17 KiB
| title | slug |
|---|---|
| Release 2022.11 | 2022.11 |
Breaking changes
-
Have I Been Pwned policy is deprecated
The policy has been merged with the password policy which provides the same functionality. Existing Have I Been Pwned policies will automatically be migrated.
-
Instead of using multiple redis databases, authentik now uses a single redis database
This will temporarily loose some cached information after the upgrade, like cached system tasks and policy results. This data will be re-cached in the background.
New features
-
authentik now runs on Python 3.11
-
Expanded password policy
The "Have I been Pwned" policy has been merged into the password policy, and additionally passwords can be checked using zxcvbn to provider concise feedback.
API Changes
What's Changed
GET /policies/password/{policy_uuid}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Added property
check_static_rules(boolean) -
Added property
check_have_i_been_pwned(boolean) -
Added property
check_zxcvbn(boolean) -
Added property
hibp_allowed_count(integer)How many times the password hash is allowed to be on haveibeenpwned
-
Added property
zxcvbn_score_threshold(integer)If the zxcvbn score is equal or less than this value, the policy will fail.
-
PUT /policies/password/{policy_uuid}/
Request:
Changed content type : application/json
-
Added property
check_static_rules(boolean) -
Added property
check_have_i_been_pwned(boolean) -
Added property
check_zxcvbn(boolean) -
Added property
hibp_allowed_count(integer)How many times the password hash is allowed to be on haveibeenpwned
-
Added property
zxcvbn_score_threshold(integer)If the zxcvbn score is equal or less than this value, the policy will fail.
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Added property
check_static_rules(boolean) -
Added property
check_have_i_been_pwned(boolean) -
Added property
check_zxcvbn(boolean) -
Added property
hibp_allowed_count(integer)How many times the password hash is allowed to be on haveibeenpwned
-
Added property
zxcvbn_score_threshold(integer)If the zxcvbn score is equal or less than this value, the policy will fail.
-
PATCH /policies/password/{policy_uuid}/
Request:
Changed content type : application/json
-
Added property
check_static_rules(boolean) -
Added property
check_have_i_been_pwned(boolean) -
Added property
check_zxcvbn(boolean) -
Added property
hibp_allowed_count(integer)How many times the password hash is allowed to be on haveibeenpwned
-
Added property
zxcvbn_score_threshold(integer)If the zxcvbn score is equal or less than this value, the policy will fail.
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Added property
check_static_rules(boolean) -
Added property
check_have_i_been_pwned(boolean) -
Added property
check_zxcvbn(boolean) -
Added property
hibp_allowed_count(integer)How many times the password hash is allowed to be on haveibeenpwned
-
Added property
zxcvbn_score_threshold(integer)If the zxcvbn score is equal or less than this value, the policy will fail.
-
GET /core/tokens/{identifier}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Changed property
user_obj(object)User Serializer
-
Changed property
groups_obj(array)Changed items (object): > Simplified Group Serializer for user's groups
New optional properties:
users_obj
-
Deleted property
users(array) -
Deleted property
users_obj(array)
-
-
PUT /core/tokens/{identifier}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Changed property
user_obj(object)User Serializer
-
Changed property
groups_obj(array)Changed items (object): > Simplified Group Serializer for user's groups
New optional properties:
users_obj
-
Deleted property
users(array) -
Deleted property
users_obj(array)
-
-
PATCH /core/tokens/{identifier}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Changed property
user_obj(object)User Serializer
-
Changed property
groups_obj(array)Changed items (object): > Simplified Group Serializer for user's groups
New optional properties:
users_obj
-
Deleted property
users(array) -
Deleted property
users_obj(array)
-
-
GET /core/users/{id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Changed property
groups_obj(array)Changed items (object): > Simplified Group Serializer for user's groups
New optional properties:
users_obj
-
Deleted property
users(array) -
Deleted property
users_obj(array)
-
PUT /core/users/{id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Changed property
groups_obj(array)Changed items (object): > Simplified Group Serializer for user's groups
New optional properties:
users_obj
-
Deleted property
users(array) -
Deleted property
users_obj(array)
-
PATCH /core/users/{id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Changed property
groups_obj(array)Changed items (object): > Simplified Group Serializer for user's groups
New optional properties:
users_obj
-
Deleted property
users(array) -
Deleted property
users_obj(array)
-
GET /policies/bindings/{policy_binding_uuid}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Changed property
user_obj(object)User Serializer
-
Changed property
groups_obj(array)Changed items (object): > Simplified Group Serializer for user's groups
New optional properties:
users_obj
-
Deleted property
users(array) -
Deleted property
users_obj(array)
-
-
PUT /policies/bindings/{policy_binding_uuid}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Changed property
user_obj(object)User Serializer
-
Changed property
groups_obj(array)Changed items (object): > Simplified Group Serializer for user's groups
New optional properties:
users_obj
-
Deleted property
users(array) -
Deleted property
users_obj(array)
-
-
PATCH /policies/bindings/{policy_binding_uuid}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Changed property
user_obj(object)User Serializer
-
Changed property
groups_obj(array)Changed items (object): > Simplified Group Serializer for user's groups
New optional properties:
users_obj
-
Deleted property
users(array) -
Deleted property
users_obj(array)
-
-
POST /policies/password/
Request:
Changed content type : application/json
-
Added property
check_static_rules(boolean) -
Added property
check_have_i_been_pwned(boolean) -
Added property
check_zxcvbn(boolean) -
Added property
hibp_allowed_count(integer)How many times the password hash is allowed to be on haveibeenpwned
-
Added property
zxcvbn_score_threshold(integer)If the zxcvbn score is equal or less than this value, the policy will fail.
