From cace69d6f8f21d6f5d772e9c29376b901a59eff8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Simonyi=20Gerg=C5=91?= <28359278+gergosimonyi@users.noreply.github.com> Date: Mon, 28 Oct 2024 17:13:31 +0100 Subject: [PATCH] website: 2024.10 Release Notes (#11839) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * generate diffs and changelog * add 2024.10 release notes * reorder release note highlights * lint website * reorder release note new features * reword Kerberos Co-authored-by: Jens L. Signed-off-by: Simonyi Gergő <28359278+gergosimonyi@users.noreply.github.com> * extend JWE description Co-authored-by: Jens L. Signed-off-by: Simonyi Gergő <28359278+gergosimonyi@users.noreply.github.com> --------- Signed-off-by: Simonyi Gergő <28359278+gergosimonyi@users.noreply.github.com> Co-authored-by: Jens L. --- website/docs/releases/2024/v2024.10.md | 2015 +++++++++++++++++++++++- website/sidebars.js | 3 +- 2 files changed, 2014 insertions(+), 4 deletions(-) diff --git a/website/docs/releases/2024/v2024.10.md b/website/docs/releases/2024/v2024.10.md index 08defac33ab7..070f9ce3767f 100644 --- a/website/docs/releases/2024/v2024.10.md +++ b/website/docs/releases/2024/v2024.10.md @@ -9,14 +9,43 @@ slug: "/releases/2024.10" To try out the release candidate, replace your Docker image tag with the latest release candidate number, such as 2024.10.0-rc1. You can find the latest one in [the latest releases on GitHub](https://github.com/goauthentik/authentik/releases). If you don't find any, it means we haven't released one yet. ::::: - +## Highlights + +- **Chrome Device Trust** Enterprise Preview: Verify that your users are logging in from managed devices and validate the devices' compliance with company policies. +- **FIPS/FAL3 for FedRAMP "very high" compliance** Enterprise+: with support for SAML encryption and now JWE (JSON Web Encryption) support, authentik can now be configured for FIPS compliance at Federal Assurance Level (FAL) 3. +- **Captcha on Identification stage**: Run a CAPTCHA process in the background while the user is entering their identification. +- **Kerberos source**: authentik can now integrate with existing Kerberos environments by allowing users to log in with their Kerberos credentials, SPNEGO or syncing users into authentik. + +## Breaking changes + +We have no breaking changes this release! ## New features +- **Chrome Device Trust** Enterprise Preview + + This is a new stage for Enterprise clients that verifies the user through the Chrome Verified Access API. This stage only works with Google Chrome. You'll need to bring your own [Verified Access API instance](https://developers.google.com/chrome/verified-access/overview) via Google Cloud. + +- **JWE support for OAuth** + + You can now configure JSON Web Encryption with the OAuth 2.0 Provider, which will encrypt all the tokens created by authentik, using the configured encryption key. + +- **Captcha on identification stage** + + We've added an optional Captcha stage baked into an Identification stage to run in the background while the user inputs their information. Using this will hopefully result in lower total time per flow for the end user. + - **Invalidation flows for providers** The sign-out experience when the session in an application ends can be configured now. Previously where this was always a static page, any flow can be used now. This can be used for additional validation, or redirecting the user to a custom URL. +- **Autoselect 2FA device** + + Users who configure multiple 2FA devices will now land on their last used device's prompt, skipping the device picker. This will hopefually result in lower total average time per flow for the end user. + +- **New structure for authentik's technical documentation** + + We've restructured the documentation in authentik to be more task-based, with sections, titles, and headings that follow the workflow of installing, configuring, and using the product. Previously, our docs were organized by components. This new focus on tasks increases findability within the Table of Contents, and provide a high-level guide of the typical workflows with authentik. + ## Upgrading This release does not introduce any new requirements. You can follow the upgrade instructions below; for more detailed information about upgrading authentik, refer to our [Upgrade documentation](../../install-config/upgrade.mdx). @@ -47,8 +76,1988 @@ helm upgrade authentik authentik/authentik -f values.yaml --version ^2024.10 ## Minor changes/fixes - +- \*: fix deprecated calls to sentry start_span (#11655) +- admin: refactor update check (#11272) +- admin: store version history (#11520) +- blueprints: fix validation error when using internal storage (#11654) +- core: ensure all providers have correct priority (#11280) +- core: ensure proxy provider is correctly looked up (#11267) +- core: extract object matching from flow manager (#11458) +- core: fix change_user_type always requiring usernames (#11177) +- core: fix missing argument name escaping for property mapping (#11231) +- core: fix permission check for scoped impersonation (#11315) +- core: fix permission check for scoped impersonation (#11603) +- enterprise: fix API mixin license validity check (#11331) +- enterprise: fix incorrect comparison for latest validity date (#11109) +- enterprise: show specific error if Install ID is invalid in license (#11317) +- events: always use expiry from current tenant for events, not only when creating from HTTP request (#11415) +- events: optimise marking events as seen (#11297) +- fix: proxy provider - docker traefik label (#11460) +- flows: include Outpost instance in flow context and save in login event (#11318) +- flows: provider invalidation (#5048) +- internal: fix go paginator not setting page correctly (#11253) +- internal: restore /ping behaviour for embedded