Release 2023.10

Breaking changes

Requests with missing trailing slash are no longer redirected

In previous versions, requests to a path like /api/v3/core/users would be redirected to [...]/users/. This redirect would cause mutating requests (such as POST, PUT and PATCH) to fail as they would get redirected to [...]/users/. The redirect has been disabled, which will not have an impact on a correctly configured setup.
It is only possible to upgrade to 2023.10 from 2023.8. This is due to a bug in the migrations which will be fixed in a future release (#7326).
Warning: The first 2024.x version of this chart will see a rework that will include breaking changes. The breaking changes will be noted in the next Release notes.

New features

RBAC (preview)

With this release we're introducing the ability to finely configure permissions within authentik. These permissions can be used to delegate different tasks, such as user management, application creation and more to users without granting them full superuser permissions. With this system, a least-privilege system can also be implemented much more easily. See more info here
LDAP Provider improvements

The LDAP Provider now has an expanded schema, increasing the compatibility with clients that use the LDAP schema to parse data and .NET applications on Windows.
Improved Proxy provider logout

The proxy provider will now terminate all sessions when a user logs out of authentik or their session expires.
LDAP Source structure mirroring

The LDAP Source has a new default property mapping called authentik default LDAP Mapping: DN to User Path which will map the LDAP users' DN to the user path in authentik, keeping the same structure as the directory the source syncs from.
OAuth Source OIDC auto-refresh

OAuth sources that have a OIDC Well-known URL or OIDC JWKS URL set will periodically be updated to use the correct configuration based on the configured URLs.

Upgrading

This release does not introduce any new requirements.

docker-compose

To upgrade, download the new docker-compose file and update the Docker stack with the new version, using these commands:

shell

wget -O docker-compose.yml https://goauthentik.io/version/2023.10/docker-compose.yml
docker-compose up -d

The -O flag retains the downloaded file's name, overwriting any existing local file with the same name.

Kubernetes

Upgrade the Helm Chart to the new version, using the following commands:

shell

helm repo update
helm upgrade authentik authentik/authentik -f values.yaml --version ^2023.10

Minor changes/fixes

blueprints: fix mismatched user-login stage order (#7030)
ci: test with postgres 16
core/api: add uuid field to core api user http response (#7110)
core: Initial RBAC (#6806)
core: Use branding_title in the end session page (#7282)
core: prevent self-impersonation (#6885)
core: remove celery's duplicate max_tasks_per_child (#6840)
events: fix error when storing events with date/time/datetime/etc (#7028)
flows: remove need for post() wrapper by using dispatch (#6765)
flows: stage_invalid() makes flow restart depending on invalid_response_action setting (#6780)
outposts: use channel groups instead of saving channel names (#7183)
policies/reputation: require either check to be enabled (#6764)
policies: fix cached policy metric (#7068)
providers/ldap: add windows adsi support (#7098)
providers/proxy: improve SLO by backchannel logging out sessions (#7099)
providers/radius: TOTP MFA support (#7217)
providers/saml: add default RelayState value for IDP-initiated requests (#7100)
providers/saml: set WantAuthnRequestsSigned in metadata (#6851)
providers/scim: check that a provider exists before starting scim task (#6841)
providers/scim: remove preview banner (#7166)
root: add option to disable beat when running worker (#6849)
root: connect to backend via socket (#6720)
root: disable APPEND_SLASH (#6928)
root: extended flow and policy metrics (#7067)
root: handle SIGHUP and SIGUSR2, healthcheck gunicorn (#6630)
root: make Celery worker concurrency configurable (#6837)
root: replace boj/redistore with vendored version of rbcervilla/redisstore (#6988)
sources/ldap: add default property mapping to mirror directory structure (#6990)
sources/ldap: add lock to sync (#6930)
sources/ldap: add warning when a property mapping returns None or bytes (#6913)
sources/ldap: fix FreeIPA nsaccountlock sync (#6745)
sources/ldap: fix attribute path resolution (#7090)
sources/ldap: fix inverted interpretation of FreeIPA nsaccountlock (#6877)
sources/ldap: fix task timeout for ldap_sync_all and ldap_sync_single (#6809)
sources/oauth: fix oidc well-known parsing (#7248)
sources/oauth: include default JWKS URLs for OAuth sources (#6992)
sources/oauth: periodically update OAuth sources' OIDC configuration (#7245)
stages/authenticator_sms: fix error when phone number from context already exists (#7264)
stages/authenticator: vendor otp (#6741)
stages/deny: add custom message (#7144)
stages/email: Fix query parameters getting lost in Email links (#5376)
stages/email: rework email templates (#7029)
stages/invitation: fix mis-matched serializer class for invitation (#7018)
stages/password: fix failed_attempts_before_cancel allowing one too many (#6763)
web/admin: add additional Flow info (#7155)
web/admin: fix application icon size (#6738)
web/admin: fix flow-search not being able to unset (#6838)
web/admin: fix not being able to unset certificates (#6767)
web/admin: fix prompt form and codemirror mode (#7231)
web/admin: fix webauthn label order, add raw value (#6905)
web/admin: improve user email button labels (#7233)
web/admin: invitation stage: default "continue without invitation" to false
web/admin: use <pre> for order field on bound elements (#7031)
web/admin: user details few tooltip buttons (#6899)
web/flows: fix plex login not opening new tab on mobile safari (#7050)
web/user: fix incorrect link to admin interface (#6993)
web/user: fix unenrollment flow not being shown (#6972)
web: change 'Attributes' to 'Custom attributes' on Invitation Field (#7145)
web: the return of pseudolocalization (#7190)

Fixed in 2023.10.1

lifecycle: fix otp merge migration (#7315)

Fixed in 2023.10.2

*: fix CVE-2023-46249, reported by @devSparkle
blueprints: fix entries with state: absent not being deleted if their serializer has errors (#7345)
crypto: fix race conditions when creating self-signed certificates on startup (#7344)
lifecycle: rework otp_merge migration (#7359)
providers/proxy: to fix duplicate cookie (#7324)
rbac: handle lookup error (#7341)
stages/email: fix sending emails from task (#7325)
web/admin: fix @change handler for ak-radio elements (#7348)
web/admin: fix role form reacting to enter (#7330)

Fixed in 2023.10.3

ci: explicitly give write permissions to packages (cherry-pick #7428) (#7430)
core: fix worker beat toggle inverted (cherry-pick #7508) (#7509)
events: fix gdpr compliance always running (cherry-pick #7491) (#7505)
providers/oauth2: set auth_via for token and other endpoints (cherry-pick #7417) (#7427)
providers/proxy: fix closed redis client (cherry-pick #7385) (#7429)
root: Improve multi arch Docker image build speed (cherry-pick #7355) (#7426)
sources/oauth: fix patreon (cherry-pick #7454) (#7456)
stages/email: fix duplicate querystring encoding (cherry-pick #7386) (#7425)
web: bugfix: broken backchannel selector (cherry-pick #7480) (#7507)
web/admin: fix html error on oauth2 provider page (cherry-pick #7384) (#7424)
web/flows: attempt to fix bitwareden android compatibility (cherry-pick #7455) (#7457)

Fixed in 2023.10.4

ci: fix permissions for release pipeline to publish binaries (cherry-pick #7512) (#7621)
core: bump golang from 1.21.3-bookworm to 1.21.4-bookworm (cherry-pick #7483) (#7622)
events: don't update internal service accounts unless needed (cherry-pick #7611) (#7640)
events: fix missing model_* events when not directly authenticated (cherry-pick #7588) (#7597)
events: sanitize functions (cherry-pick #7587) (#7589)
providers/proxy: Fix duplicate cookies when using file system store. (cherry-pick #7541) (#7544)
providers/scim: fix missing schemas attribute for User and Group (cherry-pick #7477) (#7596)
root: specify node and python versions in respective config files, deduplicate in CI (#7620)
security: fix CVE-2023-48228, Reported by @Sapd (#7666)
stages/email: use uuid for email confirmation token instead of username (cherry-pick #7581) (#7584)
web/admin: fix admins not able to delete MFA devices (#7660)

Fixed in 2023.10.5

blueprints: improve file change handler (cherry-pick #7813) (#7934)
events: add better fallback for sanitize_item to ensure everything can be saved as JSON (cherry-pick #7694) (#7937)
events: fix lint (#7700)
events: include user agent in events (cherry-pick #7693) (#7938)
providers/scim: change familyName default (cherry-pick #7904) (#7930)
root: don't show warning when app has no URLs to import (cherry-pick #7765) (#7935)
root: Fix cache related image build issues (cherry-pick #7831) (#7932)
stages/email: improve error handling for incorrect template syntax (cherry-pick #7758) (#7936)
tests: fix flaky tests (cherry-pick #7676) (#7939)
web: dark/light theme fixes (#7872)
web: fix overflow glitch on ak-page-header (cherry-pick #7883) (#7931)
web/admin: always show oidc well-known URL fields when they're set (#7560)
web/user: fix search not updating app (cherry-pick #7825) (#7933)

Fixed in 2023.10.6

core: fix PropertyMapping context not being available in request context
outposts: disable deployment and secret reconciler for embedded outpost in code instead of in config (cherry-pick #8021) (#8024)
outposts: fix Outpost reconcile not re-assigning managed attribute (cherry-pick #8014) (#8020)
providers/oauth2: fix CVE-2024-21637, Reported by @lauritzh (#8104)
providers/oauth2: remember session_id from initial token (cherry-pick #7976) (#7977)
providers/proxy: use access token (cherry-pick #8022) (#8023)
rbac: fix error when looking up permissions for now uninstalled apps (cherry-pick #8068) (#8070)
sources/oauth: fix missing get_user_id for OIDC-like sources (Azure AD) (#7970)
web/flows: fix device picker incorrect foreground color (cherry-pick #8067) (#8069)

Fixed in 2023.10.7

providers/oauth2: fix CVE-2024-23647 (cherry-pick #8345) (#8347)
rbac: fix invitations listing with restricted permissions (cherry-pick #8227) (#8229)
root: fix listen trusted_proxy_cidrs config loading from environment (#8075)
root: fix redis config not being updated to match previous change
sources/oauth: fix azure_ad user_id and add test and fallback (cherry-pick #8146) (#8152)
sources/oauth: fix URLs being overwritten by OIDC urls (cherry-pick #8147) (#8156)
sources/oauth: revert azure_ad profile URL change (cherry-pick #8139) (#8141)
stages/authenticator_validate: use friendly_name for stage selector when enrolling (cherry-pick #8255) (#8256)
web/flows: fix icon for generic oauth source with dark theme (cherry-pick #8148) (#8151)

API Changes

What's New

`PUT` /core/transactional/applications/

`GET` /rbac/permissions/

`GET` /rbac/permissions/{id}/

`GET` /rbac/permissions/assigned_by_roles/

`POST` /rbac/permissions/assigned_by_roles/{uuid}/assign/

`PATCH` /rbac/permissions/assigned_by_roles/{uuid}/unassign/

`GET` /rbac/permissions/assigned_by_users/

`POST` /rbac/permissions/assigned_by_users/{id}/assign/

`PATCH` /rbac/permissions/assigned_by_users/{id}/unassign/

`GET` /rbac/permissions/roles/

`GET` /rbac/permissions/users/

`GET` /rbac/roles/

`POST` /rbac/roles/

`GET` /rbac/roles/{uuid}/

`PUT` /rbac/roles/{uuid}/

`DELETE` /rbac/roles/{uuid}/

`PATCH` /rbac/roles/{uuid}/

`GET` /rbac/roles/{uuid}/used_by/

What's Changed

`GET` /authenticators/admin/totp/{id}/

Parameters:

Changed: id in path

A unique integer value identifying this TOTP Device.

`PUT` /authenticators/admin/totp/{id}/

Parameters:

Changed: id in path

A unique integer value identifying this TOTP Device.

`DELETE` /authenticators/admin/totp/{id}/

Parameters:

Changed: id in path

A unique integer value identifying this TOTP Device.

`PATCH` /authenticators/admin/totp/{id}/

Parameters:

Changed: id in path

A unique integer value identifying this TOTP Device.

`GET` /authenticators/totp/{id}/

Parameters:

Changed: id in path

A unique integer value identifying this TOTP Device.

`PUT` /authenticators/totp/{id}/

Parameters:

Changed: id in path

A unique integer value identifying this TOTP Device.

`DELETE` /authenticators/totp/{id}/

Parameters:

Changed: id in path

A unique integer value identifying this TOTP Device.

`PATCH` /authenticators/totp/{id}/

Parameters:

Changed: id in path

A unique integer value identifying this TOTP Device.

`POST` /core/groups/{group_uuid}/add_user/

Parameters:

Changed: group_uuid in path

A UUID string identifying this Group.

`POST` /core/groups/{group_uuid}/remove_user/

Parameters:

Changed: group_uuid in path

A UUID string identifying this Group.

`GET` /enterprise/license/{license_uuid}/

Parameters:

Changed: license_uuid in path

A UUID string identifying this License.

