From 6da55dc8aaaa248005a9782aadc0a19c683198f7 Mon Sep 17 00:00:00 2001 From: Tana M Berry Date: Mon, 24 Feb 2025 09:01:31 -0600 Subject: [PATCH] website/docs: update the 2025.2 rel notes (#13213) * removed rc notice, added links to docs * remved todo about SSF preview banner * update sidebar and security Signed-off-by: Jens Langhammer * add api diff Signed-off-by: Jens Langhammer * fix format Signed-off-by: Jens Langhammer * fix link * bolded H3s --------- Signed-off-by: Jens Langhammer Co-authored-by: Tana M Berry Co-authored-by: Jens Langhammer --- SECURITY.md | 2 +- website/docs/releases/2025/v2025.2.md | 2189 ++++++++++++++++++++++++- website/sidebars.js | 3 +- 3 files changed, 2162 insertions(+), 32 deletions(-) diff --git a/SECURITY.md b/SECURITY.md index 956349dacf..1f25e5cde7 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -20,8 +20,8 @@ Even if the issue is not a CVE, we still greatly appreciate your help in hardeni | Version | Supported | | --------- | --------- | -| 2024.10.x | ✅ | | 2024.12.x | ✅ | +| 2025.2.x | ✅ | ## Reporting a Vulnerability diff --git a/website/docs/releases/2025/v2025.2.md b/website/docs/releases/2025/v2025.2.md index bee609ba3f..347460dd35 100644 --- a/website/docs/releases/2025/v2025.2.md +++ b/website/docs/releases/2025/v2025.2.md @@ -3,19 +3,12 @@ title: Release 2025.2 slug: "/releases/2025.2" --- -:::::note -2025.2 has not been released yet! We're publishing these release notes as a preview of what's to come, and for our awesome beta testers trying out release candidates. - -To try out the release candidate, replace your Docker image tag with the latest release candidate number, such as 2025.2.0-rc1. You can find the latest one in [the latest releases on GitHub](https://github.com/goauthentik/authentik/releases). If you don't find any, it means we haven't released one yet. -::::: - ## Highlights -- **SSF Provider Enterprise Preview** Add support for Shared Signals Framework - TODO: Add preview banner to UI +- **SSF Provider Enterprise Preview** Add support for Shared Signals Framework. - **RAC moved open source** Remote access is now available to everyone! -- **GeoIP distance and impossible travel checks** Add the ability to check for the distance a user has moved compared to a previous login, and if the user could have travelled the distance -- **Email OTP Stage** Allow users to use their email accounts as a one-time-password during authentication +- **GeoIP distance and impossible travel checks** Add the ability to check for the distance a user has moved compared to a previous login, and if the user could have travelled the distance. +- **Email OTP Stage** Allow users to use their email accounts as a one-time-password during authentication. - **Fine-grained permission for superuser toggle on groups** Setting the **Is superuser** toggle on a group now requires a separate permission. ## Breaking changes @@ -30,43 +23,39 @@ To try out the release candidate, replace your Docker image tag with the latest ## New features -- SSF Provider Enterprise Preview +- **SSF Provider** Enterprise Preview - [Shared Signals Framework](#todo) allows applications to register a stream with authentik within which they can received events from authentik such as when a session was revoked or a credential was add/changed/deleted and execute actions based on these events. + [Shared Signals Framework](../../add-secure-apps/providers/ssf/index.md) allows applications to register a stream with authentik within which they can received events from authentik such as when a session was revoked or a credential was add/changed/deleted and execute actions based on these events. - This allows admins to integrate authentik with Apple Business/School Manager for federated Apple IDs. See the integration docs [here](#todo) + Using a SSF provider as a backchannel provider allows admins to integrate authentik with Apple Business School Manager for federated Apple IDs. -- RAC to open source +- **RAC moved to open source** Remote access (RDP, VNC and SSH) has moved from enterprise to our free, open source code. We try our best to limit enterprise-specific functionality to features that would be non-essential to homelab users and far more valuable to enterprise use cases. We've had a variety of homelab users reach out with excellent use cases for RAC functionality, so while this will mean giving up some potential revenue, we think that opening up RAC to the community is the right thing to do! -- GeoIP distance and impossible travel checks +- **GeoIP distance and impossible travel checks** Add the ability to check for the distance a user has moved compared to a previous login, and add the option to check impossible travel distances based on client IP. - These options can be used to detect and prevent access from potentially stolen authentik sessions or stolen devices. + These options can be used to detect and prevent access from potentially stolen authentik sessions or stolen devices. Refer to our [documentation](../../customize/policies/index.md#geoip-policy). -- Email OTP Stage +- **Email OTP Authenticator Setup Stage** - Admins now have the ability to configure the option for users to use their email as an authenticator. Users that already have an email address set on their account will be able to use that address to receive one-time-passwords. It is also possible to configure authentik to allow users to add additional email addresses as authenticators. + Admins now have the ability to configure the option for users to use their email address as an authenticator. Users that already have an email address set on their account