Release 2024.10

Highlights

• Chrome Device Trust :ak-enterprise :ak-preview : Verify that your users are logging in from managed devices and validate the devices' compliance with company policies.
• FIPS/FAL3 for FedRAMP "very high" compliance :ak-enterprise : with support for SAML encryption and now JWE (JSON Web Encryption) support, authentik can now be configured for FIPS compliance at Federation Assurance Level (FAL) 3.
• Captcha on Identification stage: Run a CAPTCHA process in the background while the user is entering their identification.
• Kerberos source: authentik can now integrate with existing Kerberos environments by allowing users to log in with their Kerberos credentials, SPNEGO, or syncing users into authentik.

Breaking changes

We have no breaking changes this release!

New features

• Chrome Device Trust :ak-enterprise :ak-preview

  This is a new stage for Enterprise clients that verifies the user through the Chrome Verified Access API. This stage only works with Google Chrome. You'll need to bring your own Verified Access API instance via Google Cloud.

• JWE support for OAuth

  You can now configure JSON Web Encryption with the OAuth 2.0 Provider, which will encrypt all the tokens created by authentik, using the configured encryption key.

• Captcha on identification stage

  We've added an optional Captcha stage baked into an Identification stage to run in the background while the user inputs their information. Using this will hopefully result in lower total time per flow for the end user.

• Invalidation flows for providers

  The sign-out experience when the session in an application ends can be configured now. Previously where this was always a static page, any flow can be used now. This can be used for additional validation, or redirecting the user to a custom URL.

• Autoselect 2FA device

  Users who configure multiple 2FA devices will now land on their last used device's prompt, skipping the device picker. This should result in lower total average time per flow for the end user.

• New structure for authentik's technical documentation

  We've restructured the documentation in authentik to be more task-based, with sections, titles, and headings that follow the workflow of installing, configuring, and using the product. Previously, our docs were organized by components. This new focus on tasks increases findability within the Table of Contents, and provide a high-level guide of the typical workflows with authentik.

Upgrading

This release does not introduce any new requirements. You can follow the upgrade instructions below; for more detailed information about upgrading authentik, refer to our Upgrade documentation.

:::warning When you upgrade, be aware that the version of the authentik instance and of any outposts must be the same. We recommended that you always upgrade any outposts at the same time you upgrade your authentik instance. :::

Docker Compose

To upgrade, download the new docker-compose file and update the Docker stack with the new version, using these commands:

wget -O docker-compose.yml https://goauthentik.io/version/2024.10/docker-compose.yml
docker compose up -d

The -O flag retains the downloaded file's name, overwriting any existing local file with the same name.

Kubernetes

Upgrade the Helm Chart to the new version, using the following commands:

helm repo update
helm upgrade authentik authentik/authentik -f values.yaml --version ^2024.10

Minor changes/fixes

• *: fix deprecated calls to sentry start_span (#11655)
• admin: refactor update check (#11272)
• admin: store version history (#11520)
• blueprints: fix validation error when using internal storage (#11654)
• core: ensure all providers have correct priority (#11280)
• core: ensure proxy provider is correctly looked up (#11267)
• core: extract object matching from flow manager (#11458)
• core: fix change_user_type always requiring usernames (#11177)
• core: fix missing argument name escaping for property mapping (#11231)
• core: fix permission check for scoped impersonation (#11315)
• core: fix permission check for scoped impersonation (#11603)
• enterprise: fix API mixin license validity check (#11331)
• enterprise: fix incorrect comparison for latest validity date (#11109)
• enterprise: show specific error if Install ID is invalid in license (#11317)
• events: always use expiry from current tenant for events, not only when creating from HTTP request (#11415)
• events: optimize marking events as seen (#11297)
• fix: proxy provider - docker traefik label (#11460)
• flows: include Outpost instance in flow context and save in login event (#11318)
• flows: provider invalidation (#5048)
• internal: fix go paginator not setting page correctly (#11253)
• internal: restore /ping behaviour for embedded outpost (#11568)
• policies/event_matcher: fix inconsistent behaviour (#11724)
• providers/ldap: fix incorrect permission check for search access (#11217)
• providers/ldap: fix migration assuming search group is set (#11170)
• providers/ldap: rework search_group migration to work with read replicas (#11228)
• providers/oauth2: add indexes on tokens (#11524)
• providers/oauth2: add initial JWE support (#11344)
• providers/oauth2: audit_ignore last_login change for generated service account (#11085)
• providers/oauth2: don't overwrite attributes when updating service account (#11709)
• providers/oauth2: improve indexes on tokens (#11543)
• providers/proxy: fix URL path getting lost when partial URL is given to rd= (#11354)
• providers/proxy: fix panic, keep session storages open (#11439)
• providers/saml: fix incorrect ds:Reference URI (#11699)
• providers/scim: add option to ignore SCIM server cert (#11437)
• root: fix ensure `outpost_connection_discovery runs on worker startup (#11260)
• schemas: fix XML Schema loading...for some reason?
• security: fix CVE-2024-47070 (#11536)
• security: fix CVE-2024-47077 (#11535)
• sources/ldap: fix mapping check, fix debug endpoint (#11442)
• sources/ldap: fix missing search attribute (#11125)
• sources/ldap: fix ms_ad userAccountControl not checking for lockout (#11532)
• sources/saml: fix NameIDFormat descriptor in metadata generation (#11614)
• stages/authenticator: use RBAC for devices API (#11482)
• stages/identification: dynamically find login challenges (#11571)
• stages/password: add error message when exceeding maximum tries (#11679)
• tests/e2e: add forward auth e2e test (#11374)
• web/admin: display webauthn device type (#11481)
• web/admin: fix Authentication flow being required (#11496)
• web/admin: fix duplicate flow labels (#11689)
• web/admin: fix error in Outpost creation form (#11173)
• web/admin: fix invalid create date shown for MFA registered before date was saved (#11728)
• web/admin: fix misc dual select on different forms (#11203)
• web/admin: fix missing Sync object button SCIM Provider (#11211)
• web/admin: fix notification property mapping forms (#11298)
• web/admin: fix sync single button throwing error (#11727)
• web/admin: improve error handling (#11212)
• web/users: show - if device was registered before we started saving the time (#11256)
• web: Adjust Wdio MaxInstances, add Knip (#11089)
• web: Fix css loading in unit tests, remove unneeded dot paths (#11629)
• web: add missing id attribute for button in ak-flow-input-password (#11413)
• web: audit and update package.json and associated test harness, with upgrade to WebdriverIO 9 (#11596)
• web: fix dual-select with dynamic selection (#11133)
• web: fix e2e tests to work with latest WebdriverIO and authentik 2024.8 (#11105)
• web: fix readonly fields appearing white in dark theme (#11271)
• web: provide simple tables for API-less displays (#11028)
• web: provide storybook demos and docs for existing tests (#11651)
• web: revert lockfile lint, re-add integrity (#11380)
• web: small fixes for elements and forms (#11546)

Fixed in 2024.10.1

• core: add None check to a device's extra_description (cherry-pick #11904) (#11906)
• enterprise/rac: fix API Schema for invalidation_flow (cherry-pick #11907) (#11908)
• providers/oauth2: fix size limited index for tokens (cherry-pick #11879) (#11905)
• web: fix missing status code on failed build (#11903)

Fixed in 2024.10.2

• blueprints: add default Password policy (cherry-pick #11793) (#11993)
• core: use versioned_script for path only (cherry-pick #12003) (#12023)
• crypto: validate that generated certificate's name is unique (cherry-pick #12015) (#12016)
• providers/oauth2: fix manual device code entry (cherry-pick #12017) (#12019)
• providers/proxy: fix Issuer when AUTHENTIK_HOST_BROWSER is set (cherry-pick #11968) (#12005)
• stages/captcha: Run interactive captcha in Frame (cherry-pick #11857) (#11991)
• stages/password: use recovery flow from brand (cherry-pick #11953) (#11969)
• web: bump API Client version (#11992)

