Release 2025.4
Highlights
-
Improve membership resolution for the LDAP Source Allow lookups of LDAP group memberships from user attributes as an alternative to lookups from group attributes. This also allows for nested group lookups in Active Directory.
-
Support for PostgreSQL Connection Pools PostgreSQL Connection Pools provides a set of open connections in order to reduce latency.
-
RBAC: Initial Permissions Preview Provides more flexible access control by assigning permissions to the user/role creating a new object in authentik. Use Initial Permissions as a pragmatic way to implement the principle of least privilege.
-
Password History Policy Enterprise A new policy (the Password Uniqueness policy) can be implemented to prevent users from reusing previous passwords; admins are able to configure how many previous password hashes the system will store and evaluate. This new policy makes it easier to enforce password reuse requirements, such as for FedRAMP compliance.
-
Source Sync Dry Run Preview Add the option for dry-run syncs for SCIM, Google Workspace, and Entra to preview the results of a sync without affecting live accounts.
Breaking changes
-
Reputation score limit: The default value for the new limits on Reputation score is between
-5and5. This might break some current setups which count on the possibility of scores decreasing or increasing beyond these limits. You can set your custom limits under System > Settings. -
Deprecated and frozen
:latestcontainer image tag after 2025.2Using the
:latesttag with container images is not recommended as it can lead to unintentional updates and potentially broken setups.The tag will not be removed, however it will also not be updated past 2025.2.
We strongly recommended the use of a specific version tag for authentik instances' container images like
:2025.4. -
Helm chart dependencies update: Following Bitnami's changes to only publish latest version of containers, the Helm chart dependencies (PostgreSQL and Redis) will now be updated with each release.
For this release:
- The Redis chart will be upgraded to the latest version. As the image is not pinned, it will also get upgraded.
- The PostgreSQL chart will be upgraded to the latest version, but the image will remain pinned to
15.8.0-debian-12-r18.
For the next release:
- The Redis chart will be upgraded to the latest version again.
- The PostgreSQL chart will be upgraded to the latest version again, and the image will no longer be pinned, which will bring it to PostgreSQL major version
17. This will require following PostgreSQL major upgrade steps, for which we provide documentation.
For subsequent releases:
- The Redis chart will be upgraded to the latest version.
- The PostgreSQL chart will be upgraded to the latest version, with major upgrades being called out in authentik release notes.
We encourage users to pin their PostgreSQL image version.
Manual action might be required
Sessions are now stored in the database
Previously, sessions were stored by default in the cache. Now, they are stored in the database. This allows for numerous other performance improvements. On high traffic instances, requests to old instances after the upgrade has started will fail to authenticate.
New features
-
Remember me: Users can now choose to skip entering their usernames after their first login on the same device. This feature is optional and admins can enable it in the Identification stage.
-
RBAC: Initial Permissions
In hardened authentik installations, it is possible for a user to have permission to create an object type, but not to view/change/delete(/etc) objects of that type. Previously, this could result in a user creating an object and then not having any access to that object.
InitialPermissionsis a mechanism to automatically add permissions to any object on creation. Refer to our documentation for more details. -
Reputation score limit
Reputation scores now have a configurable numerical limit in addition to the already existing temporal limit.
-
Support for PostgreSQL Connection Pools: See description under Highlights. Refer to our documentation.
-
Password History Policy: See description under Highlights. Refer to our documentation.
-
Improve membership resolution for the LDAP Source: See description under Highlights. Refer to our documentation.
-
Source Sync Dry Run: See description under Highlights.
-
Gateway API support Preview
For Kubernetes users, authentik now supports the Gateway API. The Helm chart supports HTTPRoute. The Kubernetes outpost integrations supports creating HTTPRoute objects for Proxy providers. Refer to our documentation.
New integration guides
An integration is a how authentik connects to third-party applications, directories, and other identity providers. The following integration guides were recently added.
- Apple Business Manager
- FleetDM
- Gravity
- Homarr
- KnocKnoc
- Mautic
- Mailcow
- Mealie
- OpenProject
- Sidero Omni
- Tandoor
- Wazuh
- XCreds
- Zipline
Upgrading
This release does not introduce any new requirements. You can follow the upgrade instructions below; for more detailed information about upgrading authentik, refer to our Upgrade documentation.
When you upgrade, be aware that the version of the authentik instance and of any outposts must be the same. We recommended that you always upgrade any outposts at the same time you upgrade your authentik instance.
Docker Compose
To upgrade, download the new docker-compose file and update the Docker stack with the new version, using these commands:
wget -O docker-compose.yml https://goauthentik.io/version/xxxx.x/docker-compose.yml
docker compose up -d
The -O flag retains the downloaded file's name, overwriting any existing local file with the same name.
Kubernetes
Upgrade the Helm Chart to the new version, using the following commands:
helm repo update
helm upgrade authentik authentik/authentik -f values.yaml --version ^2025.4
Minor changes/fixes
- */saml: allow for domainless SAML URLs (#13737)
- *: fix stage incorrectly being inserted instead of appended (#13304)
- admin: fix system API when using bearer token (#13651)
- blueprints: Adjust title for MFA set up (#13400)
- brands: add option to set global default flow background (#13079)
- brands: fix migration 0008 by removing incorrect context manager usage (#13635)
- brands: migrate custom CSS to brands (#13172)
- cmd: set version in outposts (#13116)
- cmd: set version in outposts (cherry-pick #13116) (#13122)
- core: Tidy contributor onboarding, fix typos. (#12700)
- core: add darkreader-lock (#13183)
- core: add pre-hydrated relative URL (#13243)
- core: clear expired database sessions (#13105)
- core: fix core/user is_superuser filter (#13693)
- core: fix double slash in cache key (#13721)
- core: fix error when viewing used_by for built-in source (#13588)
- core: fix flaky tests introduced with is_superuser API fix (#13709)
- core: fix migrations (#14009)
- core: fix non-exploitable open redirect (#13696)
- core: migrate all sessions to the database (#9736)
- core: users API: add date_joined (#13817)
- enterprise/policies: Add Password Uniqueness History Policy (#13453)
- enterprise/stages/source: fix Source stage not executing authentication/enrollment flow (#12875)
- enterprise/stages/source: fix dispatch method signature (#13321)
- enterprise/stages/source: set is_redirected in flow source stage redirects to (#13604)
- events: add configurable headers to webhooks (#13602)
- flows: fix API not returning configured background (#13641)
- lib/config: fix conn_max_age parsing (#13370)
- lib/sync/outgoing: add dry run (#13244)
- lib: set a default HTTP timeout on outgoing requests (#13599)
- lifecycle/migrate: fix migration failing if killed during first startup (#14207)
- lifecycle: add warning regarding supported installation methods (#13190)
- outposts/controllers: k8s: sanitize resource names to comply with DNS subdomain standards (#13444)
- outposts/ldap: fix paginator going into infinite loop (#13677)
- outposts: add support for gateway API (#13272)
- policies/geoip: fix math in impossible travel (#13141)
- policies/geoip: fix result when only dynamic results are used (#14107)
- policies/reputation: limit reputation score (#14008)
- policies: buffered policy access view for concurrent authorization attempts when unauthenticated (#13629)
- providers/SCIM: fix object exists error for users, attempt to look up user ID in remote system (#13437)
