* flows: optimise flow queries Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * index source on slug and name Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * binding index Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add policy parent index Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix migrations Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * cleanup old migrations Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add release note to upgrade Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
15 KiB
title | slug |
---|---|
Release 2022.10 | 2022.10 |
Breaking changes
- This version removes old migrations that have been replaced by squashed versions in previous versions. As such it is only possible to upgrade to this version from 2022.1 or later.
- Several challenge components have been renamed to better match the rest of the challenges
- The SAML Source has been updated to use connection objects instead of directly creating users.
New features
-
Support for OAuth2 Device flow
See more in the OAuth2 provider docs here. This flow allows users to authenticate on devices that have limited input possibilities and or no browser access.
-
Customizable payload for SMS Authenticator stage when using Generic provider.
-
Revamped SAML Source
The SAML source uses connection objects and the same Flow manager as the OAuth and Plex source. Additionally error-handling has been improved.
This also allows for mapping fields from SAML Source to users.
API Changes
What's New
POST
/flows/instances/import/
GET
/sources/user_connections/saml/
POST
/sources/user_connections/saml/
GET
/sources/user_connections/saml/{id}/
PUT
/sources/user_connections/saml/{id}/
DELETE
/sources/user_connections/saml/{id}/
PATCH
/sources/user_connections/saml/{id}/
GET
/sources/user_connections/saml/{id}/used_by/
What's Deleted
POST
/flows/instances/import_flow/
What's Changed
GET
/core/tenants/{tenant_uuid}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
- Added property
flow_device_code
(string)
- Added property
PUT
/core/tenants/{tenant_uuid}/
Request:
Changed content type : application/json
- Added property
flow_device_code
(string)
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
- Added property
flow_device_code
(string)
- Added property
PATCH
/core/tenants/{tenant_uuid}/
Request:
Changed content type : application/json
- Added property
flow_device_code
(string)
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
- Added property
flow_device_code
(string)
- Added property
GET
/propertymappings/notification/{pm_uuid}/
Parameters:
Changed: pm_uuid
in path
A UUID string identifying this Webhook Mapping.
PUT
/propertymappings/notification/{pm_uuid}/
Parameters:
Changed: pm_uuid
in path
A UUID string identifying this Webhook Mapping.
DELETE
/propertymappings/notification/{pm_uuid}/
Parameters:
Changed: pm_uuid
in path
A UUID string identifying this Webhook Mapping.
PATCH
/propertymappings/notification/{pm_uuid}/
Parameters:
Changed: pm_uuid
in path
A UUID string identifying this Webhook Mapping.
GET
/admin/metrics/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
New required properties:
authorizations_per_1h
-
Added property
authorizations_per_1h
(array)Items (object): > Coordinates for diagrams
-
Property
x_cord
(integer) -
Property
y_cord
(integer)
-
POST
/core/tenants/
Request:
Changed content type : application/json
- Added property
flow_device_code
(string)
Return Type:
Changed response : 201 Created
-
Changed content type :
application/json
- Added property
flow_device_code
(string)
- Added property
GET
/core/tenants/
Parameters:
Added: flow_device_code
in query
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > Tenant Serializer
- Added property
flow_device_code
(string)
- Added property
-
GET
/core/tenants/current/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
- Added property
flow_device_code
(string)
- Added property
GET
/crypto/certificatekeypairs/
Parameters:
Added: include_details
in query
GET
/propertymappings/notification/{pm_uuid}/used_by/
Parameters:
Changed: pm_uuid
in path
A UUID string identifying this Webhook Mapping.
GET
/root/config/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
capabilities
(array)Changed items (string):
Added enum value:
can_debug
-
GET
/sources/oauth/{slug}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
provider_type
(string)Added enum value:
twitch
-
PUT
/sources/oauth/{slug}/
Request:
Changed content type : application/json
-
Changed property
provider_type
(string)Added enum value:
twitch
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
provider_type
(string)Added enum value:
twitch
-
PATCH
/sources/oauth/{slug}/
Request:
Changed content type : application/json
-
Changed property
provider_type
(string)Added enum value:
twitch
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
provider_type
(string)Added enum value:
twitch
-
POST
/sources/oauth/
Request:
Changed content type : application/json
-
Changed property
provider_type
(string)Added enum value:
twitch
Return Type:
Changed response : 201 Created
-
Changed content type :
application/json
-
Changed property
provider_type
(string)Added enum value:
twitch
-
GET
/sources/oauth/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > OAuth Source Serializer
-
Changed property
provider_type
(string)Added enum value:
twitch
-
-
GET
/stages/authenticator/sms/{stage_uuid}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
- Added property
mapping
(string)Optionally modify the payload being sent to custom providers.
- Added property
PUT
/stages/authenticator/sms/{stage_uuid}/
Request:
Changed content type : application/json
- Added property
mapping
(string)Optionally modify the payload being sent to custom providers.
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
- Added property
mapping
(string)Optionally modify the payload being sent to custom providers.
- Added property
PATCH
/stages/authenticator/sms/{stage_uuid}/
Request:
Changed content type : application/json
- Added property
mapping
(string)Optionally modify the payload being sent to custom providers.
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
- Added property
mapping
(string)Optionally modify the payload being sent to custom providers.