outpost (#11568) +- policies/event_matcher: fix inconsistent behaviour (#11724) +- providers/ldap: fix incorrect permission check for search access (#11217) +- providers/ldap: fix migration assuming search group is set (#11170) +- providers/ldap: rework search_group migration to work with read replicas (#11228) +- providers/oauth2: add indexes on tokens (#11524) +- providers/oauth2: add initial JWE support (#11344) +- providers/oauth2: audit_ignore last_login change for generated service account (#11085) +- providers/oauth2: don't overwrite attributes when updating service account (#11709) +- providers/oauth2: improve indexes on tokens (#11543) +- providers/proxy: fix URL path getting lost when partial URL is given to rd= (#11354) +- providers/proxy: fix panic, keep session storages open (#11439) +- providers/saml: fix incorrect ds:Reference URI (#11699) +- providers/scim: add option to ignore SCIM server cert (#11437) +- root: fix ensure `outpost_connection_discovery runs on worker startup (#11260) +- schemas: fix XML Schema loading...for some reason? +- security: fix CVE-2024-47070 (#11536) +- security: fix CVE-2024-47077 (#11535) +- sources/ldap: fix mapping check, fix debug endpoint (#11442) +- sources/ldap: fix missing search attribute (#11125) +- sources/ldap: fix ms_ad userAccountControl not checking for lockout (#11532) +- sources/saml: fix NameIDFormat descriptor in metadata generation (#11614) +- stages/authenticator: use RBAC for devices API (#11482) +- stages/authenticator_webauthn: Update FIDO MDS3 & Passkey aaguid blobs (#11138) +- stages/authenticator_webauthn: Update FIDO MDS3 & Passkey aaguid blobs (#11383) +- stages/authenticator_webauthn: Update FIDO MDS3 & Passkey aaguid blobs (#11578) +- stages/authenticator_webauthn: Update FIDO MDS3 & Passkey aaguid blobs (#11683) +- stages/identification: dynamically find login challenges (#11571) +- stages/password: add error message when exceeding maximum tries (#11679) +- tests/e2e: add forward auth e2e test (#11374) +- web/admin: display webauthn device type (#11481) +- web/admin: fix Authentication flow being required (#11496) +- web/admin: fix duplicate flow labels (#11689) +- web/admin: fix error in Outpost creation form (#11173) +- web/admin: fix invalid create date shown for MFA registered before date was saved (#11728) +- web/admin: fix misc dual select on different forms (#11203) +- web/admin: fix missing Sync object button SCIM Provider (#11211) +- web/admin: fix notification property mapping forms (#11298) +- web/admin: fix sync single button throwing error (#11727) +- web/admin: improve error handling (#11212) +- web/users: show - if device was registered before we started saving the time (#11256) +- web: Adjust Wdio MaxInstances, add Knip (#11089) +- web: Fix css loading in unit tests, remove unneeded dot paths (#11629) +- web: add missing id attribute for button in ak-flow-input-password (#11413) +- web: audit and update package.json and associated test harness, with upgrade to WebdriverIO 9 (#11596) +- web: fix dual-select with dynamic selection (#11133) +- web: fix e2e tests to work with latest WebdriverIO and authentik 2024.8 (#11105) +- web: fix readonly fields appearing white in dark theme (#11271) +- web: provide simple tables for API-less displays (#11028) +- web: provide storybook demos and docs for existing tests (#11651) +- web: revert lockfile lint, re-add integrity (#11380) +- web: small fixes for elements and forms (#11546) ## API Changes - +#### What's New + +--- + +##### `GET` /admin/version/history/ + +##### `GET` /admin/version/history/{#123;id}#125;/ + +#### What's Changed + +--- + +##### `GET` /authenticators/admin/all/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + Changed items (object): > Serializer for Duo authenticator devices + + New required properties: + + - `extra_description` + + * Added property `extra_description` (string) + > Get extra description + +##### `GET` /authenticators/all/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + Changed items (object): > Serializer for Duo authenticator devices + + New required properties: + + - `extra_description` + + * Added property `extra_description` (string) + > Get extra description + +##### `GET` /providers/all/{#123;id}#125;/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + New required properties: + + - `invalidation_flow` + + * Added property `invalidation_flow` (string) + > Flow used ending the session from a provider. + +##### `GET` /providers/oauth2/{#123;id}#125;/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + New required properties: + + - `invalidation_flow` + + * Added property `invalidation_flow` (string) + + > Flow used ending the session from a provider. + + * Added property `encryption_key` (string) + + > Key used to encrypt the tokens. When set, tokens will be encrypted and returned as JWEs. + + * Changed property `signing_key` (string) + > Key used to sign the tokens. + +##### `PUT` /providers/oauth2/{#123;id}#125;/ + +###### Request: + +Changed content type : `application/json` + +New required properties: + +- `invalidation_flow` + +* Added property `invalidation_flow` (string) + + > Flow used ending the session from a provider. + +* Added property `encryption_key` (string) + + > Key used to encrypt the tokens. When set, tokens will be encrypted and returned as JWEs. + +* Changed property `signing_key` (string) + > Key used to sign the tokens. + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + New required properties: + + - `invalidation_flow` + + * Added property `invalidation_flow` (string) + + > Flow used ending the session from a provider. + + * Added property `encryption_key` (string) + + > Key used to encrypt the tokens. When set, tokens will be encrypted and returned as JWEs. + + * Changed property `signing_key` (string) + > Key used