From a02868a27dfdefea80ffdb0b151a888d024929f5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcelo=20Elizeche=20Land=C3=B3?= Date: Tue, 29 Apr 2025 14:48:49 -0400 Subject: [PATCH] website/docs: Release notes 2025.4.0 (#14281) * remove rc notice and enterprise tag for the span * Edit sidebar and security.md * Add api changes and minor fixes * Fix linting * fix netlify linter * Update website/docs/releases/2025/v2025.4.md Signed-off-by: Tana M Berry * Update website/docs/releases/2025/v2025.4.md Signed-off-by: Tana M Berry * remove changelog entries that shouldn't be there Signed-off-by: Marc 'risson' Schmitt * Update v2025.4.md Signed-off-by: Tana M Berry * Update v2025.4.md Signed-off-by: Tana M Berry * fix linting --------- Signed-off-by: Tana M Berry Signed-off-by: Marc 'risson' Schmitt Co-authored-by: Tana M Berry Co-authored-by: Marc 'risson' Schmitt --- SECURITY.md | 2 +- website/docs/releases/2025/v2025.4.md | 3382 ++++++++++++++++++++++++- website/sidebars.js | 3 +- 3 files changed, 3373 insertions(+), 14 deletions(-) diff --git a/SECURITY.md b/SECURITY.md index 15b6b9c0ff..c17b13b244 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -20,8 +20,8 @@ Even if the issue is not a CVE, we still greatly appreciate your help in hardeni | Version | Supported | | --------- | --------- | -| 2024.12.x | ✅ | | 2025.2.x | ✅ | +| 2025.4.x | ✅ | ## Reporting a Vulnerability diff --git a/website/docs/releases/2025/v2025.4.md b/website/docs/releases/2025/v2025.4.md index c417f5dadc..3211056396 100644 --- a/website/docs/releases/2025/v2025.4.md +++ b/website/docs/releases/2025/v2025.4.md @@ -3,12 +3,6 @@ title: Release 2025.4 slug: "/releases/2025.4" --- -:::::note -2025.4 has not been released yet! We're publishing these release notes as a preview of what's to come, and for our awesome beta testers trying out release candidates. - -To try out the release candidate, replace your Docker image tag with the latest release candidate number, such as 2025.4.0-rc2. You can find the latest one in [the latest releases on GitHub](https://github.com/goauthentik/authentik/releases). If you don't find any, it means we haven't released one yet. -::::: - ## Highlights - **Improve membership resolution for the LDAP Source** Allow lookups of LDAP group memberships from user attributes as an alternative to lookups from group attributes. This also allows for nested group lookups in Active Directory. @@ -17,7 +11,7 @@ To try out the release candidate, replace your Docker image tag with the latest - **RBAC: Initial Permissions** :ak-preview Provides more flexible access control by assigning permissions to the user/role creating a new object in authentik. Use **Initial Permissions** as a pragmatic way to implement the principle of least privilege. -- **Password History Policy** :ak-enterprise A new policy can prevent users from reusing previous passwords; admins are able to configure how many previous password hashes the system will store and evaluate. This new policy makes it easier to enforce password reuse requirements, such as for fedRAMP compliance. +- **Password History Policy** Enterprise A new policy (the Password Uniqueness policy) can be implemented to prevent users from reusing previous passwords; admins are able to configure how many previous password hashes the system will store and evaluate. This new policy makes it easier to enforce password reuse requirements, such as for FedRAMP compliance. - **Source Sync Dry Run** :ak-preview Add the option for dry-run syncs for SCIM, Google Workspace, and Entra to preview the results of a sync without affecting live accounts. @@ -60,19 +54,23 @@ Previously, sessions were stored by default in the cache. Now, they are stored i ## New features -- **Remember me**: Users can now choose to skip entering their usernames after their first login on the same device. This feature is optional and admins can enable it in the [Identification stage](https://TODO). +- **Remember me**: Users can now choose to skip entering their usernames after their first login on the same device. This feature is optional and admins can enable it in the [Identification stage](../../add-secure-apps/flows-stages/stages/identification/index.mdx). - **RBAC: Initial Permissions** - In hardened authentik installations, it is possible for a user to have permission to create an object type, but not to view/change/delete(/etc) objects of that type. Previously, this could result in a user creating an object and then not having any access to that object. `InitialPermissions` is a mechanism to automatically add permissions to any object on creation. + In hardened authentik installations, it is possible for a user to have permission to create an object type, but not to view/change/delete(/etc) objects of that type. Previously, this could result in a user creating an object and then not having any access to that object. `InitialPermissions` is a mechanism to automatically add permissions to any object on creation. Refer to our [documentation](../../users-sources/access-control/initial_permissions.mdx) for more details. - **Reputation score limit** - Reputation scores now have a configurable numerical limit in addition to the [already existing temporal limit](https://docs.goauthentik.io/docs/install-config/configuration/#authentik_reputation__expiry). + Reputation scores now have a configurable numerical limit in addition to the [already existing temporal limit](https://docs.goauthentik.io/docs/install-config/configuration/#authentik_reputation_expiry). -- **Support for PostgreSQL Connection Pools**: See [description](#highlights) under Highlights. Refer to our [documentation](https://TODO). +- **Support for PostgreSQL Connection Pools**: See [description](#highlights) under Highlights. Refer to our [documentation](../../install-config/configuration/configuration.mdx). -- **Password History Policy**: See [description](#highlights) under Highlights. Refer to our [documentation](https://TODO). +- **Password History Policy**: See [description](#highlights) under Highlights. Refer to our [documentation](../../customize/policies/unique_password.md). + +- **Improve membership resolution for the LDAP Source**: See [description](#highlights) under Highlights. Refer to our [documentation](../../users-sources/sources/directory-sync/active-directory/index.md). + +- **Source Sync Dry Run**: See [description](#highlights) under Highlights. ## New integration guides @@ -123,8 +121,3368 @@ helm upgrade authentik authentik/authentik -f values.yaml --version ^2025.4 ## Minor changes/fixes +- \*/saml: allow for domainless SAML URLs (#13737) +- \*: fix stage incorrectly being inserted instead of appended (#13304) +- admin: fix system API when using bearer token (#13651) +- blueprints: Adjust title for MFA set up (#13400) +- brands: add option to set global default flow background (#13079) +- brands: fix migration 0008 by removing incorrect context manager usage (#13635) +- brands: migrate custom CSS to brands (#13172) +- cmd: set version in outposts (#13116) +- cmd: set version in outposts (cherry-pick #13116) (#13122) +- core: Tidy contributor onboarding, fix typos. (#12700) +- core: add darkreader-lock (#13183) +- core: add pre-hydrated relative URL (#13243) +- core: clear expired database sessions (#13105) +- core: fix core/user is_superuser filter (#13693) +- core: fix double slash in cache key (#13721) +- core: fix error when viewing used_by for built-in source (#13588) +- core: fix flaky tests introduced with is_superuser API fix (#13709) +- core: fix migrations (#14009) +- core: fix non-exploitable open redirect (#13696) +- core: migrate all sessions to the database (#9736) +- core: users API: add date_joined (#13817) +- enterprise/policies: Add Password Uniqueness History Policy (#13453) +- enterprise/stages/source: fix Source stage not executing authentication/enrollment flow (#12875) +- enterprise/stages/source: fix dispatch method signature (#13321) +- enterprise/stages/source: set is_redirected in flow source stage redirects to (#13604) +- events: add configurable headers to webhooks (#13602) +- flows: fix API not returning configured background (#13641) +- lib/config: fix conn_max_age parsing (#13370) +- lib/sync/outgoing: add dry run (#13244) +- lib: set a default HTTP timeout on outgoing requests (#13599) +- lifecycle/migrate: fix migration failing if killed during first startup (#14207) +- lifecycle: add warning regarding supported installation methods (#13190) +- outposts/controllers: k8s: sanitize resource names to comply with DNS subdomain standards (#13444) +- outposts/ldap: fix paginator going into infinite loop (#13677) +- outposts: add support for gateway API (#13272) +- policies/geoip: fix math in impossible travel (#13141) +- policies/geoip: fix result when only dynamic results are used (#14107) +- policies/reputation: limit reputation score (#14008) +- policies: buffered policy access view for concurrent authorization attempts when unauthenticated (#13629) +- providers/SCIM: fix object exists error for users, attempt to look up user ID in remote system (#13437) +- providers/oauth2, rac: make sure tokens are revoked after session deletion (#14011) +- providers/oauth2: offline_access don't require explicit consent (#13419) +- providers/oauth2: properly support P-384 and P-521 keys (#13317) +- providers/proxy: kubernetes outpost: fix reconcile when only annotations changed (#13372) +- providers/rac: fix signals and Endpoint caching (#13529) +- providers/rac: move to open source (#13015) +- providers/saml: configurable AuthnContextClassRef (#13566) +- providers/scim: add compatibility mode for AWS & Slack (#13342) +- providers/scim: fix group membership check failing (#13644) +- providers/scim: save attributes returned from remote system like google workspace and entra ID (#13459) +- rbac: add `InitialPermissions` (#13795) +- rbac: add `name` to Permissions search (#14269) +- remove rc notice and enterprise tag for the span +- revert: rbac: exclude permissions for internal models (#12803) (#13138) +- root: allow configuring session cookie age (#12389) +- root: bump python client generator version (#13467) +- root: bump python patch version to 3.12.9 (#13710) +- root: fix dependency install due to description-file (#13655) +- root: fix uv lock file on macOS (#13578) +- root: prevent docker-compose up when secret key is missing (#14043) +- root: replace poetry with uv (#13388) +- root: support db pool (#13534) +- scripts: fix broken link (#13156) +- scripts: postgres: print statements (#13537) +- security: fix CVE-2025-29928 (#13695) +- sources/kerberos, saml: allow creation of connections from the API (#13794) +- sources/ldap: add source connections (#13796) +- sources/ldap: lookup group memberships from user attribute (#12661) +- sources/oauth: add group sync for azure_ad (#12894) +- sources/oauth: fix duplicate authentication (#13322) +- sources/oauth: ignore missing well-known keys (#13468) +- sources/oauth: introduce authorization code auth method (#14034) +- sources/oauth: reddit: fix duplicate keyword auth (#13466) +- sources: move identifier to parent model (#13797) +- sources: prevent deletion of built-in source (#12914) +- stages/authenticator_email: Email Authenticator Stage Documentation (#12853) +- stages/authenticator_email: Fix Enroll dropdown in the MFA Devices page (#13404) +- stages/authenticator_email: fix session cleanup test b (#13264) +- stages/authenticator_email: remove flaky assertions (#13371) +- stages/email: Clean newline characters in TemplateEmailMessage (#13666) +- stages/email: Fix email stage serialization (#13256) +- stages/email: fix for newlines in emails (#13712) +- stages/email: token_expiry format (#13394) +- stages/identification: check captcha after checking authentication (#13533) +- stages/identification: refresh captcha on failure (#13697) +- web/admin: add button to clear application cache (#13399) +- web/admin: add sync status refresh button (#13678) +- web/admin: allow user lists to show active only (#13403) +- web/admin: decorative display in user’s page breaks in other locales (#13393) +- web/admin: fix comment being rendered (#13530) +- web/admin: fix custom scope mappings being selected by default in proxy provider (#13735) +- web/admin: fix default selection for binding policy (#13180) +- web/admin: fix diff showing previous false as "-" (#13580) +- web/admin: fix display bug for assigned users in application bindings in the wizard (#13435) +- web/admin: fix markdown being completely whited out in dark mode on proxy provider pages (#13387) +- web/admin: fix minor typo (#13181) +- web/admin: only show message when not editing an application (#13165) +- web/admin: prefer using datefns over moment.js (#13143) +- web/admin: prevent default logo flashing in admin interface (#13960) +- web/admin: reworked sync status card (#13625) +- web/admin: reworked sync status card (cherry-pick #13625) (#13692) +- web/admin: update Application Wizard button placement (#12771) +- web/api: Fix Hoisted exports across entrypoints. Update Axios. (#14089) +- web/common: utils: fix infinite value handling in getRelativeTime function (#13564) +- web/flow: fix translate extract (#13208) +- web/flow: grab focus to uid input field (#13177) +- web/flow: update default flow background (#13175) +- web/flows: disambiguate brand links codeblock (#12141) +- web/flows: fix error on interactive Captcha stage when retrying captcha (#13119) +- web/flows: fix missing padding on authenticator_validate card (#13420) +- web/user: ensure modal container on user-settings page is min-height: 100% (#13402) +- web/user: fix RAC launch not opening when clicking icon (#13164) +- web/user: fix display for RAC tile (#13211) +- web/user: fix opening application with Enter not respecting new tab setting (#13115) +- web/user: fix post MFA creation link being invalid (#13157) +- web/user: fix race condition in user settings flow executor (#13163) +- web/user: show admin interface button on mobile (#13421) +- web: Client-side MDX rendering (#13610) +- web: ESBuild performance + Live reload (#13026) +- web: Fix TypeScript compilation issues for mixins, events. (#13766) +- web: Fix inline documentation rendering (#13379) +- web: Fix prop. (#13630) +- web: Flesh out configs. (#13801) +- web: Ignore Storybook when running codespell. (#13454) +- web: Indicate when caps-lock is active during password input. (#12733) +- web: Indicate when caps-lock is active during password input. (cherry-pick #12733) (#13160) +- web: Normalize client-side error handling (#13595) +- web: Packagify live reload plugin. (#14134) +- web: Safari fixes merge branch (#14181) +- web: Tidy temporal utilities. (#13755) +- web: add `remember me` feature to IdentificationStage (#10397) +- web: admin interface: faster card load (#13331) +- web: elements: Table: Fix table selection clearing behavior (#13959) +- web: ensure wizard modal closes on first cancel click (#13636) +- web: fix bug that was causing charts to be too tall (#14253) +- web: fix scrollbar styling (#12600) +- web: lock lit/ssr (#14214) +- web: update default flow background (#14115) +- Revert "core: fix non-exploitable open redirect (#13696)" (#13824) +- Revert "policies: buffered policy access view for concurrent authorization attempts when unauthenticated (#13629)" (#14180) +- Revert "web: Safari fixes merge branch (#14181)" (#14211) +- Revert "website/docs: Prepare for monorepo. (#14119)" (#14239) +- Revert package-lock.json changes from "web: add `remember me` feature to IdentificationStage (#10397)" (#14212) + ## API Changes #### What's New --- + +##### `GET` /policies/unique_password/ + +##### `POST` /policies/unique_password/ + +##### `GET` /policies/unique_password/{#125;#123;policy_uuid}/ + +##### `PUT` /policies/unique_password/{#125;#123;policy_uuid}/ + +##### `DELETE` /policies/unique_password/{#125;#123;policy_uuid}/ + +##### `PATCH` /policies/unique_password/{#125;#123;policy_uuid}/ + +##### `GET` /policies/unique_password/{#125;#123;policy_uuid}/used_by/ + +##### `GET` /rbac/initial_permissions/ + +##### `POST` /rbac/initial_permissions/ + +##### `GET` /rbac/initial_permissions/{#125;#123;id}/ + +##### `PUT` /rbac/initial_permissions/{#125;#123;id}/ + +##### `DELETE` /rbac/initial_permissions/{#125;#123;id}/ + +##### `PATCH` /rbac/initial_permissions/{#125;#123;id}/ + +##### `GET` /rbac/initial_permissions/{#125;#123;id}/used_by/ + +##### `GET` /sources/group_connections/all/ + +##### `GET` /sources/group_connections/all/{#125;#123;id}/ + +##### `PUT` /sources/group_connections/all/{#125;#123;id}/ + +##### `DELETE` /sources/group_connections/all/{#125;#123;id}/ + +##### `PATCH` /sources/group_connections/all/{#125;#123;id}/ + +##### `GET` /sources/group_connections/all/{#125;#123;id}/used_by/ + +##### `GET` /sources/group_connections/ldap/ + +##### `POST` /sources/group_connections/ldap/ + +##### `GET` /sources/group_connections/ldap/{#125;#123;id}/ + +##### `PUT` /sources/group_connections/ldap/{#125;#123;id}/ + +##### `DELETE` /sources/group_connections/ldap/{#125;#123;id}/ + +##### `PATCH` /sources/group_connections/ldap/{#125;#123;id}/ + +##### `GET` /sources/group_connections/ldap/{#125;#123;id}/used_by/ + +##### `GET` /sources/user_connections/ldap/ + +##### `POST` /sources/user_connections/ldap/ + +##### `GET` /sources/user_connections/ldap/{#125;#123;id}/ + +##### `PUT` /sources/user_connections/ldap/{#125;#123;id}/ + +##### `DELETE` /sources/user_connections/ldap/{#125;#123;id}/ + +##### `PATCH` /sources/user_connections/ldap/{#125;#123;id}/ + +##### `GET` /sources/user_connections/ldap/{#125;#123;id}/used_by/ + +##### `POST` /sources/group_connections/kerberos/ + +##### `POST` /sources/group_connections/saml/ + +#### What's Changed + +--- + +##### `GET` /admin/settings/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Added property `reputation_lower_limit` (integer) + + > Reputation cannot decrease lower than this value. Zero or negative. + + - Added property `reputation_upper_limit` (integer) + > Reputation cannot increase higher than this value. Zero or positive. + +##### `PUT` /admin/settings/ + +###### Request: + +Changed content type : `application/json` + +- Added property `reputation_lower_limit` (integer) + + > Reputation cannot decrease lower than this value. Zero or negative. + +- Added property `reputation_upper_limit` (integer) + > Reputation cannot increase higher than this value. Zero or positive. + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Added property `reputation_lower_limit` (integer) + + > Reputation cannot decrease lower than this value. Zero or negative. + + - Added property `reputation_upper_limit` (integer) + > Reputation cannot increase higher than this value. Zero or positive. + +##### `PATCH` /admin/settings/ + +###### Request: + +Changed content type : `application/json` + +- Added property `reputation_lower_limit` (integer) + + > Reputation cannot decrease lower than this value. Zero or negative. + +- Added property `reputation_upper_limit` (integer) + > Reputation cannot increase higher than this value. Zero or positive. + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Added property `reputation_lower_limit` (integer) + + > Reputation cannot decrease lower than this value. Zero or negative. + + - Added property `reputation_upper_limit` (integer) + > Reputation cannot increase higher than this value. Zero or positive. + +##### `GET` /core/authenticated_sessions/{#125;#123;uuid}/ + +###### Parameters: + +Changed: `uuid` in `path` + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + New required properties: + + - `expires` + - `last_user_agent` + + * Changed property `last_ip` (string) + + * Changed property `last_user_agent` (string) + + * Changed property `expires` (string) + +##### `DELETE` /core/authenticated_sessions/{#125;#123;uuid}/ + +###### Parameters: + +Changed: `uuid` in `path` + +##### `GET` /core/brands/{#125;#123;brand_uuid}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Added property `branding_custom_css` (string) + + - Added property `branding_default_flow_background` (string) + +##### `PUT` /core/brands/{#125;#123;brand_uuid}/ + +###### Request: + +Changed content type : `application/json` + +- Added property `branding_custom_css` (string) + +- Added property `branding_default_flow_background` (string) + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Added property `branding_custom_css` (string) + + - Added property `branding_default_flow_background` (string) + +##### `PATCH` /core/brands/{#125;#123;brand_uuid}/ + +###### Request: + +Changed content type : `application/json` + +- Added property `branding_custom_css` (string) + +- Added property `branding_default_flow_background` (string) + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Added property `branding_custom_css` (string) + + - Added property `branding_default_flow_background` (string) + +##### `GET` /policies/event_matcher/{#125;#123;policy_uuid}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `app` (string) + + > Match events created by selected application. When left empty, all applications are matched. + + Added enum value: + + - `authentik.enterprise.policies.unique_password` + + - Changed property `model` (string) + + > Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched. + + Added enum values: + + - `authentik_rbac.initialpermissions` + - `authentik_sources_ldap.userldapsourceconnection` + - `authentik_sources_ldap.groupldapsourceconnection` + - `authentik_policies_unique_password.uniquepasswordpolicy` + +##### `PUT` /policies/event_matcher/{#125;#123;policy_uuid}/ + +###### Request: + +Changed content type : `application/json` + +- Changed property `app` (string) + + > Match events created by selected application. When left empty, all applications are matched. + + Added enum value: + + - `authentik.enterprise.policies.unique_password` + +- Changed property `model` (string) + + > Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched. + + Added enum values: + + - `authentik_rbac.initialpermissions` + - `authentik_sources_ldap.userldapsourceconnection` + - `authentik_sources_ldap.groupldapsourceconnection` + - `authentik_policies_unique_password.uniquepasswordpolicy` + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `app` (string) + + > Match events created by selected application. When left empty, all applications are matched. + + Added enum value: + + - `authentik.enterprise.policies.unique_password` + + - Changed property `model` (string) + + > Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched. + + Added enum values: + + - `authentik_rbac.initialpermissions` + - `authentik_sources_ldap.userldapsourceconnection` + - `authentik_sources_ldap.groupldapsourceconnection` + - `authentik_policies_unique_password.uniquepasswordpolicy` + +##### `PATCH` /policies/event_matcher/{#125;#123;policy_uuid}/ + +###### Request: + +Changed content type : `application/json` + +- Changed property `app` (string) + + > Match events created by selected application. When left empty, all applications are matched. + + Added enum value: + + - `authentik.enterprise.policies.unique_password` + +- Changed property `model` (string) + + > Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched. + + Added enum values: + + - `authentik_rbac.initialpermissions` + - `authentik_sources_ldap.userldapsourceconnection` + - `authentik_sources_ldap.groupldapsourceconnection` + - `authentik_policies_unique_password.uniquepasswordpolicy` + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `app` (string) + + > Match events created by selected application. When left empty, all applications are matched. + + Added enum value: + + - `authentik.enterprise.policies.unique_password` + + - Changed property `model` (string) + + > Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched. + + Added enum values: + + - `authentik_rbac.initialpermissions` + - `authentik_sources_ldap.userldapsourceconnection` + - `authentik_sources_ldap.groupldapsourceconnection` + - `authentik_policies_unique_password.uniquepasswordpolicy` + +##### `GET` /providers/scim/{#125;#123;id}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Added property `compatibility_mode` (object) + + > Alter authentik behavior for vendor-specific SCIM implementations. + + Enum values: + + - `default` + - `aws` + - `slack` + + - Added property `dry_run` (boolean) + > When enabled, provider will not modify or create objects in the remote system. + +##### `PUT` /providers/scim/{#125;#123;id}/ + +###### Request: + +Changed content type : `application/json` + +- Added property `compatibility_mode` (object) + + > Alter authentik behavior for vendor-specific SCIM implementations. + +- Added property `dry_run` (boolean) + > When enabled, provider will not modify or create objects in the remote system. + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Added property `compatibility_mode` (object) + + > Alter authentik behavior for vendor-specific SCIM implementations. + + - Added property `dry_run` (boolean) + > When enabled, provider will not modify or create objects in the remote system. + +##### `PATCH` /providers/scim/{#125;#123;id}/ + +###### Request: + +Changed content type : `application/json` + +- Added property `compatibility_mode` (object) + + > Alter authentik behavior for vendor-specific SCIM implementations. + +- Added property `dry_run` (boolean) + > When enabled, provider will not modify or create objects in the remote system. + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Added property `compatibility_mode` (object) + + > Alter authentik behavior for vendor-specific SCIM implementations. + + - Added property `dry_run` (boolean) + > When enabled, provider will not modify or create objects in the remote system. + +##### `GET` /providers/scim_groups/{#125;#123;id}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + New required properties: + + - `attributes` + + * Added property `attributes` (object) + +##### `GET` /providers/scim_users/{#125;#123;id}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + New required properties: + + - `attributes` + + * Added property `attributes` (object) + +##### `GET` /core/authenticated_sessions/ + +###### Parameters: + +Added: `session__last_ip` in `query` + +Added: `session__last_user_agent` in `query` + +Deleted: `last_ip` in `query` + +Deleted: `last_user_agent` in `query` + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `results` (array) + + Changed items (object): > AuthenticatedSession Serializer + + New required properties: + + - `expires` + - `last_user_agent` + + * Changed property `last_ip` (string) + + * Changed property `last_user_agent` (string) + + * Changed property `expires` (string) + +##### `GET` /core/authenticated_sessions/{#125;#123;uuid}/used_by/ + +###### Parameters: + +Changed: `uuid` in `path` + +##### `POST` /core/brands/ + +###### Request: + +Changed content type : `application/json` + +- Added property `branding_custom_css` (string) + +- Added property `branding_default_flow_background` (string) + +###### Return Type: + +Changed response : **201 Created** + +- Changed content type : `application/json` + + - Added property `branding_custom_css` (string) + + - Added property `branding_default_flow_background` (string) + +##### `GET` /core/brands/ + +###### Parameters: + +Added: `branding_default_flow_background` in `query` + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `results` (array) + + Changed items (object): > Brand Serializer + + - Added property `branding_custom_css` (string) + + - Added property `branding_default_flow_background` (string) + +##### `GET` /core/brands/current/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + New required properties: + + - `branding_custom_css` + + * Added property `branding_custom_css` (string) + +##### `GET` /core/tokens/{#125;#123;identifier}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `user_obj` (object) + + > User Serializer + + New required properties: + + - `date_joined` + + * Added property `date_joined` (string) + +##### `PUT` /core/tokens/{#125;#123;identifier}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `user_obj` (object) + + > User Serializer + + New required properties: + + - `date_joined` + + * Added property `date_joined` (string) + +##### `PATCH` /core/tokens/{#125;#123;identifier}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `user_obj` (object) + + > User Serializer + + New required properties: + + - `date_joined` + + * Added property `date_joined` (string) + +##### `GET` /core/users/{#125;#123;id}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + New required properties: + + - `date_joined` + + * Added property `date_joined` (string) + +##### `PUT` /core/users/{#125;#123;id}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + New required properties: + + - `date_joined` + + * Added property `date_joined` (string) + +##### `PATCH` /core/users/{#125;#123;id}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + New required properties: + + - `date_joined` + + * Added property `date_joined` (string) + +##### `GET` /events/transports/{#125;#123;uuid}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Added property `webhook_mapping_body` (string) + + > Customize the body of the request. Mapping should return data that is JSON-serializable. + + - Added property `webhook_mapping_headers` (string) + + > Configure additional headers to be sent. Mapping should return a dictionary of key-value pairs + + - Deleted property `webhook_mapping` (string) + +##### `PUT` /events/transports/{#125;#123;uuid}/ + +###### Request: + +Changed content type : `application/json` + +- Added property `webhook_mapping_body` (string) + + > Customize the body of the request. Mapping should return data that is JSON-serializable. + +- Added property `webhook_mapping_headers` (string) + + > Configure additional headers to be sent. Mapping should return a dictionary of key-value pairs + +- Deleted property `webhook_mapping` (string) + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Added property `webhook_mapping_body` (string) + + > Customize