merge and test, with updated text for RAC

* dev: (55 commits)
  web/flows: attempt to fix bitwareden android compatibility (#7455)
  sources/oauth: fix patreon (#7454)
  website: bump the docusaurus group in /website with 3 updates (#7400)
  web/admin: fix chart label on dashboard user page (#7434)
  core: bump github.com/gorilla/sessions from 1.2.1 to 1.2.2 (#7446)
  core: bump github.com/gorilla/mux from 1.8.0 to 1.8.1 (#7443)
  core: bump github.com/spf13/cobra from 1.7.0 to 1.8.0 (#7442)
  core: bump github.com/gorilla/websocket from 1.5.0 to 1.5.1 (#7445)
  core: bump golang.org/x/sync from 0.4.0 to 0.5.0 (#7441)
  core: bump github.com/gorilla/securecookie from 1.1.1 to 1.1.2 (#7440)
  core: bump github.com/gorilla/handlers from 1.5.1 to 1.5.2 (#7444)
  web: bump rollup from 4.2.0 to 4.3.0 in /web (#7448)
  web: bump the eslint group in /web with 2 updates (#7447)
  core: bump uvicorn from 0.23.2 to 0.24.0 (#7450)
  core: bump selenium from 4.15.1 to 4.15.2 (#7449)
  core: bump ruff from 0.1.3 to 0.1.4 (#7451)
  web: bump the eslint group in /tests/wdio with 2 updates (#7452)
  providers/proxy: fix closed redis client (#7385)
  ci: explicitly give write permissions to packages (#7428)
  core: bump selenium from 4.15.0 to 4.15.1 (#7422)
  ...

.github/workflows/ci-main.yml

@@ -11,6 +11,7 @@ on:
   pull_request:
     branches:
       - main
+      - version-*
 
 env:
   POSTGRES_DB: authentik
@@ -185,6 +186,8 @@ jobs:
   build:
     needs: ci-core-mark
     runs-on: ubuntu-latest
+    permissions:
+      packages: write
     timeout-minutes: 120
     steps:
       - uses: actions/checkout@v4
@@ -235,6 +238,8 @@ jobs:
   build-arm64:
     needs: ci-core-mark
     runs-on: ubuntu-latest
+    permissions:
+      packages: write
     timeout-minutes: 120
     steps:
       - uses: actions/checkout@v4

.github/workflows/ci-outpost.yml

@@ -9,6 +9,7 @@ on:
   pull_request:
     branches:
       - main
+      - version-*
 
 jobs:
   lint-golint:
@@ -65,6 +66,8 @@ jobs:
           - ldap
           - radius
     runs-on: ubuntu-latest
+    permissions:
+      packages: write
     steps:
       - uses: actions/checkout@v4
         with:

.github/workflows/ci-web.yml

@@ -9,6 +9,7 @@ on:
   pull_request:
     branches:
       - main
+      - version-*
 
 jobs:
   lint-eslint:

.github/workflows/ci-website.yml

@@ -9,6 +9,7 @@ on:
   pull_request:
     branches:
       - main
+      - version-*
 
 jobs:
   lint-prettier:

.github/workflows/release-publish.yml

@@ -7,6 +7,8 @@ on:
 jobs:
   build-server:
     runs-on: ubuntu-latest
+    permissions:
+      packages: write
     steps:
       - uses: actions/checkout@v4
       - name: Set up QEMU
@@ -52,6 +54,8 @@ jobs:
             VERSION_FAMILY=${{ steps.ev.outputs.versionFamily }}
   build-outpost:
     runs-on: ubuntu-latest
+    permissions:
+      packages: write
     strategy:
       fail-fast: false
       matrix:

Dockerfile

@@ -35,7 +35,14 @@ COPY ./gen-ts-api /work/web/node_modules/@goauthentik/api
 RUN npm run build
 
 # Stage 3: Build go proxy
-FROM docker.io/golang:1.21.3-bookworm AS go-builder
+FROM --platform=${BUILDPLATFORM} docker.io/golang:1.21.3-bookworm AS go-builder
+
+ARG TARGETOS
+ARG TARGETARCH
+ARG TARGETVARIANT
+
+ARG GOOS=$TARGETOS
+ARG GOARCH=$TARGETARCH
 
 WORKDIR /go/src/goauthentik.io
 
@@ -57,10 +64,10 @@ ENV CGO_ENABLED=0
 
 RUN --mount=type=cache,target=/go/pkg/mod \
     --mount=type=cache,target=/root/.cache/go-build \
-    go build -o /go/authentik ./cmd/server
+    GOARM="${TARGETVARIANT#v}" go build -o /go/authentik ./cmd/server
 
 # Stage 4: MaxMind GeoIP
-FROM ghcr.io/maxmind/geoipupdate:v6.0 as geoip
+FROM --platform=${BUILDPLATFORM} ghcr.io/maxmind/geoipupdate:v6.0 as geoip
 
 ENV GEOIPUPDATE_EDITION_IDS="GeoLite2-City"
 ENV GEOIPUPDATE_VERBOSE="true"

Makefile

@@ -110,6 +110,8 @@ gen-diff:  ## (Release) generate the changelog diff between the current schema a
 		--markdown /local/diff.md \
 		/local/old_schema.yml /local/schema.yml
 	rm old_schema.yml
+	sed -i 's/{/{/g' diff.md
+	sed -i 's/}/}/g' diff.md
 	npx prettier --write diff.md
 
 gen-clean:

authentik/providers/oauth2/utils.py

@@ -188,6 +188,7 @@ def authenticate_provider(request: HttpRequest) -> Optional[OAuth2Provider]:
     if client_id != provider.client_id or client_secret != provider.client_secret:
         LOGGER.debug("(basic) Provider for basic auth does not exist")
         return None
+    CTX_AUTH_VIA.set("oauth_client_secret")
     return provider
 
 

authentik/providers/oauth2/views/token.py

@@ -17,6 +17,7 @@ from jwt import PyJWK, PyJWT, PyJWTError, decode
 from sentry_sdk.hub import Hub
 from structlog.stdlib import get_logger
 
+from authentik.core.middleware import CTX_AUTH_VIA
 from authentik.core.models import (
     USER_ATTRIBUTE_EXPIRES,
     USER_ATTRIBUTE_GENERATED,
@@ -448,6 +449,7 @@ class TokenView(View):
                 if not self.provider:
                     LOGGER.warning("OAuth2Provider does not exist", client_id=client_id)
                     raise TokenError("invalid_client")
+                CTX_AUTH_VIA.set("oauth_client_secret")
                 self.params = TokenParams.parse(request, self.provider, client_id, client_secret)
 
             with Hub.current.start_span(

authentik/sources/oauth/types/patreon.py

@@ -12,8 +12,9 @@ class PatreonOAuthRedirect(OAuthRedirect):
     """Patreon OAuth2 Redirect"""
 
     def get_additional_parameters(self, source: OAuthSource):  # pragma: no cover
+        # https://docs.patreon.com/#scopes
         return {
-            "scope": ["openid", "email", "profile"],
+            "scope": ["identity", "identity[email]"],
         }
 
 

authentik/stages/email/stage.py

@@ -52,17 +52,13 @@ class EmailStageView(ChallengeStageView):
             kwargs={"flow_slug": self.executor.flow.slug},
         )
         # Parse query string from current URL (full query string)
-        query_params = QueryDict(self.request.META.get("QUERY_STRING", ""), mutable=True)
+        # this view is only run within a flow executor, where we need to get the query string
+        # from the query= parameter (double encoded); but for the redirect
+        # we need to expand it since it'll go through the flow interface
+        query_params = QueryDict(self.request.GET.get(QS_QUERY), mutable=True)
         query_params.pop(QS_KEY_TOKEN, None)
-
-        # Check for nested query string used by flow executor, and remove any
-        # kind of flow token from that
-        if QS_QUERY in query_params:
-            inner_query_params = QueryDict(query_params.get(QS_QUERY), mutable=True)
-            inner_query_params.pop(QS_KEY_TOKEN, None)
-            query_params[QS_QUERY] = inner_query_params.urlencode()
-
         query_params.update(kwargs)
+        print(query_params)
         full_url = base_url
         if len(query_params) > 0:
             full_url = f"{full_url}?{query_params.urlencode()}"

authentik/stages/email/tests/test_stage.py

@@ -259,7 +259,7 @@ class TestEmailStage(FlowTestCase):
         session.save()
 
         url = reverse("authentik_api:flow-executor", kwargs={"flow_slug": self.flow.slug})
-        url += "?foo=bar"
+        url += "?query=" + urlencode({"foo": "bar"})
         request = self.factory.get(url)
         stage_view = EmailStageView(
             FlowExecutorView(
@@ -273,31 +273,3 @@ class TestEmailStage(FlowTestCase):
             stage_view.get_full_url(**{QS_KEY_TOKEN: token}),
             f"http://testserver/if/flow/{self.flow.slug}/?foo=bar&flow_token={token}",
         )
-
-    def test_url_existing_params_nested(self):
-        """Test to ensure that URL params are preserved in the URL being sent (including nested)"""
-        plan = FlowPlan(flow_pk=self.flow.pk.hex, bindings=[self.binding], markers=[StageMarker()])
-        plan.context[PLAN_CONTEXT_PENDING_USER] = self.user
-        session = self.client.session
-        session[SESSION_KEY_PLAN] = plan
-        session.save()
-
-        url = reverse("authentik_api:flow-executor", kwargs={"flow_slug": self.flow.slug})
-        url += "?foo=bar&"
-        url += "query=" + urlencode({"nested": "value"})
-        request = self.factory.get(url)
-        stage_view = EmailStageView(
-            FlowExecutorView(
-                request=request,
-                flow=self.flow,
-            ),
-            request=request,
-        )
-        token = generate_id()
-        self.assertEqual(
-            stage_view.get_full_url(**{QS_KEY_TOKEN: token}),
-            (
-                f"http://testserver/if/flow/{self.flow.slug}"
-                f"/?foo=bar&query=nested%3Dvalue&flow_token={token}"
-            ),
-        )

go.mod

@@ -13,24 +13,24 @@ require (
 	github.com/go-openapi/strfmt v0.21.7
 	github.com/golang-jwt/jwt v3.2.2+incompatible
 	github.com/google/uuid v1.4.0
-	github.com/gorilla/handlers v1.5.1
-	github.com/gorilla/mux v1.8.0
-	github.com/gorilla/securecookie v1.1.1
-	github.com/gorilla/sessions v1.2.1
-	github.com/gorilla/websocket v1.5.0
+	github.com/gorilla/handlers v1.5.2
+	github.com/gorilla/mux v1.8.1
+	github.com/gorilla/securecookie v1.1.2
+	github.com/gorilla/sessions v1.2.2
+	github.com/gorilla/websocket v1.5.1
 	github.com/jellydator/ttlcache/v3 v3.1.0
 	github.com/mitchellh/mapstructure v1.5.0
 	github.com/nmcclain/asn1-ber v0.0.0-20170104154839-2661553a0484
 	github.com/pires/go-proxyproto v0.7.0
 	github.com/prometheus/client_golang v1.17.0
-	github.com/redis/go-redis/v9 v9.2.1
+	github.com/redis/go-redis/v9 v9.3.0
 	github.com/sirupsen/logrus v1.9.3
-	github.com/spf13/cobra v1.7.0
+	github.com/spf13/cobra v1.8.0
 	github.com/stretchr/testify v1.8.4
-	goauthentik.io/api/v3 v3.2023101.1
+	goauthentik.io/api/v3 v3.2023102.1
 	golang.org/x/exp v0.0.0-20230210204819-062eb4c674ab
 	golang.org/x/oauth2 v0.13.0
-	golang.org/x/sync v0.4.0
+	golang.org/x/sync v0.5.0
 	gopkg.in/yaml.v2 v2.4.0
 	layeh.com/radius v0.0.0-20210819152912-ad72663a72ab
 )
@@ -42,7 +42,7 @@ require (
 	github.com/cespare/xxhash/v2 v2.2.0 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f // indirect
-	github.com/felixge/httpsnoop v1.0.1 // indirect
+	github.com/felixge/httpsnoop v1.0.3 // indirect
 	github.com/go-asn1-ber/asn1-ber v1.5.5 // indirect
 	github.com/go-http-utils/fresh v0.0.0-20161124030543-7231e26a4b27 // indirect
 	github.com/go-http-utils/headers v0.0.0-20181008091004-fed159eddc2a // indirect

