9.5 KiB
| title | slug |
|---|---|
| Release 2023.2 | /releases/2023.2 |
New features
-
Proxy provider logout improvements
In previous versions, logging out of a single proxied application would only invalidate that application's session. Starting with this release, when logging out of a proxied application (via the /outpost.goauthentik.io/sign_out URL), all the users session within the outpost are terminated. Sessions in other outposts and with other protocols are unaffected.
-
UX Improvements
As with the previous improvements, we've made a lot of minor improvements to the general authentik UX to make your life easier.
Upgrading
This release does not introduce any new requirements.
docker-compose
Download the docker-compose file for 2023.2 from here. Afterwards, simply run docker-compose up -d.
Kubernetes
Update your values to use the new images:
image:
repository: ghcr.io/goauthentik/server
tag: 2023.2.0
Minor changes/fixes
- */saml: disable pretty_print, add signature tests
- blueprints: don't update default tenant
- blueprints: handle error when blueprint entry identifier field does not exist
- core: delete session when user is set to inactive
- core: fix inconsistent branding in end_session view
- core: fix token's set_key accessing data incorrectly
- events: improve sanitising for tuples and sets
- events: prevent error when request fails without response
- internal: fix cache-control header
- providers/ldap: add unbind flow execution (#4484)
- providers/ldap: fix error not being checked correctly when fetching users
- providers/oauth2: add user id as "sub" mode
- providers/oauth2: only set auth_time in ID token when a login event is stored in the session
- providers/oauth2: optimise client credentials JWT database lookup (#4606)
- providers/proxy: outpost wide logout implementation (#4605)
- stages/authenticator_validate: fix error with passwordless webauthn login
- stages/prompt: field name (#4497)
- stages/prompt: fix mismatched name field in migration
- stages/user_write: fix migration setting wrong value, fix form
- web/admin: fix certificate filtering for SAML verification certificate
- web/admin: fix dark theme for hover on tables
- web/admin: fix token edit button
- web/admin: rework event info page to show all event infos
- web/elements: add dropdown css to DOM directly instead of including
- web/elements: fix ak-expand not using correct font
- web/elements: fix clashing page url param
- web/elements: fix click propagation from modal into table
- web/elements: improve codemirror contrast in dark theme
- web/elements: make table rows clickable to select items
- web/elements: persist table page in URL parameters
- web/flows: improve handling of flow info
- web/user: filter tokens by username
- web/user: refactor loading of data in userinterface
API Changes
What's New
POST /admin/system/
What's Changed
POST /core/tokens/{identifier}/set_key/
GET /providers/oauth2/{id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Changed property
sub_mode(string)Configure what data should be used as unique User Identifier. For most cases, the default should be fine.
Added enum value:
user_id
-
PUT /providers/oauth2/{id}/
Request:
Changed content type : application/json
-
Changed property
sub_mode(string)Configure what data should be used as unique User Identifier. For most cases, the default should be fine.
Added enum value:
user_id
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Changed property
sub_mode(string)Configure what data should be used as unique User Identifier. For most cases, the default should be fine.
Added enum value:
user_id
-
PATCH /providers/oauth2/{id}/
Request:
Changed content type : application/json
-
Changed property
sub_mode(string)Configure what data should be used as unique User Identifier. For most cases, the default should be fine.
Added enum value:
user_id
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Changed property
sub_mode(string)Configure what data should be used as unique User Identifier. For most cases, the default should be fine.
Added enum value:
user_id
-
POST /providers/oauth2/
Request:
Changed content type : application/json
-
Changed property
sub_mode(string)Configure what data should be used as unique User Identifier. For most cases, the default should be fine.
Added enum value:
user_id
Return Type:
Changed response : 201 Created
-
Changed content type :
application/json-
Changed property
sub_mode(string)Configure what data should be used as unique User Identifier. For most cases, the default should be fine.
Added enum value:
user_id
-
GET /providers/oauth2/
Parameters:
Changed: sub_mode in query
Configure what data should be used as unique User Identifier. For most cases, the default should be fine.
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Changed property
results(array)Changed items (object): > OAuth2Provider Serializer
-
Changed property
sub_mode(string)Configure what data should be used as unique User Identifier. For most cases, the default should be fine.
Added enum value:
user_id
-
-
GET /oauth2/authorization_codes/{id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Changed property
provider(object)OAuth2Provider Serializer
-
Changed property
sub_mode(string)Configure what data should be used as unique User Identifier. For most cases, the default should be fine.
Added enum value:
user_id
-
-
GET /oauth2/refresh_tokens/{id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Changed property
provider(object)OAuth2Provider Serializer
-
Changed property
sub_mode(string)Configure what data should be used as unique User Identifier. For most cases, the default should be fine.
Added enum value:
user_id
-
-
GET /oauth2/authorization_codes/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Changed property
results(array)Changed items (object): > Serializer for BaseGrantModel and ExpiringBaseGrant
-
Changed property
provider(object)OAuth2Provider Serializer
-
Changed property
sub_mode(string)Configure what data should be used as unique User Identifier. For most cases, the default should be fine.
Added enum value:
user_id
-
-
-
GET /oauth2/refresh_tokens/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Changed property
results(array)Changed items (object): > Serializer for BaseGrantModel and RefreshToken
-
Changed property
provider(object)OAuth2Provider Serializer
-
Changed property
sub_mode(string)Configure what data should be used as unique User Identifier. For most cases, the default should be fine.
Added enum value:
user_id
-
-
-
GET /stages/prompt/prompts/{prompt_uuid}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/jsonNew required properties:
name
- Added property
name(string)
PUT /stages/prompt/prompts/{prompt_uuid}/
Request:
Changed content type : application/json
New required properties:
name
- Added property
name(string)
Return Type:
Changed response : 200 OK
-
Changed content type :
application/jsonNew required properties:
name
- Added property
name(string)
PATCH /stages/prompt/prompts/{prompt_uuid}/
Request:
Changed content type : application/json
- Added property
name(string)
Return Type:
Changed response : 200 OK
-
Changed content type :
application/jsonNew required properties:
name
- Added property
name(string)
POST /stages/prompt/prompts/
Request:
Changed content type : application/json
New required properties:
name
- Added property
name(string)
Return Type:
Changed response : 201 Created
-
Changed content type :
application/jsonNew required properties:
name
- Added property
name(string)
GET /stages/prompt/prompts/
Parameters:
Added: name in query
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Changed property
results(array)Changed items (object): > Prompt Serializer
New required properties:
name
- Added property
name(string)
-