release: 2022.3.2

website/docs: prepare 2022.3.2
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-15 00:01:01 +01:00 · 2022-03-14 23:59:38 +01:00 · 2022-03-14 22:13:20 +01:00 · 2022-03-14 22:05:30 +01:00 · 2022-03-14 21:15:47 +01:00 · 2022-03-14 21:15:47 +01:00
46 changed files with 431 additions and 230 deletions
--- a/.bumpversion.cfg
+++ b/.bumpversion.cfg
@ -1,5 +1,5 @@
 [bumpversion]
-current_version = 2022.3.1
+current_version = 2022.3.2
 tag = True
 commit = True
 parse = (?P<major>\d+)\.(?P<minor>\d+)\.(?P<patch>\d+)\-?(?P<release>.*)
--- a/.github/workflows/release-publish.yml
+++ b/.github/workflows/release-publish.yml
@ -30,9 +30,9 @@ jobs:
        with:
          push: ${{ github.event_name == 'release' }}
          tags: |
-            beryju/authentik:2022.3.1,
+            beryju/authentik:2022.3.2,
            beryju/authentik:latest,
-            ghcr.io/goauthentik/server:2022.3.1,
+            ghcr.io/goauthentik/server:2022.3.2,
            ghcr.io/goauthentik/server:latest
          platforms: linux/amd64,linux/arm64
          context: .
@ -69,9 +69,9 @@ jobs:
        with:
          push: ${{ github.event_name == 'release' }}
          tags: |
-            beryju/authentik-${{ matrix.type }}:2022.3.1,
+            beryju/authentik-${{ matrix.type }}:2022.3.2,
            beryju/authentik-${{ matrix.type }}:latest,
-            ghcr.io/goauthentik/${{ matrix.type }}:2022.3.1,
+            ghcr.io/goauthentik/${{ matrix.type }}:2022.3.2,
            ghcr.io/goauthentik/${{ matrix.type }}:latest
          file: ${{ matrix.type }}.Dockerfile
          platforms: linux/amd64,linux/arm64
@ -152,7 +152,7 @@ jobs:
          SENTRY_PROJECT: authentik
          SENTRY_URL: https://sentry.beryju.org
        with:
-          version: authentik@2022.3.1
+          version: authentik@2022.3.2
          environment: beryjuorg-prod
          sourcemaps: './web/dist'
          url_prefix: '~/static/dist'
--- a/5
+++ b/5
@ -135,3 +135,8 @@ install:
 	poetry install
 	cd web && npm i
 	cd website && npm i
+
+a: install
+	tmux -CC \
+		new-session 'make run' \; \
+		split-window 'make web-watch'
--- a/SECURITY.md
+++ b/SECURITY.md
@ -6,8 +6,8 @@

 | Version    | Supported          |
 | ---------- | ------------------ |
-| 2022.1.x   | :white_check_mark: |
 | 2022.2.x   | :white_check_mark: |
+| 2022.3.x   | :white_check_mark: |

 ## Reporting a Vulnerability

--- a/authentik/init.py
+++ b/authentik/init.py
@ -2,7 +2,7 @@
 from os import environ
 from typing import Optional

-__version__ = "2022.3.1"
+__version__ = "2022.3.2"
 ENV_GIT_HASH_KEY = "GIT_BUILD_HASH"


--- a/authentik/core/api/users.py
+++ b/authentik/core/api/users.py
@ -199,7 +199,7 @@ class UsersFilter(FilterSet):
    )

    is_superuser = BooleanFilter(field_name="ak_groups", lookup_expr="is_superuser")
-    uid = CharFilter(field_name="uid")
+    uuid = CharFilter(field_name="uuid")

    groups_by_name = ModelMultipleChoiceFilter(
        field_name="ak_groups__name",
@ -249,7 +249,7 @@ class UserViewSet(UsedByMixin, ModelViewSet):
    queryset = User.objects.none()
    ordering = ["username"]
    serializer_class = UserSerializer
-    search_fields = ["username", "name", "is_active", "email", "uid"]
+    search_fields = ["username", "name", "is_active", "email", "uuid"]
    filterset_class = UsersFilter

    def get_queryset(self):  # pragma: no cover
--- a/authentik/core/models.py
+++ b/authentik/core/models.py
@ -291,7 +291,7 @@ class Application(PolicyBindingModel):
            url = self.meta_launch_url
        if provider := self.get_provider():
            url = provider.launch_url
-        if user:
+        if user and url:
            if isinstance(user, SimpleLazyObject):
                user._setup()
                user = user._wrapped
--- a/authentik/flows/planner.py
+++ b/authentik/flows/planner.py
@ -124,8 +124,6 @@ class FlowPlanner:
    ) -> FlowPlan:
        """Check each of the flows' policies, check policies for each stage with PolicyBinding
        and return ordered list"""
-        if not default_context:
-            default_context = {}
        with Hub.current.start_span(
            op="authentik.flow.planner.plan", description=self.flow.slug
        ) as span:
@ -139,14 +137,16 @@ class FlowPlanner:
            # Bit of a workaround here, if there is a pending user set in the default context
            # we use that user for our cache key
            # to make sure they don't get the generic response
-            if PLAN_CONTEXT_PENDING_USER not in default_context:
-                default_context[PLAN_CONTEXT_PENDING_USER] = request.user
-            user = default_context[PLAN_CONTEXT_PENDING_USER]
+            if default_context and PLAN_CONTEXT_PENDING_USER in default_context:
+                user = default_context[PLAN_CONTEXT_PENDING_USER]
+            else:
+                user = request.user
            # First off, check the flow's direct policy bindings
            # to make sure the user even has access to the flow
            engine = PolicyEngine(self.flow, user, request)
-            span.set_data("default_context", cleanse_dict(default_context))
-            engine.request.context = default_context
+            if default_context:
+                span.set_data("default_context", cleanse_dict(default_context))
+                engine.request.context = default_context
            engine.build()
            result = engine.result
            if not result.passing:
--- a/authentik/lib/default.yml
+++ b/authentik/lib/default.yml
@ -36,7 +36,7 @@ error_reporting:
  enabled: false
  environment: customer
  send_pii: false
-  sample_rate: 0.5
+  sample_rate: 0.3

 # Global email settings
 email:
--- a/authentik/sources/ldap/sync/groups.py
+++ b/authentik/sources/ldap/sync/groups.py
@ -37,6 +37,7 @@ class GroupLDAPSynchronizer(BaseLDAPSynchronizer):
            uniq = self._flatten(attributes[self._source.object_uniqueness_field])
            try:
                defaults = self.build_group_properties(group_dn, **attributes)
+                defaults["parent"] = self._source.sync_parent_group
                self._logger.debug("Creating group with attributes", **defaults)
                if "name" not in defaults:
                    raise IntegrityError("Name was not set by propertymappings")
@ -47,7 +48,6 @@ class GroupLDAPSynchronizer(BaseLDAPSynchronizer):
                    Group,
                    {
                        f"attributes__{LDAP_UNIQUENESS}": uniq,
-                        "parent": self._source.sync_parent_group,
                    },
                    defaults,
                )
--- a/authentik/sources/ldap/tests/test_sync.py
+++ b/authentik/sources/ldap/tests/test_sync.py
@ -5,6 +5,7 @@ from django.db.models import Q
 from django.test import TestCase

 from authentik.core.models import Group, User
+from authentik.core.tests.utils import create_test_admin_user
 from authentik.events.models import Event, EventAction
 from authentik.lib.generators import generate_key
 from authentik.managed.manager import ObjectManager
@ -24,7 +25,7 @@ class LDAPSyncTests(TestCase):

    def setUp(self):
        ObjectManager().run()
-        self.source = LDAPSource.objects.create(
+        self.source: LDAPSource = LDAPSource.objects.create(
            name="ldap",
            slug="ldap",
            base_dn="dc=goauthentik,dc=io",
@ -120,6 +121,9 @@ class LDAPSyncTests(TestCase):
        self.source.property_mappings_group.set(
            LDAPPropertyMapping.objects.filter(managed="goauthentik.io/sources/ldap/default-name")
        )
+        _user = create_test_admin_user()
+        parent_group = Group.objects.get(name=_user.username)
+        self.source.sync_parent_group = parent_group
        connection = PropertyMock(return_value=mock_ad_connection(LDAP_PASSWORD))
        with patch("authentik.sources.ldap.models.LDAPSource.connection", connection):
            self.source.save()
@ -127,8 +131,9 @@ class LDAPSyncTests(TestCase):
            group_sync.sync()
            membership_sync = MembershipLDAPSynchronizer(self.source)
            membership_sync.sync()
-            group = Group.objects.filter(name="test-group")
-            self.assertTrue(group.exists())
+            group: Group = Group.objects.filter(name="test-group").first()
+            self.assertIsNotNone(group)
+            self.assertEqual(group.parent, parent_group)

    def test_sync_groups_openldap(self):
        """Test group sync"""
--- a/authentik/stages/user_write/stage.py
+++ b/authentik/stages/user_write/stage.py
@ -3,7 +3,6 @@ from typing import Any

 from django.contrib import messages
 from django.contrib.auth import update_session_auth_hash
-from django.contrib.auth.models import AnonymousUser
 from django.db import transaction
 from django.db.utils import IntegrityError
 from django.http import HttpRequest, HttpResponse
@ -26,15 +25,16 @@ LOGGER = get_logger()
 class UserWriteStageView(StageView):
    """Finalise Enrollment flow by creating a user object."""

-    def write_attribute(self, user: User, key: str, value: Any):
+    @staticmethod
+    def write_attribute(user: User, key: str, value: Any):
        """Allow use of attributes.foo.bar when writing to a user, with full
        recursion"""
        parts = key.replace("_", ".").split(".")
        if len(parts) < 1:  # pragma: no cover
            return
-        # Function will always be called with a key like attribute.
+        # Function will always be called with a key like attributes.
        # this is just a sanity check to ensure that is removed
-        if parts[0] == "attribute":
+        if parts[0] == "attributes":
            parts = parts[1:]
        attrs = user.attributes
        for comp in parts[:-1]:
@ -57,12 +57,7 @@ class UserWriteStageView(StageView):
            return self.executor.stage_invalid()
        data = self.executor.plan.context[PLAN_CONTEXT_PROMPT]
        user_created = False
-        # check if pending user is set (default to anonymous user), if
-        # it's an anonymous user then we need to create a new user.
-        if isinstance(
-            self.executor.plan.context.get(PLAN_CONTEXT_PENDING_USER, AnonymousUser()),
-            AnonymousUser,
-        ):
+        if PLAN_CONTEXT_PENDING_USER not in self.executor.plan.context:
            self.executor.plan.context[PLAN_CONTEXT_PENDING_USER] = User(
                is_active=not self.executor.current_stage.create_users_as_inactive
            )
@ -90,16 +85,20 @@ class UserWriteStageView(StageView):
                setter = getattr(user, setter_name)
                if callable(setter):
                    setter(value)
+            # For exact attributes match, update the dictionary in place
+            elif key == "attributes":
+                user.attributes.update(value)
            # User has this key already
-            elif hasattr(user, key):
+            elif hasattr(user, key) and not key.startswith("attributes."):
                setattr(user, key, value)
            # Otherwise we just save it as custom attribute, but only if the value is prefixed with
            # `attribute_`, to prevent accidentally saving values
            else:
-                if not key.startswith("attribute.") and not key.startswith("attribute_"):
+                if not key.startswith("attributes.") and not key.startswith("attributes_"):
                    LOGGER.debug("discarding key", key=key)
                    continue
-                self.write_attribute(user, key, value)
+                UserWriteStageView.write_attribute(user, key, value)
+        print(user.attributes)
        # Extra check to prevent flows from saving a user with a blank username
        if user.username == "":
            LOGGER.warning("Aborting write to empty username", user=user)
--- a/authentik/stages/user_write/tests.py
+++ b/authentik/stages/user_write/tests.py
@ -16,6 +16,7 @@ from authentik.flows.tests.test_executor import TO_STAGE_RESPONSE_MOCK
 from authentik.flows.views.executor import SESSION_KEY_PLAN
 from authentik.stages.prompt.stage import PLAN_CONTEXT_PROMPT
 from authentik.stages.user_write.models import UserWriteStage
+from authentik.stages.user_write.stage import UserWriteStageView