Fixed in 2024.10.3

• core: fix source_flow_manager throwing error when authenticated user attempts to re-authenticate with existing link (cherry-pick #12080) (#12081)
• internal: add CSP header to files in /media (cherry-pick #12092) (#12108)
• providers/ldap: fix global search_full_directory permission not being sufficient (cherry-pick #12028) (#12030)
• providers/scim: accept string and int for SCIM IDs (cherry-pick #12093) (#12095)
• rbac: fix incorrect object_description for object-level permissions (cherry-pick #12029) (#12043)
• root: check remote IP for proxy protocol same as HTTP/etc (cherry-pick #12094) (#12097)
• root: fix activation of locale not being scoped (cherry-pick #12091) (#12096)
• security: fix CVE-2024-52287, reported by @matt1097 (#12117)
• security: fix CVE-2024-52289, reported by @PontusHanssen (#12113)
• security: fix CVE-2024-52307, reported by @mgerstner (#12115)
• web/admin: better footer links (#12004)
• web/flows: fix invisible captcha call (cherry-pick #12048) (#12049)
• website/docs: add CSP to hardening (cherry-pick #11970) (#12116)

Fixed in 2024.10.4

• providers/oauth2: fix migration (cherry-pick #12138) (#12139)
• providers/oauth2: fix migration dependencies (cherry-pick #12123) (#12132)
• providers/oauth2: fix redirect uri input (cherry-pick #12122) (#12127)
• providers/proxy: fix redirect_uri (cherry-pick #12121) (#12125)

Fixed in 2024.10.5

• enterprise: allow deletion/modification of users when in read-only mode (#12289)
• enterprise/stages/authenticator_endpoint_gdtc: don't set frame options globally (cherry-pick #12311) (#12315)
• flows: better test stage's challenge responses (cherry-pick #12316) (#12317)
• root: fix database ssl options not set correctly (cherry-pick #12180) (#12183)
• stages/identification: fix invalid challenge warning when no captcha stage is set (cherry-pick #12312) (#12314)
• web: backport fix impersonate api (#12184)
• web/flows: resize captcha iframes (cherry-pick #12260) (#12304)

API Changes

API Changes in 2024.10.0

What's New

GET /admin/version/history/

GET /admin/version/history/{id}/

GET /authenticators/admin/endpoint/

POST /authenticators/admin/endpoint/

GET /authenticators/admin/endpoint/{uuid}/

PUT /authenticators/admin/endpoint/{uuid}/

DELETE /authenticators/admin/endpoint/{uuid}/

PATCH /authenticators/admin/endpoint/{uuid}/

GET /authenticators/endpoint/

GET /authenticators/endpoint/{uuid}/

GET /authenticators/endpoint/{uuid}/used_by/

GET /propertymappings/source/kerberos/

POST /propertymappings/source/kerberos/

GET /propertymappings/source/kerberos/{pm_uuid}/

PUT /propertymappings/source/kerberos/{pm_uuid}/

DELETE /propertymappings/source/kerberos/{pm_uuid}/

PATCH /propertymappings/source/kerberos/{pm_uuid}/

GET /propertymappings/source/kerberos/{pm_uuid}/used_by/

GET /sources/group_connections/kerberos/

GET /sources/group_connections/kerberos/{id}/

PUT /sources/group_connections/kerberos/{id}/

DELETE /sources/group_connections/kerberos/{id}/

PATCH /sources/group_connections/kerberos/{id}/

GET /sources/group_connections/kerberos/{id}/used_by/

GET /sources/kerberos/

POST /sources/kerberos/

GET /sources/kerberos/{slug}/

PUT /sources/kerberos/{slug}/

DELETE /sources/kerberos/{slug}/

PATCH /sources/kerberos/{slug}/

GET /sources/kerberos/{slug}/sync/status/

GET /sources/kerberos/{slug}/used_by/

GET /sources/user_connections/kerberos/

POST /sources/user_connections/kerberos/

GET /sources/user_connections/kerberos/{id}/

PUT /sources/user_connections/kerberos/{id}/

DELETE /sources/user_connections/kerberos/{id}/

PATCH /sources/user_connections/kerberos/{id}/

GET /sources/user_connections/kerberos/{id}/used_by/

GET /stages/authenticator/endpoint_gdtc/

POST /stages/authenticator/endpoint_gdtc/

GET /stages/authenticator/endpoint_gdtc/{stage_uuid}/

PUT /stages/authenticator/endpoint_gdtc/{stage_uuid}/

DELETE /stages/authenticator/endpoint_gdtc/{stage_uuid}/

PATCH /stages/authenticator/endpoint_gdtc/{stage_uuid}/

GET /stages/authenticator/endpoint_gdtc/{stage_uuid}/used_by/

What's Changed

GET /authenticators/admin/all/

Return Type:

Changed response : 200 OK

• Changed content type : application/json

  Changed items (object): > Serializer for Duo authenticator devices

  New required properties:

  • extra_description

  • Added property extra_description (string)

    Get extra description

  • Changed property pk (integer -> string)

GET /authenticators/all/

Return Type:

Changed response : 200 OK

• Changed content type : application/json

  Changed items (object): > Serializer for Duo authenticator devices

  New required properties:

  • extra_description

  • Added property extra_description (string)

    Get extra description

  • Changed property pk (integer -> string)

GET /policies/event_matcher/{policy_uuid}/

Return Type:

Changed response : 200 OK

• Changed content type : application/json

  • Changed property app (string)

    Match events created by selected application. When left empty, all applications are matched.

    Added enum values:

    • authentik.sources.kerberos
    • authentik.enterprise.stages.authenticator_endpoint_gdtc

  • Changed property model (string)

    Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched.

    Added enum values:

    • authentik_sources_kerberos.kerberossource
    • authentik_sources_kerberos.kerberossourcepropertymapping
    • authentik_sources_kerberos.userkerberossourceconnection
    • authentik_sources_kerberos.groupkerberossourceconnection
    • authentik_stages_authenticator_endpoint_gdtc.authenticatorendpointgdtcstage

PUT /policies/event_matcher/{policy_uuid}/

Request:

Changed content type : application/json

• Changed property app (string)

  Match events created by selected application. When left empty, all applications are matched.

  Added enum values:

  • authentik.sources.kerberos
  • authentik.enterprise.stages.authenticator_endpoint_gdtc

• Changed property model (string)

  Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched.

  Added enum values:

  • authentik_sources_kerberos.kerberossource
  • authentik_sources_kerberos.kerberossourcepropertymapping
  • authentik_sources_kerberos.userkerberossourceconnection
  • authentik_sources_kerberos.groupkerberossourceconnection
  • authentik_stages_authenticator_endpoint_gdtc.authenticatorendpointgdtcstage

Return Type:

Changed response : 200 OK

• Changed content type : application/json

  • Changed property app (string)

    Match events created by selected application. When left empty, all applications are matched.

    Added enum values:

    • authentik.sources.kerberos
    • authentik.enterprise.stages.authenticator_endpoint_gdtc

  • Changed property model (string)

    Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched.

    Added enum values:

    • authentik_sources_kerberos.kerberossource
    • authentik_sources_kerberos.kerberossourcepropertymapping
    • authentik_sources_kerberos.userkerberossourceconnection
    • authentik_sources_kerberos.groupkerberossourceconnection
    • authentik_stages_authenticator_endpoint_gdtc.authenticatorendpointgdtcstage

PATCH /policies/event_matcher/{policy_uuid}/

Request:

Changed content type : application/json

• Changed property app (string)

  Match events created by selected application. When left empty, all applications are matched.

  Added enum values:

  • authentik.sources.kerberos
  • authentik.enterprise.stages.authenticator_endpoint_gdtc

• Changed property model (string)

  Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched.

  Added enum values:

  • authentik_sources_kerberos.kerberossource
  • authentik_sources_kerberos.kerberossourcepropertymapping
  • authentik_sources_kerberos.userkerberossourceconnection
  • authentik_sources_kerberos.groupkerberossourceconnection
  • authentik_stages_authenticator_endpoint_gdtc.authenticatorendpointgdtcstage

Return Type:

Changed response : 200 OK

• Changed content type : application/json

  • Changed property app (string)

    Match events created by selected application. When left empty, all applications are matched.

    Added enum values:

    • authentik.sources.kerberos
    • authentik.enterprise.stages.authenticator_endpoint_gdtc

  • Changed property model (string)

    Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched.

