af43330fd6
* always treat flow as openid flow Signed-off-by: Jens Langhammer <jens@goauthentik.io> * improve issuer URL generation Signed-off-by: Jens Langhammer <jens@goauthentik.io> * more refactoring Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update introspection Signed-off-by: Jens Langhammer <jens@goauthentik.io> * more refinement Signed-off-by: Jens Langhammer <jens@goauthentik.io> * migrate more Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix more things, update api Signed-off-by: Jens Langhammer <jens@goauthentik.io> * regen migrations Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix a bunch of things Signed-off-by: Jens Langhammer <jens@goauthentik.io> * start updating tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix implicit flow, auto set exp Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix timeozone not used correctly Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix revoke Signed-off-by: Jens Langhammer <jens@goauthentik.io> * more timezone shenanigans Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix userinfo tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update web Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix proxy outpost Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix api tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix missing at_hash for implicit flows Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * re-include at_hash in implicit auth flow Signed-off-by: Jens Langhammer <jens@goauthentik.io> * use folder context for outpost build Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>
405 lines
9.7 KiB
Markdown
405 lines
9.7 KiB
Markdown
---
|
|
title: Release 2023.2
|
|
slug: "/releases/2023.2"
|
|
---
|
|
|
|
## New features
|
|
|
|
- Proxy provider logout improvements
|
|
|
|
In previous versions, logging out of a single proxied application would only invalidate that application's session. Starting with this release, when logging out of a proxied application (via the _/outpost.goauthentik.io/sign_out_ URL), all the users session within the outpost are terminated. Sessions in other outposts and with other protocols are unaffected.
|
|
|
|
- UX Improvements
|
|
|
|
As with the previous improvements, we've made a lot of minor improvements to the general authentik UX to make your life easier.
|
|
|
|
- OAuth2 Provider improvements
|
|
|
|
The OAuth2 provider has been reworked to be closer to OAuth specifications and better support refresh tokens and offline access. Additionally the expiry for access tokens and refresh tokens can be adjusted separately now.
|
|
|
|
## Upgrading
|
|
|
|
This release does not introduce any new requirements.
|
|
|
|
### docker-compose
|
|
|
|
Download the docker-compose file for 2023.2 from [here](https://goauthentik.io/version/2023.2/docker-compose.yml). Afterwards, simply run `docker-compose up -d`.
|
|
|
|
### Kubernetes
|
|
|
|
Update your values to use the new images:
|
|
|
|
```yaml
|
|
image:
|
|
repository: ghcr.io/goauthentik/server
|
|
tag: 2023.2.0
|
|
```
|
|
|
|
## Minor changes/fixes
|
|
|
|
- \*/saml: disable pretty_print, add signature tests
|
|
- blueprints: don't update default tenant
|
|
- blueprints: handle error when blueprint entry identifier field does not exist
|
|
- core: delete session when user is set to inactive
|
|
- core: fix inconsistent branding in end_session view
|
|
- core: fix token's set_key accessing data incorrectly
|
|
- events: improve sanitising for tuples and sets
|
|
- events: prevent error when request fails without response
|
|
- internal: fix cache-control header
|
|
- providers/ldap: add unbind flow execution (#4484)
|
|
- providers/ldap: fix error not being checked correctly when fetching users
|
|
- providers/oauth2: add user id as "sub" mode
|
|
- providers/oauth2: only set auth_time in ID token when a login event is stored in the session
|
|
- providers/oauth2: optimise client credentials JWT database lookup (#4606)
|
|
- providers/proxy: outpost wide logout implementation (#4605)
|
|
- stages/authenticator_validate: fix error with passwordless webauthn login
|
|
- stages/prompt: field name (#4497)
|
|
- stages/prompt: fix mismatched name field in migration
|
|
- stages/user_write: fix migration setting wrong value, fix form
|
|
- web/admin: fix certificate filtering for SAML verification certificate
|
|
- web/admin: fix dark theme for hover on tables
|
|
- web/admin: fix token edit button
|
|
- web/admin: rework event info page to show all event infos
|
|
- web/elements: add dropdown css to DOM directly instead of including
|
|
- web/elements: fix ak-expand not using correct font
|
|
- web/elements: fix clashing page url param
|
|
- web/elements: fix click propagation from modal into table
|
|
- web/elements: improve codemirror contrast in dark theme
|
|
- web/elements: make table rows clickable to select items
|
|
- web/elements: persist table page in URL parameters
|
|
- web/flows: improve handling of flow info
|
|
- web/user: filter tokens by username
|
|
- web/user: refactor loading of data in userinterface
|
|
|
|
## API Changes
|
|
|
|
#### What's New
|
|
|
|
---
|
|
|
|
##### `POST` /admin/system/
|
|
|
|
#### What's Changed
|
|
|
|
---
|
|
|
|
##### `POST` /core/tokens/{identifier}/set_key/
|
|
|
|
##### `GET` /providers/oauth2/{id}/
|
|
|
|
###### Return Type:
|
|
|
|
Changed response : **200 OK**
|
|
|
|
- Changed content type : `application/json`
|
|
|
|
- Changed property `sub_mode` (string)
|
|
|
|
> Configure what data should be used as unique User Identifier. For most cases, the default should be fine.