 class TestUserWriteStage(FlowTestCase):
@ -77,7 +78,7 @@ class TestUserWriteStage(FlowTestCase):
        plan.context[PLAN_CONTEXT_PROMPT] = {
            "username": "test-user-new",
            "password": new_password,
-            "attribute.some.custom-attribute": "test",
+            "attributes.some.custom-attribute": "test",
            "some_ignored_attribute": "bar",
        }
        session = self.client.session
@ -172,3 +173,43 @@ class TestUserWriteStage(FlowTestCase):
            self.flow,
            component="ak-stage-access-denied",
        )
+
+    def test_write_attribute(self):
+        """Test write_attribute"""
+        user = create_test_admin_user()
+        user.attributes = {
+            "foo": "bar",
+            "baz": {
+                "qwer": [
+                    "quox",
+                ]
+            },
+        }
+        user.save()
+        UserWriteStageView.write_attribute(user, "attributes.foo", "baz")
+        self.assertEqual(
+            user.attributes,
+            {
+                "foo": "baz",
+                "baz": {
+                    "qwer": [
+                        "quox",
+                    ]
+                },
+            },
+        )
+        UserWriteStageView.write_attribute(user, "attributes.foob.bar", "baz")
+        self.assertEqual(
+            user.attributes,
+            {
+                "foo": "baz",
+                "foob": {
+                    "bar": "baz",
+                },
+                "baz": {
+                    "qwer": [
+                        "quox",
+                    ]
+                },
+            },
+        )
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -17,7 +17,7 @@ services:
    image: redis:alpine
    restart: unless-stopped
  server:
-    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2022.3.1}
+    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2022.3.2}
    restart: unless-stopped
    command: server
    environment:
@ -38,7 +38,7 @@ services:
      - "0.0.0.0:${AUTHENTIK_PORT_HTTP:-9000}:9000"
      - "0.0.0.0:${AUTHENTIK_PORT_HTTPS:-9443}:9443"
  worker:
-    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2022.3.1}
+    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2022.3.2}
    restart: unless-stopped
    command: worker
    environment:
--- a/go.mod
+++ b/go.mod
@ -6,7 +6,7 @@ require (
 	github.com/Netflix/go-env v0.0.0-20210215222557-e437a7e7f9fb
 	github.com/coreos/go-oidc v2.2.1+incompatible
 	github.com/garyburd/redigo v1.6.2 // indirect
-	github.com/getsentry/sentry-go v0.12.0
+	github.com/getsentry/sentry-go v0.13.0
 	github.com/go-ldap/ldap/v3 v3.4.2
 	github.com/go-openapi/runtime v0.23.2
 	github.com/go-openapi/strfmt v0.21.2
@ -27,7 +27,7 @@ require (
 	github.com/quasoft/memstore v0.0.0-20191010062613-2bce066d2b0b
 	github.com/sirupsen/logrus v1.8.1
 	github.com/stretchr/testify v1.7.0
-	goauthentik.io/api/v3 v3.2022021.4
+	goauthentik.io/api/v3 v3.2022031.1
 	golang.org/x/net v0.0.0-20220225172249-27dd8689420f // indirect
 	golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b
 	golang.org/x/sync v0.0.0-20210220032951-036812b2e83c
--- a/go.sum
+++ b/go.sum
@ -91,7 +91,6 @@ github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.m
 github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
 github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
 github.com/etcd-io/bbolt v1.3.3/go.mod h1:ZF2nL25h33cCyBtcyWeZ2/I3HQOfTP+0PIEvHjkjCrw=
-github.com/fasthttp-contrib/websocket v0.0.0-20160511215533-1f3b11f56072/go.mod h1:duJ4Jxv5lDcvg4QuQr0oowTf7dz4/CR8NtyCooz9HL8=
 github.com/fatih/structs v1.1.0/go.mod h1:9NiDSp5zOcgEDl+j00MP/WkGVPOlPRLejGD8Ga6PJ7M=
 github.com/felixge/httpsnoop v1.0.1 h1:lvB5Jl89CsZtGIWuTcDM1E/vkVs49/Ml7JJe07l8SPQ=
 github.com/felixge/httpsnoop v1.0.1/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
@ -99,10 +98,10 @@ github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMo
 github.com/garyburd/redigo v1.6.2 h1:yE/pwKCrbLpLpQICzYTeZ7JsTA/C53wFTJHaEtRqniM=
 github.com/garyburd/redigo v1.6.2/go.mod h1:NR3MbYisc3/PwhQ00EMzDiPmrwpPxAn5GI05/YaO1SY=
 github.com/gavv/httpexpect v2.0.0+incompatible/go.mod h1:x+9tiU1YnrOvnB725RkpoLv1M62hOWzwo5OXotisrKc=
-github.com/getsentry/sentry-go v0.12.0 h1:era7g0re5iY13bHSdN/xMkyV+5zZppjRVQhZrXCaEIk=
-github.com/getsentry/sentry-go v0.12.0/go.mod h1:NSap0JBYWzHND8oMbyi0+XZhUalc1TBdRL1M71JZW2c=
-github.com/gin-contrib/sse v0.0.0-20190301062529-5545eab6dad3/go.mod h1:VJ0WA2NBN22VlZ2dKZQPAPnyWw5XTlK1KymzLKsr59s=
-github.com/gin-gonic/gin v1.4.0/go.mod h1:OW2EZn3DO8Ln9oIKOvM++LBO+5UPHJJDH72/q/3rZdM=
+github.com/getsentry/sentry-go v0.13.0 h1:20dgTiUSfxRB/EhMPtxcL9ZEbM1ZdR+W/7f7NWD+xWo=
+github.com/getsentry/sentry-go v0.13.0/go.mod h1:EOsfu5ZdvKPfeHYV6pTVQnsjfp30+XA7//UooKNumH0=
+github.com/gin-contrib/sse v0.1.0/go.mod h1:RHrZQHXnP2xjPF+u1gW/2HnVO7nvIa9PG3Gm+fLHvGI=
+github.com/gin-gonic/gin v1.7.7/go.mod h1:axIBovoeJpVj8S3BwE0uPMTeReE4+AfFtqpqaZ1qq1U=
 github.com/go-asn1-ber/asn1-ber v1.5.1 h1:pDbRAunXzIUXfx4CB2QJFv5IuPiuoW+sWvr/Us009o8=
 github.com/go-asn1-ber/asn1-ber v1.5.1/go.mod h1:hEBeB/ic+5LoWskz+yKT7vGhhPYkProFKoKdwZRWMe0=
 github.com/go-check/check v0.0.0-20180628173108-788fd7840127/go.mod h1:9ES+weclKsC9YodN5RgxqK/VD9HM9JsCSh7rNhMZE98=
@ -147,6 +146,10 @@ github.com/go-openapi/swag v0.21.1 h1:wm0rhTb5z7qpJRHBdPOMuY4QjVUMbF6/kwoYeRAOrK
 github.com/go-openapi/swag v0.21.1/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ=
 github.com/go-openapi/validate v0.21.0 h1:+Wqk39yKOhfpLqNLEC0/eViCkzM5FVXVqrvt526+wcI=
 github.com/go-openapi/validate v0.21.0/go.mod h1:rjnrwK57VJ7A8xqfpAOEKRH8yQSGUriMu5/zuPSQ1hg=
+github.com/go-playground/assert/v2 v2.0.1/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4=
+github.com/go-playground/locales v0.13.0/go.mod h1:taPMhCMXrRLJO55olJkUXHZBHCxTMfnGwq/HNwmWNS8=
+github.com/go-playground/universal-translator v0.17.0/go.mod h1:UkSxE5sNxxRwHyU+Scu5vgOQjsIJAF8j9muTVoKLVtA=
+github.com/go-playground/validator/v10 v10.4.1/go.mod h1:nlOn6nFhuKACm19sB/8EGNn9GlaMV7XkbRSipzJ0Ii4=
 github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
 github.com/go-stack/stack v1.8.1 h1:ntEHSVwIt7PNXNpgPmVfMrNhLtgjlmnZha2kOpuRiDw=
 github.com/go-stack/stack v1.8.1/go.mod h1:dcoOX6HbPZSZptuspn9bctJ+N/CnF5gGygcUP3XYfe4=
@ -256,7 +259,6 @@ github.com/hashicorp/go-version v1.2.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09
 github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
 github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
 github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
-github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
 github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
 github.com/imdario/mergo v0.3.12 h1:b6R2BslTbIEToALKP7LxUvijTsNI9TAe80pLWN2g/HU=
 github.com/imdario/mergo v0.3.12/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA=
@ -281,7 +283,6 @@ github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/X
 github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU=
 github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
 github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM=
-github.com/k0kubun/colorstring v0.0.0-20150214042306-9440f1994b88/go.mod h1:3w7q1U84EfirKl04SVQ/s7nPm1ZPhiXd34z40TNz36k=
 github.com/karrick/godirwalk v1.8.0/go.mod h1:H5KPZjojv4lE+QYImBI8xVtrBRgYrIVsaRPx4tDPEn4=
 github.com/karrick/godirwalk v1.10.3/go.mod h1:RoGL9dQei4vP9ilrpETWE8CLOZ1kiN0LhBygSwrAsHA=
 github.com/kataras/golog v0.0.10/go.mod h1:yJ8YKCmyL+nWjERB90Qwn+bdyBZsaQwU3bTVFgkFIp8=
@ -305,6 +306,7 @@ github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
 github.com/labstack/echo/v4 v4.5.0/go.mod h1:czIriw4a0C1dFun+ObrXp7ok03xON0N1awStJ6ArI7Y=
 github.com/labstack/gommon v0.3.0/go.mod h1:MULnywXg0yavhxWKc+lOruYdAhDwPK9wf0OL7NoOu+k=
+github.com/leodido/go-urn v1.2.0/go.mod h1:+8+nEpDfqqsY+g338gtMEUOtuK+4dEMhiQEgxpxOKII=
 github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
 github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
 github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
@ -316,7 +318,6 @@ github.com/markbates/safe v1.0.1/go.mod h1:nAqgmRi7cY2nqMc92/bSEeQA+R4OheNU2T1kN
 github.com/mattn/go-colorable v0.1.2/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE=
 github.com/mattn/go-colorable v0.1.8/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc=
 github.com/mattn/go-colorable v0.1.11/go.mod h1:u5H1YNBxpqRaxsYJYSkiCWKzEfiAb1Gb520KVy5xxl4=
-github.com/mattn/go-isatty v0.0.7/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s=
 github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s=
 github.com/mattn/go-isatty v0.0.9/go.mod h1:YNRxwqDuOph6SZLI9vUUz6OYw3QyUt7WiY2yME+cCiQ=
 github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU=
@ -353,9 +354,6 @@ github.com/nmcclain/ldap v0.0.0-20210720162743-7f8d1e44eeba h1:DO8NFYdcRv1dnyAIN
 github.com/nmcclain/ldap v0.0.0-20210720162743-7f8d1e44eeba/go.mod h1:4S0XndRL8HNOaQBfdViJ2F/GPCgL524xlXRuXFH12/U=
 github.com/oklog/ulid v1.3.1 h1:EGfNDEx6MqHz8B3uNV6QAib1UR2Lm97sHi3ocA6ESJ4=
 github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U=
-github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
-github.com/onsi/ginkgo v1.10.3/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
-github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY=
 github.com/opentracing/opentracing-go v1.2.0 h1:uEJPy/1a5RIPAJ0Ov+OIO8OxWu77jEv+1B0VhjKrZUs=
 github.com/opentracing/opentracing-go v1.2.0/go.mod h1:GxEUsuufX4nBwe+T+Wl9TAgYrxe9dPLANfrWvHYVTgc=
 github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic=
@ -430,7 +428,6 @@ github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5Cc
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/tidwall/pretty v1.0.0 h1:HsD+QiTn7sK6flMKIvNmpqz1qrpP3Ps6jOKIKMooyg4=
 github.com/tidwall/pretty v1.0.0/go.mod h1:XNkn88O1ChpSDQmQeStsy+sBenx6DDtFZJxhVysOjyk=
-github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGrc=
 github.com/ugorji/go v1.1.7/go.mod h1:kZn38zHttfInRq0xu/PH0az30d+z6vm202qpg1oXVMw=
 github.com/ugorji/go/codec v0.0.0-20181204163529-d75b2dcb6bc8/go.mod h1:VFNgLljTbGfSG7qAOspJ7OScBnGdDN/yBr0sguwnwf0=
 github.com/ugorji/go/codec v1.1.7/go.mod h1:Ax+UKWsSmolVDwsd+7N3ZtXu+yMGCf907BLYF3GoBXY=
@ -451,7 +448,6 @@ github.com/yalp/jsonpath v0.0.0-20180802001716-5cc68e5049a0/go.mod h1:/LWChgwKmv
 github.com/youmark/pkcs8 v0.0.0-20181117223130-1be2e3e5546d/go.mod h1:rHwXgn7JulP+udvsHwJoVG1YGAP6VLg4y9I5dyZdqmA=
 github.com/yudai/gojsondiff v1.0.0/go.mod h1:AY32+k2cwILAkW1fbgxQ5mUmMiZFgLIV+FBNExI05xg=
 github.com/yudai/golcs v0.0.0-20170316035057-ecda9a501e82/go.mod h1:lgjkn3NuSvDfVJdfcVVdX+jpBxNmX4rDAzaS45IcYoM=
-github.com/yudai/pp v2.0.1+incompatible/go.mod h1:PuxR/8QJ7cyCkFp/aUDS+JY727OFEZkTdatxwunjIkc=
 github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
@ -464,8 +460,8 @@ go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
 go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
 go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
 go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
-goauthentik.io/api/v3 v3.2022021.4 h1:vAbJJXq+SvXnrdeymby4KTqR4cDe9qweNWwqqkJanzo=
-goauthentik.io/api/v3 v3.2022021.4/go.mod h1:QM9J32HgYE4gL71lWAfAoXSPdSmLVLW08itfLI3Mo10=
+goauthentik.io/api/v3 v3.2022031.1 h1:8n0fHdp8DIlLrTZR79SX8jfYHnJFOeloEJ5D82xRNjU=
+goauthentik.io/api/v3 v3.2022031.1/go.mod h1:QM9J32HgYE4gL71lWAfAoXSPdSmLVLW08itfLI3Mo10=
 golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
@ -514,7 +510,6 @@ golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20181220203305-927f97764cc3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@ -575,7 +570,6 @@ golang.org/x/sync v0.0.0-20210220032951-036812b2e83c h1:5KslGYwFpkhGh+Q16bwMP3cO
 golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20181205085412-a5c9d58dba9a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@ -784,14 +778,10 @@ gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8
 gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f h1:BLraFXnmrev5lT+xlilqcH8XK9/i0At2xKjWk4p6zsU=
 gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
-gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys=
-gopkg.in/go-playground/assert.v1 v1.2.1/go.mod h1:9RXL0bg/zibRAgZUYszZSwO/z8Y/a8bDuhia5mkpMnE=
-gopkg.in/go-playground/validator.v8 v8.18.2/go.mod h1:RX2a/7Ha8BgOhfk7j780h4/u/RRjR0eouCJSH80/M2Y=
 gopkg.in/ini.v1 v1.51.1/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
 gopkg.in/mgo.v2 v2.0.0-20180705113604-9856a29383ce/go.mod h1:yeKp02qBN3iKW1OzL3MGk2IdtZzaj7SFntXj72NppTA=
 gopkg.in/square/go-jose.v2 v2.5.1 h1:7odma5RETjNHWJnR32wx8t+Io4djHE1PqxCFx3iiZ2w=
 gopkg.in/square/go-jose.v2 v2.5.1/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
-gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw=
 gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
--- a/internal/constants/constants.go
+++ b/internal/constants/constants.go
@ -25,4 +25,4 @@ func OutpostUserAgent() string {
 	return fmt.Sprintf("authentik-outpost@%s", FullVersion())
 }

