This repository has been archived on 2024-05-31. You can view files and clone it, but cannot push or open issues or pull requests.
authentik/website/docs/releases/2024/v2024.1.md

2.7 KiB

title slug
Release 2024.1 /releases/2024.1

Breaking changes

  • Removal of deprecated metrics

    • authentik_outpost_flow_timing_get -> authentik_outpost_flow_timing_get_seconds
    • authentik_outpost_flow_timing_post -> authentik_outpost_flow_timing_post_seconds
    • authentik_outpost_ldap_requests -> authentik_outpost_ldap_request_duration_seconds
    • authentik_outpost_ldap_requests_rejected -> authentik_outpost_ldap_requests_rejected_total
    • authentik_outpost_proxy_requests -> authentik_outpost_proxy_request_duration_seconds
    • authentik_outpost_proxy_upstream_time -> authentik_outpost_proxy_upstream_response_duration_seconds
    • authentik_outpost_radius_requests -> authentik_outpost_radius_request_duration_seconds
    • authentik_outpost_radius_requests_rejected -> authentik_outpost_radius_requests_rejected_total
    • authentik_main_requests -> authentik_main_request_duration_seconds
  • Required offline_access scope for Refresh tokens

    The OAuth2 provider ships with a new default scope called offline_access, which must be requested by applications that need a refresh token. Previously, authentik would always issue a refresh token for the Authorization code and Device code OAuth grants.

    Applications which require will need their configuration update to include the offline_access scope mapping.

New features

  • "Pretend user exists" option for Identification stage

    Previously the identification stage would only continue if a user matching the user identifier exists. While this was the intended functionality, this release adds an option to continue to the next stage even if no matching user was found. "Pretend" users cannot authenticate nor receive emails, and don't exist in the database. This feature is enabled by default.

  • S3 file storage

    Media files can now be stored on S3. Follow the setup guide to get started.

Upgrading

This release does not introduce any new requirements.

docker-compose

To upgrade, download the new docker-compose file and update the Docker stack with the new version, using these commands:

wget -O docker-compose.yml https://goauthentik.io/version/2024.1/docker-compose.yml
docker-compose up -d

The -O flag retains the downloaded file's name, overwriting any existing local file with the same name.

Kubernetes

Upgrade the Helm Chart to the new version, using the following commands:

helm repo update
helm upgrade authentik authentik/authentik -f values.yaml --version ^2024.1

Minor changes/fixes

API Changes