This repository has been archived on 2024-05-31. You can view files and clone it, but cannot push or open issues or pull requests.
authentik/website/docs/releases/v2022.10.md
Jens Langhammer 77f6926a41 website/docs: prepare 2022.10 release notes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-14 17:23:23 +02:00

21 KiB

title slug
Release 2022.10 2022.10

Breaking changes

  • Several challenge components have been renamed to better match the rest of the challenges
  • The SAML Source has been updated to use connection objects instead of directly creating users.

New features

  • Support for OAuth2 Device flow

    See more in the OAuth2 provider docs here. This flow allows users to authenticate on devices that have limited input possibilities and or no browser access.

  • Customizable payload for SMS Authenticator stage when using Generic provider.

  • Revamped SAML Source

    The SAML source uses connection objects and the same Flow manager as the OAuth and Plex source. Additionally error-handling has been improved.

    This also allows for mapping fields from SAML Source to users.

API Changes

What's New


GET /sources/user_connections/saml/
POST /sources/user_connections/saml/
GET /sources/user_connections/saml/{id}/
PUT /sources/user_connections/saml/{id}/
DELETE /sources/user_connections/saml/{id}/
PATCH /sources/user_connections/saml/{id}/
GET /sources/user_connections/saml/{id}/used_by/

What's Changed


GET /core/tenants/{tenant_uuid}/
Return Type:

Changed response : 200 OK

  • Changed content type : application/json

    • Added property flow_device_code (string)
PUT /core/tenants/{tenant_uuid}/
Request:

Changed content type : application/json

  • Added property flow_device_code (string)
Return Type:

Changed response : 200 OK

  • Changed content type : application/json

    • Added property flow_device_code (string)
PATCH /core/tenants/{tenant_uuid}/
Request:

Changed content type : application/json

  • Added property flow_device_code (string)
Return Type:

Changed response : 200 OK

  • Changed content type : application/json

    • Added property flow_device_code (string)
GET /propertymappings/notification/{pm_uuid}/
Parameters:

Changed: pm_uuid in path

A UUID string identifying this Webhook Mapping.

PUT /propertymappings/notification/{pm_uuid}/
Parameters:

Changed: pm_uuid in path

A UUID string identifying this Webhook Mapping.

DELETE /propertymappings/notification/{pm_uuid}/
Parameters:

Changed: pm_uuid in path

A UUID string identifying this Webhook Mapping.

PATCH /propertymappings/notification/{pm_uuid}/
Parameters:

Changed: pm_uuid in path

A UUID string identifying this Webhook Mapping.

POST /core/tenants/
Request:

Changed content type : application/json

  • Added property flow_device_code (string)
Return Type:

Changed response : 201 Created

  • Changed content type : application/json

    • Added property flow_device_code (string)
GET /core/tenants/
Parameters:

Added: flow_device_code in query

Return Type:

Changed response : 200 OK

  • Changed content type : application/json

    • Changed property results (array)

      Changed items (object): > Tenant Serializer

      • Added property flow_device_code (string)
GET /core/tenants/current/
Return Type:

Changed response : 200 OK

  • Changed content type : application/json

    • Added property flow_device_code (string)
GET /crypto/certificatekeypairs/
Parameters:

Added: include_details in query

GET /propertymappings/notification/{pm_uuid}/used_by/
Parameters:

Changed: pm_uuid in path

A UUID string identifying this Webhook Mapping.

