diff --git a/website/docs/releases/2024/v2024.8.md b/website/docs/releases/2024/v2024.8.md index ffc410636568..8e646542096b 100644 --- a/website/docs/releases/2024/v2024.8.md +++ b/website/docs/releases/2024/v2024.8.md @@ -9,6 +9,13 @@ slug: "/releases/2024.8" To try out the release candidate, replace your Docker image tag with the latest release candidate number, such as 2024.8.0-rc1. You can find the latest one in [the latest releases on GitHub](https://github.com/goauthentik/authentik/releases). If you don't find any, it means we haven't released one yet. ::::: +## Highlights + +- **Source property mappings for SCIM, OAuth, SAML and Plex sources**: All sources now support property mappings to configure how authentik interprets the incoming source's data. Additionally, groups can be synced from all sources that provide group info. +- **RADIUS provider custom attribute support**: Integrate RADIUS better into network infrastructure by sending vendor-specific attributes based on the user authenticating. +- **SAML encryption support**: SAML source and provider support encryption now, which prevents anyone from viewing the information of Assertions in-flight. +- **RBAC support for Blueprints and Terraform**: Permissions can now be assigned and automated using both Blueprints and Terraform. + ## Breaking changes ### Manual action is required @@ -66,15 +73,21 @@ To try out the release candidate, replace your Docker image tag with the latest - **Source property mappings for SCIM, OAuth, SAML and Plex sources** + All source types now support property mappings to customize how authentik should interpret the data the source provides. In addition to that, it is also now possible to sync groups and group membership from sources that provide group information. See [Property Mappings](../../sources/property-mappings/index.md). + - **RADIUS provider custom attribute support** With 2024.8 it is possible to define custom attributes for the RADIUS provider, for example vendor specific attributes like Cisco's `AV-Pair` attribute. These attributes are defined in property mappings which means they can be dynamically defined based on the user authenticating. See [RADIUS Provider](../../providers/radius/index.mdx#radius-attributes) -- **SAML Source encryption support** +- **SAML encryption support** + +It is now possible to configure a SAML sources and providers to decrypt and validate encrypted assertions. This can be configured by creating a [Certificate-keypair](../../core/certificates.md) and selecting it in the SAML source or provider. - It is now possible to configure a SAML Source to decrypt and validate encrypted assertions. This can be configured by certaing a [Certificate-keypair](../../core/certificates.md) and selecting it in the SAML Source. +- **GeoIP Policy** -- **Removal of LDAP Provider search group** + With the new [GeoIP Policy](../../policies/index.md#geoip-policy) it is possible to grant/deny access based on Country and ASN, without having to write an expression policy. + +- **Simplification of LDAP Provider permissions** The LDAP provider now uses RBAC to assign the permission to search the full directory instead of requiring a dedicated group to be created. As part of the upgrade, existing search groups' users are migrated to grant the required permission to search the full directory. @@ -82,6 +95,14 @@ To try out the release candidate, replace your Docker image tag with the latest RBAC permissions for global/object level permissions for users/roles can now be managed via blueprints and Terraform. This allows for the automatic configuration of permissions. +- **UX Improvements** + + In previous versions of authentik, there were several places in the Admin interface where you could not select more than 100 items. With this change, it is now possible to search for items and select more than 100 items. + +- **WebFinger support** + + With the addition of the [default application](../../core/brands.md#external-user-settings) setting, when the default application uses an OIDC provider, a WebFinger endpoint is available now. + ## Upgrading This release does not introduce any new requirements. You can follow the upgrade instructions below; for more detailed information about upgrading authentik, refer to our [Upgrade documentation](../../installation/upgrade.mdx). @@ -95,7 +116,7 @@ When you upgrade, be aware that the version of the authentik instance and of any To upgrade, download the new docker-compose file and update the Docker stack with the new version, using these commands: ```shell -wget -O docker-compose.yml https://goauthentik.io/version/xxxx.x/docker-compose.yml +wget -O docker-compose.yml https://goauthentik.io/version/2024.8/docker-compose.yml docker compose up -d ``` @@ -107,13 +128,3998 @@ Upgrade the Helm Chart to the new version, using the following commands: ```shell helm repo update -helm upgrade authentik authentik/authentik -f values.yaml --version ^xxxx.x +helm upgrade authentik authentik/authentik -f values.yaml --version ^2024.8 ``` ## Minor changes/fixes - +- api: use custom json renderer for speed (#9977) +- blueprints: handle model referencing non-existent app/model (#10796) +- brands: add OIDC webfinger support (#10400) +- core: add index on enabled field of sources (#10572) +- core: add primitives for source property mappings (#10651) +- core: b2c improvements p1 (#9257) +- core: fix error when raising SkipObject in mapping (#10153) +- core: fix migrations missing using db_alias (#10409) +- core: fix source flow_manager not resuming flow when linking (#10436) +- core: fix URLValidator regex to allow single digit port (#10280) +- core: remove deprecated sentry-sdk method usage (#10648) +- core: remove html language tag for pages that are translated (#10611) +- core: remove transitionary old JS urls (#10317) +- core: rework base for SkipObject exception to better support control flow exceptions (#10186) +- enterprise: add support for license flags (#10842) +- enterprise: UI improvements, better handling of expiry (#10828) +- enterprise/rac: fix error when listing connection tokens as non-superuser (#10771) +- events: associate login_failed events to a user if possible (#10270) +- events: fix race condition (#10602) +- flows: remove stage challenge type (#10476) +- internal: Use loop instead of recursion in NewAPIController (#10745) +- lib/sync: handle SkipObject in direct triggered tasks (#10590) +- lifecycle: only create tenant media root if needed (#10616) +- outposts: add better UI for showing mismatched versions (#10885) +- outposts: ensure minimum refresh interval (#10701) +- outposts: implement general paginator for list API requests (#10619) +- outposts: make refresh interval configurable (#10138) +- policies: add GeoIP policy (#10454) +- policies/reputation: fix existing reputation update (#10124) +- providers: add provider/ prefix for property mappings API (#10874) +- providers/ldap: fix missing using in migrations (#10906) +- providers/ldap: Remove search group (#10639) +- providers/proxy: avoid erroring on logout with session_id is None (#9119) +- providers/proxy: fix Traefik label generation for v3 (#10411) +- providers/radius: Add support for custom attributes (#10509) +- providers/radius: fix custom attribute (#10704) +- providers/radius: property mapping docs (#10908) +- providers/saml: encryption support (#10934) +- providers/saml: fix incorrect migration for sign_response (#10975) +- providers/saml: fix metadata import error handling (#10349) +- providers/saml: remove redundant ACSUrl in POST (#10707) +- providers/scim: Fix exception handling for missing ServiceProviderConfig (#10322) +- rbac: generate blueprint schema permissions from defined models not DB (#10962) +- rbac: rework API for terraform, add blueprint support (#10698) +- root: allow extra sentry settings (#10269) +- root: dependency maintenance (#10689) +- root: Make health checks compatible with cloud platform load balancers (#10554) +- root: make pyrad a standard dependency (#10649) +- root: makefile: add codespell to make-website (#10116) +- root: only load daphne django app in development (#10723) +- root: use custom model serializer that saves m2m without bulk (#10139) +- sources: add property mappings for all oauth and saml sources (#8771) +- sources: introduce new property mappings per user and group (#8750) +- sources: refactor user connection api (#10607) +- sources/ldap: Add enabled filter for ldap_password_validate signal (#10823) +- sources/ldap: fix migrations failing (#10588) +- sources/ldap: rename ldappropertymapping to ldapsourcepropertymapping (#10606) +- sources/oauth: fix link not being saved (#10374) +- sources/plex: add property mappings (#10772) +- sources/saml: Basic support for EncryptedAssertion element. (#10099) +- sources/saml: fix pickle error, add saml auth tests (#10348) +- sources/scim: add property mappings (#10650) +- sources/scim: fix duplicate service account users and changing token (#10735) +- sources/scim: fix schema loading with pwd is not set properly (#10574) +- stages/authenticator_validate: fix friendly_name being required (#10382) +- stages/authenticator: actually update last_used (#10813) +- stages/authenticator: add created, last_updated and last_used metadata (#10636) +- stages/prompt: fix prompt not editable with invalid expression (#10603) +- stages/user_login: fix ?next parameter not carried through broken session binding (#10301) +- web: disable reading dark mode out of the UI by default (#10256) +- web: enable custom-element-manifest and DOM/JS integration checking. (#10177) +- web: enhance search select with portal, overflow, and keyboard controls (#9517) +- web: fix bad name target that's breaking build (#10506) +- web: fix dark theme and theme switch (#10667) +- web: fix docker build for non-release versions (#10154) +- web: fix early modal stack depletion (#10068) +- web: fix mismatched button labels for boundpolicy and boundstage list (#10551) +- web: fix needed because recent upgrade to task breaks spinner button (#10142) +- web: fix theme not applying to document correctly (#10721) +- web: fixed missed internationalized strings (#10323) +- web: licenseStatus is not defined on initial render (#10894) +- web: provide 'show password' button (#10337) +- web: provide a test framework (#9681) +- web: provide better feedback on Application Library page about search results (#9386) +- web: provide default endpoint api configuration (#10319) +- web: replace all occurrences of the theme placeholder (#10749) +- web: replace multi-select with dual-select for all propertyMapping invocations (#9359) +- web: restore hasLaunchUrl to client-side criteria for filtering apps (#10291) +- web: search select with focus, autocomplete, and progressive search (#10728) +- web: set noopener and noreferrer on all external links (#10304) +- web/admin: fix access token list calling wrong API (#10434) +- web/admin: fix authentication/enrollment flow in sources being marked as required (#10911) +- web/admin: fix missing SAML Provider ECDSA options (#10612) +- web/admin: fix selectable card colour in dark theme (#10794) +- web/admin: refactor property mappings forms (#10810) +- web/admin: show matching user reputation scores in user details (#10276) +- web/admin: widen prompt form (#10615) +- web/elements: fix empty enterprise banner (#10882) +- web/flows: clean up loading, syntax and transitions (#10792) +- web/flows: don't grab focus for password input on identification stage (#10593) +- web/flows: remove background image link (#10318) +- web/flows: remove continue button from AutoSubmit stage (#10253) +- web/flows: Simplified flow executor (#10296) ## API Changes - +#### What's New + +--- + +##### `GET` /outposts/ldap/{id}/check_access/ + +##### `GET` /outposts/radius/{id}/check_access/ + +##### `GET` /policies/geoip/ + +##### `POST` /policies/geoip/ + +##### `GET` /policies/geoip/{policy_uuid}/ + +##### `PUT` /policies/geoip/{policy_uuid}/ + +##### `DELETE` /policies/geoip/{policy_uuid}/ + +##### `PATCH` /policies/geoip/{policy_uuid}/ + +##### `GET` /policies/geoip/{policy_uuid}/used_by/ + +##### `GET` /policies/geoip_iso3166/ + +##### `GET` /propertymappings/provider/rac/ + +##### `POST` /propertymappings/provider/rac/ + +##### `GET` /propertymappings/provider/rac/{pm_uuid}/ + +##### `PUT` /propertymappings/provider/rac/{pm_uuid}/ + +##### `DELETE` /propertymappings/provider/rac/{pm_uuid}/ + +##### `PATCH` /propertymappings/provider/rac/{pm_uuid}/ + +##### `GET` /propertymappings/provider/rac/{pm_uuid}/used_by/ + +##### `GET` /propertymappings/provider/radius/ + +##### `POST` /propertymappings/provider/radius/ + +##### `GET` /propertymappings/provider/radius/{pm_uuid}/ + +##### `PUT` /propertymappings/provider/radius/{pm_uuid}/ + +##### `DELETE` /propertymappings/provider/radius/{pm_uuid}/ + +##### `PATCH` /propertymappings/provider/radius/{pm_uuid}/ + +##### `GET` /propertymappings/provider/radius/{pm_uuid}/used_by/ + +##### `GET` /propertymappings/provider/saml/ + +##### `POST` /propertymappings/provider/saml/ + +##### `GET` /propertymappings/provider/saml/{pm_uuid}/ + +##### `PUT` /propertymappings/provider/saml/{pm_uuid}/ + +##### `DELETE` /propertymappings/provider/saml/{pm_uuid}/ + +##### `PATCH` /propertymappings/provider/saml/{pm_uuid}/ + +##### `GET` /propertymappings/provider/saml/{pm_uuid}/used_by/ + +##### `GET` /propertymappings/provider/scim/ + +##### `POST` /propertymappings/provider/scim/ + +##### `GET` /propertymappings/provider/scim/{pm_uuid}/ + +##### `PUT` /propertymappings/provider/scim/{pm_uuid}/ + +##### `DELETE` /propertymappings/provider/scim/{pm_uuid}/ + +##### `PATCH` /propertymappings/provider/scim/{pm_uuid}/ + +##### `GET` /propertymappings/provider/scim/{pm_uuid}/used_by/ + +##### `GET` /propertymappings/provider/scope/ + +##### `POST` /propertymappings/provider/scope/ + +##### `GET` /propertymappings/provider/scope/{pm_uuid}/ + +##### `PUT` /propertymappings/provider/scope/{pm_uuid}/ + +##### `DELETE` /propertymappings/provider/scope/{pm_uuid}/ + +##### `PATCH` /propertymappings/provider/scope/{pm_uuid}/ + +##### `GET` /propertymappings/provider/scope/{pm_uuid}/used_by/ + +##### `GET` /propertymappings/source/ldap/ + +##### `POST` /propertymappings/source/ldap/ + +##### `GET` /propertymappings/source/ldap/{pm_uuid}/ + +##### `PUT` /propertymappings/source/ldap/{pm_uuid}/ + +##### `DELETE` /propertymappings/source/ldap/{pm_uuid}/ + +##### `PATCH` /propertymappings/source/ldap/{pm_uuid}/ + +##### `GET` /propertymappings/source/ldap/{pm_uuid}/used_by/ + +##### `GET` /propertymappings/source/oauth/ + +##### `POST` /propertymappings/source/oauth/ + +##### `GET` /propertymappings/source/oauth/{pm_uuid}/ + +##### `PUT` /propertymappings/source/oauth/{pm_uuid}/ + +##### `DELETE` /propertymappings/source/oauth/{pm_uuid}/ + +##### `PATCH` /propertymappings/source/oauth/{pm_uuid}/ + +##### `GET` /propertymappings/source/oauth/{pm_uuid}/used_by/ + +##### `GET` /propertymappings/source/plex/ + +##### `POST` /propertymappings/source/plex/ + +##### `GET` /propertymappings/source/plex/{pm_uuid}/ + +##### `PUT` /propertymappings/source/plex/{pm_uuid}/ + +##### `DELETE` /propertymappings/source/plex/{pm_uuid}/ + +##### `PATCH` /propertymappings/source/plex/{pm_uuid}/ + +##### `GET` /propertymappings/source/plex/{pm_uuid}/used_by/ + +##### `GET` /propertymappings/source/saml/ + +##### `POST` /propertymappings/source/saml/ + +##### `GET` /propertymappings/source/saml/{pm_uuid}/ + +##### `PUT` /propertymappings/source/saml/{pm_uuid}/ + +##### `DELETE` /propertymappings/source/saml/{pm_uuid}/ + +##### `PATCH` /propertymappings/source/saml/{pm_uuid}/ + +##### `GET` /propertymappings/source/saml/{pm_uuid}/used_by/ + +##### `GET` /propertymappings/source/scim/ + +##### `POST` /propertymappings/source/scim/ + +##### `GET` /propertymappings/source/scim/{pm_uuid}/ + +##### `PUT` /propertymappings/source/scim/{pm_uuid}/ + +##### `DELETE` /propertymappings/source/scim/{pm_uuid}/ + +##### `PATCH` /propertymappings/source/scim/{pm_uuid}/ + +##### `GET` /propertymappings/source/scim/{pm_uuid}/used_by/ + +##### `GET` /rbac/permissions/roles/{id}/ + +##### `PUT` /rbac/permissions/roles/{id}/ + +##### `DELETE` /rbac/permissions/roles/{id}/ + +##### `PATCH` /rbac/permissions/roles/{id}/ + +##### `GET` /rbac/permissions/users/{id}/ + +##### `PUT` /rbac/permissions/users/{id}/ + +##### `DELETE` /rbac/permissions/users/{id}/ + +##### `PATCH` /rbac/permissions/users/{id}/ + +##### `GET` /sources/group_connections/oauth/ + +##### `POST` /sources/group_connections/oauth/ + +##### `GET` /sources/group_connections/oauth/{id}/ + +##### `PUT` /sources/group_connections/oauth/{id}/ + +##### `DELETE` /sources/group_connections/oauth/{id}/ + +##### `PATCH` /sources/group_connections/oauth/{id}/ + +##### `GET` /sources/group_connections/oauth/{id}/used_by/ + +##### `GET` /sources/group_connections/plex/ + +##### `POST` /sources/group_connections/plex/ + +##### `GET` /sources/group_connections/plex/{id}/ + +##### `PUT` /sources/group_connections/plex/{id}/ + +##### `DELETE` /sources/group_connections/plex/{id}/ + +##### `PATCH` /sources/group_connections/plex/{id}/ + +##### `GET` /sources/group_connections/plex/{id}/used_by/ + +##### `GET` /sources/group_connections/saml/ + +##### `GET` /sources/group_connections/saml/{id}/ + +##### `PUT` /sources/group_connections/saml/{id}/ + +##### `DELETE` /sources/group_connections/saml/{id}/ + +##### `PATCH` /sources/group_connections/saml/{id}/ + +##### `GET` /sources/group_connections/saml/{id}/used_by/ + +#### What's Deleted + +--- + +##### `GET` /outposts/ldap/{id}/ + +##### `GET` /outposts/proxy/{id}/ + +##### `GET` /outposts/radius/{id}/ + +##### `GET` /propertymappings/ldap/ + +##### `POST` /propertymappings/ldap/ + +##### `GET` /propertymappings/ldap/{pm_uuid}/ + +##### `PUT` /propertymappings/ldap/{pm_uuid}/ + +##### `DELETE` /propertymappings/ldap/{pm_uuid}/ + +##### `PATCH` /propertymappings/ldap/{pm_uuid}/ + +##### `GET` /propertymappings/ldap/{pm_uuid}/used_by/ + +##### `GET` /propertymappings/rac/ + +##### `POST` /propertymappings/rac/ + +##### `GET` /propertymappings/rac/{pm_uuid}/ + +##### `PUT` /propertymappings/rac/{pm_uuid}/ + +##### `DELETE` /propertymappings/rac/{pm_uuid}/ + +##### `PATCH` /propertymappings/rac/{pm_uuid}/ + +##### `GET` /propertymappings/rac/{pm_uuid}/used_by/ + +##### `GET` /propertymappings/saml/ + +##### `POST` /propertymappings/saml/ + +##### `GET` /propertymappings/saml/{pm_uuid}/ + +##### `PUT` /propertymappings/saml/{pm_uuid}/ + +##### `DELETE` /propertymappings/saml/{pm_uuid}/ + +##### `PATCH` /propertymappings/saml/{pm_uuid}/ + +##### `GET` /propertymappings/saml/{pm_uuid}/used_by/ + +##### `GET` /propertymappings/scim/ + +##### `POST` /propertymappings/scim/ + +##### `GET` /propertymappings/scim/{pm_uuid}/ + +##### `PUT` /propertymappings/scim/{pm_uuid}/ + +##### `DELETE` /propertymappings/scim/{pm_uuid}/ + +##### `PATCH` /propertymappings/scim/{pm_uuid}/ + +##### `GET` /propertymappings/scim/{pm_uuid}/used_by/ + +##### `GET` /propertymappings/scope/ + +##### `POST` /propertymappings/scope/ + +##### `GET` /propertymappings/scope/{pm_uuid}/ + +##### `PUT` /propertymappings/scope/{pm_uuid}/ + +##### `DELETE` /propertymappings/scope/{pm_uuid}/ + +##### `PATCH` /propertymappings/scope/{pm_uuid}/ + +##### `GET` /propertymappings/scope/{pm_uuid}/used_by/ + +#### What's Changed + +--- + +##### `GET` /admin/version/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + New required properties: + + - `outpost_outdated` + + * Added property `outpost_outdated` (boolean) + > Check if any outpost is outdated/has a version mismatch + +##### `GET` /authenticators/admin/all/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + Changed items (object): > Serializer for Duo authenticator devices + + New required properties: + + - `created` + - `last_updated` + - `last_used` + + * Added property `created` (string) + + * Added property `last_updated` (string) + + * Added property `last_used` (string) + +##### `GET` /authenticators/all/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + Changed items (object): > Serializer for Duo authenticator devices + + New required properties: + + - `created` + - `last_updated` + - `last_used` + + * Added property `created` (string) + + * Added property `last_updated` (string) + + * Added property `last_used` (string) + +##### `GET` /core/brands/{brand_uuid}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Added property `default_application` (string) + > When set, external users will be redirected to this application after authenticating. + +##### `PUT` /core/brands/{brand_uuid}/ + +###### Request: + +Changed content type : `application/json` + +- Added property `default_application` (string) + > When set, external users will be redirected to this application after authenticating. + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Added property `default_application` (string) + > When set, external users will be redirected to this application after authenticating. + +##### `PATCH` /core/brands/{brand_uuid}/ + +###### Request: + +Changed content type : `application/json` + +- Added property `default_application` (string) + > When set, external users will be redirected to this application after authenticating. + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Added property `default_application` (string) + > When set, external users will be redirected to this application after authenticating. + +##### `GET` /enterprise/license/summary/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + New required properties: + + - `license_flags` + - `status` + + New optional properties: + + - `has_license` + - `read_only` + - `show_admin_warning` + - `show_user_warning` + - `valid` + + * Added property `status` (string) + + Enum values: + + - `unlicensed` + - `valid` + - `expired` + - `expiry_soon` + - `limit_exceeded_admin` + - `limit_exceeded_user` + - `read_only` + + * Added property `license_flags` (array) + + Items (string): + + Enum values: + + - `trial` + - `non_production` + + * Deleted property `valid` (boolean) + + * Deleted property `show_admin_warning` (boolean) + + * Deleted property `show_user_warning` (boolean) + + * Deleted property `read_only` (boolean) + + * Deleted property `has_license` (boolean) + +##### `GET` /policies/event_matcher/{policy_uuid}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `app` (string) + + > Match events created by selected application. When left empty, all applications are matched. + + Added enum value: + + - `authentik.policies.geoip` + + - Changed property `model` (string) + + > Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched. + + Added enum values: + + - `authentik_policies_geoip.geoippolicy` + - `authentik_providers_radius.radiusproviderpropertymapping` + - `authentik_sources_ldap.ldapsourcepropertymapping` + - `authentik_sources_oauth.oauthsourcepropertymapping` + - `authentik_sources_oauth.groupoauthsourceconnection` + - `authentik_sources_plex.plexsourcepropertymapping` + - `authentik_sources_plex.userplexsourceconnection` + - `authentik_sources_plex.groupplexsourceconnection` + - `authentik_sources_saml.samlsourcepropertymapping` + - `authentik_sources_saml.groupsamlsourceconnection` + - `authentik_sources_scim.scimsourcepropertymapping` + Removed enum values: + + - `authentik_sources_ldap.ldappropertymapping` + - `authentik_sources_plex.plexsourceconnection` + +##### `PUT` /policies/event_matcher/{policy_uuid}/ + +###### Request: + +Changed content type : `application/json` + +- Changed property `app` (string) + + > Match events created by selected application. When left empty, all applications are matched. + + Added enum value: + + - `authentik.policies.geoip` + +- Changed property `model` (string) + + > Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched. + + Added