    Added enum values:

    • authentik_sources_kerberos.kerberossource
    • authentik_sources_kerberos.kerberossourcepropertymapping
    • authentik_sources_kerberos.userkerberossourceconnection
    • authentik_sources_kerberos.groupkerberossourceconnection
    • authentik_stages_authenticator_endpoint_gdtc.authenticatorendpointgdtcstage

GET /providers/all/{id}/

Return Type:

Changed response : 200 OK

• Changed content type : application/json

  New required properties:

  • invalidation_flow
  • Added property invalidation_flow (string)

    Flow used ending the session from a provider.

GET /providers/oauth2/{id}/

Return Type:

Changed response : 200 OK

• Changed content type : application/json

  New required properties:

  • invalidation_flow

  • Added property invalidation_flow (string)

    Flow used ending the session from a provider.

  • Added property encryption_key (string)

    Key used to encrypt the tokens. When set, tokens will be encrypted and returned as JWEs.

  • Changed property signing_key (string)

    Key used to sign the tokens.

PUT /providers/oauth2/{id}/

Request:

Changed content type : application/json

New required properties:

• invalidation_flow

• Added property invalidation_flow (string)

  Flow used ending the session from a provider.

• Added property encryption_key (string)

  Key used to encrypt the tokens. When set, tokens will be encrypted and returned as JWEs.

• Changed property signing_key (string)

  Key used to sign the tokens.

Return Type:

Changed response : 200 OK

• Changed content type : application/json

  New required properties:

  • invalidation_flow

  • Added property invalidation_flow (string)

    Flow used ending the session from a provider.

  • Added property encryption_key (string)

    Key used to encrypt the tokens. When set, tokens will be encrypted and returned as JWEs.

  • Changed property signing_key (string)

    Key used to sign the tokens.

PATCH /providers/oauth2/{id}/

Request:

Changed content type : application/json

• Added property invalidation_flow (string)

  Flow used ending the session from a provider.

• Added property encryption_key (string)

  Key used to encrypt the tokens. When set, tokens will be encrypted and returned as JWEs.

• Changed property signing_key (string)

  Key used to sign the tokens.

Return Type:

Changed response : 200 OK

• Changed content type : application/json

  New required properties:

  • invalidation_flow

  • Added property invalidation_flow (string)

    Flow used ending the session from a provider.

  • Added property encryption_key (string)

    Key used to encrypt the tokens. When set, tokens will be encrypted and returned as JWEs.

  • Changed property signing_key (string)

    Key used to sign the tokens.

GET /providers/proxy/{id}/

Return Type:

Changed response : 200 OK

• Changed content type : application/json

  New required properties:

  • invalidation_flow
  • Added property invalidation_flow (string)

    Flow used ending the session from a provider.

PUT /providers/proxy/{id}/

Request:

Changed content type : application/json

New required properties:

• invalidation_flow

• Added property invalidation_flow (string)

  Flow used ending the session from a provider.

Return Type:

Changed response : 200 OK

• Changed content type : application/json

  New required properties:

  • invalidation_flow
  • Added property invalidation_flow (string)

    Flow used ending the session from a provider.

PATCH /providers/proxy/{id}/

Request:

Changed content type : application/json

• Added property invalidation_flow (string)

  Flow used ending the session from a provider.

Return Type:

Changed response : 200 OK

• Changed content type : application/json

  New required properties:

  • invalidation_flow
  • Added property invalidation_flow (string)

    Flow used ending the session from a provider.

GET /providers/rac/{id}/

Return Type:

Changed response : 200 OK

• Changed content type : application/json

  New required properties:

  • invalidation_flow
  • Added property invalidation_flow (string)

    Flow used ending the session from a provider.

PUT /providers/rac/{id}/

Request:

Changed content type : application/json

New required properties:

• invalidation_flow

• Added property invalidation_flow (string)

  Flow used ending the session from a provider.

Return Type:

Changed response : 200 OK

• Changed content type : application/json

  New required properties:

  • invalidation_flow
  • Added property invalidation_flow (string)

    Flow used ending the session from a provider.

PATCH /providers/rac/{id}/

Request:

Changed content type : application/json

• Added property invalidation_flow (string)

  Flow used ending the session from a provider.

Return Type:

Changed response : 200 OK

• Changed content type : application/json

  New required properties:

  • invalidation_flow
  • Added property invalidation_flow (string)

    Flow used ending the session from a provider.

GET /providers/radius/{id}/

Return Type:

Changed response : 200 OK

• Changed content type : application/json

  New required properties:

  • invalidation_flow
  • Added property invalidation_flow (string)

    Flow used ending the session from a provider.

PUT /providers/radius/{id}/

Request:

Changed content type : application/json

New required properties:

• invalidation_flow

• Added property invalidation_flow (string)

  Flow used ending the session from a provider.

Return Type:

Changed response : 200 OK

• Changed content type : application/json

  New required properties:

  • invalidation_flow
  • Added property invalidation_flow (string)

    Flow used ending the session from a provider.

PATCH /providers/radius/{id}/

Request:

Changed content type : application/json

• Added property invalidation_flow (string)

  Flow used ending the session from a provider.

Return Type:

Changed response : 200 OK

• Changed content type : application/json

  New required properties:

  • invalidation_flow
  • Added property invalidation_flow (string)

    Flow used ending the session from a provider.

POST /providers/saml/import_metadata/

Request:

Changed content type : multipart/form-data

New required properties:

• invalidation_flow

• Added property invalidation_flow (string)

GET /providers/scim/{id}/

Return Type:

Changed response : 200 OK

• Changed content type : application/json
  • Added property verify_certificates (boolean)

PUT /providers/scim/{id}/

Request:

Changed content type : application/json

• Added property verify_certificates (boolean)

Return Type:

Changed response : 200 OK

• Changed content type : application/json
  • Added property verify_certificates (boolean)

PATCH /providers/scim/{id}/

Request:

Changed content type : application/json

• Added property verify_certificates (boolean)

Return Type:

Changed response : 200 OK

• Changed content type : application/json
  • Added property verify_certificates (boolean)

GET /core/applications/{slug}/

Return Type:

Changed response : 200 OK

• Changed content type : application/json

  • Changed property provider_obj (object)

    Provider Serializer

    New required properties:

    • invalidation_flow
    • Added property invalidation_flow (string)

      Flow used ending the session from a provider.

  • Changed property backchannel_providers_obj (array)

    Changed items (object): > Provider Serializer

    New required properties:

    • invalidation_flow
    • Added property invalidation_flow (string)

      Flow used ending the session from a provider.

PUT /core/applications/{slug}/

Return Type:

Changed response : 200 OK

• Changed content type : application/json

  • Changed property provider_obj (object)

    Provider Serializer

    New required properties:

    • invalidation_flow
    • Added property invalidation_flow (string)

      Flow used ending the session from a provider.

  • Changed property backchannel_providers_obj (array)

    Changed items (object): > Provider Serializer

    New required properties:

    • invalidation_flow
    • Added property invalidation_flow (string)

      Flow used ending the session from a provider.

PATCH /core/applications/{slug}/

Return Type:

Changed response : 200 OK

• Changed content type : application/json

  • Changed property provider_obj (object)

    Provider Serializer

    New required properties:

    • invalidation_flow
    • Added property invalidation_flow (string)

      Flow used ending the session from a provider.

  • Changed property backchannel_providers_obj (array)

    Changed items (object): > Provider Serializer

    New required properties:

    • invalidation_flow
    • Added property invalidation_flow (string)

      Flow used ending the session from a provider.

GET /outposts/instances/{uuid}/

Return Type:

Changed response : 200 OK

• Changed content type : application/json

  • Changed property providers_obj (array)

    Changed items (object): > Provider Serializer

    New required properties:

    • invalidation_flow
    • Added property invalidation_flow (string)

      Flow used ending the session from a provider.

PUT /outposts/instances/{uuid}/

Return Type:

Changed response : 200 OK

• Changed content type : application/json

  • Changed property providers_obj (array)

    Changed items (object): > Provider Serializer

    New required properties:

    • invalidation_flow
    • Added property invalidation_flow (string)

      Flow used ending the session from a provider.

PATCH /outposts/instances/{uuid}/

Return Type:

Changed response : 200 OK

• Changed content type : application/json

  • Changed property providers_obj (array)

    Changed items (object): > Provider Serializer

    New required properties:

    • invalidation_flow
    • Added property invalidation_flow (string)

      Flow used ending the session from a provider.