to sign the tokens. + +##### `PATCH` /providers/oauth2/{#123;id}#125;/ + +###### Request: + +Changed content type : `application/json` + +- Added property `invalidation_flow` (string) + + > Flow used ending the session from a provider. + +- Added property `encryption_key` (string) + + > Key used to encrypt the tokens. When set, tokens will be encrypted and returned as JWEs. + +- Changed property `signing_key` (string) + > Key used to sign the tokens. + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + New required properties: + + - `invalidation_flow` + + * Added property `invalidation_flow` (string) + + > Flow used ending the session from a provider. + + * Added property `encryption_key` (string) + + > Key used to encrypt the tokens. When set, tokens will be encrypted and returned as JWEs. + + * Changed property `signing_key` (string) + > Key used to sign the tokens. + +##### `GET` /providers/proxy/{#123;id}#125;/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + New required properties: + + - `invalidation_flow` + + * Added property `invalidation_flow` (string) + > Flow used ending the session from a provider. + +##### `PUT` /providers/proxy/{#123;id}#125;/ + +###### Request: + +Changed content type : `application/json` + +New required properties: + +- `invalidation_flow` + +* Added property `invalidation_flow` (string) + > Flow used ending the session from a provider. + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + New required properties: + + - `invalidation_flow` + + * Added property `invalidation_flow` (string) + > Flow used ending the session from a provider. + +##### `PATCH` /providers/proxy/{#123;id}#125;/ + +###### Request: + +Changed content type : `application/json` + +- Added property `invalidation_flow` (string) + > Flow used ending the session from a provider. + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + New required properties: + + - `invalidation_flow` + + * Added property `invalidation_flow` (string) + > Flow used ending the session from a provider. + +##### `GET` /providers/rac/{#123;id}#125;/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + New required properties: + + - `invalidation_flow` + + * Added property `invalidation_flow` (string) + > Flow used ending the session from a provider. + +##### `PUT` /providers/rac/{#123;id}#125;/ + +###### Request: + +Changed content type : `application/json` + +New required properties: + +- `invalidation_flow` + +* Added property `invalidation_flow` (string) + > Flow used ending the session from a provider. + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + New required properties: + + - `invalidation_flow` + + * Added property `invalidation_flow` (string) + > Flow used ending the session from a provider. + +##### `PATCH` /providers/rac/{#123;id}#125;/ + +###### Request: + +Changed content type : `application/json` + +- Added property `invalidation_flow` (string) + > Flow used ending the session from a provider. + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + New required properties: + + - `invalidation_flow` + + * Added property `invalidation_flow` (string) + > Flow used ending the session from a provider. + +##### `GET` /providers/radius/{#123;id}#125;/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + New required properties: + + - `invalidation_flow` + + * Added property `invalidation_flow` (string) + > Flow used ending the session from a provider. + +##### `PUT` /providers/radius/{#123;id}#125;/ + +###### Request: + +Changed content type : `application/json` + +New required properties: + +- `invalidation_flow` + +* Added property `invalidation_flow` (string) + > Flow used ending the session from a provider. + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + New required properties: + + - `invalidation_flow` + + * Added property `invalidation_flow` (string) + > Flow used ending the session from a provider. + +##### `PATCH` /providers/radius/{#123;id}#125;/ + +###### Request: + +Changed content type : `application/json` + +- Added property `invalidation_flow` (string) + > Flow used ending the session from a provider. + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + New required properties: + + - `invalidation_flow` + + * Added property `invalidation_flow` (string) + > Flow used ending the session from a provider. + +##### `POST` /providers/saml/import_metadata/ + +###### Request: + +Changed content type : `multipart/form-data` + +New required properties: + +- `invalidation_flow` + +* Added property `invalidation_flow` (string) + +##### `GET` /providers/scim/{#123;id}#125;/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Added property `verify_certificates` (boolean) + +##### `PUT` /providers/scim/{#123;id}#125;/ + +###### Request: + +Changed content type : `application/json` + +- Added property `verify_certificates` (boolean) + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Added property `verify_certificates` (boolean) + +##### `PATCH` /providers/scim/{#123;id}#125;/ + +###### Request: + +Changed content type : `application/json` + +- Added property `verify_certificates` (boolean) + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Added property `verify_certificates` (boolean) + +##### `GET` /core/applications/{#123;slug}#125;/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `provider_obj` (object) + + > Provider Serializer + + New required properties: + + - `invalidation_flow` + + * Added property `invalidation_flow` (string) + > Flow used ending the session from a provider. + + - Changed property `backchannel_providers_obj` (array) + + Changed items (object): > Provider Serializer + + New required properties: + + - `invalidation_flow` + + * Added property `invalidation_flow` (string) + > Flow used ending the session from a provider. + +##### `PUT` /core/applications/{#123;slug}#125;/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `provider_obj` (object) + + > Provider