`PUT` /enterprise/license/{license_uuid}/

Parameters:

Changed: license_uuid in path

A UUID string identifying this License.

`DELETE` /enterprise/license/{license_uuid}/

Parameters:

Changed: license_uuid in path

A UUID string identifying this License.

`PATCH` /enterprise/license/{license_uuid}/

Parameters:

Changed: license_uuid in path

A UUID string identifying this License.

`GET` /outposts/instances/{uuid}/health/

Parameters:

Changed: uuid in path

A UUID string identifying this Outpost.

`GET` /outposts/radius/{id}/

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Added property mfa_support (boolean)
  
  When enabled, code-based multi-factor authentication can be used by appending a semicolon and the TOTP code to the password. This should only be enabled if all users that will bind to this provider have a TOTP device configured, as otherwise a password may incorrectly be rejected if it contains a semicolon.

`GET` /policies/event_matcher/{policy_uuid}/

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Changed property app (string)
  - authentik.admin - authentik Admin
  - authentik.api - authentik API
  - authentik.crypto - authentik Crypto
  - authentik.events - authentik Events
  - authentik.flows - authentik Flows
  - authentik.outposts - authentik Outpost
  - authentik.policies.dummy - authentik Policies.Dummy
  - authentik.policies.event_matcher - authentik Policies.Event Matcher
  - authentik.policies.expiry - authentik Policies.Expiry
  - authentik.policies.expression - authentik Policies.Expression
  - authentik.policies.password - authentik Policies.Password
  - authentik.policies.reputation - authentik Policies.Reputation
  - authentik.policies - authentik Policies
  - authentik.providers.ldap - authentik Providers.LDAP
  - authentik.providers.oauth2 - authentik Providers.OAuth2
  - authentik.providers.proxy - authentik Providers.Proxy
  - authentik.providers.radius - authentik Providers.Radius
  - authentik.providers.saml - authentik Providers.SAML
  - authentik.providers.scim - authentik Providers.SCIM
  - authentik.rbac - authentik RBAC
  - authentik.recovery - authentik Recovery
  - authentik.sources.ldap - authentik Sources.LDAP
  - authentik.sources.oauth - authentik Sources.OAuth
  - authentik.sources.plex - authentik Sources.Plex
  - authentik.sources.saml - authentik Sources.SAML
  - authentik.stages.authenticator - authentik Stages.Authenticator
  - authentik.stages.authenticator_duo - authentik Stages.Authenticator.Duo
  - authentik.stages.authenticator_sms - authentik Stages.Authenticator.SMS
  - authentik.stages.authenticator_static - authentik Stages.Authenticator.Static
  - authentik.stages.authenticator_totp - authentik Stages.Authenticator.TOTP
  - authentik.stages.authenticator_validate - authentik Stages.Authenticator.Validate
  - authentik.stages.authenticator_webauthn - authentik Stages.Authenticator.WebAuthn
  - authentik.stages.captcha - authentik Stages.Captcha
  - authentik.stages.consent - authentik Stages.Consent
  - authentik.stages.deny - authentik Stages.Deny
  - authentik.stages.dummy - authentik Stages.Dummy
  - authentik.stages.email - authentik Stages.Email
  - authentik.stages.identification - authentik Stages.Identification
  - authentik.stages.invitation - authentik Stages.User Invitation
  - authentik.stages.password - authentik Stages.Password
  - authentik.stages.prompt - authentik Stages.Prompt
  - authentik.stages.user_delete - authentik Stages.User Delete
  - authentik.stages.user_login - authentik Stages.User Login
  - authentik.stages.user_logout - authentik Stages.User Logout
  - authentik.stages.user_write - authentik Stages.User Write
  - authentik.tenants - authentik Tenants
  - authentik.blueprints - authentik Blueprints
  - authentik.core - authentik Core
  - authentik.enterprise - authentik Enterprise
  Added enum values:
  - authentik.rbac
  - authentik.stages.authenticator
- Changed property model (string)
  - authentik_crypto.certificatekeypair - Certificate-Key Pair
  - authentik_events.event - Event
  - authentik_events.notificationtransport - Notification Transport
  - authentik_events.notification - Notification
  - authentik_events.notificationrule - Notification Rule
  - authentik_events.notificationwebhookmapping - Webhook Mapping
  - authentik_flows.flow - Flow
  - authentik_flows.flowstagebinding - Flow Stage Binding
  - authentik_outposts.dockerserviceconnection - Docker Service-Connection
  - authentik_outposts.kubernetesserviceconnection - Kubernetes Service-Connection
  - authentik_outposts.outpost - Outpost
  - authentik_policies_dummy.dummypolicy - Dummy Policy
  - authentik_policies_event_matcher.eventmatcherpolicy - Event Matcher Policy
  - authentik_policies_expiry.passwordexpirypolicy - Password Expiry Policy
  - authentik_policies_expression.expressionpolicy - Expression Policy
  - authentik_policies_password.passwordpolicy - Password Policy
  - authentik_policies_reputation.reputationpolicy - Reputation Policy
  - authentik_policies_reputation.reputation - Reputation Score
  - authentik_policies.policybinding - Policy Binding
  - authentik_providers_ldap.ldapprovider - LDAP Provider
  - authentik_providers_oauth2.scopemapping - Scope Mapping
  - authentik_providers_oauth2.oauth2provider - OAuth2/OpenID Provider
  - authentik_providers_oauth2.authorizationcode - Authorization Code
  - authentik_providers_oauth2.accesstoken - OAuth2 Access Token
  - authentik_providers_oauth2.refreshtoken - OAuth2 Refresh Token
  - authentik_providers_proxy.proxyprovider - Proxy Provider
  - authentik_providers_radius.radiusprovider - Radius Provider
  - authentik_providers_saml.samlprovider - SAML Provider
  - authentik_providers_saml.samlpropertymapping - SAML Property Mapping
  - authentik_providers_scim.scimprovider - SCIM Provider
  - authentik_providers_scim.scimmapping - SCIM Mapping
  - authentik_rbac.role - Role
  - authentik_sources_ldap.ldapsource - LDAP Source
  - authentik_sources_ldap.ldappropertymapping - LDAP Property Mapping
  - authentik_sources_oauth.oauthsource - OAuth Source
  - authentik_sources_oauth.useroauthsourceconnection - User OAuth Source Connection
  - authentik_sources_plex.plexsource - Plex Source
  - authentik_sources_plex.plexsourceconnection - User Plex Source Connection
  - authentik_sources_saml.samlsource - SAML Source
  - authentik_sources_saml.usersamlsourceconnection - User SAML Source Connection
  - authentik_stages_authenticator_duo.authenticatorduostage - Duo Authenticator Setup Stage
  - authentik_stages_authenticator_duo.duodevice - Duo Device
  - authentik_stages_authenticator_sms.authenticatorsmsstage - SMS Authenticator Setup Stage
  - authentik_stages_authenticator_sms.smsdevice - SMS Device
  - authentik_stages_authenticator_static.authenticatorstaticstage - Static Authenticator Stage
  - authentik_stages_authenticator_static.staticdevice - Static Device
  - authentik_stages_authenticator_totp.authenticatortotpstage - TOTP Authenticator Setup Stage
  - authentik_stages_authenticator_totp.totpdevice - TOTP Device
  - authentik_stages_authenticator_validate.authenticatorvalidatestage - Authenticator Validation Stage
  - authentik_stages_authenticator_webauthn.authenticatewebauthnstage - WebAuthn Authenticator Setup Stage
  - authentik_stages_authenticator_webauthn.webauthndevice - WebAuthn Device
  - authentik_stages_captcha.captchastage - Captcha Stage
  - authentik_stages_consent.consentstage - Consent Stage
  - authentik_stages_consent.userconsent - User Consent
  - authentik_stages_deny.denystage - Deny Stage
  - authentik_stages_dummy.dummystage - Dummy Stage
  - authentik_stages_email.emailstage - Email Stage
  - authentik_stages_identification.identificationstage - Identification Stage
  - authentik_stages_invitation.invitationstage - Invitation Stage
  - authentik_stages_invitation.invitation - Invitation
  - authentik_stages_password.passwordstage - Password Stage
  - authentik_stages_prompt.prompt - Prompt
  - authentik_stages_prompt.promptstage - Prompt Stage
  - authentik_stages_user_delete.userdeletestage - User Delete Stage
  - authentik_stages_user_login.userloginstage - User Login Stage
  - authentik_stages_user_logout.userlogoutstage - User Logout Stage
  - authentik_stages_user_write.userwritestage - User Write Stage
  - authentik_tenants.tenant - Tenant
  - authentik_blueprints.blueprintinstance - Blueprint Instance
  - authentik_core.group - Group
  - authentik_core.user - User
  - authentik_core.application - Application
  - authentik_core.token - Token
  - authentik_enterprise.license - License
  Added enum values:
  - authentik_rbac.role
  - authentik_stages_authenticator_static.staticdevice
  - authentik_stages_authenticator_totp.totpdevice
  - authentik_enterprise.license

`PUT` /policies/event_matcher/{policy_uuid}/

Request:

Changed content type : application/json

Changed property app (string)
- authentik.admin - authentik Admin
- authentik.api - authentik API
- authentik.crypto - authentik Crypto
- authentik.events - authentik Events
- authentik.flows - authentik Flows
- authentik.outposts - authentik Outpost
- authentik.policies.dummy - authentik Policies.Dummy
- authentik.policies.event_matcher - authentik Policies.Event Matcher
- authentik.policies.expiry - authentik Policies.Expiry
- authentik.policies.expression - authentik Policies.Expression
- authentik.policies.password - authentik Policies.Password
- authentik.policies.reputation - authentik Policies.Reputation
- authentik.policies - authentik Policies
- authentik.providers.ldap - authentik Providers.LDAP
- authentik.providers.oauth2 - authentik Providers.OAuth2
- authentik.providers.proxy - authentik Providers.Proxy
- authentik.providers.radius - authentik Providers.Radius
- authentik.providers.saml - authentik Providers.SAML
- authentik.providers.scim - authentik Providers.SCIM
- authentik.rbac - authentik RBAC
- authentik.recovery - authentik Recovery
- authentik.sources.ldap - authentik Sources.LDAP
- authentik.sources.oauth - authentik Sources.OAuth
- authentik.sources.plex - authentik Sources.Plex
- authentik.sources.saml - authentik Sources.SAML
- authentik.stages.authenticator - authentik Stages.Authenticator
- authentik.stages.authenticator_duo - authentik Stages.Authenticator.Duo
- authentik.stages.authenticator_sms - authentik Stages.Authenticator.SMS
- authentik.stages.authenticator_static - authentik Stages.Authenticator.Static
- authentik.stages.authenticator_totp - authentik Stages.Authenticator.TOTP
- authentik.stages.authenticator_validate - authentik Stages.Authenticator.Validate
- authentik.stages.authenticator_webauthn - authentik Stages.Authenticator.WebAuthn
- authentik.stages.captcha - authentik Stages.Captcha
- authentik.stages.consent - authentik Stages.Consent
- authentik.stages.deny - authentik Stages.Deny
- authentik.stages.dummy - authentik Stages.Dummy
- authentik.stages.email - authentik Stages.Email
- authentik.stages.identification - authentik Stages.Identification
- authentik.stages.invitation - authentik Stages.User Invitation
- authentik.stages.password - authentik Stages.Password
- authentik.stages.prompt - authentik Stages.Prompt
- authentik.stages.user_delete - authentik Stages.User Delete
- authentik.stages.user_login - authentik Stages.User Login
- authentik.stages.user_logout - authentik Stages.User Logout
- authentik.stages.user_write - authentik Stages.User Write
- authentik.tenants - authentik Tenants
- authentik.blueprints - authentik Blueprints
- authentik.core - authentik Core
- authentik.enterprise - authentik Enterprise
Added enum values:
- authentik.rbac
- authentik.stages.authenticator
Changed property model (string)
- authentik_crypto.certificatekeypair - Certificate-Key Pair
- authentik_events.event - Event
- authentik_events.notificationtransport - Notification Transport
- authentik_events.notification - Notification
- authentik_events.notificationrule - Notification Rule
- authentik_events.notificationwebhookmapping - Webhook Mapping
- authentik_flows.flow - Flow
- authentik_flows.flowstagebinding - Flow Stage Binding
- authentik_outposts.dockerserviceconnection - Docker Service-Connection
- authentik_outposts.kubernetesserviceconnection - Kubernetes Service-Connection
- authentik_outposts.outpost - Outpost
- authentik_policies_dummy.dummypolicy - Dummy Policy
- authentik_policies_event_matcher.eventmatcherpolicy - Event Matcher Policy
- authentik_policies_expiry.passwordexpirypolicy - Password Expiry Policy
- authentik_policies_expression.expressionpolicy - Expression Policy
- authentik_policies_password.passwordpolicy - Password Policy
- authentik_policies_reputation.reputationpolicy - Reputation Policy
- authentik_policies_reputation.reputation - Reputation Score
- authentik_policies.policybinding - Policy Binding
- authentik_providers_ldap.ldapprovider - LDAP Provider
- authentik_providers_oauth2.scopemapping - Scope Mapping
- authentik_providers_oauth2.oauth2provider - OAuth2/OpenID Provider
- authentik_providers_oauth2.authorizationcode - Authorization Code
- authentik_providers_oauth2.accesstoken - OAuth2 Access Token
- authentik_providers_oauth2.refreshtoken - OAuth2 Refresh Token
- authentik_providers_proxy.proxyprovider - Proxy Provider
- authentik_providers_radius.radiusprovider - Radius Provider
- authentik_providers_saml.samlprovider - SAML Provider
- authentik_providers_saml.samlpropertymapping - SAML Property Mapping
- authentik_providers_scim.scimprovider - SCIM Provider
- authentik_providers_scim.scimmapping - SCIM Mapping
- authentik_rbac.role - Role
- authentik_sources_ldap.ldapsource - LDAP Source
- authentik_sources_ldap.ldappropertymapping - LDAP Property Mapping
- authentik_sources_oauth.oauthsource - OAuth Source
- authentik_sources_oauth.useroauthsourceconnection - User OAuth Source Connection
- authentik_sources_plex.plexsource - Plex Source
- authentik_sources_plex.plexsourceconnection - User Plex Source Connection
- authentik_sources_saml.samlsource - SAML Source
- authentik_sources_saml.usersamlsourceconnection - User SAML Source Connection
- authentik_stages_authenticator_duo.authenticatorduostage - Duo Authenticator Setup Stage
- authentik_stages_authenticator_duo.duodevice - Duo Device
- authentik_stages_authenticator_sms.authenticatorsmsstage - SMS Authenticator Setup Stage
- authentik_stages_authenticator_sms.smsdevice - SMS Device
- authentik_stages_authenticator_static.authenticatorstaticstage - Static Authenticator Stage
- authentik_stages_authenticator_static.staticdevice - Static Device
- authentik_stages_authenticator_totp.authenticatortotpstage - TOTP Authenticator Setup Stage
- authentik_stages_authenticator_totp.totpdevice - TOTP Device
- authentik_stages_authenticator_validate.authenticatorvalidatestage - Authenticator Validation Stage
- authentik_stages_authenticator_webauthn.authenticatewebauthnstage - WebAuthn Authenticator Setup Stage
- authentik_stages_authenticator_webauthn.webauthndevice - WebAuthn Device
- authentik_stages_captcha.captchastage - Captcha Stage
- authentik_stages_consent.consentstage - Consent Stage
- authentik_stages_consent.userconsent - User Consent
- authentik_stages_deny.denystage - Deny Stage
- authentik_stages_dummy.dummystage - Dummy Stage
- authentik_stages_email.emailstage - Email Stage
- authentik_stages_identification.identificationstage - Identification Stage
- authentik_stages_invitation.invitationstage - Invitation Stage
- authentik_stages_invitation.invitation - Invitation
- authentik_stages_password.passwordstage - Password Stage
- authentik_stages_prompt.prompt - Prompt
- authentik_stages_prompt.promptstage - Prompt Stage
- authentik_stages_user_delete.userdeletestage - User Delete Stage
- authentik_stages_user_login.userloginstage - User Login Stage
- authentik_stages_user_logout.userlogoutstage - User Logout Stage
- authentik_stages_user_write.userwritestage - User Write Stage
- authentik_tenants.tenant - Tenant
- authentik_blueprints.blueprintinstance - Blueprint Instance
- authentik_core.group - Group
- authentik_core.user - User
- authentik_core.application - Application
- authentik_core.token - Token
- authentik_enterprise.license - License
Added enum values:
- authentik_rbac.role
- authentik_stages_authenticator_static.staticdevice
- authentik_stages_authenticator_totp.totpdevice
- authentik_enterprise.license