enum values: + + - `authentik_policies_geoip.geoippolicy` + - `authentik_providers_radius.radiusproviderpropertymapping` + - `authentik_sources_ldap.ldapsourcepropertymapping` + - `authentik_sources_oauth.oauthsourcepropertymapping` + - `authentik_sources_oauth.groupoauthsourceconnection` + - `authentik_sources_plex.plexsourcepropertymapping` + - `authentik_sources_plex.userplexsourceconnection` + - `authentik_sources_plex.groupplexsourceconnection` + - `authentik_sources_saml.samlsourcepropertymapping` + - `authentik_sources_saml.groupsamlsourceconnection` + - `authentik_sources_scim.scimsourcepropertymapping` + Removed enum values: + + - `authentik_sources_ldap.ldappropertymapping` + - `authentik_sources_plex.plexsourceconnection` + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `app` (string) + + > Match events created by selected application. When left empty, all applications are matched. + + Added enum value: + + - `authentik.policies.geoip` + + - Changed property `model` (string) + + > Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched. + + Added enum values: + + - `authentik_policies_geoip.geoippolicy` + - `authentik_providers_radius.radiusproviderpropertymapping` + - `authentik_sources_ldap.ldapsourcepropertymapping` + - `authentik_sources_oauth.oauthsourcepropertymapping` + - `authentik_sources_oauth.groupoauthsourceconnection` + - `authentik_sources_plex.plexsourcepropertymapping` + - `authentik_sources_plex.userplexsourceconnection` + - `authentik_sources_plex.groupplexsourceconnection` + - `authentik_sources_saml.samlsourcepropertymapping` + - `authentik_sources_saml.groupsamlsourceconnection` + - `authentik_sources_scim.scimsourcepropertymapping` + Removed enum values: + + - `authentik_sources_ldap.ldappropertymapping` + - `authentik_sources_plex.plexsourceconnection` + +##### `PATCH` /policies/event_matcher/{policy_uuid}/ + +###### Request: + +Changed content type : `application/json` + +- Changed property `app` (string) + + > Match events created by selected application. When left empty, all applications are matched. + + Added enum value: + + - `authentik.policies.geoip` + +- Changed property `model` (string) + + > Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched. + + Added enum values: + + - `authentik_policies_geoip.geoippolicy` + - `authentik_providers_radius.radiusproviderpropertymapping` + - `authentik_sources_ldap.ldapsourcepropertymapping` + - `authentik_sources_oauth.oauthsourcepropertymapping` + - `authentik_sources_oauth.groupoauthsourceconnection` + - `authentik_sources_plex.plexsourcepropertymapping` + - `authentik_sources_plex.userplexsourceconnection` + - `authentik_sources_plex.groupplexsourceconnection` + - `authentik_sources_saml.samlsourcepropertymapping` + - `authentik_sources_saml.groupsamlsourceconnection` + - `authentik_sources_scim.scimsourcepropertymapping` + Removed enum values: + + - `authentik_sources_ldap.ldappropertymapping` + - `authentik_sources_plex.plexsourceconnection` + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `app` (string) + + > Match events created by selected application. When left empty, all applications are matched. + + Added enum value: + + - `authentik.policies.geoip` + + - Changed property `model` (string) + + > Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched. + + Added enum values: + + - `authentik_policies_geoip.geoippolicy` + - `authentik_providers_radius.radiusproviderpropertymapping` + - `authentik_sources_ldap.ldapsourcepropertymapping` + - `authentik_sources_oauth.oauthsourcepropertymapping` + - `authentik_sources_oauth.groupoauthsourceconnection` + - `authentik_sources_plex.plexsourcepropertymapping` + - `authentik_sources_plex.userplexsourceconnection` + - `authentik_sources_plex.groupplexsourceconnection` + - `authentik_sources_saml.samlsourcepropertymapping` + - `authentik_sources_saml.groupsamlsourceconnection` + - `authentik_sources_scim.scimsourcepropertymapping` + Removed enum values: + + - `authentik_sources_ldap.ldappropertymapping` + - `authentik_sources_plex.plexsourceconnection` + +##### `GET` /providers/google_workspace_groups/{id}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `group_obj` (object) + + > Simplified Group Serializer for user's groups + + - Changed property `name` (string) + +##### `GET` /providers/microsoft_entra_groups/{id}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `group_obj` (object) + + > Simplified Group Serializer for user's groups + + - Changed property `name` (string) + +##### `GET` /providers/scim_groups/{id}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `group_obj` (object) + + > Simplified Group Serializer for user's groups + + - Changed property `name` (string) + +##### `GET` /sources/scim_groups/{id}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `group_obj` (object) + + > Simplified Group Serializer for user's groups + + - Changed property `name` (string) + +##### `PUT` /sources/scim_groups/{id}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `group_obj` (object) + + > Simplified Group Serializer for user's groups + + - Changed property `name` (string) + +##### `PATCH` /sources/scim_groups/{id}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `group_obj` (object) + + > Simplified Group Serializer for user's groups + + - Changed property `name` (string) + +##### `POST` /core/brands/ + +###### Request: + +Changed content type : `application/json` + +- Added property `default_application` (string) + > When set, external users will be redirected to this application after authenticating. + +###### Return Type: + +Changed response : **201 Created** + +- Changed content type : `application/json` + + - Added property `default_application` (string) + > When set, external users will be redirected to this application after authenticating. + +##### `GET` /core/brands/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `results` (array) + + Changed items (object): > Brand Serializer + + - Added property `default_application` (string) + > When set, external users will be redirected to this application after authenticating. + +##### `GET` /core/groups/{group_uuid}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `name` (string) + +##### `PUT` /core/groups/{group_uuid}/ + +###### Request: + +Changed content type : `application/json` + +- Changed property `name` (string) + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `name` (string) + +##### `PATCH` /core/groups/{group_uuid}/ + +###### Request: + +Changed content type : `application/json` + +- Changed property `name` (string) + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `name` (string) + +##### `GET` /core/tokens/{identifier}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `user_obj` (object) + + > User Serializer + + - Changed property `groups_obj` (array) + + Changed items (object): > Simplified Group Serializer for user's groups + + - Changed property `name` (string) + +##### `PUT` /core/tokens/{identifier}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `user_obj` (object) + + > User Serializer + + - Changed property `groups_obj` (array) + + Changed items (object): > Simplified Group Serializer for user's groups + + - Changed property `name` (string) + +##### `PATCH` /core/tokens/{identifier}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `user_obj` (object) + + > User Serializer + + - Changed property `groups_obj` (array) + + Changed items (object): > Simplified Group Serializer for user's groups + + - Changed property `name` (string) + +##### `GET` /core/users/{id}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `groups_obj` (array) + + Changed items (object): > Simplified Group Serializer for user's groups + + - Changed property `name` (string) + +##### `PUT` /core/users/{id}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `groups_obj` (array) + + Changed items (object): > Simplified Group Serializer for user's groups + + - Changed property `name` (string) + +##### `PATCH` /core/users/{id}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `groups_obj` (array) + + Changed items (object): > Simplified Group Serializer for user's groups + + - Changed property `name` (string) + +##### `GET` /events/rules/{pbm_uuid}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `group_obj` (object) + + > Group Serializer + + - Changed property `name` (string) + +##### `PUT` /events/rules/{pbm_uuid}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `group_obj` (object) + + > Group Serializer + + - Changed property `name` (string) + +##### `PATCH` /events/rules/{pbm_uuid}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `group_obj` (object) + + > Group Serializer + + - Changed property `name` (string) + +##### `GET` /policies/bindings/{policy_binding_uuid}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `group_obj` (object) + + > Group Serializer + + - Changed property `name` (string) + + - Changed property `user_obj` (object) + + > User Serializer + + - Changed property `groups_obj` (array) + + Changed items (object): > Simplified Group Serializer for user's groups + + - Changed property `name` (string) + +##### `PUT` /policies/bindings/{policy_binding_uuid}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `group_obj` (object) + + > Group Serializer + + - Changed property `name` (string) + + - Changed property `user_obj` (object) + + > User Serializer + + - Changed property `groups_obj` (array) + + Changed items (object): > Simplified Group Serializer for user's groups + + - Changed property `name` (string) + +##### `PATCH` /policies/bindings/{policy_binding_uuid}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `group_obj` (object) + + > Group Serializer + + - Changed property `name` (string) + + - Changed property `user_obj` (object) + + > User Serializer + + - Changed property `groups_obj` (array) + + Changed items (object): > Simplified Group Serializer for user's groups + + - Changed property `name` (string) + +##### `POST` /policies/event_matcher/ + +###### Request: + +Changed content type : `application/json` + +- Changed property `app` (string) + + > Match events created by selected application. When left empty, all applications are matched. + + Added enum value: + + - `authentik.policies.geoip` + +- Changed property `model` (string) + + > Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched. + + Added enum values: + + - `authentik_policies_geoip.geoippolicy` + - `authentik_providers_radius.radiusproviderpropertymapping` + - `authentik_sources_ldap.ldapsourcepropertymapping` + - `authentik_sources_oauth.oauthsourcepropertymapping` + - `authentik_sources_oauth.groupoauthsourceconnection` + - `authentik_sources_plex.plexsourcepropertymapping` + - `authentik_sources_plex.userplexsourceconnection` + - `authentik_sources_plex.groupplexsourceconnection` + - `authentik_sources_saml.samlsourcepropertymapping` + - `authentik_sources_saml.groupsamlsourceconnection` + - `authentik_sources_scim.scimsourcepropertymapping` + Removed enum values: + + - `authentik_sources_ldap.ldappropertymapping` + - `authentik_sources_plex.plexsourceconnection` + +###### Return Type: + +Changed response : **201 Created** + +- Changed content type : `application/json` + + - Changed property `app` (string) + + > Match events created by selected application. When left empty, all applications are matched. + + Added enum value: + + - `authentik.policies.geoip` + + - Changed property `model` (string) + + > Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched. + + Added enum values: + + - `authentik_policies_geoip.geoippolicy` + - `authentik_providers_radius.radiusproviderpropertymapping` + - `authentik_sources_ldap.ldapsourcepropertymapping` + - `authentik_sources_oauth.oauthsourcepropertymapping` + - `authentik_sources_oauth.groupoauthsourceconnection` + - `authentik_sources_plex.plexsourcepropertymapping` + - `authentik_sources_plex.userplexsourceconnection` + - `authentik_sources_plex.groupplexsourceconnection` + - `authentik_sources_saml.samlsourcepropertymapping` + - `authentik_sources_saml.groupsamlsourceconnection` + - `authentik_sources_scim.scimsourcepropertymapping` + Removed