the body of the request. Mapping should return data that is JSON-serializable. + + - Added property `webhook_mapping_headers` (string) + + > Configure additional headers to be sent. Mapping should return a dictionary of key-value pairs + + - Deleted property `webhook_mapping` (string) + +##### `PATCH` /events/transports/{#125;#123;uuid}/ + +###### Request: + +Changed content type : `application/json` + +- Added property `webhook_mapping_body` (string) + + > Customize the body of the request. Mapping should return data that is JSON-serializable. + +- Added property `webhook_mapping_headers` (string) + + > Configure additional headers to be sent. Mapping should return a dictionary of key-value pairs + +- Deleted property `webhook_mapping` (string) + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Added property `webhook_mapping_body` (string) + + > Customize the body of the request. Mapping should return data that is JSON-serializable. + + - Added property `webhook_mapping_headers` (string) + + > Configure additional headers to be sent. Mapping should return a dictionary of key-value pairs + + - Deleted property `webhook_mapping` (string) + +##### `GET` /policies/bindings/{#125;#123;policy_binding_uuid}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `user_obj` (object) + + > User Serializer + + New required properties: + + - `date_joined` + + * Added property `date_joined` (string) + +##### `PUT` /policies/bindings/{#125;#123;policy_binding_uuid}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `user_obj` (object) + + > User Serializer + + New required properties: + + - `date_joined` + + * Added property `date_joined` (string) + +##### `PATCH` /policies/bindings/{#125;#123;policy_binding_uuid}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `user_obj` (object) + + > User Serializer + + New required properties: + + - `date_joined` + + * Added property `date_joined` (string) + +##### `POST` /policies/event_matcher/ + +###### Request: + +Changed content type : `application/json` + +- Changed property `app` (string) + + > Match events created by selected application. When left empty, all applications are matched. + + Added enum value: + + - `authentik.enterprise.policies.unique_password` + +- Changed property `model` (string) + + > Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched. + + Added enum values: + + - `authentik_rbac.initialpermissions` + - `authentik_sources_ldap.userldapsourceconnection` + - `authentik_sources_ldap.groupldapsourceconnection` + - `authentik_policies_unique_password.uniquepasswordpolicy` + +###### Return Type: + +Changed response : **201 Created** + +- Changed content type : `application/json` + + - Changed property `app` (string) + + > Match events created by selected application. When left empty, all applications are matched. + + Added enum value: + + - `authentik.enterprise.policies.unique_password` + + - Changed property `model` (string) + + > Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched. + + Added enum values: + + - `authentik_rbac.initialpermissions` + - `authentik_sources_ldap.userldapsourceconnection` + - `authentik_sources_ldap.groupldapsourceconnection` + - `authentik_policies_unique_password.uniquepasswordpolicy` + +##### `GET` /policies/event_matcher/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `results` (array) + + Changed items (object): > Event Matcher Policy Serializer + + - Changed property `app` (string) + + > Match events created by selected application. When left empty, all applications are matched. + + Added enum value: + + - `authentik.enterprise.policies.unique_password` + + - Changed property `model` (string) + + > Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched. + + Added enum values: + + - `authentik_rbac.initialpermissions` + - `authentik_sources_ldap.userldapsourceconnection` + - `authentik_sources_ldap.groupldapsourceconnection` + - `authentik_policies_unique_password.uniquepasswordpolicy` + +##### `GET` /providers/google_workspace/{#125;#123;id}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Added property `dry_run` (boolean) + > When enabled, provider will not modify or create objects in the remote system. + +##### `PUT` /providers/google_workspace/{#125;#123;id}/ + +###### Request: + +Changed content type : `application/json` + +- Added property `dry_run` (boolean) + > When enabled, provider will not modify or create objects in the remote system. + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Added property `dry_run` (boolean) + > When enabled, provider will not modify or create objects in the remote system. + +##### `PATCH` /providers/google_workspace/{#125;#123;id}/ + +###### Request: + +Changed content type : `application/json` + +- Added property `dry_run` (boolean) + > When enabled, provider will not modify or create objects in the remote system. + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Added property `dry_run` (boolean) + > When enabled, provider will not modify or create objects in the remote system. + +##### `GET` /providers/microsoft_entra/{#125;#123;id}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Added property `dry_run` (boolean) + > When enabled, provider will not modify or create objects in the remote system. + +##### `PUT` /providers/microsoft_entra/{#125;#123;id}/ + +###### Request: + +Changed content type : `application/json` + +- Added property `dry_run` (boolean) + > When enabled, provider will not modify or create objects in the remote system. + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Added property `dry_run` (boolean) + > When enabled, provider will not modify or create objects in the remote system. + +##### `PATCH` /providers/microsoft_entra/{#125;#123;id}/ + +###### Request: + +Changed content type : `application/json` + +- Added property `dry_run` (boolean) + > When enabled, provider will not modify or create objects in the remote system. + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Added property `dry_run` (boolean) + > When enabled, provider will not modify or create objects in the remote system. + +##### `GET` /providers/saml/{#125;#123;id}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Added property `authn_context_class_ref_mapping` (string) + + > Configure how the AuthnContextClassRef value will be created. When left empty, the AuthnContextClassRef will be set based on which authentication methods the user used to authenticate. + + - Changed property `acs_url` (string) + +##### `PUT` /providers/saml/{#125;#123;id}/ + +###### Request: + +Changed content type : `application/json` + +- Added property `authn_context_class_ref_mapping` (string) + + > Configure how the AuthnContextClassRef value will be created. When left empty, the AuthnContextClassRef will be set based on which authentication methods the user used to authenticate. + +- Changed property `acs_url` (string) + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Added property `authn_context_class_ref_mapping` (string) + + > Configure how the AuthnContextClassRef value will be created. When left empty, the AuthnContextClassRef will be set based on which authentication methods the user used to authenticate. + + - Changed property `acs_url` (string) + +##### `PATCH` /providers/saml/{#125;#123;id}/ + +###### Request: + +Changed content type : `application/json` + +- Added property `authn_context_class_ref_mapping` (string) + + > Configure how the AuthnContextClassRef value will be created. When left empty, the AuthnContextClassRef will be set based on which authentication methods the user used to authenticate. + +- Changed property `acs_url` (string) + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Added property `authn_context_class_ref_mapping` (string) + + > Configure how the AuthnContextClassRef value will be created. When left empty, the AuthnContextClassRef will be set based on which authentication methods the user used to authenticate. + + - Changed property `acs_url` (string) + +##### `POST` /providers/scim/ + +###### Request: + +Changed content type : `application/json` + +- Added property `compatibility_mode` (object) + + > Alter authentik behavior for vendor-specific SCIM implementations. + +- Added property `dry_run` (boolean) + > When enabled, provider will not modify or create objects in the remote system. + +###### Return Type: + +Changed response : **201 Created** + +- Changed content type : `application/json` + + - Added property `compatibility_mode` (object) + + > Alter authentik behavior for vendor-specific SCIM implementations. + + - Added property `dry_run` (boolean) + > When enabled, provider will not modify or create objects in the remote system. + +##### `GET` /providers/scim/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `results` (array) + + Changed items (object): > SCIMProvider Serializer + + - Added property `compatibility_mode` (object) + + > Alter authentik behavior for vendor-specific SCIM implementations. + + - Added property `dry_run` (boolean) + > When enabled, provider will not modify or create objects in the remote system. + +##### `POST` /providers/scim_groups/ + +###### Return Type: + +Changed response : **201 Created** + +- Changed content type : `application/json` + + New required properties: + + - `attributes` + + * Added property `attributes` (object) + +##### `GET` /providers/scim_groups/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `results` (array) + + Changed items (object): > SCIMProviderGroup Serializer + + New required properties: + + - `attributes` + + * Added property `attributes` (object) + +##### `POST` /providers/scim_users/ + +###### Return Type: + +Changed response : **201 Created** + +- Changed content type : `application/json` + + New required properties: + + - `attributes` + + * Added property `attributes` (object) + +##### `GET` /providers/scim_users/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `results` (array) + + Changed items (object): > SCIMProviderUser Serializer + + New required properties: + + - `attributes` + + * Added