- providers/oauth2, rac: make sure tokens are revoked after session deletion (#14011)
- providers/oauth2: offline_access don't require explicit consent (#13419)
- providers/oauth2: properly support P-384 and P-521 keys (#13317)
- providers/proxy: kubernetes outpost: fix reconcile when only annotations changed (#13372)
- providers/rac: fix signals and Endpoint caching (#13529)
- providers/rac: move to open source (#13015)
- providers/saml: configurable AuthnContextClassRef (#13566)
- providers/scim: add compatibility mode for AWS & Slack (#13342)
- providers/scim: fix group membership check failing (#13644)
- providers/scim: save attributes returned from remote system like google workspace and entra ID (#13459)
- rbac: add
InitialPermissions(#13795) - rbac: add
nameto Permissions search (#14269) - remove rc notice and enterprise tag for the span
- revert: rbac: exclude permissions for internal models (#12803) (#13138)
- root: allow configuring session cookie age (#12389)
- root: bump python client generator version (#13467)
- root: bump python patch version to 3.12.9 (#13710)
- root: fix dependency install due to description-file (#13655)
- root: fix uv lock file on macOS (#13578)
- root: prevent docker-compose up when secret key is missing (#14043)
- root: replace poetry with uv (#13388)
- root: support db pool (#13534)
- scripts: fix broken link (#13156)
- scripts: postgres: print statements (#13537)
- security: fix CVE-2025-29928 (#13695)
- sources/kerberos, saml: allow creation of connections from the API (#13794)
- sources/ldap: add source connections (#13796)
- sources/ldap: lookup group memberships from user attribute (#12661)
- sources/oauth: add group sync for azure_ad (#12894)
- sources/oauth: fix duplicate authentication (#13322)
- sources/oauth: ignore missing well-known keys (#13468)
- sources/oauth: introduce authorization code auth method (#14034)
- sources/oauth: reddit: fix duplicate keyword auth (#13466)
- sources: move identifier to parent model (#13797)
- sources: prevent deletion of built-in source (#12914)
- stages/authenticator_email: Email Authenticator Stage Documentation (#12853)
- stages/authenticator_email: Fix Enroll dropdown in the MFA Devices page (#13404)
- stages/authenticator_email: fix session cleanup test b (#13264)
- stages/authenticator_email: remove flaky assertions (#13371)
- stages/email: Clean newline characters in TemplateEmailMessage (#13666)
- stages/email: Fix email stage serialization (#13256)
- stages/email: fix for newlines in emails (#13712)
- stages/email: token_expiry format (#13394)
- stages/identification: check captcha after checking authentication (#13533)
- stages/identification: refresh captcha on failure (#13697)
- web/admin: add button to clear application cache (#13399)
- web/admin: add sync status refresh button (#13678)
- web/admin: allow user lists to show active only (#13403)
- web/admin: decorative display in user’s page breaks in other locales (#13393)
- web/admin: fix comment being rendered (#13530)
- web/admin: fix custom scope mappings being selected by default in proxy provider (#13735)
- web/admin: fix default selection for binding policy (#13180)
- web/admin: fix diff showing previous false as "-" (#13580)
- web/admin: fix display bug for assigned users in application bindings in the wizard (#13435)
- web/admin: fix markdown being completely whited out in dark mode on proxy provider pages (#13387)
- web/admin: fix minor typo (#13181)
- web/admin: only show message when not editing an application (#13165)
- web/admin: prefer using datefns over moment.js (#13143)
- web/admin: prevent default logo flashing in admin interface (#13960)
- web/admin: reworked sync status card (#13625)
- web/admin: reworked sync status card (cherry-pick #13625) (#13692)
- web/admin: update Application Wizard button placement (#12771)
- web/api: Fix Hoisted exports across entrypoints. Update Axios. (#14089)
- web/common: utils: fix infinite value handling in getRelativeTime function (#13564)
- web/flow: fix translate extract (#13208)
- web/flow: grab focus to uid input field (#13177)
- web/flow: update default flow background (#13175)
- web/flows: disambiguate brand links codeblock (#12141)
- web/flows: fix error on interactive Captcha stage when retrying captcha (#13119)
- web/flows: fix missing padding on authenticator_validate card (#13420)
- web/user: ensure modal container on user-settings page is min-height: 100% (#13402)
- web/user: fix RAC launch not opening when clicking icon (#13164)
- web/user: fix display for RAC tile (#13211)
- web/user: fix opening application with Enter not respecting new tab setting (#13115)
- web/user: fix post MFA creation link being invalid (#13157)
- web/user: fix race condition in user settings flow executor (#13163)
- web/user: show admin interface button on mobile (#13421)
- web: Client-side MDX rendering (#13610)
- web: ESBuild performance + Live reload (#13026)
- web: Fix TypeScript compilation issues for mixins, events. (#13766)
- web: Fix inline documentation rendering (#13379)
- web: Fix prop. (#13630)
- web: Flesh out configs. (#13801)
- web: Ignore Storybook when running codespell. (#13454)
- web: Indicate when caps-lock is active during password input. (#12733)
- web: Indicate when caps-lock is active during password input. (cherry-pick #12733) (#13160)
- web: Normalize client-side error handling (#13595)
- web: Packagify live reload plugin. (#14134)
- web: Safari fixes merge branch (#14181)
- web: Tidy temporal utilities. (#13755)
- web: add
remember mefeature to IdentificationStage (#10397) - web: admin interface: faster card load (#13331)
- web: elements: Table: Fix table selection clearing behavior (#13959)
- web: ensure wizard modal closes on first cancel click (#13636)
- web: fix bug that was causing charts to be too tall (#14253)
- web: fix scrollbar styling (#12600)
- web: lock lit/ssr (#14214)
- web: update default flow background (#14115)
- Revert "core: fix non-exploitable open redirect (#13696)" (#13824)
- Revert "policies: buffered policy access view for concurrent authorization attempts when unauthenticated (#13629)" (#14180)
- Revert "web: Safari fixes merge branch (#14181)" (#14211)
- Revert "website/docs: Prepare for monorepo. (#14119)" (#14239)
- Revert package-lock.json changes from "web: add
remember mefeature to IdentificationStage (#10397)" (#14212)
API Changes
What's New
GET /policies/unique_password/
POST /policies/unique_password/
GET /policies/unique_password/{#125;#123;policy_uuid}/
PUT /policies/unique_password/{#125;#123;policy_uuid}/
DELETE /policies/unique_password/{#125;#123;policy_uuid}/
PATCH /policies/unique_password/{#125;#123;policy_uuid}/
GET /policies/unique_password/{#125;#123;policy_uuid}/used_by/
GET /rbac/initial_permissions/
POST /rbac/initial_permissions/
GET /rbac/initial_permissions/{#125;#123;id}/
PUT /rbac/initial_permissions/{#125;#123;id}/
DELETE /rbac/initial_permissions/{#125;#123;id}/
PATCH /rbac/initial_permissions/{#125;#123;id}/
GET /rbac/initial_permissions/{#125;#123;id}/used_by/
GET /sources/group_connections/all/
GET /sources/group_connections/all/{#125;#123;id}/
PUT /sources/group_connections/all/{#125;#123;id}/
DELETE /sources/group_connections/all/{#125;#123;id}/
PATCH /sources/group_connections/all/{#125;#123;id}/
GET /sources/group_connections/all/{#125;#123;id}/used_by/
GET /sources/group_connections/ldap/
POST /sources/group_connections/ldap/
GET /sources/group_connections/ldap/{#125;#123;id}/
PUT /sources/group_connections/ldap/{#125;#123;id}/
DELETE /sources/group_connections/ldap/{#125;#123;id}/
PATCH /sources/group_connections/ldap/{#125;#123;id}/
GET /sources/group_connections/ldap/{#125;#123;id}/used_by/
GET /sources/user_connections/ldap/
POST /sources/user_connections/ldap/
GET /sources/user_connections/ldap/{#125;#123;id}/
PUT /sources/user_connections/ldap/{#125;#123;id}/
DELETE /sources/user_connections/ldap/{#125;#123;id}/
PATCH /sources/user_connections/ldap/{#125;#123;id}/
GET /sources/user_connections/ldap/{#125;#123;id}/used_by/
POST /sources/group_connections/kerberos/
POST /sources/group_connections/saml/
What's Changed
GET /admin/settings/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Added property
reputation_lower_limit(integer)Reputation cannot decrease lower than this value. Zero or negative.