POST /policies/event_matcher/

Request:

Changed content type : application/json

• Changed property app (string)

  Match events created by selected application. When left empty, all applications are matched.

  Added enum values:

  • authentik.sources.kerberos
  • authentik.enterprise.stages.authenticator_endpoint_gdtc

• Changed property model (string)

  Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched.

  Added enum values:

  • authentik_sources_kerberos.kerberossource
  • authentik_sources_kerberos.kerberossourcepropertymapping
  • authentik_sources_kerberos.userkerberossourceconnection
  • authentik_sources_kerberos.groupkerberossourceconnection
  • authentik_stages_authenticator_endpoint_gdtc.authenticatorendpointgdtcstage

Return Type:

Changed response : 201 Created

• Changed content type : application/json

  • Changed property app (string)

    Match events created by selected application. When left empty, all applications are matched.

    Added enum values:

    • authentik.sources.kerberos
    • authentik.enterprise.stages.authenticator_endpoint_gdtc

  • Changed property model (string)

    Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched.

    Added enum values:

    • authentik_sources_kerberos.kerberossource
    • authentik_sources_kerberos.kerberossourcepropertymapping
    • authentik_sources_kerberos.userkerberossourceconnection
    • authentik_sources_kerberos.groupkerberossourceconnection
    • authentik_stages_authenticator_endpoint_gdtc.authenticatorendpointgdtcstage

GET /policies/event_matcher/

Return Type:

Changed response : 200 OK

• Changed content type : application/json

  • Changed property results (array)

    Changed items (object): > Event Matcher Policy Serializer

    • Changed property app (string)

      Match events created by selected application. When left empty, all applications are matched.

      Added enum values:

      • authentik.sources.kerberos
      • authentik.enterprise.stages.authenticator_endpoint_gdtc

    • Changed property model (string)

      Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched.

      Added enum values:

      • authentik_sources_kerberos.kerberossource
      • authentik_sources_kerberos.kerberossourcepropertymapping
      • authentik_sources_kerberos.userkerberossourceconnection
      • authentik_sources_kerberos.groupkerberossourceconnection
      • authentik_stages_authenticator_endpoint_gdtc.authenticatorendpointgdtcstage

GET /providers/all/

Return Type:

Changed response : 200 OK

• Changed content type : application/json

  • Changed property results (array)

    Changed items (object): > Provider Serializer

    New required properties:

    • invalidation_flow
    • Added property invalidation_flow (string)

      Flow used ending the session from a provider.

GET /providers/ldap/{id}/

Return Type:

Changed response : 200 OK

• Changed content type : application/json

  New required properties:

  • invalidation_flow
  • Added property invalidation_flow (string)

    Flow used ending the session from a provider.

PUT /providers/ldap/{id}/

Request:

Changed content type : application/json

New required properties:

• invalidation_flow

• Added property invalidation_flow (string)

  Flow used ending the session from a provider.

Return Type:

Changed response : 200 OK

• Changed content type : application/json

  New required properties:

  • invalidation_flow
  • Added property invalidation_flow (string)

    Flow used ending the session from a provider.

PATCH /providers/ldap/{id}/

Request:

Changed content type : application/json

• Added property invalidation_flow (string)

  Flow used ending the session from a provider.

Return Type:

Changed response : 200 OK

• Changed content type : application/json

  New required properties:

  • invalidation_flow
  • Added property invalidation_flow (string)

    Flow used ending the session from a provider.

POST /providers/oauth2/

Request:

Changed content type : application/json

New required properties:

• invalidation_flow

• Added property invalidation_flow (string)

  Flow used ending the session from a provider.

• Added property encryption_key (string)

  Key used to encrypt the tokens. When set, tokens will be encrypted and returned as JWEs.

• Changed property signing_key (string)

  Key used to sign the tokens.

Return Type:

Changed response : 201 Created

• Changed content type : application/json

  New required properties:

  • invalidation_flow

  • Added property invalidation_flow (string)

    Flow used ending the session from a provider.

  • Added property encryption_key (string)

    Key used to encrypt the tokens. When set, tokens will be encrypted and returned as JWEs.

  • Changed property signing_key (string)

    Key used to sign the tokens.

GET /providers/oauth2/

Return Type:

Changed response : 200 OK

• Changed content type : application/json

  • Changed property results (array)

    Changed items (object): > OAuth2Provider Serializer

    New required properties:

    • invalidation_flow

    • Added property invalidation_flow (string)

      Flow used ending the session from a provider.

    • Added property encryption_key (string)

      Key used to encrypt the tokens. When set, tokens will be encrypted and returned as JWEs.

    • Changed property signing_key (string)

      Key used to sign the tokens.

POST /providers/proxy/

Request:

Changed content type : application/json

New required properties:

• invalidation_flow

• Added property invalidation_flow (string)

  Flow used ending the session from a provider.

Return Type:

Changed response : 201 Created

• Changed content type : application/json

  New required properties:

  • invalidation_flow
  • Added property invalidation_flow (string)

    Flow used ending the session from a provider.

GET /providers/proxy/

Return Type:

Changed response : 200 OK

• Changed content type : application/json

  • Changed property results (array)

    Changed items (object): > ProxyProvider Serializer

    New required properties:

    • invalidation_flow
    • Added property invalidation_flow (string)

      Flow used ending the session from a provider.

POST /providers/rac/

Request:

Changed content type : application/json

New required properties:

• invalidation_flow

• Added property invalidation_flow (string)

  Flow used ending the session from a provider.

Return Type:

Changed response : 201 Created

• Changed content type : application/json

  New required properties:

  • invalidation_flow
  • Added property invalidation_flow (string)

    Flow used ending the session from a provider.

GET /providers/rac/

Return Type:

Changed response : 200 OK

• Changed content type : application/json

  • Changed property results (array)

    Changed items (object): > RACProvider Serializer

    New required properties:

    • invalidation_flow
    • Added property invalidation_flow (string)

      Flow used ending the session from a provider.

POST /providers/radius/

Request:

Changed content type : application/json

New required properties:

• invalidation_flow

• Added property invalidation_flow (string)

  Flow used ending the session from a provider.

Return Type:

Changed response : 201 Created

• Changed content type : application/json

  New required properties:

  • invalidation_flow
  • Added property invalidation_flow (string)

    Flow used ending the session from a provider.

GET /providers/radius/

Return Type:

Changed response : 200 OK

• Changed content type : application/json

  • Changed property results (array)

    Changed items (object): > RadiusProvider Serializer

    New required properties:

    • invalidation_flow
    • Added property invalidation_flow (string)

      Flow used ending the session from a provider.

GET /providers/saml/{id}/

Return Type:

Changed response : 200 OK

• Changed content type : application/json

  New required properties:

  • invalidation_flow
  • Added property invalidation_flow (string)

    Flow used ending the session from a provider.

PUT /providers/saml/{id}/

Request:

Changed content type : application/json

New required properties:

• invalidation_flow

• Added property invalidation_flow (string)

  Flow used ending the session from a provider.

Return Type:

Changed response : 200 OK

• Changed content type : application/json

  New required properties:

  • invalidation_flow
  • Added property invalidation_flow (string)

    Flow used ending the session from a provider.

PATCH /providers/saml/{id}/

Request:

Changed content type : application/json

• Added property invalidation_flow (string)

  Flow used ending the session from a provider.

Return Type:

Changed response : 200 OK

• Changed content type : application/json

  New required properties:

  • invalidation_flow
  • Added property invalidation_flow (string)

    Flow used ending the session from a provider.

POST /providers/scim/

Request:

Changed content type : application/json

• Added property verify_certificates (boolean)

Return Type:

Changed response : 201 Created

• Changed content type : application/json
  • Added property verify_certificates (boolean)

GET /providers/scim/

Return Type:

Changed response : 200 OK

• Changed content type : application/json

  • Changed property results (array)

    Changed items (object): > SCIMProvider Serializer

    • Added property verify_certificates (boolean)

GET /rac/connection_tokens/{connection_token_uuid}/

Return Type:

Changed response : 200 OK

• Changed content type : application/json

  • Changed property provider_obj (object)

    RACProvider Serializer

    New required properties:

    • invalidation_flow
    • Added property invalidation_flow (string)

      Flow used ending the session from a provider.