property `attributes` (object) + +##### `GET` /providers/ssf/{#125;#123;id}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `token_obj` (object) + + > Token Serializer + + - Changed property `user_obj` (object) + + > User Serializer + + New required properties: + + - `date_joined` + + * Added property `date_joined` (string) + +##### `PUT` /providers/ssf/{#125;#123;id}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `token_obj` (object) + + > Token Serializer + + - Changed property `user_obj` (object) + + > User Serializer + + New required properties: + + - `date_joined` + + * Added property `date_joined` (string) + +##### `PATCH` /providers/ssf/{#125;#123;id}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `token_obj` (object) + + > Token Serializer + + - Changed property `user_obj` (object) + + > User Serializer + + New required properties: + + - `date_joined` + + * Added property `date_joined` (string) + +##### `POST` /rbac/permissions/assigned_by_roles/{#125;#123;uuid}/assign/ + +###### Request: + +Changed content type : `application/json` + +- Changed property `model` (string) + + Added enum values: + + - `authentik_rbac.initialpermissions` + - `authentik_sources_ldap.userldapsourceconnection` + - `authentik_sources_ldap.groupldapsourceconnection` + - `authentik_policies_unique_password.uniquepasswordpolicy` + +##### `PATCH` /rbac/permissions/assigned_by_roles/{#125;#123;uuid}/unassign/ + +###### Request: + +Changed content type : `application/json` + +- Changed property `model` (string) + + Added enum values: + + - `authentik_rbac.initialpermissions` + - `authentik_sources_ldap.userldapsourceconnection` + - `authentik_sources_ldap.groupldapsourceconnection` + - `authentik_policies_unique_password.uniquepasswordpolicy` + +##### `POST` /rbac/permissions/assigned_by_users/{#125;#123;id}/assign/ + +###### Request: + +Changed content type : `application/json` + +- Changed property `model` (string) + + Added enum values: + + - `authentik_rbac.initialpermissions` + - `authentik_sources_ldap.userldapsourceconnection` + - `authentik_sources_ldap.groupldapsourceconnection` + - `authentik_policies_unique_password.uniquepasswordpolicy` + +##### `PATCH` /rbac/permissions/assigned_by_users/{#125;#123;id}/unassign/ + +###### Request: + +Changed content type : `application/json` + +- Changed property `model` (string) + + Added enum values: + + - `authentik_rbac.initialpermissions` + - `authentik_sources_ldap.userldapsourceconnection` + - `authentik_sources_ldap.groupldapsourceconnection` + - `authentik_policies_unique_password.uniquepasswordpolicy` + +##### `DELETE` /sources/all/{#125;#123;slug}/ + +##### `GET` /sources/group_connections/kerberos/{#125;#123;id}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + New required properties: + + - `last_updated` + + * Added property `last_updated` (string) + +##### `PUT` /sources/group_connections/kerberos/{#125;#123;id}/ + +###### Request: + +Changed content type : `application/json` + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + New required properties: + + - `last_updated` + + * Added property `last_updated` (string) + +##### `PATCH` /sources/group_connections/kerberos/{#125;#123;id}/ + +###### Request: + +Changed content type : `application/json` + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + New required properties: + + - `last_updated` + + * Added property `last_updated` (string) + +##### `GET` /sources/group_connections/oauth/{#125;#123;id}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + New required properties: + + - `last_updated` + + * Added property `last_updated` (string) + +##### `PUT` /sources/group_connections/oauth/{#125;#123;id}/ + +###### Request: + +Changed content type : `application/json` + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + New required properties: + + - `last_updated` + + * Added property `last_updated` (string) + +##### `PATCH` /sources/group_connections/oauth/{#125;#123;id}/ + +###### Request: + +Changed content type : `application/json` + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + New required properties: + + - `last_updated` + + * Added property `last_updated` (string) + +##### `GET` /sources/group_connections/plex/{#125;#123;id}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + New required properties: + + - `last_updated` + + * Added property `last_updated` (string) + +##### `PUT` /sources/group_connections/plex/{#125;#123;id}/ + +###### Request: + +Changed content type : `application/json` + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + New required properties: + + - `last_updated` + + * Added property `last_updated` (string) + +##### `PATCH` /sources/group_connections/plex/{#125;#123;id}/ + +###### Request: + +Changed content type : `application/json` + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + New required properties: + + - `last_updated` + + * Added property `last_updated` (string) + +##### `GET` /sources/group_connections/saml/{#125;#123;id}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + New required properties: + + - `last_updated` + + * Added property `last_updated` (string) + +##### `PUT` /sources/group_connections/saml/{#125;#123;id}/ + +###### Request: + +Changed content type : `application/json` + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + New required properties: + + - `last_updated` + + * Added property `last_updated` (string) + +##### `PATCH` /sources/group_connections/saml/{#125;#123;id}/ + +###### Request: + +Changed content type : `application/json` + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + New required properties: + + - `last_updated` + + * Added property `last_updated` (string) + +##### `GET` /sources/ldap/{#125;#123;slug}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Added property `lookup_groups_from_user` (boolean) + > Lookup group membership based on a user attribute instead of a group attribute. This allows nested group resolution on systems like FreeIPA and Active Directory + +##### `PUT` /sources/ldap/{#125;#123;slug}/ + +###### Request: + +Changed content type : `application/json` + +- Added property `lookup_groups_from_user` (boolean) + > Lookup group membership based on a user attribute instead of a group attribute. This allows nested group resolution on systems like FreeIPA and Active Directory + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Added property `lookup_groups_from_user` (boolean) + > Lookup group membership based on a user attribute instead of a group attribute. This allows nested group resolution on systems like FreeIPA and Active Directory + +##### `PATCH` /sources/ldap/{#125;#123;slug}/ + +###### Request: + +Changed content type : `application/json` + +- Added property `lookup_groups_from_user` (boolean) + > Lookup group membership based on a user attribute instead of a group attribute. This allows nested group resolution on systems like FreeIPA and Active Directory + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Added property `lookup_groups_from_user` (boolean) + > Lookup group membership based on a user attribute instead of a group attribute. This allows nested group resolution on systems like FreeIPA and Active Directory + +##### `GET` /sources/oauth/{#125;#123;slug}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Added property `authorization_code_auth_method` (object) + + > How to perform authentication during an authorization_code token request flow + + Enum values: + + - `basic_auth` + - `post_body` + +##### `PUT` /sources/oauth/{#125;#123;slug}/ + +###### Request: + +Changed content type : `application/json` + +- Added property `authorization_code_auth_method` (object) + > How to perform authentication during an authorization_code token request flow + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Added property `authorization_code_auth_method` (object) + > How to perform authentication during an authorization_code token request flow + +##### `PATCH` /sources/oauth/{#125;#123;slug}/ + +###### Request: + +Changed content type : `application/json` + +- Added property `authorization_code_auth_method` (object) + > How to perform authentication during an authorization_code token request flow + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Added property `authorization_code_auth_method` (object) + > How to perform authentication during an authorization_code token request flow + +##### `GET` /sources/saml/{#125;#123;slug}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `sso_url` (string) + + > URL that the initial Login request is sent to. + + - Changed property `slo_url` (string) + > Optional URL if your IDP supports Single-Logout. + +##### `PUT` /sources/saml/{#125;#123;slug}/ + +###### Request: + +Changed content type : `application/json` + +- Changed property `sso_url` (string) + + > URL that the initial Login request is sent to. + +- Changed property `slo_url` (string) + > Optional URL if your IDP supports Single-Logout. + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `sso_url` (string) + + > URL that the initial Login request is sent to. + + - Changed property `slo_url` (string) + > Optional URL if your IDP supports Single-Logout. + +##### `PATCH` /sources/saml/{#125;#123;slug}/ + +###### Request: + +Changed content type : `application/json` + +- Changed property `sso_url` (string) + + > URL that the initial Login request is sent to. + +- Changed property `slo_url` (string) + > Optional URL if your IDP supports Single-Logout. + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `sso_url` (string) + + > URL that the initial Login request is sent to. + + - Changed property `slo_url` (string) + > Optional URL if your IDP supports Single-Logout. + +##### `GET` /sources/scim/{#125;#123;slug}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `token_obj` (object) + + > Token Serializer + + - Changed property `user_obj` (object) + + > User Serializer + + New required properties: + + - `date_joined` + + * Added property `date_joined` (string) + +##### `PUT` /sources/scim/{#125;#123;slug}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `token_obj` (object) + + > Token Serializer + + - Changed property `user_obj` (object) + + > User Serializer + + New required properties: + + - `date_joined` + + * Added property `date_joined` (string) + +##### `PATCH` /sources/scim/{#125;#123;slug}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `token_obj` (object) + + > Token Serializer + + - Changed property `user_obj` (object) + + > User Serializer + + New required properties: + + - `date_joined` + + * Added property `date_joined` (string) + +##### `GET` /sources/user_connections/all/{#125;#123;id}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + New required properties: + + - `identifier` + - `last_updated` + + * Added property `identifier` (string) + + * Added property `last_updated` (string) + +##### `PUT` /sources/user_connections/all/{#125;#123;id}/ + +###### Request: + +Changed content type : `application/json` + +New required properties: + +- `identifier` + +* Added property `identifier` (string) + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + New required properties: + + - `identifier` + - `last_updated` + + * Added property `identifier` (string) + + * Added property `last_updated` (string) + +##### `PATCH` /sources/user_connections/all/{#125;#123;id}/ + +###### Request: + +Changed content type : `application/json` + +- Added property `identifier` (string) + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + New required properties: + + - `identifier` + - `last_updated` + + * Added property `identifier` (string) + + * Added property `last_updated` (string) + +##### `DELETE` /sources/user_connections/kerberos/{#125;#123;id}/ + +##### `GET` /sources/user_connections/kerberos/{#125;#123;id}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + New required properties: + + - `last_updated` + + * Added property `last_updated` (string) + +##### `PUT` /sources/user_connections/kerberos/{#125;#123;id}/ + +###### Request: + +Changed content type : `application/json` + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + New required properties: + + - `last_updated` + + * Added property `last_updated` (string) + +##### `PATCH` /sources/user_connections/kerberos/{#125;#123;id}/ + +###### Request: + +Changed content type : `application/json` + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + New required properties: + + - `last_updated` + + * Added property `last_updated` (string) + +##### `DELETE` /sources/user_connections/oauth/{#125;#123;id}/ + +##### `GET` /sources/user_connections/oauth/{#125;#123;id}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + New required properties: + + - `last_updated` + + * Added property `last_updated` (string) + + * Changed property `identifier` (string) + +##### `PUT` /sources/user_connections/oauth/{#125;#123;id}/ + +###### Request: + +Changed content type : `application/json` + +- Changed property `identifier` (string) + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + New required properties: + + - `last_updated` + + * Added property `last_updated` (string) + + * Changed property `identifier` (string) + +##### `PATCH` /sources/user_connections/oauth/{#125;#123;id}/ + +###### Request: + +Changed content type : `application/json` + +- Changed property `identifier` (string) + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + New required properties: + + - `last_updated` + + * Added property `last_updated` (string) + + * Changed property `identifier` (string) + +##### `DELETE` /sources/user_connections/plex/{#125;#123;id}/ + +##### `GET` /sources/user_connections/plex/{#125;#123;id}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + New required properties: + + - `last_updated` + + * Added property `last_updated` (string) + +##### `PUT` /sources/user_connections/plex/{#125;#123;id}/ + +###### Request: + +Changed content type : `application/json` + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + New required properties: + + - `last_updated` + + * Added property `last_updated` (string) + +##### `PATCH` /sources/user_connections/plex/{#125;#123;id}/ + +###### Request: + +Changed content type : `application/json` + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + New required properties: + + - `last_updated` + + * Added property `last_updated` (string) + +##### `DELETE` /sources/user_connections/saml/{#125;#123;id}/ + +##### `GET` /sources/user_connections/saml/{#125;#123;id}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + New required properties: + + - `last_updated` + + * Added property `last_updated` (string) + +##### `PUT` /sources/user_connections/saml/{#125;#123;id}/ + +###### Request: + +Changed content type : `application/json` + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + New required properties: + + - `last_updated` + + * Added property `last_updated` (string) + +##### `PATCH` /sources/user_connections/saml/{#125;#123;id}/ + +###### Request: + +Changed content type : `application/json` + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + New required properties: + + - `last_updated` + + * Added property `last_updated` (string) + +##### `GET` /ssf/streams/{#125;#123;uuid}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `provider_obj` (object) + + > SSFProvider Serializer + + - Changed property `token_obj` (object) + + > Token Serializer + + - Changed property `user_obj` (object) + + > User Serializer + + New required properties: + + - `date_joined` + + * Added property `date_joined` (string) + +##### `POST` /core/tokens/ + +###### Return Type: + +Changed response : **201 Created** + +- Changed content type : `application/json` + + - Changed property `user_obj` (object) + + > User Serializer + + New required properties: + + - `date_joined` + + * Added property `date_joined` (string) + +##### `GET` /core/tokens/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `results` (array) + + Changed items (object): > Token Serializer + + - Changed property `user_obj` (object) + + > User Serializer + + New required properties: + + - `date_joined` + + * Added property `date_joined` (string) + +##### `GET` /core/user_consent/{#125;#123;id}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `user` (object) + + > User Serializer + + New required properties: + + - `date_joined` + + * Added property `date_joined` (string) + +##### `POST` /core/users/ + +###### Return Type: + +Changed response : **201 Created** + +- Changed content type : `application/json` + + New required properties: + + - `date_joined` + + * Added property `date_joined` (string) + +##### `GET` /core/users/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `results` (array) + + Changed items (object): > User Serializer + + New required properties: + + - `date_joined` + + * Added property `date_joined` (string) + +##### `POST` /events/transports/ + +###### Request: + +Changed content type : `application/json` + +- Added property `webhook_mapping_body` (string) + + > Customize the body of the request. Mapping should return data that is JSON-serializable. + +- Added property `webhook_mapping_headers` (string) + + > Configure additional headers to be sent. Mapping should return a dictionary of key-value pairs + +- Deleted property `webhook_mapping` (string) + +###### Return Type: + +Changed response : **201 Created** + +- Changed content type : `application/json` + + - Added property `webhook_mapping_body` (string) + + > Customize the body of the request. Mapping should return data that is JSON-serializable. + + - Added property `webhook_mapping_headers` (string) + + > Configure additional headers to be sent. Mapping should return a dictionary of key-value pairs + + - Deleted property `webhook_mapping` (string) + +##### `GET` /events/transports/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `results` (array) + + Changed items (object): > NotificationTransport Serializer + + - Added property `webhook_mapping_body` (string) + + > Customize the body of the request. Mapping should return data that is JSON-serializable. + + - Added property `webhook_mapping_headers` (string) + + > Configure additional headers to be sent. Mapping should return a dictionary of key-value pairs + + - Deleted property `webhook_mapping` (string) + +##### `POST` /policies/bindings/ + +###### Return Type: + +Changed response : **201 Created** + +- Changed content type : `application/json` + + - Changed property `user_obj` (object) + + > User Serializer + + New required properties: + + - `date_joined` + + * Added property `date_joined` (string) + +##### `GET` /policies/bindings/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `results` (array) + + Changed items (object): > PolicyBinding Serializer + + - Changed property `user_obj` (object) + + > User Serializer + + New required properties: + + - `date_joined` + + * Added property `date_joined` (string) + +##### `POST` /providers/google_workspace/ + +###### Request: + +Changed content type : `application/json` + +- Added property `dry_run` (boolean) + > When enabled, provider will not modify or create objects in the remote system. + +###### Return Type: + +Changed response : **201 Created** + +- Changed content type : `application/json` + + - Added property `dry_run` (boolean) + > When enabled, provider will not modify or create objects in the remote system. + +##### `GET` /providers/google_workspace/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `results` (array) + + Changed items (object): > GoogleWorkspaceProvider Serializer + + - Added property `dry_run` (boolean) + > When enabled, provider will not modify or create objects in the remote system. + +##### `POST` /providers/google_workspace/{#125;#123;id}/sync/object/ + +###### Request: + +Changed content type : `application/json` + +- Added property `override_dry_run` (boolean) + +##### `POST` /providers/microsoft_entra/ + +###### Request: + +Changed content type : `application/json` + +- Added property `dry_run` (boolean) + > When enabled, provider will not modify or create objects in the remote system. + +###### Return