Serializer + + New required properties: + + - `invalidation_flow` + + * Added property `invalidation_flow` (string) + > Flow used ending the session from a provider. + + - Changed property `backchannel_providers_obj` (array) + + Changed items (object): > Provider Serializer + + New required properties: + + - `invalidation_flow` + + * Added property `invalidation_flow` (string) + > Flow used ending the session from a provider. + +##### `PATCH` /core/applications/{#123;slug}#125;/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `provider_obj` (object) + + > Provider Serializer + + New required properties: + + - `invalidation_flow` + + * Added property `invalidation_flow` (string) + > Flow used ending the session from a provider. + + - Changed property `backchannel_providers_obj` (array) + + Changed items (object): > Provider Serializer + + New required properties: + + - `invalidation_flow` + + * Added property `invalidation_flow` (string) + > Flow used ending the session from a provider. + +##### `GET` /outposts/instances/{#123;uuid}#125;/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `providers_obj` (array) + + Changed items (object): > Provider Serializer + + New required properties: + + - `invalidation_flow` + + * Added property `invalidation_flow` (string) + > Flow used ending the session from a provider. + +##### `PUT` /outposts/instances/{#123;uuid}#125;/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `providers_obj` (array) + + Changed items (object): > Provider Serializer + + New required properties: + + - `invalidation_flow` + + * Added property `invalidation_flow` (string) + > Flow used ending the session from a provider. + +##### `PATCH` /outposts/instances/{#123;uuid}#125;/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `providers_obj` (array) + + Changed items (object): > Provider Serializer + + New required properties: + + - `invalidation_flow` + + * Added property `invalidation_flow` (string) + > Flow used ending the session from a provider. + +##### `GET` /providers/all/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `results` (array) + + Changed items (object): > Provider Serializer + + New required properties: + + - `invalidation_flow` + + * Added property `invalidation_flow` (string) + > Flow used ending the session from a provider. + +##### `GET` /providers/ldap/{#123;id}#125;/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + New required properties: + + - `invalidation_flow` + + * Added property `invalidation_flow` (string) + > Flow used ending the session from a provider. + +##### `PUT` /providers/ldap/{#123;id}#125;/ + +###### Request: + +Changed content type : `application/json` + +New required properties: + +- `invalidation_flow` + +* Added property `invalidation_flow` (string) + > Flow used ending the session from a provider. + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + New required properties: + + - `invalidation_flow` + + * Added property `invalidation_flow` (string) + > Flow used ending the session from a provider. + +##### `PATCH` /providers/ldap/{#123;id}#125;/ + +###### Request: + +Changed content type : `application/json` + +- Added property `invalidation_flow` (string) + > Flow used ending the session from a provider. + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + New required properties: + + - `invalidation_flow` + + * Added property `invalidation_flow` (string) + > Flow used ending the session from a provider. + +##### `POST` /providers/oauth2/ + +###### Request: + +Changed content type : `application/json` + +New required properties: + +- `invalidation_flow` + +* Added property `invalidation_flow` (string) + + > Flow used ending the session from a provider. + +* Added property `encryption_key` (string) + + > Key used to encrypt the tokens. When set, tokens will be encrypted and returned as JWEs. + +* Changed property `signing_key` (string) + > Key used to sign the tokens. + +###### Return Type: + +Changed response : **201 Created** + +- Changed content type : `application/json` + + New required properties: + + - `invalidation_flow` + + * Added property `invalidation_flow` (string) + + > Flow used ending the session from a provider. + + * Added property `encryption_key` (string) + + > Key used to encrypt the tokens. When set, tokens will be encrypted and returned as JWEs. + + * Changed property `signing_key` (string) + > Key used to sign the tokens. + +##### `GET` /providers/oauth2/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `results` (array) + + Changed items (object): > OAuth2Provider Serializer + + New required properties: + + - `invalidation_flow` + + * Added property `invalidation_flow` (string) + + > Flow used ending the session from a provider. + + * Added property `encryption_key` (string) + + > Key used to encrypt the tokens. When set, tokens will be encrypted and returned as JWEs. + + * Changed property `signing_key` (string) + > Key used to sign the tokens. + +##### `POST` /providers/proxy/ + +###### Request: + +Changed content type : `application/json` + +New required properties: + +- `invalidation_flow` + +* Added property `invalidation_flow` (string) + > Flow used ending the session from a provider. + +###### Return Type: + +Changed response : **201 Created** + +- Changed content type : `application/json` + + New required properties: + + - `invalidation_flow` + + * Added property `invalidation_flow` (string) + > Flow used ending the session from a provider. + +##### `GET` /providers/proxy/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `results` (array) + + Changed items (object): > ProxyProvider Serializer + + New required properties: + + - `invalidation_flow` + + * Added property `invalidation_flow` (string) + > Flow used ending the session from a