enum values: + + - `authentik_sources_ldap.ldappropertymapping` + - `authentik_sources_plex.plexsourceconnection` + +##### `GET` /policies/event_matcher/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `results` (array) + + Changed items (object): > Event Matcher Policy Serializer + + - Changed property `app` (string) + + > Match events created by selected application. When left empty, all applications are matched. + + Added enum value: + + - `authentik.policies.geoip` + + - Changed property `model` (string) + + > Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched. + + Added enum values: + + - `authentik_policies_geoip.geoippolicy` + - `authentik_providers_radius.radiusproviderpropertymapping` + - `authentik_sources_ldap.ldapsourcepropertymapping` + - `authentik_sources_oauth.oauthsourcepropertymapping` + - `authentik_sources_oauth.groupoauthsourceconnection` + - `authentik_sources_plex.plexsourcepropertymapping` + - `authentik_sources_plex.userplexsourceconnection` + - `authentik_sources_plex.groupplexsourceconnection` + - `authentik_sources_saml.samlsourcepropertymapping` + - `authentik_sources_saml.groupsamlsourceconnection` + - `authentik_sources_scim.scimsourcepropertymapping` + Removed enum values: + + - `authentik_sources_ldap.ldappropertymapping` + - `authentik_sources_plex.plexsourceconnection` + +##### `GET` /propertymappings/all/ + +###### Parameters: + +Added: `managed` in `query` + +Added: `name` in `query` + +##### `POST` /providers/google_workspace_groups/ + +###### Return Type: + +Changed response : **201 Created** + +- Changed content type : `application/json` + + - Changed property `group_obj` (object) + + > Simplified Group Serializer for user's groups + + - Changed property `name` (string) + +##### `GET` /providers/google_workspace_groups/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `results` (array) + + Changed items (object): > GoogleWorkspaceProviderGroup Serializer + + - Changed property `group_obj` (object) + + > Simplified Group Serializer for user's groups + + - Changed property `name` (string) + +##### `GET` /providers/ldap/{id}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Deleted property `search_group` (string) + > Users in this group can do search queries. If not set, every user can execute search queries. + +##### `PUT` /providers/ldap/{id}/ + +###### Request: + +Changed content type : `application/json` + +- Deleted property `search_group` (string) + > Users in this group can do search queries. If not set, every user can execute search queries. + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Deleted property `search_group` (string) + > Users in this group can do search queries. If not set, every user can execute search queries. + +##### `PATCH` /providers/ldap/{id}/ + +###### Request: + +Changed content type : `application/json` + +- Deleted property `search_group` (string) + > Users in this group can do search queries. If not set, every user can execute search queries. + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Deleted property `search_group` (string) + > Users in this group can do search queries. If not set, every user can execute search queries. + +##### `POST` /providers/microsoft_entra_groups/ + +###### Return Type: + +Changed response : **201 Created** + +- Changed content type : `application/json` + + - Changed property `group_obj` (object) + + > Simplified Group Serializer for user's groups + + - Changed property `name` (string) + +##### `GET` /providers/microsoft_entra_groups/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `results` (array) + + Changed items (object): > MicrosoftEntraProviderGroup Serializer + + - Changed property `group_obj` (object) + + > Simplified Group Serializer for user's groups + + - Changed property `name` (string) + +##### `GET` /providers/saml/{id}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Added property `encryption_kp` (string) + + > When selected, incoming assertions are encrypted by the IdP using the public key of the encryption keypair. The assertion is decrypted by the SP using the the private key. + + - Added property `sign_assertion` (boolean) + + - Added property `sign_response` (boolean) + +##### `PUT` /providers/saml/{id}/ + +###### Request: + +Changed content type : `application/json` + +- Added property `encryption_kp` (string) + + > When selected, incoming assertions are encrypted by the IdP using the public key of the encryption keypair. The assertion is decrypted by the SP using the the private key. + +- Added property `sign_assertion` (boolean) + +- Added property `sign_response` (boolean) + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Added property `encryption_kp` (string) + + > When selected, incoming assertions are encrypted by the IdP using the public key of the encryption keypair. The assertion is decrypted by the SP using the the private key. + + - Added property `sign_assertion` (boolean) + + - Added property `sign_response` (boolean) + +##### `PATCH` /providers/saml/{id}/ + +###### Request: + +Changed content type : `application/json` + +- Added property `encryption_kp` (string) + + > When selected, incoming assertions are encrypted by the IdP using the public key of the encryption keypair. The assertion is decrypted by the SP using the the private key. + +- Added property `sign_assertion` (boolean) + +- Added property `sign_response` (boolean) + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Added property `encryption_kp` (string) + + > When selected, incoming assertions are encrypted by the IdP using the public key of the encryption keypair. The assertion is decrypted by the SP using the the private key. + + - Added property `sign_assertion` (boolean) + + - Added property `sign_response` (boolean) + +##### `POST` /providers/scim_groups/ + +###### Return Type: + +Changed response : **201 Created** + +- Changed content type : `application/json` + + - Changed property `group_obj` (object) + + > Simplified Group Serializer for user's groups + + - Changed property `name` (string) + +##### `GET` /providers/scim_groups/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `results` (array) + + Changed items (object): > SCIMProviderGroup Serializer + + - Changed property `group_obj` (object) + + > Simplified Group Serializer for user's groups + + - Changed property `name` (string) + +##### `POST` /rbac/permissions/assigned_by_roles/{uuid}/assign/ + +###### Request: + +Changed content type : `application/json` + +- Changed property `model` (string) + + Added enum values: + + - `authentik_policies_geoip.geoippolicy` + - `authentik_providers_radius.radiusproviderpropertymapping` + - `authentik_sources_ldap.ldapsourcepropertymapping` + - `authentik_sources_oauth.oauthsourcepropertymapping` + - `authentik_sources_oauth.groupoauthsourceconnection` + - `authentik_sources_plex.plexsourcepropertymapping` + - `authentik_sources_plex.userplexsourceconnection` + - `authentik_sources_plex.groupplexsourceconnection` + - `authentik_sources_saml.samlsourcepropertymapping` + - `authentik_sources_saml.groupsamlsourceconnection` + - `authentik_sources_scim.scimsourcepropertymapping` + Removed enum values: + + - `authentik_sources_ldap.ldappropertymapping` + - `authentik_sources_plex.plexsourceconnection` + +###### Return Type: + +New response : **200 OK** +Deleted response : **204 No Content** + +> Successfully assigned + +##### `PATCH` /rbac/permissions/assigned_by_roles/{uuid}/unassign/ + +###### Request: + +Changed content type : `application/json` + +- Changed property `model` (string) + + Added enum values: + + - `authentik_policies_geoip.geoippolicy` + - `authentik_providers_radius.radiusproviderpropertymapping` + - `authentik_sources_ldap.ldapsourcepropertymapping` + - `authentik_sources_oauth.oauthsourcepropertymapping` + - `authentik_sources_oauth.groupoauthsourceconnection` + - `authentik_sources_plex.plexsourcepropertymapping` + - `authentik_sources_plex.userplexsourceconnection` + - `authentik_sources_plex.groupplexsourceconnection` + - `authentik_sources_saml.samlsourcepropertymapping` + - `authentik_sources_saml.groupsamlsourceconnection` + - `authentik_sources_scim.scimsourcepropertymapping` + Removed enum values: + + - `authentik_sources_ldap.ldappropertymapping` + - `authentik_sources_plex.plexsourceconnection` + +##### `POST` /rbac/permissions/assigned_by_users/{id}/assign/ + +###### Request: + +Changed content type : `application/json` + +- Changed property `model` (string) + + Added enum values: + + - `authentik_policies_geoip.geoippolicy` + - `authentik_providers_radius.radiusproviderpropertymapping` + - `authentik_sources_ldap.ldapsourcepropertymapping` + - `authentik_sources_oauth.oauthsourcepropertymapping` + - `authentik_sources_oauth.groupoauthsourceconnection` + - `authentik_sources_plex.plexsourcepropertymapping` + - `authentik_sources_plex.userplexsourceconnection` + - `authentik_sources_plex.groupplexsourceconnection` + - `authentik_sources_saml.samlsourcepropertymapping` + - `authentik_sources_saml.groupsamlsourceconnection` + - `authentik_sources_scim.scimsourcepropertymapping` + Removed enum values: + + - `authentik_sources_ldap.ldappropertymapping` + - `authentik_sources_plex.plexsourceconnection` + +###### Return Type: + +New response : **200 OK** +Deleted response : **204 No Content** + +> Successfully assigned + +##### `PATCH` /rbac/permissions/assigned_by_users/{id}/unassign/ + +###### Request: + +Changed content type : `application/json` + +- Changed property `model` (string) + + Added enum values: + + - `authentik_policies_geoip.geoippolicy` + - `authentik_providers_radius.radiusproviderpropertymapping` + - `authentik_sources_ldap.ldapsourcepropertymapping` + - `authentik_sources_oauth.oauthsourcepropertymapping` + - `authentik_sources_oauth.groupoauthsourceconnection` + - `authentik_sources_plex.plexsourcepropertymapping` + - `authentik_sources_plex.userplexsourceconnection` + - `authentik_sources_plex.groupplexsourceconnection` + - `authentik_sources_saml.samlsourcepropertymapping` + - `authentik_sources_saml.groupsamlsourceconnection` + - `authentik_sources_scim.scimsourcepropertymapping` + Removed enum values: + + - `authentik_sources_ldap.ldappropertymapping` + - `authentik_sources_plex.plexsourceconnection` + +##### `GET` /rbac/permissions/roles/ + +###### Parameters: + +Changed: `uuid` in `query` + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `results` (array) + + Changed items (object): > User permission with additional object-related data + + - Changed property `object_pk` (string) + +##### `GET` /rbac/permissions/users/ + +###### Parameters: + +Changed: `user_id` in `query` + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `results` (array) + + Changed items (object): > User permission with additional object-related data + + - Changed property `object_pk` (string) + +##### `GET` /sources/all/{slug}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Added property `user_property_mappings` (array) + + Items (string): + + - Added property `group_property_mappings` (array) + +##### `GET` /sources/ldap/{slug}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Added property `user_property_mappings` (array) + + - Added property `group_property_mappings` (array) + + - Deleted property `property_mappings` (array) + + - Deleted property `property_mappings_group` (array) + > Property mappings used for group creation/updating. + +##### `PUT` /sources/ldap/{slug}/ + +###### Request: + +Changed content type : `application/json` + +- Added property `user_property_mappings` (array) + +- Added property `group_property_mappings` (array) + +- Deleted property `property_mappings` (array) + +- Deleted property `property_mappings_group` (array) + > Property mappings used for group creation/updating. + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Added property `user_property_mappings` (array) + + - Added property `group_property_mappings` (array) + + - Deleted property `property_mappings` (array) + + - Deleted property `property_mappings_group` (array) + > Property mappings used for group creation/updating. + +##### `PATCH` /sources/ldap/{slug}/ + +###### Request: + +Changed content type : `application/json` + +- Added property `user_property_mappings` (array) + +- Added property `group_property_mappings` (array) + +- Deleted property `property_mappings` (array) + +- Deleted property `property_mappings_group` (array) + > Property mappings used for group creation/updating. + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Added property `user_property_mappings` (array) + + - Added property `group_property_mappings` (array) + + - Deleted property `property_mappings` (array) + + - Deleted property `property_mappings_group` (array) + > Property mappings used for group creation/updating. + +##### `GET` /sources/oauth/{slug}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Added property `user_property_mappings` (array) + + - Added property `group_property_mappings` (array) + + - Added property `group_matching_mode` (object) + + > How the source determines if an existing group should be used or a new group created. + + Enum values: + + - `identifier` + - `name_link` + - `name_deny` + +##### `PUT` /sources/oauth/{slug}/ + +###### Request: + +Changed content type : `application/json` + +- Added property `user_property_mappings` (array) + +- Added property `group_property_mappings` (array) + +- Added property `group_matching_mode` (object) + > How the source determines if an existing group should be used or a new group created. + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Added property `user_property_mappings` (array) + + - Added property `group_property_mappings` (array) + + - Added property `group_matching_mode` (object) + > How the source determines if an existing group should be used or a new group created. + +##### `PATCH` /sources/oauth/{slug}/ + +###### Request: + +Changed content type : `application/json` + +- Added property `user_property_mappings` (array) + +- Added property `group_property_mappings` (array) + +- Added property `group_matching_mode` (object) + > How the source determines if an existing group should be used or a new group created. + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Added property `user_property_mappings` (array) + + - Added property `group_property_mappings` (array) + + - Added property `group_matching_mode` (object) + > How the source determines if an existing group should be used or a new group created. + +##### `GET` /sources/plex/{slug}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Added property `user_property_mappings` (array) + + - Added property `group_property_mappings` (array) + + - Added property `group_matching_mode` (object) + > How the source determines if an existing group should be used or a new group created. + +##### `PUT` /sources/plex/{slug}/ + +###### Request: + +Changed content type : `application/json` + +- Added property `user_property_mappings` (array) + +- Added property `group_property_mappings` (array) + +- Added property `group_matching_mode` (object) + > How the source determines if an existing group should be used or a new group created. + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Added property `user_property_mappings` (array) + + - Added property `group_property_mappings` (array) + + - Added property `group_matching_mode` (object) + > How the source determines if an existing group should be used or a new group created. + +##### `PATCH` /sources/plex/{slug}/ + +###### Request: + +Changed content type : `application/json` + +- Added property `user_property_mappings` (array) + +- Added property `group_property_mappings` (array) + +- Added property `group_matching_mode` (object) + > How the source determines if an existing group should be used or a new group created. + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Added property `user_property_mappings` (array) + + - Added property `group_property_mappings` (array) + + - Added property `group_matching_mode` (object) + > How the source determines if an existing group should be used or a new group created. + +##### `GET` /sources/saml/{slug}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Added property `user_property_mappings` (array) + + - Added property `group_property_mappings` (array) + + - Added property `group_matching_mode` (object) + + > How the source determines if an existing group should be used or a new group created. + + - Added property `encryption_kp` (string) + > When selected, incoming assertions are encrypted by the IdP using the public key of the encryption keypair. The assertion is decrypted by the SP using the the private key. + +##### `PUT` /sources/saml/{slug}/ + +###### Request: + +Changed content type : `application/json` + +- Added property `user_property_mappings` (array) + +- Added property `group_property_mappings` (array) + +- Added property `group_matching_mode` (object) + + > How the source determines if an existing group should be used or a new group created. + +- Added property `encryption_kp` (string) + > When selected, incoming assertions are encrypted by the IdP using the public key of the encryption keypair. The assertion is decrypted by the SP using the the private key. + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Added property `user_property_mappings` (array) + + - Added property `group_property_mappings` (array) + + - Added property `group_matching_mode` (object) + + > How the source determines if an existing group should be used or a new group created. + + - Added property `encryption_kp` (string) + > When selected, incoming assertions are encrypted by the IdP using the public key of the encryption keypair. The assertion is decrypted by the SP using the the private key. + +##### `PATCH` /sources/saml/{slug}/ + +###### Request: + +Changed content type : `application/json` + +- Added property `user_property_mappings` (array) + +- Added property `group_property_mappings` (array) + +- Added property `group_matching_mode` (object) + + > How the source determines if an existing group should be used or a new group created. + +- Added property `encryption_kp` (string) + > When selected, incoming assertions are encrypted by the IdP using the public key of the encryption keypair. The assertion is decrypted by the SP using the the private key. + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Added property `user_property_mappings` (array) + + - Added property `group_property_mappings` (array) + + - Added property `group_matching_mode` (object) + + > How the source determines if an existing group should be used or a new group created. + + - Added property `encryption_kp` (string) + > When selected, incoming assertions are encrypted by the IdP using the public key of the encryption keypair. The assertion is decrypted by the SP using the the private key. + +##### `GET` /sources/scim/{slug}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Added property `user_property_mappings` (array) + + - Added property `group_property_mappings` (array) + + - Deleted property `user_matching_mode` (object) + + > How the source determines if an existing user should be authenticated or a new user enrolled. + + - Changed property `token_obj` (object) + + > Token Serializer + + - Changed property `user_obj` (object) + + > User Serializer + + - Changed property `groups_obj` (array) + + Changed items (object): > Simplified Group Serializer for user's groups + + - Changed property `name` (string) + +##### `PUT` /sources/scim/{slug}/ + +###### Request: + +Changed content type : `application/json` + +- Added property `user_property_mappings` (array) + +- Added property `group_property_mappings` (array) + +- Deleted property `user_matching_mode` (object) + > How the source determines if an existing user should be authenticated or a new user enrolled. + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Added property `user_property_mappings` (array) + + - Added property `group_property_mappings` (array) + + - Deleted property `user_matching_mode` (object) + + > How the source determines if an existing user should be authenticated or a new user enrolled. + + - Changed property `token_obj` (object) + + > Token Serializer + + - Changed property `user_obj` (object) + + > User Serializer + + - Changed property `groups_obj` (array) + + Changed items (object): > Simplified Group Serializer for user's groups + + - Changed property `name` (string) + +##### `PATCH` /sources/scim/{slug}/ + +###### Request: + +Changed content type : `application/json` + +- Added property `user_property_mappings` (array) + +- Added property `group_property_mappings` (array) + +- Deleted property `user_matching_mode` (object) + > How the source determines if an existing user should be authenticated or a new user enrolled. + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Added property `user_property_mappings` (array) + + - Added property `group_property_mappings` (array) + + - Deleted property `user_matching_mode` (object) + + > How the source determines if an existing user should be authenticated or a new user enrolled. + + - Changed property `token_obj` (object) + + > Token Serializer + + - Changed property `user_obj` (object) + + > User Serializer + + - Changed property `groups_obj` (array) + + Changed items (object): > Simplified Group Serializer for user's groups + + - Changed property `name` (string) + +##### `POST` /sources/scim_groups/ + +###### Return Type: + +Changed response : **201 Created** + +- Changed content type : `application/json` + + - Changed property `group_obj` (object) + + > Simplified Group Serializer for user's groups + + - Changed property `name` (string) + +##### `GET` /sources/scim_groups/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `results` (array) + + Changed items (object): > SCIMSourceGroup Serializer + + - Changed property `group_obj` (object) + + > Simplified Group Serializer for user's groups + + - Changed property `name` (string) + +##### `GET` /sources/user_connections/all/{id}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `source` (object) + + > Source Serializer + + - Added property `user_property_mappings` (array) + + - Added property `group_property_mappings` (array) + +##### `PUT` /sources/user_connections/all/{id}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `source` (object) + + > Source Serializer + + - Added property `user_property_mappings` (array) + + - Added property `group_property_mappings` (array) + +##### `PATCH` /sources/user_connections/all/{id}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `source` (object) + + > Source Serializer + + - Added property `user_property_mappings` (array) + + - Added property `group_property_mappings` (array) + +##### `GET` /sources/user_connections/oauth/{id}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + New required properties: + + - `created` + + * Added property `created` (string) + + * Changed property `user` (integer) + + * Changed property `source` (object) + + > Source Serializer + + - Added property `user_property_mappings` (array) + + - Added property `group_property_mappings` (array) + +##### `PUT` /sources/user_connections/oauth/{id}/ + +###### Request: + +Changed content type : `application/json` + +New optional properties: + +- `user` + +* Deleted property `user` (integer) + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + New required properties: + + - `created` + + * Added property `created` (string) + + * Changed property `user` (integer) + + * Changed property `source` (object) + + > Source Serializer + + - Added property `user_property_mappings` (array) + + - Added property `group_property_mappings` (array) + +##### `PATCH` /sources/user_connections/oauth/{id}/ + +###### Request: + +Changed content type : `application/json` + +- Deleted property `user` (integer) + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + New required properties: + + - `created` + + * Added property `created` (string) + + * Changed property `user` (integer) + + * Changed property `source` (object) + + > Source Serializer + + - Added property `user_property_mappings` (array) + + - Added property `group_property_mappings` (array) + +##### `GET` /sources/user_connections/plex/{id}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + New required properties: + + - `created` + + New optional properties: + + - `plex_token` + + * Added property `created` (string) + + * Deleted property `plex_token` (string) + + * Changed property `source` (object) + + > Source Serializer + + - Added property `user_property_mappings` (array) + + - Added property `group_property_mappings` (array) + +##### `PUT` /sources/user_connections/plex/{id}/ + +###### Request: + +Changed content type : `application/json` + +- Changed property `plex_token` (string) + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + New required properties: + + - `created` + + New optional properties: + + - `plex_token` + + * Added property `created` (string) + + * Deleted property `plex_token` (string) + + * Changed property `source` (object) + + > Source Serializer + + - Added property `user_property_mappings` (array) + + - Added property `group_property_mappings` (array) + +##### `PATCH` /sources/user_connections/plex/{id}/ + +###### Request: + +Changed content type : `application/json` + +- Changed property `plex_token` (string) + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + New required properties: + + - `created` + + New optional properties: + + - `plex_token` + + * Added property `created` (string) + + * Deleted property `plex_token` (string) + + * Changed property `source` (object) + + > Source Serializer + + - Added property `user_property_mappings` (array) + + - Added property `group_property_mappings` (array) + +##### `GET` /sources/user_connections/saml/{id}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + New required properties: + + - `created` + + * Added property `created` (string) + + * Changed property `user` (integer) + + * Changed property `source` (object) + + > Source Serializer + + - Added property `user_property_mappings` (array) + + - Added property `group_property_mappings` (array) + +##### `PUT` /sources/user_connections/saml/{id}/ + +###### Request: + +Changed content type : `application/json` + +New optional properties: + +- `user` + +* Deleted property `user` (integer) + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + New required properties: + + - `created` + + * Added property `created` (string) + + * Changed property `user` (integer) + + * Changed property `source` (object) + + > Source Serializer + + - Added property `user_property_mappings` (array) + + - Added property `group_property_mappings` (array) + +##### `PATCH` /sources/user_connections/saml/{id}/ + +###### Request: + +Changed content type : `application/json` + +- Deleted property `user` (integer) + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + New required properties: + + - `created` + + * Added property `created` (string) + + * Changed property `user` (integer) + + * Changed property `source` (object) + + > Source Serializer + + - Added property `user_property_mappings` (array) + + - Added property `group_property_mappings` (array) + +##### `GET` /core/applications/ + +###### Parameters: + +Added: `only_with_launch_url` in `query` + +##### `POST` /core/groups/ + +###### Request: + +Changed content type : `application/json` + +- Changed property `name` (string) + +###### Return Type: + +Changed response : **201 Created** + +- Changed content type : `application/json` + + - Changed property `name` (string) + +##### `GET` /core/groups/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `results` (array) + + Changed items (object): > Group Serializer + + - Changed property `name` (string) + +##### `POST` /core/tokens/ + +###### Return Type: + +Changed response : **201 Created** + +- Changed content type : `application/json` + + - Changed property `user_obj` (object) + + > User Serializer + + - Changed property `groups_obj` (array) + + Changed items (object): > Simplified Group Serializer for user's groups + + - Changed property `name` (string) + +##### `GET` /core/tokens/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `results` (array) + + Changed items (object): > Token Serializer + + - Changed property `user_obj` (object) + + > User Serializer + + - Changed property `groups_obj` (array) + + Changed items (object): > Simplified Group Serializer for user's groups + + - Changed property `name` (string) + +##### `GET` /core/user_consent/{id}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `user` (object) + + > User Serializer + + - Changed property `groups_obj` (array) + + Changed items (object): > Simplified Group Serializer for user's groups + + - Changed property `name` (string) + +##### `POST` /core/users/ + +###### Return Type: + +Changed response : **201 Created** + +- Changed content type : `application/json` + + - Changed property `groups_obj` (array) + + Changed items (object): > Simplified Group Serializer for user's groups + + - Changed property `name` (string) + +##### `GET` /core/users/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `results` (array) + + Changed items (object): > User Serializer + + - Changed property `groups_obj` (array) + + Changed items (object): > Simplified Group Serializer for user's groups + + - Changed property `name` (string) + +##### `POST` /events/rules/ + +###### Return Type: + +Changed response : **201 Created** + +- Changed content type : `application/json` + + - Changed property `group_obj` (object) + + > Group Serializer + + - Changed property `name` (string) + +##### `GET` /events/rules/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `results` (array) + + Changed items (object): > NotificationRule Serializer + + - Changed property `group_obj` (object) + + > Group Serializer + + - Changed property `name` (string) + +##### `GET` /oauth2/access_tokens/{id}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `user` (object) + + > User Serializer + + - Changed property `groups_obj` (array) + + Changed items (object): > Simplified Group Serializer for user's groups + + - Changed property `name` (string) + +##### `GET` /oauth2/authorization_codes/{id}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `user` (object) + + > User Serializer + + - Changed property `groups_obj` (array) + + Changed items (object): > Simplified Group Serializer for user's groups + + - Changed property `name` (string) + +##### `GET` /oauth2/refresh_tokens/{id}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `user` (object) + + > User Serializer + + - Changed property `groups_obj` (array) + + Changed items (object): > Simplified Group Serializer for user's groups + + - Changed property `name` (string) + +##### `GET` /outposts/ldap/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `results` (array) + + Changed items (object): > LDAPProvider Serializer + + - Deleted property `search_group` (string) + > Users in this group can do search queries. If not set, every user can execute search queries. + +##### `POST` /policies/bindings/ + +###### Return Type: + +Changed response : **201 Created** + +- Changed content type : `application/json` + + - Changed property `group_obj` (object) + + > Group Serializer + + - Changed property `name` (string) + + - Changed property `user_obj` (object) + + > User Serializer + + - Changed property `groups_obj` (array) + + Changed items (object): > Simplified Group Serializer for user's groups + + - Changed property `name` (string) + +##### `GET` /policies/bindings/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `results` (array) + + Changed items (object): > PolicyBinding Serializer + + - Changed property `group_obj` (object) + + > Group Serializer + + - Changed property `name` (string) + + - Changed property `user_obj` (object) + + > User Serializer + + - Changed property `groups_obj` (array) + + Changed items (object): > Simplified Group Serializer for user's groups + + - Changed property `name` (string) + +##### `POST` /providers/ldap/ + +###### Request: + +Changed content type : `application/json` + +- Deleted property `search_group` (string) + > Users in this group can do search queries. If not set, every user can execute search queries. + +###### Return Type: + +Changed response : **201 Created** + +- Changed content type : `application/json` + + - Deleted property `search_group` (string) + > Users in this group can do search queries. If not set, every user can execute search queries. + +##### `GET` /providers/ldap/ + +###### Parameters: + +Deleted: `search_group__group_uuid__iexact` in `query` + +Deleted: `search_group__name__iexact` in `query` + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `results` (array) + + Changed items (object): > LDAPProvider Serializer + + - Deleted property `search_group` (string) + > Users in this group can do search queries. If not set, every user can execute search queries. + +##### `POST` /providers/saml/ + +###### Request: + +Changed content type : `application/json` + +- Added property `encryption_kp` (string) + + > When selected, incoming assertions are encrypted by the IdP using the public key of the encryption keypair. The assertion is decrypted by the SP using the the private key. + +- Added property `sign_assertion` (boolean) + +- Added property `sign_response` (boolean) + +###### Return Type: + +Changed response : **201 Created** + +- Changed content type : `application/json` + + - Added property `encryption_kp` (string) + + > When selected, incoming assertions are encrypted by the IdP using the public key of the encryption keypair. The assertion is decrypted by the SP using the the private key. + + - Added property `sign_assertion` (boolean) + + - Added property `sign_response` (boolean) + +##### `GET` /providers/saml/ + +###### Parameters: + +Added: `encryption_kp` in `query` + +Added: `sign_assertion` in `query` + +Added: `sign_response` in `query` + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `results` (array) + + Changed items (object): > SAMLProvider Serializer + + - Added property `encryption_kp` (string) + + > When selected, incoming assertions are encrypted by the IdP using the public key of the encryption keypair. The assertion is decrypted by the SP using the the private key. + + - Added property `sign_assertion` (boolean) + + - Added property `sign_response` (boolean) + +##### `GET` /rbac/permissions/assigned_by_roles/ + +###### Parameters: + +Changed: `model` in `query` + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `results` (array) + + Changed items (object): > Roles assigned object permission serializer + + - Changed property `permissions` (array) + + Changed items (object): > Role-bound object level permission + + - Changed property `object_pk` (string) + +##### `GET` /rbac/permissions/assigned_by_users/ + +###### Parameters: + +Changed: `model` in `query` + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `results` (array) + + Changed items (object): > Users assigned object permission serializer + + - Changed property `permissions` (array) + + Changed items (object): > User-bound object level permission + + - Changed property `object_pk` (string) + +##### `GET` /sources/all/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `results` (array) + + Changed items (object): > Source Serializer + + - Added property `user_property_mappings` (array) + + - Added property `group_property_mappings` (array) + +##### `POST` /sources/ldap/ + +###### Request: + +Changed content type : `application/json` + +- Added property `user_property_mappings` (array) + +- Added property `group_property_mappings` (array) + +- Deleted property `property_mappings` (array) + +- Deleted property `property_mappings_group` (array) + > Property mappings used for group creation/updating. + +###### Return Type: + +Changed response : **201 Created** + +- Changed content type : `application/json` + + - Added property `user_property_mappings` (array) + + - Added property `group_property_mappings` (array) + + - Deleted property `property_mappings` (array) + + - Deleted property `property_mappings_group` (array) + > Property mappings used for group creation/updating. + +##### `GET` /sources/ldap/ + +###### Parameters: + +Added: `group_property_mappings` in `query` + +Added: `user_property_mappings` in `query` + +Deleted: `property_mappings` in `query` + +Deleted: `property_mappings_group` in `query` + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `results` (array) + + Changed items (object): > LDAP Source Serializer + + - Added property `user_property_mappings` (array) + + - Added property `group_property_mappings` (array) + + - Deleted property `property_mappings` (array) + + - Deleted property `property_mappings_group` (array) + > Property mappings used for group creation/updating. + +##### `POST` /sources/oauth/ + +###### Request: + +Changed content type : `application/json` + +- Added property `user_property_mappings` (array) + +- Added property `group_property_mappings` (array) + +- Added property `group_matching_mode` (object) + > How the source determines if an existing group should be used or a new group created. + +###### Return Type: + +Changed response : **201 Created** + +- Changed content type : `application/json` + + - Added property `user_property_mappings` (array) + + - Added property `group_property_mappings` (array) + + - Added property `group_matching_mode` (object) + > How the source determines if an existing group should be used or a new group created. + +##### `GET` /sources/oauth/ + +###### Parameters: + +Added: `group_matching_mode` in `query` + +> How the source determines if an existing group should be used or a new group created. + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `results` (array) + + Changed items (object): > OAuth Source Serializer + + - Added property `user_property_mappings` (array) + + - Added property `group_property_mappings` (array) + + - Added property `group_matching_mode` (object) + > How the source determines if an existing group should be used or a new group created. + +##### `POST` /sources/plex/ + +###### Request: + +Changed content type : `application/json` + +- Added property `user_property_mappings` (array) + +- Added property `group_property_mappings` (array) + +- Added property `group_matching_mode` (object) + > How the source determines if an existing group should be used or a new group created. + +###### Return Type: + +Changed response : **201 Created** + +- Changed content type : `application/json` + + - Added property `user_property_mappings` (array) + + - Added property `group_property_mappings` (array) + + - Added property `group_matching_mode` (object) + > How the source determines if an existing group should be used or a new group created. + +##### `GET` /sources/plex/ + +###### Parameters: + +Added: `group_matching_mode` in `query` + +> How the source determines if an existing group should be used or a new group created. + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `results` (array) + + Changed items (object): > Plex Source Serializer + + - Added property `user_property_mappings` (array) + + - Added property `group_property_mappings` (array) + + - Added property `group_matching_mode` (object) + > How the source determines if an existing group should be used or a new group created. + +##### `POST` /sources/plex/redeem_token/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + New optional properties: + + - `type` + + * Deleted property `type` (object) + +##### `POST` /sources/saml/ + +###### Request: + +Changed content type : `application/json` + +- Added property `user_property_mappings` (array) + +- Added property `group_property_mappings` (array) + +- Added property `group_matching_mode` (object) + + > How the source determines if an existing group should be used or a new group created. + +- Added property `encryption_kp` (string) + > When selected, incoming assertions are encrypted by the IdP using the public key of the encryption keypair. The assertion is decrypted by the SP using the the private key. + +###### Return Type: + +Changed response : **201 Created** + +- Changed content type : `application/json` + + - Added property `user_property_mappings` (array) + + - Added property `group_property_mappings` (array) + + - Added property `group_matching_mode` (object) + + > How the source determines if an existing group should be used or a new group created. + + - Added property `encryption_kp` (string) + > When selected, incoming assertions are encrypted by the IdP using the public key of the encryption keypair. The assertion is decrypted by the SP using the the private key. + +##### `GET` /sources/saml/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `results` (array) + + Changed items (object): > SAMLSource Serializer + + - Added property `user_property_mappings` (array) + + - Added property `group_property_mappings` (array) + + - Added property `group_matching_mode` (object) + + > How the source determines if an existing group should be used or a new group created. + + - Added property `encryption_kp` (string) + > When selected, incoming assertions are encrypted by the IdP using the public key of the encryption keypair. The assertion is decrypted by the SP using the the private key. + +##### `POST` /sources/scim/ + +###### Request: + +Changed content type : `application/json` + +- Added property `user_property_mappings` (array) + +- Added property `group_property_mappings` (array) + +- Deleted property `user_matching_mode` (object) + > How the source determines if an existing user should be authenticated or a new user enrolled. + +###### Return Type: + +Changed response : **201 Created** + +- Changed content type : `application/json` + + - Added property `user_property_mappings` (array) + + - Added property `group_property_mappings` (array) + + - Deleted property `user_matching_mode` (object) + + > How the source determines if an existing user should be authenticated or a new user enrolled. + + - Changed property `token_obj` (object) + + > Token Serializer + + - Changed property `user_obj` (object) + + > User Serializer + + - Changed property `groups_obj` (array) + + Changed items (object): > Simplified Group Serializer for user's groups + + - Changed property `name` (string) + +##### `GET` /sources/scim/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `results` (array) + + Changed items (object): > SCIMSource Serializer + + - Added property `user_property_mappings` (array) + + - Added property `group_property_mappings` (array) + + - Deleted property `user_matching_mode` (object) + + > How the source determines if an existing user should be authenticated or a new user enrolled. + + - Changed property `token_obj` (object) + + > Token Serializer + + - Changed property `user_obj` (object) + + > User Serializer + + - Changed property `groups_obj` (array) + + Changed items (object): > Simplified Group Serializer for user's groups + + - Changed property `name` (string) + +##### `GET` /sources/user_connections/all/ + +###### Parameters: + +Added: `source__slug` in `query` + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `results` (array) + + Changed items (object): > OAuth Source Serializer + + - Changed property `source` (object) + + > Source Serializer + + - Added property `user_property_mappings` (array) + + - Added property `group_property_mappings` (array) + +##### `POST` /sources/user_connections/oauth/ + +###### Request: + +Changed content type : `application/json` + +New optional properties: + +- `user` + +* Deleted property `user` (integer) + +###### Return Type: + +Changed response : **201 Created** + +- Changed content type : `application/json` + + New required properties: + + - `created` + + * Added property `created` (string) + + * Changed property `user` (integer) + + * Changed property `source` (object) + + > Source Serializer + + - Added property `user_property_mappings` (array) + + - Added property `group_property_mappings` (array) + +##### `GET` /sources/user_connections/oauth/ + +###### Parameters: + +Added: `user` in `query` + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `results` (array) + + Changed items (object): > OAuth Source Serializer + + New required properties: + + - `created` + + * Added property `created` (string) + + * Changed property `user` (integer) + + * Changed property `source` (object) + + > Source Serializer + + - Added property `user_property_mappings` (array) + + - Added property `group_property_mappings` (array) + +##### `POST` /sources/user_connections/plex/ + +###### Request: + +Changed content type : `application/json` + +- Changed property `plex_token` (string) + +###### Return Type: + +Changed response : **201 Created** + +- Changed content type : `application/json` + + New required properties: + + - `created` + + New optional properties: + + - `plex_token` + + * Added property `created` (string) + + * Deleted property `plex_token` (string) + + * Changed property `source` (object) + + > Source Serializer + + - Added property `user_property_mappings` (array) + + - Added property `group_property_mappings` (array) + +##### `GET` /sources/user_connections/plex/ + +###### Parameters: + +Added: `user` in `query` + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `results` (array) + + Changed items (object): > Plex Source connection Serializer + + New required properties: + + - `created` + + New optional properties: + + - `plex_token` + + * Added property `created` (string) + + * Deleted property `plex_token` (string) + + * Changed property `source` (object) + + > Source Serializer + + - Added property `user_property_mappings` (array) + + - Added property `group_property_mappings` (array) + +##### `POST` /sources/user_connections/saml/ + +###### Request: + +Changed content type : `application/json` + +New optional properties: + +- `user` + +* Deleted property `user` (integer) + +###### Return Type: + +Changed response : **201 Created** + +- Changed content type : `application/json` + + New required properties: + + - `created` + + * Added property `created` (string) + + * Changed property `user` (integer) + + * Changed property `source` (object) + + > Source Serializer + + - Added property `user_property_mappings` (array) + + - Added property `group_property_mappings` (array) + +##### `GET` /sources/user_connections/saml/ + +###### Parameters: + +Added: `user` in `query` + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `results` (array) + + Changed items (object): > SAML Source Serializer + + New required properties: + + - `created` + + * Added property `created` (string) + + * Changed property `user` (integer) + + * Changed property `source` (object) + + > Source Serializer + + - Added property `user_property_mappings` (array) + + - Added property `group_property_mappings` (array) + +##### `GET` /stages/identification/{stage_uuid}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `password_stage` (string) + > When set, shows a password field, instead of showing the password field as separate step. + +##### `PUT` /stages/identification/{stage_uuid}/ + +###### Request: + +Changed content type : `application/json` + +- Changed property `password_stage` (string) + > When set, shows a password field, instead of showing the password field as separate step. + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `password_stage` (string) + > When