-
Added property
reputation_upper_limit(integer)Reputation cannot increase higher than this value. Zero or positive.
-
PUT /admin/settings/
Request:
Changed content type : application/json
-
Added property
reputation_lower_limit(integer)Reputation cannot decrease lower than this value. Zero or negative.
-
Added property
reputation_upper_limit(integer)Reputation cannot increase higher than this value. Zero or positive.
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Added property
reputation_lower_limit(integer)Reputation cannot decrease lower than this value. Zero or negative.
-
Added property
reputation_upper_limit(integer)Reputation cannot increase higher than this value. Zero or positive.
-
PATCH /admin/settings/
Request:
Changed content type : application/json
-
Added property
reputation_lower_limit(integer)Reputation cannot decrease lower than this value. Zero or negative.
-
Added property
reputation_upper_limit(integer)Reputation cannot increase higher than this value. Zero or positive.
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Added property
reputation_lower_limit(integer)Reputation cannot decrease lower than this value. Zero or negative.
-
Added property
reputation_upper_limit(integer)Reputation cannot increase higher than this value. Zero or positive.
-
GET /core/authenticated_sessions/{#125;#123;uuid}/
Parameters:
Changed: uuid in path
Return Type:
Changed response : 200 OK
-
Changed content type :
application/jsonNew required properties:
-
expires -
last_user_agent
-
Changed property
last_ip(string) -
Changed property
last_user_agent(string) -
Changed property
expires(string)
-
DELETE /core/authenticated_sessions/{#125;#123;uuid}/
Parameters:
Changed: uuid in path
GET /core/brands/{#125;#123;brand_uuid}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Added property
branding_custom_css(string) -
Added property
branding_default_flow_background(string)
-
PUT /core/brands/{#125;#123;brand_uuid}/
Request:
Changed content type : application/json
-
Added property
branding_custom_css(string) -
Added property
branding_default_flow_background(string)
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Added property
branding_custom_css(string) -
Added property
branding_default_flow_background(string)
-
PATCH /core/brands/{#125;#123;brand_uuid}/
Request:
Changed content type : application/json
-
Added property
branding_custom_css(string) -
Added property
branding_default_flow_background(string)
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Added property
branding_custom_css(string) -
Added property
branding_default_flow_background(string)
-
GET /policies/event_matcher/{#125;#123;policy_uuid}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Changed property
app(string)Match events created by selected application. When left empty, all applications are matched.
Added enum value:
authentik.enterprise.policies.unique_password
-
Changed property
model(string)Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched.
Added enum values:
authentik_rbac.initialpermissionsauthentik_sources_ldap.userldapsourceconnectionauthentik_sources_ldap.groupldapsourceconnectionauthentik_policies_unique_password.uniquepasswordpolicy
-
PUT /policies/event_matcher/{#125;#123;policy_uuid}/
Request:
Changed content type : application/json
-
Changed property
app(string)Match events created by selected application. When left empty, all applications are matched.
Added enum value:
authentik.enterprise.policies.unique_password
-
Changed property
model(string)Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched.
Added enum values:
authentik_rbac.initialpermissionsauthentik_sources_ldap.userldapsourceconnectionauthentik_sources_ldap.groupldapsourceconnectionauthentik_policies_unique_password.uniquepasswordpolicy
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Changed property
app(string)Match events created by selected application. When left empty, all applications are matched.
Added enum value:
authentik.enterprise.policies.unique_password
-
Changed property
model(string)Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched.
Added enum values:
authentik_rbac.initialpermissionsauthentik_sources_ldap.userldapsourceconnectionauthentik_sources_ldap.groupldapsourceconnectionauthentik_policies_unique_password.uniquepasswordpolicy
-
PATCH /policies/event_matcher/{#125;#123;policy_uuid}/
Request:
Changed content type : application/json
-
Changed property
app(string)Match events created by selected application. When left empty, all applications are matched.
Added enum value:
authentik.enterprise.policies.unique_password
-
Changed property
model(string)Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched.
Added enum values:
authentik_rbac.initialpermissionsauthentik_sources_ldap.userldapsourceconnectionauthentik_sources_ldap.groupldapsourceconnectionauthentik_policies_unique_password.uniquepasswordpolicy
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Changed property
app(string)Match events created by selected application. When left empty, all applications are matched.
Added enum value:
authentik.enterprise.policies.unique_password
-
Changed property
model(string)Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched.
Added enum values:
authentik_rbac.initialpermissionsauthentik_sources_ldap.userldapsourceconnectionauthentik_sources_ldap.groupldapsourceconnectionauthentik_policies_unique_password.uniquepasswordpolicy
-
GET /providers/scim/{#125;#123;id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Added property
compatibility_mode(object)Alter authentik behavior for vendor-specific SCIM implementations.
Enum values:
defaultawsslack
-
Added property
dry_run(boolean)When enabled, provider will not modify or create objects in the remote system.
-
PUT /providers/scim/{#125;#123;id}/
Request:
Changed content type : application/json
-
Added property
compatibility_mode(object)Alter authentik behavior for vendor-specific SCIM implementations.
-
Added property
dry_run(boolean)When enabled, provider will not modify or create objects in the remote system.
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Added property
compatibility_mode(object)Alter authentik behavior for vendor-specific SCIM implementations.
-
Added property
dry_run(boolean)When enabled, provider will not modify or create objects in the remote system.
-
PATCH /providers/scim/{#125;#123;id}/
Request:
Changed content type : application/json
-
Added property
compatibility_mode(object)Alter authentik behavior for vendor-specific SCIM implementations.
-
Added property
dry_run(boolean)When enabled, provider will not modify or create objects in the remote system.
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Added property
compatibility_mode(object)Alter authentik behavior for vendor-specific SCIM implementations.
-
Added property
dry_run(boolean)When enabled, provider will not modify or create objects in the remote system.
-
GET /providers/scim_groups/{#125;#123;id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/jsonNew required properties:
-
attributes
- Added property
attributes(object)
-
GET /providers/scim_users/{#125;#123;id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/jsonNew required properties:
-
attributes
- Added property
attributes(object)
-
GET /core/authenticated_sessions/
Parameters:
Added: session__last_ip in query
Added: session__last_user_agent in query
Deleted: last_ip in query
Deleted: last_user_agent in query
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Changed property
results(array)Changed items (object): > AuthenticatedSession Serializer
New required properties:
-
expires -
last_user_agent
-
Changed property
last_ip(string) -
Changed property
last_user_agent(string) -
Changed property
expires(string)
-
-
GET /core/authenticated_sessions/{#125;#123;uuid}/used_by/
Parameters:
Changed: uuid in path
POST /core/brands/
Request:
Changed content type : application/json
-
Added property
branding_custom_css(string) -
Added property
branding_default_flow_background(string)
Return Type:
Changed response : 201 Created
-
Changed content type :
application/json-
Added property
branding_custom_css(string) -
Added property
branding_default_flow_background(string)
-
GET /core/brands/
Parameters:
Added: branding_default_flow_background in query
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Changed property
results(array)Changed items (object): > Brand Serializer
-
Added property
branding_custom_css(string) -
Added property
branding_default_flow_background(string)
-
-
GET /core/brands/current/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/jsonNew required properties:
-
branding_custom_css
- Added property
branding_custom_css(string)
-
GET /core/tokens/{#125;#123;identifier}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Changed property
user_obj(object)User Serializer
New required properties:
-
date_joined
- Added property
date_joined(string)
-
-
PUT /core/tokens/{#125;#123;identifier}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Changed property
user_obj(object)User Serializer
New required properties:
-
date_joined
- Added property
date_joined(string)
-
-
PATCH /core/tokens/{#125;#123;identifier}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Changed property
user_obj(object)User Serializer
New required properties:
-
date_joined
- Added property
date_joined(string)
-
-
GET /core/users/{#125;#123;id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/jsonNew required properties:
-
date_joined
- Added property
date_joined(string)
-
PUT /core/users/{#125;#123;id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/jsonNew required properties:
-
date_joined
- Added property
date_joined(string)
-
PATCH /core/users/{#125;#123;id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/jsonNew required properties:
-
date_joined
- Added property
date_joined(string)
-
GET /events/transports/{#125;#123;uuid}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Added property
webhook_mapping_body(string)Customize the body of the request. Mapping should return data that is JSON-serializable.
