This repository has been archived on 2024-05-31. You can view files and clone it, but cannot push or open issues or pull requests.
authentik/website/docs/releases/2023/v2023.2.md
Jens L af43330fd6
providers/oauth2: rework OAuth2 Provider (#4652)
* always treat flow as openid flow

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* improve issuer URL generation

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* more refactoring

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update introspection

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* more refinement

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* migrate more

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix more things, update api

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* regen migrations

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix a bunch of things

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* start updating tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix implicit flow, auto set exp

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix timeozone not used correctly

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix revoke

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* more timezone shenanigans

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix userinfo tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update web

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix proxy outpost

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix api tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix missing at_hash for implicit flows

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* re-include at_hash in implicit auth flow

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* use folder context for outpost build

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-09 20:19:48 +01:00

405 lines
9.7 KiB
Markdown

---
title: Release 2023.2
slug: "/releases/2023.2"
---
## New features
- Proxy provider logout improvements
In previous versions, logging out of a single proxied application would only invalidate that application's session. Starting with this release, when logging out of a proxied application (via the _/outpost.goauthentik.io/sign_out_ URL), all the users session within the outpost are terminated. Sessions in other outposts and with other protocols are unaffected.
- UX Improvements
As with the previous improvements, we've made a lot of minor improvements to the general authentik UX to make your life easier.
- OAuth2 Provider improvements
The OAuth2 provider has been reworked to be closer to OAuth specifications and better support refresh tokens and offline access. Additionally the expiry for access tokens and refresh tokens can be adjusted separately now.
## Upgrading
This release does not introduce any new requirements.
### docker-compose
Download the docker-compose file for 2023.2 from [here](https://goauthentik.io/version/2023.2/docker-compose.yml). Afterwards, simply run `docker-compose up -d`.
### Kubernetes
Update your values to use the new images:
```yaml
image:
repository: ghcr.io/goauthentik/server
tag: 2023.2.0
```
## Minor changes/fixes
- \*/saml: disable pretty_print, add signature tests
- blueprints: don't update default tenant
- blueprints: handle error when blueprint entry identifier field does not exist
- core: delete session when user is set to inactive
- core: fix inconsistent branding in end_session view
- core: fix token's set_key accessing data incorrectly
- events: improve sanitising for tuples and sets
- events: prevent error when request fails without response
- internal: fix cache-control header
- providers/ldap: add unbind flow execution (#4484)
- providers/ldap: fix error not being checked correctly when fetching users
- providers/oauth2: add user id as "sub" mode
- providers/oauth2: only set auth_time in ID token when a login event is stored in the session
- providers/oauth2: optimise client credentials JWT database lookup (#4606)
- providers/proxy: outpost wide logout implementation (#4605)
- stages/authenticator_validate: fix error with passwordless webauthn login
- stages/prompt: field name (#4497)
- stages/prompt: fix mismatched name field in migration
- stages/user_write: fix migration setting wrong value, fix form
- web/admin: fix certificate filtering for SAML verification certificate
- web/admin: fix dark theme for hover on tables
- web/admin: fix token edit button
- web/admin: rework event info page to show all event infos
- web/elements: add dropdown css to DOM directly instead of including
- web/elements: fix ak-expand not using correct font
- web/elements: fix clashing page url param
- web/elements: fix click propagation from modal into table
- web/elements: improve codemirror contrast in dark theme
- web/elements: make table rows clickable to select items
- web/elements: persist table page in URL parameters
- web/flows: improve handling of flow info
- web/user: filter tokens by username
- web/user: refactor loading of data in userinterface
## API Changes
#### What's New
---
##### `POST` /admin/system/
#### What's Changed
---
