trustchain-oc1-orchestral
/
authentik
Archived
10
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
This repository has been archived on 2024-05-31. You can view files and clone it, but cannot push or open issues or pull requests.
authentik/website/docs/releases/v2022.10.md

14 KiB
Raw Blame History

title slug
Release 2022.10 2022.10

Breaking changes

  • Several challenge components have been renamed to better match the rest of the challenges
  • The SAML Source has been updated to use connection objects instead of directly creating users.

New features

  • Support for OAuth2 Device flow

    See more in the OAuth2 provider docs here. This flow allows users to authenticate on devices that have limited input possibilities and or no browser access.

  • Customizable payload for SMS Authenticator stage when using Generic provider.

  • Revamped SAML Source

    The SAML source uses connection objects and the same Flow manager as the OAuth and Plex source. Additionally error-handling has been improved.

    This also allows for mapping fields from SAML Source to users.

API Changes

What's New

POST /flows/instances/import/
GET /sources/user_connections/saml/
POST /sources/user_connections/saml/
GET /sources/user_connections/saml/{id}/
PUT /sources/user_connections/saml/{id}/
DELETE /sources/user_connections/saml/{id}/
PATCH /sources/user_connections/saml/{id}/
GET /sources/user_connections/saml/{id}/used_by/

What's Deleted

POST /flows/instances/import_flow/

What's Changed

GET /core/tenants/{tenant_uuid}/
Return Type:

Changed response : 200 OK

  • Changed content type : application/json

    • Added property flow_device_code (string)
PUT /core/tenants/{tenant_uuid}/
Request:

Changed content type : application/json

  • Added property flow_device_code (string)
Return Type:

Changed response : 200 OK

  • Changed content type : application/json

    • Added property flow_device_code (string)
PATCH /core/tenants/{tenant_uuid}/
Request:

Changed content type : application/json

  • Added property flow_device_code (string)
Return Type:

Changed response : 200 OK

  • Changed content type : application/json

    • Added property flow_device_code (string)
GET /propertymappings/notification/{pm_uuid}/
Parameters:

Changed: pm_uuid in path

A UUID string identifying this Webhook Mapping.

PUT /propertymappings/notification/{pm_uuid}/
Parameters:

Changed: pm_uuid in path

A UUID string identifying this Webhook Mapping.

DELETE /propertymappings/notification/{pm_uuid}/
Parameters:

Changed: pm_uuid in path

A UUID string identifying this Webhook Mapping.

PATCH /propertymappings/notification/{pm_uuid}/
Parameters:

Changed: pm_uuid in path

A UUID string identifying this Webhook Mapping.

GET /admin/metrics/
Return Type:

Changed response : 200 OK

  • Changed content type : application/json

    New required properties:

    • authorizations_per_1h

    • Added property authorizations_per_1h (array)

      Items (object): > Coordinates for diagrams

      • Property x_cord (integer)

      • Property y_cord (integer)

POST /core/tenants/
Request:

Changed content type : application/json

  • Added property flow_device_code (string)
Return Type:

Changed response : 201 Created

  • Changed content type : application/json

    • Added property flow_device_code (string)
GET /core/tenants/
Parameters:

Added: flow_device_code in query

Return Type:

Changed response : 200 OK

  • Changed content type : application/json

    • Changed property results (array)

      Changed items (object): > Tenant Serializer

      • Added property flow_device_code (string)
GET /core/tenants/current/
Return Type:

Changed response : 200 OK

  • Changed content type : application/json

    • Added property flow_device_code (string)
GET /crypto/certificatekeypairs/
Parameters:

Added: include_details in query

GET /propertymappings/notification/{pm_uuid}/used_by/
Parameters:

Changed: pm_uuid in path

A UUID string identifying this Webhook Mapping.