-
Added property
webhook_mapping_headers(string)Configure additional headers to be sent. Mapping should return a dictionary of key-value pairs
-
Deleted property
webhook_mapping(string)
-
PUT /events/transports/{#125;#123;uuid}/
Request:
Changed content type : application/json
-
Added property
webhook_mapping_body(string)Customize the body of the request. Mapping should return data that is JSON-serializable.
-
Added property
webhook_mapping_headers(string)Configure additional headers to be sent. Mapping should return a dictionary of key-value pairs
-
Deleted property
webhook_mapping(string)
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Added property
webhook_mapping_body(string)Customize the body of the request. Mapping should return data that is JSON-serializable.
-
Added property
webhook_mapping_headers(string)Configure additional headers to be sent. Mapping should return a dictionary of key-value pairs
-
Deleted property
webhook_mapping(string)
-
PATCH /events/transports/{#125;#123;uuid}/
Request:
Changed content type : application/json
-
Added property
webhook_mapping_body(string)Customize the body of the request. Mapping should return data that is JSON-serializable.
-
Added property
webhook_mapping_headers(string)Configure additional headers to be sent. Mapping should return a dictionary of key-value pairs
-
Deleted property
webhook_mapping(string)
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Added property
webhook_mapping_body(string)Customize the body of the request. Mapping should return data that is JSON-serializable.
-
Added property
webhook_mapping_headers(string)Configure additional headers to be sent. Mapping should return a dictionary of key-value pairs
-
Deleted property
webhook_mapping(string)
-
GET /policies/bindings/{#125;#123;policy_binding_uuid}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Changed property
user_obj(object)User Serializer
New required properties:
-
date_joined
- Added property
date_joined(string)
-
-
PUT /policies/bindings/{#125;#123;policy_binding_uuid}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Changed property
user_obj(object)User Serializer
New required properties:
-
date_joined
- Added property
date_joined(string)
-
-
PATCH /policies/bindings/{#125;#123;policy_binding_uuid}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Changed property
user_obj(object)User Serializer
New required properties:
-
date_joined
- Added property
date_joined(string)
-
-
POST /policies/event_matcher/
Request:
Changed content type : application/json
-
Changed property
app(string)Match events created by selected application. When left empty, all applications are matched.
Added enum value:
authentik.enterprise.policies.unique_password
-
Changed property
model(string)Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched.
Added enum values:
authentik_rbac.initialpermissionsauthentik_sources_ldap.userldapsourceconnectionauthentik_sources_ldap.groupldapsourceconnectionauthentik_policies_unique_password.uniquepasswordpolicy
Return Type:
Changed response : 201 Created
-
Changed content type :
application/json-
Changed property
app(string)Match events created by selected application. When left empty, all applications are matched.
Added enum value:
authentik.enterprise.policies.unique_password
-
Changed property
model(string)Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched.
Added enum values:
authentik_rbac.initialpermissionsauthentik_sources_ldap.userldapsourceconnectionauthentik_sources_ldap.groupldapsourceconnectionauthentik_policies_unique_password.uniquepasswordpolicy
-
GET /policies/event_matcher/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Changed property
results(array)Changed items (object): > Event Matcher Policy Serializer
-
Changed property
app(string)Match events created by selected application. When left empty, all applications are matched.
Added enum value:
authentik.enterprise.policies.unique_password
-
Changed property
model(string)Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched.
Added enum values:
authentik_rbac.initialpermissionsauthentik_sources_ldap.userldapsourceconnectionauthentik_sources_ldap.groupldapsourceconnectionauthentik_policies_unique_password.uniquepasswordpolicy
-
-
GET /providers/google_workspace/{#125;#123;id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json- Added property
dry_run(boolean)When enabled, provider will not modify or create objects in the remote system.
- Added property
PUT /providers/google_workspace/{#125;#123;id}/
Request:
Changed content type : application/json
- Added property
dry_run(boolean)When enabled, provider will not modify or create objects in the remote system.
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json- Added property
dry_run(boolean)When enabled, provider will not modify or create objects in the remote system.
- Added property
PATCH /providers/google_workspace/{#125;#123;id}/
Request:
Changed content type : application/json
- Added property
dry_run(boolean)When enabled, provider will not modify or create objects in the remote system.
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json- Added property
dry_run(boolean)When enabled, provider will not modify or create objects in the remote system.
- Added property
GET /providers/microsoft_entra/{#125;#123;id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json- Added property
dry_run(boolean)When enabled, provider will not modify or create objects in the remote system.
- Added property
PUT /providers/microsoft_entra/{#125;#123;id}/
Request:
Changed content type : application/json
- Added property
dry_run(boolean)When enabled, provider will not modify or create objects in the remote system.
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json- Added property
dry_run(boolean)When enabled, provider will not modify or create objects in the remote system.
- Added property
PATCH /providers/microsoft_entra/{#125;#123;id}/
Request:
Changed content type : application/json
- Added property
dry_run(boolean)When enabled, provider will not modify or create objects in the remote system.
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json- Added property
dry_run(boolean)When enabled, provider will not modify or create objects in the remote system.
- Added property
GET /providers/saml/{#125;#123;id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Added property
authn_context_class_ref_mapping(string)Configure how the AuthnContextClassRef value will be created. When left empty, the AuthnContextClassRef will be set based on which authentication methods the user used to authenticate.
-
Changed property
acs_url(string)
-
PUT /providers/saml/{#125;#123;id}/
Request:
Changed content type : application/json
-
Added property
authn_context_class_ref_mapping(string)Configure how the AuthnContextClassRef value will be created. When left empty, the AuthnContextClassRef will be set based on which authentication methods the user used to authenticate.
-
Changed property
acs_url(string)
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Added property
authn_context_class_ref_mapping(string)Configure how the AuthnContextClassRef value will be created. When left empty, the AuthnContextClassRef will be set based on which authentication methods the user used to authenticate.
-
Changed property
acs_url(string)
-
PATCH /providers/saml/{#125;#123;id}/
Request:
Changed content type : application/json
-
Added property
authn_context_class_ref_mapping(string)Configure how the AuthnContextClassRef value will be created. When left empty, the AuthnContextClassRef will be set based on which authentication methods the user used to authenticate.
-
Changed property
acs_url(string)
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Added property
authn_context_class_ref_mapping(string)Configure how the AuthnContextClassRef value will be created. When left empty, the AuthnContextClassRef will be set based on which authentication methods the user used to authenticate.
-
Changed property
acs_url(string)
-
POST /providers/scim/
Request:
Changed content type : application/json
-
Added property
compatibility_mode(object)Alter authentik behavior for vendor-specific SCIM implementations.
-
Added property
dry_run(boolean)When enabled, provider will not modify or create objects in the remote system.
Return Type:
Changed response : 201 Created
-
Changed content type :
application/json-
Added property
compatibility_mode(object)Alter authentik behavior for vendor-specific SCIM implementations.
-
Added property
dry_run(boolean)When enabled, provider will not modify or create objects in the remote system.
-
GET /providers/scim/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Changed property
results(array)Changed items (object): > SCIMProvider Serializer
-
Added property
compatibility_mode(object)Alter authentik behavior for vendor-specific SCIM implementations.
-
Added property
dry_run(boolean)When enabled, provider will not modify or create objects in the remote system.
