentik Stages.User Write
> - `authentik.tenants` - authentik Tenants
> - `authentik.blueprints` - authentik Blueprints
> - `authentik.core` - authentik Core
> - `authentik.enterprise` - authentik Enterprise
Removed enum value:
- `authentik.lib`
###### Return Type:
Changed response : **201 Created**
- Changed content type : `application/json`
- Changed property `app` (string)
> - `authentik.admin` - authentik Admin
> - `authentik.api` - authentik API
> - `authentik.crypto` - authentik Crypto
> - `authentik.events` - authentik Events
> - `authentik.flows` - authentik Flows
> - `authentik.outposts` - authentik Outpost
> - `authentik.policies.dummy` - authentik Policies.Dummy
> - `authentik.policies.event_matcher` - authentik Policies.Event Matcher
> - `authentik.policies.expiry` - authentik Policies.Expiry
> - `authentik.policies.expression` - authentik Policies.Expression
> - `authentik.policies.password` - authentik Policies.Password
> - `authentik.policies.reputation` - authentik Policies.Reputation
> - `authentik.policies` - authentik Policies
> - `authentik.providers.ldap` - authentik Providers.LDAP
> - `authentik.providers.oauth2` - authentik Providers.OAuth2
> - `authentik.providers.proxy` - authentik Providers.Proxy
> - `authentik.providers.radius` - authentik Providers.Radius
> - `authentik.providers.saml` - authentik Providers.SAML
> - `authentik.providers.scim` - authentik Providers.SCIM
> - `authentik.recovery` - authentik Recovery
> - `authentik.sources.ldap` - authentik Sources.LDAP
> - `authentik.sources.oauth` - authentik Sources.OAuth
> - `authentik.sources.plex` - authentik Sources.Plex
> - `authentik.sources.saml` - authentik Sources.SAML
> - `authentik.stages.authenticator_duo` - authentik Stages.Authenticator.Duo
> - `authentik.stages.authenticator_sms` - authentik Stages.Authenticator.SMS
> - `authentik.stages.authenticator_static` - authentik Stages.Authenticator.Static
> - `authentik.stages.authenticator_totp` - authentik Stages.Authenticator.TOTP
> - `authentik.stages.authenticator_validate` - authentik Stages.Authenticator.Validate
> - `authentik.stages.authenticator_webauthn` - authentik Stages.Authenticator.WebAuthn
> - `authentik.stages.captcha` - authentik Stages.Captcha
> - `authentik.stages.consent` - authentik Stages.Consent
> - `authentik.stages.deny` - authentik Stages.Deny
> - `authentik.stages.dummy` - authentik Stages.Dummy
> - `authentik.stages.email` - authentik Stages.Email
> - `authentik.stages.identification` - authentik Stages.Identification
> - `authentik.stages.invitation` - authentik Stages.User Invitation
> - `authentik.stages.password` - authentik Stages.Password
> - `authentik.stages.prompt` - authentik Stages.Prompt
> - `authentik.stages.user_delete` - authentik Stages.User Delete
> - `authentik.stages.user_login` - authentik Stages.User Login
> - `authentik.stages.user_logout` - authentik Stages.User Logout
> - `authentik.stages.user_write` - authentik Stages.User Write
> - `authentik.tenants` - authentik Tenants
> - `authentik.blueprints` - authentik Blueprints
> - `authentik.core` - authentik Core
> - `authentik.enterprise` - authentik Enterprise
Removed enum value:
- `authentik.lib`
##### `GET` /policies/event_matcher/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `results` (array)
Changed items (object): > Event Matcher Policy Serializer
- Changed property `app` (string)
> - `authentik.admin` - authentik Admin
> - `authentik.api` - authentik API
> - `authentik.crypto` - authentik Crypto
> - `authentik.events` - authentik Events
> - `authentik.flows` - authentik Flows
> - `authentik.outposts` - authentik Outpost
> - `authentik.policies.dummy` - authentik Policies.Dummy
> - `authentik.policies.event_matcher` - authentik Policies.Event Matcher
> - `authentik.policies.expiry` - authentik Policies.Expiry
> - `authentik.policies.expression` - authentik Policies.Expression
> - `authentik.policies.password` - authentik Policies.Password
> - `authentik.policies.reputation` - authentik Policies.Reputation
> - `authentik.policies` - authentik Policies
> - `authentik.providers.ldap` - authentik Providers.LDAP
> - `authentik.providers.oauth2` - authentik Providers.OAuth2
> - `authentik.providers.proxy` - authentik Providers.Proxy
> - `authentik.providers.radius` - authentik Providers.Radius
> - `authentik.providers.saml` - authentik Providers.SAML
> - `authentik.providers.scim` - authentik Providers.SCIM
> - `authentik.recovery` - authentik Recovery
> - `authentik.sources.ldap` - authentik Sources.LDAP