-const VERSION = "2022.3.1"
+const VERSION = "2022.3.2"
--- a/poetry.lock
+++ b/poetry.lock
@ -341,11 +341,11 @@ tests = ["pytest", "pytest-django", "pytest-asyncio", "async-timeout", "coverage

 [[package]]
 name = "channels-redis"
-version = "3.3.1"
+version = "3.4.0"
 description = "Redis-backed ASGI channel layer implementation"
 category = "main"
 optional = false
-python-versions = ">=3.6"
+python-versions = ">=3.7"

 [package.dependencies]
 aioredis = ">=1.0,<2.0"
@ -819,7 +819,7 @@ python-versions = ">=3.6"

 [[package]]
 name = "httptools"
-version = "0.3.0"
+version = "0.4.0"
 description = "A collection of framework independent HTTP protocol utils."
 category = "main"
 optional = false
@ -860,7 +860,7 @@ python-versions = ">=3.5"

 [[package]]
 name = "importlib-metadata"
-version = "4.11.2"
+version = "4.11.3"
 description = "Read metadata from Python packages"
 category = "dev"
 optional = false
@ -1091,7 +1091,7 @@ pyparsing = ">=2.0.2,<3.0.5 || >3.0.5"

 [[package]]
 name = "paramiko"
-version = "2.9.2"
+version = "2.10.1"
 description = "SSH2 protocol library"
 category = "main"
 optional = false
@ -1101,6 +1101,7 @@ python-versions = "*"
 bcrypt = ">=3.1.3"
 cryptography = ">=2.5"
 pynacl = ">=1.0.1"
+six = "*"

 [package.extras]
 all = ["pyasn1 (>=0.1.7)", "pynacl (>=1.0.1)", "bcrypt (>=3.1.3)", "invoke (>=1.3)", "gssapi (>=1.4.1)", "pywin32 (>=2.1.8)"]
@ -1352,11 +1353,11 @@ python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*"

 [[package]]
 name = "pytest"
-version = "7.0.1"
+version = "7.1.0"
 description = "pytest: simple powerful testing with Python"
 category = "dev"
 optional = false
-python-versions = ">=3.6"
+python-versions = ">=3.7"

 [package.dependencies]
 atomicwrites = {version = ">=1.0", markers = "sys_platform == \"win32\""}
@ -1825,7 +1826,7 @@ socks = ["PySocks (>=1.5.6,!=1.5.7,<2.0)"]

 [[package]]
 name = "uvicorn"
-version = "0.17.5"
+version = "0.17.6"
 description = "The lightning-fast ASGI server."
 category = "main"
 optional = false
@ -1836,7 +1837,7 @@ asgiref = ">=3.4.0"
 click = ">=7.0"
 colorama = {version = ">=0.4", optional = true, markers = "sys_platform == \"win32\" and extra == \"standard\""}
 h11 = ">=0.8"
-httptools = {version = ">=0.2.0,<0.4.0", optional = true, markers = "extra == \"standard\""}
+httptools = {version = ">=0.4.0", optional = true, markers = "extra == \"standard\""}
 python-dotenv = {version = ">=0.13", optional = true, markers = "extra == \"standard\""}
 PyYAML = {version = ">=5.1", optional = true, markers = "extra == \"standard\""}
 uvloop = {version = ">=0.14.0,<0.15.0 || >0.15.0,<0.15.1 || >0.15.1", optional = true, markers = "sys_platform != \"win32\" and sys_platform != \"cygwin\" and platform_python_implementation != \"PyPy\" and extra == \"standard\""}
@ -1844,7 +1845,7 @@ watchgod = {version = ">=0.6", optional = true, markers = "extra == \"standard\"
 websockets = {version = ">=10.0", optional = true, markers = "extra == \"standard\""}

 [package.extras]
-standard = ["websockets (>=10.0)", "httptools (>=0.2.0,<0.4.0)", "watchgod (>=0.6)", "python-dotenv (>=0.13)", "PyYAML (>=5.1)", "uvloop (>=0.14.0,!=0.15.0,!=0.15.1)", "colorama (>=0.4)"]
+standard = ["websockets (>=10.0)", "httptools (>=0.4.0)", "watchgod (>=0.6)", "python-dotenv (>=0.13)", "PyYAML (>=5.1)", "uvloop (>=0.14.0,!=0.15.0,!=0.15.1)", "colorama (>=0.4)"]