GET /root/config/
Return Type:

Changed response : 200 OK

  • Changed content type : application/json

    • Changed property capabilities (array)

      Changed items (string):

      Added enum value:

      • can_debug
GET /sources/oauth/{slug}/
Return Type:

Changed response : 200 OK

  • Changed content type : application/json

    • Changed property provider_type (string)

      Added enum value:

      • twitch
PUT /sources/oauth/{slug}/
Request:

Changed content type : application/json

  • Changed property provider_type (string)

    Added enum value:

    • twitch
Return Type:

Changed response : 200 OK

  • Changed content type : application/json

    • Changed property provider_type (string)

      Added enum value:

      • twitch
PATCH /sources/oauth/{slug}/
Request:

Changed content type : application/json

  • Changed property provider_type (string)

    Added enum value:

    • twitch
Return Type:

Changed response : 200 OK

  • Changed content type : application/json

    • Changed property provider_type (string)

      Added enum value:

      • twitch
POST /sources/oauth/
Request:

Changed content type : application/json

  • Changed property provider_type (string)

    Added enum value:

    • twitch
Return Type:

Changed response : 201 Created

  • Changed content type : application/json

    • Changed property provider_type (string)

      Added enum value:

      • twitch
GET /sources/oauth/
Return Type:

Changed response : 200 OK

  • Changed content type : application/json

    • Changed property results (array)

      Changed items (object): > OAuth Source Serializer

      • Changed property provider_type (string)

        Added enum value:

        • twitch
GET /stages/authenticator/sms/{stage_uuid}/
Return Type:

Changed response : 200 OK

  • Changed content type : application/json

    • Added property mapping (string)

      Optionally modify the payload being sent to custom providers.

PUT /stages/authenticator/sms/{stage_uuid}/
Request:

Changed content type : application/json

  • Added property mapping (string)

    Optionally modify the payload being sent to custom providers.

Return Type:

Changed response : 200 OK

  • Changed content type : application/json

    • Added property mapping (string)

      Optionally modify the payload being sent to custom providers.

PATCH /stages/authenticator/sms/{stage_uuid}/
Request:

Changed content type : application/json

  • Added property mapping (string)

    Optionally modify the payload being sent to custom providers.

Return Type:

Changed response : 200 OK

  • Changed content type : application/json

    • Added property mapping (string)

      Optionally modify the payload being sent to custom providers.

GET /flows/executor/{flow_slug}/
Return Type:

Changed response : 200 OK

  • Changed content type : application/json

    Deleted 'ak-flow-sources-plex' component Deleted 'ak-flow-sources-oauth-apple' component Added 'ak-provider-oauth2-device-code' component:

    • Property type (string)

      Enum values:

      • native
      • shell
      • redirect
    • Property flow_info (object)

      Contextual flow information for a challenge

      • Property title (string)

      • Property background (string)

      • Property cancel_url (string)

      • Property layout (string)

        Enum values:

        • stacked
        • content_left
        • content_right
        • sidebar_left
        • sidebar_right
    • Property component (string)

    • Property response_errors (object)

    Added 'ak-source-oauth-apple' component:

    • Property type (string)

      Enum values:

      • native
      • shell
      • redirect
    • Property flow_info (object)

      Contextual flow information for a challenge

      • Property title (string)

      • Property background (string)

      • Property cancel_url (string)

      • Property layout (string)

        Enum values:

        • stacked
        • content_left
        • content_right
        • sidebar_left
        • sidebar_right
    • Property component (string)

    • Property response_errors (object)

    • Property client_id (string)

    • Property scope (string)

    • Property redirect_uri (string)

    • Property state (string)

    Added 'ak-source-plex' component:

    • Property type (string)

      Enum values:

      • native
      • shell
      • redirect
    • Property flow_info (object)

      Contextual flow information for a challenge

      • Property title (string)

      • Property background (string)

      • Property cancel_url (string)

      • Property layout (string)

        Enum values:

        • stacked
        • content_left
        • content_right
        • sidebar_left
        • sidebar_right
    • Property component (string)

    • Property response_errors (object)

    • Property client_id (string)

    • Property slug (string)

    Added 'ak-provider-oauth2-device-code-finish' component:

    • Property type (string)

      Enum values:

      • native
      • shell
      • redirect
    • Property flow_info (object)

      Contextual flow information for a challenge

      • Property title (string)

      • Property background (string)

      • Property cancel_url (string)