  • Changed property endpoint_obj (object)

    Endpoint Serializer

    • Changed property provider_obj (object)

      RACProvider Serializer

      New required properties:

      • invalidation_flow
      • Added property invalidation_flow (string)

        Flow used ending the session from a provider.

PUT /rac/connection_tokens/{connection_token_uuid}/

Return Type:

Changed response : 200 OK

• Changed content type : application/json

  • Changed property provider_obj (object)

    RACProvider Serializer

    New required properties:

    • invalidation_flow
    • Added property invalidation_flow (string)

      Flow used ending the session from a provider.

  • Changed property endpoint_obj (object)

    Endpoint Serializer

    • Changed property provider_obj (object)

      RACProvider Serializer

      New required properties:

      • invalidation_flow
      • Added property invalidation_flow (string)

        Flow used ending the session from a provider.

PATCH /rac/connection_tokens/{connection_token_uuid}/

Return Type:

Changed response : 200 OK

• Changed content type : application/json

  • Changed property provider_obj (object)

    RACProvider Serializer

    New required properties:

    • invalidation_flow
    • Added property invalidation_flow (string)

      Flow used ending the session from a provider.

  • Changed property endpoint_obj (object)

    Endpoint Serializer

    • Changed property provider_obj (object)

      RACProvider Serializer

      New required properties:

      • invalidation_flow
      • Added property invalidation_flow (string)

        Flow used ending the session from a provider.

GET /rac/endpoints/{pbm_uuid}/

Return Type:

Changed response : 200 OK

• Changed content type : application/json

  • Changed property provider_obj (object)

    RACProvider Serializer

    New required properties:

    • invalidation_flow
    • Added property invalidation_flow (string)

      Flow used ending the session from a provider.

PUT /rac/endpoints/{pbm_uuid}/

Return Type:

Changed response : 200 OK

• Changed content type : application/json

  • Changed property provider_obj (object)

    RACProvider Serializer

    New required properties:

    • invalidation_flow
    • Added property invalidation_flow (string)

      Flow used ending the session from a provider.

PATCH /rac/endpoints/{pbm_uuid}/

Return Type:

Changed response : 200 OK

• Changed content type : application/json

  • Changed property provider_obj (object)

    RACProvider Serializer

    New required properties:

    • invalidation_flow
    • Added property invalidation_flow (string)

      Flow used ending the session from a provider.

POST /rbac/permissions/assigned_by_roles/{uuid}/assign/

Request:

Changed content type : application/json

• Changed property model (string)

  Added enum values:

  • authentik_sources_kerberos.kerberossource
  • authentik_sources_kerberos.kerberossourcepropertymapping
  • authentik_sources_kerberos.userkerberossourceconnection
  • authentik_sources_kerberos.groupkerberossourceconnection
  • authentik_stages_authenticator_endpoint_gdtc.authenticatorendpointgdtcstage

PATCH /rbac/permissions/assigned_by_roles/{uuid}/unassign/

Request:

Changed content type : application/json

• Changed property model (string)

  Added enum values:

  • authentik_sources_kerberos.kerberossource
  • authentik_sources_kerberos.kerberossourcepropertymapping
  • authentik_sources_kerberos.userkerberossourceconnection
  • authentik_sources_kerberos.groupkerberossourceconnection
  • authentik_stages_authenticator_endpoint_gdtc.authenticatorendpointgdtcstage

POST /rbac/permissions/assigned_by_users/{id}/assign/

Request:

Changed content type : application/json

• Changed property model (string)

  Added enum values:

  • authentik_sources_kerberos.kerberossource
  • authentik_sources_kerberos.kerberossourcepropertymapping
  • authentik_sources_kerberos.userkerberossourceconnection
  • authentik_sources_kerberos.groupkerberossourceconnection
  • authentik_stages_authenticator_endpoint_gdtc.authenticatorendpointgdtcstage

PATCH /rbac/permissions/assigned_by_users/{id}/unassign/

Request:

Changed content type : application/json

• Changed property model (string)

  Added enum values:

  • authentik_sources_kerberos.kerberossource
  • authentik_sources_kerberos.kerberossourcepropertymapping
  • authentik_sources_kerberos.userkerberossourceconnection
  • authentik_sources_kerberos.groupkerberossourceconnection
  • authentik_stages_authenticator_endpoint_gdtc.authenticatorendpointgdtcstage

GET /sources/saml/{slug}/

Return Type:

Changed response : 200 OK

• Changed content type : application/json

  • Changed property name_id_policy (string)

    NameID Policy sent to the IdP. Can be unset, in which case no Policy is sent.

    Added enum value:

    • urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName Removed enum value:

    • urn:oasis:names:tc:SAML:2.0:nameid-format:X509SubjectName

PUT /sources/saml/{slug}/

Request:

Changed content type : application/json

• Changed property name_id_policy (string)

  NameID Policy sent to the IdP. Can be unset, in which case no Policy is sent.

  Added enum value:

  • urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName Removed enum value:

  • urn:oasis:names:tc:SAML:2.0:nameid-format:X509SubjectName

Return Type:

Changed response : 200 OK

• Changed content type : application/json

  • Changed property name_id_policy (string)

    NameID Policy sent to the IdP. Can be unset, in which case no Policy is sent.

    Added enum value:

    • urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName Removed enum value:

    • urn:oasis:names:tc:SAML:2.0:nameid-format:X509SubjectName

PATCH /sources/saml/{slug}/

Request:

Changed content type : application/json

• Changed property name_id_policy (string)

  NameID Policy sent to the IdP. Can be unset, in which case no Policy is sent.

  Added enum value:

  • urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName Removed enum value:

  • urn:oasis:names:tc:SAML:2.0:nameid-format:X509SubjectName

Return Type:

Changed response : 200 OK

• Changed content type : application/json

  • Changed property name_id_policy (string)

    NameID Policy sent to the IdP. Can be unset, in which case no Policy is sent.

    Added enum value:

    • urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName Removed enum value:

    • urn:oasis:names:tc:SAML:2.0:nameid-format:X509SubjectName

POST /core/applications/

Return Type:

Changed response : 201 Created

• Changed content type : application/json

  • Changed property provider_obj (object)

    Provider Serializer

    New required properties:

    • invalidation_flow
    • Added property invalidation_flow (string)

      Flow used ending the session from a provider.

  • Changed property backchannel_providers_obj (array)

    Changed items (object): > Provider Serializer

    New required properties:

    • invalidation_flow
    • Added property invalidation_flow (string)

      Flow used ending the session from a provider.

GET /core/applications/

Return Type:

Changed response : 200 OK

• Changed content type : application/json

  • Changed property results (array)

    Changed items (object): > Application Serializer

    • Changed property provider_obj (object)

      Provider Serializer

      New required properties:

      • invalidation_flow
      • Added property invalidation_flow (string)

        Flow used ending the session from a provider.

    • Changed property backchannel_providers_obj (array)

      Changed items (object): > Provider Serializer

      New required properties:

      • invalidation_flow
      • Added property invalidation_flow (string)

        Flow used ending the session from a provider.

GET /core/user_consent/{id}/

Return Type:

Changed response : 200 OK

• Changed content type : application/json

  • Changed property application (object)

    Application Serializer

    • Changed property provider_obj (object)

      Provider Serializer

      New required properties:

      • invalidation_flow
      • Added property invalidation_flow (string)

        Flow used ending the session from a provider.

    • Changed property backchannel_providers_obj (array)

      Changed items (object): > Provider Serializer

      New required properties:

      • invalidation_flow
      • Added property invalidation_flow (string)

        Flow used ending the session from a provider.

GET /oauth2/access_tokens/{id}/

Return Type:

Changed response : 200 OK

• Changed content type : application/json

  • Changed property provider (object)

    OAuth2Provider Serializer

    New required properties:

    • invalidation_flow

    • Added property invalidation_flow (string)

      Flow used ending the session from a provider.

    • Added property encryption_key (string)

      Key used to encrypt the tokens. When set, tokens will be encrypted and returned as JWEs.

    • Changed property signing_key (string)

      Key used to sign the tokens.

GET /oauth2/authorization_codes/{id}/

Return Type:

Changed response : 200 OK

• Changed content type : application/json

  • Changed property provider (object)

    OAuth2Provider Serializer

    New required properties:

    • invalidation_flow

    • Added property invalidation_flow (string)

      Flow used ending the session from a provider.