 [[package]]
 name = "uvloop"
@ -2254,8 +2255,8 @@ channels = [
    {file = "channels-3.0.4.tar.gz", hash = "sha256:fdd9a94987a23d8d7ebd97498ed8b8cc83163f37e53fc6c85098aba7a3bb8b75"},
 ]
 channels-redis = [
-    {file = "channels_redis-3.3.1-py3-none-any.whl", hash = "sha256:fbb24a7a57a6cc0ebe5aa121cdf841eabf845cf47dd5c1059224ef4d64aeaeac"},
-    {file = "channels_redis-3.3.1.tar.gz", hash = "sha256:899dc6433f5416cf8ad74505baaf2acb5461efac3cad40751a41119e3f68421b"},
+    {file = "channels_redis-3.4.0-py3-none-any.whl", hash = "sha256:6e4565b7c11c6bcde5d48556cb83bd043779697ff03811867d2f895aa6170d56"},
+    {file = "channels_redis-3.4.0.tar.gz", hash = "sha256:5dffd4cc16174125bd4043fc8fe7462ca7403cf801d59a9fa7410ed101fa6a57"},
 ]
 charset-normalizer = [
    {file = "charset-normalizer-2.0.11.tar.gz", hash = "sha256:98398a9d69ee80548c762ba991a4728bfc3836768ed226b3945908d1a688371c"},
@ -2559,30 +2560,40 @@ hiredis = [
    {file = "hiredis-2.0.0.tar.gz", hash = "sha256:81d6d8e39695f2c37954d1011c0480ef7cf444d4e3ae24bc5e89ee5de360139a"},
 ]
 httptools = [
-    {file = "httptools-0.3.0-cp310-cp310-macosx_10_9_universal2.whl", hash = "sha256:4137137de8976511a392e27bfdcf231bd926ac13d375e0414e927b08217d779e"},
-    {file = "httptools-0.3.0-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:9f475b642c48b1b78584bdd12a5143e2c512485664331eade9c29ef769a17598"},
-    {file = "httptools-0.3.0-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:4687dfc116a9f1eb22a7d797f0dc6f6e17190d406ca4e729634b38aa98044b17"},
-    {file = "httptools-0.3.0-cp310-cp310-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl", hash = "sha256:72ee0e3fb9c6437ab3ae34e9abee67fcee6876f4f58504e3f613dd5882aafdb7"},
-    {file = "httptools-0.3.0-cp310-cp310-win_amd64.whl", hash = "sha256:3787c1f46e9722ef7f07ea5c76b0103037483d1b12e34a02c53ceca5afa4e09a"},
-    {file = "httptools-0.3.0-cp36-cp36m-macosx_10_9_x86_64.whl", hash = "sha256:c0ac2e0ce6733c55858932e7d37fcc7b67ba6bb23e9648593c55f663de031b93"},
-    {file = "httptools-0.3.0-cp36-cp36m-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:79717080dc3f8b1eeb7f820b9b81528acbc04be6041f323fdd97550da2062575"},
-    {file = "httptools-0.3.0-cp36-cp36m-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl", hash = "sha256:eda95634027200f4b2a6d499e7c2e7fa9b8ee57e045dfda26958ea0af27c070b"},
-    {file = "httptools-0.3.0-cp36-cp36m-win_amd64.whl", hash = "sha256:3f82eb106e1474c63dba36a176067e65b48385f4cecddf3616411aa5d1fbdfec"},
-    {file = "httptools-0.3.0-cp37-cp37m-macosx_10_9_x86_64.whl", hash = "sha256:c14576b737d9e6e4f2a86af04918dbe9b62f57ce8102a8695c9a382dbe405c7f"},
-    {file = "httptools-0.3.0-cp37-cp37m-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:113816f9af7dcfc4aa71ebb5354d77365f666ecf96ac7ff2aa1d24b6bca44165"},
-    {file = "httptools-0.3.0-cp37-cp37m-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl", hash = "sha256:b8ac7dee63af4346e02b1e6d32202e3b5b3706a9928bec6da6d7a5b066217422"},
-    {file = "httptools-0.3.0-cp37-cp37m-win_amd64.whl", hash = "sha256:04114db99605c9b56ea22a8ec4d7b1485b908128ed4f4a8f6438489c428da794"},
-    {file = "httptools-0.3.0-cp38-cp38-macosx_10_9_universal2.whl", hash = "sha256:6e676bc3bb911b11f3d7e2144b9a53600bf6b9b21e0e4437aa308e1eef094d97"},
-    {file = "httptools-0.3.0-cp38-cp38-macosx_10_9_x86_64.whl", hash = "sha256:cdc3975db86c29817e6d13df14e037c931fc893a710fb71097777a4147090068"},
-    {file = "httptools-0.3.0-cp38-cp38-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:8ac842df4fc3952efa7820b277961ea55e068bbc54cb59a0820400de7ae358d8"},
-    {file = "httptools-0.3.0-cp38-cp38-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl", hash = "sha256:47dba2345aaa01b87e4981e8756af441349340708d5b60712c98c55a4d28f4af"},
-    {file = "httptools-0.3.0-cp38-cp38-win_amd64.whl", hash = "sha256:5a836bd85ae1fb4304f674808488dae403e136d274aa5bafd0e6ee456f11c371"},
-    {file = "httptools-0.3.0-cp39-cp39-macosx_10_9_universal2.whl", hash = "sha256:1a8f26327023fa1a947d36e60a0582149e182fbbc949c8a65ec8665754dbbe69"},
-    {file = "httptools-0.3.0-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:32a10a5903b5bc0eb647d01cd1e95bec3bb614a9bf53f0af1e01360b2debdf81"},
-    {file = "httptools-0.3.0-cp39-cp39-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:21e948034f70e47c8abfa2d5e6f1a5661f87a2cddc7bcc70f61579cc87897c70"},
-    {file = "httptools-0.3.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl", hash = "sha256:074afd8afdeec0fa6786cd4a1676e0c0be23dc9a017a86647efa6b695168104f"},
-    {file = "httptools-0.3.0-cp39-cp39-win_amd64.whl", hash = "sha256:2119fa619a4c53311f594f25c0205d619350fcb32140ec5057f861952e9b2b4f"},
-    {file = "httptools-0.3.0.tar.gz", hash = "sha256:3f9b4856d46ba1f0c850f4e84b264a9a8b4460acb20e865ec00978ad9fbaa4cf"},
+    {file = "httptools-0.4.0-cp310-cp310-macosx_10_9_universal2.whl", hash = "sha256:fcddfe70553be717d9745990dfdb194e22ee0f60eb8f48c0794e7bfeda30d2d5"},
+    {file = "httptools-0.4.0-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:1ee0b459257e222b878a6c09ccf233957d3a4dcb883b0847640af98d2d9aac23"},
+    {file = "httptools-0.4.0-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:ceafd5e960b39c7e0d160a1936b68eb87c5e79b3979d66e774f0c77d4d8faaed"},
+    {file = "httptools-0.4.0-cp310-cp310-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl", hash = "sha256:fdb9f9ed79bc6f46b021b3319184699ba1a22410a82204e6e89c774530069683"},
+    {file = "httptools-0.4.0-cp310-cp310-musllinux_1_1_aarch64.whl", hash = "sha256:abe829275cdd4174b4c4e65ad718715d449e308d59793bf3a931ee1bf7e7b86c"},
+    {file = "httptools-0.4.0-cp310-cp310-musllinux_1_1_x86_64.whl", hash = "sha256:7af6bdbd21a2a25d6784f6d67f44f5df33ef39b6159543b9f9064d365c01f919"},
+    {file = "httptools-0.4.0-cp310-cp310-win_amd64.whl", hash = "sha256:5d1fe6b6661022fd6cac541f54a4237496b246e6f1c0a6b41998ee08a1135afe"},
+    {file = "httptools-0.4.0-cp36-cp36m-macosx_10_9_x86_64.whl", hash = "sha256:48e48530d9b995a84d1d89ae6b3ec4e59ea7d494b150ac3bbc5e2ac4acce92cd"},
+    {file = "httptools-0.4.0-cp36-cp36m-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:a113789e53ac1fa26edf99856a61e4c493868e125ae0dd6354cf518948fbbd5c"},
+    {file = "httptools-0.4.0-cp36-cp36m-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl", hash = "sha256:8e2eb957787cbb614a0f006bfc5798ff1d90ac7c4dd24854c84edbdc8c02369e"},
+    {file = "httptools-0.4.0-cp36-cp36m-musllinux_1_1_aarch64.whl", hash = "sha256:7ee9f226acab9085037582c059d66769862706e8e8cd2340470ceb8b3850873d"},
+    {file = "httptools-0.4.0-cp36-cp36m-musllinux_1_1_x86_64.whl", hash = "sha256:701e66b59dd21a32a274771238025d58db7e2b6ecebbab64ceff51b8e31527ae"},
+    {file = "httptools-0.4.0-cp36-cp36m-win_amd64.whl", hash = "sha256:6a1a7dfc1f9c78a833e2c4904757a0f47ce25d08634dd2a52af394eefe5f9777"},
+    {file = "httptools-0.4.0-cp37-cp37m-macosx_10_9_x86_64.whl", hash = "sha256:903f739c9fb78dab8970b0f3ea51f21955b24b45afa77b22ff0e172fc11ef111"},
+    {file = "httptools-0.4.0-cp37-cp37m-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:54bbd295f031b866b9799dd39cb45deee81aca036c9bff9f58ca06726f6494f1"},
+    {file = "httptools-0.4.0-cp37-cp37m-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl", hash = "sha256:3194f6d6443befa8d4db16c1946b2fc428a3ceb8ab32eb6f09a59f86104dc1a0"},
+    {file = "httptools-0.4.0-cp37-cp37m-musllinux_1_1_aarch64.whl", hash = "sha256:cd1295f52971097f757edfbfce827b6dbbfb0f7a74901ee7d4933dff5ad4c9af"},
+    {file = "httptools-0.4.0-cp37-cp37m-musllinux_1_1_x86_64.whl", hash = "sha256:20a45bcf22452a10fa8d58b7dbdb474381f6946bf5b8933e3662d572bc61bae4"},
+    {file = "httptools-0.4.0-cp37-cp37m-win_amd64.whl", hash = "sha256:d1f27bb0f75bef722d6e22dc609612bfa2f994541621cd2163f8c943b6463dfe"},
+    {file = "httptools-0.4.0-cp38-cp38-macosx_10_9_universal2.whl", hash = "sha256:7f7bfb74718f52d5ed47d608d507bf66d3bc01d4a8b3e6dd7134daaae129357b"},
+    {file = "httptools-0.4.0-cp38-cp38-macosx_10_9_x86_64.whl", hash = "sha256:a522d12e2ddbc2e91842ffb454a1aeb0d47607972c7d8fc88bd0838d97fb8a2a"},
+    {file = "httptools-0.4.0-cp38-cp38-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:2db44a0b294d317199e9f80123e72c6b005c55b625b57fae36de68670090fa48"},
+    {file = "httptools-0.4.0-cp38-cp38-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl", hash = "sha256:c286985b5e194ca0ebb2908d71464b9be8f17cc66d6d3e330e8d5407248f56ad"},
+    {file = "httptools-0.4.0-cp38-cp38-musllinux_1_1_aarch64.whl", hash = "sha256:d3a4e165ca6204f34856b765d515d558dc84f1352033b8721e8d06c3e44930c3"},
+    {file = "httptools-0.4.0-cp38-cp38-musllinux_1_1_x86_64.whl", hash = "sha256:72aa3fbe636b16d22e04b5a9d24711b043495e0ecfe58080addf23a1a37f3409"},
+    {file = "httptools-0.4.0-cp38-cp38-win_amd64.whl", hash = "sha256:9967d9758df505975913304c434cb9ab21e2c609ad859eb921f2f615a038c8de"},
+    {file = "httptools-0.4.0-cp39-cp39-macosx_10_9_universal2.whl", hash = "sha256:f72b5d24d6730035128b238decdc4c0f2104b7056a7ca55cf047c106842ec890"},
+    {file = "httptools-0.4.0-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:29bf97a5c532da9c7a04de2c7a9c31d1d54f3abd65a464119b680206bbbb1055"},
+    {file = "httptools-0.4.0-cp39-cp39-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:98993805f1e3cdb53de4eed02b55dcc953cdf017ba7bbb2fd89226c086a6d855"},
+    {file = "httptools-0.4.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl", hash = "sha256:d9b90bf58f3ba04e60321a23a8723a1ff2a9377502535e70495e5ada8e6e6722"},
+    {file = "httptools-0.4.0-cp39-cp39-musllinux_1_1_aarch64.whl", hash = "sha256:1a99346ebcb801b213c591540837340bdf6fd060a8687518d01c607d338b7424"},
+    {file = "httptools-0.4.0-cp39-cp39-musllinux_1_1_x86_64.whl", hash = "sha256:645373c070080e632480a3d251d892cb795be3d3a15f86975d0f1aca56fd230d"},
+    {file = "httptools-0.4.0-cp39-cp39-win_amd64.whl", hash = "sha256:34d2903dd2a3dd85d33705b6fde40bf91fc44411661283763fd0746723963c83"},
+    {file = "httptools-0.4.0.tar.gz", hash = "sha256:2c9a930c378b3d15d6b695fb95ebcff81a7395b4f9775c4f10a076beb0b2c1ff"},
 ]
 humanize = [
    {file = "humanize-3.14.0-py3-none-any.whl", hash = "sha256:32bcf712ac98ff5e73627a9d31e1ba5650619008d6d13543b5d53b48e8ab8d43"},
@ -2597,8 +2608,8 @@ idna = [
    {file = "idna-3.3.tar.gz", hash = "sha256:9d643ff0a55b762d5cdb124b8eaa99c66322e2157b69160bc32796e824360e6d"},
 ]
 importlib-metadata = [
-    {file = "importlib_metadata-4.11.2-py3-none-any.whl", hash = "sha256:d16e8c1deb60de41b8e8ed21c1a7b947b0bc62fab7e1d470bcdf331cea2e6735"},
-    {file = "importlib_metadata-4.11.2.tar.gz", hash = "sha256:b36ffa925fe3139b2f6ff11d6925ffd4fa7bc47870165e3ac260ac7b4f91e6ac"},
+    {file = "importlib_metadata-4.11.3-py3-none-any.whl", hash = "sha256:1208431ca90a8cca1a6b8af391bb53c1a2db74e5d1cef6ddced95d4b2062edc6"},
+    {file = "importlib_metadata-4.11.3.tar.gz", hash = "sha256:ea4c597ebf37142f827b8f39299579e31685c31d3a438b59f469406afd0f2539"},
 ]
 incremental = [
    {file = "incremental-21.3.0-py2.py3-none-any.whl", hash = "sha256:92014aebc6a20b78a8084cdd5645eeaa7f74b8933f70fa3ada2cfbd1e3b54321"},
@ -2858,8 +2869,8 @@ packaging = [
    {file = "packaging-21.3.tar.gz", hash = "sha256:dd47c42927d89ab911e606518907cc2d3a1f38bbd026385970643f9c5b8ecfeb"},
 ]
 paramiko = [
-    {file = "paramiko-2.9.2-py2.py3-none-any.whl", hash = "sha256:04097dbd96871691cdb34c13db1883066b8a13a0df2afd4cb0a92221f51c2603"},
-    {file = "paramiko-2.9.2.tar.gz", hash = "sha256:944a9e5dbdd413ab6c7951ea46b0ab40713235a9c4c5ca81cfe45c6f14fa677b"},
+    {file = "paramiko-2.10.1-py2.py3-none-any.whl", hash = "sha256:f6cbd3e1204abfdbcd40b3ecbc9d32f04027cd3080fe666245e21e7540ccfc1b"},
+    {file = "paramiko-2.10.1.tar.gz", hash = "sha256:443f4da23ec24e9a9c0ea54017829c282abdda1d57110bf229360775ccd27a31"},
 ]
 pathspec = [
    {file = "pathspec-0.9.0-py2.py3-none-any.whl", hash = "sha256:7d15c4ddb0b5c802d161efc417ec1a2558ea2653c2e8ad9c19098201dc1c993a"},
@ -3115,8 +3126,8 @@ pysocks = [
    {file = "PySocks-1.7.1.tar.gz", hash = "sha256:3f8804571ebe159c380ac6de37643bb4685970655d3bba243530d6558b799aa0"},
 ]
 pytest = [
-    {file = "pytest-7.0.1-py3-none-any.whl", hash = "sha256:9ce3ff477af913ecf6321fe337b93a2c0dcf2a0a1439c43f5452112c1e4280db"},
-    {file = "pytest-7.0.1.tar.gz", hash = "sha256:e30905a0c131d3d94b89624a1cc5afec3e0ba2fbdb151867d8e0ebd49850f171"},
+    {file = "pytest-7.1.0-py3-none-any.whl", hash = "sha256:b555252a95bbb2a37a97b5ac2eb050c436f7989993565f5e0c9128fcaacadd0e"},
+    {file = "pytest-7.1.0.tar.gz", hash = "sha256:f1089d218cfcc63a212c42896f1b7fbf096874d045e1988186861a1a87d27b47"},
 ]
 pytest-django = [
    {file = "pytest-django-4.5.2.tar.gz", hash = "sha256:d9076f759bb7c36939dbdd5ae6633c18edfc2902d1a69fdbefd2426b970ce6c2"},
@ -3352,8 +3363,8 @@ urllib3 = [
    {file = "urllib3-1.26.8.tar.gz", hash = "sha256:0e7c33d9a63e7ddfcb86780aac87befc2fbddf46c58dbb487e0855f7ceec283c"},
 ]
 uvicorn = [
-    {file = "uvicorn-0.17.5-py3-none-any.whl", hash = "sha256:8adddf629b79857b48b999ae1b14d6c92c95d4d7840bd86461f09bee75f1653e"},
-    {file = "uvicorn-0.17.5.tar.gz", hash = "sha256:c04a9c069111489c324f427501b3840d306c6b91a77b00affc136a840a3f45f1"},
+    {file = "uvicorn-0.17.6-py3-none-any.whl", hash = "sha256:19e2a0e96c9ac5581c01eb1a79a7d2f72bb479691acd2b8921fce48ed5b961a6"},
+    {file = "uvicorn-0.17.6.tar.gz", hash = "sha256:5180f9d059611747d841a4a4c4ab675edf54c8489e97f96d0583ee90ac3bfc23"},
 ]
 uvloop = [
    {file = "uvloop-0.16.0-cp310-cp310-macosx_10_9_universal2.whl", hash = "sha256:6224f1401025b748ffecb7a6e2652b17768f30b1a6a3f7b44660e5b5b690b12d"},
--- a/pyproject.toml
+++ b/pyproject.toml
@ -92,7 +92,7 @@ addopts = "-p no:celery --junitxml=unittest.xml"