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Changed property app (string)
  - authentik.admin - authentik Admin
  - authentik.api - authentik API
  - authentik.crypto - authentik Crypto
  - authentik.events - authentik Events
  - authentik.flows - authentik Flows
  - authentik.outposts - authentik Outpost
  - authentik.policies.dummy - authentik Policies.Dummy
  - authentik.policies.event_matcher - authentik Policies.Event Matcher
  - authentik.policies.expiry - authentik Policies.Expiry
  - authentik.policies.expression - authentik Policies.Expression
  - authentik.policies.password - authentik Policies.Password
  - authentik.policies.reputation - authentik Policies.Reputation
  - authentik.policies - authentik Policies
  - authentik.providers.ldap - authentik Providers.LDAP
  - authentik.providers.oauth2 - authentik Providers.OAuth2
  - authentik.providers.proxy - authentik Providers.Proxy
  - authentik.providers.radius - authentik Providers.Radius
  - authentik.providers.saml - authentik Providers.SAML
  - authentik.providers.scim - authentik Providers.SCIM
  - authentik.rbac - authentik RBAC
  - authentik.recovery - authentik Recovery
  - authentik.sources.ldap - authentik Sources.LDAP
  - authentik.sources.oauth - authentik Sources.OAuth
  - authentik.sources.plex - authentik Sources.Plex
  - authentik.sources.saml - authentik Sources.SAML
  - authentik.stages.authenticator - authentik Stages.Authenticator
  - authentik.stages.authenticator_duo - authentik Stages.Authenticator.Duo
  - authentik.stages.authenticator_sms - authentik Stages.Authenticator.SMS
  - authentik.stages.authenticator_static - authentik Stages.Authenticator.Static
  - authentik.stages.authenticator_totp - authentik Stages.Authenticator.TOTP
  - authentik.stages.authenticator_validate - authentik Stages.Authenticator.Validate
  - authentik.stages.authenticator_webauthn - authentik Stages.Authenticator.WebAuthn
  - authentik.stages.captcha - authentik Stages.Captcha
  - authentik.stages.consent - authentik Stages.Consent
  - authentik.stages.deny - authentik Stages.Deny
  - authentik.stages.dummy - authentik Stages.Dummy
  - authentik.stages.email - authentik Stages.Email
  - authentik.stages.identification - authentik Stages.Identification
  - authentik.stages.invitation - authentik Stages.User Invitation
  - authentik.stages.password - authentik Stages.Password
  - authentik.stages.prompt - authentik Stages.Prompt
  - authentik.stages.user_delete - authentik Stages.User Delete
  - authentik.stages.user_login - authentik Stages.User Login
  - authentik.stages.user_logout - authentik Stages.User Logout
  - authentik.stages.user_write - authentik Stages.User Write
  - authentik.tenants - authentik Tenants
  - authentik.blueprints - authentik Blueprints
  - authentik.core - authentik Core
  - authentik.enterprise - authentik Enterprise
  Added enum values:
  - authentik.rbac
  - authentik.stages.authenticator
- Changed property model (string)
  - authentik_crypto.certificatekeypair - Certificate-Key Pair
  - authentik_events.event - Event
  - authentik_events.notificationtransport - Notification Transport
  - authentik_events.notification - Notification
  - authentik_events.notificationrule - Notification Rule
  - authentik_events.notificationwebhookmapping - Webhook Mapping
  - authentik_flows.flow - Flow
  - authentik_flows.flowstagebinding - Flow Stage Binding
  - authentik_outposts.dockerserviceconnection - Docker Service-Connection
  - authentik_outposts.kubernetesserviceconnection - Kubernetes Service-Connection
  - authentik_outposts.outpost - Outpost
  - authentik_policies_dummy.dummypolicy - Dummy Policy
  - authentik_policies_event_matcher.eventmatcherpolicy - Event Matcher Policy
  - authentik_policies_expiry.passwordexpirypolicy - Password Expiry Policy
  - authentik_policies_expression.expressionpolicy - Expression Policy
  - authentik_policies_password.passwordpolicy - Password Policy
  - authentik_policies_reputation.reputationpolicy - Reputation Policy
  - authentik_policies_reputation.reputation - Reputation Score
  - authentik_policies.policybinding - Policy Binding
  - authentik_providers_ldap.ldapprovider - LDAP Provider
  - authentik_providers_oauth2.scopemapping - Scope Mapping
  - authentik_providers_oauth2.oauth2provider - OAuth2/OpenID Provider
  - authentik_providers_oauth2.authorizationcode - Authorization Code
  - authentik_providers_oauth2.accesstoken - OAuth2 Access Token
  - authentik_providers_oauth2.refreshtoken - OAuth2 Refresh Token
  - authentik_providers_proxy.proxyprovider - Proxy Provider
  - authentik_providers_radius.radiusprovider - Radius Provider
  - authentik_providers_saml.samlprovider - SAML Provider
  - authentik_providers_saml.samlpropertymapping - SAML Property Mapping
  - authentik_providers_scim.scimprovider - SCIM Provider
  - authentik_providers_scim.scimmapping - SCIM Mapping
  - authentik_rbac.role - Role
  - authentik_sources_ldap.ldapsource - LDAP Source
  - authentik_sources_ldap.ldappropertymapping - LDAP Property Mapping
  - authentik_sources_oauth.oauthsource - OAuth Source
  - authentik_sources_oauth.useroauthsourceconnection - User OAuth Source Connection
  - authentik_sources_plex.plexsource - Plex Source
  - authentik_sources_plex.plexsourceconnection - User Plex Source Connection
  - authentik_sources_saml.samlsource - SAML Source
  - authentik_sources_saml.usersamlsourceconnection - User SAML Source Connection
  - authentik_stages_authenticator_duo.authenticatorduostage - Duo Authenticator Setup Stage
  - authentik_stages_authenticator_duo.duodevice - Duo Device
  - authentik_stages_authenticator_sms.authenticatorsmsstage - SMS Authenticator Setup Stage
  - authentik_stages_authenticator_sms.smsdevice - SMS Device
  - authentik_stages_authenticator_static.authenticatorstaticstage - Static Authenticator Stage
  - authentik_stages_authenticator_static.staticdevice - Static Device
  - authentik_stages_authenticator_totp.authenticatortotpstage - TOTP Authenticator Setup Stage
  - authentik_stages_authenticator_totp.totpdevice - TOTP Device
  - authentik_stages_authenticator_validate.authenticatorvalidatestage - Authenticator Validation Stage
  - authentik_stages_authenticator_webauthn.authenticatewebauthnstage - WebAuthn Authenticator Setup Stage
  - authentik_stages_authenticator_webauthn.webauthndevice - WebAuthn Device
  - authentik_stages_captcha.captchastage - Captcha Stage
  - authentik_stages_consent.consentstage - Consent Stage
  - authentik_stages_consent.userconsent - User Consent
  - authentik_stages_deny.denystage - Deny Stage
  - authentik_stages_dummy.dummystage - Dummy Stage
  - authentik_stages_email.emailstage - Email Stage
  - authentik_stages_identification.identificationstage - Identification Stage
  - authentik_stages_invitation.invitationstage - Invitation Stage
  - authentik_stages_invitation.invitation - Invitation
  - authentik_stages_password.passwordstage - Password Stage
  - authentik_stages_prompt.prompt - Prompt
  - authentik_stages_prompt.promptstage - Prompt Stage
  - authentik_stages_user_delete.userdeletestage - User Delete Stage
  - authentik_stages_user_login.userloginstage - User Login Stage
  - authentik_stages_user_logout.userlogoutstage - User Logout Stage
  - authentik_stages_user_write.userwritestage - User Write Stage
  - authentik_tenants.tenant - Tenant
  - authentik_blueprints.blueprintinstance - Blueprint Instance
  - authentik_core.group - Group
  - authentik_core.user - User
  - authentik_core.application - Application
  - authentik_core.token - Token
  - authentik_enterprise.license - License
  Added enum values:
  - authentik_rbac.role
  - authentik_stages_authenticator_static.staticdevice
  - authentik_stages_authenticator_totp.totpdevice
  - authentik_enterprise.license

`PATCH` /policies/event_matcher/{policy_uuid}/

Request:

Changed content type : application/json

Changed property app (string)
- authentik.admin - authentik Admin
- authentik.api - authentik API
- authentik.crypto - authentik Crypto
- authentik.events - authentik Events
- authentik.flows - authentik Flows
- authentik.outposts - authentik Outpost
- authentik.policies.dummy - authentik Policies.Dummy
- authentik.policies.event_matcher - authentik Policies.Event Matcher
- authentik.policies.expiry - authentik Policies.Expiry
- authentik.policies.expression - authentik Policies.Expression
- authentik.policies.password - authentik Policies.Password
- authentik.policies.reputation - authentik Policies.Reputation
- authentik.policies - authentik Policies
- authentik.providers.ldap - authentik Providers.LDAP
- authentik.providers.oauth2 - authentik Providers.OAuth2
- authentik.providers.proxy - authentik Providers.Proxy
- authentik.providers.radius - authentik Providers.Radius
- authentik.providers.saml - authentik Providers.SAML
- authentik.providers.scim - authentik Providers.SCIM
- authentik.rbac - authentik RBAC
- authentik.recovery - authentik Recovery
- authentik.sources.ldap - authentik Sources.LDAP
- authentik.sources.oauth - authentik Sources.OAuth
- authentik.sources.plex - authentik Sources.Plex
- authentik.sources.saml - authentik Sources.SAML
- authentik.stages.authenticator - authentik Stages.Authenticator
- authentik.stages.authenticator_duo - authentik Stages.Authenticator.Duo
- authentik.stages.authenticator_sms - authentik Stages.Authenticator.SMS
- authentik.stages.authenticator_static - authentik Stages.Authenticator.Static
- authentik.stages.authenticator_totp - authentik Stages.Authenticator.TOTP
- authentik.stages.authenticator_validate - authentik Stages.Authenticator.Validate
- authentik.stages.authenticator_webauthn - authentik Stages.Authenticator.WebAuthn
- authentik.stages.captcha - authentik Stages.Captcha
- authentik.stages.consent - authentik Stages.Consent
- authentik.stages.deny - authentik Stages.Deny
- authentik.stages.dummy - authentik Stages.Dummy
- authentik.stages.email - authentik Stages.Email
- authentik.stages.identification - authentik Stages.Identification
- authentik.stages.invitation - authentik Stages.User Invitation
- authentik.stages.password - authentik Stages.Password
- authentik.stages.prompt - authentik Stages.Prompt
- authentik.stages.user_delete - authentik Stages.User Delete
- authentik.stages.user_login - authentik Stages.User Login
- authentik.stages.user_logout - authentik Stages.User Logout
- authentik.stages.user_write - authentik Stages.User Write
- authentik.tenants - authentik Tenants
- authentik.blueprints - authentik Blueprints
- authentik.core - authentik Core
- authentik.enterprise - authentik Enterprise
Added enum values:
- authentik.rbac
- authentik.stages.authenticator
Changed property model (string)
- authentik_crypto.certificatekeypair - Certificate-Key Pair
- authentik_events.event - Event
- authentik_events.notificationtransport - Notification Transport
- authentik_events.notification - Notification
- authentik_events.notificationrule - Notification Rule
- authentik_events.notificationwebhookmapping - Webhook Mapping
- authentik_flows.flow - Flow
- authentik_flows.flowstagebinding - Flow Stage Binding
- authentik_outposts.dockerserviceconnection - Docker Service-Connection
- authentik_outposts.kubernetesserviceconnection - Kubernetes Service-Connection
- authentik_outposts.outpost - Outpost
- authentik_policies_dummy.dummypolicy - Dummy Policy
- authentik_policies_event_matcher.eventmatcherpolicy - Event Matcher Policy
- authentik_policies_expiry.passwordexpirypolicy - Password Expiry Policy
- authentik_policies_expression.expressionpolicy - Expression Policy
- authentik_policies_password.passwordpolicy - Password Policy
- authentik_policies_reputation.reputationpolicy - Reputation Policy
- authentik_policies_reputation.reputation - Reputation Score
- authentik_policies.policybinding - Policy Binding
- authentik_providers_ldap.ldapprovider - LDAP Provider
- authentik_providers_oauth2.scopemapping - Scope Mapping
- authentik_providers_oauth2.oauth2provider - OAuth2/OpenID Provider
- authentik_providers_oauth2.authorizationcode - Authorization Code
- authentik_providers_oauth2.accesstoken - OAuth2 Access Token
- authentik_providers_oauth2.refreshtoken - OAuth2 Refresh Token
- authentik_providers_proxy.proxyprovider - Proxy Provider
- authentik_providers_radius.radiusprovider - Radius Provider
- authentik_providers_saml.samlprovider - SAML Provider
- authentik_providers_saml.samlpropertymapping - SAML Property Mapping
- authentik_providers_scim.scimprovider - SCIM Provider
- authentik_providers_scim.scimmapping - SCIM Mapping
- authentik_rbac.role - Role
- authentik_sources_ldap.ldapsource - LDAP Source
- authentik_sources_ldap.ldappropertymapping - LDAP Property Mapping
- authentik_sources_oauth.oauthsource - OAuth Source
- authentik_sources_oauth.useroauthsourceconnection - User OAuth Source Connection
- authentik_sources_plex.plexsource - Plex Source
- authentik_sources_plex.plexsourceconnection - User Plex Source Connection
- authentik_sources_saml.samlsource - SAML Source
- authentik_sources_saml.usersamlsourceconnection - User SAML Source Connection
- authentik_stages_authenticator_duo.authenticatorduostage - Duo Authenticator Setup Stage
- authentik_stages_authenticator_duo.duodevice - Duo Device
- authentik_stages_authenticator_sms.authenticatorsmsstage - SMS Authenticator Setup Stage
- authentik_stages_authenticator_sms.smsdevice - SMS Device
- authentik_stages_authenticator_static.authenticatorstaticstage - Static Authenticator Stage
- authentik_stages_authenticator_static.staticdevice - Static Device
- authentik_stages_authenticator_totp.authenticatortotpstage - TOTP Authenticator Setup Stage
- authentik_stages_authenticator_totp.totpdevice - TOTP Device
- authentik_stages_authenticator_validate.authenticatorvalidatestage - Authenticator Validation Stage
- authentik_stages_authenticator_webauthn.authenticatewebauthnstage - WebAuthn Authenticator Setup Stage
- authentik_stages_authenticator_webauthn.webauthndevice - WebAuthn Device
- authentik_stages_captcha.captchastage - Captcha Stage
- authentik_stages_consent.consentstage - Consent Stage
- authentik_stages_consent.userconsent - User Consent
- authentik_stages_deny.denystage - Deny Stage
- authentik_stages_dummy.dummystage - Dummy Stage
- authentik_stages_email.emailstage - Email Stage
- authentik_stages_identification.identificationstage - Identification Stage
- authentik_stages_invitation.invitationstage - Invitation Stage
- authentik_stages_invitation.invitation - Invitation
- authentik_stages_password.passwordstage - Password Stage
- authentik_stages_prompt.prompt - Prompt
- authentik_stages_prompt.promptstage - Prompt Stage
- authentik_stages_user_delete.userdeletestage - User Delete Stage
- authentik_stages_user_login.userloginstage - User Login Stage
- authentik_stages_user_logout.userlogoutstage - User Logout Stage
- authentik_stages_user_write.userwritestage - User Write Stage
- authentik_tenants.tenant - Tenant
- authentik_blueprints.blueprintinstance - Blueprint Instance
- authentik_core.group - Group
- authentik_core.user - User
- authentik_core.application - Application
- authentik_core.token - Token
- authentik_enterprise.license - License
Added enum values:
- authentik_rbac.role
- authentik_stages_authenticator_static.staticdevice
- authentik_stages_authenticator_totp.totpdevice
- authentik_enterprise.license

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Changed property app (string)
  - authentik.admin - authentik Admin
  - authentik.api - authentik API
  - authentik.crypto - authentik Crypto
  - authentik.events - authentik Events
  - authentik.flows - authentik Flows
  - authentik.outposts - authentik Outpost
  - authentik.policies.dummy - authentik Policies.Dummy
  - authentik.policies.event_matcher - authentik Policies.Event Matcher
  - authentik.policies.expiry - authentik Policies.Expiry
  - authentik.policies.expression - authentik Policies.Expression
  - authentik.policies.password - authentik Policies.Password
  - authentik.policies.reputation - authentik Policies.Reputation
  - authentik.policies - authentik Policies
  - authentik.providers.ldap - authentik Providers.LDAP
  - authentik.providers.oauth2 - authentik Providers.OAuth2
  - authentik.providers.proxy - authentik Providers.Proxy
  - authentik.providers.radius - authentik Providers.Radius
  - authentik.providers.saml - authentik Providers.SAML
  - authentik.providers.scim - authentik Providers.SCIM
  - authentik.rbac - authentik RBAC
  - authentik.recovery - authentik Recovery
  - authentik.sources.ldap - authentik Sources.LDAP
  - authentik.sources.oauth - authentik Sources.OAuth
  - authentik.sources.plex - authentik Sources.Plex
  - authentik.sources.saml - authentik Sources.SAML
  - authentik.stages.authenticator - authentik Stages.Authenticator
  - authentik.stages.authenticator_duo - authentik Stages.Authenticator.Duo
  - authentik.stages.authenticator_sms - authentik Stages.Authenticator.SMS
  - authentik.stages.authenticator_static - authentik Stages.Authenticator.Static
  - authentik.stages.authenticator_totp - authentik Stages.Authenticator.TOTP
  - authentik.stages.authenticator_validate - authentik Stages.Authenticator.Validate
  - authentik.stages.authenticator_webauthn - authentik Stages.Authenticator.WebAuthn
  - authentik.stages.captcha - authentik Stages.Captcha
  - authentik.stages.consent - authentik Stages.Consent
  - authentik.stages.deny - authentik Stages.Deny
  - authentik.stages.dummy - authentik Stages.Dummy
  - authentik.stages.email - authentik Stages.Email
  - authentik.stages.identification - authentik Stages.Identification
  - authentik.stages.invitation - authentik Stages.User Invitation
  - authentik.stages.password - authentik Stages.Password
  - authentik.stages.prompt - authentik Stages.Prompt
  - authentik.stages.user_delete - authentik Stages.User Delete
  - authentik.stages.user_login - authentik Stages.User Login
  - authentik.stages.user_logout - authentik Stages.User Logout
  - authentik.stages.user_write - authentik Stages.User Write
  - authentik.tenants - authentik Tenants
  - authentik.blueprints - authentik Blueprints
  - authentik.core - authentik Core
  - authentik.enterprise - authentik Enterprise
  Added enum values:
  - authentik.rbac
  - authentik.stages.authenticator
- Changed property model (string)
  - authentik_crypto.certificatekeypair - Certificate-Key Pair
  - authentik_events.event - Event
  - authentik_events.notificationtransport - Notification Transport
  - authentik_events.notification - Notification
  - authentik_events.notificationrule - Notification Rule
  - authentik_events.notificationwebhookmapping - Webhook Mapping
  - authentik_flows.flow - Flow
  - authentik_flows.flowstagebinding - Flow Stage Binding
  - authentik_outposts.dockerserviceconnection - Docker Service-Connection
  - authentik_outposts.kubernetesserviceconnection - Kubernetes Service-Connection
  - authentik_outposts.outpost - Outpost
  - authentik_policies_dummy.dummypolicy - Dummy Policy
  - authentik_policies_event_matcher.eventmatcherpolicy - Event Matcher Policy
  - authentik_policies_expiry.passwordexpirypolicy - Password Expiry Policy
  - authentik_policies_expression.expressionpolicy - Expression Policy
  - authentik_policies_password.passwordpolicy - Password Policy
  - authentik_policies_reputation.reputationpolicy - Reputation Policy
  - authentik_policies_reputation.reputation - Reputation Score
  - authentik_policies.policybinding - Policy Binding
  - authentik_providers_ldap.ldapprovider - LDAP Provider
  - authentik_providers_oauth2.scopemapping - Scope Mapping
  - authentik_providers_oauth2.oauth2provider - OAuth2/OpenID Provider
  - authentik_providers_oauth2.authorizationcode - Authorization Code
  - authentik_providers_oauth2.accesstoken - OAuth2 Access Token
  - authentik_providers_oauth2.refreshtoken - OAuth2 Refresh Token
  - authentik_providers_proxy.proxyprovider - Proxy Provider
  - authentik_providers_radius.radiusprovider - Radius Provider
  - authentik_providers_saml.samlprovider - SAML Provider
  - authentik_providers_saml.samlpropertymapping - SAML Property Mapping
  - authentik_providers_scim.scimprovider - SCIM Provider
  - authentik_providers_scim.scimmapping - SCIM Mapping
  - authentik_rbac.role - Role
  - authentik_sources_ldap.ldapsource - LDAP Source
  - authentik_sources_ldap.ldappropertymapping - LDAP Property Mapping
  - authentik_sources_oauth.oauthsource - OAuth Source
  - authentik_sources_oauth.useroauthsourceconnection - User OAuth Source Connection
  - authentik_sources_plex.plexsource - Plex Source
  - authentik_sources_plex.plexsourceconnection - User Plex Source Connection
  - authentik_sources_saml.samlsource - SAML Source
  - authentik_sources_saml.usersamlsourceconnection - User SAML Source Connection
  - authentik_stages_authenticator_duo.authenticatorduostage - Duo Authenticator Setup Stage
  - authentik_stages_authenticator_duo.duodevice - Duo Device
  - authentik_stages_authenticator_sms.authenticatorsmsstage - SMS Authenticator Setup Stage
  - authentik_stages_authenticator_sms.smsdevice - SMS Device
  - authentik_stages_authenticator_static.authenticatorstaticstage - Static Authenticator Stage
  - authentik_stages_authenticator_static.staticdevice - Static Device
  - authentik_stages_authenticator_totp.authenticatortotpstage - TOTP Authenticator Setup Stage
  - authentik_stages_authenticator_totp.totpdevice - TOTP Device
  - authentik_stages_authenticator_validate.authenticatorvalidatestage - Authenticator Validation Stage
  - authentik_stages_authenticator_webauthn.authenticatewebauthnstage - WebAuthn Authenticator Setup Stage
  - authentik_stages_authenticator_webauthn.webauthndevice - WebAuthn Device
  - authentik_stages_captcha.captchastage - Captcha Stage
  - authentik_stages_consent.consentstage - Consent Stage
  - authentik_stages_consent.userconsent - User Consent
  - authentik_stages_deny.denystage - Deny Stage
  - authentik_stages_dummy.dummystage - Dummy Stage
  - authentik_stages_email.emailstage - Email Stage
  - authentik_stages_identification.identificationstage - Identification Stage
  - authentik_stages_invitation.invitationstage - Invitation Stage
  - authentik_stages_invitation.invitation - Invitation
  - authentik_stages_password.passwordstage - Password Stage
  - authentik_stages_prompt.prompt - Prompt
  - authentik_stages_prompt.promptstage - Prompt Stage
  - authentik_stages_user_delete.userdeletestage - User Delete Stage
  - authentik_stages_user_login.userloginstage - User Login Stage
  - authentik_stages_user_logout.userlogoutstage - User Logout Stage
  - authentik_stages_user_write.userwritestage - User Write Stage
  - authentik_tenants.tenant - Tenant
  - authentik_blueprints.blueprintinstance - Blueprint Instance
  - authentik_core.group - Group
  - authentik_core.user - User
  - authentik_core.application - Application
  - authentik_core.token - Token
  - authentik_enterprise.license - License
  Added enum values:
  - authentik_rbac.role
  - authentik_stages_authenticator_static.staticdevice
  - authentik_stages_authenticator_totp.totpdevice
  - authentik_enterprise.license

`GET` /providers/radius/{id}/

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Added property mfa_support (boolean)
  
  When enabled, code-based multi-factor authentication can be used by appending a semicolon and the TOTP code to the password. This should only be enabled if all users that will bind to this provider have a TOTP device configured, as otherwise a password may incorrectly be rejected if it contains a semicolon.