provider. + +##### `POST` /providers/rac/ + +###### Request: + +Changed content type : `application/json` + +New required properties: + +- `invalidation_flow` + +* Added property `invalidation_flow` (string) + > Flow used ending the session from a provider. + +###### Return Type: + +Changed response : **201 Created** + +- Changed content type : `application/json` + + New required properties: + + - `invalidation_flow` + + * Added property `invalidation_flow` (string) + > Flow used ending the session from a provider. + +##### `GET` /providers/rac/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `results` (array) + + Changed items (object): > RACProvider Serializer + + New required properties: + + - `invalidation_flow` + + * Added property `invalidation_flow` (string) + > Flow used ending the session from a provider. + +##### `POST` /providers/radius/ + +###### Request: + +Changed content type : `application/json` + +New required properties: + +- `invalidation_flow` + +* Added property `invalidation_flow` (string) + > Flow used ending the session from a provider. + +###### Return Type: + +Changed response : **201 Created** + +- Changed content type : `application/json` + + New required properties: + + - `invalidation_flow` + + * Added property `invalidation_flow` (string) + > Flow used ending the session from a provider. + +##### `GET` /providers/radius/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `results` (array) + + Changed items (object): > RadiusProvider Serializer + + New required properties: + + - `invalidation_flow` + + * Added property `invalidation_flow` (string) + > Flow used ending the session from a provider. + +##### `GET` /providers/saml/{#123;id}#125;/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + New required properties: + + - `invalidation_flow` + + * Added property `invalidation_flow` (string) + > Flow used ending the session from a provider. + +##### `PUT` /providers/saml/{#123;id}#125;/ + +###### Request: + +Changed content type : `application/json` + +New required properties: + +- `invalidation_flow` + +* Added property `invalidation_flow` (string) + > Flow used ending the session from a provider. + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + New required properties: + + - `invalidation_flow` + + * Added property `invalidation_flow` (string) + > Flow used ending the session from a provider. + +##### `PATCH` /providers/saml/{#123;id}#125;/ + +###### Request: + +Changed content type : `application/json` + +- Added property `invalidation_flow` (string) + > Flow used ending the session from a provider. + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + New required properties: + + - `invalidation_flow` + + * Added property `invalidation_flow` (string) + > Flow used ending the session from a provider. + +##### `POST` /providers/scim/ + +###### Request: + +Changed content type : `application/json` + +- Added property `verify_certificates` (boolean) + +###### Return Type: + +Changed response : **201 Created** + +- Changed content type : `application/json` + + - Added property `verify_certificates` (boolean) + +##### `GET` /providers/scim/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `results` (array) + + Changed items (object): > SCIMProvider Serializer + + - Added property `verify_certificates` (boolean) + +##### `GET` /rac/connection_tokens/{#123;connection_token_uuid}#125;/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `provider_obj` (object) + + > RACProvider Serializer + + New required properties: + + - `invalidation_flow` + + * Added property `invalidation_flow` (string) + > Flow used ending the session from a provider. + + - Changed property `endpoint_obj` (object) + + > Endpoint Serializer + + - Changed property `provider_obj` (object) + + > RACProvider Serializer + + New required properties: + + - `invalidation_flow` + + * Added property `invalidation_flow` (string) + > Flow used ending the session from a provider. + +##### `PUT` /rac/connection_tokens/{#123;connection_token_uuid}#125;/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `provider_obj` (object) + + > RACProvider Serializer + + New required properties: + + - `invalidation_flow` + + * Added property `invalidation_flow` (string) + > Flow used ending the session from a provider. + + - Changed property `endpoint_obj` (object) + + > Endpoint Serializer + + - Changed property `provider_obj` (object) + + > RACProvider Serializer + + New required properties: + + - `invalidation_flow` + + * Added property `invalidation_flow` (string) + > Flow used ending the session from a provider. + +##### `PATCH` /rac/connection_tokens/{#123;connection_token_uuid}#125;/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `provider_obj` (object) + + > RACProvider Serializer + + New required properties: + + - `invalidation_flow` + + * Added property `invalidation_flow` (string) + > Flow used ending the session from a provider. + + - Changed property `endpoint_obj` (object) + + > Endpoint Serializer + + - Changed property `provider_obj` (object) + + > RACProvider Serializer + + New required properties: + + - `invalidation_flow` + + * Added property `invalidation_flow` (string) + > Flow used ending the session from a provider. + +##### `GET` /rac/endpoints/{#123;pbm_uuid}#125;/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `provider_obj` (object) + + > RACProvider Serializer + + New required properties: + + - `invalidation_flow` + + * Added property `invalidation_flow` (string) + > Flow used ending the session from a provider. + +##### `PUT` /rac/endpoints/{#123;pbm_uuid}#125;/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `provider_obj` (object) + + > RACProvider Serializer + + New required properties: + + - `invalidation_flow` + + * Added property `invalidation_flow` (string) + > Flow used ending the session from a