- Added property
GET
/flows/executor/{flow_slug}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
Deleted 'ak-flow-sources-plex' component Deleted 'ak-flow-sources-oauth-apple' component Added 'ak-provider-oauth2-device-code' component:
-
Property
type
(string)Enum values:
native
shell
redirect
-
Property
flow_info
(object)Contextual flow information for a challenge
-
Property
title
(string) -
Property
background
(string) -
Property
cancel_url
(string) -
Property
layout
(string)Enum values:
stacked
content_left
content_right
sidebar_left
sidebar_right
-
-
Property
component
(string) -
Property
response_errors
(object)
Added 'ak-source-oauth-apple' component:
-
Property
type
(string) -
Property
flow_info
(object)Contextual flow information for a challenge
-
Property
component
(string) -
Property
response_errors
(object) -
Property
client_id
(string) -
Property
scope
(string) -
Property
redirect_uri
(string) -
Property
state
(string)
Added 'ak-source-plex' component:
-
Property
type
(string) -
Property
flow_info
(object)Contextual flow information for a challenge
-
Property
component
(string) -
Property
response_errors
(object) -
Property
client_id
(string) -
Property
slug
(string)
Added 'ak-provider-oauth2-device-code-finish' component:
-
Property
type
(string) -
Property
flow_info
(object)Contextual flow information for a challenge
-
Property
component
(string) -
Property
response_errors
(object)
Updated
ak-stage-identification
component:-
Changed property
sources
(array)Changed items (object): > Serializer for Login buttons of sources
-
Changed property
challenge
(object)Deleted 'ak-flow-sources-plex' component Deleted 'ak-flow-sources-oauth-apple' component Added 'ak-source-oauth-apple' component: Added 'ak-source-plex' component:
-
-
POST
/flows/executor/{flow_slug}/
Request:
Changed content type : application/json
Deleted 'ak-flow-sources-plex' component Deleted 'ak-flow-sources-oauth-apple' component Added 'ak-provider-oauth2-device-code' component:
-
Property
component
(string) -
Property
code
(integer)
Added 'ak-source-oauth-apple' component:
- Property
component
(string)
Added 'ak-source-plex' component:
- Property
component
(string)
Added 'ak-provider-oauth2-device-code-finish' component:
- Property
component
(string)
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
Deleted 'ak-flow-sources-plex' component Deleted 'ak-flow-sources-oauth-apple' component Added 'ak-provider-oauth2-device-code' component: Added 'ak-source-oauth-apple' component: Added 'ak-source-plex' component: Added 'ak-provider-oauth2-device-code-finish' component: Updated
ak-stage-identification
component:-
Changed property
sources
(array)Changed items (object): > Serializer for Login buttons of sources
-
Changed property
challenge
(object)Deleted 'ak-flow-sources-plex' component Deleted 'ak-flow-sources-oauth-apple' component Added 'ak-source-oauth-apple' component: Added 'ak-source-plex' component:
-
-
POST
/stages/authenticator/sms/
Request:
Changed content type : application/json
- Added property
mapping
(string)Optionally modify the payload being sent to custom providers.
Return Type:
Changed response : 201 Created
-
Changed content type :
application/json
- Added property
mapping
(string)Optionally modify the payload being sent to custom providers.
- Added property
GET
/stages/authenticator/sms/
Parameters:
Added: mapping
in query
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > AuthenticatorSMSStage Serializer
- Added property
mapping
(string)Optionally modify the payload being sent to custom providers.
- Added property
-
Minor changes/fixes
- *: improve error handling in ldap outpost, ignore additional errors
- admin: add authorisations metric (#3811)
- blueprints: fix error when exporting objects with lazily translated strings
- core: fallback to empty user object for PropertyMappingEvaluator
- core: fix messages not being shown when no client is connected
- core: fix title in generic error template
- crypto: fix cert_expiry not having the correct format
- crypto: fix import_certificate checking private key as certificate
- crypto: make certificate parsing optional for crypto api (#3711)
- flows: always show flow inspector in debug mode, don't require admin in debug (#3786)
- flows: improved import (show logs, improve UI) (#3807)
- flows: optimise queries for flow and stage API endpoints
- internal: limit body size
- outposts/ldap: increase compatibility with different types in user and group attributes
- providers/oauth2: add all hardcoded claims to claims_supported list
- providers/oauth2: add device flow (#3334)
- providers/oauth2: exclude at_hash claim if not set instead of being null
- providers/oauth2: fix issues with es256 and add tests (#3808)
- providers/saml: don't attempt verification of SAML request when no verification certificate is configured
- root: add global fallback throttle
- root: Add setting to adjust database config for pgbouncer (#3769)
- root: decrease default token size to 60 chars for compatibility (#3710)
- root: save email template directory in config
- sources/oauth: add Twitch OAuth source (#3746)
- sources/oauth: allow overriding of all scopes
- sources/saml: improve error handling for missing assertion and missing subject
- sources/saml: revamp SAML Source (#3785)
- stages/authenticator_sms: make sms stage payload customisable (#3780)
- stages/email: don't check that email templates exist on startup
- web: use drawSelection to workaround cursor bug when using CodeMirror with ShadowDOM in firefox
- web/*: fix blank api drawer
- web/admin: allow web-based sources to have empty enrollment/authentication flow
- web/admin: rework scrolling in modals, ensure overlay covers everything
- web/admin: set card headers and icons in card class
- web/flows: improve display for action-showing stages
- web/flows: update flow background
- website/docs: add warning to trace log level
Upgrading
This release does not introduce any new requirements.
docker-compose
Download the docker-compose file for 2022.10 from here. Afterwards, simply run docker-compose up -d
.
Kubernetes
Update your values to use the new images:
image:
repository: ghcr.io/goauthentik/server
tag: 2022.10.1