`PUT` /providers/radius/{id}/

Request:

Changed content type : application/json

Added property mfa_support (boolean)

When enabled, code-based multi-factor authentication can be used by appending a semicolon and the TOTP code to the password. This should only be enabled if all users that will bind to this provider have a TOTP device configured, as otherwise a password may incorrectly be rejected if it contains a semicolon.

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Added property mfa_support (boolean)
  
  When enabled, code-based multi-factor authentication can be used by appending a semicolon and the TOTP code to the password. This should only be enabled if all users that will bind to this provider have a TOTP device configured, as otherwise a password may incorrectly be rejected if it contains a semicolon.

`PATCH` /providers/radius/{id}/

Request:

Changed content type : application/json

Added property mfa_support (boolean)

When enabled, code-based multi-factor authentication can be used by appending a semicolon and the TOTP code to the password. This should only be enabled if all users that will bind to this provider have a TOTP device configured, as otherwise a password may incorrectly be rejected if it contains a semicolon.

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Added property mfa_support (boolean)
  
  When enabled, code-based multi-factor authentication can be used by appending a semicolon and the TOTP code to the password. This should only be enabled if all users that will bind to this provider have a TOTP device configured, as otherwise a password may incorrectly be rejected if it contains a semicolon.

`GET` /sources/oauth/source_types/

Return Type:

Changed response : 200 OK

Changed content type : application/json

Changed items (object): > Serializer for SourceType

New required properties:
- oidc_jwks_url
- oidc_well_known_url
- Added property oidc_well_known_url (string)
- Added property oidc_jwks_url (string)

`DELETE` /authenticators/admin/static/{id}/

Parameters:

Changed: id in path

A unique integer value identifying this Static Device.

`GET` /authenticators/admin/static/{id}/

Parameters:

Changed: id in path

A unique integer value identifying this Static Device.

`PUT` /authenticators/admin/static/{id}/

Parameters:

Changed: id in path

A unique integer value identifying this Static Device.

`PATCH` /authenticators/admin/static/{id}/

Parameters:

Changed: id in path

A unique integer value identifying this Static Device.

`DELETE` /authenticators/static/{id}/

Parameters:

Changed: id in path

A unique integer value identifying this Static Device.

`GET` /authenticators/static/{id}/

Parameters:

Changed: id in path

A unique integer value identifying this Static Device.

`PUT` /authenticators/static/{id}/

Parameters:

Changed: id in path

A unique integer value identifying this Static Device.

`PATCH` /authenticators/static/{id}/

Parameters:

Changed: id in path

A unique integer value identifying this Static Device.

`GET` /authenticators/static/{id}/used_by/

Parameters:

Changed: id in path

A unique integer value identifying this Static Device.

`GET` /authenticators/totp/{id}/used_by/

Parameters:

Changed: id in path

A unique integer value identifying this TOTP Device.

`DELETE` /core/groups/{group_uuid}/

Parameters:

Changed: group_uuid in path

A UUID string identifying this Group.

`GET` /core/groups/{group_uuid}/

Parameters:

Changed: group_uuid in path

A UUID string identifying this Group.

Return Type:

Changed response : 200 OK

Changed content type : application/json

New required properties:
- roles_obj
- Added property roles (array)
  
  Items (string):
- Added property roles_obj (array)
  
  Items (object): > Role serializer
  - Property pk (string)
  - Property name (string)

`PUT` /core/groups/{group_uuid}/

Parameters:

Changed: group_uuid in path

A UUID string identifying this Group.

Request:

Changed content type : application/json

Added property roles (array)

Return Type:

Changed response : 200 OK

Changed content type : application/json

New required properties:
- roles_obj
- Added property roles (array)
- Added property roles_obj (array)

`PATCH` /core/groups/{group_uuid}/

Parameters:

Changed: group_uuid in path

A UUID string identifying this Group.

Request:

Changed content type : application/json

Added property roles (array)

Return Type:

Changed response : 200 OK

Changed content type : application/json

New required properties:
- roles_obj
- Added property roles (array)
- Added property roles_obj (array)

`GET` /core/groups/{group_uuid}/used_by/

Parameters:

Changed: group_uuid in path

A UUID string identifying this Group.

`GET` /core/tokens/{identifier}/

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Changed property user_obj (object)
  
  User Serializer
  
  New required properties:
  - uuid
  - Added property uuid (string)

`PUT` /core/tokens/{identifier}/

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Changed property user_obj (object)
  
  User Serializer
  
  New required properties:
  - uuid
  - Added property uuid (string)

`PATCH` /core/tokens/{identifier}/

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Changed property user_obj (object)
  
  User Serializer
  
  New required properties:
  - uuid
  - Added property uuid (string)

`GET` /core/users/{id}/

Return Type:

Changed response : 200 OK

Changed content type : application/json

New required properties:
- uuid
- Added property uuid (string)

`PUT` /core/users/{id}/

Return Type:

Changed response : 200 OK

Changed content type : application/json

New required properties:
- uuid
- Added property uuid (string)

`PATCH` /core/users/{id}/

Return Type:

Changed response : 200 OK

Changed content type : application/json

New required properties:
- uuid
- Added property uuid (string)

`GET` /enterprise/license/{license_uuid}/used_by/

Parameters:

Changed: license_uuid in path

A UUID string identifying this License.

`GET` /events/rules/{pbm_uuid}/

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Changed property group_obj (object)
  
  Group Serializer
  
  New required properties:
  - roles_obj
  - Added property roles (array)
  - Added property roles_obj (array)

`PUT` /events/rules/{pbm_uuid}/

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Changed property group_obj (object)
  
  Group Serializer
  
  New required properties:
  - roles_obj
  - Added property roles (array)
  - Added property roles_obj (array)

`PATCH` /events/rules/{pbm_uuid}/

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Changed property group_obj (object)
  
  Group Serializer
  
  New required properties:
  - roles_obj
  - Added property roles (array)
  - Added property roles_obj (array)

`DELETE` /outposts/instances/{uuid}/

Parameters:

Changed: uuid in path

A UUID string identifying this Outpost.

`GET` /outposts/instances/{uuid}/

Parameters:

Changed: uuid in path

A UUID string identifying this Outpost.

`PUT` /outposts/instances/{uuid}/

Parameters:

Changed: uuid in path

A UUID string identifying this Outpost.

`PATCH` /outposts/instances/{uuid}/

Parameters:

Changed: uuid in path

A UUID string identifying this Outpost.

`GET` /outposts/instances/{uuid}/used_by/

Parameters:

Changed: uuid in path

A UUID string identifying this Outpost.

`GET` /outposts/radius/

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Changed property results (array)
  
  Changed items (object): > RadiusProvider Serializer
  - Added property mfa_support (boolean)
    
    When enabled, code-based multi-factor authentication can be used by appending a semicolon and the TOTP code to the password. This should only be enabled if all users that will bind to this provider have a TOTP device configured, as otherwise a password may incorrectly be rejected if it contains a semicolon.

`GET` /policies/bindings/{policy_binding_uuid}/

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Added property failure_result (boolean)
  
  Result if the Policy execution fails.
- Changed property timeout (integer)
  
  Timeout after which Policy execution is terminated.
- Changed property group_obj (object)
  
  Group Serializer
  
  New required properties:
  - roles_obj
  - Added property roles (array)
  - Added property roles_obj (array)
- Changed property user_obj (object)
  
  User Serializer
  
  New required properties:
  - uuid
  - Added property uuid (string)

`PUT` /policies/bindings/{policy_binding_uuid}/

Request:

Changed content type : application/json

Added property failure_result (boolean)

Result if the Policy execution fails.
Changed property timeout (integer)

Timeout after which Policy execution is terminated.

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Added property failure_result (boolean)
  
  Result if the Policy execution fails.
- Changed property timeout (integer)
  
  Timeout after which Policy execution is terminated.
- Changed property group_obj (object)
  
  Group Serializer
  
  New required properties:
  - roles_obj
  - Added property roles (array)
  - Added property roles_obj (array)
- Changed property user_obj (object)
  
  User Serializer
  
  New required properties:
  - uuid
  - Added property uuid (string)

`PATCH` /policies/bindings/{policy_binding_uuid}/

Request:

Changed content type : application/json

Added property failure_result (boolean)

Result if the Policy execution fails.
Changed property timeout (integer)

Timeout after which Policy execution is terminated.

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Added property failure_result (boolean)
  
  Result if the Policy execution fails.
- Changed property timeout (integer)
  
  Timeout after which Policy execution is terminated.
- Changed property group_obj (object)
  
  Group Serializer
  
  New required properties:
  - roles_obj
  - Added property roles (array)
  - Added property roles_obj (array)
- Changed property user_obj (object)
  
  User Serializer
  
  New required properties:
  - uuid
  - Added property uuid (string)

`POST` /policies/event_matcher/

Request:

Changed content type : application/json

Changed property app (string)
- authentik.admin - authentik Admin
- authentik.api - authentik API
- authentik.crypto - authentik Crypto
- authentik.events - authentik Events
- authentik.flows - authentik Flows
- authentik.outposts - authentik Outpost
- authentik.policies.dummy - authentik Policies.Dummy
- authentik.policies.event_matcher - authentik Policies.Event Matcher
- authentik.policies.expiry - authentik Policies.Expiry
- authentik.policies.expression - authentik Policies.Expression
- authentik.policies.password - authentik Policies.Password
- authentik.policies.reputation - authentik Policies.Reputation
- authentik.policies - authentik Policies
- authentik.providers.ldap - authentik Providers.LDAP
- authentik.providers.oauth2 - authentik Providers.OAuth2
- authentik.providers.proxy - authentik Providers.Proxy
- authentik.providers.radius - authentik Providers.Radius
- authentik.providers.saml - authentik Providers.SAML
- authentik.providers.scim - authentik Providers.SCIM
- authentik.rbac - authentik RBAC
- authentik.recovery - authentik Recovery
- authentik.sources.ldap - authentik Sources.LDAP
- authentik.sources.oauth - authentik Sources.OAuth
- authentik.sources.plex - authentik Sources.Plex
- authentik.sources.saml - authentik Sources.SAML
- authentik.stages.authenticator - authentik Stages.Authenticator
- authentik.stages.authenticator_duo - authentik Stages.Authenticator.Duo
- authentik.stages.authenticator_sms - authentik Stages.Authenticator.SMS
- authentik.stages.authenticator_static - authentik Stages.Authenticator.Static
- authentik.stages.authenticator_totp - authentik Stages.Authenticator.TOTP
- authentik.stages.authenticator_validate - authentik Stages.Authenticator.Validate
- authentik.stages.authenticator_webauthn - authentik Stages.Authenticator.WebAuthn
- authentik.stages.captcha - authentik Stages.Captcha
- authentik.stages.consent - authentik Stages.Consent
- authentik.stages.deny - authentik Stages.Deny
- authentik.stages.dummy - authentik Stages.Dummy
- authentik.stages.email - authentik Stages.Email
- authentik.stages.identification - authentik Stages.Identification
- authentik.stages.invitation - authentik Stages.User Invitation
- authentik.stages.password - authentik Stages.Password
- authentik.stages.prompt - authentik Stages.Prompt
- authentik.stages.user_delete - authentik Stages.User Delete
- authentik.stages.user_login - authentik Stages.User Login
- authentik.stages.user_logout - authentik Stages.User Logout
- authentik.stages.user_write - authentik Stages.User Write
- authentik.tenants - authentik Tenants
- authentik.blueprints - authentik Blueprints
- authentik.core - authentik Core
- authentik.enterprise - authentik Enterprise
Added enum values:
- authentik.rbac
- authentik.stages.authenticator
Changed property model (string)
- authentik_crypto.certificatekeypair - Certificate-Key Pair
- authentik_events.event - Event
- authentik_events.notificationtransport - Notification Transport
- authentik_events.notification - Notification
- authentik_events.notificationrule - Notification Rule
- authentik_events.notificationwebhookmapping - Webhook Mapping
- authentik_flows.flow - Flow
- authentik_flows.flowstagebinding - Flow Stage Binding
- authentik_outposts.dockerserviceconnection - Docker Service-Connection
- authentik_outposts.kubernetesserviceconnection - Kubernetes Service-Connection
- authentik_outposts.outpost - Outpost
- authentik_policies_dummy.dummypolicy - Dummy Policy
- authentik_policies_event_matcher.eventmatcherpolicy - Event Matcher Policy
- authentik_policies_expiry.passwordexpirypolicy - Password Expiry Policy
- authentik_policies_expression.expressionpolicy - Expression Policy
- authentik_policies_password.passwordpolicy - Password Policy
- authentik_policies_reputation.reputationpolicy - Reputation Policy
- authentik_policies_reputation.reputation - Reputation Score
- authentik_policies.policybinding - Policy Binding
- authentik_providers_ldap.ldapprovider - LDAP Provider
- authentik_providers_oauth2.scopemapping - Scope Mapping
- authentik_providers_oauth2.oauth2provider - OAuth2/OpenID Provider
- authentik_providers_oauth2.authorizationcode - Authorization Code
- authentik_providers_oauth2.accesstoken - OAuth2 Access Token
- authentik_providers_oauth2.refreshtoken - OAuth2 Refresh Token
- authentik_providers_proxy.proxyprovider - Proxy Provider
- authentik_providers_radius.radiusprovider - Radius Provider
- authentik_providers_saml.samlprovider - SAML Provider
- authentik_providers_saml.samlpropertymapping - SAML Property Mapping
- authentik_providers_scim.scimprovider - SCIM Provider
- authentik_providers_scim.scimmapping - SCIM Mapping
- authentik_rbac.role - Role
- authentik_sources_ldap.ldapsource - LDAP Source
- authentik_sources_ldap.ldappropertymapping - LDAP Property Mapping
- authentik_sources_oauth.oauthsource - OAuth Source
- authentik_sources_oauth.useroauthsourceconnection - User OAuth Source Connection
- authentik_sources_plex.plexsource - Plex Source
- authentik_sources_plex.plexsourceconnection - User Plex Source Connection
- authentik_sources_saml.samlsource - SAML Source
- authentik_sources_saml.usersamlsourceconnection - User SAML Source Connection
- authentik_stages_authenticator_duo.authenticatorduostage - Duo Authenticator Setup Stage
- authentik_stages_authenticator_duo.duodevice - Duo Device
- authentik_stages_authenticator_sms.authenticatorsmsstage - SMS Authenticator Setup Stage
- authentik_stages_authenticator_sms.smsdevice - SMS Device
- authentik_stages_authenticator_static.authenticatorstaticstage - Static Authenticator Stage
- authentik_stages_authenticator_static.staticdevice - Static Device
- authentik_stages_authenticator_totp.authenticatortotpstage - TOTP Authenticator Setup Stage
- authentik_stages_authenticator_totp.totpdevice - TOTP Device
- authentik_stages_authenticator_validate.authenticatorvalidatestage - Authenticator Validation Stage
- authentik_stages_authenticator_webauthn.authenticatewebauthnstage - WebAuthn Authenticator Setup Stage
- authentik_stages_authenticator_webauthn.webauthndevice - WebAuthn Device
- authentik_stages_captcha.captchastage - Captcha Stage
- authentik_stages_consent.consentstage - Consent Stage
- authentik_stages_consent.userconsent - User Consent
- authentik_stages_deny.denystage - Deny Stage
- authentik_stages_dummy.dummystage - Dummy Stage
- authentik_stages_email.emailstage - Email Stage
- authentik_stages_identification.identificationstage - Identification Stage
- authentik_stages_invitation.invitationstage - Invitation Stage
- authentik_stages_invitation.invitation - Invitation
- authentik_stages_password.passwordstage - Password Stage
- authentik_stages_prompt.prompt - Prompt
- authentik_stages_prompt.promptstage - Prompt Stage
- authentik_stages_user_delete.userdeletestage - User Delete Stage
- authentik_stages_user_login.userloginstage - User Login Stage
- authentik_stages_user_logout.userlogoutstage - User Logout Stage
- authentik_stages_user_write.userwritestage - User Write Stage
- authentik_tenants.tenant - Tenant
- authentik_blueprints.blueprintinstance - Blueprint Instance
- authentik_core.group - Group
- authentik_core.user - User
- authentik_core.application - Application
- authentik_core.token - Token
- authentik_enterprise.license - License
Added enum values:
- authentik_rbac.role
- authentik_stages_authenticator_static.staticdevice
- authentik_stages_authenticator_totp.totpdevice
- authentik_enterprise.license

Return Type:

Changed response : 201 Created

Changed content type : application/json
- Changed property app (string)
  - authentik.admin - authentik Admin
  - authentik.api - authentik API
  - authentik.crypto - authentik Crypto
  - authentik.events - authentik Events
  - authentik.flows - authentik Flows
  - authentik.outposts - authentik Outpost
  - authentik.policies.dummy - authentik Policies.Dummy
  - authentik.policies.event_matcher - authentik Policies.Event Matcher
  - authentik.policies.expiry - authentik Policies.Expiry
  - authentik.policies.expression - authentik Policies.Expression
  - authentik.policies.password - authentik Policies.Password
  - authentik.policies.reputation - authentik Policies.Reputation
  - authentik.policies - authentik Policies
  - authentik.providers.ldap - authentik Providers.LDAP
  - authentik.providers.oauth2 - authentik Providers.OAuth2
  - authentik.providers.proxy - authentik Providers.Proxy
  - authentik.providers.radius - authentik Providers.Radius
  - authentik.providers.saml - authentik Providers.SAML
  - authentik.providers.scim - authentik Providers.SCIM
  - authentik.rbac - authentik RBAC
  - authentik.recovery - authentik Recovery
  - authentik.sources.ldap - authentik Sources.LDAP
  - authentik.sources.oauth - authentik Sources.OAuth
  - authentik.sources.plex - authentik Sources.Plex
  - authentik.sources.saml - authentik Sources.SAML
  - authentik.stages.authenticator - authentik Stages.Authenticator
  - authentik.stages.authenticator_duo - authentik Stages.Authenticator.Duo
  - authentik.stages.authenticator_sms - authentik Stages.Authenticator.SMS
  - authentik.stages.authenticator_static - authentik Stages.Authenticator.Static
  - authentik.stages.authenticator_totp - authentik Stages.Authenticator.TOTP
  - authentik.stages.authenticator_validate - authentik Stages.Authenticator.Validate
  - authentik.stages.authenticator_webauthn - authentik Stages.Authenticator.WebAuthn
  - authentik.stages.captcha - authentik Stages.Captcha
  - authentik.stages.consent - authentik Stages.Consent
  - authentik.stages.deny - authentik Stages.Deny
  - authentik.stages.dummy - authentik Stages.Dummy
  - authentik.stages.email - authentik Stages.Email
  - authentik.stages.identification - authentik Stages.Identification
  - authentik.stages.invitation - authentik Stages.User Invitation
  - authentik.stages.password - authentik Stages.Password
  - authentik.stages.prompt - authentik Stages.Prompt
  - authentik.stages.user_delete - authentik Stages.User Delete
  - authentik.stages.user_login - authentik Stages.User Login
  - authentik.stages.user_logout - authentik Stages.User Logout
  - authentik.stages.user_write - authentik Stages.User Write
  - authentik.tenants - authentik Tenants
  - authentik.blueprints - authentik Blueprints
  - authentik.core - authentik Core
  - authentik.enterprise - authentik Enterprise
  Added enum values:
  - authentik.rbac
  - authentik.stages.authenticator
- Changed property model (string)
  - authentik_crypto.certificatekeypair - Certificate-Key Pair
  - authentik_events.event - Event
  - authentik_events.notificationtransport - Notification Transport
  - authentik_events.notification - Notification
  - authentik_events.notificationrule - Notification Rule
  - authentik_events.notificationwebhookmapping - Webhook Mapping
  - authentik_flows.flow - Flow
  - authentik_flows.flowstagebinding - Flow Stage Binding
  - authentik_outposts.dockerserviceconnection - Docker Service-Connection
  - authentik_outposts.kubernetesserviceconnection - Kubernetes Service-Connection
  - authentik_outposts.outpost - Outpost
  - authentik_policies_dummy.dummypolicy - Dummy Policy
  - authentik_policies_event_matcher.eventmatcherpolicy - Event Matcher Policy
  - authentik_policies_expiry.passwordexpirypolicy - Password Expiry Policy
  - authentik_policies_expression.expressionpolicy - Expression Policy
  - authentik_policies_password.passwordpolicy - Password Policy
  - authentik_policies_reputation.reputationpolicy - Reputation Policy
  - authentik_policies_reputation.reputation - Reputation Score
  - authentik_policies.policybinding - Policy Binding
  - authentik_providers_ldap.ldapprovider - LDAP Provider
  - authentik_providers_oauth2.scopemapping - Scope Mapping
  - authentik_providers_oauth2.oauth2provider - OAuth2/OpenID Provider
  - authentik_providers_oauth2.authorizationcode - Authorization Code
  - authentik_providers_oauth2.accesstoken - OAuth2 Access Token
  - authentik_providers_oauth2.refreshtoken - OAuth2 Refresh Token
  - authentik_providers_proxy.proxyprovider - Proxy Provider
  - authentik_providers_radius.radiusprovider - Radius Provider
  - authentik_providers_saml.samlprovider - SAML Provider
  - authentik_providers_saml.samlpropertymapping - SAML Property Mapping
  - authentik_providers_scim.scimprovider - SCIM Provider
  - authentik_providers_scim.scimmapping - SCIM Mapping
  - authentik_rbac.role - Role
  - authentik_sources_ldap.ldapsource - LDAP Source
  - authentik_sources_ldap.ldappropertymapping - LDAP Property Mapping
  - authentik_sources_oauth.oauthsource - OAuth Source
  - authentik_sources_oauth.useroauthsourceconnection - User OAuth Source Connection
  - authentik_sources_plex.plexsource - Plex Source
  - authentik_sources_plex.plexsourceconnection - User Plex Source Connection
  - authentik_sources_saml.samlsource - SAML Source
  - authentik_sources_saml.usersamlsourceconnection - User SAML Source Connection
  - authentik_stages_authenticator_duo.authenticatorduostage - Duo Authenticator Setup Stage
  - authentik_stages_authenticator_duo.duodevice - Duo Device
  - authentik_stages_authenticator_sms.authenticatorsmsstage - SMS Authenticator Setup Stage
  - authentik_stages_authenticator_sms.smsdevice - SMS Device
  - authentik_stages_authenticator_static.authenticatorstaticstage - Static Authenticator Stage
  - authentik_stages_authenticator_static.staticdevice - Static Device
  - authentik_stages_authenticator_totp.authenticatortotpstage - TOTP Authenticator Setup Stage
  - authentik_stages_authenticator_totp.totpdevice - TOTP Device
  - authentik_stages_authenticator_validate.authenticatorvalidatestage - Authenticator Validation Stage
  - authentik_stages_authenticator_webauthn.authenticatewebauthnstage - WebAuthn Authenticator Setup Stage
  - authentik_stages_authenticator_webauthn.webauthndevice - WebAuthn Device
  - authentik_stages_captcha.captchastage - Captcha Stage
  - authentik_stages_consent.consentstage - Consent Stage
  - authentik_stages_consent.userconsent - User Consent
  - authentik_stages_deny.denystage - Deny Stage
  - authentik_stages_dummy.dummystage - Dummy Stage
  - authentik_stages_email.emailstage - Email Stage
  - authentik_stages_identification.identificationstage - Identification Stage
  - authentik_stages_invitation.invitationstage - Invitation Stage
  - authentik_stages_invitation.invitation - Invitation
  - authentik_stages_password.passwordstage - Password Stage
  - authentik_stages_prompt.prompt - Prompt
  - authentik_stages_prompt.promptstage - Prompt Stage
  - authentik_stages_user_delete.userdeletestage - User Delete Stage
  - authentik_stages_user_login.userloginstage - User Login Stage
  - authentik_stages_user_logout.userlogoutstage - User Logout Stage
  - authentik_stages_user_write.userwritestage - User Write Stage
  - authentik_tenants.tenant - Tenant
  - authentik_blueprints.blueprintinstance - Blueprint Instance
  - authentik_core.group - Group
  - authentik_core.user - User
  - authentik_core.application - Application
  - authentik_core.token - Token
  - authentik_enterprise.license - License
  Added enum values:
  - authentik_rbac.role
  - authentik_stages_authenticator_static.staticdevice
  - authentik_stages_authenticator_totp.totpdevice
  - authentik_enterprise.license