|
|
|
|
Added enum value:
|
|
|
|
- `user_id`
|
|
|
|
##### `PUT` /providers/oauth2/{id}/
|
|
|
|
###### Request:
|
|
|
|
Changed content type : `application/json`
|
|
|
|
- Changed property `sub_mode` (string)
|
|
|
|
> Configure what data should be used as unique User Identifier. For most cases, the default should be fine.
|
|
|
|
Added enum value:
|
|
|
|
- `user_id`
|
|
|
|
###### Return Type:
|
|
|
|
Changed response : **200 OK**
|
|
|
|
- Changed content type : `application/json`
|
|
|
|
- Changed property `sub_mode` (string)
|
|
|
|
> Configure what data should be used as unique User Identifier. For most cases, the default should be fine.
|
|
|
|
Added enum value:
|
|
|
|
- `user_id`
|
|
|
|
##### `PATCH` /providers/oauth2/{id}/
|
|
|
|
###### Request:
|
|
|
|
Changed content type : `application/json`
|
|
|
|
- Changed property `sub_mode` (string)
|
|
|
|
> Configure what data should be used as unique User Identifier. For most cases, the default should be fine.
|
|
|
|
Added enum value:
|
|
|
|
- `user_id`
|
|
|
|
###### Return Type:
|
|
|
|
Changed response : **200 OK**
|
|
|
|
- Changed content type : `application/json`
|
|
|
|
- Changed property `sub_mode` (string)
|
|
|
|
> Configure what data should be used as unique User Identifier. For most cases, the default should be fine.
|
|
|
|
Added enum value:
|
|
|
|
- `user_id`
|
|
|
|
##### `POST` /providers/oauth2/
|
|
|
|
###### Request:
|
|
|
|
Changed content type : `application/json`
|
|
|
|
- Changed property `sub_mode` (string)
|
|
|
|
> Configure what data should be used as unique User Identifier. For most cases, the default should be fine.
|
|
|
|
Added enum value:
|
|
|
|
- `user_id`
|
|
|
|
###### Return Type:
|
|
|
|
Changed response : **201 Created**
|
|
|
|
- Changed content type : `application/json`
|
|
|
|
- Changed property `sub_mode` (string)
|
|
|
|
> Configure what data should be used as unique User Identifier. For most cases, the default should be fine.
|
|
|
|
Added enum value:
|
|
|
|
- `user_id`
|
|
|
|
##### `GET` /providers/oauth2/
|
|
|
|
###### Parameters:
|
|
|
|
Changed: `sub_mode` in `query`
|
|
|
|
> Configure what data should be used as unique User Identifier. For most cases, the default should be fine.
|
|
|
|
###### Return Type:
|
|
|
|
Changed response : **200 OK**
|
|
|
|
- Changed content type : `application/json`
|
|
|
|
- Changed property `results` (array)
|
|
|
|
Changed items (object): > OAuth2Provider Serializer
|
|
|
|
- Changed property `sub_mode` (string)
|
|
|
|
> Configure what data should be used as unique User Identifier. For most cases, the default should be fine.
|
|
|
|
Added enum value:
|
|
|
|
- `user_id`
|
|
|
|
##### `GET` /oauth2/authorization_codes/{id}/
|
|
|
|
###### Return Type:
|
|
|
|
Changed response : **200 OK**
|
|
|
|
- Changed content type : `application/json`
|
|
|
|
- Changed property `provider` (object)
|
|
|
|
> OAuth2Provider Serializer
|
|
|
|
- Changed property `sub_mode` (string)
|
|
|
|
> Configure what data should be used as unique User Identifier. For most cases, the default should be fine.