-
-
POST /providers/scim_groups/
Return Type:
Changed response : 201 Created
-
Changed content type :
application/jsonNew required properties:
-
attributes
- Added property
attributes(object)
-
GET /providers/scim_groups/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Changed property
results(array)Changed items (object): > SCIMProviderGroup Serializer
New required properties:
-
attributes
- Added property
attributes(object)
-
-
POST /providers/scim_users/
Return Type:
Changed response : 201 Created
-
Changed content type :
application/jsonNew required properties:
-
attributes
- Added property
attributes(object)
-
GET /providers/scim_users/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Changed property
results(array)Changed items (object): > SCIMProviderUser Serializer
New required properties:
-
attributes
- Added property
attributes(object)
-
-
GET /providers/ssf/{#125;#123;id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Changed property
token_obj(object)Token Serializer
-
Changed property
user_obj(object)User Serializer
New required properties:
-
date_joined
- Added property
date_joined(string)
-
-
-
PUT /providers/ssf/{#125;#123;id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Changed property
token_obj(object)Token Serializer
-
Changed property
user_obj(object)User Serializer
New required properties:
-
date_joined
- Added property
date_joined(string)
-
-
-
PATCH /providers/ssf/{#125;#123;id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Changed property
token_obj(object)Token Serializer
-
Changed property
user_obj(object)User Serializer
New required properties:
-
date_joined
- Added property
date_joined(string)
-
-
-
POST /rbac/permissions/assigned_by_roles/{#125;#123;uuid}/assign/
Request:
Changed content type : application/json
-
Changed property
model(string)Added enum values:
authentik_rbac.initialpermissionsauthentik_sources_ldap.userldapsourceconnectionauthentik_sources_ldap.groupldapsourceconnectionauthentik_policies_unique_password.uniquepasswordpolicy
PATCH /rbac/permissions/assigned_by_roles/{#125;#123;uuid}/unassign/
Request:
Changed content type : application/json
-
Changed property
model(string)Added enum values:
authentik_rbac.initialpermissionsauthentik_sources_ldap.userldapsourceconnectionauthentik_sources_ldap.groupldapsourceconnectionauthentik_policies_unique_password.uniquepasswordpolicy
POST /rbac/permissions/assigned_by_users/{#125;#123;id}/assign/
Request:
Changed content type : application/json
-
Changed property
model(string)Added enum values:
authentik_rbac.initialpermissionsauthentik_sources_ldap.userldapsourceconnectionauthentik_sources_ldap.groupldapsourceconnectionauthentik_policies_unique_password.uniquepasswordpolicy
PATCH /rbac/permissions/assigned_by_users/{#125;#123;id}/unassign/
Request:
Changed content type : application/json
-
Changed property
model(string)Added enum values:
authentik_rbac.initialpermissionsauthentik_sources_ldap.userldapsourceconnectionauthentik_sources_ldap.groupldapsourceconnectionauthentik_policies_unique_password.uniquepasswordpolicy
DELETE /sources/all/{#125;#123;slug}/
GET /sources/group_connections/kerberos/{#125;#123;id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/jsonNew required properties:
-
last_updated
- Added property
last_updated(string)
-
PUT /sources/group_connections/kerberos/{#125;#123;id}/
Request:
Changed content type : application/json
Return Type:
Changed response : 200 OK
-
Changed content type :
application/jsonNew required properties:
-
last_updated
- Added property
last_updated(string)
-
PATCH /sources/group_connections/kerberos/{#125;#123;id}/
Request:
Changed content type : application/json
Return Type:
Changed response : 200 OK
-
Changed content type :
application/jsonNew required properties:
-
last_updated
- Added property
last_updated(string)
-
GET /sources/group_connections/oauth/{#125;#123;id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/jsonNew required properties:
-
last_updated
- Added property
last_updated(string)
-
PUT /sources/group_connections/oauth/{#125;#123;id}/
Request:
Changed content type : application/json
Return Type:
Changed response : 200 OK
-
Changed content type :
application/jsonNew required properties:
-
last_updated
- Added property
last_updated(string)
-
PATCH /sources/group_connections/oauth/{#125;#123;id}/
Request:
Changed content type : application/json
Return Type:
Changed response : 200 OK
-
Changed content type :
application/jsonNew required properties:
-
last_updated
- Added property
last_updated(string)
-
GET /sources/group_connections/plex/{#125;#123;id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/jsonNew required properties:
-
last_updated
- Added property
last_updated(string)
-
PUT /sources/group_connections/plex/{#125;#123;id}/
Request:
Changed content type : application/json
Return Type:
Changed response : 200 OK
-
Changed content type :
application/jsonNew required properties:
-
last_updated
- Added property
last_updated(string)
-
PATCH /sources/group_connections/plex/{#125;#123;id}/
Request:
Changed content type : application/json
Return Type:
Changed response : 200 OK
-
Changed content type :
application/jsonNew required properties:
-
last_updated
- Added property
last_updated(string)
-
GET /sources/group_connections/saml/{#125;#123;id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/jsonNew required properties:
-
last_updated
- Added property
last_updated(string)
-
PUT /sources/group_connections/saml/{#125;#123;id}/
Request:
Changed content type : application/json
Return Type:
Changed response : 200 OK
-
Changed content type :
application/jsonNew required properties:
-
last_updated
- Added property
last_updated(string)
-
PATCH /sources/group_connections/saml/{#125;#123;id}/
Request:
Changed content type : application/json
Return Type:
Changed response : 200 OK
-
Changed content type :
application/jsonNew required properties:
-
last_updated
- Added property
last_updated(string)
-
GET /sources/ldap/{#125;#123;slug}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json- Added property
lookup_groups_from_user(boolean)Lookup group membership based on a user attribute instead of a group attribute. This allows nested group resolution on systems like FreeIPA and Active Directory
- Added property
PUT /sources/ldap/{#125;#123;slug}/
Request:
Changed content type : application/json
- Added property
lookup_groups_from_user(boolean)Lookup group membership based on a user attribute instead of a group attribute. This allows nested group resolution on systems like FreeIPA and Active Directory
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json- Added property
lookup_groups_from_user(boolean)Lookup group membership based on a user attribute instead of a group attribute. This allows nested group resolution on systems like FreeIPA and Active Directory
- Added property
PATCH /sources/ldap/{#125;#123;slug}/
Request:
Changed content type : application/json
- Added property
lookup_groups_from_user(boolean)Lookup group membership based on a user attribute instead of a group attribute. This allows nested group resolution on systems like FreeIPA and Active Directory
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json- Added property
lookup_groups_from_user(boolean)Lookup group membership based on a user attribute instead of a group attribute. This allows nested group resolution on systems like FreeIPA and Active Directory
- Added property
GET /sources/oauth/{#125;#123;slug}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Added property
authorization_code_auth_method(object)How to perform authentication during an authorization_code token request flow
Enum values:
basic_authpost_body
-
PUT /sources/oauth/{#125;#123;slug}/
Request:
Changed content type : application/json
- Added property
authorization_code_auth_method(object)How to perform authentication during an authorization_code token request flow
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json- Added property
authorization_code_auth_method(object)How to perform authentication during an authorization_code token request flow
- Added property
PATCH /sources/oauth/{#125;#123;slug}/
Request:
Changed content type : application/json
- Added property
authorization_code_auth_method(object)How to perform authentication during an authorization_code token request flow
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json- Added property
authorization_code_auth_method(object)How to perform authentication during an authorization_code token request flow
- Added property
GET /sources/saml/{#125;#123;slug}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Changed property
sso_url(string)URL that the initial Login request is sent to.
-
Changed property
slo_url(string)Optional URL if your IDP supports Single-Logout.
-
PUT /sources/saml/{#125;#123;slug}/
Request:
Changed content type : application/json
-
Changed property
sso_url(string)URL that the initial Login request is sent to.