provider. + +##### `PATCH` /rac/endpoints/{#123;pbm_uuid}#125;/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `provider_obj` (object) + + > RACProvider Serializer + + New required properties: + + - `invalidation_flow` + + * Added property `invalidation_flow` (string) + > Flow used ending the session from a provider. + +##### `GET` /sources/saml/{#123;slug}#125;/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `name_id_policy` (string) + + > NameID Policy sent to the IdP. Can be unset, in which case no Policy is sent. + + Added enum value: + + - `urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName` + Removed enum value: + + - `urn:oasis:names:tc:SAML:2.0:nameid-format:X509SubjectName` + +##### `PUT` /sources/saml/{#123;slug}#125;/ + +###### Request: + +Changed content type : `application/json` + +- Changed property `name_id_policy` (string) + + > NameID Policy sent to the IdP. Can be unset, in which case no Policy is sent. + + Added enum value: + + - `urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName` + Removed enum value: + + - `urn:oasis:names:tc:SAML:2.0:nameid-format:X509SubjectName` + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `name_id_policy` (string) + + > NameID Policy sent to the IdP. Can be unset, in which case no Policy is sent. + + Added enum value: + + - `urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName` + Removed enum value: + + - `urn:oasis:names:tc:SAML:2.0:nameid-format:X509SubjectName` + +##### `PATCH` /sources/saml/{#123;slug}#125;/ + +###### Request: + +Changed content type : `application/json` + +- Changed property `name_id_policy` (string) + + > NameID Policy sent to the IdP. Can be unset, in which case no Policy is sent. + + Added enum value: + + - `urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName` + Removed enum value: + + - `urn:oasis:names:tc:SAML:2.0:nameid-format:X509SubjectName` + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `name_id_policy` (string) + + > NameID Policy sent to the IdP. Can be unset, in which case no Policy is sent. + + Added enum value: + + - `urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName` + Removed enum value: + + - `urn:oasis:names:tc:SAML:2.0:nameid-format:X509SubjectName` + +##### `POST` /core/applications/ + +###### Return Type: + +Changed response : **201 Created** + +- Changed content type : `application/json` + + - Changed property `provider_obj` (object) + + > Provider Serializer + + New required properties: + + - `invalidation_flow` + + * Added property `invalidation_flow` (string) + > Flow used ending the session from a provider. + + - Changed property `backchannel_providers_obj` (array) + + Changed items (object): > Provider Serializer + + New required properties: + + - `invalidation_flow` + + * Added property `invalidation_flow` (string) + > Flow used ending the session from a provider. + +##### `GET` /core/applications/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `results` (array) + + Changed items (object): > Application Serializer + + - Changed property `provider_obj` (object) + + > Provider Serializer + + New required properties: + + - `invalidation_flow` + + * Added property `invalidation_flow` (string) + > Flow used ending the session from a provider. + + - Changed property `backchannel_providers_obj` (array) + + Changed items (object): > Provider Serializer + + New required properties: + + - `invalidation_flow` + + * Added property `invalidation_flow` (string) + > Flow used ending the session from a provider. + +##### `GET` /core/user_consent/{#123;id}#125;/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `application` (object) + + > Application Serializer + + - Changed property `provider_obj` (object) + + > Provider Serializer + + New required properties: + + - `invalidation_flow` + + * Added property `invalidation_flow` (string) + > Flow used ending the session from a provider. + + - Changed property `backchannel_providers_obj` (array) + + Changed items (object): > Provider Serializer + + New required properties: + + - `invalidation_flow` + + * Added property `invalidation_flow` (string) + > Flow used ending the session from a provider. + +##### `GET` /oauth2/access_tokens/{#123;id}#125;/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `provider` (object) + + > OAuth2Provider Serializer + + New required properties: + + - `invalidation_flow` + + * Added property `invalidation_flow` (string) + + > Flow used ending the session from a provider. + + * Added property `encryption_key` (string) + + > Key used to encrypt the tokens. When set, tokens will be encrypted and returned as JWEs. + + * Changed property `signing_key` (string) + > Key used to sign the tokens. + +##### `GET` /oauth2/authorization_codes/{#123;id}#125;/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `provider` (object) + + > OAuth2Provider Serializer + + New required properties: + + - `invalidation_flow` + + * Added property `invalidation_flow` (string) + + > Flow used ending the session from a provider. + + * Added property `encryption_key` (string) + + > Key used to encrypt the tokens. When set, tokens will be encrypted and returned as JWEs. + + * Changed property `signing_key` (string) + > Key used to sign the tokens. + +##### `GET` /oauth2/refresh_tokens/{#123;id}#125;/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `provider` (object) + + > OAuth2Provider Serializer + + New required properties: + + - `invalidation_flow` + + * Added property `invalidation_flow` (string) + + > Flow used ending the session from a provider. + + * Added property `encryption_key` (string) + + > Key used to encrypt the tokens. When set, tokens will be encrypted and returned as JWEs. + + * Changed property `signing_key` (string) + > Key used to sign the tokens. + +##### `POST` /outposts/instances/ + +###### Return Type: + +Changed