This repository has been archived on 2024-05-31. You can view files and clone it, but cannot push or open issues or pull requests.
authentik/website/docs/releases/v2022.7.md

3.6 KiB

title slug
Release 2022.7 2022.7

Breaking changes

  • Removal of verification certificates for Machine-to-Machine authentication in OAuth 2 Provider

    Instead, create an OAuth Source with the certificate configured as JWKS Data, and enable the source in the provider.

  • Maximum Limit of group recursion

    In earlier versions, cyclic group relations can lead to a deadlock when one of groups in the relationship are bound to an application/flow/etc. This is now limited to 20 levels of recursion.

New features

  • User paths

    To better organize users, they can now be assigned a path. This allows for organization of users based on sources they enrolled with/got imported from, organizational structure or any other structure.

    Sources now have a path template to specify which path users created by it should be assigned. Additionally, you can set the path in the user_write stage in any flow, and it can be dynamically overwritten within a flow's context.

  • API Authentication using JWT

    OAuth Refresh tokens that have been issued with the scope goauthentik.io/api can now be used to authenticate to the API on behalf of the user the token belongs to.

  • Version-family tagged Container images

    Instead of having to choose between using the :latest tag and explicit versions like :2022.7.1, there are now also version-family tags (:2022.7). This allows for sticking with a single version but still getting bugfix updates.

Minor changes/fixes

  • api: add basic jwt support with required scope (#2624)
  • ci: add version family (#3059)
  • core: add limit of 20 to group recursion
  • core: fix migrations when creating bootstrap token
  • core: trigger bootstrap tasks in server if we're debugging
  • core: user paths (#3085)
  • internal: dont sample gunicorn proxied requests
  • internal: failback with self-signed cert if cert for tenant fails to load
  • internal: fix routing to embedded outpost
  • internal: skip tracing for go healthcheck and metrics endpoints
  • lifecycle: fix confusing success messages in startup healthiness check
  • lifecycle: run bootstrap tasks inline when using automated install
  • lifecycle: Update postgres healthcheck for compose with user information (#3143)
  • policies: consolidate log user and application
  • providers/oauth2: dont lowercase URL for token requests (#3114)
  • providers/oauth2: fix OAuth form_post response mode for code response_type
  • providers/oauth2: if a redirect_uri cannot be parsed as regex, compare strict (#3070)
  • providers/oauth2: remove deprecated verification_keys (#3071)
  • providers/oauth2: token revoke (#3077)
  • providers/proxy: only send misconfiguration event once
  • web/admin: link bound group under policies
  • web/admin: only pre-select oauth2 provider key if creating a new instance
  • web/admin: remove invalid requirement for usernames
  • web/elements: add spinner when loading dynamic routes
  • web/flows: add divider to identification stage for security key
  • web/flows: fix error when webauthn operations failed and user retries
  • web/flows: remove autofocus from password field of identifications stage
  • web/flows: statically import webauthn-related stages for safari issues

Upgrading

This release does not introduce any new requirements.

docker-compose

Download the docker-compose file for 2022.7 from here. Afterwards, simply run docker-compose up -d.

Kubernetes

Update your values to use the new images:

image:
    repository: ghcr.io/goauthentik/server
    tag: 2022.7.1