-
Changed property
slo_url(string)Optional URL if your IDP supports Single-Logout.
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Changed property
sso_url(string)URL that the initial Login request is sent to.
-
Changed property
slo_url(string)Optional URL if your IDP supports Single-Logout.
-
PATCH /sources/saml/{#125;#123;slug}/
Request:
Changed content type : application/json
-
Changed property
sso_url(string)URL that the initial Login request is sent to.
-
Changed property
slo_url(string)Optional URL if your IDP supports Single-Logout.
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Changed property
sso_url(string)URL that the initial Login request is sent to.
-
Changed property
slo_url(string)Optional URL if your IDP supports Single-Logout.
-
GET /sources/scim/{#125;#123;slug}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Changed property
token_obj(object)Token Serializer
-
Changed property
user_obj(object)User Serializer
New required properties:
-
date_joined
- Added property
date_joined(string)
-
-
-
PUT /sources/scim/{#125;#123;slug}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Changed property
token_obj(object)Token Serializer
-
Changed property
user_obj(object)User Serializer
New required properties:
-
date_joined
- Added property
date_joined(string)
-
-
-
PATCH /sources/scim/{#125;#123;slug}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Changed property
token_obj(object)Token Serializer
-
Changed property
user_obj(object)User Serializer
New required properties:
-
date_joined
- Added property
date_joined(string)
-
-
-
GET /sources/user_connections/all/{#125;#123;id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/jsonNew required properties:
-
identifier -
last_updated
-
Added property
identifier(string) -
Added property
last_updated(string)
-
PUT /sources/user_connections/all/{#125;#123;id}/
Request:
Changed content type : application/json
New required properties:
identifier
- Added property
identifier(string)
Return Type:
Changed response : 200 OK
-
Changed content type :
application/jsonNew required properties:
-
identifier -
last_updated
-
Added property
identifier(string) -
Added property
last_updated(string)
-
PATCH /sources/user_connections/all/{#125;#123;id}/
Request:
Changed content type : application/json
- Added property
identifier(string)
Return Type:
Changed response : 200 OK
-
Changed content type :
application/jsonNew required properties:
-
identifier -
last_updated
-
Added property
identifier(string) -
Added property
last_updated(string)
-
DELETE /sources/user_connections/kerberos/{#125;#123;id}/
GET /sources/user_connections/kerberos/{#125;#123;id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/jsonNew required properties:
-
last_updated
- Added property
last_updated(string)
-
PUT /sources/user_connections/kerberos/{#125;#123;id}/
Request:
Changed content type : application/json
Return Type:
Changed response : 200 OK
-
Changed content type :
application/jsonNew required properties:
-
last_updated
- Added property
last_updated(string)
-
PATCH /sources/user_connections/kerberos/{#125;#123;id}/
Request:
Changed content type : application/json
Return Type:
Changed response : 200 OK
-
Changed content type :
application/jsonNew required properties:
-
last_updated
- Added property
last_updated(string)
-
DELETE /sources/user_connections/oauth/{#125;#123;id}/
GET /sources/user_connections/oauth/{#125;#123;id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/jsonNew required properties:
-
last_updated
-
Added property
last_updated(string) -
Changed property
identifier(string)
-
PUT /sources/user_connections/oauth/{#125;#123;id}/
Request:
Changed content type : application/json
- Changed property
identifier(string)
Return Type:
Changed response : 200 OK
-
Changed content type :
application/jsonNew required properties:
-
last_updated
-
Added property
last_updated(string) -
Changed property
identifier(string)
-
PATCH /sources/user_connections/oauth/{#125;#123;id}/
Request:
Changed content type : application/json
- Changed property
identifier(string)
Return Type:
Changed response : 200 OK
-
Changed content type :
application/jsonNew required properties:
-
last_updated
-
Added property
last_updated(string) -
Changed property
identifier(string)
-
DELETE /sources/user_connections/plex/{#125;#123;id}/
GET /sources/user_connections/plex/{#125;#123;id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/jsonNew required properties:
-
last_updated
- Added property
last_updated(string)
-
PUT /sources/user_connections/plex/{#125;#123;id}/
Request:
Changed content type : application/json
Return Type:
Changed response : 200 OK
-
Changed content type :
application/jsonNew required properties:
-
last_updated
- Added property
last_updated(string)
-
PATCH /sources/user_connections/plex/{#125;#123;id}/
Request:
Changed content type : application/json
Return Type:
Changed response : 200 OK
-
Changed content type :
application/jsonNew required properties:
-
last_updated
- Added property
last_updated(string)
-
DELETE /sources/user_connections/saml/{#125;#123;id}/
GET /sources/user_connections/saml/{#125;#123;id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/jsonNew required properties:
-
last_updated
- Added property
last_updated(string)
-
PUT /sources/user_connections/saml/{#125;#123;id}/
Request:
Changed content type : application/json
Return Type:
Changed response : 200 OK
-
Changed content type :
application/jsonNew required properties:
-
last_updated
- Added property
last_updated(string)
-
PATCH /sources/user_connections/saml/{#125;#123;id}/
Request:
Changed content type : application/json
Return Type:
Changed response : 200 OK
-
Changed content type :
application/jsonNew required properties:
-
last_updated
- Added property
last_updated(string)
-
GET /ssf/streams/{#125;#123;uuid}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Changed property
provider_obj(object)SSFProvider Serializer
-
Changed property
token_obj(object)Token Serializer
-
Changed property
user_obj(object)User Serializer
New required properties:
-
date_joined
- Added property
date_joined(string)
-
-
-
-
POST /core/tokens/
Return Type:
Changed response : 201 Created
-
Changed content type :
application/json-
Changed property
user_obj(object)User Serializer
New required properties:
-
date_joined
- Added property
date_joined(string)
-
-
GET /core/tokens/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Changed property
results(array)Changed items (object): > Token Serializer
-
Changed property
user_obj(object)User Serializer
New required properties:
-
date_joined
- Added property
date_joined(string)
-
-
-
GET /core/user_consent/{#125;#123;id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Changed property
user(object)User Serializer
New required properties:
-
date_joined
- Added property
date_joined(string)
-
-
POST /core/users/
Return Type:
Changed response : 201 Created
-
Changed content type :
application/jsonNew required properties:
-
date_joined
- Added property
date_joined(string)
-
GET /core/users/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Changed property
results(array)Changed items (object): > User Serializer
New required properties:
-
date_joined
- Added property
date_joined(string)
-
-
POST /events/transports/
Request:
Changed content type : application/json
-
Added property
webhook_mapping_body(string)Customize the body of the request. Mapping should return data that is JSON-serializable.
-
Added property
webhook_mapping_headers(string)Configure additional headers to be sent. Mapping should return a dictionary of key-value pairs
-
Deleted property
webhook_mapping(string)
Return Type:
Changed response : 201 Created
-
Changed content type :
application/json-
Added property
webhook_mapping_body(string)Customize the body of the request. Mapping should return data that is JSON-serializable.
-
Added property
webhook_mapping_headers(string)Configure additional headers to be sent. Mapping should return a dictionary of key-value pairs
-
Deleted property
webhook_mapping(string)
-
GET /events/transports/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Changed property
results(array)Changed items (object): > NotificationTransport Serializer
-
Added property
webhook_mapping_body(string)Customize the body of the request. Mapping should return data that is JSON-serializable.
-
Added property
webhook_mapping_headers(string)Configure additional headers to be sent. Mapping should return a dictionary of key-value pairs
-
Deleted property
webhook_mapping(string)
-
-
POST /policies/bindings/
Return Type:
Changed response : 201 Created
-
Changed content type :
application/json-
Changed property
user_obj(object)User Serializer
New required properties:
-
date_joined
- Added property
date_joined(string)
-
-
GET /policies/bindings/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Changed property
results(array)Changed items (object): > PolicyBinding Serializer
-
Changed property
user_obj(object)User Serializer
New required properties:
-
date_joined
- Added property
date_joined(string)
-
-
-
POST /providers/google_workspace/
Request:
Changed content type : application/json
- Added property
dry_run(boolean)When enabled, provider will not modify or create objects in the remote system.