response : **201 Created** + +- Changed content type : `application/json` + + - Changed property `providers_obj` (array) + + Changed items (object): > Provider Serializer + + New required properties: + + - `invalidation_flow` + + * Added property `invalidation_flow` (string) + > Flow used ending the session from a provider. + +##### `GET` /outposts/instances/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `results` (array) + + Changed items (object): > Outpost Serializer + + - Changed property `providers_obj` (array) + + Changed items (object): > Provider Serializer + + New required properties: + + - `invalidation_flow` + + * Added property `invalidation_flow` (string) + > Flow used ending the session from a provider. + +##### `GET` /outposts/ldap/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `results` (array) + + Changed items (object): > LDAPProvider Serializer + + New required properties: + + - `unbind_flow_slug` + + * Added property `unbind_flow_slug` (string) + > Get slug for unbind flow, defaulting to brand's default flow. + +##### `POST` /providers/ldap/ + +###### Request: + +Changed content type : `application/json` + +New required properties: + +- `invalidation_flow` + +* Added property `invalidation_flow` (string) + > Flow used ending the session from a provider. + +###### Return Type: + +Changed response : **201 Created** + +- Changed content type : `application/json` + + New required properties: + + - `invalidation_flow` + + * Added property `invalidation_flow` (string) + > Flow used ending the session from a provider. + +##### `GET` /providers/ldap/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `results` (array) + + Changed items (object): > LDAPProvider Serializer + + New required properties: + + - `invalidation_flow` + + * Added property `invalidation_flow` (string) + > Flow used ending the session from a provider. + +##### `POST` /providers/saml/ + +###### Request: + +Changed content type : `application/json` + +New required properties: + +- `invalidation_flow` + +* Added property `invalidation_flow` (string) + > Flow used ending the session from a provider. + +###### Return Type: + +Changed response : **201 Created** + +- Changed content type : `application/json` + + New required properties: + + - `invalidation_flow` + + * Added property `invalidation_flow` (string) + > Flow used ending the session from a provider. + +##### `GET` /providers/saml/ + +###### Parameters: + +Added: `invalidation_flow` in `query` + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `results` (array) + + Changed items (object): > SAMLProvider Serializer + + New required properties: + + - `invalidation_flow` + + * Added property `invalidation_flow` (string) + > Flow used ending the session from a provider. + +##### `GET` /rac/connection_tokens/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `results` (array) + + Changed items (object): > ConnectionToken Serializer + + - Changed property `provider_obj` (object) + + > RACProvider Serializer + + New required properties: + + - `invalidation_flow` + + * Added property `invalidation_flow` (string) + > Flow used ending the session from a provider. + + - Changed property `endpoint_obj` (object) + + > Endpoint Serializer + + - Changed property `provider_obj` (object) + + > RACProvider Serializer + + New required properties: + + - `invalidation_flow` + + * Added property `invalidation_flow` (string) + > Flow used ending the session from a provider. + +##### `POST` /rac/endpoints/ + +###### Return Type: + +Changed response : **201 Created** + +- Changed content type : `application/json` + + - Changed property `provider_obj` (object) + + > RACProvider Serializer + + New required properties: + + - `invalidation_flow` + + * Added property `invalidation_flow` (string) + > Flow used ending the session from a provider. + +##### `GET` /rac/endpoints/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `results` (array) + + Changed items (object): > Endpoint Serializer + + - Changed property `provider_obj` (object) + + > RACProvider Serializer + + New required properties: + + - `invalidation_flow` + + * Added property `invalidation_flow` (string) + > Flow used ending the session from a provider. + +##### `POST` /sources/saml/ + +###### Request: + +Changed content type : `application/json` + +- Changed property `name_id_policy` (string) + + > NameID Policy sent to the IdP. Can be unset, in which case no Policy is sent. + + Added enum value: + + - `urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName` + Removed enum value: + + - `urn:oasis:names:tc:SAML:2.0:nameid-format:X509SubjectName` + +###### Return Type: + +Changed response : **201 Created** + +- Changed content type : `application/json` + + - Changed property `name_id_policy` (string) + + > NameID Policy sent to the IdP. Can be unset, in which case no Policy is sent. + + Added enum value: + + - `urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName` + Removed enum value: + + - `urn:oasis:names:tc:SAML:2.0:nameid-format:X509SubjectName` + +##### `GET` /sources/saml/ + +###### Parameters: + +Changed: `name_id_policy` in `query` + +> NameID Policy sent to the IdP. Can be unset, in which case no Policy is sent. + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `results` (array) + + Changed items (object): > SAMLSource Serializer + + - Changed property `name_id_policy` (string) + + > NameID Policy sent to the IdP. Can be unset, in which case no Policy is sent. + + Added enum value: + + - `urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName` + Removed enum value: + + - `urn:oasis:names:tc:SAML:2.0:nameid-format:X509SubjectName` + +##### `PUT` /core/transactional/applications/ + +###### Request: + +Changed content type : `application/json` + +- Changed property `provider` (object) + + Updated `authentik_providers_oauth2.oauth2provider` provider_model: + New required properties: + + - `invalidation_flow` + + * Added property `invalidation_flow` (string) + + > Flow used ending the session from a provider. + + * Added property `encryption_key` (string) + + > Key used to encrypt the tokens. When set, tokens will be encrypted and returned as JWEs. + + * Changed property `signing_key` (string) + > Key used to sign the tokens. + + Updated `authentik_providers_radius.radiusprovider` provider_model: + New required properties: + + - `invalidation_flow` + + * Added property `invalidation_flow` (string) + > Flow used ending the session from a provider. + + Updated `authentik_providers_scim.scimprovider` provider_model: + + - Added property `verify_certificates` (boolean) + + Updated `authentik_providers_proxy.proxyprovider` provider_model: + New required properties: + + - `invalidation_flow` + + * Added property `invalidation_flow` (string) + > Flow used ending the session from a provider. + + Updated `authentik_providers_rac.racprovider` provider_model: + New required properties: + + - `invalidation_flow` + + * Added property `invalidation_flow` (string) + > Flow used ending the session from a provider. + + Updated `authentik_providers_saml.samlprovider` provider_model: + New required properties: + + - `invalidation_flow` + + * Added property `invalidation_flow` (string) + > Flow used ending the session from a provider. + + Updated `authentik_providers_ldap.ldapprovider` provider_model: + New required properties: + + - `invalidation_flow` + + * Added property `invalidation_flow` (string) + > Flow used ending the session from a provider. + +##### `GET` /core/user_consent/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `results` (array) + + Changed items (object): > UserConsent Serializer + + - Changed property `application` (object) + + > Application Serializer + + - Changed property `provider_obj` (object) + + > Provider Serializer + + New required properties: + + - `invalidation_flow` + + * Added property `invalidation_flow` (string) + > Flow used ending the session from a provider. + + - Changed property `backchannel_providers_obj` (array) + + Changed items (object): > Provider Serializer + + New required properties: + + - `invalidation_flow` + + * Added property `invalidation_flow` (string) + > Flow used ending the session from a provider. + +##### `GET` /flows/executor/{#123;flow_slug}#125;/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + Added 'ak-stage-session-end' component: + + - Property `flow_info` (object) + + > Contextual flow information for a challenge + + - Property `title` (string) + + - Property `background` (string) + + - Property `cancel_url` (string) + + - Property `layout` (string) + + Enum values: + + - `stacked` + - `content_left` + - `content_right` + - `sidebar_left` + - `sidebar_right` + + - Property `component` (string) + + - Property `response_errors` (object) + + - Property `pending_user` (string) + + - Property `pending_user_avatar` (string) + + - Property `application_name` (string) + + - Property `application_launch_url` (string) + + - Property `invalidation_flow_url` (string) + + - Property `brand_name` (string) + +##### `POST` /flows/executor/{#123;flow_slug}#125;/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + Added 'ak-stage-session-end' component: + +##### `GET` /oauth2/access_tokens/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `results` (array) + + Changed items (object): > Serializer for BaseGrantModel and RefreshToken + + - Changed property `provider` (object) + + > OAuth2Provider Serializer + + New required properties: + + - `invalidation_flow` + + * Added property `invalidation_flow` (string) + + > Flow used ending the session from a provider. + + * Added property `encryption_key` (string) + + > Key used to encrypt the tokens. When set, tokens will be encrypted and returned as JWEs. + + * Changed property `signing_key` (string) + > Key used to sign the tokens. + +##### `GET` /oauth2/authorization_codes/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `results` (array) + + Changed items (object): > Serializer for BaseGrantModel and ExpiringBaseGrant + + - Changed property `provider` (object) + + > OAuth2Provider Serializer + + New required properties: + + - `invalidation_flow` + + * Added property `invalidation_flow` (string) + + > Flow used ending the session from a provider. + + * Added property `encryption_key` (string) + + > Key used to encrypt the tokens. When set, tokens will be encrypted and returned as JWEs. + + * Changed property `signing_key` (string) + > Key used to sign the tokens. + +##### `GET` /oauth2/refresh_tokens/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `results` (array) + + Changed items (object): > Serializer for BaseGrantModel and RefreshToken + + - Changed property `provider` (object) + + > OAuth2Provider Serializer + + New required properties: + + - `invalidation_flow` + + * Added property `invalidation_flow` (string) + + > Flow used ending the session from a provider. + + * Added property `encryption_key` (string) + + > Key used to encrypt the tokens. When set, tokens will be encrypted and returned as JWEs. + + * Changed property `signing_key` (string) + > Key used to sign the tokens. diff --git a/website/sidebars.js b/website/sidebars.js index 811420d7ca3e..0fd73b6e2990 100644 --- a/website/sidebars.js +++ b/website/sidebars.js @@ -2,13 +2,14 @@ import { generateVersionDropdown } from "./src/utils.js"; import apiReference from "./docs/developer-docs/api/reference/sidebar"; const releases = [ + "releases/2024/v2024.10", "releases/2024/v2024.8", "releases/2024/v2024.6", - "releases/2024/v2024.4", { type: "category", label: "Previous versions", items: [ + "releases/2024/v2024.4", "releases/2024/v2024.2", "releases/2023/v2023.10", "releases/2023/v2023.8",