> - `authentik.sources.oauth` - authentik Sources.OAuth
> - `authentik.sources.plex` - authentik Sources.Plex
> - `authentik.sources.saml` - authentik Sources.SAML
> - `authentik.stages.authenticator_duo` - authentik Stages.Authenticator.Duo
> - `authentik.stages.authenticator_sms` - authentik Stages.Authenticator.SMS
> - `authentik.stages.authenticator_static` - authentik Stages.Authenticator.Static
> - `authentik.stages.authenticator_totp` - authentik Stages.Authenticator.TOTP
> - `authentik.stages.authenticator_validate` - authentik Stages.Authenticator.Validate
> - `authentik.stages.authenticator_webauthn` - authentik Stages.Authenticator.WebAuthn
> - `authentik.stages.captcha` - authentik Stages.Captcha
> - `authentik.stages.consent` - authentik Stages.Consent
> - `authentik.stages.deny` - authentik Stages.Deny
> - `authentik.stages.dummy` - authentik Stages.Dummy
> - `authentik.stages.email` - authentik Stages.Email
> - `authentik.stages.identification` - authentik Stages.Identification
> - `authentik.stages.invitation` - authentik Stages.User Invitation
> - `authentik.stages.password` - authentik Stages.Password
> - `authentik.stages.prompt` - authentik Stages.Prompt
> - `authentik.stages.user_delete` - authentik Stages.User Delete
> - `authentik.stages.user_login` - authentik Stages.User Login
> - `authentik.stages.user_logout` - authentik Stages.User Logout
> - `authentik.stages.user_write` - authentik Stages.User Write
> - `authentik.tenants` - authentik Tenants
> - `authentik.blueprints` - authentik Blueprints
> - `authentik.core` - authentik Core
> - `authentik.enterprise` - authentik Enterprise
Removed enum value:
- `authentik.lib`
##### `POST` /core/tokens/
###### Return Type:
Changed response : **201 Created**
- Changed content type : `application/json`
- Changed property `user_obj` (object)
> User Serializer
- Added property `type` (string)
> - `internal` - Internal
> - `external` - External
> - `service_account` - Service Account
> - `internal_service_account` - Internal Service Account
##### `GET` /core/tokens/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `results` (array)
Changed items (object): > Token Serializer
- Changed property `user_obj` (object)
> User Serializer
- Added property `type` (string)
> - `internal` - Internal
> - `external` - External
> - `service_account` - Service Account
> - `internal_service_account` - Internal Service Account
##### `GET` /core/user_consent/&#123;id&#125;/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `user` (object)
> User Serializer
- Added property `type` (string)
> - `internal` - Internal
> - `external` - External
> - `service_account` - Service Account
> - `internal_service_account` - Internal Service Account
##### `POST` /core/users/
###### Request:
Changed content type : `application/json`
- Added property `type` (string)
> - `internal` - Internal
> - `external` - External
> - `service_account` - Service Account
> - `internal_service_account` - Internal Service Account
###### Return Type:
Changed response : **201 Created**
- Changed content type : `application/json`
- Added property `type` (string)
> - `internal` - Internal
> - `external` - External
> - `service_account` - Service Account
> - `internal_service_account` - Internal Service Account
##### `GET` /core/users/
###### Parameters:
Added: `type` in `query`
> - `internal` - Internal
> - `external` - External
> - `service_account` - Service Account
> - `internal_service_account` - Internal Service Account
Changed: `uuid` in `query`
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `results` (array)
Changed items (object): > User Serializer
- Added property `type` (string)
> - `internal` - Internal
> - `external` - External
> - `service_account` - Service Account
> - `internal_service_account` - Internal Service Account
##### `GET` /core/users/me/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `user` (object)
> User Serializer for information a user can retrieve about themselves
- Added property `type` (string)
> - `internal` - Internal
> - `external` - External
> - `service_account` - Service Account
> - `internal_service_account` - Internal Service Account
##### `GET` /oauth2/access_tokens/&#123;id&#125;/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `user` (object)
> User Serializer
- Added property `type` (string)
> - `internal` - Internal
> - `external` - External
> - `service_account` - Service Account
> - `internal_service_account` - Internal Service Account
##### `GET` /oauth2/authorization_codes/&#123;id&#125;/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `user` (object)
> User Serializer