Return Type:
Changed response : 201 Created
-
Changed content type :
application/json- Added property
dry_run(boolean)When enabled, provider will not modify or create objects in the remote system.
- Added property
GET /providers/google_workspace/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Changed property
results(array)Changed items (object): > GoogleWorkspaceProvider Serializer
- Added property
dry_run(boolean)When enabled, provider will not modify or create objects in the remote system.
- Added property
-
POST /providers/google_workspace/{#125;#123;id}/sync/object/
Request:
Changed content type : application/json
- Added property
override_dry_run(boolean)
POST /providers/microsoft_entra/
Request:
Changed content type : application/json
- Added property
dry_run(boolean)When enabled, provider will not modify or create objects in the remote system.
Return Type:
Changed response : 201 Created
-
Changed content type :
application/json- Added property
dry_run(boolean)When enabled, provider will not modify or create objects in the remote system.
- Added property
GET /providers/microsoft_entra/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Changed property
results(array)Changed items (object): > MicrosoftEntraProvider Serializer
- Added property
dry_run(boolean)When enabled, provider will not modify or create objects in the remote system.
- Added property
-
POST /providers/microsoft_entra/{#125;#123;id}/sync/object/
Request:
Changed content type : application/json
- Added property
override_dry_run(boolean)
POST /providers/saml/
Request:
Changed content type : application/json
-
Added property
authn_context_class_ref_mapping(string)Configure how the AuthnContextClassRef value will be created. When left empty, the AuthnContextClassRef will be set based on which authentication methods the user used to authenticate.
-
Changed property
acs_url(string)
Return Type:
Changed response : 201 Created
-
Changed content type :
application/json-
Added property
authn_context_class_ref_mapping(string)Configure how the AuthnContextClassRef value will be created. When left empty, the AuthnContextClassRef will be set based on which authentication methods the user used to authenticate.
-
Changed property
acs_url(string)
-
GET /providers/saml/
Parameters:
Added: authn_context_class_ref_mapping in query
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Changed property
results(array)Changed items (object): > SAMLProvider Serializer
-
Added property
authn_context_class_ref_mapping(string)Configure how the AuthnContextClassRef value will be created. When left empty, the AuthnContextClassRef will be set based on which authentication methods the user used to authenticate.
-
Changed property
acs_url(string)
-
-
POST /providers/scim/{#125;#123;id}/sync/object/
Request:
Changed content type : application/json
- Added property
override_dry_run(boolean)
POST /providers/ssf/
Return Type:
Changed response : 201 Created
-
Changed content type :
application/json-
Changed property
token_obj(object)Token Serializer
-
Changed property
user_obj(object)User Serializer
New required properties:
-
date_joined
- Added property
date_joined(string)
-
-
-
GET /providers/ssf/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Changed property
results(array)Changed items (object): > SSFProvider Serializer
-
Changed property
token_obj(object)Token Serializer
-
Changed property
user_obj(object)User Serializer
New required properties:
-
date_joined
- Added property
date_joined(string)
-
-
-
-
GET /rbac/permissions/assigned_by_roles/
Parameters:
Changed: model in query
GET /rbac/permissions/assigned_by_users/
Parameters:
Changed: model in query
GET /sources/group_connections/kerberos/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Changed property
results(array)Changed items (object): > Group Source Connection
New required properties:
-
last_updated
- Added property
last_updated(string)
-
-
POST /sources/group_connections/oauth/
Request:
Changed content type : application/json
Return Type:
Changed response : 201 Created
-
Changed content type :
application/jsonNew required properties:
-
last_updated
- Added property
last_updated(string)
-
GET /sources/group_connections/oauth/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Changed property
results(array)Changed items (object): > Group Source Connection
New required properties:
-
last_updated
- Added property
last_updated(string)
-
-
POST /sources/group_connections/plex/
Request:
Changed content type : application/json
Return Type:
Changed response : 201 Created
-
Changed content type :
application/jsonNew required properties:
-
last_updated
- Added property
last_updated(string)
-
GET /sources/group_connections/plex/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Changed property
results(array)Changed items (object): > Group Source Connection
New required properties:
-
last_updated
- Added property
last_updated(string)
-
-
GET /sources/group_connections/saml/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Changed property
results(array)Changed items (object): > Group Source Connection
New required properties:
-
last_updated
- Added property
last_updated(string)
-
-
POST /sources/ldap/
Request:
Changed content type : application/json
- Added property
lookup_groups_from_user(boolean)Lookup group membership based on a user attribute instead of a group attribute. This allows nested group resolution on systems like FreeIPA and Active Directory
Return Type:
Changed response : 201 Created
-
Changed content type :
application/json- Added property
lookup_groups_from_user(boolean)Lookup group membership based on a user attribute instead of a group attribute. This allows nested group resolution on systems like FreeIPA and Active Directory
- Added property
GET /sources/ldap/
Parameters:
Added: lookup_groups_from_user in query
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Changed property
results(array)Changed items (object): > LDAP Source Serializer
- Added property
lookup_groups_from_user(boolean)Lookup group membership based on a user attribute instead of a group attribute. This allows nested group resolution on systems like FreeIPA and Active Directory
- Added property
-
POST /sources/oauth/
Request:
Changed content type : application/json
- Added property
authorization_code_auth_method(object)How to perform authentication during an authorization_code token request flow
Return Type:
Changed response : 201 Created
-
Changed content type :
application/json- Added property
authorization_code_auth_method(object)How to perform authentication during an authorization_code token request flow
- Added property
GET /sources/oauth/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Changed property
results(array)Changed items (object): > OAuth Source Serializer
- Added property
authorization_code_auth_method(object)How to perform authentication during an authorization_code token request flow
- Added property
-
POST /sources/saml/
Request:
Changed content type : application/json
-
Changed property
sso_url(string)URL that the initial Login request is sent to.
-
Changed property
slo_url(string)Optional URL if your IDP supports Single-Logout.
Return Type:
Changed response : 201 Created
-
Changed content type :
application/json-
Changed property
sso_url(string)URL that the initial Login request is sent to.
-
Changed property
slo_url(string)Optional URL if your IDP supports Single-Logout.
-
GET /sources/saml/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Changed property
results(array)Changed items (object): > SAMLSource Serializer
-
Changed property
sso_url(string)URL that the initial Login request is sent to.
-
Changed property
slo_url(string)Optional URL if your IDP supports Single-Logout.