    • Added property encryption_key (string)

      Key used to encrypt the tokens. When set, tokens will be encrypted and returned as JWEs.

    • Changed property signing_key (string)

      Key used to sign the tokens.

GET /oauth2/refresh_tokens/{id}/

Return Type:

Changed response : 200 OK

• Changed content type : application/json

  • Changed property provider (object)

    OAuth2Provider Serializer

    New required properties:

    • invalidation_flow

    • Added property invalidation_flow (string)

      Flow used ending the session from a provider.

    • Added property encryption_key (string)

      Key used to encrypt the tokens. When set, tokens will be encrypted and returned as JWEs.

    • Changed property signing_key (string)

      Key used to sign the tokens.

POST /outposts/instances/

Return Type:

Changed response : 201 Created

• Changed content type : application/json

  • Changed property providers_obj (array)

    Changed items (object): > Provider Serializer

    New required properties:

    • invalidation_flow
    • Added property invalidation_flow (string)

      Flow used ending the session from a provider.

GET /outposts/instances/

Return Type:

Changed response : 200 OK

• Changed content type : application/json

  • Changed property results (array)

    Changed items (object): > Outpost Serializer

    • Changed property providers_obj (array)

      Changed items (object): > Provider Serializer

      New required properties:

      • invalidation_flow
      • Added property invalidation_flow (string)

        Flow used ending the session from a provider.

GET /outposts/ldap/

Return Type:

Changed response : 200 OK

• Changed content type : application/json

  • Changed property results (array)

    Changed items (object): > LDAPProvider Serializer

    New required properties:

    • unbind_flow_slug
    • Added property unbind_flow_slug (string)

      Get slug for unbind flow, defaulting to brand's default flow.

POST /providers/ldap/

Request:

Changed content type : application/json

New required properties:

• invalidation_flow

• Added property invalidation_flow (string)

  Flow used ending the session from a provider.

Return Type:

Changed response : 201 Created

• Changed content type : application/json

  New required properties:

  • invalidation_flow
  • Added property invalidation_flow (string)

    Flow used ending the session from a provider.

GET /providers/ldap/

Return Type:

Changed response : 200 OK

• Changed content type : application/json

  • Changed property results (array)

    Changed items (object): > LDAPProvider Serializer

    New required properties:

    • invalidation_flow
    • Added property invalidation_flow (string)

      Flow used ending the session from a provider.

POST /providers/saml/

Request:

Changed content type : application/json

New required properties:

• invalidation_flow

• Added property invalidation_flow (string)

  Flow used ending the session from a provider.

Return Type:

Changed response : 201 Created

• Changed content type : application/json

  New required properties:

  • invalidation_flow
  • Added property invalidation_flow (string)

    Flow used ending the session from a provider.

GET /providers/saml/

Parameters:

Added: invalidation_flow in query

Return Type:

Changed response : 200 OK

• Changed content type : application/json

  • Changed property results (array)

    Changed items (object): > SAMLProvider Serializer

    New required properties:

    • invalidation_flow
    • Added property invalidation_flow (string)

      Flow used ending the session from a provider.

GET /rac/connection_tokens/

Return Type:

Changed response : 200 OK

• Changed content type : application/json

  • Changed property results (array)

    Changed items (object): > ConnectionToken Serializer

    • Changed property provider_obj (object)

      RACProvider Serializer

      New required properties:

      • invalidation_flow
      • Added property invalidation_flow (string)

        Flow used ending the session from a provider.

    • Changed property endpoint_obj (object)

      Endpoint Serializer

      • Changed property provider_obj (object)

        RACProvider Serializer

        New required properties:

        • invalidation_flow
        • Added property invalidation_flow (string)

          Flow used ending the session from a provider.

POST /rac/endpoints/

Return Type:

Changed response : 201 Created

• Changed content type : application/json

  • Changed property provider_obj (object)

    RACProvider Serializer

    New required properties:

    • invalidation_flow
    • Added property invalidation_flow (string)

      Flow used ending the session from a provider.

GET /rac/endpoints/

Return Type:

Changed response : 200 OK

• Changed content type : application/json

  • Changed property results (array)

    Changed items (object): > Endpoint Serializer

    • Changed property provider_obj (object)

      RACProvider Serializer

      New required properties:

      • invalidation_flow
      • Added property invalidation_flow (string)

        Flow used ending the session from a provider.

GET /rbac/permissions/assigned_by_roles/

Parameters:

Changed: model in query

GET /rbac/permissions/assigned_by_users/

Parameters:

Changed: model in query

POST /sources/saml/

Request:

Changed content type : application/json

• Changed property name_id_policy (string)

  NameID Policy sent to the IdP. Can be unset, in which case no Policy is sent.

  Added enum value:

  • urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName Removed enum value:

  • urn:oasis:names:tc:SAML:2.0:nameid-format:X509SubjectName

Return Type:

Changed response : 201 Created

• Changed content type : application/json

  • Changed property name_id_policy (string)

    NameID Policy sent to the IdP. Can be unset, in which case no Policy is sent.

    Added enum value:

    • urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName Removed enum value:

    • urn:oasis:names:tc:SAML:2.0:nameid-format:X509SubjectName

GET /sources/saml/

Parameters:

Changed: name_id_policy in query

NameID Policy sent to the IdP. Can be unset, in which case no Policy is sent.

Return Type:

Changed response : 200 OK

• Changed content type : application/json

  • Changed property results (array)

    Changed items (object): > SAMLSource Serializer

    • Changed property name_id_policy (string)

      NameID Policy sent to the IdP. Can be unset, in which case no Policy is sent.

      Added enum value:

      • urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName Removed enum value:

      • urn:oasis:names:tc:SAML:2.0:nameid-format:X509SubjectName

GET /stages/identification/{stage_uuid}/

Return Type:

Changed response : 200 OK

• Changed content type : application/json
  • Added property captcha_stage (string)

    When set, adds functionality exactly like a Captcha stage, but baked into the Identification stage.

PUT /stages/identification/{stage_uuid}/

Request:

Changed content type : application/json

• Added property captcha_stage (string)

  When set, adds functionality exactly like a Captcha stage, but baked into the Identification stage.

Return Type:

Changed response : 200 OK

• Changed content type : application/json
  • Added property captcha_stage (string)

    When set, adds functionality exactly like a Captcha stage, but baked into the Identification stage.

PATCH /stages/identification/{stage_uuid}/

Request:

Changed content type : application/json

• Added property captcha_stage (string)

  When set, adds functionality exactly like a Captcha stage, but baked into the Identification stage.

Return Type:

Changed response : 200 OK

• Changed content type : application/json
  • Added property captcha_stage (string)

    When set, adds functionality exactly like a Captcha stage, but baked into the Identification stage.

GET /stages/password/{stage_uuid}/

Return Type:

Changed response : 200 OK

• Changed content type : application/json

  • Changed property backends (array)

    Selection of backends to test the password against.

    Changed items (string):

    Added enum value:

    • authentik.sources.kerberos.auth.KerberosBackend

PUT /stages/password/{stage_uuid}/

Request:

Changed content type : application/json

• Changed property backends (array)

  Selection of backends to test the password against.

  Changed items (string):

  Added enum value:

  • authentik.sources.kerberos.auth.KerberosBackend

Return Type:

Changed response : 200 OK

• Changed content type : application/json

  • Changed property backends (array)

    Selection of backends to test the password against.

    Changed items (string):

    Added enum value:

    • authentik.sources.kerberos.auth.KerberosBackend

PATCH /stages/password/{stage_uuid}/

Request:

Changed content type : application/json

• Changed property backends (array)

  Selection of backends to test the password against.

  Changed items (string):

  Added enum value:

  • authentik.sources.kerberos.auth.KerberosBackend

Return Type:

Changed response : 200 OK

• Changed content type : application/json

  • Changed property backends (array)

    Selection of backends to test the password against.

    Changed items (string):

    Added enum value:

    • authentik.sources.kerberos.auth.KerberosBackend

PUT /core/transactional/applications/

Request:

Changed content type : application/json

• Changed property provider (object)

  Updated authentik_providers_oauth2.oauth2provider provider_model: New required properties:

  • invalidation_flow

  • Added property invalidation_flow (string)

    Flow used ending the session from a provider.