Return Type:
Changed response : 201 Created
-
Changed content type :
application/json-
Added property
check_static_rules(boolean) -
Added property
check_have_i_been_pwned(boolean) -
Added property
check_zxcvbn(boolean) -
Added property
hibp_allowed_count(integer)How many times the password hash is allowed to be on haveibeenpwned
-
Added property
zxcvbn_score_threshold(integer)If the zxcvbn score is equal or less than this value, the policy will fail.
-
GET /policies/password/
Parameters:
Added: check_have_i_been_pwned in query
Added: check_static_rules in query
Added: check_zxcvbn in query
Added: hibp_allowed_count in query
Added: zxcvbn_score_threshold in query
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Changed property
results(array)Changed items (object): > Password Policy Serializer
-
Added property
check_static_rules(boolean) -
Added property
check_have_i_been_pwned(boolean) -
Added property
check_zxcvbn(boolean) -
Added property
hibp_allowed_count(integer)How many times the password hash is allowed to be on haveibeenpwned
-
Added property
zxcvbn_score_threshold(integer)If the zxcvbn score is equal or less than this value, the policy will fail.
-
-
POST /core/tokens/
Return Type:
Changed response : 201 Created
-
Changed content type :
application/json-
Changed property
user_obj(object)User Serializer
-
Changed property
groups_obj(array)Changed items (object): > Simplified Group Serializer for user's groups
New optional properties:
users_obj
-
Deleted property
users(array) -
Deleted property
users_obj(array)
-
-
GET /core/tokens/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Changed property
results(array)Changed items (object): > Token Serializer
-
Changed property
user_obj(object)User Serializer
-
Changed property
groups_obj(array)Changed items (object): > Simplified Group Serializer for user's groups
New optional properties:
users_obj
-
Deleted property
users(array) -
Deleted property
users_obj(array)
-
-
-
GET /core/user_consent/{id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Changed property
user(object)User Serializer
-
Changed property
groups_obj(array)Changed items (object): > Simplified Group Serializer for user's groups
New optional properties:
users_obj
-
Deleted property
users(array) -
Deleted property
users_obj(array)
-
-
POST /core/users/
Return Type:
Changed response : 201 Created
-
Changed content type :
application/json-
Changed property
groups_obj(array)Changed items (object): > Simplified Group Serializer for user's groups
New optional properties:
users_obj
-
Deleted property
users(array) -
Deleted property
users_obj(array)
-
GET /core/users/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Changed property
results(array)Changed items (object): > User Serializer
-
Changed property
groups_obj(array)Changed items (object): > Simplified Group Serializer for user's groups
New optional properties:
users_obj
-
Deleted property
users(array) -
Deleted property
users_obj(array)
-
-
GET /oauth2/authorization_codes/{id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Changed property
user(object)User Serializer
-
Changed property
groups_obj(array)Changed items (object): > Simplified Group Serializer for user's groups
New optional properties:
users_obj
-
Deleted property
users(array) -
Deleted property
users_obj(array)
-
-
GET /oauth2/refresh_tokens/{id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Changed property
user(object)User Serializer
-
Changed property
groups_obj(array)Changed items (object): > Simplified Group Serializer for user's groups
New optional properties:
users_obj
-
Deleted property
users(array) -
Deleted property
users_obj(array)
-
-
POST /policies/bindings/
Return Type:
Changed response : 201 Created
-
Changed content type :
application/json-
Changed property
user_obj(object)User Serializer
-
Changed property
groups_obj(array)Changed items (object): > Simplified Group Serializer for user's groups
New optional properties:
users_obj
-
Deleted property
users(array) -
Deleted property
users_obj(array)
-
-
GET /policies/bindings/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Changed property
results(array)Changed items (object): > PolicyBinding Serializer
-
Changed property
user_obj(object)User Serializer
-
Changed property
groups_obj(array)Changed items (object): > Simplified Group Serializer for user's groups
New optional properties:
users_obj
-
Deleted property
users(array) -
Deleted property
users_obj(array)
-
-
-
GET /core/user_consent/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Changed property
results(array)Changed items (object): > UserConsent Serializer
-
Changed property
user(object)User Serializer
-
Changed property
groups_obj(array)Changed items (object): > Simplified Group Serializer for user's groups
New optional properties:
users_obj
-
Deleted property
users(array) -
Deleted property
users_obj(array)
-
-
-
GET /oauth2/authorization_codes/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Changed property
results(array)Changed items (object): > Serializer for BaseGrantModel and ExpiringBaseGrant
-
Changed property
user(object)User Serializer
-
Changed property
groups_obj(array)Changed items (object): > Simplified Group Serializer for user's groups
New optional properties:
users_obj
-
Deleted property
users(array) -
Deleted property
users_obj(array)
-
-
-
GET /oauth2/refresh_tokens/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Changed property
results(array)Changed items (object): > Serializer for BaseGrantModel and RefreshToken
-
Changed property
user(object)User Serializer
-
Changed property
groups_obj(array)Changed items (object): > Simplified Group Serializer for user's groups
New optional properties:
users_obj
-
Deleted property
users(array) -
Deleted property
users_obj(array)
-
-
-
Minor changes/fixes
Upgrading
This release does not introduce any new requirements.
docker-compose
Download the docker-compose file for 2022.11 from here. Afterwards, simply run docker-compose up -d.
Kubernetes
Update your values to use the new images:
image:
repository: ghcr.io/goauthentik/server
tag: 2022.11.1