-
-
POST /sources/scim/
Return Type:
Changed response : 201 Created
-
Changed content type :
application/json-
Changed property
token_obj(object)Token Serializer
-
Changed property
user_obj(object)User Serializer
New required properties:
-
date_joined
- Added property
date_joined(string)
-
-
-
GET /sources/scim/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Changed property
results(array)Changed items (object): > SCIMSource Serializer
-
Changed property
token_obj(object)Token Serializer
-
Changed property
user_obj(object)User Serializer
New required properties:
-
date_joined
- Added property
date_joined(string)
-
-
-
-
GET /sources/user_connections/all/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Changed property
results(array)Changed items (object): > User source connection
New required properties:
-
identifier -
last_updated
-
Added property
identifier(string) -
Added property
last_updated(string)
-
-
POST /sources/user_connections/kerberos/
Request:
Changed content type : application/json
Return Type:
Changed response : 201 Created
-
Changed content type :
application/jsonNew required properties:
-
last_updated
- Added property
last_updated(string)
-
GET /sources/user_connections/kerberos/
Parameters:
Added: user in query
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Changed property
results(array)Changed items (object): > User source connection
New required properties:
-
last_updated
- Added property
last_updated(string)
-
-
POST /sources/user_connections/oauth/
Request:
Changed content type : application/json
- Changed property
identifier(string)
Return Type:
Changed response : 201 Created
-
Changed content type :
application/jsonNew required properties:
-
last_updated
-
Added property
last_updated(string) -
Changed property
identifier(string)
-
GET /sources/user_connections/oauth/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Changed property
results(array)Changed items (object): > User source connection
New required properties:
-
last_updated
-
Added property
last_updated(string) -
Changed property
identifier(string)
-
-
POST /sources/user_connections/plex/
Request:
Changed content type : application/json
Return Type:
Changed response : 201 Created
-
Changed content type :
application/jsonNew required properties:
-
last_updated
- Added property
last_updated(string)
-
GET /sources/user_connections/plex/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Changed property
results(array)Changed items (object): > User source connection
New required properties:
-
last_updated
- Added property
last_updated(string)
-
-
POST /sources/user_connections/saml/
Request:
Changed content type : application/json
Return Type:
Changed response : 201 Created
-
Changed content type :
application/jsonNew required properties:
-
last_updated
- Added property
last_updated(string)
-
GET /sources/user_connections/saml/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Changed property
results(array)Changed items (object): > User source connection
New required properties:
-
last_updated
- Added property
last_updated(string)
-
-
GET /ssf/streams/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Changed property
results(array)Changed items (object): > SSFStream Serializer
-
Changed property
provider_obj(object)SSFProvider Serializer
-
Changed property
token_obj(object)Token Serializer
-
Changed property
user_obj(object)User Serializer
New required properties:
-
date_joined
- Added property
date_joined(string)
-
-
-
-
-
GET /stages/email/{#125;#123;stage_uuid}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json- Changed property
token_expiry(integer -> string)Time the token sent is valid (Format: hours=3,minutes=17,seconds=300).
- Changed property
PUT /stages/email/{#125;#123;stage_uuid}/
Request:
Changed content type : application/json
- Changed property
token_expiry(integer -> string)Time the token sent is valid (Format: hours=3,minutes=17,seconds=300).
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json- Changed property
token_expiry(integer -> string)Time the token sent is valid (Format: hours=3,minutes=17,seconds=300).
- Changed property
PATCH /stages/email/{#125;#123;stage_uuid}/
Request:
Changed content type : application/json
- Changed property
token_expiry(integer -> string)Time the token sent is valid (Format: hours=3,minutes=17,seconds=300).
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json- Changed property
token_expiry(integer -> string)Time the token sent is valid (Format: hours=3,minutes=17,seconds=300).
- Changed property
GET /stages/identification/{#125;#123;stage_uuid}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json- Added property
enable_remember_me(boolean)Show the user the 'Remember me on this device' toggle, allowing repeat users to skip straight to entering their password.
- Added property
PUT /stages/identification/{#125;#123;stage_uuid}/
Request:
Changed content type : application/json
- Added property
enable_remember_me(boolean)Show the user the 'Remember me on this device' toggle, allowing repeat users to skip straight to entering their password.
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json- Added property
enable_remember_me(boolean)Show the user the 'Remember me on this device' toggle, allowing repeat users to skip straight to entering their password.
- Added property
PATCH /stages/identification/{#125;#123;stage_uuid}/
Request:
Changed content type : application/json
- Added property
enable_remember_me(boolean)Show the user the 'Remember me on this device' toggle, allowing repeat users to skip straight to entering their password.
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json- Added property
enable_remember_me(boolean)Show the user the 'Remember me on this device' toggle, allowing repeat users to skip straight to entering their password.
- Added property
GET /core/user_consent/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Changed property
results(array)Changed items (object): > UserConsent Serializer
-
Changed property
user(object)User Serializer
New required properties:
-
date_joined
- Added property
date_joined(string)
-
-
-
GET /flows/executor/{#125;#123;flow_slug}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/jsonUpdated
ak-stage-identificationcomponent:- Added property
enable_remember_me(boolean)
- Added property
POST /flows/executor/{#125;#123;flow_slug}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/jsonUpdated
ak-stage-identificationcomponent:- Added property
enable_remember_me(boolean)
- Added property
GET /oauth2/access_tokens/{#125;#123;id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Changed property
user(object)User Serializer
New required properties:
-
date_joined
- Added property
date_joined(string)
-
-
GET /oauth2/authorization_codes/{#125;#123;id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Changed property
user(object)User Serializer
New required properties:
-
date_joined
- Added property
date_joined(string)
-
-
GET /oauth2/refresh_tokens/{#125;#123;id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Changed property
user(object)User Serializer
New required properties:
-
date_joined
- Added property
date_joined(string)
-
-
POST /stages/email/
Request:
Changed content type : application/json
- Changed property
token_expiry(integer -> string)Time the token sent is valid (Format: hours=3,minutes=17,seconds=300).
Return Type:
Changed response : 201 Created
-
Changed content type :
application/json- Changed property
token_expiry(integer -> string)Time the token sent is valid (Format: hours=3,minutes=17,seconds=300).
- Changed property
GET /stages/email/
Parameters:
Changed: token_expiry in query
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Changed property
results(array)Changed items (object): > EmailStage Serializer
- Changed property
token_expiry(integer -> string)Time the token sent is valid (Format: hours=3,minutes=17,seconds=300).
- Changed property
-
POST /stages/identification/
Request:
Changed content type : application/json
- Added property
enable_remember_me(boolean)Show the user the 'Remember me on this device' toggle, allowing repeat users to skip straight to entering their password.
Return Type:
Changed response : 201 Created
-
Changed content type :
application/json- Added property
enable_remember_me(boolean)Show the user the 'Remember me on this device' toggle, allowing repeat users to skip straight to entering their password.
- Added property
GET /stages/identification/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Changed property
results(array)Changed items (object): > IdentificationStage Serializer
- Added property
enable_remember_me(boolean)Show the user the 'Remember me on this device' toggle, allowing repeat users to skip straight to entering their password.
- Added property
-
PUT /core/transactional/applications/
Request:
Changed content type : application/json
-
Changed property
provider(object)Updated
authentik_providers_microsoft_entra.microsoftentraproviderprovider_model:- Added property
dry_run(boolean)When enabled, provider will not modify or create objects in the remote system.
Updated
authentik_providers_scim.scimproviderprovider_model:-
Added property
compatibility_mode(object)Alter authentik behavior for vendor-specific SCIM implementations.
-
Added property
dry_run(boolean)When enabled, provider will not modify or create objects in the remote system.
Updated
authentik_providers_google_workspace.googleworkspaceproviderprovider_model:- Added property
dry_run(boolean)When enabled, provider will not modify or create objects in the remote system.
Updated
authentik_providers_saml.samlproviderprovider_model:-
Added property
authn_context_class_ref_mapping(string)Configure how the AuthnContextClassRef value will be created. When left empty, the AuthnContextClassRef will be set based on which authentication methods the user used to authenticate.
-
Changed property
acs_url(string)
- Added property
GET /oauth2/access_tokens/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Changed property
results(array)Changed items (object): > Serializer for BaseGrantModel and RefreshToken
-
Changed property
user(object)User Serializer
New required properties:
-
date_joined
- Added property
date_joined(string)
-
-
-
GET /oauth2/authorization_codes/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Changed property
results(array)Changed items (object): > Serializer for BaseGrantModel and ExpiringBaseGrant
-
Changed property
user(object)User Serializer
New required properties:
-
date_joined
- Added property
date_joined(string)
-
-
-
GET /oauth2/refresh_tokens/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Changed property
results(array)Changed items (object): > Serializer for BaseGrantModel and RefreshToken
-
Changed property
user(object)User Serializer
New required properties:
-
date_joined
- Added property
date_joined(string)
-
-
-