 [tool.poetry]
 name = "authentik"
-version = "2022.3.1"
+version = "2022.3.2"
 description = ""
 authors = ["Jens Langhammer <jens.langhammer@beryju.org>"]

--- a/schema.yml
+++ b/schema.yml
@ -1,7 +1,7 @@
 openapi: 3.0.3
 info:
  title: authentik
-  version: 2022.3.1
+  version: 2022.3.2
  description: Making authentication simple.
  contact:
    email: hello@beryju.org
@ -3037,11 +3037,11 @@ paths:
        schema:
          type: string
      - in: query
-        name: uid
+        name: username
        schema:
          type: string
      - in: query
-        name: username
+        name: uuid
        schema:
          type: string
      tags:
--- a/web/package-lock.json
+++ b/web/package-lock.json
@ -16,13 +16,13 @@
                "@babel/preset-typescript": "^7.16.7",
                "@formatjs/intl-listformat": "^6.5.2",
                "@fortawesome/fontawesome-free": "^6.0.0",
-                "@goauthentik/api": "^2022.2.1-1646299239",
+                "@goauthentik/api": "^2022.3.1-1647250825",
                "@jackfranklin/rollup-plugin-markdown": "^0.3.0",
                "@lingui/cli": "^3.13.2",
                "@lingui/core": "^3.13.2",
                "@lingui/detect-locale": "^3.13.2",
                "@lingui/macro": "^3.13.2",
-                "@patternfly/patternfly": "^4.179.1",
+                "@patternfly/patternfly": "^4.183.1",
                "@polymer/iron-form": "^3.0.1",
                "@polymer/paper-input": "^3.2.1",
                "@rollup/plugin-babel": "^5.3.1",
@ -47,7 +47,7 @@
                "codemirror": "^5.65.2",
                "construct-style-sheets-polyfill": "^3.1.0",
                "country-flag-icons": "^1.4.21",
-                "eslint": "^8.10.0",
+                "eslint": "^8.11.0",
                "eslint-config-google": "^0.14.0",
                "eslint-plugin-custom-elements": "0.0.4",
                "eslint-plugin-lit": "^1.6.1",
@ -1686,15 +1686,15 @@
            }
        },
        "node_modules/@eslint/eslintrc": {
-            "version": "1.2.0",
-            "resolved": "https://registry.npmjs.org/@eslint/eslintrc/-/eslintrc-1.2.0.tgz",
-            "integrity": "sha512-igm9SjJHNEJRiUnecP/1R5T3wKLEJ7pL6e2P+GUSfCd0dGjPYYZve08uzw8L2J8foVHFz+NGu12JxRcU2gGo6w==",
+            "version": "1.2.1",
+            "resolved": "https://registry.npmjs.org/@eslint/eslintrc/-/eslintrc-1.2.1.tgz",
+            "integrity": "sha512-bxvbYnBPN1Gibwyp6NrpnFzA3YtRL3BBAyEAFVIpNTm2Rn4Vy87GA5M4aSn3InRrlsbX5N0GW7XIx+U4SAEKdQ==",
            "dependencies": {
                "ajv": "^6.12.4",
                "debug": "^4.3.2",
                "espree": "^9.3.1",
                "globals": "^13.9.0",
-                "ignore": "^4.0.6",
+                "ignore": "^5.2.0",
                "import-fresh": "^3.2.1",
                "js-yaml": "^4.1.0",
                "minimatch": "^3.0.4",
@ -1766,9 +1766,9 @@
            }
        },
        "node_modules/@goauthentik/api": {
-            "version": "2022.2.1-1646299239",
-            "resolved": "https://registry.npmjs.org/@goauthentik/api/-/api-2022.2.1-1646299239.tgz",
-            "integrity": "sha512-B5tZQn1OfHPoebO9SsRSbZng2caSUflx0KnWeUv7PAI1tBok2f9zCdzXIN9ULxj4Dd5kQu1NDEZCwZwjKP6q1g=="
+            "version": "2022.3.1-1647250825",
+            "resolved": "https://registry.npmjs.org/@goauthentik/api/-/api-2022.3.1-1647250825.tgz",
+            "integrity": "sha512-dhGE3Dj8vdyb8E4uCOfnKWXVN4N+elYcP7xT4tWZDzwwmlRxb3HU2I8OOrxJgVKmeICIaJtQu3/Ld6AmakJJCQ=="
        },
        "node_modules/@humanwhocodes/config-array": {
            "version": "0.9.2",
@ -2211,9 +2211,9 @@
            }
        },
        "node_modules/@patternfly/patternfly": {
-            "version": "4.179.1",
-            "resolved": "https://registry.npmjs.org/@patternfly/patternfly/-/patternfly-4.179.1.tgz",
-            "integrity": "sha512-fmTrk7FLtlWC1mstp+RvFt4nsLCxgsS/vDlQaYoCH5KDaM8zu+yUimnlqZBufmG2+ZbnnIysWiSmlpv7/nmmqQ=="
+            "version": "4.183.1",
+            "resolved": "https://registry.npmjs.org/@patternfly/patternfly/-/patternfly-4.183.1.tgz",
+            "integrity": "sha512-XJZIG/kcEbIPI/0Q6+Q5ax2m295IpQCppertUQ4RfOSkvJVfjQ4CUNmR/ycgjlGm1DItmYJe/NqVFerNlvzUeg=="
        },
        "node_modules/@polymer/font-roboto": {
            "version": "3.0.2",
@ -2910,14 +2910,6 @@
                }
            }
        },
-        "node_modules/@typescript-eslint/eslint-plugin/node_modules/ignore": {
-            "version": "5.1.8",
-            "resolved": "https://registry.npmjs.org/ignore/-/ignore-5.1.8.tgz",
-            "integrity": "sha512-BMpfD7PpiETpBl/A6S498BaIJ6Y/ABT93ETbby2fP00v4EbvPBXWEoaR1UBPKs3iR53pJY7EtZk5KACI57i1Uw==",
-            "engines": {
-                "node": ">= 4"
-            }
-        },
        "node_modules/@typescript-eslint/eslint-plugin/node_modules/semver": {
            "version": "7.3.5",
            "resolved": "https://registry.npmjs.org/semver/-/semver-7.3.5.tgz",
@ -4145,11 +4137,11 @@
            }
        },
        "node_modules/eslint": {
-            "version": "8.10.0",
-            "resolved": "https://registry.npmjs.org/eslint/-/eslint-8.10.0.tgz",
-            "integrity": "sha512-tcI1D9lfVec+R4LE1mNDnzoJ/f71Kl/9Cv4nG47jOueCMBrCCKYXr4AUVS7go6mWYGFD4+EoN6+eXSrEbRzXVw==",
+            "version": "8.11.0",
+            "resolved": "https://registry.npmjs.org/eslint/-/eslint-8.11.0.tgz",
+            "integrity": "sha512-/KRpd9mIRg2raGxHRGwW9ZywYNAClZrHjdueHcrVDuO3a6bj83eoTirCCk0M0yPwOjWYKHwRVRid+xK4F/GHgA==",
            "dependencies": {
-                "@eslint/eslintrc": "^1.2.0",
+                "@eslint/eslintrc": "^1.2.1",
                "@humanwhocodes/config-array": "^0.9.2",
                "ajv": "^6.10.0",
                "chalk": "^4.0.0",
@ -4384,14 +4376,6 @@
                "node": ">=8"
            }
        },
-        "node_modules/eslint/node_modules/ignore": {
-            "version": "5.2.0",
-            "resolved": "https://registry.npmjs.org/ignore/-/ignore-5.2.0.tgz",
-            "integrity": "sha512-CmxgYGiEPCLhfLnpPp1MoRmifwEIOgjcHXxOBjv7mY96c+eWScsOP9c112ZyLdWHi0FxHjI+4uVhKYp/gcdRmQ==",
-            "engines": {
-                "node": ">= 4"
-            }
-        },
        "node_modules/eslint/node_modules/supports-color": {
            "version": "7.2.0",
            "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz",
@ -5037,14 +5021,6 @@
                "url": "https://github.com/sponsors/sindresorhus"
            }
        },
-        "node_modules/globby/node_modules/ignore": {
-            "version": "5.1.8",
-            "resolved": "https://registry.npmjs.org/ignore/-/ignore-5.1.8.tgz",
-            "integrity": "sha512-BMpfD7PpiETpBl/A6S498BaIJ6Y/ABT93ETbby2fP00v4EbvPBXWEoaR1UBPKs3iR53pJY7EtZk5KACI57i1Uw==",
-            "engines": {
-                "node": ">= 4"
-            }
-        },
        "node_modules/graceful-fs": {
            "version": "4.2.8",
            "resolved": "https://registry.npmjs.org/graceful-fs/-/graceful-fs-4.2.8.tgz",
@ -5236,9 +5212,9 @@
            ]
        },
        "node_modules/ignore": {
-            "version": "4.0.6",
-            "resolved": "https://registry.npmjs.org/ignore/-/ignore-4.0.6.tgz",
-            "integrity": "sha512-cyFDKrqc/YdcWFniJhzI42+AzS+gNwmUzOSFcRCQYwySuBBBy/KjuxWLZ/FHEH6Moq1NizMOBWyTcv8O4OZIMg==",
+            "version": "5.2.0",
+            "resolved": "https://registry.npmjs.org/ignore/-/ignore-5.2.0.tgz",
+            "integrity": "sha512-CmxgYGiEPCLhfLnpPp1MoRmifwEIOgjcHXxOBjv7mY96c+eWScsOP9c112ZyLdWHi0FxHjI+4uVhKYp/gcdRmQ==",
            "engines": {
                "node": ">= 4"
            }
@ -7393,14 +7369,6 @@
                "node": ">=8"
            }
        },
-        "node_modules/rollup-plugin-copy/node_modules/ignore": {
-            "version": "5.1.8",
-            "resolved": "https://registry.npmjs.org/ignore/-/ignore-5.1.8.tgz",
-            "integrity": "sha512-BMpfD7PpiETpBl/A6S498BaIJ6Y/ABT93ETbby2fP00v4EbvPBXWEoaR1UBPKs3iR53pJY7EtZk5KACI57i1Uw==",
-            "engines": {
-                "node": ">= 4"
-            }
-        },
        "node_modules/rollup-plugin-copy/node_modules/jsonfile": {
            "version": "4.0.0",
            "resolved": "https://registry.npmjs.org/jsonfile/-/jsonfile-4.0.0.tgz",
@ -10031,15 +9999,15 @@
            }
        },
        "@eslint/eslintrc": {
-            "version": "1.2.0",
-            "resolved": "https://registry.npmjs.org/@eslint/eslintrc/-/eslintrc-1.2.0.tgz",
-            "integrity": "sha512-igm9SjJHNEJRiUnecP/1R5T3wKLEJ7pL6e2P+GUSfCd0dGjPYYZve08uzw8L2J8foVHFz+NGu12JxRcU2gGo6w==",