go.sum

@@ -62,7 +62,7 @@ github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDk
 github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
 github.com/coreos/go-oidc v2.2.1+incompatible h1:mh48q/BqXqgjVHpy2ZY7WnWAbenxRjsz9N1i1YxjHAk=
 github.com/coreos/go-oidc v2.2.1+incompatible/go.mod h1:CgnwVTmzoESiwO9qyAFEMiHoZ1nMCKZlZ9V6mm3/LKc=
-github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
+github.com/cpuguy83/go-md2man/v2 v2.0.3/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
 github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
@@ -73,8 +73,8 @@ github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymF
 github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
 github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
 github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
-github.com/felixge/httpsnoop v1.0.1 h1:lvB5Jl89CsZtGIWuTcDM1E/vkVs49/Ml7JJe07l8SPQ=
-github.com/felixge/httpsnoop v1.0.1/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
+github.com/felixge/httpsnoop v1.0.3 h1:s/nj+GCswXYzN5v2DpNMuMQYe+0DDwt5WVCU6CWBdXk=
+github.com/felixge/httpsnoop v1.0.3/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
 github.com/getsentry/sentry-go v0.25.0 h1:q6Eo+hS+yoJlTO3uu/azhQadsD8V+jQn2D8VvX1eOyI=
 github.com/getsentry/sentry-go v0.25.0/go.mod h1:lc76E2QywIyW8WuBnwl8Lc4bkmQH4+w1gwTf25trprY=
 github.com/go-asn1-ber/asn1-ber v1.5.5 h1:MNHlNMBDgEKD4TcKr36vQN68BA00aDfjIt3/bD50WnA=
@@ -200,6 +200,8 @@ github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/
 github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
 github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
+github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs=
 github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0=
 github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
@@ -216,16 +218,16 @@ github.com/google/uuid v1.4.0 h1:MtMxsa51/r9yyhkyLsVeVt0B+BGQZzpQiTQ4eHZ8bc4=
 github.com/google/uuid v1.4.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
 github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
-github.com/gorilla/handlers v1.5.1 h1:9lRY6j8DEeeBT10CvO9hGW0gmky0BprnvDI5vfhUHH4=
-github.com/gorilla/handlers v1.5.1/go.mod h1:t8XrUpc4KVXb7HGyJ4/cEnwQiaxrX/hz1Zv/4g96P1Q=
-github.com/gorilla/mux v1.8.0 h1:i40aqfkR1h2SlN9hojwV5ZA91wcXFOvkdNIeFDP5koI=
-github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So=
-github.com/gorilla/securecookie v1.1.1 h1:miw7JPhV+b/lAHSXz4qd/nN9jRiAFV5FwjeKyCS8BvQ=
-github.com/gorilla/securecookie v1.1.1/go.mod h1:ra0sb63/xPlUeL+yeDciTfxMRAA+MP+HVt/4epWDjd4=
-github.com/gorilla/sessions v1.2.1 h1:DHd3rPN5lE3Ts3D8rKkQ8x/0kqfeNmBAaiSi+o7FsgI=
-github.com/gorilla/sessions v1.2.1/go.mod h1:dk2InVEVJ0sfLlnXv9EAgkf6ecYs/i80K/zI+bUmuGM=
-github.com/gorilla/websocket v1.5.0 h1:PPwGk2jz7EePpoHN/+ClbZu8SPxiqlu12wZP/3sWmnc=
-github.com/gorilla/websocket v1.5.0/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
+github.com/gorilla/handlers v1.5.2 h1:cLTUSsNkgcwhgRqvCNmdbRWG0A3N4F+M2nWKdScwyEE=
+github.com/gorilla/handlers v1.5.2/go.mod h1:dX+xVpaxdSw+q0Qek8SSsl3dfMk3jNddUkMzo0GtH0w=
+github.com/gorilla/mux v1.8.1 h1:TuBL49tXwgrFYWhqrNgrUNEY92u81SPhu7sTdzQEiWY=
+github.com/gorilla/mux v1.8.1/go.mod h1:AKf9I4AEqPTmMytcMc0KkNouC66V3BtZ4qD5fmWSiMQ=
+github.com/gorilla/securecookie v1.1.2 h1:YCIWL56dvtr73r6715mJs5ZvhtnY73hBvEF8kXD8ePA=
+github.com/gorilla/securecookie v1.1.2/go.mod h1:NfCASbcHqRSY+3a8tlWJwsQap2VX5pwzwo4h3eOamfo=
+github.com/gorilla/sessions v1.2.2 h1:lqzMYz6bOfvn2WriPUjNByzeXIlVzURcPmgMczkmTjY=
+github.com/gorilla/sessions v1.2.2/go.mod h1:ePLdVu+jbEgHH+KWw8I1z2wqd0BAdAQh/8LRvBeoNcQ=
+github.com/gorilla/websocket v1.5.1 h1:gmztn0JnHVt9JZquRuzLw3g4wouNVzKL15iLr/zn/QY=
+github.com/gorilla/websocket v1.5.1/go.mod h1:x3kM2JMyaluk02fnUJpQuwD2dCS5NDG2ZHL0uE0tcaY=
 github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
 github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
 github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
@@ -295,8 +297,8 @@ github.com/prometheus/common v0.44.0 h1:+5BrQJwiBB9xsMygAB3TNvpQKOwlkc25LbISbrdO
 github.com/prometheus/common v0.44.0/go.mod h1:ofAIvZbQ1e/nugmZGz4/qCb9Ap1VoSTIO7x0VV9VvuY=
 github.com/prometheus/procfs v0.11.1 h1:xRC8Iq1yyca5ypa9n1EZnWZkt7dwcoRPQwX/5gwaUuI=
 github.com/prometheus/procfs v0.11.1/go.mod h1:eesXgaPo1q7lBpVMoMy0ZOFTth9hBn4W/y0/p/ScXhY=
-github.com/redis/go-redis/v9 v9.2.1 h1:WlYJg71ODF0dVspZZCpYmoF1+U1Jjk9Rwd7pq6QmlCg=
-github.com/redis/go-redis/v9 v9.2.1/go.mod h1:hdY0cQFCN4fnSYT6TkisLufl/4W5UIXyv0b/CLO2V2M=
+github.com/redis/go-redis/v9 v9.3.0 h1:RiVDjmig62jIWp7Kk4XVLs0hzV6pI3PyTnnL0cnn0u0=
+github.com/redis/go-redis/v9 v9.3.0/go.mod h1:hdY0cQFCN4fnSYT6TkisLufl/4W5UIXyv0b/CLO2V2M=
 github.com/rogpeppe/go-internal v1.1.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
 github.com/rogpeppe/go-internal v1.2.2/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
 github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
@@ -309,8 +311,8 @@ github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6Mwd
 github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=
 github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
 github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ=
-github.com/spf13/cobra v1.7.0 h1:hyqWnYt1ZQShIddO5kBpj3vu05/++x6tJ6dg8EC572I=
-github.com/spf13/cobra v1.7.0/go.mod h1:uLxZILRyS/50WlhOIKD7W6V5bgeIt+4sICxh6uRMrb0=
+github.com/spf13/cobra v1.8.0 h1:7aJaZx1B85qltLMc546zn58BxxfZdR/W22ej9CFoEf0=
+github.com/spf13/cobra v1.8.0/go.mod h1:WXLWApfZ71AjXPya3WOlMsY9yMs7YeiHhFVlvLyhcho=
 github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
 github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
 github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
@@ -356,8 +358,8 @@ go.opentelemetry.io/otel/trace v1.14.0 h1:wp2Mmvj41tDsyAJXiWDWpfNsOiIyd38fy85pyK
 go.opentelemetry.io/otel/trace v1.14.0/go.mod h1:8avnQLK+CG77yNLUae4ea2JDQ6iT+gozhnZjy/rw9G8=
 go.uber.org/goleak v1.2.1 h1:NBol2c7O1ZokfZ0LEU9K6Whx/KnwvepVetCUhtKja4A=
 go.uber.org/goleak v1.2.1/go.mod h1:qlT2yGI9QafXHhZZLxlSuNsMw3FFLxBr+tBRlmO1xH4=
-goauthentik.io/api/v3 v3.2023101.1 h1:KIQ4wmxjE+geAVB0wBfmxW9Uzo/tA0dbd2hSUJ7YJ3M=
-goauthentik.io/api/v3 v3.2023101.1/go.mod h1:zz+mEZg8rY/7eEjkMGWJ2DnGqk+zqxuybGCGrR2O4Kw=
+goauthentik.io/api/v3 v3.2023102.1 h1:TinB3fzh17iw92Mak0pxVdVSMJbL2CxZkQSvd98C4+U=
+goauthentik.io/api/v3 v3.2023102.1/go.mod h1:zz+mEZg8rY/7eEjkMGWJ2DnGqk+zqxuybGCGrR2O4Kw=
 golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20190422162423-af44ce270edf/go.mod h1:WFFai1msRO1wXaEeE5yQxYXgSfI8pQAWXbQop6sCtWE=
@@ -460,8 +462,8 @@ golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.4.0 h1:zxkM55ReGkDlKSM+Fu41A+zmbZuaPVbGMzvvdUPznYQ=
-golang.org/x/sync v0.4.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y=
+golang.org/x/sync v0.5.0 h1:60k92dhOjHxJkrqnwsfl8KuaHbn/5dl0lUPUklKo3qE=
+golang.org/x/sync v0.5.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=

internal/outpost/proxyv2/application/session.go

@@ -131,7 +131,6 @@ func (a *Application) Logout(ctx context.Context, filter func(c Claims) bool) er
 	}
 	if rs, ok := a.sessions.(*redisstore.RedisStore); ok {
 		client := rs.Client()
-		defer client.Close()
 		keys, err := client.Keys(ctx, fmt.Sprintf("%s*", RedisKeyPrefix)).Result()
 		if err != nil {
 			return err

ldap.Dockerfile

@@ -1,5 +1,12 @@
 # Stage 1: Build
-FROM docker.io/golang:1.21.3-bookworm AS builder
+FROM --platform=${BUILDPLATFORM} docker.io/golang:1.21.3-bookworm AS builder
+
+ARG TARGETOS
+ARG TARGETARCH
+ARG TARGETVARIANT
+
+ARG GOOS=$TARGETOS
+ARG GOARCH=$TARGETARCH
 
 WORKDIR /go/src/goauthentik.io
 
@@ -13,7 +20,7 @@ ENV CGO_ENABLED=0
 COPY . .
 RUN --mount=type=cache,target=/go/pkg/mod \
     --mount=type=cache,target=/root/.cache/go-build \
-    go build -o /go/ldap ./cmd/ldap
+    GOARM="${TARGETVARIANT#v}" go build -o /go/ldap ./cmd/ldap
 
 # Stage 2: Run
 FROM gcr.io/distroless/static-debian11:debug

poetry.lock

@@ -1117,13 +1117,13 @@ graph = ["objgraph (>=1.7.2)"]
 
 [[package]]
 name = "django"
-version = "4.2.6"
+version = "4.2.7"
 description = "A high-level Python web framework that encourages rapid development and clean, pragmatic design."
 optional = false
 python-versions = ">=3.8"
 files = [
-    {file = "Django-4.2.6-py3-none-any.whl", hash = "sha256:a64d2487cdb00ad7461434320ccc38e60af9c404773a2f95ab0093b4453a3215"},
-    {file = "Django-4.2.6.tar.gz", hash = "sha256:08f41f468b63335aea0d904c5729e0250300f6a1907bf293a65499496cdbc68f"},
+    {file = "Django-4.2.7-py3-none-any.whl", hash = "sha256:e1d37c51ad26186de355cbcec16613ebdabfa9689bbade9c538835205a8abbe9"},
+    {file = "Django-4.2.7.tar.gz", hash = "sha256:8e0f1c2c2786b5c0e39fe1afce24c926040fad47c8ea8ad30aaf1188df29fc41"},
 ]
 
 [package.dependencies]
@@ -2978,17 +2978,17 @@ testing = ["argcomplete", "attrs (>=19.2.0)", "hypothesis (>=3.56)", "mock", "no
 
 [[package]]
 name = "pytest-django"
-version = "4.5.2"
+version = "4.6.0"
 description = "A Django plugin for pytest."
 optional = false
-python-versions = ">=3.5"
+python-versions = ">=3.8"
 files = [
-    {file = "pytest-django-4.5.2.tar.gz", hash = "sha256:d9076f759bb7c36939dbdd5ae6633c18edfc2902d1a69fdbefd2426b970ce6c2"},
-    {file = "pytest_django-4.5.2-py3-none-any.whl", hash = "sha256:c60834861933773109334fe5a53e83d1ef4828f2203a1d6a0fa9972f4f75ab3e"},
+    {file = "pytest-django-4.6.0.tar.gz", hash = "sha256:ebc12a64f822a1284a281caf434d693f96bff69a9b09c677f538ecaa2f470b37"},
+    {file = "pytest_django-4.6.0-py3-none-any.whl", hash = "sha256:7e90a183dec8c715714864e5dc8da99bb219502d437a9769a3c9e524af57e43a"},
 ]
 
 [package.dependencies]
-pytest = ">=5.4.0"
+pytest = ">=7.0.0"
 
 [package.extras]
 docs = ["sphinx", "sphinx-rtd-theme"]
@@ -3374,39 +3374,39 @@ pyasn1 = ">=0.1.3"
 
 [[package]]
 name = "ruff"
-version = "0.1.3"
-description = "An extremely fast Python linter, written in Rust."
+version = "0.1.4"
+description = "An extremely fast Python linter and code formatter, written in Rust."
 optional = false
 python-versions = ">=3.7"
 files = [
-    {file = "ruff-0.1.3-py3-none-macosx_10_7_x86_64.whl", hash = "sha256:b46d43d51f7061652eeadb426a9e3caa1e0002470229ab2fc19de8a7b0766901"},
-    {file = "ruff-0.1.3-py3-none-macosx_10_9_x86_64.macosx_11_0_arm64.macosx_10_9_universal2.whl", hash = "sha256:b8afeb9abd26b4029c72adc9921b8363374f4e7edb78385ffaa80278313a15f9"},
-    {file = "ruff-0.1.3-py3-none-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:ca3cf365bf32e9ba7e6db3f48a4d3e2c446cd19ebee04f05338bc3910114528b"},
-    {file = "ruff-0.1.3-py3-none-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:4874c165f96c14a00590dcc727a04dca0cfd110334c24b039458c06cf78a672e"},
-    {file = "ruff-0.1.3-py3-none-manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:eec2dd31eed114e48ea42dbffc443e9b7221976554a504767ceaee3dd38edeb8"},
-    {file = "ruff-0.1.3-py3-none-manylinux_2_17_ppc64.manylinux2014_ppc64.whl", hash = "sha256:dc3ec4edb3b73f21b4aa51337e16674c752f1d76a4a543af56d7d04e97769613"},
-    {file = "ruff-0.1.3-py3-none-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:2e3de9ed2e39160800281848ff4670e1698037ca039bda7b9274f849258d26ce"},
-    {file = "ruff-0.1.3-py3-none-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:1c595193881922cc0556a90f3af99b1c5681f0c552e7a2a189956141d8666fe8"},
-    {file = "ruff-0.1.3-py3-none-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:0f75e670d529aa2288cd00fc0e9b9287603d95e1536d7a7e0cafe00f75e0dd9d"},
-    {file = "ruff-0.1.3-py3-none-musllinux_1_2_aarch64.whl", hash = "sha256:76dd49f6cd945d82d9d4a9a6622c54a994689d8d7b22fa1322983389b4892e20"},
-    {file = "ruff-0.1.3-py3-none-musllinux_1_2_armv7l.whl", hash = "sha256:918b454bc4f8874a616f0d725590277c42949431ceb303950e87fef7a7d94cb3"},
-    {file = "ruff-0.1.3-py3-none-musllinux_1_2_i686.whl", hash = "sha256:d8859605e729cd5e53aa38275568dbbdb4fe882d2ea2714c5453b678dca83784"},
-    {file = "ruff-0.1.3-py3-none-musllinux_1_2_x86_64.whl", hash = "sha256:0b6c55f5ef8d9dd05b230bb6ab80bc4381ecb60ae56db0330f660ea240cb0d4a"},
-    {file = "ruff-0.1.3-py3-none-win32.whl", hash = "sha256:3e7afcbdcfbe3399c34e0f6370c30f6e529193c731b885316c5a09c9e4317eef"},
-    {file = "ruff-0.1.3-py3-none-win_amd64.whl", hash = "sha256:7a18df6638cec4a5bd75350639b2bb2a2366e01222825562c7346674bdceb7ea"},
-    {file = "ruff-0.1.3-py3-none-win_arm64.whl", hash = "sha256:12fd53696c83a194a2db7f9a46337ce06445fb9aa7d25ea6f293cf75b21aca9f"},
-    {file = "ruff-0.1.3.tar.gz", hash = "sha256:3ba6145369a151401d5db79f0a47d50e470384d0d89d0d6f7fab0b589ad07c34"},
+    {file = "ruff-0.1.4-py3-none-macosx_10_7_x86_64.whl", hash = "sha256:864958706b669cce31d629902175138ad8a069d99ca53514611521f532d91495"},
+    {file = "ruff-0.1.4-py3-none-macosx_10_9_x86_64.macosx_11_0_arm64.macosx_10_9_universal2.whl", hash = "sha256:9fdd61883bb34317c788af87f4cd75dfee3a73f5ded714b77ba928e418d6e39e"},
+    {file = "ruff-0.1.4-py3-none-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:b4eaca8c9cc39aa7f0f0d7b8fe24ecb51232d1bb620fc4441a61161be4a17539"},
+    {file = "ruff-0.1.4-py3-none-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:a9a1301dc43cbf633fb603242bccd0aaa34834750a14a4c1817e2e5c8d60de17"},
+    {file = "ruff-0.1.4-py3-none-manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:78e8db8ab6f100f02e28b3d713270c857d370b8d61871d5c7d1702ae411df683"},
+    {file = "ruff-0.1.4-py3-none-manylinux_2_17_ppc64.manylinux2014_ppc64.whl", hash = "sha256:80fea754eaae06335784b8ea053d6eb8e9aac75359ebddd6fee0858e87c8d510"},
+    {file = "ruff-0.1.4-py3-none-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:6bc02a480d4bfffd163a723698da15d1a9aec2fced4c06f2a753f87f4ce6969c"},
+    {file = "ruff-0.1.4-py3-none-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:9862811b403063765b03e716dac0fda8fdbe78b675cd947ed5873506448acea4"},
+    {file = "ruff-0.1.4-py3-none-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:58826efb8b3efbb59bb306f4b19640b7e366967a31c049d49311d9eb3a4c60cb"},
+    {file = "ruff-0.1.4-py3-none-musllinux_1_2_aarch64.whl", hash = "sha256:fdfd453fc91d9d86d6aaa33b1bafa69d114cf7421057868f0b79104079d3e66e"},
+    {file = "ruff-0.1.4-py3-none-musllinux_1_2_armv7l.whl", hash = "sha256:e8791482d508bd0b36c76481ad3117987301b86072158bdb69d796503e1c84a8"},
+    {file = "ruff-0.1.4-py3-none-musllinux_1_2_i686.whl", hash = "sha256:01206e361021426e3c1b7fba06ddcb20dbc5037d64f6841e5f2b21084dc51800"},
+    {file = "ruff-0.1.4-py3-none-musllinux_1_2_x86_64.whl", hash = "sha256:645591a613a42cb7e5c2b667cbefd3877b21e0252b59272ba7212c3d35a5819f"},
+    {file = "ruff-0.1.4-py3-none-win32.whl", hash = "sha256:99908ca2b3b85bffe7e1414275d004917d1e0dfc99d497ccd2ecd19ad115fd0d"},
+    {file = "ruff-0.1.4-py3-none-win_amd64.whl", hash = "sha256:1dfd6bf8f6ad0a4ac99333f437e0ec168989adc5d837ecd38ddb2cc4a2e3db8a"},
+    {file = "ruff-0.1.4-py3-none-win_arm64.whl", hash = "sha256:d98ae9ebf56444e18a3e3652b3383204748f73e247dea6caaf8b52d37e6b32da"},
+    {file = "ruff-0.1.4.tar.gz", hash = "sha256:21520ecca4cc555162068d87c747b8f95e1e95f8ecfcbbe59e8dd00710586315"},
 ]
 