|
|
|
|
Added enum value:
|
|
|
|
- `user_id`
|
|
|
|
##### `GET` /oauth2/refresh_tokens/{id}/
|
|
|
|
###### Return Type:
|
|
|
|
Changed response : **200 OK**
|
|
|
|
- Changed content type : `application/json`
|
|
|
|
- Changed property `provider` (object)
|
|
|
|
> OAuth2Provider Serializer
|
|
|
|
- Changed property `sub_mode` (string)
|
|
|
|
> Configure what data should be used as unique User Identifier. For most cases, the default should be fine.
|
|
|
|
Added enum value:
|
|
|
|
- `user_id`
|
|
|
|
##### `GET` /oauth2/authorization_codes/
|
|
|
|
###### Return Type:
|
|
|
|
Changed response : **200 OK**
|
|
|
|
- Changed content type : `application/json`
|
|
|
|
- Changed property `results` (array)
|
|
|
|
Changed items (object): > Serializer for BaseGrantModel and ExpiringBaseGrant
|
|
|
|
- Changed property `provider` (object)
|
|
|
|
> OAuth2Provider Serializer
|
|
|
|
- Changed property `sub_mode` (string)
|
|
|
|
> Configure what data should be used as unique User Identifier. For most cases, the default should be fine.
|
|
|
|
Added enum value:
|
|
|
|
- `user_id`
|
|
|
|
##### `GET` /oauth2/refresh_tokens/
|
|
|
|
###### Return Type:
|
|
|
|
Changed response : **200 OK**
|
|
|
|
- Changed content type : `application/json`
|
|
|
|
- Changed property `results` (array)
|
|
|
|
Changed items (object): > Serializer for BaseGrantModel and RefreshToken
|
|
|
|
- Changed property `provider` (object)
|
|
|
|
> OAuth2Provider Serializer
|
|
|
|
- Changed property `sub_mode` (string)
|
|
|
|
> Configure what data should be used as unique User Identifier. For most cases, the default should be fine.
|
|
|
|
Added enum value:
|
|
|
|
- `user_id`
|
|
|
|
##### `GET` /stages/prompt/prompts/{prompt_uuid}/
|
|
|
|
###### Return Type:
|
|
|
|
Changed response : **200 OK**
|
|
|
|
- Changed content type : `application/json`
|
|
|
|
New required properties:
|
|
|
|
- `name`
|
|
|
|
* Added property `name` (string)
|
|
|
|
##### `PUT` /stages/prompt/prompts/{prompt_uuid}/
|
|
|
|
###### Request:
|
|
|
|
Changed content type : `application/json`
|
|
|
|
New required properties:
|
|
|
|
- `name`
|
|
|
|
* Added property `name` (string)
|
|
|
|
###### Return Type:
|
|
|
|
Changed response : **200 OK**
|
|
|
|
- Changed content type : `application/json`
|
|
|
|
New required properties:
|
|
|
|
- `name`
|
|
|
|
* Added property `name` (string)
|
|
|
|
##### `PATCH` /stages/prompt/prompts/{prompt_uuid}/
|
|
|
|
###### Request:
|
|
|
|
Changed content type : `application/json`
|
|
|
|
- Added property `name` (string)
|
|
|
|
###### Return Type:
|
|
|
|
Changed response : **200 OK**
|
|
|
|
- Changed content type : `application/json`
|
|
|
|
New required properties:
|
|
|
|
- `name`
|
|
|
|
* Added property `name` (string)
|
|
|
|
##### `POST` /stages/prompt/prompts/
|
|
|
|
###### Request:
|
|
|
|
Changed content type : `application/json`
|
|
|
|
New required properties:
|
|
|
|
- `name`
|
|
|
|
* Added property `name` (string)
|
|
|
|
###### Return Type:
|
|
|
|
Changed response : **201 Created**
|
|
|
|
- Changed content type : `application/json`
|
|
|
|
New required properties:
|
|
|
|
- `name`
|
|
|
|
* Added property `name` (string)
|
|
|
|
##### `GET` /stages/prompt/prompts/
|
|
|
|
###### Parameters:
|
|
|
|
Added: `name` in `query`
|
|
|
|
###### Return Type:
|
|
|
|
Changed response : **200 OK**
|
|
|
|
- Changed content type : `application/json`
|
|
|
|
- Changed property `results` (array)
|
|
|
|
Changed items (object): > Prompt Serializer
|
|
|
|
New required properties:
|
|
|
|
- `name`
|
|
|
|
* Added property `name` (string)
|