  • Added property encryption_key (string)

    Key used to encrypt the tokens. When set, tokens will be encrypted and returned as JWEs.

  • Changed property signing_key (string)

    Key used to sign the tokens.

  Updated authentik_providers_radius.radiusprovider provider_model: New required properties:

  • invalidation_flow
  • Added property invalidation_flow (string)

    Flow used ending the session from a provider.

  Updated authentik_providers_scim.scimprovider provider_model:

  • Added property verify_certificates (boolean)

  Updated authentik_providers_proxy.proxyprovider provider_model: New required properties:

  • invalidation_flow
  • Added property invalidation_flow (string)

    Flow used ending the session from a provider.

  Updated authentik_providers_rac.racprovider provider_model: New required properties:

  • invalidation_flow
  • Added property invalidation_flow (string)

    Flow used ending the session from a provider.

  Updated authentik_providers_saml.samlprovider provider_model: New required properties:

  • invalidation_flow
  • Added property invalidation_flow (string)

    Flow used ending the session from a provider.

  Updated authentik_providers_ldap.ldapprovider provider_model: New required properties:

  • invalidation_flow
  • Added property invalidation_flow (string)

    Flow used ending the session from a provider.

GET /core/user_consent/

Return Type:

Changed response : 200 OK

• Changed content type : application/json

  • Changed property results (array)

    Changed items (object): > UserConsent Serializer

    • Changed property application (object)

      Application Serializer

      • Changed property provider_obj (object)

        Provider Serializer

        New required properties:

        • invalidation_flow
        • Added property invalidation_flow (string)

          Flow used ending the session from a provider.

      • Changed property backchannel_providers_obj (array)

        Changed items (object): > Provider Serializer

        New required properties:

        • invalidation_flow
        • Added property invalidation_flow (string)

          Flow used ending the session from a provider.

GET /flows/executor/{flow_slug}/

Return Type:

Changed response : 200 OK

• Changed content type : application/json

  Added 'ak-stage-session-end' component:

  • Property flow_info (object)

    Contextual flow information for a challenge

    • Property title (string)

    • Property background (string)

    • Property cancel_url (string)

    • Property layout (string)

      Enum values:

      • stacked
      • content_left
      • content_right
      • sidebar_left
      • sidebar_right

  • Property component (string)

  • Property response_errors (object)

  • Property pending_user (string)

  • Property pending_user_avatar (string)

  • Property application_name (string)

  • Property application_launch_url (string)

  • Property invalidation_flow_url (string)

  • Property brand_name (string)

  Added 'xak-flow-frame' component:

  • Property flow_info (object)

    Contextual flow information for a challenge

  • Property component (string)

  • Property response_errors (object)

  • Property url (string)

  • Property loading_overlay (boolean)

  • Property loading_text (string)

  Updated ak-stage-authenticator-validate component:

  • Changed property device_challenges (array)

    Changed items (object): > Single device challenge

    New required properties:

    • last_used
    • Added property last_used (string)

  Updated ak-stage-identification component:

  • Added property captcha_stage (object)

    Site public key

    • Property flow_info (object)

      Contextual flow information for a challenge

    • Property component (string)

    • Property response_errors (object)

    • Property pending_user (string)

    • Property pending_user_avatar (string)

    • Property site_key (string)

    • Property js_url (string)

POST /flows/executor/{flow_slug}/

Request:

Changed content type : application/json

Added 'xak-flow-frame' component:

• Property component (string)

Updated ak-stage-identification component:

• Added property captcha_token (string)

Updated ak-stage-authenticator-validate component:

• Changed property selected_challenge (object)

  Single device challenge

  New required properties:

  • last_used
  • Added property last_used (string)

Return Type:

Changed response : 200 OK

• Changed content type : application/json

  Added 'ak-stage-session-end' component: Added 'xak-flow-frame' component: Updated ak-stage-authenticator-validate component:

  • Changed property device_challenges (array)

    Changed items (object): > Single device challenge

    New required properties:

    • last_used
    • Added property last_used (string)

  Updated ak-stage-identification component:

  • Added property captcha_stage (object)

    Site public key

GET /oauth2/access_tokens/

Return Type:

Changed response : 200 OK

• Changed content type : application/json

  • Changed property results (array)

    Changed items (object): > Serializer for BaseGrantModel and RefreshToken

    • Changed property provider (object)

      OAuth2Provider Serializer

      New required properties:

      • invalidation_flow

      • Added property invalidation_flow (string)

        Flow used ending the session from a provider.

      • Added property encryption_key (string)

        Key used to encrypt the tokens. When set, tokens will be encrypted and returned as JWEs.

      • Changed property signing_key (string)

        Key used to sign the tokens.

GET /oauth2/authorization_codes/

Return Type:

Changed response : 200 OK

• Changed content type : application/json

  • Changed property results (array)

    Changed items (object): > Serializer for BaseGrantModel and ExpiringBaseGrant

    • Changed property provider (object)

      OAuth2Provider Serializer

      New required properties:

      • invalidation_flow

      • Added property invalidation_flow (string)

        Flow used ending the session from a provider.

      • Added property encryption_key (string)

        Key used to encrypt the tokens. When set, tokens will be encrypted and returned as JWEs.

      • Changed property signing_key (string)

        Key used to sign the tokens.

GET /oauth2/refresh_tokens/

Return Type:

Changed response : 200 OK

• Changed content type : application/json

  • Changed property results (array)

    Changed items (object): > Serializer for BaseGrantModel and RefreshToken

    • Changed property provider (object)

      OAuth2Provider Serializer

      New required properties:

      • invalidation_flow

      • Added property invalidation_flow (string)

        Flow used ending the session from a provider.

      • Added property encryption_key (string)

        Key used to encrypt the tokens. When set, tokens will be encrypted and returned as JWEs.

      • Changed property signing_key (string)

        Key used to sign the tokens.

POST /stages/identification/

Request:

Changed content type : application/json

• Added property captcha_stage (string)

  When set, adds functionality exactly like a Captcha stage, but baked into the Identification stage.

Return Type:

Changed response : 201 Created

• Changed content type : application/json
  • Added property captcha_stage (string)

    When set, adds functionality exactly like a Captcha stage, but baked into the Identification stage.

GET /stages/identification/

Parameters:

Added: captcha_stage in query

Return Type:

Changed response : 200 OK

• Changed content type : application/json

  • Changed property results (array)

    Changed items (object): > IdentificationStage Serializer

    • Added property captcha_stage (string)

      When set, adds functionality exactly like a Captcha stage, but baked into the Identification stage.

POST /stages/password/

Request:

Changed content type : application/json

• Changed property backends (array)

  Selection of backends to test the password against.

  Changed items (string):

  Added enum value:

  • authentik.sources.kerberos.auth.KerberosBackend

Return Type:

Changed response : 201 Created

• Changed content type : application/json

  • Changed property backends (array)

    Selection of backends to test the password against.

    Changed items (string):

    Added enum value:

    • authentik.sources.kerberos.auth.KerberosBackend

GET /stages/password/

Return Type:

Changed response : 200 OK

• Changed content type : application/json

  • Changed property results (array)

    Changed items (object): > PasswordStage Serializer

    • Changed property backends (array)

      Selection of backends to test the password against.

      Changed items (string):

      Added enum value:

      • authentik.sources.kerberos.auth.KerberosBackend

API Changes in 2024.10.1

What's Changed

GET /providers/rac/{id}/

Return Type:

Changed response : 200 OK

• Changed content type : application/json

  New optional properties:

  • invalidation_flow
  • Deleted property invalidation_flow (string)

    Flow used ending the session from a provider.

PUT /providers/rac/{id}/

Request:

Changed content type : application/json

New optional properties:

• invalidation_flow

• Deleted property invalidation_flow (string)

  Flow used ending the session from a provider.

Return Type:

Changed response : 200 OK

• Changed content type : application/json

  New optional properties:

  • invalidation_flow
  • Deleted property invalidation_flow (string)

    Flow used ending the session from a provider.

PATCH /providers/rac/{id}/

Request:

Changed content type : application/json

• Deleted property invalidation_flow (string)

  Flow used ending the session from a provider.

Return Type:

Changed response : 200 OK

• Changed content type : application/json

  New optional properties:

  • invalidation_flow
  • Deleted property invalidation_flow (string)

    Flow used ending the session from a provider.