set, shows a password field, instead of showing the password field as separate step. + +##### `PATCH` /stages/identification/{stage_uuid}/ + +###### Request: + +Changed content type : `application/json` + +- Changed property `password_stage` (string) + > When set, shows a password field, instead of showing the password field as separate step. + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `password_stage` (string) + > When set, shows a password field, instead of showing the password field as separate step. + +##### `GET` /stages/password/{stage_uuid}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Added property `allow_show_password` (boolean) + > When enabled, provides a 'show password' button with the password input field. + +##### `PUT` /stages/password/{stage_uuid}/ + +###### Request: + +Changed content type : `application/json` + +- Added property `allow_show_password` (boolean) + > When enabled, provides a 'show password' button with the password input field. + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Added property `allow_show_password` (boolean) + > When enabled, provides a 'show password' button with the password input field. + +##### `PATCH` /stages/password/{stage_uuid}/ + +###### Request: + +Changed content type : `application/json` + +- Added property `allow_show_password` (boolean) + > When enabled, provides a 'show password' button with the password input field. + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Added property `allow_show_password` (boolean) + > When enabled, provides a 'show password' button with the password input field. + +##### `PUT` /core/transactional/applications/ + +###### Request: + +Changed content type : `application/json` + +- Changed property `provider` (object) + + Updated `authentik_providers_saml.samlprovider` provider_model: + + - Added property `encryption_kp` (string) + + > When selected, incoming assertions are encrypted by the IdP using the public key of the encryption keypair. The assertion is decrypted by the SP using the the private key. + + - Added property `sign_assertion` (boolean) + + - Added property `sign_response` (boolean) + + Updated `authentik_providers_ldap.ldapprovider` provider_model: + + - Deleted property `search_group` (string) + > Users in this group can do search queries. If not set, every user can execute search queries. + +##### `GET` /core/user_consent/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `results` (array) + + Changed items (object): > UserConsent Serializer + + - Changed property `user` (object) + + > User Serializer + + - Changed property `groups_obj` (array) + + Changed items (object): > Simplified Group Serializer for user's groups + + - Changed property `name` (string) + +##### `GET` /flows/executor/{flow_slug}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + Updated `ak-stage-flow-error` component: + + - Deleted property `type` (string) + + Updated `ak-stage-authenticator-totp` component: + New optional properties: + + - `type` + + * Deleted property `type` (object) + + Updated `ak-stage-captcha` component: + New optional properties: + + - `type` + + * Deleted property `type` (object) + + Updated `ak-source-oauth-apple` component: + New optional properties: + + - `type` + + * Deleted property `type` (object) + + Updated `ak-stage-user-login` component: + New optional properties: + + - `type` + + * Deleted property `type` (object) + + Updated `ak-stage-access-denied` component: + New optional properties: + + - `type` + + * Deleted property `type` (object) + + Updated `ak-source-plex` component: + New optional properties: + + - `type` + + * Deleted property `type` (object) + + Updated `ak-stage-authenticator-duo` component: + New optional properties: + + - `type` + + * Deleted property `type` (object) + + Updated `ak-stage-password` component: + New optional properties: + + - `type` + + * Added property `allow_show_password` (boolean) + + * Deleted property `type` (object) + + Updated `ak-stage-authenticator-static` component: + New optional properties: + + - `type` + + * Deleted property `type` (object) + + Updated `ak-stage-autosubmit` component: + New optional properties: + + - `type` + + * Deleted property `type` (object) + + Updated `xak-flow-shell` component: + New optional properties: + + - `type` + + * Deleted property `type` (object) + + Updated `ak-provider-oauth2-device-code-finish` component: + New optional properties: + + - `type` + + * Deleted property `type` (object) + + Updated `ak-stage-authenticator-sms` component: + New optional properties: + + - `type` + + * Deleted property `type` (object) + + Updated `ak-stage-email` component: + New optional properties: + + - `type` + + * Deleted property `type` (object) + + Updated `ak-stage-authenticator-webauthn` component: + New optional properties: + + - `type` + + * Deleted property `type` (object) + + Updated `xak-flow-redirect` component: + New optional properties: + + - `type` + + * Deleted property `type` (object) + + Updated `ak-stage-dummy` component: + New optional properties: + + - `type` + + * Deleted property `type` (object) + + Updated `ak-stage-authenticator-validate` component: + New optional properties: + + - `type` + + * Deleted property `type` (object) + + Updated `ak-stage-consent` component: + New optional properties: + + - `type` + + * Deleted property `type` (object) + + Updated `ak-provider-oauth2-device-code` component: + New optional properties: + + - `type` + + * Deleted property `type` (object) + + Updated `ak-stage-prompt` component: + New optional properties: + + - `type` + + * Deleted property `type` (object) + + Updated `ak-stage-identification` component: + New optional properties: + + - `type` + + * Added property `allow_show_password` (boolean) + + * Deleted property `type` (object) + +##### `POST` /flows/executor/{flow_slug}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + Updated `ak-stage-flow-error` component: + + - Deleted property `type` (string) + + Updated `ak-stage-authenticator-totp` component: + New optional properties: + + - `type` + + * Deleted property `type` (object) + + Updated `ak-stage-captcha` component: + New optional properties: + + - `type` + + * Deleted property `type` (object) + + Updated `ak-source-oauth-apple` component: + New optional properties: + + - `type` + + * Deleted property `type` (object) + + Updated `ak-stage-user-login` component: + New optional properties: + + - `type` + + * Deleted property `type` (object) + + Updated `ak-stage-access-denied` component: + New optional properties: + + - `type` + + * Deleted property `type` (object) + + Updated `ak-source-plex` component: + New optional properties: + + - `type` + + * Deleted property `type` (object) + + Updated `ak-stage-authenticator-duo` component: + New optional properties: + + - `type` + + * Deleted property `type` (object) + + Updated `ak-stage-password` component: + New optional properties: + + - `type` + + * Added property `allow_show_password` (boolean) + + * Deleted property `type` (object) + + Updated `ak-stage-authenticator-static` component: + New optional properties: + + - `type` + + * Deleted property `type` (object) + + Updated `ak-stage-autosubmit` component: + New optional properties: + + - `type` + + * Deleted property `type` (object) + + Updated `xak-flow-shell` component: + New optional properties: + + - `type` + + * Deleted property `type` (object) + + Updated `ak-provider-oauth2-device-code-finish` component: + New optional properties: + + - `type` + + * Deleted property `type` (object) + + Updated `ak-stage-authenticator-sms` component: + New optional properties: + + - `type` + + * Deleted property `type` (object) + + Updated `ak-stage-email` component: + New optional properties: + + - `type` + + * Deleted property `type` (object) + + Updated `ak-stage-authenticator-webauthn` component: + New optional properties: + + - `type` + + * Deleted property `type` (object) + + Updated `xak-flow-redirect` component: + New optional properties: + + - `type` + + * Deleted property `type` (object) + + Updated `ak-stage-dummy` component: + New optional properties: + + - `type` + + * Deleted property `type` (object) + + Updated `ak-stage-authenticator-validate` component: + New optional properties: + + - `type` + + * Deleted property `type` (object) + + Updated `ak-stage-consent` component: + New optional properties: + + - `type` + + * Deleted property `type` (object) + + Updated `ak-provider-oauth2-device-code` component: + New optional properties: + + - `type` + + * Deleted property `type` (object) + + Updated `ak-stage-prompt` component: + New optional properties: + + - `type` + + * Deleted property `type` (object) + + Updated `ak-stage-identification` component: + New optional properties: + + - `type` + + * Added property `allow_show_password` (boolean) + + * Deleted property `type` (object) + +##### `GET` /oauth2/access_tokens/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `results` (array) + + Changed items (object): > Serializer for BaseGrantModel and RefreshToken + + - Changed property `user` (object) + + > User Serializer + + - Changed property `groups_obj` (array) + + Changed items (object): > Simplified Group Serializer for user's groups + + - Changed property `name` (string) + +##### `GET` /oauth2/authorization_codes/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `results` (array) + + Changed items (object): > Serializer for BaseGrantModel and ExpiringBaseGrant + + - Changed property `user` (object) + + > User Serializer + + - Changed property `groups_obj` (array) + + Changed items (object): > Simplified Group Serializer for user's groups + + - Changed property `name` (string) + +##### `GET` /oauth2/refresh_tokens/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `results` (array) + + Changed items (object): > Serializer for BaseGrantModel and RefreshToken + + - Changed property `user` (object) + + > User Serializer + + - Changed property `groups_obj` (array) + + Changed items (object): > Simplified Group Serializer for user's groups + + - Changed property `name` (string) + +##### `POST` /stages/identification/ + +###### Request: + +Changed content type : `application/json` + +- Changed property `password_stage` (string) + > When set, shows a password field, instead of showing the password field as separate step. + +###### Return Type: + +Changed response : **201 Created** + +- Changed content type : `application/json` + + - Changed property `password_stage` (string) + > When set, shows a password field, instead of showing the password field as separate step. + +##### `GET` /stages/identification/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `results` (array) + + Changed items (object): > IdentificationStage Serializer + + - Changed property `password_stage` (string) + > When set, shows a password field, instead of showing the password field as separate step. + +##### `POST` /stages/password/ + +###### Request: + +Changed content type : `application/json` + +- Added property `allow_show_password` (boolean) + > When enabled, provides a 'show password' button with the password input field. + +###### Return Type: + +Changed response : **201 Created** + +- Changed content type : `application/json` + + - Added property `allow_show_password` (boolean) + > When enabled, provides a 'show password' button with the password input field. + +##### `GET` /stages/password/ + +###### Parameters: + +Added: `allow_show_password` in `query` + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `results` (array) + + Changed items (object): > PasswordStage Serializer + + - Added property `allow_show_password` (boolean) + > When enabled, provides a 'show password' button with the password input field. + +##### `POST` /stages/prompt/prompts/preview/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + New optional properties: + + - `type` + + * Deleted property `type` (object)