      • Property layout (string)

        Enum values:

        • stacked
        • content_left
        • content_right
        • sidebar_left
        • sidebar_right
    • Property component (string)

    • Property response_errors (object)

    Updated ak-stage-identification component:

    • Changed property sources (array)

      Changed items (object): > Serializer for Login buttons of sources

      • Changed property challenge (object)

        Deleted 'ak-flow-sources-plex' component Deleted 'ak-flow-sources-oauth-apple' component Added 'ak-source-oauth-apple' component:

        • Property type (string)

          Enum values:

          • native
          • shell
          • redirect
        • Property flow_info (object)

          Contextual flow information for a challenge

          • Property title (string)

          • Property background (string)

          • Property cancel_url (string)

          • Property layout (string)

            Enum values:

            • stacked
            • content_left
            • content_right
            • sidebar_left
            • sidebar_right
        • Property component (string)

        • Property response_errors (object)

        • Property client_id (string)

        • Property scope (string)

        • Property redirect_uri (string)

        • Property state (string)

        Added 'ak-source-plex' component:

        • Property type (string)

          Enum values:

          • native
          • shell
          • redirect
        • Property flow_info (object)

          Contextual flow information for a challenge

          • Property title (string)

          • Property background (string)

          • Property cancel_url (string)

          • Property layout (string)

            Enum values:

            • stacked
            • content_left
            • content_right
            • sidebar_left
            • sidebar_right
        • Property component (string)

        • Property response_errors (object)

        • Property client_id (string)

        • Property slug (string)

POST /flows/executor/{flow_slug}/
Request:

Changed content type : application/json

Deleted 'ak-flow-sources-plex' component Deleted 'ak-flow-sources-oauth-apple' component Added 'ak-provider-oauth2-device-code' component:

  • Property component (string)

  • Property code (integer)

Added 'ak-source-oauth-apple' component:

  • Property component (string)

Added 'ak-source-plex' component:

  • Property component (string)

Added 'ak-provider-oauth2-device-code-finish' component:

  • Property component (string)
Return Type:

Changed response : 200 OK

  • Changed content type : application/json

    Deleted 'ak-flow-sources-plex' component Deleted 'ak-flow-sources-oauth-apple' component Added 'ak-provider-oauth2-device-code' component:

    • Property type (string)

      Enum values:

      • native
      • shell
      • redirect
    • Property flow_info (object)

      Contextual flow information for a challenge

      • Property title (string)

      • Property background (string)

      • Property cancel_url (string)

      • Property layout (string)

        Enum values:

        • stacked
        • content_left
        • content_right
        • sidebar_left
        • sidebar_right
    • Property component (string)

    • Property response_errors (object)

    Added 'ak-source-oauth-apple' component:

    • Property type (string)

      Enum values:

      • native
      • shell
      • redirect
    • Property flow_info (object)

      Contextual flow information for a challenge

      • Property title (string)

      • Property background (string)

      • Property cancel_url (string)

      • Property layout (string)

        Enum values:

        • stacked
        • content_left
        • content_right
        • sidebar_left
        • sidebar_right
    • Property component (string)

    • Property response_errors (object)

    • Property client_id (string)

    • Property scope (string)

    • Property redirect_uri (string)

    • Property state (string)

    Added 'ak-source-plex' component:

    • Property type (string)

      Enum values:

      • native
      • shell
      • redirect
    • Property flow_info (object)

      Contextual flow information for a challenge

      • Property title (string)

      • Property background (string)

      • Property cancel_url (string)

      • Property layout (string)

        Enum values:

        • stacked
        • content_left
        • content_right
        • sidebar_left
        • sidebar_right
    • Property component (string)

    • Property response_errors (object)

    • Property client_id (string)

    • Property slug (string)

    Added 'ak-provider-oauth2-device-code-finish' component:

    • Property type (string)

      Enum values:

      • native
      • shell
      • redirect
    • Property flow_info (object)