+            "version": "1.2.1",
+            "resolved": "https://registry.npmjs.org/@eslint/eslintrc/-/eslintrc-1.2.1.tgz",
+            "integrity": "sha512-bxvbYnBPN1Gibwyp6NrpnFzA3YtRL3BBAyEAFVIpNTm2Rn4Vy87GA5M4aSn3InRrlsbX5N0GW7XIx+U4SAEKdQ==",
            "requires": {
                "ajv": "^6.12.4",
                "debug": "^4.3.2",
                "espree": "^9.3.1",
                "globals": "^13.9.0",
-                "ignore": "^4.0.6",
+                "ignore": "^5.2.0",
                "import-fresh": "^3.2.1",
                "js-yaml": "^4.1.0",
                "minimatch": "^3.0.4",
@ -10094,9 +10062,9 @@
            "integrity": "sha512-6LB4PYBST1Rx40klypw1SmSDArjFOcfBf2LeX9Zg5EKJT2eXiyiJq+CyBYKeXyK0sXS2FsCJWSPr/luyhuvh0Q=="
        },
        "@goauthentik/api": {
-            "version": "2022.2.1-1646299239",
-            "resolved": "https://registry.npmjs.org/@goauthentik/api/-/api-2022.2.1-1646299239.tgz",
-            "integrity": "sha512-B5tZQn1OfHPoebO9SsRSbZng2caSUflx0KnWeUv7PAI1tBok2f9zCdzXIN9ULxj4Dd5kQu1NDEZCwZwjKP6q1g=="
+            "version": "2022.3.1-1647250825",
+            "resolved": "https://registry.npmjs.org/@goauthentik/api/-/api-2022.3.1-1647250825.tgz",
+            "integrity": "sha512-dhGE3Dj8vdyb8E4uCOfnKWXVN4N+elYcP7xT4tWZDzwwmlRxb3HU2I8OOrxJgVKmeICIaJtQu3/Ld6AmakJJCQ=="
        },
        "@humanwhocodes/config-array": {
            "version": "0.9.2",
@ -10424,9 +10392,9 @@
            }
        },
        "@patternfly/patternfly": {
-            "version": "4.179.1",
-            "resolved": "https://registry.npmjs.org/@patternfly/patternfly/-/patternfly-4.179.1.tgz",
-            "integrity": "sha512-fmTrk7FLtlWC1mstp+RvFt4nsLCxgsS/vDlQaYoCH5KDaM8zu+yUimnlqZBufmG2+ZbnnIysWiSmlpv7/nmmqQ=="
+            "version": "4.183.1",
+            "resolved": "https://registry.npmjs.org/@patternfly/patternfly/-/patternfly-4.183.1.tgz",
+            "integrity": "sha512-XJZIG/kcEbIPI/0Q6+Q5ax2m295IpQCppertUQ4RfOSkvJVfjQ4CUNmR/ycgjlGm1DItmYJe/NqVFerNlvzUeg=="
        },
        "@polymer/font-roboto": {
            "version": "3.0.2",
@ -11033,11 +11001,6 @@
                "tsutils": "^3.21.0"
            },
            "dependencies": {
-                "ignore": {
-                    "version": "5.1.8",
-                    "resolved": "https://registry.npmjs.org/ignore/-/ignore-5.1.8.tgz",
-                    "integrity": "sha512-BMpfD7PpiETpBl/A6S498BaIJ6Y/ABT93ETbby2fP00v4EbvPBXWEoaR1UBPKs3iR53pJY7EtZk5KACI57i1Uw=="
-                },
                "semver": {
                    "version": "7.3.5",
                    "resolved": "https://registry.npmjs.org/semver/-/semver-7.3.5.tgz",
@ -11897,11 +11860,11 @@
            "integrity": "sha1-G2HAViGQqN/2rjuyzwIAyhMLhtQ="
        },
        "eslint": {
-            "version": "8.10.0",
-            "resolved": "https://registry.npmjs.org/eslint/-/eslint-8.10.0.tgz",
-            "integrity": "sha512-tcI1D9lfVec+R4LE1mNDnzoJ/f71Kl/9Cv4nG47jOueCMBrCCKYXr4AUVS7go6mWYGFD4+EoN6+eXSrEbRzXVw==",
+            "version": "8.11.0",
+            "resolved": "https://registry.npmjs.org/eslint/-/eslint-8.11.0.tgz",
+            "integrity": "sha512-/KRpd9mIRg2raGxHRGwW9ZywYNAClZrHjdueHcrVDuO3a6bj83eoTirCCk0M0yPwOjWYKHwRVRid+xK4F/GHgA==",
            "requires": {
-                "@eslint/eslintrc": "^1.2.0",
+                "@eslint/eslintrc": "^1.2.1",
                "@humanwhocodes/config-array": "^0.9.2",
                "ajv": "^6.10.0",
                "chalk": "^4.0.0",
@ -12013,11 +11976,6 @@
                    "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz",
                    "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ=="
                },
-                "ignore": {
-                    "version": "5.2.0",
-                    "resolved": "https://registry.npmjs.org/ignore/-/ignore-5.2.0.tgz",
-                    "integrity": "sha512-CmxgYGiEPCLhfLnpPp1MoRmifwEIOgjcHXxOBjv7mY96c+eWScsOP9c112ZyLdWHi0FxHjI+4uVhKYp/gcdRmQ=="
-                },
                "supports-color": {
                    "version": "7.2.0",
                    "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz",
@ -12555,13 +12513,6 @@
                "ignore": "^5.1.4",
                "merge2": "^1.3.0",
                "slash": "^3.0.0"
-            },
-            "dependencies": {
-                "ignore": {
-                    "version": "5.1.8",
-                    "resolved": "https://registry.npmjs.org/ignore/-/ignore-5.1.8.tgz",
-                    "integrity": "sha512-BMpfD7PpiETpBl/A6S498BaIJ6Y/ABT93ETbby2fP00v4EbvPBXWEoaR1UBPKs3iR53pJY7EtZk5KACI57i1Uw=="
-                }
            }
        },
        "graceful-fs": {
@ -12704,9 +12655,9 @@
            "integrity": "sha512-dcyqhDvX1C46lXZcVqCpK+FtMRQVdIMN6/Df5js2zouUsqG7I6sFxitIC+7KYK29KdXOLHdu9zL4sFnoVQnqaA=="
        },
        "ignore": {
-            "version": "4.0.6",
-            "resolved": "https://registry.npmjs.org/ignore/-/ignore-4.0.6.tgz",
-            "integrity": "sha512-cyFDKrqc/YdcWFniJhzI42+AzS+gNwmUzOSFcRCQYwySuBBBy/KjuxWLZ/FHEH6Moq1NizMOBWyTcv8O4OZIMg=="
+            "version": "5.2.0",
+            "resolved": "https://registry.npmjs.org/ignore/-/ignore-5.2.0.tgz",
+            "integrity": "sha512-CmxgYGiEPCLhfLnpPp1MoRmifwEIOgjcHXxOBjv7mY96c+eWScsOP9c112ZyLdWHi0FxHjI+4uVhKYp/gcdRmQ=="
        },
        "import-fresh": {
            "version": "3.3.0",
@ -14308,11 +14259,6 @@
                        "slash": "^3.0.0"
                    }
                },
-                "ignore": {
-                    "version": "5.1.8",
-                    "resolved": "https://registry.npmjs.org/ignore/-/ignore-5.1.8.tgz",
-                    "integrity": "sha512-BMpfD7PpiETpBl/A6S498BaIJ6Y/ABT93ETbby2fP00v4EbvPBXWEoaR1UBPKs3iR53pJY7EtZk5KACI57i1Uw=="
-                },
                "jsonfile": {
                    "version": "4.0.0",
                    "resolved": "https://registry.npmjs.org/jsonfile/-/jsonfile-4.0.0.tgz",
--- a/web/package.json
+++ b/web/package.json
@ -59,13 +59,13 @@
        "@babel/preset-typescript": "^7.16.7",
        "@formatjs/intl-listformat": "^6.5.2",
        "@fortawesome/fontawesome-free": "^6.0.0",
-        "@goauthentik/api": "^2022.2.1-1646299239",
+        "@goauthentik/api": "^2022.3.1-1647250825",
        "@jackfranklin/rollup-plugin-markdown": "^0.3.0",
        "@lingui/cli": "^3.13.2",
        "@lingui/core": "^3.13.2",
        "@lingui/detect-locale": "^3.13.2",
        "@lingui/macro": "^3.13.2",
-        "@patternfly/patternfly": "^4.179.1",
+        "@patternfly/patternfly": "^4.183.1",
        "@polymer/iron-form": "^3.0.1",
        "@polymer/paper-input": "^3.2.1",
        "@rollup/plugin-babel": "^5.3.1",
@ -90,7 +90,7 @@
        "codemirror": "^5.65.2",
        "construct-style-sheets-polyfill": "^3.1.0",
        "country-flag-icons": "^1.4.21",
-        "eslint": "^8.10.0",
+        "eslint": "^8.11.0",
        "eslint-config-google": "^0.14.0",
        "eslint-plugin-custom-elements": "0.0.4",
        "eslint-plugin-lit": "^1.6.1",
--- a/web/src/authentik.css
+++ b/web/src/authentik.css
@ -244,6 +244,26 @@ html > form > input {
    .pf-c-form-control[readonly] {
        background-color: var(--ak-dark-background-light);
    }
+    /* select toggle */
+    .pf-c-select__toggle::before {
+        --pf-c-select__toggle--before--BorderTopColor: var(--ak-dark-background-lighter);
+        --pf-c-select__toggle--before--BorderRightColor: var(--ak-dark-background-lighter);
+        --pf-c-select__toggle--before--BorderLeftColor: var(--ak-dark-background-lighter);
+    }
+    .pf-c-select__toggle.pf-m-typeahead {
+        --pf-c-select__toggle--BackgroundColor: var(--ak-dark-background-light);
+    }
+    .pf-c-select__menu {
+        --pf-c-select__menu--BackgroundColor: var(--ak-dark-background-light-ish);
+        color: var(--ak-dark-foreground);
+    }
+    .pf-c-select__menu-item {
+        color: var(--ak-dark-foreground);
+    }
+    .pf-c-select__menu-wrapper:hover,
+    .pf-c-select__menu-item:hover {
+        --pf-c-select__menu-item--hover--BackgroundColor: var(--ak-dark-background-lighter);
+    }
    .pf-c-button.pf-m-plain:hover {
        color: var(--ak-dark-foreground);
    }
--- a/web/src/constants.ts
+++ b/web/src/constants.ts
@ -3,7 +3,7 @@ export const SUCCESS_CLASS = "pf-m-success";
 export const ERROR_CLASS = "pf-m-danger";
 export const PROGRESS_CLASS = "pf-m-in-progress";
 export const CURRENT_CLASS = "pf-m-current";
-export const VERSION = "2022.3.1";
+export const VERSION = "2022.3.2";
 export const TITLE_DEFAULT = "authentik";
 export const ROUTE_SEPARATOR = ";";