Type: + +Changed response : **201 Created** + +- Changed content type : `application/json` + + - Added property `dry_run` (boolean) + > When enabled, provider will not modify or create objects in the remote system. + +##### `GET` /providers/microsoft_entra/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `results` (array) + + Changed items (object): > MicrosoftEntraProvider Serializer + + - Added property `dry_run` (boolean) + > When enabled, provider will not modify or create objects in the remote system. + +##### `POST` /providers/microsoft_entra/{#125;#123;id}/sync/object/ + +###### Request: + +Changed content type : `application/json` + +- Added property `override_dry_run` (boolean) + +##### `POST` /providers/saml/ + +###### Request: + +Changed content type : `application/json` + +- Added property `authn_context_class_ref_mapping` (string) + + > Configure how the AuthnContextClassRef value will be created. When left empty, the AuthnContextClassRef will be set based on which authentication methods the user used to authenticate. + +- Changed property `acs_url` (string) + +###### Return Type: + +Changed response : **201 Created** + +- Changed content type : `application/json` + + - Added property `authn_context_class_ref_mapping` (string) + + > Configure how the AuthnContextClassRef value will be created. When left empty, the AuthnContextClassRef will be set based on which authentication methods the user used to authenticate. + + - Changed property `acs_url` (string) + +##### `GET` /providers/saml/ + +###### Parameters: + +Added: `authn_context_class_ref_mapping` in `query` + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `results` (array) + + Changed items (object): > SAMLProvider Serializer + + - Added property `authn_context_class_ref_mapping` (string) + + > Configure how the AuthnContextClassRef value will be created. When left empty, the AuthnContextClassRef will be set based on which authentication methods the user used to authenticate. + + - Changed property `acs_url` (string) + +##### `POST` /providers/scim/{#125;#123;id}/sync/object/ + +###### Request: + +Changed content type : `application/json` + +- Added property `override_dry_run` (boolean) + +##### `POST` /providers/ssf/ + +###### Return Type: + +Changed response : **201 Created** + +- Changed content type : `application/json` + + - Changed property `token_obj` (object) + + > Token Serializer + + - Changed property `user_obj` (object) + + > User Serializer + + New required properties: + + - `date_joined` + + * Added property `date_joined` (string) + +##### `GET` /providers/ssf/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `results` (array) + + Changed items (object): > SSFProvider Serializer + + - Changed property `token_obj` (object) + + > Token Serializer + + - Changed property `user_obj` (object) + + > User Serializer + + New required properties: + + - `date_joined` + + * Added property `date_joined` (string) + +##### `GET` /rbac/permissions/assigned_by_roles/ + +###### Parameters: + +Changed: `model` in `query` + +##### `GET` /rbac/permissions/assigned_by_users/ + +###### Parameters: + +Changed: `model` in `query` + +##### `GET` /sources/group_connections/kerberos/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `results` (array) + + Changed items (object): > Group Source Connection + + New required properties: + + - `last_updated` + + * Added property `last_updated` (string) + +##### `POST` /sources/group_connections/oauth/ + +###### Request: + +Changed content type : `application/json` + +###### Return Type: + +Changed response : **201 Created** + +- Changed content type : `application/json` + + New required properties: + + - `last_updated` + + * Added property `last_updated` (string) + +##### `GET` /sources/group_connections/oauth/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `results` (array) + + Changed items (object): > Group Source Connection + + New required properties: + + - `last_updated` + + * Added property `last_updated` (string) + +##### `POST` /sources/group_connections/plex/ + +###### Request: + +Changed content type : `application/json` + +###### Return Type: + +Changed response : **201 Created** + +- Changed content type : `application/json` + + New required properties: + + - `last_updated` + + * Added property `last_updated` (string) + +##### `GET` /sources/group_connections/plex/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `results` (array) + + Changed items (object): > Group Source Connection + + New required properties: + + - `last_updated` + + * Added property `last_updated` (string) + +##### `GET` /sources/group_connections/saml/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `results` (array) + + Changed items (object): > Group Source Connection + + New required properties: + + - `last_updated` + + * Added property `last_updated` (string) + +##### `POST` /sources/ldap/ + +###### Request: + +Changed content type : `application/json` + +- Added property `lookup_groups_from_user` (boolean) + > Lookup group membership based on a user attribute instead of a group attribute. This allows nested group resolution on systems like FreeIPA and Active Directory + +###### Return Type: + +Changed response : **201 Created** + +- Changed content type : `application/json` + + - Added property `lookup_groups_from_user` (boolean) + > Lookup group membership based on a user attribute instead of a group attribute. This allows nested group resolution on systems like FreeIPA and Active Directory + +##### `GET` /sources/ldap/ + +###### Parameters: + +Added: `lookup_groups_from_user` in `query` + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `results` (array) + + Changed items (object): > LDAP Source Serializer + + - Added property `lookup_groups_from_user` (boolean) + > Lookup group membership based on a user attribute instead of a group attribute. This allows nested group resolution on systems like FreeIPA and Active Directory + +##### `POST` /sources/oauth/ + +###### Request: + +Changed content type : `application/json` + +- Added property `authorization_code_auth_method` (object) + > How to perform authentication during an authorization_code token request flow + +###### Return Type: + +Changed response : **201 Created** + +- Changed content type : `application/json` + + - Added property `authorization_code_auth_method` (object) + > How to perform authentication during an authorization_code token request flow + +##### `GET` /sources/oauth/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `results` (array) + + Changed items (object): > OAuth Source Serializer + + - Added property `authorization_code_auth_method` (object) + > How to perform authentication during an authorization_code token request flow + +##### `POST` /sources/saml/ + +###### Request: + +Changed content type : `application/json` + +- Changed property `sso_url` (string) + + > URL that the initial Login request is sent to. + +- Changed property `slo_url` (string) + > Optional URL if your IDP supports Single-Logout. + +###### Return Type: + +Changed response : **201 Created** + +- Changed content type : `application/json` + + - Changed property `sso_url` (string) + + > URL that the initial Login request is sent to. + + - Changed property `slo_url` (string) + > Optional URL if your IDP supports Single-Logout. + +##### `GET` /sources/saml/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `results` (array) + + Changed items (object): > SAMLSource Serializer + + - Changed property `sso_url` (string) + + > URL that the initial Login request is sent to. + + - Changed property `slo_url` (string) + > Optional URL if your IDP supports Single-Logout. + +##### `POST` /sources/scim/ + +###### Return Type: + +Changed response : **201 Created** + +- Changed content type : `application/json` + + - Changed property `token_obj` (object) + + > Token Serializer + + - Changed property `user_obj` (object) + + > User Serializer + + New required properties: + + - `date_joined` + + * Added property `date_joined` (string) + +##### `GET` /sources/scim/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `results` (array) + + Changed items (object): > SCIMSource Serializer + + - Changed property `token_obj` (object) + + > Token Serializer + + - Changed property `user_obj` (object) + + > User Serializer + + New required properties: + + - `date_joined` + + * Added property `date_joined` (string) + +##### `GET` /sources/user_connections/all/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `results` (array) + + Changed items (object): > User source connection + + New required properties: + + - `identifier` + - `last_updated` + + * Added property `identifier` (string) + + * Added property `last_updated` (string) + +##### `POST` /sources/user_connections/kerberos/ + +###### Request: + +Changed content type : `application/json` + +###### Return Type: + +Changed response : **201 Created** + +- Changed content type : `application/json` + + New required properties: + + - `last_updated` + + * Added property `last_updated` (string) + +##### `GET` /sources/user_connections/kerberos/ + +###### Parameters: + +Added: `user` in `query` + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `results` (array) + + Changed items (object): > User source connection + + New required properties: + + - `last_updated` + + * Added property `last_updated` (string) + +##### `POST` /sources/user_connections/oauth/ + +###### Request: + +Changed content type : `application/json` + +- Changed property `identifier` (string) + +###### Return Type: + +Changed response : **201 Created** + +- Changed content type : `application/json` + + New required properties: + + - `last_updated` + + * Added property `last_updated` (string) + + * Changed property `identifier` (string) + +##### `GET` /sources/user_connections/oauth/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `results` (array) + + Changed items (object): > User source connection + + New required properties: + + - `last_updated` + + * Added property `last_updated` (string) + + * Changed