      Contextual flow information for a challenge

      • Property title (string)

      • Property background (string)

      • Property cancel_url (string)

      • Property layout (string)

        Enum values:

        • stacked
        • content_left
        • content_right
        • sidebar_left
        • sidebar_right
    • Property component (string)

    • Property response_errors (object)

    Updated ak-stage-identification component:

    • Changed property sources (array)

      Changed items (object): > Serializer for Login buttons of sources

      • Changed property challenge (object)

        Deleted 'ak-flow-sources-plex' component Deleted 'ak-flow-sources-oauth-apple' component Added 'ak-source-oauth-apple' component:

        • Property type (string)

          Enum values:

          • native
          • shell
          • redirect
        • Property flow_info (object)

          Contextual flow information for a challenge

          • Property title (string)

          • Property background (string)

          • Property cancel_url (string)

          • Property layout (string)

            Enum values:

            • stacked
            • content_left
            • content_right
            • sidebar_left
            • sidebar_right
        • Property component (string)

        • Property response_errors (object)

        • Property client_id (string)

        • Property scope (string)

        • Property redirect_uri (string)

        • Property state (string)

        Added 'ak-source-plex' component:

        • Property type (string)

          Enum values:

          • native
          • shell
          • redirect
        • Property flow_info (object)

          Contextual flow information for a challenge

          • Property title (string)

          • Property background (string)

          • Property cancel_url (string)

          • Property layout (string)

            Enum values:

            • stacked
            • content_left
            • content_right
            • sidebar_left
            • sidebar_right
        • Property component (string)

        • Property response_errors (object)

        • Property client_id (string)

        • Property slug (string)

POST /stages/authenticator/sms/
Request:

Changed content type : application/json

  • Added property mapping (string)

    Optionally modify the payload being sent to custom providers.

Return Type:

Changed response : 201 Created

  • Changed content type : application/json

    • Added property mapping (string)

      Optionally modify the payload being sent to custom providers.

GET /stages/authenticator/sms/
Parameters:

Added: mapping in query

Return Type:

Changed response : 200 OK

  • Changed content type : application/json

    • Changed property results (array)

      Changed items (object): > AuthenticatorSMSStage Serializer

      • Added property mapping (string)

        Optionally modify the payload being sent to custom providers.

Minor changes/fixes

  • *: improve error handling in ldap outpost, ignore additional errors
  • blueprints: fix error when exporting objects with lazily translated strings
  • core: fix messages not being shown when no client is connected
  • crypto: fix import_certificate checking private key as certificate
  • crypto: make certificate parsing optional for crypto api (#3711)
  • flows: always show flow inspector in debug mode, don't require admin in debug (#3786)
  • providers/oauth2: add all hardcoded claims to claims_supported list
  • providers/oauth2: add device flow (#3334)
  • providers/oauth2: exclude at_hash claim if not set instead of being null
  • root: Add setting to adjust database config for pgbouncer (#3769)
  • root: decrease default token size to 60 chars for compatibility (#3710)
  • root: save email template directory in config
  • sources/oauth: add Twitch OAuth source (#3746)
  • sources/saml: improve error handling for missing assertion and missing subject
  • sources/saml: revamp SAML Source (#3785)
  • stages/authenticator_sms: make sms stage payload customisable (#3780)
  • stages/email: don't check that email templates exist on startup
  • web/*: fix blank api drawer
  • web/admin: allow web-based sources to have empty enrollment/authentication flow
  • web/admin: set card headers and icons in card class
  • web/flows: improve display for action-showing stages
  • web/flows: update flow background
  • website/docs: add warning to trace log level

Upgrading

This release does not introduce any new requirements.

docker-compose

Download the docker-compose file for 2022.10 from here. Afterwards, simply run docker-compose up -d.

Kubernetes

Update your values to use the new images:

image:
    repository: ghcr.io/goauthentik/server
    tag: 2022.10.1