- Added property `type` (string)
> - `internal` - Internal
> - `external` - External
> - `service_account` - Service Account
> - `internal_service_account` - Internal Service Account
##### `GET` /oauth2/refresh_tokens/&#123;id&#125;/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `user` (object)
> User Serializer
- Added property `type` (string)
> - `internal` - Internal
> - `external` - External
> - `service_account` - Service Account
> - `internal_service_account` - Internal Service Account
##### `POST` /policies/bindings/
###### Return Type:
Changed response : **201 Created**
- Changed content type : `application/json`
- Changed property `user_obj` (object)
> User Serializer
- Added property `type` (string)
> - `internal` - Internal
> - `external` - External
> - `service_account` - Service Account
> - `internal_service_account` - Internal Service Account
##### `GET` /policies/bindings/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `results` (array)
Changed items (object): > PolicyBinding Serializer
- Changed property `user_obj` (object)
> User Serializer
- Added property `type` (string)
> - `internal` - Internal
> - `external` - External
> - `service_account` - Service Account
> - `internal_service_account` - Internal Service Account
##### `GET` /stages/authenticator/static/&#123;stage_uuid&#125;/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Added property `token_length` (integer)
- Changed property `token_count` (integer)
##### `PUT` /stages/authenticator/static/&#123;stage_uuid&#125;/
###### Request:
Changed content type : `application/json`
- Added property `token_length` (integer)
- Changed property `token_count` (integer)
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Added property `token_length` (integer)
- Changed property `token_count` (integer)
##### `PATCH` /stages/authenticator/static/&#123;stage_uuid&#125;/
###### Request:
Changed content type : `application/json`
- Added property `token_length` (integer)
- Changed property `token_count` (integer)
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Added property `token_length` (integer)
- Changed property `token_count` (integer)
##### `GET` /core/user_consent/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `results` (array)
Changed items (object): > UserConsent Serializer
- Changed property `user` (object)
> User Serializer
- Added property `type` (string)
> - `internal` - Internal
> - `external` - External
> - `service_account` - Service Account
> - `internal_service_account` - Internal Service Account
##### `GET` /oauth2/access_tokens/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `results` (array)
Changed items (object): > Serializer for BaseGrantModel and RefreshToken
- Changed property `user` (object)
> User Serializer
- Added property `type` (string)
> - `internal` - Internal
> - `external` - External
> - `service_account` - Service Account
> - `internal_service_account` - Internal Service Account
##### `GET` /oauth2/authorization_codes/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `results` (array)
Changed items (object): > Serializer for BaseGrantModel and ExpiringBaseGrant
- Changed property `user` (object)
> User Serializer
- Added property `type` (string)
> - `internal` - Internal
> - `external` - External
> - `service_account` - Service Account
> - `internal_service_account` - Internal Service Account
##### `GET` /oauth2/refresh_tokens/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `results` (array)
Changed items (object): > Serializer for BaseGrantModel and RefreshToken
- Changed property `user` (object)
> User Serializer
- Added property `type` (string)
> - `internal` - Internal
> - `external` - External
> - `service_account` - Service Account
> - `internal_service_account` - Internal Service Account
##### `POST` /stages/authenticator/static/
###### Request:
Changed content type : `application/json`
- Added property `token_length` (integer)
- Changed property `token_count` (integer)
###### Return Type:
Changed response : **201 Created**
- Changed content type : `application/json`
- Added property `token_length` (integer)
- Changed property `token_count` (integer)
##### `GET` /stages/authenticator/static/
###### Parameters:
Added: `token_length` in `query`
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `results` (array)
Changed items (object): > AuthenticatorStaticStage Serializer
- Added property `token_length` (integer)
- Changed property `token_count` (integer)