POST /providers/rac/

Request:

Changed content type : application/json

New optional properties:

• invalidation_flow

• Deleted property invalidation_flow (string)

  Flow used ending the session from a provider.

Return Type:

Changed response : 201 Created

• Changed content type : application/json

  New optional properties:

  • invalidation_flow
  • Deleted property invalidation_flow (string)

    Flow used ending the session from a provider.

GET /providers/rac/

Return Type:

Changed response : 200 OK

• Changed content type : application/json

  • Changed property results (array)

    Changed items (object): > RACProvider Serializer

    New optional properties:

    • invalidation_flow
    • Deleted property invalidation_flow (string)

      Flow used ending the session from a provider.

GET /rac/connection_tokens/{connection_token_uuid}/

Return Type:

Changed response : 200 OK

• Changed content type : application/json

  • Changed property provider_obj (object)

    RACProvider Serializer

    New optional properties:

    • invalidation_flow
    • Deleted property invalidation_flow (string)

      Flow used ending the session from a provider.

  • Changed property endpoint_obj (object)

    Endpoint Serializer

    • Changed property provider_obj (object)

      RACProvider Serializer

      New optional properties:

      • invalidation_flow
      • Deleted property invalidation_flow (string)

        Flow used ending the session from a provider.

PUT /rac/connection_tokens/{connection_token_uuid}/

Return Type:

Changed response : 200 OK

• Changed content type : application/json

  • Changed property provider_obj (object)

    RACProvider Serializer

    New optional properties:

    • invalidation_flow
    • Deleted property invalidation_flow (string)

      Flow used ending the session from a provider.

  • Changed property endpoint_obj (object)

    Endpoint Serializer

    • Changed property provider_obj (object)

      RACProvider Serializer

      New optional properties:

      • invalidation_flow
      • Deleted property invalidation_flow (string)

        Flow used ending the session from a provider.

PATCH /rac/connection_tokens/{connection_token_uuid}/

Return Type:

Changed response : 200 OK

• Changed content type : application/json

  • Changed property provider_obj (object)

    RACProvider Serializer

    New optional properties:

    • invalidation_flow
    • Deleted property invalidation_flow (string)

      Flow used ending the session from a provider.

  • Changed property endpoint_obj (object)

    Endpoint Serializer

    • Changed property provider_obj (object)

      RACProvider Serializer

      New optional properties:

      • invalidation_flow
      • Deleted property invalidation_flow (string)

        Flow used ending the session from a provider.

GET /rac/endpoints/{pbm_uuid}/

Return Type:

Changed response : 200 OK

• Changed content type : application/json

  • Changed property provider_obj (object)

    RACProvider Serializer

    New optional properties:

    • invalidation_flow
    • Deleted property invalidation_flow (string)

      Flow used ending the session from a provider.

PUT /rac/endpoints/{pbm_uuid}/

Return Type:

Changed response : 200 OK

• Changed content type : application/json

  • Changed property provider_obj (object)

    RACProvider Serializer

    New optional properties:

    • invalidation_flow
    • Deleted property invalidation_flow (string)

      Flow used ending the session from a provider.

PATCH /rac/endpoints/{pbm_uuid}/

Return Type:

Changed response : 200 OK

• Changed content type : application/json

  • Changed property provider_obj (object)

    RACProvider Serializer

    New optional properties:

    • invalidation_flow
    • Deleted property invalidation_flow (string)

      Flow used ending the session from a provider.

GET /sources/kerberos/{slug}/

Return Type:

Changed response : 200 OK

• Changed content type : application/json
  • Changed property spnego_server_name (string)

    Force the use of a specific server name for SPNEGO. Must be in the form HTTP@hostname

PUT /sources/kerberos/{slug}/

Request:

Changed content type : application/json

• Changed property spnego_server_name (string)

  Force the use of a specific server name for SPNEGO. Must be in the form HTTP@hostname

Return Type:

Changed response : 200 OK

• Changed content type : application/json
  • Changed property spnego_server_name (string)

    Force the use of a specific server name for SPNEGO. Must be in the form HTTP@hostname

PATCH /sources/kerberos/{slug}/

Request:

Changed content type : application/json

• Changed property spnego_server_name (string)

  Force the use of a specific server name for SPNEGO. Must be in the form HTTP@hostname

Return Type:

Changed response : 200 OK

• Changed content type : application/json
  • Changed property spnego_server_name (string)

    Force the use of a specific server name for SPNEGO. Must be in the form HTTP@hostname

GET /rac/connection_tokens/

Return Type:

Changed response : 200 OK

• Changed content type : application/json

  • Changed property results (array)

    Changed items (object): > ConnectionToken Serializer

    • Changed property provider_obj (object)

      RACProvider Serializer

      New optional properties:

      • invalidation_flow
      • Deleted property invalidation_flow (string)

        Flow used ending the session from a provider.

    • Changed property endpoint_obj (object)

      Endpoint Serializer

      • Changed property provider_obj (object)

        RACProvider Serializer

        New optional properties:

        • invalidation_flow
        • Deleted property invalidation_flow (string)

          Flow used ending the session from a provider.

POST /rac/endpoints/

Return Type:

Changed response : 201 Created

• Changed content type : application/json

  • Changed property provider_obj (object)

    RACProvider Serializer

    New optional properties:

    • invalidation_flow
    • Deleted property invalidation_flow (string)

      Flow used ending the session from a provider.

GET /rac/endpoints/

Return Type:

Changed response : 200 OK

• Changed content type : application/json

  • Changed property results (array)

    Changed items (object): > Endpoint Serializer

    • Changed property provider_obj (object)

      RACProvider Serializer

      New optional properties:

      • invalidation_flow
      • Deleted property invalidation_flow (string)

        Flow used ending the session from a provider.

POST /sources/kerberos/

Request:

Changed content type : application/json

• Changed property spnego_server_name (string)

  Force the use of a specific server name for SPNEGO. Must be in the form HTTP@hostname

Return Type:

Changed response : 201 Created

• Changed content type : application/json
  • Changed property spnego_server_name (string)

    Force the use of a specific server name for SPNEGO. Must be in the form HTTP@hostname

GET /sources/kerberos/

Return Type:

Changed response : 200 OK

• Changed content type : application/json

  • Changed property results (array)

    Changed items (object): > Kerberos Source Serializer

    • Changed property spnego_server_name (string)

      Force the use of a specific server name for SPNEGO. Must be in the form HTTP@hostname

PUT /core/transactional/applications/

Request:

Changed content type : application/json

• Changed property provider (object)

  Updated authentik_providers_rac.racprovider provider_model: New optional properties:

  • invalidation_flow
  • Deleted property invalidation_flow (string)

    Flow used ending the session from a provider.

API Changes in 2024.10.2

What's Changed

GET /stages/captcha/{stage_uuid}/

Return Type:

Changed response : 200 OK

• Changed content type : application/json
  • Added property interactive (boolean)

PUT /stages/captcha/{stage_uuid}/

Request:

Changed content type : application/json

• Added property interactive (boolean)

Return Type:

Changed response : 200 OK

• Changed content type : application/json
  • Added property interactive (boolean)

PATCH /stages/captcha/{stage_uuid}/

Request:

Changed content type : application/json

• Added property interactive (boolean)

Return Type:

Changed response : 200 OK

• Changed content type : application/json
  • Added property interactive (boolean)

GET /flows/executor/{flow_slug}/

Return Type:

Changed response : 200 OK

• Changed content type : application/json

  Updated ak-stage-captcha component: New required properties:

  • interactive
  • Added property interactive (boolean)

POST /flows/executor/{flow_slug}/

Request:

Changed content type : application/json

Updated ak-provider-oauth2-device-code component:

• Changed property code (integer -> string)

Return Type:

Changed response : 200 OK

• Changed content type : application/json

  Updated ak-stage-captcha component: New required properties:

  • interactive
  • Added property interactive (boolean)

POST /stages/captcha/

Request:

Changed content type : application/json

• Added property interactive (boolean)

Return Type:

Changed response : 201 Created

• Changed content type : application/json
  • Added property interactive (boolean)

GET /stages/captcha/

Return Type:

Changed response : 200 OK

• Changed content type : application/json

  • Changed property results (array)

    Changed items (object): > CaptchaStage Serializer

    • Added property interactive (boolean)