property `identifier` (string) + +##### `POST` /sources/user_connections/plex/ + +###### Request: + +Changed content type : `application/json` + +###### Return Type: + +Changed response : **201 Created** + +- Changed content type : `application/json` + + New required properties: + + - `last_updated` + + * Added property `last_updated` (string) + +##### `GET` /sources/user_connections/plex/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `results` (array) + + Changed items (object): > User source connection + + New required properties: + + - `last_updated` + + * Added property `last_updated` (string) + +##### `POST` /sources/user_connections/saml/ + +###### Request: + +Changed content type : `application/json` + +###### Return Type: + +Changed response : **201 Created** + +- Changed content type : `application/json` + + New required properties: + + - `last_updated` + + * Added property `last_updated` (string) + +##### `GET` /sources/user_connections/saml/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `results` (array) + + Changed items (object): > User source connection + + New required properties: + + - `last_updated` + + * Added property `last_updated` (string) + +##### `GET` /ssf/streams/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `results` (array) + + Changed items (object): > SSFStream Serializer + + - Changed property `provider_obj` (object) + + > SSFProvider Serializer + + - Changed property `token_obj` (object) + + > Token Serializer + + - Changed property `user_obj` (object) + + > User Serializer + + New required properties: + + - `date_joined` + + * Added property `date_joined` (string) + +##### `GET` /stages/email/{#125;#123;stage_uuid}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `token_expiry` (integer -> string) + > Time the token sent is valid (Format: hours=3,minutes=17,seconds=300). + +##### `PUT` /stages/email/{#125;#123;stage_uuid}/ + +###### Request: + +Changed content type : `application/json` + +- Changed property `token_expiry` (integer -> string) + > Time the token sent is valid (Format: hours=3,minutes=17,seconds=300). + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `token_expiry` (integer -> string) + > Time the token sent is valid (Format: hours=3,minutes=17,seconds=300). + +##### `PATCH` /stages/email/{#125;#123;stage_uuid}/ + +###### Request: + +Changed content type : `application/json` + +- Changed property `token_expiry` (integer -> string) + > Time the token sent is valid (Format: hours=3,minutes=17,seconds=300). + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `token_expiry` (integer -> string) + > Time the token sent is valid (Format: hours=3,minutes=17,seconds=300). + +##### `GET` /stages/identification/{#125;#123;stage_uuid}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Added property `enable_remember_me` (boolean) + > Show the user the 'Remember me on this device' toggle, allowing repeat users to skip straight to entering their password. + +##### `PUT` /stages/identification/{#125;#123;stage_uuid}/ + +###### Request: + +Changed content type : `application/json` + +- Added property `enable_remember_me` (boolean) + > Show the user the 'Remember me on this device' toggle, allowing repeat users to skip straight to entering their password. + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Added property `enable_remember_me` (boolean) + > Show the user the 'Remember me on this device' toggle, allowing repeat users to skip straight to entering their password. + +##### `PATCH` /stages/identification/{#125;#123;stage_uuid}/ + +###### Request: + +Changed content type : `application/json` + +- Added property `enable_remember_me` (boolean) + > Show the user the 'Remember me on this device' toggle, allowing repeat users to skip straight to entering their password. + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Added property `enable_remember_me` (boolean) + > Show the user the 'Remember me on this device' toggle, allowing repeat users to skip straight to entering their password. + +##### `GET` /core/user_consent/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `results` (array) + + Changed items (object): > UserConsent Serializer + + - Changed property `user` (object) + + > User Serializer + + New required properties: + + - `date_joined` + + * Added property `date_joined` (string) + +##### `GET` /flows/executor/{#125;#123;flow_slug}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + Updated `ak-stage-identification` component: + + - Added property `enable_remember_me` (boolean) + +##### `POST` /flows/executor/{#125;#123;flow_slug}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + Updated `ak-stage-identification` component: + + - Added property `enable_remember_me` (boolean) + +##### `GET` /oauth2/access_tokens/{#125;#123;id}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `user` (object) + + > User Serializer + + New required properties: + + - `date_joined` + + * Added property `date_joined` (string) + +##### `GET` /oauth2/authorization_codes/{#125;#123;id}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `user` (object) + + > User Serializer + + New required properties: + + - `date_joined` + + * Added property `date_joined` (string) + +##### `GET` /oauth2/refresh_tokens/{#125;#123;id}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `user` (object) + + > User Serializer + + New required properties: + + - `date_joined` + + * Added property `date_joined` (string) + +##### `POST` /stages/email/ + +###### Request: + +Changed content type : `application/json` + +- Changed property `token_expiry` (integer -> string) + > Time the token sent is valid (Format: hours=3,minutes=17,seconds=300). + +###### Return Type: + +Changed response : **201 Created** + +- Changed content type : `application/json` + + - Changed property `token_expiry` (integer -> string) + > Time the token sent is valid (Format: hours=3,minutes=17,seconds=300). + +##### `GET` /stages/email/ + +###### Parameters: + +Changed: `token_expiry` in `query` + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `results` (array) + + Changed items (object): > EmailStage Serializer + + - Changed property `token_expiry` (integer -> string) + > Time the token sent is valid (Format: hours=3,minutes=17,seconds=300). + +##### `POST` /stages/identification/ + +###### Request: + +Changed content type : `application/json` + +- Added property `enable_remember_me` (boolean) + > Show the user the 'Remember me on this device' toggle, allowing repeat users to skip straight to entering their password. + +###### Return Type: + +Changed response : **201 Created** + +- Changed content type : `application/json` + + - Added property `enable_remember_me` (boolean) + > Show the user the 'Remember me on this device' toggle, allowing repeat users to skip straight to entering their password. + +##### `GET` /stages/identification/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `results` (array) + + Changed items (object): > IdentificationStage Serializer + + - Added property `enable_remember_me` (boolean) + > Show the user the 'Remember me on this device' toggle, allowing repeat users to skip straight to entering their password. + +##### `PUT` /core/transactional/applications/ + +###### Request: + +Changed content type : `application/json` + +- Changed property `provider` (object) + + Updated `authentik_providers_microsoft_entra.microsoftentraprovider` provider_model: + + - Added property `dry_run` (boolean) + > When enabled, provider will not modify or create objects in the remote system. + + Updated `authentik_providers_scim.scimprovider` provider_model: + + - Added property `compatibility_mode` (object) + + > Alter authentik behavior for vendor-specific SCIM implementations. + + - Added property `dry_run` (boolean) + > When enabled, provider will not modify or create objects in the remote system. + + Updated `authentik_providers_google_workspace.googleworkspaceprovider` provider_model: + + - Added property `dry_run` (boolean) + > When enabled, provider will not modify or create objects in the remote system. + + Updated `authentik_providers_saml.samlprovider` provider_model: + + - Added property `authn_context_class_ref_mapping` (string) + + > Configure how the AuthnContextClassRef value will be created. When left empty, the AuthnContextClassRef will be set based on which authentication methods the user used to authenticate. + + - Changed property `acs_url` (string) + +##### `GET` /oauth2/access_tokens/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `results` (array) + + Changed items (object): > Serializer for BaseGrantModel and RefreshToken + + - Changed property `user` (object) + + > User Serializer + + New required properties: + + - `date_joined` + + * Added property `date_joined` (string) + +##### `GET` /oauth2/authorization_codes/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `results` (array) + + Changed items (object): > Serializer for BaseGrantModel and ExpiringBaseGrant + + - Changed property `user` (object) + + > User Serializer + + New required properties: + + - `date_joined` + + * Added property `date_joined` (string) + +##### `GET` /oauth2/refresh_tokens/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `results` (array) + + Changed items (object): > Serializer for BaseGrantModel and RefreshToken + + - Changed property `user` (object) + + > User Serializer + + New required properties: + + - `date_joined` + + * Added property `date_joined` (string) diff --git a/website/sidebars.js b/website/sidebars.js index bb4d71d970..2ab3506d29 100644 --- a/website/sidebars.js +++ b/website/sidebars.js @@ -2,13 +2,14 @@ import { generateVersionDropdown } from "./src/utils.js"; import apiReference from "./docs/developer-docs/api/reference/sidebar"; const releases = [ + "releases/2025/v2025.4", "releases/2025/v2025.2", "releases/2024/v2024.12", - "releases/2024/v2024.10", { type: "category", label: "Previous versions", items: [ + "releases/2024/v2024.10", "releases/2024/v2024.8", "releases/2024/v2024.6", "releases/2024/v2024.4",