 [[package]]
 name = "selenium"
-version = "4.14.0"
+version = "4.15.2"
 description = ""
 optional = false
 python-versions = ">=3.8"
 files = [
-    {file = "selenium-4.14.0-py3-none-any.whl", hash = "sha256:be9824a9354a7fe288e3fad9ceb6a9c65ddc7c44545d23ad0ebf4ce202b19893"},
-    {file = "selenium-4.14.0.tar.gz", hash = "sha256:0d14b0d9842366f38fb5f8f842cf7c042bcfa062affc6a0a86e4d634bdd0fe54"},
+    {file = "selenium-4.15.2-py3-none-any.whl", hash = "sha256:9e82cd1ac647fb73cf0d4a6e280284102aaa3c9d94f0fa6e6cc4b5db6a30afbf"},
+    {file = "selenium-4.15.2.tar.gz", hash = "sha256:22eab5a1724c73d51b240a69ca702997b717eee4ba1f6065bf5d6b44dba01d48"},
 ]
 
 [package.dependencies]
@@ -3417,13 +3417,13 @@ urllib3 = {version = ">=1.26,<3", extras = ["socks"]}
 
 [[package]]
 name = "sentry-sdk"
-version = "1.32.0"
+version = "1.34.0"
 description = "Python client for Sentry (https://sentry.io)"
 optional = false
 python-versions = "*"
 files = [
-    {file = "sentry-sdk-1.32.0.tar.gz", hash = "sha256:935e8fbd7787a3702457393b74b13d89a5afb67185bc0af85c00cb27cbd42e7c"},
-    {file = "sentry_sdk-1.32.0-py2.py3-none-any.whl", hash = "sha256:eeb0b3550536f3bbc05bb1c7e0feb3a78d74acb43b607159a606ed2ec0a33a4d"},
+    {file = "sentry-sdk-1.34.0.tar.gz", hash = "sha256:e5d0d2b25931d88fa10986da59d941ac6037f742ab6ff2fce4143a27981d60c3"},
+    {file = "sentry_sdk-1.34.0-py2.py3-none-any.whl", hash = "sha256:76dd087f38062ac6c1e30ed6feb533ee0037ff9e709974802db7b5dbf2e5db21"},
 ]
 
 [package.dependencies]
@@ -3692,13 +3692,13 @@ requests = ">=2.0.0"
 
 [[package]]
 name = "twisted"
-version = "23.8.0"
+version = "23.10.0"
 description = "An asynchronous networking framework written in Python"
 optional = false
-python-versions = ">=3.7.1"
+python-versions = ">=3.8.0"
 files = [
-    {file = "twisted-23.8.0-py3-none-any.whl", hash = "sha256:b8bdba145de120ffb36c20e6e071cce984e89fba798611ed0704216fb7f884cd"},
-    {file = "twisted-23.8.0.tar.gz", hash = "sha256:3c73360add17336a622c0d811c2a2ce29866b6e59b1125fd6509b17252098a24"},
+    {file = "twisted-23.10.0-py3-none-any.whl", hash = "sha256:4ae8bce12999a35f7fe6443e7f1893e6fe09588c8d2bed9c35cdce8ff2d5b444"},
+    {file = "twisted-23.10.0.tar.gz", hash = "sha256:987847a0790a2c597197613686e2784fd54167df3a55d0fb17c8412305d76ce5"},
 ]
 
 [package.dependencies]
@@ -3711,19 +3711,18 @@ incremental = ">=22.10.0"
 pyopenssl = {version = ">=21.0.0", optional = true, markers = "extra == \"tls\""}
 service-identity = {version = ">=18.1.0", optional = true, markers = "extra == \"tls\""}
 twisted-iocpsupport = {version = ">=1.0.2,<2", markers = "platform_system == \"Windows\""}
-typing-extensions = ">=3.10.0"
+typing-extensions = ">=4.2.0"
 zope-interface = ">=5"
 
 [package.extras]
-all-non-platform = ["twisted[conch,contextvars,http2,serial,test,tls]", "twisted[conch,contextvars,http2,serial,test,tls]"]
+all-non-platform = ["twisted[conch,http2,serial,test,tls]", "twisted[conch,http2,serial,test,tls]"]
 conch = ["appdirs (>=1.4.0)", "bcrypt (>=3.1.3)", "cryptography (>=3.3)"]
-contextvars = ["contextvars (>=2.4,<3)"]
 dev = ["coverage (>=6b1,<7)", "pyflakes (>=2.2,<3.0)", "python-subunit (>=1.4,<2.0)", "twisted[dev-release]", "twistedchecker (>=0.7,<1.0)"]
-dev-release = ["pydoctor (>=23.4.0,<23.5.0)", "pydoctor (>=23.4.0,<23.5.0)", "readthedocs-sphinx-ext (>=2.2,<3.0)", "readthedocs-sphinx-ext (>=2.2,<3.0)", "sphinx (>=5,<7)", "sphinx (>=5,<7)", "sphinx-rtd-theme (>=1.2,<2.0)", "sphinx-rtd-theme (>=1.2,<2.0)", "towncrier (>=22.12,<23.0)", "towncrier (>=22.12,<23.0)", "urllib3 (<2)", "urllib3 (<2)"]
+dev-release = ["pydoctor (>=23.9.0,<23.10.0)", "pydoctor (>=23.9.0,<23.10.0)", "sphinx (>=6,<7)", "sphinx (>=6,<7)", "sphinx-rtd-theme (>=1.3,<2.0)", "sphinx-rtd-theme (>=1.3,<2.0)", "towncrier (>=23.6,<24.0)", "towncrier (>=23.6,<24.0)"]
 gtk-platform = ["pygobject", "pygobject", "twisted[all-non-platform]", "twisted[all-non-platform]"]
 http2 = ["h2 (>=3.0,<5.0)", "priority (>=1.1.0,<2.0)"]
 macos-platform = ["pyobjc-core", "pyobjc-core", "pyobjc-framework-cfnetwork", "pyobjc-framework-cfnetwork", "pyobjc-framework-cocoa", "pyobjc-framework-cocoa", "twisted[all-non-platform]", "twisted[all-non-platform]"]
-mypy = ["mypy (==0.981)", "mypy-extensions (==0.4.3)", "mypy-zope (==0.3.11)", "twisted[all-non-platform,dev]", "types-pyopenssl", "types-setuptools"]
+mypy = ["mypy (>=1.5.1,<1.6.0)", "mypy-zope (>=1.0.1,<1.1.0)", "twisted[all-non-platform,dev]", "types-pyopenssl", "types-setuptools"]
 osx-platform = ["twisted[macos-platform]", "twisted[macos-platform]"]
 serial = ["pyserial (>=3.0)", "pywin32 (!=226)"]
 test = ["cython-test-exception-raiser (>=1.0.2,<2)", "hypothesis (>=6.56)", "pyhamcrest (>=2)"]
@@ -3856,13 +3855,13 @@ files = [
 
 [[package]]
 name = "uvicorn"
-version = "0.23.2"
+version = "0.24.0"
 description = "The lightning-fast ASGI server."
 optional = false
 python-versions = ">=3.8"
 files = [
-    {file = "uvicorn-0.23.2-py3-none-any.whl", hash = "sha256:1f9be6558f01239d4fdf22ef8126c39cb1ad0addf76c40e760549d2c2f43ab53"},
-    {file = "uvicorn-0.23.2.tar.gz", hash = "sha256:4d3cc12d7727ba72b64d12d3cc7743124074c0a69f7b201512fc50c3e3f1569a"},
+    {file = "uvicorn-0.24.0-py3-none-any.whl", hash = "sha256:3d19f13dfd2c2af1bfe34dd0f7155118ce689425fdf931177abe832ca44b8a04"},
+    {file = "uvicorn-0.24.0.tar.gz", hash = "sha256:368d5d81520a51be96431845169c225d771c9dd22a58613e1a181e6c4512ac33"},
 ]
 
 [package.dependencies]
@@ -4020,13 +4019,13 @@ files = [
 
 [[package]]
 name = "webauthn"
-version = "1.11.0"
+version = "1.11.1"
 description = "Pythonic WebAuthn"
 optional = false
 python-versions = "*"
 files = [
-    {file = "webauthn-1.11.0-py3-none-any.whl", hash = "sha256:9c8a81f7e310aee022a038ae2c76711bcf0a94521a471225e05c36871f83eeda"},
-    {file = "webauthn-1.11.0.tar.gz", hash = "sha256:1e808de1e3625a4b361e249e1bbb254d2a3a5c6b206e6f7260c4febe51f45276"},
+    {file = "webauthn-1.11.1-py3-none-any.whl", hash = "sha256:13592ee71489b571cb6e4a5d8b3c34f7b040cd3539a9d94b6b7d23fa88df5dfb"},
+    {file = "webauthn-1.11.1.tar.gz", hash = "sha256:24eda57903897369797f52a377f8c470e7057e79da5525779d0720a9fcc11926"},
 ]
 
 [package.dependencies]

proxy.Dockerfile

@@ -15,7 +15,14 @@ COPY web .
 RUN npm run build-proxy
 
 # Stage 2: Build
-FROM docker.io/golang:1.21.3-bookworm AS builder
+FROM --platform=${BUILDPLATFORM} docker.io/golang:1.21.3-bookworm AS builder
+
+ARG TARGETOS
+ARG TARGETARCH
+ARG TARGETVARIANT
+
+ARG GOOS=$TARGETOS
+ARG GOARCH=$TARGETARCH
 
 WORKDIR /go/src/goauthentik.io
 
@@ -29,7 +36,7 @@ ENV CGO_ENABLED=0
 COPY . .
 RUN --mount=type=cache,target=/go/pkg/mod \
     --mount=type=cache,target=/root/.cache/go-build \
-    go build -o /go/proxy ./cmd/proxy
+    GOARM="${TARGETVARIANT#v}" go build -o /go/proxy ./cmd/proxy
 
 # Stage 3: Run
 FROM gcr.io/distroless/static-debian11:debug

radius.Dockerfile

@@ -1,5 +1,12 @@
 # Stage 1: Build
-FROM docker.io/golang:1.21.3-bookworm AS builder
+FROM --platform=${BUILDPLATFORM} docker.io/golang:1.21.3-bookworm AS builder
+
+ARG TARGETOS
+ARG TARGETARCH
+ARG TARGETVARIANT
+
+ARG GOOS=$TARGETOS
+ARG GOARCH=$TARGETARCH
 
 WORKDIR /go/src/goauthentik.io
 
@@ -13,7 +20,7 @@ ENV CGO_ENABLED=0
 COPY . .
 RUN --mount=type=cache,target=/go/pkg/mod \
     --mount=type=cache,target=/root/.cache/go-build \
-    go build -o /go/radius ./cmd/radius
+    GOARM="${TARGETVARIANT#v}" go build -o /go/radius ./cmd/radius
 