--- a/web/src/elements/SearchSelect.ts
+++ b/web/src/elements/SearchSelect.ts
@ -40,7 +40,7 @@ export class SearchSelect<T> extends LitElement {
    renderElement!: (element: T) => string;

    @property({ attribute: false })
-    value!: (element: T) => unknown;
+    value!: (element: T | undefined) => unknown;

    @property({ attribute: false })
    selected!: (element: T) => boolean;
--- a/web/src/elements/forms/Form.ts
+++ b/web/src/elements/forms/Form.ts
@ -153,7 +153,11 @@ export class Form<T> extends LitElement {
                json[element.name] = element.checked;
            } else if (element.tagName.toLowerCase() === "ak-search-select") {
                const select = element as unknown as SearchSelect<unknown>;
-                json[element.name] = select.value(select.selectedObject);
+                try {
+                    json[element.name] = select.value(select.selectedObject);
+                } catch {
+                    console.debug("authentik/form: SearchSelect.value error");
+                }
            } else {
                for (let v = 0; v < values.length; v++) {
                    this.serializeFieldRecursive(element, values[v], json);
--- a/web/src/pages/policies/PolicyBindingForm.ts
+++ b/web/src/pages/policies/PolicyBindingForm.ts
@ -222,8 +222,8 @@ export class PolicyBindingForm extends ModelForm<PolicyBinding, string> {
                            .renderElement=${(group: Group): string => {
                                return group.name;
                            }}
-                            .value=${(group: Group): string => {
-                                return group.pk;
+                            .value=${(group: Group | undefined): string => {
+                                return group ? group.pk : "";
                            }}
                            .selected=${(group: Group): boolean => {
                                return group.pk === this.instance?.group;
@ -256,8 +256,8 @@ export class PolicyBindingForm extends ModelForm<PolicyBinding, string> {
                            .renderElement=${(user: User): string => {
                                return UserOption(user);
                            }}
-                            .value=${(user: User): number => {
-                                return user.pk;
+                            .value=${(user: User | undefined): number => {
+                                return user ? user.pk : 0;
                            }}
                            .selected=${(user: User): boolean => {
                                return user.pk === this.instance?.user;
--- a/web/src/user/LibraryPage.ts
+++ b/web/src/user/LibraryPage.ts
@ -165,7 +165,9 @@ export class LibraryPage extends LitElement {
                    <section class="pf-c-page__main-section">
                        ${loading(
                            this.apps,
-                            html`${(this.apps?.results.length || 0) > 0
+                            html`${(this.apps?.results || []).filter((app) => {
+                                return app.launchUrl !== null;
+                            }).length > 0
                                ? this.renderApps(config)
                                : this.renderEmptyState()}`,
                        )}
--- a/web/src/user/user-settings/details/UserSettingsFlowExecutor.ts
+++ b/web/src/user/user-settings/details/UserSettingsFlowExecutor.ts
@ -101,25 +101,35 @@ export class UserSettingsFlowExecutor extends LitElement implements StageHost {
            if (!this.flowSlug) {
                return;
            }
-            this.loading = true;
            new FlowsApi(DEFAULT_CONFIG)
-                .flowsExecutorGet({
-                    flowSlug: this.flowSlug,
-                    query: window.location.search.substring(1),
+                .flowsInstancesExecuteRetrieve({
+                    slug: this.flowSlug || "",
                })
-                .then((challenge) => {
-                    this.challenge = challenge;
-                })
-                .catch((e: Error | Response) => {
-                    // Catch JSON or Update errors
-                    this.errorMessage(e);
-                })
-                .finally(() => {
-                    this.loading = false;
+                .then(() => {
+                    this.nextChallenge();
                });
        });
    }

+    nextChallenge(): void {
+        this.loading = true;
+        new FlowsApi(DEFAULT_CONFIG)
+            .flowsExecutorGet({
+                flowSlug: this.flowSlug || "",
+                query: window.location.search.substring(1),
+            })
+            .then((challenge) => {
+                this.challenge = challenge;
+            })
+            .catch((e: Error | Response) => {
+                // Catch JSON or Update errors
+                this.errorMessage(e);
+            })
+            .finally(() => {
+                this.loading = false;
+            });
+    }
+
    async errorMessage(error: Error | Response): Promise<void> {
        let body = "";
        if (error instanceof Error) {
--- a/web/src/user/user-settings/details/stages/prompt/PromptStage.ts
+++ b/web/src/user/user-settings/details/stages/prompt/PromptStage.ts
@ -23,7 +23,7 @@ export class UserSettingsPromptStage extends PromptStage {
                    return error.string;
                })}
            >
-                ${unsafeHTML(this.renderPromptInner(prompt, true))} ${prompt.subText}
+                ${unsafeHTML(this.renderPromptInner(prompt, true))}
                ${this.renderPromptHelpText(prompt)}
            </ak-form-element-horizontal>
        `;
--- a/website/docs/flow/stages/password/index.md
+++ b/website/docs/flow/stages/password/index.md
@ -14,14 +14,14 @@ Depending on what kind of device you want to require the user to have:

 ```python
 from authentik.stages.authenticator_webauthn.models import WebAuthnDevice
-return WebAuthnDevice.objects.filter(user=request.user, active=True).exists()
+return WebAuthnDevice.objects.filter(user=request.user, confirmed=True).exists()
 ```

 #### Duo

 ```python
 from authentik.stages.authenticator_duo.models import DuoDevice
-return DuoDevice.objects.filter(user=request.user, active=True).exists()
+return DuoDevice.objects.filter(user=request.user, confirmed=True).exists()
 ```

 Afterwards, bind the policy you've created to the stage binding of the password stage.
--- a/website/docs/releases/v2022.3.md
+++ b/website/docs/releases/v2022.3.md
@ -35,6 +35,19 @@ To simplify the release process we don't publish explicitly tagged release-candi
 - web/admin: use searchable select field for users and groups in policy binding form
 - web/flows: fix rendering of help text on prompt stages

+## Fixed in 2022.3.2
+
+- core: replace uid with uuid search
+- flows: revert default flow user change
+- lib: lower default sample rate
+- sources/ldap: fix parent_group not being applied
+- stages/authenticator_validate: fix passwordless flows not working
+- web/elements: fix error with blank SearchSelect elements in forms
+- web/elements: fix search select background in dark mode
+- web/elements: fix search-select hover background
+- web/user: filter applications by launch URL lto show empty state
+- web/user: fix duplicate help text in prompts
+
 ## Upgrading

 This release does not introduce any new requirements.
--- a/website/integrations/services/rocketchat/index.md
+++ b/website/integrations/services/rocketchat/index.md
@ -0,0 +1,141 @@
+---
+title: Rocket.chat
+---
+
+## What is Rocket.chat
+
+From https://github.com/RocketChat/Rocket.Chat
+
+:::note
+Rocket.Chat is an open-source fully customizable communications platform developed in JavaScript for organizations with high standards of data protection. It is licensed under the MIT License with some other licenses mixed in. See [Rocket.chat Git Hub](https://github.com/RocketChat/Rocket.Chat/blob/develop/LICENSE) for licensing information.
+:::
+
+:::note
+This is based on authentik 2022.3.1 and Rocket.chat 4.5.1 using the [Docker-Compose install](https://docs.rocket.chat/quick-start/installing-and-updating/rapid-deployment-methods/docker-and-docker-compose/docker-containers). Instructions may differ between versions.
+:::
+
+## Preparation
+
+The following placeholders will be used:
+
+- `rocket.company` is the FQDN of Rocket.chat.
+- `authentik.company` is the FQDN of authentik.
+
+### Step 1
+
+In authentik, under _Providers_, create an _OAuth2/OpenID Provider_ with these settings:
+
+:::note
+Only settings that have been modified from default have been listed.
+:::
+
+**Protocol Settings**
+- Name: RocketChat
+- Client type: Confidential
+- Client ID: Copy and Save this for Later
+- Client Secret: Copy and Save this for later
+- Redirect URIs/Origins:
+```
+https://rocket.company/_oauth/authentik
+
+```
+
+![](./rocketchat1.png)
+
+### Step 2
+
+In authentik, under _Applications_, create a new application with these settings:
+
+**Application Settings**
+- Name: Rocket.chat
+- Slug: rocketchat
+- Provider: RocketChat
+- Launch URL:
+```
+https://rocket.company/_oauth/authentik
+
+```
+
+![](./rocketchat2.png)
+
+### Step 3
+
+:::note
+Only settings that have been modified from default have been listed.
+
+You may have different settings for some of the group and role mapping for advanced configurations. The settings below are the base settings to connect authentik and Rocket.chat.
+:::
+
+In Rocket.chat, follow the procedure below:
+
+1. Log in as a System Administrator, click on your avatar, and choose _Administration_
+
+2. Scroll down and click on _OAuth_
+
+3. In the top right corner, click _Add custom oauth_
+
+4. Give your new oauth the name of _Authenik_, then click _Send_
+
+![](./rocketchat6.png)
+
+5. Scroll down to the new OAuth application, expand the dropdown, and enter the following settings:
+   - Enable: Turn the radio button to the _on_ position
+   - URL: https://authentik.company/application/o
+   - Token Path: /token/
+   - Token Sent Via: Payload
+   - Identity Token Sent Via: Same as "Token Sent Via"
+   - Identity Path: /userinfo/
+   - Authorize Path: /authorize/
+   - Scope: email profile openid
+   - Param Name for access token: access_token
+   - Id: _THIS IS THE CLIENT ID YOU COPIED FROM STEP 1 in authentik_
+   - Secret: _THIS IS THE CLIENT SECRET YOU COPIED FROM STEP 1 in authentik_
+   - Login Style: Redirect
+   - Button Text: _Fill in with what you want the SSO button to say_
+   - Button Text Color: _Hex Color for Text on the SSO login button_
+   - Button Color: _Hex Color for the SSO login button_
+   - Key Field: Username
+   - Username field: preferred_username
+   - Email field: email
+   - Name field: name
+   - Roles/Groups field name: groups
+   - Roles/Groups field for channel mapping: groups
+   - User Data Group Map: rocket.cat
+   - Merge users: Turn the radio button to the _on_ position
+   - Show Button on Login Page: Turn the radio button to the _on_ position
+
+   ![](./rocketchat7.png)
+
+   ![](./rocketchat8.png)
+
+   ![](./rocketchat9.png)
+
+   ![](./rocketchat10.png)
+
+6. Click _Save changes_ in the top right corner of the screen
+
+
+
+### Step 4 (Optional)
+
+:::note
+By default, Rocket.chat will attempt to use two-factor authentication with any new user coming in to the system and allows users to change their information
+:::
+
+**To disable changing user information and other options inside Rocket.chat:**
+
+Navigate to the _Accounts_ settings to change the following:
+
+- Allow Name Change: Off
+- Allow Username Change: Off
+- Allow Email Change: Off
+- Allow Password Change for OAuth Users: Off
+
+**If you are using Two Factor authentication through authentik:**
+
+Navigate to the _Accounts_ settings, Scroll Down to Two Factor Authentication and turn off _Enable Two Factor Authentication_
+
+**Registration Options**
+Navigate to the _Accounts_ settings, Scroll Down to Registration and choose your [registration options](https://docs.rocket.chat/guides/administration/settings/account-settings#registration), such as:
+
+- Registration Form: Disabled
--- a/website/integrations/services/rocketchat/rocketchat1.png
+++ b/website/integrations/services/rocketchat/rocketchat1.png
--- a/website/integrations/services/rocketchat/rocketchat10.png
+++ b/website/integrations/services/rocketchat/rocketchat10.png
--- a/website/integrations/services/rocketchat/rocketchat2.png
+++ b/website/integrations/services/rocketchat/rocketchat2.png
--- a/website/integrations/services/rocketchat/rocketchat3.png
+++ b/website/integrations/services/rocketchat/rocketchat3.png
--- a/website/integrations/services/rocketchat/rocketchat4.png
+++ b/website/integrations/services/rocketchat/rocketchat4.png
--- a/website/integrations/services/rocketchat/rocketchat5.png
+++ b/website/integrations/services/rocketchat/rocketchat5.png
--- a/website/integrations/services/rocketchat/rocketchat6.png
+++ b/website/integrations/services/rocketchat/rocketchat6.png
--- a/website/integrations/services/rocketchat/rocketchat7.png
+++ b/website/integrations/services/rocketchat/rocketchat7.png
--- a/website/integrations/services/rocketchat/rocketchat8.png
+++ b/website/integrations/services/rocketchat/rocketchat8.png
--- a/website/integrations/services/rocketchat/rocketchat9.png
+++ b/website/integrations/services/rocketchat/rocketchat9.png
--- a/website/integrations/services/sonarr/index.md
+++ b/website/integrations/services/sonarr/index.md
@ -40,3 +40,15 @@ Create an application in authentik and select the provider you've created above.
 Create an outpost deployment for the provider you've created above, as described [here](../../../docs/outposts/). Deploy this Outpost either on the same host or a different host that can access Sonarr.