##### `POST` /core/tokens/{identifier}/set_key/
##### `GET` /providers/oauth2/{id}/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `sub_mode` (string)
> Configure what data should be used as unique User Identifier. For most cases, the default should be fine.
Added enum value:
- `user_id`
##### `PUT` /providers/oauth2/{id}/
###### Request:
Changed content type : `application/json`
- Changed property `sub_mode` (string)
> Configure what data should be used as unique User Identifier. For most cases, the default should be fine.
Added enum value:
- `user_id`
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `sub_mode` (string)
> Configure what data should be used as unique User Identifier. For most cases, the default should be fine.
Added enum value:
- `user_id`
##### `PATCH` /providers/oauth2/{id}/
###### Request:
Changed content type : `application/json`
- Changed property `sub_mode` (string)
> Configure what data should be used as unique User Identifier. For most cases, the default should be fine.
Added enum value:
- `user_id`
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `sub_mode` (string)
> Configure what data should be used as unique User Identifier. For most cases, the default should be fine.
Added enum value:
- `user_id`
##### `POST` /providers/oauth2/
###### Request:
Changed content type : `application/json`
- Changed property `sub_mode` (string)
> Configure what data should be used as unique User Identifier. For most cases, the default should be fine.
Added enum value:
- `user_id`
###### Return Type:
Changed response : **201 Created**
- Changed content type : `application/json`
- Changed property `sub_mode` (string)
> Configure what data should be used as unique User Identifier. For most cases, the default should be fine.
Added enum value:
- `user_id`
##### `GET` /providers/oauth2/
###### Parameters:
Changed: `sub_mode` in `query`
> Configure what data should be used as unique User Identifier. For most cases, the default should be fine.
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `results` (array)
Changed items (object): > OAuth2Provider Serializer
- Changed property `sub_mode` (string)
> Configure what data should be used as unique User Identifier. For most cases, the default should be fine.
Added enum value:
- `user_id`
##### `GET` /oauth2/authorization_codes/{id}/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `provider` (object)
> OAuth2Provider Serializer
- Changed property `sub_mode` (string)
> Configure what data should be used as unique User Identifier. For most cases, the default should be fine.
Added enum value:
- `user_id`
##### `GET` /oauth2/refresh_tokens/{id}/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `provider` (object)
> OAuth2Provider Serializer
- Changed property `sub_mode` (string)
> Configure what data should be used as unique User Identifier. For most cases, the default should be fine.
Added enum value:
- `user_id`
##### `GET` /oauth2/authorization_codes/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `results` (array)
Changed items (object): > Serializer for BaseGrantModel and ExpiringBaseGrant
- Changed property `provider` (object)
> OAuth2Provider Serializer
- Changed property `sub_mode` (string)
> Configure what data should be used as unique User Identifier. For most cases, the default should be fine.
Added enum value:
- `user_id`
##### `GET` /oauth2/refresh_tokens/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `results` (array)
Changed items (object): > Serializer for BaseGrantModel and RefreshToken
- Changed property `provider` (object)
> OAuth2Provider Serializer
- Changed property `sub_mode` (string)
> Configure what data should be used as unique User Identifier. For most cases, the default should be fine.
Added enum value:
- `user_id`
##### `GET` /stages/prompt/prompts/{prompt_uuid}/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
New required properties:
- `name`
* Added property `name` (string)
##### `PUT` /stages/prompt/prompts/{prompt_uuid}/
###### Request:
Changed content type : `application/json`
New required properties:
- `name`
* Added property `name` (string)
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
New required properties:
- `name`
* Added property `name` (string)
##### `PATCH` /stages/prompt/prompts/{prompt_uuid}/
###### Request:
Changed content type : `application/json`
- Added property `name` (string)
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
New required properties:
- `name`
* Added property `name` (string)
##### `POST` /stages/prompt/prompts/
###### Request:
Changed content type : `application/json`
New required properties:
- `name`
* Added property `name` (string)
###### Return Type:
Changed response : **201 Created**
- Changed content type : `application/json`
New required properties:
- `name`
* Added property `name` (string)
##### `GET` /stages/prompt/prompts/
###### Parameters:
Added: `name` in `query`
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `results` (array)
Changed items (object): > Prompt Serializer
New required properties:
- `name`
* Added property `name` (string)