 # Stage 2: Run
 FROM gcr.io/distroless/static-debian11:debug

tests/wdio/package-lock.json

@@ -7,15 +7,15 @@
             "name": "@goauthentik/web-tests",
             "devDependencies": {
                 "@trivago/prettier-plugin-sort-imports": "^4.2.1",
-                "@typescript-eslint/eslint-plugin": "^6.9.0",
-                "@typescript-eslint/parser": "^6.9.0",
-                "@wdio/cli": "^8.20.5",
-                "@wdio/local-runner": "^8.20.5",
-                "@wdio/mocha-framework": "^8.20.3",
-                "@wdio/spec-reporter": "^8.20.0",
-                "eslint": "^8.52.0",
+                "@typescript-eslint/eslint-plugin": "^6.9.1",
+                "@typescript-eslint/parser": "^6.9.1",
+                "@wdio/cli": "^8.21.0",
+                "@wdio/local-runner": "^8.21.0",
+                "@wdio/mocha-framework": "^8.21.0",
+                "@wdio/spec-reporter": "^8.21.0",
+                "eslint": "^8.53.0",
                 "eslint-config-google": "^0.14.0",
-                "eslint-plugin-sonarjs": "^0.21.0",
+                "eslint-plugin-sonarjs": "^0.23.0",
                 "npm-run-all": "^4.1.5",
                 "prettier": "^3.0.3",
                 "ts-node": "^10.9.1",
@@ -329,9 +329,9 @@
             }
         },
         "node_modules/@eslint/eslintrc": {
-            "version": "2.1.2",
-            "resolved": "https://registry.npmjs.org/@eslint/eslintrc/-/eslintrc-2.1.2.tgz",
-            "integrity": "sha512-+wvgpDsrB1YqAMdEUCcnTlpfVBH7Vqn6A/NT3D8WVXFIaKMlErPIZT3oCIAVCOtarRpMtelZLqJeU3t7WY6X6g==",
+            "version": "2.1.3",
+            "resolved": "https://registry.npmjs.org/@eslint/eslintrc/-/eslintrc-2.1.3.tgz",
+            "integrity": "sha512-yZzuIG+jnVu6hNSzFEN07e8BxF3uAzYtQb6uDkaYZLo6oYZDCq454c5kB8zxnzfCYyP4MIuyBn10L0DqwujTmA==",
             "dev": true,
             "dependencies": {
                 "ajv": "^6.12.4",
@@ -352,9 +352,9 @@
             }
         },
         "node_modules/@eslint/eslintrc/node_modules/globals": {
-            "version": "13.22.0",
-            "resolved": "https://registry.npmjs.org/globals/-/globals-13.22.0.tgz",
-            "integrity": "sha512-H1Ddc/PbZHTDVJSnj8kWptIRSD6AM3pK+mKytuIVF4uoBV7rshFlhhvA58ceJ5wp3Er58w6zj7bykMpYXt3ETw==",
+            "version": "13.23.0",
+            "resolved": "https://registry.npmjs.org/globals/-/globals-13.23.0.tgz",
+            "integrity": "sha512-XAmF0RjlrjY23MA51q3HltdlGxUpXPvg0GioKiD9X6HD28iMjo2dKC8Vqwm7lne4GNr78+RHTfliktR6ZH09wA==",
             "dev": true,
             "dependencies": {
                 "type-fest": "^0.20.2"
@@ -379,9 +379,9 @@
             }
         },
         "node_modules/@eslint/js": {
-            "version": "8.52.0",
-            "resolved": "https://registry.npmjs.org/@eslint/js/-/js-8.52.0.tgz",
-            "integrity": "sha512-mjZVbpaeMZludF2fsWLD0Z9gCref1Tk4i9+wddjRvpUNqqcndPkBD09N/Mapey0b3jaXbLm2kICwFv2E64QinA==",
+            "version": "8.53.0",
+            "resolved": "https://registry.npmjs.org/@eslint/js/-/js-8.53.0.tgz",
+            "integrity": "sha512-Kn7K8dx/5U6+cT1yEhpX1w4PCSg0M+XyRILPgvwcEBjerFWCwQj5sbr3/VmxqV0JGHCBCzyd6LxypEuehypY1w==",
             "dev": true,
             "engines": {
                 "node": "^12.22.0 || ^14.17.0 || >=16.0.0"
@@ -940,16 +940,16 @@
             }
         },
         "node_modules/@typescript-eslint/eslint-plugin": {
-            "version": "6.9.0",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-6.9.0.tgz",
-            "integrity": "sha512-lgX7F0azQwRPB7t7WAyeHWVfW1YJ9NIgd9mvGhfQpRY56X6AVf8mwM8Wol+0z4liE7XX3QOt8MN1rUKCfSjRIA==",
+            "version": "6.9.1",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-6.9.1.tgz",
+            "integrity": "sha512-w0tiiRc9I4S5XSXXrMHOWgHgxbrBn1Ro+PmiYhSg2ZVdxrAJtQgzU5o2m1BfP6UOn7Vxcc6152vFjQfmZR4xEg==",
             "dev": true,
             "dependencies": {
                 "@eslint-community/regexpp": "^4.5.1",
-                "@typescript-eslint/scope-manager": "6.9.0",
-                "@typescript-eslint/type-utils": "6.9.0",
-                "@typescript-eslint/utils": "6.9.0",
-                "@typescript-eslint/visitor-keys": "6.9.0",
+                "@typescript-eslint/scope-manager": "6.9.1",
+                "@typescript-eslint/type-utils": "6.9.1",
+                "@typescript-eslint/utils": "6.9.1",
+                "@typescript-eslint/visitor-keys": "6.9.1",
                 "debug": "^4.3.4",
                 "graphemer": "^1.4.0",
                 "ignore": "^5.2.4",
@@ -975,15 +975,15 @@
             }
         },
         "node_modules/@typescript-eslint/parser": {
-            "version": "6.9.0",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-6.9.0.tgz",
-            "integrity": "sha512-GZmjMh4AJ/5gaH4XF2eXA8tMnHWP+Pm1mjQR2QN4Iz+j/zO04b9TOvJYOX2sCNIQHtRStKTxRY1FX7LhpJT4Gw==",
+            "version": "6.9.1",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-6.9.1.tgz",
+            "integrity": "sha512-C7AK2wn43GSaCUZ9do6Ksgi2g3mwFkMO3Cis96kzmgudoVaKyt62yNzJOktP0HDLb/iO2O0n2lBOzJgr6Q/cyg==",
             "dev": true,
             "dependencies": {
-                "@typescript-eslint/scope-manager": "6.9.0",
-                "@typescript-eslint/types": "6.9.0",
-                "@typescript-eslint/typescript-estree": "6.9.0",
-                "@typescript-eslint/visitor-keys": "6.9.0",
+                "@typescript-eslint/scope-manager": "6.9.1",
+                "@typescript-eslint/types": "6.9.1",
+                "@typescript-eslint/typescript-estree": "6.9.1",
+                "@typescript-eslint/visitor-keys": "6.9.1",
                 "debug": "^4.3.4"
             },
             "engines": {
@@ -1003,13 +1003,13 @@
             }
         },
         "node_modules/@typescript-eslint/scope-manager": {
-            "version": "6.9.0",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-6.9.0.tgz",
-            "integrity": "sha512-1R8A9Mc39n4pCCz9o79qRO31HGNDvC7UhPhv26TovDsWPBDx+Sg3rOZdCELIA3ZmNoWAuxaMOT7aWtGRSYkQxw==",
+            "version": "6.9.1",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-6.9.1.tgz",
+            "integrity": "sha512-38IxvKB6NAne3g/+MyXMs2Cda/Sz+CEpmm+KLGEM8hx/CvnSRuw51i8ukfwB/B/sESdeTGet1NH1Wj7I0YXswg==",
             "dev": true,
             "dependencies": {
-                "@typescript-eslint/types": "6.9.0",
-                "@typescript-eslint/visitor-keys": "6.9.0"
+                "@typescript-eslint/types": "6.9.1",
+                "@typescript-eslint/visitor-keys": "6.9.1"
             },
             "engines": {
                 "node": "^16.0.0 || >=18.0.0"
@@ -1020,13 +1020,13 @@
             }
         },
         "node_modules/@typescript-eslint/type-utils": {
-            "version": "6.9.0",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-6.9.0.tgz",
-            "integrity": "sha512-XXeahmfbpuhVbhSOROIzJ+b13krFmgtc4GlEuu1WBT+RpyGPIA4Y/eGnXzjbDj5gZLzpAXO/sj+IF/x2GtTMjQ==",
+            "version": "6.9.1",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-6.9.1.tgz",
+            "integrity": "sha512-eh2oHaUKCK58qIeYp19F5V5TbpM52680sB4zNSz29VBQPTWIlE/hCj5P5B1AChxECe/fmZlspAWFuRniep1Skg==",
             "dev": true,
             "dependencies": {
-                "@typescript-eslint/typescript-estree": "6.9.0",
-                "@typescript-eslint/utils": "6.9.0",
+                "@typescript-eslint/typescript-estree": "6.9.1",
+                "@typescript-eslint/utils": "6.9.1",
                 "debug": "^4.3.4",
                 "ts-api-utils": "^1.0.1"
             },
@@ -1047,9 +1047,9 @@
             }
         },
         "node_modules/@typescript-eslint/types": {
-            "version": "6.9.0",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-6.9.0.tgz",
-            "integrity": "sha512-+KB0lbkpxBkBSiVCuQvduqMJy+I1FyDbdwSpM3IoBS7APl4Bu15lStPjgBIdykdRqQNYqYNMa8Kuidax6phaEw==",
+            "version": "6.9.1",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-6.9.1.tgz",
+            "integrity": "sha512-BUGslGOb14zUHOUmDB2FfT6SI1CcZEJYfF3qFwBeUrU6srJfzANonwRYHDpLBuzbq3HaoF2XL2hcr01c8f8OaQ==",
             "dev": true,
             "engines": {
                 "node": "^16.0.0 || >=18.0.0"
@@ -1060,13 +1060,13 @@
             }
         },
         "node_modules/@typescript-eslint/typescript-estree": {
-            "version": "6.9.0",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-6.9.0.tgz",
-            "integrity": "sha512-NJM2BnJFZBEAbCfBP00zONKXvMqihZCrmwCaik0UhLr0vAgb6oguXxLX1k00oQyD+vZZ+CJn3kocvv2yxm4awQ==",
+            "version": "6.9.1",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-6.9.1.tgz",
+            "integrity": "sha512-U+mUylTHfcqeO7mLWVQ5W/tMLXqVpRv61wm9ZtfE5egz7gtnmqVIw9ryh0mgIlkKk9rZLY3UHygsBSdB9/ftyw==",
             "dev": true,
             "dependencies": {
-                "@typescript-eslint/types": "6.9.0",
-                "@typescript-eslint/visitor-keys": "6.9.0",
+                "@typescript-eslint/types": "6.9.1",
+                "@typescript-eslint/visitor-keys": "6.9.1",
                 "debug": "^4.3.4",
                 "globby": "^11.1.0",
                 "is-glob": "^4.0.3",
@@ -1087,17 +1087,17 @@
             }
         },
         "node_modules/@typescript-eslint/utils": {
-            "version": "6.9.0",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-6.9.0.tgz",
-            "integrity": "sha512-5Wf+Jsqya7WcCO8me504FBigeQKVLAMPmUzYgDbWchINNh1KJbxCgVya3EQ2MjvJMVeXl3pofRmprqX6mfQkjQ==",
+            "version": "6.9.1",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-6.9.1.tgz",
+            "integrity": "sha512-L1T0A5nFdQrMVunpZgzqPL6y2wVreSyHhKGZryS6jrEN7bD9NplVAyMryUhXsQ4TWLnZmxc2ekar/lSGIlprCA==",
             "dev": true,
             "dependencies": {
                 "@eslint-community/eslint-utils": "^4.4.0",
                 "@types/json-schema": "^7.0.12",
                 "@types/semver": "^7.5.0",
-                "@typescript-eslint/scope-manager": "6.9.0",
-                "@typescript-eslint/types": "6.9.0",
-                "@typescript-eslint/typescript-estree": "6.9.0",
+                "@typescript-eslint/scope-manager": "6.9.1",
+                "@typescript-eslint/types": "6.9.1",
+                "@typescript-eslint/typescript-estree": "6.9.1",
                 "semver": "^7.5.4"
             },
             "engines": {
@@ -1112,12 +1112,12 @@
             }
         },
         "node_modules/@typescript-eslint/visitor-keys": {
-            "version": "6.9.0",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-6.9.0.tgz",
-            "integrity": "sha512-dGtAfqjV6RFOtIP8I0B4ZTBRrlTT8NHHlZZSchQx3qReaoDeXhYM++M4So2AgFK9ZB0emRPA6JI1HkafzA2Ibg==",
+            "version": "6.9.1",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-6.9.1.tgz",
+            "integrity": "sha512-MUaPUe/QRLEffARsmNfmpghuQkW436DvESW+h+M52w0coICHRfD6Np9/K6PdACwnrq1HmuLl+cSPZaJmeVPkSw==",
             "dev": true,
             "dependencies": {
-                "@typescript-eslint/types": "6.9.0",
+                "@typescript-eslint/types": "6.9.1",
                 "eslint-visitor-keys": "^3.4.1"
             },
             "engines": {
@@ -1135,18 +1135,18 @@
             "dev": true
         },
         "node_modules/@wdio/cli": {
-            "version": "8.20.5",
-            "resolved": "https://registry.npmjs.org/@wdio/cli/-/cli-8.20.5.tgz",
-            "integrity": "sha512-Z5wAf8gJMBZGK15pRVFbX8TOIEk7cOXKb9Gjs9pP3DOgx3+xpGlLmgrbLg/wB+rMXA4eu7bt5ZUItPWAWmq6IQ==",
+            "version": "8.21.0",
+            "resolved": "https://registry.npmjs.org/@wdio/cli/-/cli-8.21.0.tgz",
+            "integrity": "sha512-d5TGKmAPvJUhVIUkhLsjBKPKH4fS3pftzxroTQX9+w8m5obJTx82erjii7SzLbgQQjuSiL/aaxvp4V+eQNaP+A==",
             "dev": true,
             "dependencies": {
                 "@types/node": "^20.1.1",
-                "@wdio/config": "8.20.3",
-                "@wdio/globals": "8.20.5",
+                "@wdio/config": "8.21.0",
+                "@wdio/globals": "8.21.0",
                 "@wdio/logger": "8.16.17",
                 "@wdio/protocols": "8.20.4",
-                "@wdio/types": "8.20.0",
-                "@wdio/utils": "8.20.3",
+                "@wdio/types": "8.21.0",
+                "@wdio/utils": "8.21.0",
                 "async-exit-hook": "^2.0.1",
                 "chalk": "^5.2.0",
                 "chokidar": "^3.5.3",
@@ -1162,7 +1162,7 @@
                 "lodash.union": "^4.6.0",
                 "read-pkg-up": "10.1.0",
                 "recursive-readdir": "^2.2.3",
-                "webdriverio": "8.20.4",
+                "webdriverio": "8.21.0",
                 "yargs": "^17.7.2"
             },
             "bin": {
@@ -1185,14 +1185,14 @@
             }
         },
         "node_modules/@wdio/config": {
-            "version": "8.20.3",
-            "resolved": "https://registry.npmjs.org/@wdio/config/-/config-8.20.3.tgz",
-            "integrity": "sha512-UaPjDjdXztrWgpoodSjZc1/9oXX1WpjhZSW55ZA2PKzCO7QuS/Fory5lMMpJD4v6/9fNUiRp7A4/rd+w7am1vA==",
+            "version": "8.21.0",
+            "resolved": "https://registry.npmjs.org/@wdio/config/-/config-8.21.0.tgz",
+            "integrity": "sha512-ilq880hg+q/MpDqn03bwZruFG0+C5t21XjGbDxdGmpf2aJMFVZdWk6tjlbnwjJ7nDTufIYidp/LWyG7Ro/W7FA==",
             "dev": true,
             "dependencies": {
                 "@wdio/logger": "8.16.17",
-                "@wdio/types": "8.20.0",
-                "@wdio/utils": "8.20.3",
+                "@wdio/types": "8.21.0",
+                "@wdio/utils": "8.21.0",
                 "decamelize": "^6.0.0",
                 "deepmerge-ts": "^5.0.0",
                 "glob": "^10.2.2",
@@ -1204,29 +1204,29 @@
             }
         },
         "node_modules/@wdio/globals": {
-            "version": "8.20.5",
-            "resolved": "https://registry.npmjs.org/@wdio/globals/-/globals-8.20.5.tgz",