`GET` /policies/event_matcher/

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Changed property results (array)
  
  Changed items (object): > Event Matcher Policy Serializer
  - Changed property app (string)
    - authentik.admin - authentik Admin
    - authentik.api - authentik API
    - authentik.crypto - authentik Crypto
    - authentik.events - authentik Events
    - authentik.flows - authentik Flows
    - authentik.outposts - authentik Outpost
    - authentik.policies.dummy - authentik Policies.Dummy
    - authentik.policies.event_matcher - authentik Policies.Event Matcher
    - authentik.policies.expiry - authentik Policies.Expiry
    - authentik.policies.expression - authentik Policies.Expression
    - authentik.policies.password - authentik Policies.Password
    - authentik.policies.reputation - authentik Policies.Reputation
    - authentik.policies - authentik Policies
    - authentik.providers.ldap - authentik Providers.LDAP
    - authentik.providers.oauth2 - authentik Providers.OAuth2
    - authentik.providers.proxy - authentik Providers.Proxy
    - authentik.providers.radius - authentik Providers.Radius
    - authentik.providers.saml - authentik Providers.SAML
    - authentik.providers.scim - authentik Providers.SCIM
    - authentik.rbac - authentik RBAC
    - authentik.recovery - authentik Recovery
    - authentik.sources.ldap - authentik Sources.LDAP
    - authentik.sources.oauth - authentik Sources.OAuth
    - authentik.sources.plex - authentik Sources.Plex
    - authentik.sources.saml - authentik Sources.SAML
    - authentik.stages.authenticator - authentik Stages.Authenticator
    - authentik.stages.authenticator_duo - authentik Stages.Authenticator.Duo
    - authentik.stages.authenticator_sms - authentik Stages.Authenticator.SMS
    - authentik.stages.authenticator_static - authentik Stages.Authenticator.Static
    - authentik.stages.authenticator_totp - authentik Stages.Authenticator.TOTP
    - authentik.stages.authenticator_validate - authentik Stages.Authenticator.Validate
    - authentik.stages.authenticator_webauthn - authentik Stages.Authenticator.WebAuthn
    - authentik.stages.captcha - authentik Stages.Captcha
    - authentik.stages.consent - authentik Stages.Consent
    - authentik.stages.deny - authentik Stages.Deny
    - authentik.stages.dummy - authentik Stages.Dummy
    - authentik.stages.email - authentik Stages.Email
    - authentik.stages.identification - authentik Stages.Identification
    - authentik.stages.invitation - authentik Stages.User Invitation
    - authentik.stages.password - authentik Stages.Password
    - authentik.stages.prompt - authentik Stages.Prompt
    - authentik.stages.user_delete - authentik Stages.User Delete
    - authentik.stages.user_login - authentik Stages.User Login
    - authentik.stages.user_logout - authentik Stages.User Logout
    - authentik.stages.user_write - authentik Stages.User Write
    - authentik.tenants - authentik Tenants
    - authentik.blueprints - authentik Blueprints
    - authentik.core - authentik Core
    - authentik.enterprise - authentik Enterprise
    Added enum values:
    - authentik.rbac
    - authentik.stages.authenticator
  - Changed property model (string)
    - authentik_crypto.certificatekeypair - Certificate-Key Pair
    - authentik_events.event - Event
    - authentik_events.notificationtransport - Notification Transport
    - authentik_events.notification - Notification
    - authentik_events.notificationrule - Notification Rule
    - authentik_events.notificationwebhookmapping - Webhook Mapping
    - authentik_flows.flow - Flow
    - authentik_flows.flowstagebinding - Flow Stage Binding
    - authentik_outposts.dockerserviceconnection - Docker Service-Connection
    - authentik_outposts.kubernetesserviceconnection - Kubernetes Service-Connection
    - authentik_outposts.outpost - Outpost
    - authentik_policies_dummy.dummypolicy - Dummy Policy
    - authentik_policies_event_matcher.eventmatcherpolicy - Event Matcher Policy
    - authentik_policies_expiry.passwordexpirypolicy - Password Expiry Policy
    - authentik_policies_expression.expressionpolicy - Expression Policy
    - authentik_policies_password.passwordpolicy - Password Policy
    - authentik_policies_reputation.reputationpolicy - Reputation Policy
    - authentik_policies_reputation.reputation - Reputation Score
    - authentik_policies.policybinding - Policy Binding
    - authentik_providers_ldap.ldapprovider - LDAP Provider
    - authentik_providers_oauth2.scopemapping - Scope Mapping
    - authentik_providers_oauth2.oauth2provider - OAuth2/OpenID Provider
    - authentik_providers_oauth2.authorizationcode - Authorization Code
    - authentik_providers_oauth2.accesstoken - OAuth2 Access Token
    - authentik_providers_oauth2.refreshtoken - OAuth2 Refresh Token
    - authentik_providers_proxy.proxyprovider - Proxy Provider
    - authentik_providers_radius.radiusprovider - Radius Provider
    - authentik_providers_saml.samlprovider - SAML Provider
    - authentik_providers_saml.samlpropertymapping - SAML Property Mapping
    - authentik_providers_scim.scimprovider - SCIM Provider
    - authentik_providers_scim.scimmapping - SCIM Mapping
    - authentik_rbac.role - Role
    - authentik_sources_ldap.ldapsource - LDAP Source
    - authentik_sources_ldap.ldappropertymapping - LDAP Property Mapping
    - authentik_sources_oauth.oauthsource - OAuth Source
    - authentik_sources_oauth.useroauthsourceconnection - User OAuth Source Connection
    - authentik_sources_plex.plexsource - Plex Source
    - authentik_sources_plex.plexsourceconnection - User Plex Source Connection
    - authentik_sources_saml.samlsource - SAML Source
    - authentik_sources_saml.usersamlsourceconnection - User SAML Source Connection
    - authentik_stages_authenticator_duo.authenticatorduostage - Duo Authenticator Setup Stage
    - authentik_stages_authenticator_duo.duodevice - Duo Device
    - authentik_stages_authenticator_sms.authenticatorsmsstage - SMS Authenticator Setup Stage
    - authentik_stages_authenticator_sms.smsdevice - SMS Device
    - authentik_stages_authenticator_static.authenticatorstaticstage - Static Authenticator Stage
    - authentik_stages_authenticator_static.staticdevice - Static Device
    - authentik_stages_authenticator_totp.authenticatortotpstage - TOTP Authenticator Setup Stage
    - authentik_stages_authenticator_totp.totpdevice - TOTP Device
    - authentik_stages_authenticator_validate.authenticatorvalidatestage - Authenticator Validation Stage
    - authentik_stages_authenticator_webauthn.authenticatewebauthnstage - WebAuthn Authenticator Setup Stage
    - authentik_stages_authenticator_webauthn.webauthndevice - WebAuthn Device
    - authentik_stages_captcha.captchastage - Captcha Stage
    - authentik_stages_consent.consentstage - Consent Stage
    - authentik_stages_consent.userconsent - User Consent
    - authentik_stages_deny.denystage - Deny Stage
    - authentik_stages_dummy.dummystage - Dummy Stage
    - authentik_stages_email.emailstage - Email Stage
    - authentik_stages_identification.identificationstage - Identification Stage
    - authentik_stages_invitation.invitationstage - Invitation Stage
    - authentik_stages_invitation.invitation - Invitation
    - authentik_stages_password.passwordstage - Password Stage
    - authentik_stages_prompt.prompt - Prompt
    - authentik_stages_prompt.promptstage - Prompt Stage
    - authentik_stages_user_delete.userdeletestage - User Delete Stage
    - authentik_stages_user_login.userloginstage - User Login Stage
    - authentik_stages_user_logout.userlogoutstage - User Logout Stage
    - authentik_stages_user_write.userwritestage - User Write Stage
    - authentik_tenants.tenant - Tenant
    - authentik_blueprints.blueprintinstance - Blueprint Instance
    - authentik_core.group - Group
    - authentik_core.user - User
    - authentik_core.application - Application
    - authentik_core.token - Token
    - authentik_enterprise.license - License
    Added enum values:
    - authentik_rbac.role
    - authentik_stages_authenticator_static.staticdevice
    - authentik_stages_authenticator_totp.totpdevice
    - authentik_enterprise.license

`POST` /providers/radius/

Request:

Changed content type : application/json

Added property mfa_support (boolean)

When enabled, code-based multi-factor authentication can be used by appending a semicolon and the TOTP code to the password. This should only be enabled if all users that will bind to this provider have a TOTP device configured, as otherwise a password may incorrectly be rejected if it contains a semicolon.

Return Type:

Changed response : 201 Created

Changed content type : application/json
- Added property mfa_support (boolean)
  
  When enabled, code-based multi-factor authentication can be used by appending a semicolon and the TOTP code to the password. This should only be enabled if all users that will bind to this provider have a TOTP device configured, as otherwise a password may incorrectly be rejected if it contains a semicolon.

`GET` /providers/radius/

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Changed property results (array)
  
  Changed items (object): > RadiusProvider Serializer
  - Added property mfa_support (boolean)
    
    When enabled, code-based multi-factor authentication can be used by appending a semicolon and the TOTP code to the password. This should only be enabled if all users that will bind to this provider have a TOTP device configured, as otherwise a password may incorrectly be rejected if it contains a semicolon.

`GET` /providers/saml/{id}/

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Added property default_relay_state (string)
  
  Default relay_state value for IDP-initiated logins

`PUT` /providers/saml/{id}/

Request:

Changed content type : application/json

Added property default_relay_state (string)

Default relay_state value for IDP-initiated logins

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Added property default_relay_state (string)
  
  Default relay_state value for IDP-initiated logins

`PATCH` /providers/saml/{id}/

Request:

Changed content type : application/json

Added property default_relay_state (string)

Default relay_state value for IDP-initiated logins

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Added property default_relay_state (string)
  
  Default relay_state value for IDP-initiated logins

`GET` /sources/oauth/{slug}/

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Changed property type (object)
  
  Serializer for SourceType
  
  New required properties:
  - oidc_jwks_url
  - oidc_well_known_url
  - Added property oidc_well_known_url (string)
  - Added property oidc_jwks_url (string)

`PUT` /sources/oauth/{slug}/

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Changed property type (object)
  
  Serializer for SourceType
  
  New required properties:
  - oidc_jwks_url
  - oidc_well_known_url
  - Added property oidc_well_known_url (string)
  - Added property oidc_jwks_url (string)

`PATCH` /sources/oauth/{slug}/

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Changed property type (object)
  
  Serializer for SourceType
  
  New required properties:
  - oidc_jwks_url
  - oidc_well_known_url
  - Added property oidc_well_known_url (string)
  - Added property oidc_jwks_url (string)

`POST` /core/groups/

Request:

Changed content type : application/json

Added property roles (array)

Return Type:

Changed response : 201 Created

Changed content type : application/json

New required properties:
- roles_obj
- Added property roles (array)
- Added property roles_obj (array)

`GET` /core/groups/

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Changed property results (array)
  
  Changed items (object): > Group Serializer
  
  New required properties:
  - roles_obj
  - Added property roles (array)
  - Added property roles_obj (array)

`POST` /core/tokens/

Return Type:

Changed response : 201 Created

Changed content type : application/json
- Changed property user_obj (object)
  
  User Serializer
  
  New required properties:
  - uuid
  - Added property uuid (string)

`GET` /core/tokens/

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Changed property results (array)
  
  Changed items (object): > Token Serializer
  - Changed property user_obj (object)
    
    User Serializer
    
    New required properties:
    - uuid
    - Added property uuid (string)

`GET` /core/user_consent/{id}/

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Changed property user (object)
  
  User Serializer
  
  New required properties:
  - uuid
  - Added property uuid (string)

`POST` /core/users/

Return Type:

Changed response : 201 Created

Changed content type : application/json

New required properties:
- uuid
- Added property uuid (string)

`GET` /core/users/

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Changed property results (array)
  
  Changed items (object): > User Serializer
  
  New required properties:
  - uuid
  - Added property uuid (string)

`GET` /core/users/me/

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Changed property user (object)
  
  User Serializer for information a user can retrieve about themselves
  
  New required properties:
  - system_permissions
  - Added property system_permissions (array)
    
    Get all system permissions assigned to the user
    
    Items (string):

`POST` /events/rules/

Return Type:

Changed response : 201 Created

Changed content type : application/json
- Changed property group_obj (object)
  
  Group Serializer
  
  New required properties:
  - roles_obj
  - Added property roles (array)
  - Added property roles_obj (array)

`GET` /events/rules/

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Changed property results (array)
  
  Changed items (object): > NotificationRule Serializer
  - Changed property group_obj (object)
    
    Group Serializer
    
    New required properties:
    - roles_obj
    - Added property roles (array)
    - Added property roles_obj (array)

`GET` /oauth2/access_tokens/{id}/

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Changed property user (object)
  
  User Serializer
  
  New required properties:
  - uuid
  - Added property uuid (string)

`GET` /oauth2/authorization_codes/{id}/

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Changed property user (object)
  
  User Serializer
  
  New required properties:
  - uuid
  - Added property uuid (string)

`GET` /oauth2/refresh_tokens/{id}/

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Changed property user (object)
  
  User Serializer
  
  New required properties:
  - uuid
  - Added property uuid (string)

`POST` /policies/bindings/

Request:

Changed content type : application/json

Added property failure_result (boolean)

Result if the Policy execution fails.
Changed property timeout (integer)

Timeout after which Policy execution is terminated.