GET /root/config/
Return Type:

Changed response : 200 OK

  • Changed content type : application/json

    • Changed property capabilities (array)

      Changed items (string):

      Added enum value:

      • can_debug
GET /sources/oauth/{slug}/
Return Type:

Changed response : 200 OK

  • Changed content type : application/json

    • Changed property provider_type (string)

      Added enum value:

      • twitch
PUT /sources/oauth/{slug}/
Request:

Changed content type : application/json

  • Changed property provider_type (string)

    Added enum value:

    • twitch
Return Type:

Changed response : 200 OK

  • Changed content type : application/json

    • Changed property provider_type (string)

      Added enum value:

      • twitch
PATCH /sources/oauth/{slug}/
Request:

Changed content type : application/json

  • Changed property provider_type (string)

    Added enum value:

    • twitch
Return Type:

Changed response : 200 OK

  • Changed content type : application/json

    • Changed property provider_type (string)

      Added enum value:

      • twitch
POST /sources/oauth/
Request:

Changed content type : application/json

  • Changed property provider_type (string)

    Added enum value:

    • twitch
Return Type:

Changed response : 201 Created

  • Changed content type : application/json

    • Changed property provider_type (string)

      Added enum value:

      • twitch
GET /sources/oauth/
Return Type:

Changed response : 200 OK

  • Changed content type : application/json

    • Changed property results (array)

      Changed items (object): > OAuth Source Serializer

      • Changed property provider_type (string)

        Added enum value:

        • twitch
GET /stages/authenticator/sms/{stage_uuid}/
Return Type:

Changed response : 200 OK

  • Changed content type : application/json

    • Added property mapping (string)

      Optionally modify the payload being sent to custom providers.

PUT /stages/authenticator/sms/{stage_uuid}/
Request:

Changed content type : application/json

  • Added property mapping (string)

    Optionally modify the payload being sent to custom providers.

Return Type:

Changed response : 200 OK

  • Changed content type : application/json

    • Added property mapping (string)

      Optionally modify the payload being sent to custom providers.

PATCH /stages/authenticator/sms/{stage_uuid}/
Request:

Changed content type : application/json

  • Added property mapping (string)

    Optionally modify the payload being sent to custom providers.

Return Type:

Changed response : 200 OK

  • Changed content type : application/json

    • Added property mapping (string)

      Optionally modify the payload being sent to custom providers.

GET /flows/executor/{flow_slug}/
Return Type:

Changed response : 200 OK

  • Changed content type : application/json

    Deleted 'ak-flow-sources-plex' component Deleted 'ak-flow-sources-oauth-apple' component Added 'ak-provider-oauth2-device-code' component:

    • Property type (string)

      Enum values:

      • native
      • shell
      • redirect

    • Property flow_info (object)

      Contextual flow information for a challenge

      • Property title (string)

      • Property background (string)

      • Property cancel_url (string)

      • Property layout (string)

        Enum values:

        • stacked
        • content_left
        • content_right
        • sidebar_left
        • sidebar_right

    • Property component (string)

    • Property response_errors (object)

    Added 'ak-source-oauth-apple' component:

    • Property type (string)

    • Property flow_info (object)

      Contextual flow information for a challenge

    • Property component (string)

    • Property response_errors (object)

    • Property client_id (string)

    • Property scope (string)

    • Property redirect_uri (string)

    • Property state (string)

    Added 'ak-source-plex' component:

    • Property type (string)

    • Property flow_info (object)

      Contextual flow information for a challenge

    • Property component (string)

    • Property response_errors (object)

    • Property client_id (string)

    • Property slug (string)

    Added 'ak-provider-oauth2-device-code-finish' component:

    • Property type (string)

    • Property flow_info (object)

      Contextual flow information for a challenge

    • Property component (string)

    • Property response_errors (object)

    Updated ak-stage-identification component:

    • Changed property sources (array)

      Changed items (object): > Serializer for Login buttons of sources

      • Changed property challenge (object)

        Deleted 'ak-flow-sources-plex' component Deleted 'ak-flow-sources-oauth-apple' component Added 'ak-source-oauth-apple' component: Added 'ak-source-plex' component:

POST /flows/executor/{flow_slug}/
Request:

Changed content type : application/json

Deleted 'ak-flow-sources-plex' component Deleted 'ak-flow-sources-oauth-apple' component Added 'ak-provider-oauth2-device-code' component:

  • Property component (string)

  • Property code (integer)

Added 'ak-source-oauth-apple' component:

  • Property component (string)

Added 'ak-source-plex' component:

  • Property component (string)

Added 'ak-provider-oauth2-device-code-finish' component:

  • Property component (string)
Return Type:

Changed response : 200 OK

  • Changed content type : application/json

    Deleted 'ak-flow-sources-plex' component Deleted 'ak-flow-sources-oauth-apple' component Added 'ak-provider-oauth2-device-code' component: Added 'ak-source-oauth-apple' component: Added 'ak-source-plex' component: Added 'ak-provider-oauth2-device-code-finish' component: Updated ak-stage-identification component:

    • Changed property sources (array)

      Changed items (object): > Serializer for Login buttons of sources

      • Changed property challenge (object)

        Deleted 'ak-flow-sources-plex' component Deleted 'ak-flow-sources-oauth-apple' component Added 'ak-source-oauth-apple' component: Added 'ak-source-plex' component:

POST /stages/authenticator/sms/
Request:

Changed content type : application/json

  • Added property mapping (string)

    Optionally modify the payload being sent to custom providers.

Return Type:

Changed response : 201 Created

  • Changed content type : application/json

    • Added property mapping (string)

      Optionally modify the payload being sent to custom providers.

GET /stages/authenticator/sms/
Parameters:

Added: mapping in query

Return Type:

Changed response : 200 OK

  • Changed content type : application/json

    • Changed property results (array)

      Changed items (object): > AuthenticatorSMSStage Serializer

      • Added property mapping (string)

        Optionally modify the payload being sent to custom providers.

Minor changes/fixes

  • *: improve error handling in ldap outpost, ignore additional errors
  • admin: add authorisations metric (#3811)
  • blueprints: fix error when exporting objects with lazily translated strings
  • core: fallback to empty user object for PropertyMappingEvaluator
  • core: fix messages not being shown when no client is connected
  • core: fix title in generic error template
  • crypto: fix cert_expiry not having the correct format
  • crypto: fix import_certificate checking private key as certificate
  • crypto: make certificate parsing optional for crypto api (#3711)
  • flows: always show flow inspector in debug mode, don't require admin in debug (#3786)
  • flows: improved import (show logs, improve UI) (#3807)
  • flows: optimise queries for flow and stage API endpoints
  • internal: limit body size
  • outposts/ldap: increase compatibility with different types in user and group attributes
  • providers/oauth2: add all hardcoded claims to claims_supported list
  • providers/oauth2: add device flow (#3334)
  • providers/oauth2: exclude at_hash claim if not set instead of being null
  • providers/oauth2: fix issues with es256 and add tests (#3808)
  • providers/saml: don't attempt verification of SAML request when no verification certificate is configured
  • root: add global fallback throttle
  • root: Add setting to adjust database config for pgbouncer (#3769)
  • root: decrease default token size to 60 chars for compatibility (#3710)
  • root: save email template directory in config
  • sources/oauth: add Twitch OAuth source (#3746)
  • sources/oauth: allow overriding of all scopes
  • sources/saml: improve error handling for missing assertion and missing subject
  • sources/saml: revamp SAML Source (#3785)
  • stages/authenticator_sms: make sms stage payload customisable (#3780)
  • stages/email: don't check that email templates exist on startup
  • web: use drawSelection to workaround cursor bug when using CodeMirror with ShadowDOM in firefox
  • web/*: fix blank api drawer
  • web/admin: allow web-based sources to have empty enrollment/authentication flow
  • web/admin: rework scrolling in modals, ensure overlay covers everything
  • web/admin: set card headers and icons in card class
  • web/flows: improve display for action-showing stages
  • web/flows: update flow background
  • website/docs: add warning to trace log level

Upgrading

This release does not introduce any new requirements.

docker-compose

Download the docker-compose file for 2022.10 from here. Afterwards, simply run docker-compose up -d.

Kubernetes

Update your values to use the new images:

image:
    repository: ghcr.io/goauthentik/server
    tag: 2022.10.1