-            "integrity": "sha512-79BFF/b+qQ1Td3KfoN/xEf9Bzbb3rKovjyl5BD205pIyWJCeZJDsK693vV8g6z6Q+/pvp/GPfepqSmvrKQokEw==",
+            "version": "8.21.0",
+            "resolved": "https://registry.npmjs.org/@wdio/globals/-/globals-8.21.0.tgz",
+            "integrity": "sha512-0kj1CbcPf+rnoynYsv1j+tUdobVSr/n3AV3a34qteBNoBbYqGHkr3Jo1/6ZnwSZJOgt9eoo8gRtogPS8KwYjBg==",
             "dev": true,
             "engines": {
                 "node": "^16.13 || >=18"
             },
             "optionalDependencies": {
                 "expect-webdriverio": "^4.2.5",
-                "webdriverio": "8.20.4"
+                "webdriverio": "8.21.0"
             }
         },
         "node_modules/@wdio/local-runner": {
-            "version": "8.20.5",
-            "resolved": "https://registry.npmjs.org/@wdio/local-runner/-/local-runner-8.20.5.tgz",
-            "integrity": "sha512-lm5eyirDiSuxLkwe1fkMXjPd54Ortp5i8wfJPlAImyG9fxU5CY8D9V1bkjpDqOkd4RLmUk1z4mp9gJWghrAd0Q==",
+            "version": "8.21.0",
+            "resolved": "https://registry.npmjs.org/@wdio/local-runner/-/local-runner-8.21.0.tgz",
+            "integrity": "sha512-bwNj64l7qwXHYYne/YFGCWAq95k0IzndNpzvIAq3UMKY1NDn0zGGZ/ticYYV2Vd85q6Dif6KT77Zl8Kbkv6qbA==",
             "dev": true,
             "dependencies": {
                 "@types/node": "^20.1.0",
                 "@wdio/logger": "8.16.17",
                 "@wdio/repl": "8.10.1",
-                "@wdio/runner": "8.20.5",
-                "@wdio/types": "8.20.0",
+                "@wdio/runner": "8.21.0",
+                "@wdio/types": "8.21.0",
                 "async-exit-hook": "^2.0.1",
                 "split2": "^4.1.0",
                 "stream-buffers": "^3.0.2"
@@ -1263,16 +1263,16 @@
             }
         },
         "node_modules/@wdio/mocha-framework": {
-            "version": "8.20.3",
-            "resolved": "https://registry.npmjs.org/@wdio/mocha-framework/-/mocha-framework-8.20.3.tgz",
-            "integrity": "sha512-AF27tW2ToQ4+fzuBwI71ABjPhmPoESj+UtJYx4ahZjHQUyCCEhkiYIeh8T6UEFFpbIQeQV1Fz12UEK/18EGbzw==",
+            "version": "8.21.0",
+            "resolved": "https://registry.npmjs.org/@wdio/mocha-framework/-/mocha-framework-8.21.0.tgz",
+            "integrity": "sha512-oYRmL4bGMR8cVBMkOgS5qeBAiSWJOZ/nN53vFBQ9JQo+F1Ez+ZIgZ847wfk+XZ7UP1kTKNUHVPup5bTqR+UmkA==",
             "dev": true,
             "dependencies": {
                 "@types/mocha": "^10.0.0",
                 "@types/node": "^20.1.0",
                 "@wdio/logger": "8.16.17",
-                "@wdio/types": "8.20.0",
-                "@wdio/utils": "8.20.3",
+                "@wdio/types": "8.21.0",
+                "@wdio/utils": "8.21.0",
                 "mocha": "^10.0.0"
             },
             "engines": {
@@ -1298,14 +1298,14 @@
             }
         },
         "node_modules/@wdio/reporter": {
-            "version": "8.20.0",
-            "resolved": "https://registry.npmjs.org/@wdio/reporter/-/reporter-8.20.0.tgz",
-            "integrity": "sha512-9a0cIuwDYwMgBwx/JTRITjlxef63xEt+q+nQBsEwzaPtcTMLzRIGAYO7BKxf9ejYL3tdoPJYJm3GtBKeh+2QIQ==",
+            "version": "8.21.0",
+            "resolved": "https://registry.npmjs.org/@wdio/reporter/-/reporter-8.21.0.tgz",
+            "integrity": "sha512-noZX04lP7WvoaEAwhOTy0C/ddyVTEHQe/AGMTzgKgoQclEM3I2nZ1PjEwe/ACfIm0880EGIDW7ssN2pf/4ZNDQ==",
             "dev": true,
             "dependencies": {
                 "@types/node": "^20.1.0",
                 "@wdio/logger": "8.16.17",
-                "@wdio/types": "8.20.0",
+                "@wdio/types": "8.21.0",
                 "diff": "^5.0.0",
                 "object-inspect": "^1.12.0"
             },
@@ -1314,35 +1314,35 @@
             }
         },
         "node_modules/@wdio/runner": {
-            "version": "8.20.5",
-            "resolved": "https://registry.npmjs.org/@wdio/runner/-/runner-8.20.5.tgz",
-            "integrity": "sha512-JmH9995lI4FB95vQ2/l4oAJ3zoo49PIhZutNcwu98o2DDFWPxSGsOPRKI/B5u5OvJ0OkK0AzcN6XdJAfAPZSfA==",
+            "version": "8.21.0",
+            "resolved": "https://registry.npmjs.org/@wdio/runner/-/runner-8.21.0.tgz",
+            "integrity": "sha512-0hGx1GMzUQUWRQOwSdXQjWatmKjb04EqlDozxIJsTr06A0XhTXenmfgwz9g4wKt2MWV+/WmFh4QZs0KwcjgYgA==",
             "dev": true,
             "dependencies": {
                 "@types/node": "^20.1.0",
-                "@wdio/config": "8.20.3",
-                "@wdio/globals": "8.20.5",
+                "@wdio/config": "8.21.0",
+                "@wdio/globals": "8.21.0",
                 "@wdio/logger": "8.16.17",
-                "@wdio/types": "8.20.0",
-                "@wdio/utils": "8.20.3",
+                "@wdio/types": "8.21.0",
+                "@wdio/utils": "8.21.0",
                 "deepmerge-ts": "^5.0.0",
                 "expect-webdriverio": "^4.2.5",
                 "gaze": "^1.1.2",
-                "webdriver": "8.20.4",
-                "webdriverio": "8.20.4"
+                "webdriver": "8.21.0",
+                "webdriverio": "8.21.0"
             },
             "engines": {
                 "node": "^16.13 || >=18"
             }
         },
         "node_modules/@wdio/spec-reporter": {
-            "version": "8.20.0",
-            "resolved": "https://registry.npmjs.org/@wdio/spec-reporter/-/spec-reporter-8.20.0.tgz",
-            "integrity": "sha512-HpVE/99Kg/no94ETpI4JWoJzqpcsAnJQpbg5HdSyZqXuGj9WnRF/PGXK7VDU+DZwGQgOF9A6s6H0hd+FTHDrHg==",
+            "version": "8.21.0",
+            "resolved": "https://registry.npmjs.org/@wdio/spec-reporter/-/spec-reporter-8.21.0.tgz",
+            "integrity": "sha512-Lb6MTjISlaZJx5/2kjJC/E9FM55BZUy3HPbhYbbWUSWqi9Yk8I7n6e90c8uHwDOK5zMyRof9501lUtLyIHY9Og==",
             "dev": true,
             "dependencies": {
-                "@wdio/reporter": "8.20.0",
-                "@wdio/types": "8.20.0",
+                "@wdio/reporter": "8.21.0",
+                "@wdio/types": "8.21.0",
                 "chalk": "^5.1.2",
                 "easy-table": "^1.2.0",
                 "pretty-ms": "^7.0.0"
@@ -1364,9 +1364,9 @@
             }
         },
         "node_modules/@wdio/types": {
-            "version": "8.20.0",
-            "resolved": "https://registry.npmjs.org/@wdio/types/-/types-8.20.0.tgz",
-            "integrity": "sha512-y0En5V5PPF48IHJMetaNYQobhCr3ddsgp2aX/crLL51UccWqnFpCL8pCh6cP01gRgCchCasa2JCBMB+PucbYmA==",
+            "version": "8.21.0",
+            "resolved": "https://registry.npmjs.org/@wdio/types/-/types-8.21.0.tgz",
+            "integrity": "sha512-mZFOipmu541z0BXBW7mBAUjM4zZWhNnP/w321OSYx082Jy4d0UHMFXYWaOC98DIMBPahJu/yLX2WH5iCrazKSA==",
             "dev": true,
             "dependencies": {
                 "@types/node": "^20.1.0"
@@ -1376,14 +1376,14 @@
             }
         },
         "node_modules/@wdio/utils": {
-            "version": "8.20.3",
-            "resolved": "https://registry.npmjs.org/@wdio/utils/-/utils-8.20.3.tgz",
-            "integrity": "sha512-McGS9TFNfjS3cGJkF8hXyajGE5LKFJnPg/fbdXTIBzYohiAzQ1rUMyllPdxxHslnpQPkflBHI6XSYBxU7yB9Lw==",
+            "version": "8.21.0",
+            "resolved": "https://registry.npmjs.org/@wdio/utils/-/utils-8.21.0.tgz",
+            "integrity": "sha512-bEmOL9wRsDXnHxh/FYH/rHv/3pJdNIZ8SL0vbBFl3m3ZvKWBJ0xZgpW6XUYXK5S0xi20Y2T7zf2URifp+AOlPg==",
             "dev": true,
             "dependencies": {
                 "@puppeteer/browsers": "^1.6.0",
                 "@wdio/logger": "8.16.17",
-                "@wdio/types": "8.20.0",
+                "@wdio/types": "8.21.0",
                 "decamelize": "^6.0.0",
                 "deepmerge-ts": "^5.1.0",
                 "edgedriver": "^5.3.5",
@@ -2572,9 +2572,9 @@
             }
         },
         "node_modules/devtools-protocol": {
-            "version": "0.0.1209236",
-            "resolved": "https://registry.npmjs.org/devtools-protocol/-/devtools-protocol-0.0.1209236.tgz",
-            "integrity": "sha512-z4eehc+fhmptqhxwreLcg9iydszZGU4Q5FzaaElXVGp3KyfXbjtXeUCmo4l8FxBJbyXtCz4VRIJsGW2ekApyUQ==",
+            "version": "0.0.1213968",
+            "resolved": "https://registry.npmjs.org/devtools-protocol/-/devtools-protocol-0.0.1213968.tgz",
+            "integrity": "sha512-o4n/beY+3CcZwFctYapjGelKptR4AuQT5gXS1Kvgbig+ArwkxK7f8wDVuD1wsoswiJWCwV6OK+Qb7vhNzNmABQ==",
             "dev": true
         },
         "node_modules/diff": {
@@ -2922,15 +2922,15 @@
             }
         },
         "node_modules/eslint": {
-            "version": "8.52.0",
-            "resolved": "https://registry.npmjs.org/eslint/-/eslint-8.52.0.tgz",
-            "integrity": "sha512-zh/JHnaixqHZsolRB/w9/02akBk9EPrOs9JwcTP2ek7yL5bVvXuRariiaAjjoJ5DvuwQ1WAE/HsMz+w17YgBCg==",
+            "version": "8.53.0",
+            "resolved": "https://registry.npmjs.org/eslint/-/eslint-8.53.0.tgz",
+            "integrity": "sha512-N4VuiPjXDUa4xVeV/GC/RV3hQW9Nw+Y463lkWaKKXKYMvmRiRDAtfpuPFLN+E1/6ZhyR8J2ig+eVREnYgUsiag==",
             "dev": true,
             "dependencies": {
                 "@eslint-community/eslint-utils": "^4.2.0",
                 "@eslint-community/regexpp": "^4.6.1",
-                "@eslint/eslintrc": "^2.1.2",
-                "@eslint/js": "8.52.0",
+                "@eslint/eslintrc": "^2.1.3",
+                "@eslint/js": "8.53.0",
                 "@humanwhocodes/config-array": "^0.11.13",
                 "@humanwhocodes/module-importer": "^1.0.1",
                 "@nodelib/fs.walk": "^1.2.8",
@@ -2989,9 +2989,9 @@
             }
         },
         "node_modules/eslint-plugin-sonarjs": {
-            "version": "0.21.0",
-            "resolved": "https://registry.npmjs.org/eslint-plugin-sonarjs/-/eslint-plugin-sonarjs-0.21.0.tgz",
-            "integrity": "sha512-oezUDfFT5S6j3rQheZ4DLPrbetPmMS7zHIKWGHr0CM3g5JgyZroz1FpIKa4jV83NsGpmgIeagpokWDKIJzRQmw==",
+            "version": "0.23.0",
+            "resolved": "https://registry.npmjs.org/eslint-plugin-sonarjs/-/eslint-plugin-sonarjs-0.23.0.tgz",
+            "integrity": "sha512-z44T3PBf9W7qQ/aR+NmofOTyg6HLhSEZOPD4zhStqBpLoMp8GYhFksuUBnCxbnf1nfISpKBVkQhiBLFI/F4Wlg==",
             "dev": true,
             "engines": {
                 "node": ">=14"
@@ -6706,9 +6706,9 @@
             }
         },
         "node_modules/punycode": {
-            "version": "2.3.0",
-            "resolved": "https://registry.npmjs.org/punycode/-/punycode-2.3.0.tgz",
-            "integrity": "sha512-rRV+zQD8tVFys26lAGR9WUuS4iUAngJScM+ZRSKtvl5tKeZ2t5bvdNFdNHBW9FWR4guGHlgmsZ1G7BSm2wTbuA==",
+            "version": "2.3.1",
+            "resolved": "https://registry.npmjs.org/punycode/-/punycode-2.3.1.tgz",
+            "integrity": "sha512-vYt7UD1U9Wg6138shLtLOvdAu+8DsC/ilFtEVHcH+wydcSpNE20AfSOduf6MkRFahL5FY7X1oU7nKVZFtfq8Fg==",
             "dev": true,
             "engines": {
                 "node": ">=6"
@@ -8590,18 +8590,18 @@
             }
         },
         "node_modules/webdriver": {
-            "version": "8.20.4",
-            "resolved": "https://registry.npmjs.org/webdriver/-/webdriver-8.20.4.tgz",
-            "integrity": "sha512-X/6l+zGXn1trqA1LRwYETIJgkJQTVZ/xE1SrTlSxk2BE7Tq40voxfbDKUyauaCyRyABhA0ZgK5/1UOqeCKW15w==",
+            "version": "8.21.0",
+            "resolved": "https://registry.npmjs.org/webdriver/-/webdriver-8.21.0.tgz",
+            "integrity": "sha512-jQ3Me9lEAD+rQWg2g+YfTi2rADCfg7sl02jji9eVRJKJ7Vji7ceGJ6xXfj5+gEZZW8EJt7tpXILJi3etMAYwvA==",
             "dev": true,
             "dependencies": {
                 "@types/node": "^20.1.0",
                 "@types/ws": "^8.5.3",
-                "@wdio/config": "8.20.3",
+                "@wdio/config": "8.21.0",
                 "@wdio/logger": "8.16.17",
                 "@wdio/protocols": "8.20.4",
-                "@wdio/types": "8.20.0",
-                "@wdio/utils": "8.20.3",
+                "@wdio/types": "8.21.0",
+                "@wdio/utils": "8.21.0",
                 "deepmerge-ts": "^5.1.0",
                 "got": "^ 12.6.1",
                 "ky": "^0.33.0",
@@ -8649,23 +8649,23 @@
             }
         },
         "node_modules/webdriverio": {
-            "version": "8.20.4",
-            "resolved": "https://registry.npmjs.org/webdriverio/-/webdriverio-8.20.4.tgz",
-            "integrity": "sha512-+iyYK0NTviXv3Lyws07CaX9pLET9l0bh8aPICfCyf7f0NZLUDvUoEKvjviMCfLq4lbDu7CFIEyDZUJeuqlRwlw==",
+            "version": "8.21.0",
+            "resolved": "https://registry.npmjs.org/webdriverio/-/webdriverio-8.21.0.tgz",
+            "integrity": "sha512-vLpQMOQ9eGyrihkVpuFfd4X83MB8RhfAhhSKnEVAzWn/2CRNlwQSQ4vdNXKhv/kmmBdJOckJThbpV905AQSXFA==",
             "dev": true,
             "dependencies": {
                 "@types/node": "^20.1.0",
-                "@wdio/config": "8.20.3",
+                "@wdio/config": "8.21.0",
                 "@wdio/logger": "8.16.17",
                 "@wdio/protocols": "8.20.4",
                 "@wdio/repl": "8.10.1",
-                "@wdio/types": "8.20.0",
-                "@wdio/utils": "8.20.3",
+                "@wdio/types": "8.21.0",
+                "@wdio/utils": "8.21.0",
                 "archiver": "^6.0.0",
                 "aria-query": "^5.0.0",
                 "css-shorthand-properties": "^1.1.1",
                 "css-value": "^0.0.1",
-                "devtools-protocol": "^0.0.1209236",
+                "devtools-protocol": "^0.0.1213968",
                 "grapheme-splitter": "^1.0.2",
                 "import-meta-resolve": "^3.0.0",
                 "is-plain-obj": "^4.1.0",
@@ -8677,7 +8677,7 @@
                 "resq": "^1.9.1",
                 "rgb2hex": "0.2.5",
                 "serialize-error": "^11.0.1",
-                "webdriver": "8.20.4"
+                "webdriver": "8.21.0"
             },
             "engines": {
                 "node": "^16.13 || >=18"