Return Type:

Changed response : 201 Created

Changed content type : application/json
- Added property failure_result (boolean)
  
  Result if the Policy execution fails.
- Changed property timeout (integer)
  
  Timeout after which Policy execution is terminated.
- Changed property group_obj (object)
  
  Group Serializer
  
  New required properties:
  - roles_obj
  - Added property roles (array)
  - Added property roles_obj (array)
- Changed property user_obj (object)
  
  User Serializer
  
  New required properties:
  - uuid
  - Added property uuid (string)

`GET` /policies/bindings/

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Changed property results (array)
  
  Changed items (object): > PolicyBinding Serializer
  - Added property failure_result (boolean)
    
    Result if the Policy execution fails.
  - Changed property timeout (integer)
    
    Timeout after which Policy execution is terminated.
  - Changed property group_obj (object)
    
    Group Serializer
    
    New required properties:
    - roles_obj
    - Added property roles (array)
    - Added property roles_obj (array)
  - Changed property user_obj (object)
    
    User Serializer
    
    New required properties:
    - uuid
    - Added property uuid (string)

`POST` /providers/saml/

Request:

Changed content type : application/json

Added property default_relay_state (string)

Default relay_state value for IDP-initiated logins

Return Type:

Changed response : 201 Created

Changed content type : application/json
- Added property default_relay_state (string)
  
  Default relay_state value for IDP-initiated logins

`GET` /providers/saml/

Parameters:

Added: default_relay_state in query

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Changed property results (array)
  
  Changed items (object): > SAMLProvider Serializer
  - Added property default_relay_state (string)
    
    Default relay_state value for IDP-initiated logins

`POST` /sources/oauth/

Return Type:

Changed response : 201 Created

Changed content type : application/json
- Changed property type (object)
  
  Serializer for SourceType
  
  New required properties:
  - oidc_jwks_url
  - oidc_well_known_url
  - Added property oidc_well_known_url (string)
  - Added property oidc_jwks_url (string)

`GET` /sources/oauth/

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Changed property results (array)
  
  Changed items (object): > OAuth Source Serializer
  - Changed property type (object)
    
    Serializer for SourceType
    
    New required properties:
    - oidc_jwks_url
    - oidc_well_known_url
    - Added property oidc_well_known_url (string)
    - Added property oidc_jwks_url (string)

`GET` /stages/authenticator/sms/{stage_uuid}/

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Changed property verify_only (boolean)
  
  When enabled, the Phone number is only used during enrollment to verify the users authenticity. Only a hash of the phone number is saved to ensure it is not reused in the future.

`PUT` /stages/authenticator/sms/{stage_uuid}/

Request:

Changed content type : application/json

Changed property verify_only (boolean)

When enabled, the Phone number is only used during enrollment to verify the users authenticity. Only a hash of the phone number is saved to ensure it is not reused in the future.

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Changed property verify_only (boolean)
  
  When enabled, the Phone number is only used during enrollment to verify the users authenticity. Only a hash of the phone number is saved to ensure it is not reused in the future.

`PATCH` /stages/authenticator/sms/{stage_uuid}/

Request:

Changed content type : application/json

Changed property verify_only (boolean)

When enabled, the Phone number is only used during enrollment to verify the users authenticity. Only a hash of the phone number is saved to ensure it is not reused in the future.

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Changed property verify_only (boolean)
  
  When enabled, the Phone number is only used during enrollment to verify the users authenticity. Only a hash of the phone number is saved to ensure it is not reused in the future.

`GET` /stages/deny/{stage_uuid}/

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Added property deny_message (string)

`PUT` /stages/deny/{stage_uuid}/

Request:

Changed content type : application/json

Added property deny_message (string)

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Added property deny_message (string)

`PATCH` /stages/deny/{stage_uuid}/

Request:

Changed content type : application/json

Added property deny_message (string)

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Added property deny_message (string)

`GET` /core/user_consent/

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Changed property results (array)
  
  Changed items (object): > UserConsent Serializer
  - Changed property user (object)
    
    User Serializer
    
    New required properties:
    - uuid
    - Added property uuid (string)

`GET` /oauth2/access_tokens/

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Changed property results (array)
  
  Changed items (object): > Serializer for BaseGrantModel and RefreshToken
  - Changed property user (object)
    
    User Serializer
    
    New required properties:
    - uuid
    - Added property uuid (string)

`GET` /oauth2/authorization_codes/

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Changed property results (array)
  
  Changed items (object): > Serializer for BaseGrantModel and ExpiringBaseGrant
  - Changed property user (object)
    
    User Serializer
    
    New required properties:
    - uuid
    - Added property uuid (string)

`GET` /oauth2/refresh_tokens/

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Changed property results (array)
  
  Changed items (object): > Serializer for BaseGrantModel and RefreshToken
  - Changed property user (object)
    
    User Serializer
    
    New required properties:
    - uuid
    - Added property uuid (string)

`POST` /stages/authenticator/sms/

Request:

Changed content type : application/json

Changed property verify_only (boolean)

When enabled, the Phone number is only used during enrollment to verify the users authenticity. Only a hash of the phone number is saved to ensure it is not reused in the future.

Return Type:

Changed response : 201 Created

Changed content type : application/json
- Changed property verify_only (boolean)
  
  When enabled, the Phone number is only used during enrollment to verify the users authenticity. Only a hash of the phone number is saved to ensure it is not reused in the future.

`GET` /stages/authenticator/sms/

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Changed property results (array)
  
  Changed items (object): > AuthenticatorSMSStage Serializer
  - Changed property verify_only (boolean)
    
    When enabled, the Phone number is only used during enrollment to verify the users authenticity. Only a hash of the phone number is saved to ensure it is not reused in the future.

`POST` /stages/deny/

Request:

Changed content type : application/json

Added property deny_message (string)

Return Type:

Changed response : 201 Created

Changed content type : application/json
- Added property deny_message (string)

`GET` /stages/deny/

Parameters:

Added: deny_message in query

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Changed property results (array)
  
  Changed items (object): > DenyStage Serializer
  - Added property deny_message (string)

Breaking changes

New features

Upgrading

docker-compose

Kubernetes

Minor changes/fixes

Fixed in 2023.10.1

Fixed in 2023.10.2

Fixed in 2023.10.3

Fixed in 2023.10.4

Fixed in 2023.10.5

Fixed in 2023.10.6

Fixed in 2023.10.7

API Changes

What's New

PUT /core/transactional/applications/

GET /rbac/permissions/

GET /rbac/permissions/{id}/

GET /rbac/permissions/assigned_by_roles/

POST /rbac/permissions/assigned_by_roles/{uuid}/assign/

PATCH /rbac/permissions/assigned_by_roles/{uuid}/unassign/

GET /rbac/permissions/assigned_by_users/

POST /rbac/permissions/assigned_by_users/{id}/assign/

PATCH /rbac/permissions/assigned_by_users/{id}/unassign/

GET /rbac/permissions/roles/

GET /rbac/permissions/users/

GET /rbac/roles/

POST /rbac/roles/

GET /rbac/roles/{uuid}/

PUT /rbac/roles/{uuid}/

DELETE /rbac/roles/{uuid}/

PATCH /rbac/roles/{uuid}/

GET /rbac/roles/{uuid}/used_by/

What's Changed

GET /authenticators/admin/totp/{id}/

Parameters:

PUT /authenticators/admin/totp/{id}/

Parameters:

DELETE /authenticators/admin/totp/{id}/

Parameters:

PATCH /authenticators/admin/totp/{id}/

Parameters:

GET /authenticators/totp/{id}/

Parameters:

PUT /authenticators/totp/{id}/

Parameters:

DELETE /authenticators/totp/{id}/

Parameters:

PATCH /authenticators/totp/{id}/

Parameters:

POST /core/groups/{group_uuid}/add_user/

Parameters:

POST /core/groups/{group_uuid}/remove_user/

Parameters:

GET /enterprise/license/{license_uuid}/

Parameters:

PUT /enterprise/license/{license_uuid}/

Parameters:

DELETE /enterprise/license/{license_uuid}/

Parameters:

PATCH /enterprise/license/{license_uuid}/

Parameters:

GET /outposts/instances/{uuid}/health/

Parameters:

GET /outposts/radius/{id}/

Return Type:

GET /policies/event_matcher/{policy_uuid}/

Return Type:

PUT /policies/event_matcher/{policy_uuid}/

Request:

Return Type:

PATCH /policies/event_matcher/{policy_uuid}/

Request:

Return Type:

GET /providers/radius/{id}/

Return Type:

PUT /providers/radius/{id}/

Request:

Return Type:

`PUT` /core/transactional/applications/

`GET` /rbac/permissions/

`GET` /rbac/permissions/{id}/

`GET` /rbac/permissions/assigned_by_roles/

`POST` /rbac/permissions/assigned_by_roles/{uuid}/assign/

`PATCH` /rbac/permissions/assigned_by_roles/{uuid}/unassign/

`GET` /rbac/permissions/assigned_by_users/

`POST` /rbac/permissions/assigned_by_users/{id}/assign/

`PATCH` /rbac/permissions/assigned_by_users/{id}/unassign/

`GET` /rbac/permissions/roles/

`GET` /rbac/permissions/users/

`GET` /rbac/roles/

`POST` /rbac/roles/

`GET` /rbac/roles/{uuid}/

`PUT` /rbac/roles/{uuid}/

`DELETE` /rbac/roles/{uuid}/

`PATCH` /rbac/roles/{uuid}/

`GET` /rbac/roles/{uuid}/used_by/

`GET` /authenticators/admin/totp/{id}/

`PUT` /authenticators/admin/totp/{id}/

`DELETE` /authenticators/admin/totp/{id}/

`PATCH` /authenticators/admin/totp/{id}/

`GET` /authenticators/totp/{id}/

`PUT` /authenticators/totp/{id}/

`DELETE` /authenticators/totp/{id}/

`PATCH` /authenticators/totp/{id}/

`POST` /core/groups/{group_uuid}/add_user/

`POST` /core/groups/{group_uuid}/remove_user/

`GET` /enterprise/license/{license_uuid}/

`PUT` /enterprise/license/{license_uuid}/

`DELETE` /enterprise/license/{license_uuid}/

`PATCH` /enterprise/license/{license_uuid}/

`GET` /outposts/instances/{uuid}/health/

`GET` /outposts/radius/{id}/

`GET` /policies/event_matcher/{policy_uuid}/

`PUT` /policies/event_matcher/{policy_uuid}/

`PATCH` /policies/event_matcher/{policy_uuid}/

`GET` /providers/radius/{id}/

`PUT` /providers/radius/{id}/

`PATCH` /providers/radius/{id}/

`GET` /sources/oauth/source_types/

`DELETE` /authenticators/admin/static/{id}/

`GET` /authenticators/admin/static/{id}/

`PUT` /authenticators/admin/static/{id}/

`PATCH` /authenticators/admin/static/{id}/

`DELETE` /authenticators/static/{id}/

`GET` /authenticators/static/{id}/

`PUT` /authenticators/static/{id}/

`PATCH` /authenticators/static/{id}/

`GET` /authenticators/static/{id}/used_by/

`GET` /authenticators/totp/{id}/used_by/

`DELETE` /core/groups/{group_uuid}/

`GET` /core/groups/{group_uuid}/

`PUT` /core/groups/{group_uuid}/

`PATCH` /core/groups/{group_uuid}/

`GET` /core/groups/{group_uuid}/used_by/

`GET` /core/tokens/{identifier}/

`PUT` /core/tokens/{identifier}/

`PATCH` /core/tokens/{identifier}/

`GET` /core/users/{id}/

`PUT` /core/users/{id}/

`PATCH` /core/users/{id}/

`GET` /enterprise/license/{license_uuid}/used_by/

`GET` /events/rules/{pbm_uuid}/

`PUT` /events/rules/{pbm_uuid}/

`PATCH` /events/rules/{pbm_uuid}/

`DELETE` /outposts/instances/{uuid}/

`GET` /outposts/instances/{uuid}/

`PUT` /outposts/instances/{uuid}/

`PATCH` /outposts/instances/{uuid}/

`GET` /outposts/instances/{uuid}/used_by/