will be able to use that address to receive one-time-passwords. It is also possible to configure authentik to allow users to add additional email addresses as authenticators. - See [Email OTP Stage](#todo) + See [Email Authenticator Setup Stage](../../add-secure-apps/flows-stages/stages/authenticator_email/index.md). -- Application Wizard is the default way to create applications +- **Application Wizard is the default way to create applications** - The default way of creating an application now allows admins to configure the provider and any kind of bindings without having to jump through different sections of the UI. The previous way of creating an application is and will stay available alongside the new and streamlined method. + The default way of creating an application now allows admins to configure the application and provider at the same time, and also add any kind of bindings without having to navigate through different sections of the UI. The previous way of creating a standalone application is and will stay available alongside the new and streamlined method. -- Fine-grained permission for superuser toggle on groups +- **Fine-grained permission for superuser toggle on groups** - Setting the **Is superuser** toggle on a group now requires a separate permission, making it much easier to allow for delegated management of groups without risking the ability for users to self-elevate permissions. + Setting the **Is superuser** toggle on a group now requires a separate permission, making it much easier to allow for delegated management of groups without risking the ability for users to self-elevate permissions. For details, refer to our [documentation](../../users-sources/groups/manage_groups.mdx#modify-a-group). -- Improved debugging experience +- **Improved debugging experienc**e - For people developing authentik or building very complex, custom integrations, configuring debugging in authentik is now documented [here](#todo) - -## TODO - -temp + For people developing authentik or building very complex, custom integrations, how to configure debugging in authentik is documented [here](../../developer-docs/setup/debugging.md). ## Upgrading @@ -168,4 +157,2144 @@ helm upgrade authentik authentik/authentik -f values.yaml --version ^2025.2 ## API Changes - +#### What's New + +--- + +##### `GET` /authenticators/admin/email/ + +##### `POST` /authenticators/admin/email/ + +##### `GET` /authenticators/admin/email/{id}/ + +##### `PUT` /authenticators/admin/email/{id}/ + +##### `DELETE` /authenticators/admin/email/{id}/ + +##### `PATCH` /authenticators/admin/email/{id}/ + +##### `GET` /authenticators/email/ + +##### `GET` /authenticators/email/{id}/ + +##### `PUT` /authenticators/email/{id}/ + +##### `DELETE` /authenticators/email/{id}/ + +##### `PATCH` /authenticators/email/{id}/ + +##### `GET` /authenticators/email/{id}/used_by/ + +##### `GET` /providers/ssf/ + +##### `POST` /providers/ssf/ + +##### `GET` /providers/ssf/{id}/ + +##### `PUT` /providers/ssf/{id}/ + +##### `DELETE` /providers/ssf/{id}/ + +##### `PATCH` /providers/ssf/{id}/ + +##### `GET` /providers/ssf/{id}/used_by/ + +##### `GET` /ssf/streams/ + +##### `GET` /ssf/streams/{uuid}/ + +##### `GET` /stages/authenticator/email/ + +##### `POST` /stages/authenticator/email/ + +##### `GET` /stages/authenticator/email/{stage_uuid}/ + +##### `PUT` /stages/authenticator/email/{stage_uuid}/ + +##### `DELETE` /stages/authenticator/email/{stage_uuid}/ + +##### `PATCH` /stages/authenticator/email/{stage_uuid}/ + +##### `GET` /stages/authenticator/email/{stage_uuid}/used_by/ + +#### What's Changed + +--- + +##### `GET` /admin/workers/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + +##### `GET` /authenticators/admin/duo/{id}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + New required properties: + + - `user` + + * Added property `user` (object) + + - Property `pk` (integer) + + - Property `username` (string) + + > Required. 150 characters or fewer. Letters, digits and @/./+/-/\_ only. + + - Property `name` (string) + + > User's display name. + + - Property `is_active` (boolean) + + > Designates whether this user should be treated as active. Unselect this instead of deleting accounts. + + - Property `last_login` (string) + + - Property `email` (string) + + - Property `attributes` (object) + + - Property `uid` (string) + +##### `PUT` /authenticators/admin/duo/{id}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + New required properties: + + - `user` + + * Added property `user` (object) + +##### `PATCH` /authenticators/admin/duo/{id}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + New required properties: + + - `user` + + * Added property `user` (object) + +##### `GET` /authenticators/admin/sms/{id}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + New required properties: + + - `user` + + * Added property `user` (object) + +##### `PUT` /authenticators/admin/sms/{id}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + New required properties: + + - `user` + + * Added property `user` (object) + +##### `PATCH` /authenticators/admin/sms/{id}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + New required properties: + + - `user` + + * Added property `user` (object) + +##### `GET` /authenticators/admin/totp/{id}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + New required properties: + + - `user` + + * Added property `user` (object) + +##### `PUT` /authenticators/admin/totp/{id}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + New required properties: + + - `user` + + * Added property `user` (object) + +##### `PATCH` /authenticators/admin/totp/{id}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + New required properties: + + - `user` + + * Added property `user` (object) + +##### `GET` /authenticators/admin/webauthn/{id}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + New required properties: + + - `user` + + * Added property `user` (object) + +##### `PUT` /authenticators/admin/webauthn/{id}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + New required properties: + + - `user` + + * Added property `user` (object) + +##### `PATCH` /authenticators/admin/webauthn/{id}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + New required properties: + + - `user` + + * Added property `user` (object) + +##### `GET` /authenticators/duo/{id}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + New required properties: + + - `user` + + * Added property `user` (object) + +##### `PUT` /authenticators/duo/{id}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + New required properties: + + - `user` + + * Added property `user` (object) + +##### `PATCH` /authenticators/duo/{id}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + New required properties: + + - `user` + + * Added property `user` (object) + +##### `GET` /authenticators/sms/{id}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + New required properties: + + - `user` + + * Added property `user` (object) + +##### `PUT` /authenticators/sms/{id}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + New required properties: + + - `user` + + * Added property `user` (object) + +##### `PATCH` /authenticators/sms/{id}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + New required properties: + + - `user` + + * Added property `user` (object) + +##### `GET` /authenticators/totp/{id}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + New required properties: + + - `user` + + * Added property `user` (object) + +##### `PUT` /authenticators/totp/{id}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + New required properties: + + - `user` + + * Added property `user` (object) + +##### `PATCH` /authenticators/totp/{id}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + New required properties: + + - `user` + + * Added property `user` (object) + +##### `GET` /authenticators/webauthn/{id}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + New required properties: + + - `user` + + * Added property `user` (object) + +##### `PUT` /authenticators/webauthn/{id}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + New required properties: + + - `user` + + * Added property `user` (object) + +##### `PATCH` /authenticators/webauthn/{id}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + New required properties: + + - `user` + + * Added property `user` (object) + +##### `GET` /policies/event_matcher/{policy_uuid}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `app` (string) + + > Match events created by selected application. When left empty, all applications are matched. + + Added enum values: + + - `authentik.providers.rac` + - `authentik.stages.authenticator_email` + - `authentik.enterprise.providers.ssf` + Removed enum value: + + - `authentik.enterprise.providers.rac` + + - Changed property `model` (string) + + > Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched. + + Added enum values: + + - `authentik_stages_authenticator_email.authenticatoremailstage` + - `authentik_stages_authenticator_email.emaildevice` + - `authentik_providers_ssf.ssfprovider` + +##### `PUT` /policies/event_matcher/{policy_uuid}/ + +###### Request: + +Changed content type : `application/json` + +- Changed property `app` (string) + + > Match events created by selected application. When left empty, all applications are matched. + + Added enum values: + + - `authentik.providers.rac` + - `authentik.stages.authenticator_email` + - `authentik.enterprise.providers.ssf` + Removed enum value: + + - `authentik.enterprise.providers.rac` + +- Changed property `model` (string) + + > Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched. + + Added enum values: + + - `authentik_stages_authenticator_email.authenticatoremailstage` + - `authentik_stages_authenticator_email.emaildevice` + - `authentik_providers_ssf.ssfprovider` + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `app` (string) + + > Match events created by selected application. When left empty, all applications are matched. + + Added enum values: + + - `authentik.providers.rac` + - `authentik.stages.authenticator_email` + - `authentik.enterprise.providers.ssf` + Removed enum value: + + - `authentik.enterprise.providers.rac` + + - Changed property `model` (string) + + > Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched. + + Added enum values: + + - `authentik_stages_authenticator_email.authenticatoremailstage` + - `authentik_stages_authenticator_email.emaildevice` + - `authentik_providers_ssf.ssfprovider` + +##### `PATCH` /policies/event_matcher/{policy_uuid}/ + +###### Request: + +Changed content type : `application/json` + +- Changed property `app` (string) + + > Match events created by selected application. When left empty, all applications are matched. + + Added enum values: + + - `authentik.providers.rac` + - `authentik.stages.authenticator_email` + - `authentik.enterprise.providers.ssf` + Removed enum value: + + - `authentik.enterprise.providers.rac` + +- Changed property `model` (string) + + > Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched. + + Added enum values: + + - `authentik_stages_authenticator_email.authenticatoremailstage` + - `authentik_stages_authenticator_email.emaildevice` + - `authentik_providers_ssf.ssfprovider` + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `app` (string) + + > Match