tests/wdio/package.json

@@ -4,15 +4,15 @@
     "type": "module",
     "devDependencies": {
         "@trivago/prettier-plugin-sort-imports": "^4.2.1",
-        "@typescript-eslint/eslint-plugin": "^6.9.0",
-        "@typescript-eslint/parser": "^6.9.0",
-        "@wdio/cli": "^8.20.5",
-        "@wdio/local-runner": "^8.20.5",
-        "@wdio/mocha-framework": "^8.20.3",
-        "@wdio/spec-reporter": "^8.20.0",
-        "eslint": "^8.52.0",
+        "@typescript-eslint/eslint-plugin": "^6.9.1",
+        "@typescript-eslint/parser": "^6.9.1",
+        "@wdio/cli": "^8.21.0",
+        "@wdio/local-runner": "^8.21.0",
+        "@wdio/mocha-framework": "^8.21.0",
+        "@wdio/spec-reporter": "^8.21.0",
+        "eslint": "^8.53.0",
         "eslint-config-google": "^0.14.0",
-        "eslint-plugin-sonarjs": "^0.21.0",
+        "eslint-plugin-sonarjs": "^0.23.0",
         "npm-run-all": "^4.1.5",
         "prettier": "^3.0.3",
         "ts-node": "^10.9.1",

web/package.json

@@ -38,22 +38,22 @@
         "@codemirror/theme-one-dark": "^6.1.2",
         "@formatjs/intl-listformat": "^7.5.0",
         "@fortawesome/fontawesome-free": "^6.4.2",
-        "@goauthentik/api": "^2023.10.1-1698348102",
+        "@goauthentik/api": "^2023.10.2-1698526374",
         "@lit-labs/context": "^0.4.1",
         "@lit-labs/task": "^3.1.0",
-        "@lit/localize": "^0.11.4",
+        "@lit/localize": "^0.12.1",
         "@open-wc/lit-helpers": "^0.6.0",
         "@patternfly/elements": "^2.4.0",
         "@patternfly/patternfly": "^4.224.2",
-        "@sentry/browser": "^7.75.1",
-        "@sentry/tracing": "^7.75.1",
+        "@sentry/browser": "^7.77.0",
+        "@sentry/tracing": "^7.77.0",
         "@webcomponents/webcomponentsjs": "^2.8.0",
         "base64-js": "^1.5.1",
         "chart.js": "^4.4.0",
         "chartjs-adapter-moment": "^1.0.1",
         "codemirror": "^6.0.1",
         "construct-style-sheets-polyfill": "^3.1.0",
-        "core-js": "^3.33.1",
+        "core-js": "^3.33.2",
         "country-flag-icons": "^1.5.7",
         "fuse.js": "^7.0.0",
         "lit": "^2.8.0",
@@ -61,7 +61,7 @@
         "rapidoc": "^9.3.4",
         "style-mod": "^4.1.0",
         "webcomponent-qr-code": "^1.2.0",
-        "yaml": "^2.3.3"
+        "yaml": "^2.3.4"
     },
     "devDependencies": {
         "@babel/core": "^7.23.2",
@@ -79,43 +79,43 @@
         "@rollup/plugin-babel": "^6.0.4",
         "@rollup/plugin-commonjs": "^25.0.7",
         "@rollup/plugin-node-resolve": "^15.2.3",
-        "@rollup/plugin-replace": "^5.0.4",
+        "@rollup/plugin-replace": "^5.0.5",
         "@rollup/plugin-terser": "^0.4.4",
         "@rollup/plugin-typescript": "^11.1.5",
-        "@storybook/addon-essentials": "^7.5.1",
-        "@storybook/addon-links": "^7.5.1",
+        "@storybook/addon-essentials": "^7.5.2",
+        "@storybook/addon-links": "^7.5.2",
         "@storybook/blocks": "^7.1.1",
-        "@storybook/web-components": "^7.5.1",
-        "@storybook/web-components-vite": "^7.5.1",
+        "@storybook/web-components": "^7.5.2",
+        "@storybook/web-components-vite": "^7.5.2",
         "@trivago/prettier-plugin-sort-imports": "^4.2.1",
         "@types/chart.js": "^2.9.39",
         "@types/codemirror": "5.60.12",
         "@types/grecaptcha": "^3.0.6",
-        "@typescript-eslint/eslint-plugin": "^6.9.0",
-        "@typescript-eslint/parser": "^6.9.0",
+        "@typescript-eslint/eslint-plugin": "^6.9.1",
+        "@typescript-eslint/parser": "^6.9.1",
         "babel-plugin-macros": "^3.1.0",
         "babel-plugin-tsconfig-paths": "^1.0.3",
         "cross-env": "^7.0.3",
-        "eslint": "^8.52.0",
+        "eslint": "^8.53.0",
         "eslint-config-google": "^0.14.0",
         "eslint-plugin-custom-elements": "0.0.8",
         "eslint-plugin-lit": "^1.10.1",
-        "eslint-plugin-sonarjs": "^0.21.0",
+        "eslint-plugin-sonarjs": "^0.23.0",
         "eslint-plugin-storybook": "^0.6.15",
         "lit-analyzer": "^2.0.1",
         "npm-run-all": "^4.1.5",
         "prettier": "^3.0.3",
         "pseudolocale": "^2.0.0",
-        "pyright": "^1.1.333",
+        "pyright": "^1.1.334",
         "react": "^18.2.0",
         "react-dom": "^18.2.0",
-        "rollup": "^4.1.4",
+        "rollup": "^4.3.0",
         "rollup-plugin-copy": "^3.5.0",
         "rollup-plugin-cssimport": "^1.0.3",
         "rollup-plugin-postcss-lit": "^2.1.0",
-        "storybook": "^7.5.1",
+        "storybook": "^7.5.2",
         "storybook-addon-mock": "^4.3.0",
-        "ts-lit-plugin": "^2.0.0",
+        "ts-lit-plugin": "^2.0.1",
         "tslib": "^2.6.2",
         "turnstile-types": "^1.1.3",
         "typescript": "^5.2.2",

web/src/admin/admin-overview/DashboardUserPage.ts

@@ -54,6 +54,7 @@ export class DashboardUserPage extends AKElement {
                                     context__model__app: "authentik_core",
                                     context__model__model_name: "user",
                                 }}
+                                label=${msg("Users created")}
                             >
                             </ak-charts-admin-model-per-day>
                         </ak-aggregate-card>
@@ -66,7 +67,10 @@ export class DashboardUserPage extends AKElement {
                         class="pf-l-grid__item pf-m-12-col pf-m-6-col-on-xl pf-m-6-col-on-2xl big-graph-container"
                     >
                         <ak-aggregate-card header=${msg("Logins per day in the last month")}>
-                            <ak-charts-admin-model-per-day action=${EventActions.Login}>
+                            <ak-charts-admin-model-per-day
+                                action=${EventActions.Login}
+                                label=${msg("Logins")}
+                            >
                             </ak-charts-admin-model-per-day>
                         </ak-aggregate-card>
                     </div>
@@ -74,7 +78,10 @@ export class DashboardUserPage extends AKElement {
                         class="pf-l-grid__item pf-m-12-col pf-m-6-col-on-xl pf-m-6-col-on-2xl big-graph-container"
                     >
                         <ak-aggregate-card header=${msg("Failed Logins per day in the last month")}>
-                            <ak-charts-admin-model-per-day action=${EventActions.LoginFailed}>
+                            <ak-charts-admin-model-per-day
+                                action=${EventActions.LoginFailed}
+                                label=${msg("Failed logins")}
+                            >
                             </ak-charts-admin-model-per-day>
                         </ak-aggregate-card>
                     </div>

web/src/admin/admin-overview/charts/AdminModelPerDay.ts

@@ -12,6 +12,9 @@ export class AdminModelPerDay extends AKChart<Coordinate[]> {
     @property()
     action: EventActions = EventActions.ModelCreated;
 
+    @property()
+    label?: string;
+
     @property({ attribute: false })
     query?: { [key: string]: unknown } | undefined;
 
@@ -33,7 +36,7 @@ export class AdminModelPerDay extends AKChart<Coordinate[]> {
         return {
             datasets: [
                 {
-                    label: msg("Objects created"),
+                    label: this.label || msg("Objects created"),
                     backgroundColor: "rgba(189, 229, 184, .5)",
                     spanGaps: true,
                     data:

web/src/admin/providers/oauth2/OAuth2ProviderForm.ts

@@ -334,13 +334,14 @@ export class OAuth2ProviderFormPage extends ModelForm<OAuth2Provider, number> {
                         )}
                     >
                     </ak-radio-input>
-                    <ak-switch-input name="includeClaimsInIdToken">
+                    <ak-switch-input
+                        name="includeClaimsInIdToken"
                         label=${msg("Include claims in id_token")}
                         ?checked=${first(provider?.includeClaimsInIdToken, true)}
                         help=${msg(
                             "Include User claims from scopes in the id_token, for applications that don't access the userinfo endpoint.",
-                        )}></ak-switch-input
-                    >
+                        )}
+                    ></ak-switch-input>
                     <ak-radio-input
                         name="issuerMode"
                         label=${msg("Issuer mode")}

web/src/admin/sources/oauth/OAuthSourceForm.ts

@@ -386,6 +386,7 @@ export class OAuthSourceForm extends ModelForm<OAuthSource, string> {
                             class="pf-c-form-control"
                             required
                         />
+                        <p class="pf-c-form__helper-text">${msg("Also known as Client ID.")}</p>
                     </ak-form-element-horizontal>
                     <ak-form-element-horizontal
                         label=${msg("Consumer secret")}
@@ -394,6 +395,7 @@ export class OAuthSourceForm extends ModelForm<OAuthSource, string> {
                         name="consumerSecret"
                     >
                         <textarea class="pf-c-form-control"></textarea>
+                        <p class="pf-c-form__helper-text">${msg("Also known as Client Secret.")}</p>
                     </ak-form-element-horizontal>
                     <ak-form-element-horizontal label=${msg("Scopes")} name="additionalScopes">
                         <input

web/src/flow/stages/identification/IdentificationStage.ts

@@ -80,11 +80,12 @@ export class IdentificationStage extends BaseStage<
     }
 
     createHelperForm(): void {
+        const compatMode = "ShadyDOM" in window;
         this.form = document.createElement("form");
         document.documentElement.appendChild(this.form);
         // Only add the additional username input if we're in a shadow dom
         // otherwise it just confuses browsers
-        if (!("ShadyDOM" in window)) {
+        if (!compatMode) {
             // This is a workaround for the fact that we're in a shadow dom
             // adapted from https://github.com/home-assistant/frontend/issues/3133
             const username = document.createElement("input");
@@ -104,30 +105,33 @@ export class IdentificationStage extends BaseStage<
             };
             this.form.appendChild(username);
         }
-        const password = document.createElement("input");
-        password.setAttribute("type", "password");
-        password.setAttribute("name", "password");
-        password.setAttribute("autocomplete", "current-password");
-        password.onkeyup = (ev: KeyboardEvent) => {
-            if (ev.key == "Enter") {
-                this.submitForm(ev);
-            }
-            const el = ev.target as HTMLInputElement;
-            // Because the password field is not actually on this page,
-            // and we want to 'prefill' the password for the user,
-            // save it globally
-            PasswordManagerPrefill.password = el.value;
-            // Because password managers fill username, then password,
-            // we need to re-focus the uid_field here too
-            (this.shadowRoot || this)
-                .querySelectorAll<HTMLInputElement>("input[name=uidField]")
-                .forEach((input) => {
-                    // Because we assume only one input field exists that matches this
-                    // call focus so the user can press enter
-                    input.focus();
-                });
-        };
-        this.form.appendChild(password);
+        // Only add the password field when we don't already show a password field
+        if (!compatMode && !this.challenge.passwordFields) {
+            const password = document.createElement("input");
+            password.setAttribute("type", "password");
+            password.setAttribute("name", "password");
+            password.setAttribute("autocomplete", "current-password");
+            password.onkeyup = (ev: KeyboardEvent) => {
+                if (ev.key == "Enter") {
+                    this.submitForm(ev);
+                }
+                const el = ev.target as HTMLInputElement;
+                // Because the password field is not actually on this page,
+                // and we want to 'prefill' the password for the user,
+                // save it globally
+                PasswordManagerPrefill.password = el.value;
+                // Because password managers fill username, then password,
+                // we need to re-focus the uid_field here too
+                (this.shadowRoot || this)
+                    .querySelectorAll<HTMLInputElement>("input[name=uidField]")
+                    .forEach((input) => {
+                        // Because we assume only one input field exists that matches this
+                        // call focus so the user can press enter
+                        input.focus();
+                    });
+            };
+            this.form.appendChild(password);
+        }
         const totp = document.createElement("input");
         totp.setAttribute("type", "text");
         totp.setAttribute("name", "code");

web/xliff/de.xlf

@@ -6037,6 +6037,18 @@ Bindings to groups/users are checked against the user of the event.</source>
 </trans-unit>
 <trans-unit id="s32babfed740fd3c1">
   <source>User type used for newly created users.</source>
+</trans-unit>
+<trans-unit id="s4a34a6be4c68ec87">
+  <source>Users created</source>
+</trans-unit>
+<trans-unit id="s275c956687e2e656">
+  <source>Failed logins</source>
+</trans-unit>
+<trans-unit id="sb35c08e3a541188f">
+  <source>Also known as Client ID.</source>
+</trans-unit>
+<trans-unit id="sd46fd9b647cfea10">
+  <source>Also known as Client Secret.</source>
 </trans-unit>
     </body>
   </file>