 The outpost will connect to authentik and configure itself.
+
+## Authentication Setup
+
+Because Sonarr can use HTTP Basic credentials, you can save your HTTP Basic Credentials in authentik. The recommended way to do this is to create a Group. Name the group "Sonarr Users", for example. For this group, add the following attributes:
+
+```yaml
+sonarr_user: username
+sonarr_password: password
+```
+Add all Sonarr users to the Group. You should also create a Group Membership Policy to limit access to the application.
+
+Enable the `Use Basic Authentication` option. Set and `HTTP-Basic Username` and `HTTP-Basic Password` to `sonarr_user` and `sonarr_password` respectively. These values can be chosen freely, `sonarr_` is just used as a prefix for clarity.
--- a/website/sidebars.js
+++ b/website/sidebars.js
@ -141,13 +141,14 @@ module.exports = {
            type: "category",
            label: "Release Notes",
            items: [
+                "releases/v2022.3",
                "releases/v2022.2",
                "releases/v2022.1",
-                "releases/v2021.12",
                {
                    type: "category",
                    label: "Previous versions",
                    items: [
+                        "releases/v2021.12",
                        "releases/v2021.10",
                        "releases/v2021.9",
                        "releases/v2021.8",
--- a/website/sidebarsIntegrations.js
+++ b/website/sidebarsIntegrations.js
@ -31,6 +31,7 @@ module.exports = {
                "services/powerdns-admin/index",
                "services/proxmox-ve/index",
                "services/rancher/index",
+                "services/rocketchat/index",
                "services/roundcube/index",
                "services/sentry/index",
                "services/sssd/index",
Author	SHA1	Message	Date
Jens Langhammer	260a7aac63	release: 2022.3.2	2022-03-15 00:01:01 +01:00
Jens Langhammer	37df054f4c	website/docs: prepare 2022.3.2 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-03-14 23:59:38 +01:00
Jens Langhammer	a3df414f24	sources/ldap: fix parent_group not being applied closes #2464 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-03-14 22:13:20 +01:00
Jens Langhammer	dcaa8d6322	flows: revert default flow user change closes #2483 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-03-14 22:05:30 +01:00
Jens Langhammer	e03dd70f2f	web/user: filter applications by launch URL lto show empty state Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-03-14 21:15:47 +01:00
Jens Langhammer	ceb894039e	stages/authenticator_validate: fix passwordless flows not working closes #2484 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-03-14 21:15:47 +01:00
Josh Chapman	a77616e942	website/integrations: add rocket.chat (#2470 ) * Add files via upload * Revert "Add Rocket.chat Instructions to Integrations Page" * Adding Rocket.chat Integration documentation * Adding Rocketchat to integrations/services * Fix authentik name in 2 screenshots	2022-03-14 15:13:54 +01:00
Jens Langhammer	47601a767b	website/docs: fix invalid queries in docs closes #2482	2022-03-14 12:38:22 +00:00
Jens Langhammer	c7a825c393	lib: lower default sample rate	2022-03-14 12:38:14 +00:00
Cookie-Monster-Coder	181c55aef1	website/docs: add http-basic to sonarr docs	2022-03-14 12:19:53 +01:00
github-actions[bot]	631b1fcc29	web: Update Web API Client version (#2481 ) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: BeryJu <BeryJu@users.noreply.github.com>	2022-03-14 10:42:29 +01:00
Jens Langhammer	54f170650a	core: replace uid with uuid search uid can't be searched it as its a computed field closes #2480 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-03-14 10:35:55 +01:00
Jens Langhammer	3bdb551e74	root: add make target for server and web Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-03-14 10:32:14 +01:00
dependabot[bot]	96b2631ec4	build(deps): bump paramiko from 2.9.2 to 2.10.1 (#2475 ) Bumps [paramiko](https://github.com/paramiko/paramiko) from 2.9.2 to 2.10.1. - [Release notes](https://github.com/paramiko/paramiko/releases) - [Changelog](https://github.com/paramiko/paramiko/blob/main/NEWS) - [Commits](https://github.com/paramiko/paramiko/compare/2.9.2...2.10.1) --- updated-dependencies: - dependency-name: paramiko dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2022-03-14 10:02:34 +01:00
dependabot[bot]	4fffa6d2cc	build(deps-dev): bump importlib-metadata from 4.11.2 to 4.11.3 (#2476 ) Bumps [importlib-metadata](https://github.com/python/importlib_metadata) from 4.11.2 to 4.11.3. - [Release notes](https://github.com/python/importlib_metadata/releases) - [Changelog](https://github.com/python/importlib_metadata/blob/main/CHANGES.rst) - [Commits](https://github.com/python/importlib_metadata/compare/v4.11.2...v4.11.3) --- updated-dependencies: - dependency-name: importlib-metadata dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2022-03-14 10:02:24 +01:00
dependabot[bot]	e46c70e13d	build(deps): bump @patternfly/patternfly from 4.179.1 to 4.183.1 in /web (#2474 ) Bumps [@patternfly/patternfly](https://github.com/patternfly/patternfly) from 4.179.1 to 4.183.1. - [Release notes](https://github.com/patternfly/patternfly/releases) - [Changelog](https://github.com/patternfly/patternfly/blob/main/RELEASE-NOTES.md) - [Commits](https://github.com/patternfly/patternfly/compare/prerelease-v4.179.1...prerelease-v4.183.1) --- updated-dependencies: - dependency-name: "@patternfly/patternfly" dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2022-03-14 10:02:09 +01:00
dependabot[bot]	7d4e7f84f4	build(deps): bump eslint from 8.10.0 to 8.11.0 in /web (#2473 ) Bumps [eslint](https://github.com/eslint/eslint) from 8.10.0 to 8.11.0. - [Release notes](https://github.com/eslint/eslint/releases) - [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md) - [Commits](https://github.com/eslint/eslint/compare/v8.10.0...v8.11.0) --- updated-dependencies: - dependency-name: eslint dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2022-03-14 10:01:58 +01:00
dependabot[bot]	d49640ca9b	build(deps): bump goauthentik.io/api/v3 from 3.2022021.4 to 3.2022031.1 (#2477 ) Bumps [goauthentik.io/api/v3](https://github.com/goauthentik/client-go) from 3.2022021.4 to 3.2022031.1. - [Release notes](https://github.com/goauthentik/client-go/releases) - [Commits](https://github.com/goauthentik/client-go/compare/v3.2022021.4...v3.2022031.1) --- updated-dependencies: - dependency-name: goauthentik.io/api/v3 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2022-03-14 10:00:52 +01:00
dependabot[bot]	ed2cf44471	build(deps-dev): bump pytest from 7.0.1 to 7.1.0 (#2478 ) Bumps [pytest](https://github.com/pytest-dev/pytest) from 7.0.1 to 7.1.0. - [Release notes](https://github.com/pytest-dev/pytest/releases) - [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst) - [Commits](https://github.com/pytest-dev/pytest/compare/7.0.1...7.1.0) --- updated-dependencies: - dependency-name: pytest dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2022-03-14 10:00:30 +01:00
dependabot[bot]	5b1d15276a	build(deps): bump uvicorn from 0.17.5 to 0.17.6 (#2479 ) Bumps [uvicorn](https://github.com/encode/uvicorn) from 0.17.5 to 0.17.6. - [Release notes](https://github.com/encode/uvicorn/releases) - [Changelog](https://github.com/encode/uvicorn/blob/master/CHANGELOG.md) - [Commits](https://github.com/encode/uvicorn/compare/0.17.5...0.17.6) --- updated-dependencies: - dependency-name: uvicorn dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2022-03-14 10:00:09 +01:00
Jens Langhammer	d9275a3350	web/elements: fix search-select hover background closes #2471 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-03-13 01:58:40 +01:00
Jens Langhammer	2e81dddc1d	web/elements: fix search select background in dark mode Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> #2471	2022-03-13 01:53:42 +01:00
Jens Langhammer	abc73deda0	web/elements: fix error with blank SearchSelect elements in forms closes #2469 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-03-11 20:36:54 +01:00
github-actions[bot]	becec6b7d8	web: Update Web API Client version (#2468 ) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: BeryJu <BeryJu@users.noreply.github.com>	2022-03-11 19:10:27 +01:00
Jens Langhammer	ab516f782b	website/user: fix duplicate help text in prompts Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-03-11 19:05:41 +01:00
Jens Langhammer	d7b3c545aa	Merge branch 'version-2022.3'	2022-03-11 11:02:51 +01:00
Jens Langhammer	81550d9d1d	website/docs: add release notes to sidebar Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-03-11 10:59:19 +01:00
dependabot[bot]	72e5768c2f	build(deps): bump channels-redis from 3.3.1 to 3.4.0 (#2465 )	2022-03-11 09:17:27 +01:00
dependabot[bot]	11cf5fc472	build(deps): bump github.com/getsentry/sentry-go from 0.12.0 to 0.13.0 (#2466 )	2022-03-11 09:17:05 +01:00