events created by selected application. When left empty, all applications are matched. + + Added enum values: + + - `authentik.providers.rac` + - `authentik.stages.authenticator_email` + - `authentik.enterprise.providers.ssf` + Removed enum value: + + - `authentik.enterprise.providers.rac` + + - Changed property `model` (string) + + > Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched. + + Added enum values: + + - `authentik_stages_authenticator_email.authenticatoremailstage` + - `authentik_stages_authenticator_email.emaildevice` + - `authentik_providers_ssf.ssfprovider` + +##### `GET` /providers/saml/{id}/metadata/ + +###### Return Type: + +Changed response : **200 OK** + +- New content type : `application/xml` + +##### `POST` /authenticators/admin/duo/ + +###### Return Type: + +Changed response : **201 Created** + +- Changed content type : `application/json` + + New required properties: + + - `user` + + * Added property `user` (object) + +##### `GET` /authenticators/admin/duo/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `results` (array) + + Changed items (object): > Serializer for Duo authenticator devices + + New required properties: + + - `user` + + * Added property `user` (object) + +##### `POST` /authenticators/admin/sms/ + +###### Return Type: + +Changed response : **201 Created** + +- Changed content type : `application/json` + + New required properties: + + - `user` + + * Added property `user` (object) + +##### `GET` /authenticators/admin/sms/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `results` (array) + + Changed items (object): > Serializer for sms authenticator devices + + New required properties: + + - `user` + + * Added property `user` (object) + +##### `GET` /authenticators/admin/static/{id}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + New required properties: + + - `user` + + * Added property `user` (object) + +##### `PUT` /authenticators/admin/static/{id}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + New required properties: + + - `user` + + * Added property `user` (object) + +##### `PATCH` /authenticators/admin/static/{id}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + New required properties: + + - `user` + + * Added property `user` (object) + +##### `POST` /authenticators/admin/totp/ + +###### Return Type: + +Changed response : **201 Created** + +- Changed content type : `application/json` + + New required properties: + + - `user` + + * Added property `user` (object) + +##### `GET` /authenticators/admin/totp/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `results` (array) + + Changed items (object): > Serializer for totp authenticator devices + + New required properties: + + - `user` + + * Added property `user` (object) + +##### `POST` /authenticators/admin/webauthn/ + +###### Return Type: + +Changed response : **201 Created** + +- Changed content type : `application/json` + + New required properties: + + - `user` + + * Added property `user` (object) + +##### `GET` /authenticators/admin/webauthn/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `results` (array) + + Changed items (object): > Serializer for WebAuthn authenticator devices + + New required properties: + + - `user` + + * Added property `user` (object) + +##### `GET` /authenticators/duo/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `results` (array) + + Changed items (object): > Serializer for Duo authenticator devices + + New required properties: + + - `user` + + * Added property `user` (object) + +##### `GET` /authenticators/sms/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `results` (array) + + Changed items (object): > Serializer for sms authenticator devices + + New required properties: + + - `user` + + * Added property `user` (object) + +##### `GET` /authenticators/static/{id}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + New required properties: + + - `user` + + * Added property `user` (object) + +##### `PUT` /authenticators/static/{id}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + New required properties: + + - `user` + + * Added property `user` (object) + +##### `PATCH` /authenticators/static/{id}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + New required properties: + + - `user` + + * Added property `user` (object) + +##### `GET` /authenticators/totp/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `results` (array) + + Changed items (object): > Serializer for totp authenticator devices + + New required properties: + + - `user` + + * Added property `user` (object) + +##### `GET` /authenticators/webauthn/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `results` (array) + + Changed items (object): > Serializer for WebAuthn authenticator devices + + New required properties: + + - `user` + + * Added property `user` (object) + +##### `GET` /core/tokens/{identifier}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `user_obj` (object) + + > User Serializer + + New required properties: + + - `password_change_date` + + * Added property `password_change_date` (string) + +##### `PUT` /core/tokens/{identifier}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `user_obj` (object) + + > User Serializer + + New required properties: + + - `password_change_date` + + * Added property `password_change_date` (string) + +##### `PATCH` /core/tokens/{identifier}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `user_obj` (object) + + > User Serializer + + New required properties: + + - `password_change_date` + + * Added property `password_change_date` (string) + +##### `GET` /core/users/{id}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + New required properties: + + - `password_change_date` + + * Added property `password_change_date` (string) + +##### `PUT` /core/users/{id}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + New required properties: + + - `password_change_date` + + * Added property `password_change_date` (string) + +##### `PATCH` /core/users/{id}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + New required properties: + + - `password_change_date` + + * Added property `password_change_date` (string) + +##### `GET` /policies/bindings/{policy_binding_uuid}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `user_obj` (object) + + > User Serializer + + New required properties: + + - `password_change_date` + + * Added property `password_change_date` (string) + +##### `PUT` /policies/bindings/{policy_binding_uuid}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `user_obj` (object) + + > User Serializer + + New required properties: + + - `password_change_date` + + * Added property `password_change_date` (string) + +##### `PATCH` /policies/bindings/{policy_binding_uuid}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `user_obj` (object) + + > User Serializer + + New required properties: + + - `password_change_date` + + * Added property `password_change_date` (string) + +##### `POST` /policies/event_matcher/ + +###### Request: + +Changed content type : `application/json` + +- Changed property `app` (string) + + > Match events created by selected application. When left empty, all applications are matched. + + Added enum values: + + - `authentik.providers.rac` + - `authentik.stages.authenticator_email` + - `authentik.enterprise.providers.ssf` + Removed enum value: + + - `authentik.enterprise.providers.rac` + +- Changed property `model` (string) + + > Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched. + + Added enum values: + + - `authentik_stages_authenticator_email.authenticatoremailstage` + - `authentik_stages_authenticator_email.emaildevice` + - `authentik_providers_ssf.ssfprovider` + +###### Return Type: + +Changed response : **201 Created** + +- Changed content type : `application/json` + + - Changed property `app` (string) + + > Match events created by selected application. When left empty, all applications are matched. + + Added enum values: + + - `authentik.providers.rac` + - `authentik.stages.authenticator_email` + - `authentik.enterprise.providers.ssf` + Removed enum value: + + - `authentik.enterprise.providers.rac` + + - Changed property `model` (string) + + > Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched. + + Added enum values: + + - `authentik_stages_authenticator_email.authenticatoremailstage` + - `authentik_stages_authenticator_email.emaildevice` + - `authentik_providers_ssf.ssfprovider` + +##### `GET` /policies/event_matcher/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `results` (array) + + Changed items (object): > Event Matcher Policy Serializer + + - Changed property `app` (string) + + > Match events created by selected application. When left empty, all applications are matched. + + Added enum values: + + - `authentik.providers.rac` + - `authentik.stages.authenticator_email` + - `authentik.enterprise.providers.ssf` + Removed enum value: + + - `authentik.enterprise.providers.rac` + + - Changed property `model` (string) + + > Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched. + + Added enum values: + + - `authentik_stages_authenticator_email.authenticatoremailstage` + - `authentik_stages_authenticator_email.emaildevice` + - `authentik_providers_ssf.ssfprovider` + +##### `GET` /policies/geoip/{policy_uuid}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Added property `check_history_distance` (boolean) + + - Added property `history_max_distance_km` (integer) + + - Added property `distance_tolerance_km` (integer) + + - Added property `history_login_count` (integer) + + - Added property `check_impossible_travel` (boolean) + + - Added property `impossible_tolerance_km` (integer) + +##### `PUT` /policies/geoip/{policy_uuid}/ + +###### Request: + +Changed content type : `application/json` + +- Added property `check_history_distance` (boolean) + +- Added property `history_max_distance_km` (integer) + +- Added property `distance_tolerance_km` (integer) + +- Added property `history_login_count` (integer) + +- Added property `check_impossible_travel` (boolean) + +- Added property `impossible_tolerance_km` (integer) + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Added property `check_history_distance` (boolean) + + - Added property `history_max_distance_km` (integer) + + - Added property `distance_tolerance_km` (integer) + + - Added property `history_login_count` (integer) + + - Added property `check_impossible_travel` (boolean) + + - Added property `impossible_tolerance_km` (integer) + +##### `PATCH` /policies/geoip/{policy_uuid}/ + +###### Request: + +Changed content type : `application/json` + +- Added property `check_history_distance` (boolean) + +- Added property `history_max_distance_km` (integer) + +- Added property `distance_tolerance_km` (integer) + +- Added property `history_login_count` (integer) + +- Added property `check_impossible_travel` (boolean) + +- Added property `impossible_tolerance_km` (integer) + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Added property `check_history_distance` (boolean) + + - Added property `history_max_distance_km` (integer) + + - Added property `distance_tolerance_km` (integer) + + - Added property `history_login_count` (integer) + + - Added property `check_impossible_travel` (boolean) + + - Added property `impossible_tolerance_km` (integer) + +##### `POST` /rbac/permissions/assigned_by_roles/{uuid}/assign/ + +###### Request: + +Changed content type : `application/json` + +- Changed property `model` (string) + + Added enum values: + + - `authentik_stages_authenticator_email.authenticatoremailstage` + - `authentik_stages_authenticator_email.emaildevice` + - `authentik_providers_ssf.ssfprovider` + +##### `PATCH` /rbac/permissions/assigned_by_roles/{uuid}/unassign/ + +###### Request: + +Changed content type : `application/json` + +- Changed property `model` (string) + + Added enum values: + + - `authentik_stages_authenticator_email.authenticatoremailstage` + - `authentik_stages_authenticator_email.emaildevice` + - `authentik_providers_ssf.ssfprovider` + +##### `POST` /rbac/permissions/assigned_by_users/{id}/assign/ + +###### Request: + +Changed content type : `application/json` + +- Changed property `model` (string) + + Added enum values: + + - `authentik_stages_authenticator_email.authenticatoremailstage` + - `authentik_stages_authenticator_email.emaildevice` + - `authentik_providers_ssf.ssfprovider` + +##### `PATCH` /rbac/permissions/assigned_by_users/{id}/unassign/ + +###### Request: + +Changed content type : `application/json` + +- Changed property `model` (string) + + Added enum values: + + - `authentik_stages_authenticator_email.authenticatoremailstage` + - `authentik_stages_authenticator_email.emaildevice` + - `authentik_providers_ssf.ssfprovider` + +##### `GET` /sources/scim/{slug}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `token_obj` (object) + + > Token Serializer + + - Changed property `user_obj` (object) + + > User Serializer + + New required properties: + + - `password_change_date` + + * Added property `password_change_date` (string) + +##### `PUT` /sources/scim/{slug}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `token_obj` (object) + + > Token Serializer + + - Changed property `user_obj` (object) + + > User Serializer + + New required properties: + + - `password_change_date` + + * Added property `password_change_date` (string) + +##### `PATCH` /sources/scim/{slug}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `token_obj` (object) + + > Token Serializer + + - Changed property `user_obj` (object) + + > User Serializer + + New required properties: + + - `password_change_date` + + * Added property `password_change_date` (string) + +##### `POST` /authenticators/admin/static/ + +###### Return Type: + +Changed response : **201 Created** + +- Changed content type : `application/json` + + New required properties: + + - `user` + + * Added property `user` (object) + +##### `GET` /authenticators/admin/static/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `results` (array) + + Changed items (object): > Serializer for static authenticator devices + + New required properties: + + - `user` + + * Added property `user` (object) + +##### `GET` /authenticators/static/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `results` (array) + + Changed items (object): > Serializer for static authenticator devices + + New required properties: + + - `user` + + * Added property `user` (object) + +##### `POST` /core/tokens/ + +###### Return Type: + +Changed response : **201 Created** + +- Changed content type : `application/json` + + - Changed property `user_obj` (object) + + > User Serializer + + New required properties: + + - `password_change_date` + + * Added property `password_change_date` (string) + +##### `GET` /core/tokens/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `results` (array) + + Changed items (object): > Token Serializer + + - Changed property `user_obj` (object) + + > User Serializer + + New required properties: + + - `password_change_date` + + * Added property `password_change_date` (string) + +##### `GET` /core/user_consent/{id}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `user` (object) + + > User Serializer + + New required properties: + + - `password_change_date` + + * Added property `password_change_date` (string) + +##### `POST` /core/users/ + +###### Return Type: + +Changed response : **201 Created** + +- Changed content type : `application/json` + + New required properties: + + - `password_change_date` + + * Added property `password_change_date` (string) + +##### `GET` /core/users/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `results` (array) + + Changed items (object): > User Serializer + + New required properties: + + - `password_change_date` + + * Added property `password_change_date` (string) + +##### `GET` /flows/bindings/{fsb_uuid}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `re_evaluate_policies` (boolean) + > Evaluate policies when the Stage is presented to the user. + +##### `PUT` /flows/bindings/{fsb_uuid}/ + +###### Request: + +Changed content type : `application/json` + +- Changed property `re_evaluate_policies` (boolean) + > Evaluate policies when the Stage is presented to the user. + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `re_evaluate_policies` (boolean) + > Evaluate policies when the Stage is presented to the user. + +##### `PATCH` /flows/bindings/{fsb_uuid}/ + +###### Request: + +Changed content type : `application/json` + +- Changed property `re_evaluate_policies` (boolean) + > Evaluate policies when the Stage is presented to the user. + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `re_evaluate_policies` (boolean) + > Evaluate policies when the Stage is presented to the user. + +##### `POST` /policies/bindings/ + +###### Return Type: + +Changed response : **201 Created** + +- Changed