web/xliff/en.xlf

@@ -6318,6 +6318,18 @@ Bindings to groups/users are checked against the user of the event.</source>
 </trans-unit>
 <trans-unit id="s32babfed740fd3c1">
   <source>User type used for newly created users.</source>
+</trans-unit>
+<trans-unit id="s4a34a6be4c68ec87">
+  <source>Users created</source>
+</trans-unit>
+<trans-unit id="s275c956687e2e656">
+  <source>Failed logins</source>
+</trans-unit>
+<trans-unit id="sb35c08e3a541188f">
+  <source>Also known as Client ID.</source>
+</trans-unit>
+<trans-unit id="sd46fd9b647cfea10">
+  <source>Also known as Client Secret.</source>
 </trans-unit>
     </body>
   </file>

web/xliff/es.xlf

@@ -5952,6 +5952,18 @@ Bindings to groups/users are checked against the user of the event.</source>
 </trans-unit>
 <trans-unit id="s32babfed740fd3c1">
   <source>User type used for newly created users.</source>
+</trans-unit>
+<trans-unit id="s4a34a6be4c68ec87">
+  <source>Users created</source>
+</trans-unit>
+<trans-unit id="s275c956687e2e656">
+  <source>Failed logins</source>
+</trans-unit>
+<trans-unit id="sb35c08e3a541188f">
+  <source>Also known as Client ID.</source>
+</trans-unit>
+<trans-unit id="sd46fd9b647cfea10">
+  <source>Also known as Client Secret.</source>
 </trans-unit>
     </body>
   </file>

web/xliff/pl.xlf

@@ -6160,6 +6160,18 @@ Bindings to groups/users are checked against the user of the event.</source>
 </trans-unit>
 <trans-unit id="s32babfed740fd3c1">
   <source>User type used for newly created users.</source>
+</trans-unit>
+<trans-unit id="s4a34a6be4c68ec87">
+  <source>Users created</source>
+</trans-unit>
+<trans-unit id="s275c956687e2e656">
+  <source>Failed logins</source>
+</trans-unit>
+<trans-unit id="sb35c08e3a541188f">
+  <source>Also known as Client ID.</source>
+</trans-unit>
+<trans-unit id="sd46fd9b647cfea10">
+  <source>Also known as Client Secret.</source>
 </trans-unit>
     </body>
   </file>

web/xliff/pseudo-LOCALE.xlf

@@ -7848,4 +7848,16 @@ Bindings to groups/users are checked against the user of the event.</source>
 <trans-unit id="s32babfed740fd3c1">
   <source>User type used for newly created users.</source>
 </trans-unit>
+<trans-unit id="s4a34a6be4c68ec87">
+  <source>Users created</source>
+</trans-unit>
+<trans-unit id="s275c956687e2e656">
+  <source>Failed logins</source>
+</trans-unit>
+<trans-unit id="sb35c08e3a541188f">
+  <source>Also known as Client ID.</source>
+</trans-unit>
+<trans-unit id="sd46fd9b647cfea10">
+  <source>Also known as Client Secret.</source>
+</trans-unit>
 </body></file></xliff>

web/xliff/tr.xlf

@@ -5945,6 +5945,18 @@ Bindings to groups/users are checked against the user of the event.</source>
 </trans-unit>
 <trans-unit id="s32babfed740fd3c1">
   <source>User type used for newly created users.</source>
+</trans-unit>
+<trans-unit id="s4a34a6be4c68ec87">
+  <source>Users created</source>
+</trans-unit>
+<trans-unit id="s275c956687e2e656">
+  <source>Failed logins</source>
+</trans-unit>
+<trans-unit id="sb35c08e3a541188f">
+  <source>Also known as Client ID.</source>
+</trans-unit>
+<trans-unit id="sd46fd9b647cfea10">
+  <source>Also known as Client Secret.</source>
 </trans-unit>
     </body>
   </file>

web/xliff/zh-Hans.xlf

@@ -1,4 +1,4 @@
-<?xml version="1.0" ?><xliff xmlns="urn:oasis:names:tc:xliff:document:1.2" version="1.2">
+<?xml version="1.0"?><xliff xmlns="urn:oasis:names:tc:xliff:document:1.2" version="1.2">
   <file target-language="zh-Hans" source-language="en" original="lit-localize-inputs" datatype="plaintext">
     <body>
       <trans-unit id="s4caed5b7a7e5d89b">
@@ -613,9 +613,9 @@
         
       </trans-unit>
       <trans-unit id="saa0e2675da69651b">
-        <source>The URL &quot;<x id="0" equiv-text="${this.url}"/>&quot; was not found.</source>
-        <target>未找到 URL &quot; 
-        <x id="0" equiv-text="${this.url}"/>&quot;。</target>
+        <source>The URL "<x id="0" equiv-text="${this.url}"/>" was not found.</source>
+        <target>未找到 URL " 
+        <x id="0" equiv-text="${this.url}"/>"。</target>
         
       </trans-unit>
       <trans-unit id="s58cd9c2fe836d9c6">
@@ -1057,8 +1057,8 @@
         
       </trans-unit>
       <trans-unit id="sa8384c9c26731f83">
-        <source>To allow any redirect URI, set this value to &quot;.*&quot;. Be aware of the possible security implications this can have.</source>
-        <target>要允许任何重定向 URI，请将此值设置为 &quot;.*&quot;。请注意这可能带来的安全影响。</target>
+        <source>To allow any redirect URI, set this value to ".*". Be aware of the possible security implications this can have.</source>
+        <target>要允许任何重定向 URI，请将此值设置为 ".*"。请注意这可能带来的安全影响。</target>
         
       </trans-unit>
       <trans-unit id="s55787f4dfcdce52b">
@@ -1799,8 +1799,8 @@
         
       </trans-unit>
       <trans-unit id="sa90b7809586c35ce">
-        <source>Either input a full URL, a relative path, or use 'fa://fa-test' to use the Font Awesome icon &quot;fa-test&quot;.</source>
-        <target>输入完整 URL、相对路径，或者使用 'fa://fa-test' 来使用 Font Awesome 图标 &quot;fa-test&quot;。</target>
+        <source>Either input a full URL, a relative path, or use 'fa://fa-test' to use the Font Awesome icon "fa-test".</source>
+        <target>输入完整 URL、相对路径，或者使用 'fa://fa-test' 来使用 Font Awesome 图标 "fa-test"。</target>
         
       </trans-unit>
       <trans-unit id="s0410779cb47de312">
@@ -3013,8 +3013,8 @@ doesn't pass when either or both of the selected options are equal or above the
         
       </trans-unit>
       <trans-unit id="s76768bebabb7d543">
-        <source>Field which contains members of a group. Note that if using the &quot;memberUid&quot; field, the value is assumed to contain a relative distinguished name. e.g. 'memberUid=some-user' instead of 'memberUid=cn=some-user,ou=groups,...'</source>
-        <target>包含组成员的字段。请注意，如果使用 &quot;memberUid&quot; 字段，则假定该值包含相对可分辨名称。例如，'memberUid=some-user' 而不是 'memberUid=cn=some-user,ou=groups,...'</target>
+        <source>Field which contains members of a group. Note that if using the "memberUid" field, the value is assumed to contain a relative distinguished name. e.g. 'memberUid=some-user' instead of 'memberUid=cn=some-user,ou=groups,...'</source>
+        <target>包含组成员的字段。请注意，如果使用 "memberUid" 字段，则假定该值包含相对可分辨名称。例如，'memberUid=some-user' 而不是 'memberUid=cn=some-user,ou=groups,...'</target>
         
       </trans-unit>
       <trans-unit id="s026555347e589f0e">
@@ -3806,8 +3806,8 @@ doesn't pass when either or both of the selected options are equal or above the
         
       </trans-unit>
       <trans-unit id="s7b1fba26d245cb1c">
-        <source>When using an external logging solution for archiving, this can be set to &quot;minutes=5&quot;.</source>
-        <target>使用外部日志记录解决方案进行存档时，可以将其设置为 &quot;minutes=5&quot;。</target>
+        <source>When using an external logging solution for archiving, this can be set to "minutes=5".</source>
+        <target>使用外部日志记录解决方案进行存档时，可以将其设置为 "minutes=5"。</target>
         
       </trans-unit>
       <trans-unit id="s44536d20bb5c8257">
@@ -3816,8 +3816,8 @@ doesn't pass when either or both of the selected options are equal or above the
         
       </trans-unit>
       <trans-unit id="s3bb51cabb02b997e">
-        <source>Format: &quot;weeks=3;days=2;hours=3,seconds=2&quot;.</source>
-        <target>格式：&quot;weeks=3;days=2;hours=3,seconds=2&quot;。</target>
+        <source>Format: "weeks=3;days=2;hours=3,seconds=2".</source>
+        <target>格式："weeks=3;days=2;hours=3,seconds=2"。</target>
         
       </trans-unit>
       <trans-unit id="s04bfd02201db5ab8">
@@ -4013,10 +4013,10 @@ doesn't pass when either or both of the selected options are equal or above the
         
       </trans-unit>
       <trans-unit id="sa95a538bfbb86111">
-        <source>Are you sure you want to update <x id="0" equiv-text="${this.objectLabel}"/> &quot;<x id="1" equiv-text="${this.obj?.name}"/>&quot;?</source>
+        <source>Are you sure you want to update <x id="0" equiv-text="${this.objectLabel}"/> "<x id="1" equiv-text="${this.obj?.name}"/>"?</source>
         <target>您确定要更新 
-        <x id="0" equiv-text="${this.objectLabel}"/>&quot; 
-        <x id="1" equiv-text="${this.obj?.name}"/>&quot; 吗？</target>
+        <x id="0" equiv-text="${this.objectLabel}"/>" 
+        <x id="1" equiv-text="${this.obj?.name}"/>" 吗？</target>
         
       </trans-unit>
       <trans-unit id="sc92d7cfb6ee1fec6">
@@ -5102,7 +5102,7 @@ doesn't pass when either or both of the selected options are equal or above the
         
       </trans-unit>
       <trans-unit id="sdf1d8edef27236f0">
-        <source>A &quot;roaming&quot; authenticator, like a YubiKey</source>
+        <source>A "roaming" authenticator, like a YubiKey</source>
         <target>像 YubiKey 这样的“漫游”身份验证器</target>
         
       </trans-unit>
@@ -5437,10 +5437,10 @@ doesn't pass when either or both of the selected options are equal or above the
         
       </trans-unit>
       <trans-unit id="s2d5f69929bb7221d">
-        <source><x id="0" equiv-text="${prompt.name}"/> (&quot;<x id="1" equiv-text="${prompt.fieldKey}"/>&quot;, of type <x id="2" equiv-text="${prompt.type}"/>)</source>
+        <source><x id="0" equiv-text="${prompt.name}"/> ("<x id="1" equiv-text="${prompt.fieldKey}"/>", of type <x id="2" equiv-text="${prompt.type}"/>)</source>
         <target>
-        <x id="0" equiv-text="${prompt.name}"/>（&quot; 
-        <x id="1" equiv-text="${prompt.fieldKey}"/>&quot;，类型为 
+        <x id="0" equiv-text="${prompt.name}"/>（" 
+        <x id="1" equiv-text="${prompt.fieldKey}"/>"，类型为 
         <x id="2" equiv-text="${prompt.type}"/>）</target>
         
       </trans-unit>
@@ -5489,7 +5489,7 @@ doesn't pass when either or both of the selected options are equal or above the
         
       </trans-unit>
       <trans-unit id="s1608b2f94fa0dbd4">
-        <source>If set to a duration above 0, the user will have the option to choose to &quot;stay signed in&quot;, which will extend their session by the time specified here.</source>
+        <source>If set to a duration above 0, the user will have the option to choose to "stay signed in", which will extend their session by the time specified here.</source>
         <target>如果设置时长大于 0，用户可以选择“保持登录”选项，这将使用户的会话延长此处设置的时间。</target>
         
       </trans-unit>
@@ -7941,7 +7941,19 @@ Bindings to groups/users are checked against the user of the event.</source>
 <trans-unit id="s32babfed740fd3c1">
   <source>User type used for newly created users.</source>
   <target>新创建用户使用的用户类型。</target>
+</trans-unit>
+<trans-unit id="s4a34a6be4c68ec87">
+  <source>Users created</source>
+</trans-unit>
+<trans-unit id="s275c956687e2e656">
+  <source>Failed logins</source>
+</trans-unit>
+<trans-unit id="sb35c08e3a541188f">
+  <source>Also known as Client ID.</source>
+</trans-unit>
+<trans-unit id="sd46fd9b647cfea10">
+  <source>Also known as Client Secret.</source>
 </trans-unit>
     </body>
   </file>
-</xliff>
+</xliff>

web/xliff/zh-Hant.xlf

@@ -5993,6 +5993,18 @@ Bindings to groups/users are checked against the user of the event.</source>
 </trans-unit>
 <trans-unit id="s32babfed740fd3c1">
   <source>User type used for newly created users.</source>
+</trans-unit>
+<trans-unit id="s4a34a6be4c68ec87">
+  <source>Users created</source>
+</trans-unit>
+<trans-unit id="s275c956687e2e656">
+  <source>Failed logins</source>
+</trans-unit>
+<trans-unit id="sb35c08e3a541188f">
+  <source>Also known as Client ID.</source>
+</trans-unit>
+<trans-unit id="sd46fd9b647cfea10">
+  <source>Also known as Client Secret.</source>
 </trans-unit>
     </body>
   </file>

web/xliff/zh_TW.xlf

@@ -5992,6 +5992,18 @@ Bindings to groups/users are checked against the user of the event.</source>
 </trans-unit>
 <trans-unit id="s32babfed740fd3c1">
   <source>User type used for newly created users.</source>
+</trans-unit>
+<trans-unit id="s4a34a6be4c68ec87">
+  <source>Users created</source>
+</trans-unit>
+<trans-unit id="s275c956687e2e656">
+  <source>Failed logins</source>
+</trans-unit>
+<trans-unit id="sb35c08e3a541188f">
+  <source>Also known as Client ID.</source>
+</trans-unit>
+<trans-unit id="sd46fd9b647cfea10">
+  <source>Also known as Client Secret.</source>
 </trans-unit>
     </body>
   </file>