content type : `application/json` + + - Changed property `user_obj` (object) + + > User Serializer + + New required properties: + + - `password_change_date` + + * Added property `password_change_date` (string) + +##### `GET` /policies/bindings/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `results` (array) + + Changed items (object): > PolicyBinding Serializer + + - Changed property `user_obj` (object) + + > User Serializer + + New required properties: + + - `password_change_date` + + * Added property `password_change_date` (string) + +##### `POST` /policies/geoip/ + +###### Request: + +Changed content type : `application/json` + +- Added property `check_history_distance` (boolean) + +- Added property `history_max_distance_km` (integer) + +- Added property `distance_tolerance_km` (integer) + +- Added property `history_login_count` (integer) + +- Added property `check_impossible_travel` (boolean) + +- Added property `impossible_tolerance_km` (integer) + +###### Return Type: + +Changed response : **201 Created** + +- Changed content type : `application/json` + + - Added property `check_history_distance` (boolean) + + - Added property `history_max_distance_km` (integer) + + - Added property `distance_tolerance_km` (integer) + + - Added property `history_login_count` (integer) + + - Added property `check_impossible_travel` (boolean) + + - Added property `impossible_tolerance_km` (integer) + +##### `GET` /policies/geoip/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `results` (array) + + Changed items (object): > GeoIP Policy Serializer + + - Added property `check_history_distance` (boolean) + + - Added property `history_max_distance_km` (integer) + + - Added property `distance_tolerance_km` (integer) + + - Added property `history_login_count` (integer) + + - Added property `check_impossible_travel` (boolean) + + - Added property `impossible_tolerance_km` (integer) + +##### `GET` /rbac/permissions/assigned_by_roles/ + +###### Parameters: + +Changed: `model` in `query` + +##### `GET` /rbac/permissions/assigned_by_users/ + +###### Parameters: + +Changed: `model` in `query` + +##### `GET` /sources/all/ + +###### Parameters: + +Added: `pbm_uuid` in `query` + +##### `GET` /sources/kerberos/ + +###### Parameters: + +Added: `pbm_uuid` in `query` + +##### `GET` /sources/ldap/ + +###### Parameters: + +Added: `pbm_uuid` in `query` + +##### `GET` /sources/oauth/ + +###### Parameters: + +Added: `pbm_uuid` in `query` + +##### `GET` /sources/plex/ + +###### Parameters: + +Added: `pbm_uuid` in `query` + +##### `GET` /sources/saml/ + +###### Parameters: + +Added: `pbm_uuid` in `query` + +##### `POST` /sources/scim/ + +###### Return Type: + +Changed response : **201 Created** + +- Changed content type : `application/json` + + - Changed property `token_obj` (object) + + > Token Serializer + + - Changed property `user_obj` (object) + + > User Serializer + + New required properties: + + - `password_change_date` + + * Added property `password_change_date` (string) + +##### `GET` /sources/scim/ + +###### Parameters: + +Added: `pbm_uuid` in `query` + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `results` (array) + + Changed items (object): > SCIMSource Serializer + + - Changed property `token_obj` (object) + + > Token Serializer + + - Changed property `user_obj` (object) + + > User Serializer + + New required properties: + + - `password_change_date` + + * Added property `password_change_date` (string) + +##### `GET` /stages/authenticator/validate/{stage_uuid}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `device_classes` (array) + + > Device classes which can be used to authenticate + + Changed items (string): + + Added enum value: + + - `email` + +##### `PUT` /stages/authenticator/validate/{stage_uuid}/ + +###### Request: + +Changed content type : `application/json` + +- Changed property `device_classes` (array) + + > Device classes which can be used to authenticate + + Changed items (string): + + Added enum value: + + - `email` + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `device_classes` (array) + + > Device classes which can be used to authenticate + + Changed items (string): + + Added enum value: + + - `email` + +##### `PATCH` /stages/authenticator/validate/{stage_uuid}/ + +###### Request: + +Changed content type : `application/json` + +- Changed property `device_classes` (array) + + > Device classes which can be used to authenticate + + Changed items (string): + + Added enum value: + + - `email` + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `device_classes` (array) + + > Device classes which can be used to authenticate + + Changed items (string): + + Added enum value: + + - `email` + +##### `GET` /core/user_consent/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `results` (array) + + Changed items (object): > UserConsent Serializer + + - Changed property `user` (object) + + > User Serializer + + New required properties: + + - `password_change_date` + + * Added property `password_change_date` (string) + +##### `POST` /flows/bindings/ + +###### Request: + +Changed content type : `application/json` + +- Changed property `re_evaluate_policies` (boolean) + > Evaluate policies when the Stage is presented to the user. + +###### Return Type: + +Changed response : **201 Created** + +- Changed content type : `application/json` + + - Changed property `re_evaluate_policies` (boolean) + > Evaluate policies when the Stage is presented to the user. + +##### `GET` /flows/bindings/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `results` (array) + + Changed items (object): > FlowStageBinding Serializer + + - Changed property `re_evaluate_policies` (boolean) + > Evaluate policies when the Stage is presented to the user. + +##### `GET` /flows/executor/{flow_slug}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + Added 'ak-stage-authenticator-email' component: + + - Property `flow_info` (object) + + > Contextual flow information for a challenge + + - Property `title` (string) + + - Property `background` (string) + + - Property `cancel_url` (string) + + - Property `layout` (string) + + Enum values: + + - `stacked` + - `content_left` + - `content_right` + - `sidebar_left` + - `sidebar_right` + + - Property `component` (string) + + - Property `response_errors` (object) + + - Property `pending_user` (string) + + - Property `pending_user_avatar` (string) + + - Property `email` (string) + + - Property `email_required` (boolean) + +##### `POST` /flows/executor/{flow_slug}/ + +###### Request: + +Changed content type : `application/json` + +Added 'ak-stage-authenticator-email' component: + +- Property `component` (string) + +- Property `code` (integer) + +- Property `email` (string) + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + Added 'ak-stage-authenticator-email' component: + +##### `GET` /flows/inspector/{flow_slug}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `plans` (array) + + Changed items (object): > Serializer for an active FlowPlan + + - Changed property `next_planned_stage` (object) + + > FlowStageBinding Serializer + + - Changed property `re_evaluate_policies` (boolean) + > Evaluate policies when the Stage is presented to the user. + + - Changed property `current_stage` (object) + + > FlowStageBinding Serializer + + - Changed property `re_evaluate_policies` (boolean) + > Evaluate policies when the Stage is presented to the user. + +##### `GET` /oauth2/access_tokens/{id}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `user` (object) + + > User Serializer + + New required properties: + + - `password_change_date` + + * Added property `password_change_date` (string) + +##### `GET` /oauth2/authorization_codes/{id}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `user` (object) + + > User Serializer + + New required properties: + + - `password_change_date` + + * Added property `password_change_date` (string) + +##### `GET` /oauth2/refresh_tokens/{id}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `user` (object) + + > User Serializer + + New required properties: + + - `password_change_date` + + * Added property `password_change_date` (string) + +##### `POST` /stages/authenticator/validate/ + +###### Request: + +Changed content type : `application/json` + +- Changed property `device_classes` (array) + + > Device classes which can be used to authenticate + + Changed items (string): + + Added enum value: + + - `email` + +###### Return Type: + +Changed response : **201 Created** + +- Changed content type : `application/json` + + - Changed property `device_classes` (array) + + > Device classes which can be used to authenticate + + Changed items (string): + + Added enum value: + + - `email` + +##### `GET` /stages/authenticator/validate/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `results` (array) + + Changed items (object): > AuthenticatorValidateStage Serializer + + - Changed property `device_classes` (array) + + > Device classes which can be used to authenticate + + Changed items (string): + + Added enum value: + + - `email` + +##### `PUT` /core/transactional/applications/ + +###### Request: + +Changed content type : `application/json` + +- Changed property `provider_model` (string) + + Added enum value: + + - `authentik_providers_ssf.ssfprovider` + +- Changed property `provider` (object) + + Added 'authentik_providers_ssf.ssfprovider' provider_model: + + - Property `name` (string) + + - Property `signing_key` (string) + + > Key used to sign the SSF Events. + + - Property `oidc_auth_providers` (array) + + Items (integer): + + - Property `event_retention` (string) + +##### `GET` /oauth2/access_tokens/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `results` (array) + + Changed items (object): > Serializer for BaseGrantModel and RefreshToken + + - Changed property `user` (object) + + > User Serializer + + New required properties: + + - `password_change_date` + + * Added property `password_change_date` (string) + +##### `GET` /oauth2/authorization_codes/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `results` (array) + + Changed items (object): > Serializer for BaseGrantModel and ExpiringBaseGrant + + - Changed property `user` (object) + + > User Serializer + + New required properties: + + - `password_change_date` + + * Added property `password_change_date` (string) + +##### `GET` /oauth2/refresh_tokens/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `results` (array) + + Changed items (object): > Serializer for BaseGrantModel and RefreshToken + + - Changed property `user` (object) + + > User Serializer + + New required properties: + + - `password_change_date` + + * Added property `password_change_date` (string) diff --git a/website/sidebars.js b/website/sidebars.js index bb85ef043c..4a180d9b1a 100644 --- a/website/sidebars.js +++ b/website/sidebars.js @@ -2,13 +2,14 @@ import { generateVersionDropdown } from "./src/utils.js"; import apiReference from "./docs/developer-docs/api/reference/sidebar"; const releases = [ + "releases/2025/v2025.2", "releases/2024/v2024.12", "releases/2024/v2024.10", - "releases/2024/v2024.8", { type: "category", label: "Previous versions", items: [ + "releases/2024/v2024.8", "releases/2024/v2024.6", "releases/2024/v2024.4", "releases/2024/v2024.2",