website/blog/2023-11-1-happy-birthday-to-us/item.md

@@ -0,0 +1,112 @@
+---
+title: “Happy Birthday to Us!”
+description: “We are celebrating our one-year anniversary since the founding of Authentik Security..”
+slug: 2023-11-1-happy-birthday-to-us
+authors:
+    - name: Jens Langhammer and the authentik team
+      url: https://goauthentik.io
+#      image_url: https://github.com/goauthentik/authentik/main/website/static/img/icon.png
+tags:
+    - startups
+    - founders
+    - building a team
+    - SSO
+    - security
+    - identity provider
+    - authentication
+hide_table_of_contents: false
+---
+
+> **_authentik is an open source Identity Provider that unifies your identity needs into a single platform, replacing Okta, Active Directory, and auth0. Authentik Security is a [public benefit company](https://github.com/OpenCoreVentures/ocv-public-benefit-company/blob/main/ocv-public-benefit-company-charter.md) building on top of the open source project._**
+
+---
+
+Even though we are shouting _Happy Birthday to Us_, we want to start by saying:
+
+> Thank You to you all, our users and supporters and contributors, our questioners and testers!
+
+We simply would not be here, celebrating our 1-year mark, without your past and present support. While there are only 7 employees at Authentik Security, we know that our flagship product, [authentik](https://goauthentik.io/), has a much bigger team... you all! Our contributors and fellow builders and users are on the same team that took us this far, and we look forward to continuing the journey with you to build our amazing authentication platform on authentik!
+
+!["Photo by <a href="https://unsplash.com/@montatip?utm_content=creditCopyText&utm_medium=referral&utm_source=unsplash">montatip lilitsanong</a> on <a href="https://unsplash.com/photos/chocolate-cake-with-cherry-on-top-eOcKHriNVk4?utm_content=creditCopyText&utm_medium=referral&utm_source=unsplash">Unsplash</a>"](./image1.jpg)
+
+<!--truncate-->
+
+### The backstory
+
+Our CTO, [Jens Langhammer](https://www.linkedin.com/in/beryju), began coding authentik in 2018, with the first commit on November 11. By October of 2021 there was already excitement around the project, much of it on Reddit, not your usual suspect for open source news. The enthusiasm about the SSO project caught eyes in the ecosystem.
+
+The initial emails about building a company happened in April 2022, when [Open Core Ventures](https://opencoreventures.com/) approached Jens and expressed interest in supporting his open source project with funding and operational guidance. A matter of months later, and some hard thinking by Jens, the dotted lines were signed, the funding was there, and in November of 2022 Authentik Security was founded.
+
+There are hundreds of thousands of open source projects out there; to have authentik selected, and deemed robust and useful enough to receive backing and support, with an opportunity to turn it into a proper company with the resources needed to keep building new features, was a remarkable opportunity.
+
+Sure, building a community is an exciting opportunity, but it's also a slightly terrifying one. Those of us who work in open source ecosystems understand well how important it is to simultaneously demonstrate steady growth and dedication to the project, a willingness to take risks, and above all, value. Building software is almost always fun; building software that solves problems is also really hard work.
+
+> Fast forward a year (and it WAS fast!)…
+
+### A year flies when you’re having fun
+
+A lot happens in a year. This week we are celebrating our 1st full year as an incorporated company. The past year was focused on Jens settling into his role as CTO, hiring the team, pulling us all together to keep releasing new features, and learning the joy of pre-sales work and calls with customers. (Hint: he’d rather be coding!)
+
+Once you get to know Jens, you won’t be surprised to his answer about what he was most looked forward to about building up a team and a company and further building out the product:
+
+-   Building [even more] cool features that he didn’t have the time to do all himself, and hiring professionals to do specialized work.
+-   Building something that outlasts the builder… something useful to the world, working with other founders, and taking a project to a product to a software staple.
+
+**Building a new team from scratch**
+
+That task alone will scare most of us. In software, team work is most definitely what makes the dream work, so finding the right talents and skills sets and experiences to compliment Jens’ deep technical skills and full-stack experience was of paramount importance. We now have developers with expertise in frontend and backend development, infrastructure, and security, a well as a content editor.
+
+Of course, it is not just the technical skills that a potential new hire needs; as important are less-measurable skills like collaboration, communication, and perhaps most importantly, what we call “technical curiosity”.
+
+> How does this thing work, from whom can I learn more, and with whom can I share my knowledge?
+
+We have that team now, and are grateful for it. Celebrating the one-year mark of Authentik Security means a lot to us!
+
+**Keep those PRs merging**
+
+Keeping new functionality rolling out (and keeping up with Issues and PRs in our repository) never slowed down much, even during the period of incorporating as a company and building a team. Support for new providers, becoming [OpenID certified](https://goauthentik.io/blog/2023-03-07-becoming-openid-certified-why-standards-matter), adding support for [SCIM](https://goauthentik.io/docs/providers/scim/) and [RADIUS](https://goauthentik.io/docs/providers/radius/) protocols, and a [lot more](https://goauthentik.io/docs/releases).
+
+Right at the end of our first year, we released our [Enterprise version](https://goauthentik.io/blog/2023-08-31-announcing-the-authentik-enterprise-release), with dedicated support. And just last week, we rolled out one of the most important capabilities in an identity management platform: [RBAC](https://goauthentik.io/docs/user-group-role/access-control/) (role-based access control).
+
+**New processes, new ideas, and expected growing pains**
+
+With a new team, come new processes. Someone has to decide which emoji to use for which infrastructure task that’s completed.
+
+OK, ok, beyond selecting emojis, we also (slowly and deliberately) defined new logical and pragmatic ways to create discrete work tasks and to track work by sprints. This effort went in fits and stops and starts; now we move much more rapidly with our defined tasks and open communication about who is working on what. We are also formalizing our release processes, doubling-down on our CI/CD pipeline and deployment packaging testing, and implementing technical review for all published content.
+
+Increased team size means more ideas, often brought in by someone on the team who gained experience in a certain area on their previous job. For example, some of our happy implementations include moving to ArgoCD (yay for [deploying your PR’s](https://dev.to/camptocamp-ops/using-argocd-pull-request-generator-to-review-application-modifications-236e) app modifications in a test environment!), a suggestion from our Infrastructure engineer. As was the decision to move fully to IPv6 (look for an upcoming blog about that soon!). Our frontend developer is busy building the UI layer for new features (RBAC is here!) and as he goes, templatizing our frontend workflows and components. Further expertise in APIs, security, and technical content are part of the team.
+
+We can say that our growing pains haven’t been too dreadful. Sure, there was the one month when we went back and forth between three tools for tracking work tasks, but… In general, there’s nothing that a good conversation and some testing can’t solve.
+
+> Perhaps the biggest growing pain is the rest of the team learning how to prevent the founder from working himself into exhaustion. ;-)
+
+### A founder’s brain and heart
+
+Our team at authentik has a shared love of building things, and that shapes both how we work together and also our product, even how we communicate with our community.
+
+An interesting offset to our shared love of building is the shared sense of humility, of which we get daily doses from Jens.
+
+> To build boldly yet with humility is what sets some founders apart from others.
+
+The tone and espirit of the company is one reason it’s so meaningful to celebrate our 1-year birthday; we can happily celebrate a hard year of doing things with full, enthusiastic engagement. At authentik, nerdiness is embraced, technical curiosity flourishes, and transparency is a big part of our nature. Speaking of how we communicate with our community, our Discord forum is (in addition to GitHub) an important place where transparency matters. For example, we recently asked our community what they preferred for a release cycle. Based on the answers, we lengthened the release time from from monthly to every two or three months.
+
+Moving from a role of solo creator of an open source project, to being primary maintainer of a popular, growing project, to suddenly being CTO of a company based on that project is a quite a transition. A natural question we wanted to ask Jens is “What’s been the hardest thing about building a company?” His answers:
+
+-   “Recognizing and accepting that you don’t get to work on only what you want to, 100% of time… “
+-   “Learning to delegate, learning to let go a bit, trusting others to do it in their way, in the right spirit. Especially letting others get into the code… I’ve learned that instead of saying ‘I would not have done it this way’, I instead measure the success of the change itself.”
+
+### What’s up next?
+
+Going forward, we want to keep our focus on building features and supporting authentication protocols that our users want, but we have also identified several specific goals for this coming year:
+
+-   Increase our focus on UX and ease-of-use, templatizing as much as possible of the frontend components, and developing a UI style Guide
+-   Research and implement new functionality around remote machine access and management
+-   Defining increasingly robust tests and checks for our CI/CD pipeline and build process
+-   Implementing even stronger integration and migration testing, both automated and manual
+-   Spending more time on outreach and learning from our users about what you all want and where we can improve.
+
+This space of security and authentication is a hard space, especially with larger configurations with multiple providers, large user sets to be imported, and the absolute minute-by-minute race against malevolent hackers.
+
+Oh, and then there is that business of actually promoting and selling your product. But, as a team, we are proud of the product and excited to share it with others who need a solid, secure authentication platform.
+
+Thanks for joining us on this celebration of our one-year birthday, and let us know any thoughts you might have. You can send an email to hello@authentik.io, or find us on [GitHub](https://github.com/goauthentik/authentik) or [Discord](https://discord.com/channels/809154715984199690).

website/developer-docs/releases/index.md

@@ -68,8 +68,8 @@
 
 -   Create a draft GitHub Security advisory
 
-<details><summary>Template</summary>
-<p>
+<details>
+<summary>Template</summary>
 
 ```markdown
 ### Summary
@@ -99,7 +99,6 @@ If you have any questions or comments about this advisory:
 -   Email us at [security@goauthentik.io](mailto:security@goauthentik.io)
 ```
 
-</p>
 </details>
 
 -   Request a CVE via the draft advisory
@@ -118,8 +117,8 @@ If you have any questions or comments about this advisory:
 -   Wait for GitHub to assign a CVE
 -   Announce the release of the vulnerability via Mailing list and discord
 
-<details><summary>Mailing list template</summary>
-<p>
+<details>
+<summary>Mailing list template</summary>
 
 Subject: `Notice of upcoming authentik Security releases 2022.10.3 and 2022.11.3`
 
@@ -127,17 +126,15 @@ Subject: `Notice of upcoming authentik Security releases 2022.10.3 and 2022.11.3
 We'll be publishing a security Issue (CVE-2022-xxxxx) and accompanying fix on _date_, 13:00 UTC with the Severity level High. Fixed versions x, y and z will be released alongside a workaround for previous versions. For more info, see the authentik Security policy here: https://goauthentik.io/docs/security/policy.
 ```
 
-</p>
 </details>
 
-<details><summary>Discord template</summary>
-<p>
+<details>
+<summary>Discord template</summary>
 
 ```markdown
 @everyone We'll be publishing a security Issue (CVE-2022-xxxxx) and accompanying fix on _date_, 13:00 UTC with the Severity level High. Fixed versions x, y and z will be released alongside a workaround for previous versions. For more info, see the authentik Security policy here: https://goauthentik.io/docs/security/policy.
 ```
 
-</p>
 </details>
 
 ### Creating a security release
@@ -149,7 +146,8 @@ We'll be publishing a security Issue (CVE-2022-xxxxx) and accompanying fix on _d
 -   Resume the instructions above, starting with the `bumpversion` step
 -   After the release has been published, update the Discord announcement and send another mail to the mailing list to point to the new releases
 
-<details><summary>Mailing list template</summary>
+<details>
+<summary>Mailing list template</summary>
 <p>
 
 Subject: `Release of authentik Security releases 2022.10.3 and 2022.11.3`
@@ -163,7 +161,8 @@ Releases 2022.10.3 and 2022.11.3 with fixes included are available here: https:/
 </p>
 </details>
 
-<details><summary>Discord template</summary>
+<details>
+<summary>Discord template</summary>
 <p>
 
 ```markdown

website/docs/enterprise/entsupport.md

@@ -10,6 +10,6 @@ To access the Requests page, where you can open a request and view current reque
 
 You can also bookmark the direct link to your Requests page, using the following URL:
 
-> <https://customers.goauthentik.io/l/support>.
+> https://customers.goauthentik.io/l/support.
 
-You can also always reach out to us via email, using <hello@goauthentik.io> email address.
+You can also always reach out to us via email, using hello@goauthentik.io email address.

website/docs/enterprise/get-started.md

@@ -4,7 +4,7 @@ title: Get started
 
 Installing authentik is exactly the same process for both Enterprise version and our free [open source](https://github.com/goauthentik/authentik) version.
 
-> This **_Preview_** version of Enterprise authentik is available with our 2023.8.x release. Send us feedback through the Customer portal or to <hello@goauthentik.io>.
+> This **_Preview_** version of Enterprise authentik is available with our 2023.8.x release. Send us feedback through the Customer portal or to hello@goauthentik.io.
 
 ## Install Enterprise
 

website/docs/events/index.md

@@ -18,8 +18,8 @@ If you want to forward these events to another application, forward the log outp
 
 A user logs in (including the source, if available)
 
-<details><summary>Example</summary>
-<p>
+<details>
+<summary>Example</summary>
 
 ```json
 {
@@ -54,15 +54,14 @@ A user logs in (including the source, if available)
 }
 ```
 
-</p>
 </details>
 
 ### `login_failed`
 
 A failed login attempt
 
-<details><summary>Example</summary>
-<p>
+<details>
+<summary>Example</summary>
 
 ```json
 {
@@ -103,15 +102,14 @@ A failed login attempt
 }
 ```
 
-</p>
 </details>
 
 ### `logout`
 
 A user logs out.
 
-<details><summary>Example</summary>
-<p>
+<details>
+<summary>Example</summary>
 
 ```json
 {
@@ -144,15 +142,14 @@ A user logs out.
 }
 ```
 
-</p>
 </details>
 
 ### `user_write`
 
 A user is written to during a flow execution.
 
-<details><summary>Example</summary>
-<p>
+<details>
+<summary>Example</summary>
 
 ```json
 {
@@ -194,7 +191,6 @@ A user is written to during a flow execution.
 }
 ```
 
-</p>
 </details>
 
 ### `suspicious_request`
@@ -221,8 +217,8 @@ An invitation is used.
 
 A user authorizes an application.
 
-<details><summary>Example</summary>
-<p>
+<details>
+<summary>Example</summary>
 
 ```json
 {
@@ -270,7 +266,6 @@ A user authorizes an application.
 }
 ```
 
-</p>
 </details>
 
 ### `source_linked`

website/docs/releases/2022/v2022.10.md

@@ -41,15 +41,15 @@ slug: "/releases/2022.10"
 
 ##### `POST` /sources/user_connections/saml/
 
-##### `GET` /sources/user_connections/saml/{id}/
+##### `GET` /sources/user_connections/saml/{id}/
 
-##### `PUT` /sources/user_connections/saml/{id}/
+##### `PUT` /sources/user_connections/saml/{id}/
 
-##### `DELETE` /sources/user_connections/saml/{id}/
+##### `DELETE` /sources/user_connections/saml/{id}/
 
-##### `PATCH` /sources/user_connections/saml/{id}/
+##### `PATCH` /sources/user_connections/saml/{id}/
 
-##### `GET` /sources/user_connections/saml/{id}/used_by/
+##### `GET` /sources/user_connections/saml/{id}/used_by/
 
 #### What's Deleted
 
@@ -61,7 +61,7 @@ slug: "/releases/2022.10"
 
 ---
 
-##### `GET` /core/tenants/{tenant_uuid}/
+##### `GET` /core/tenants/{tenant_uuid}/
 
 ###### Return Type:
 
@@ -71,7 +71,7 @@ Changed response : **200 OK**
 
     -   Added property `flow_device_code` (string)
 
-##### `PUT` /core/tenants/{tenant_uuid}/
+##### `PUT` /core/tenants/{tenant_uuid}/
 
 ###### Request:
 
@@ -87,7 +87,7 @@ Changed response : **200 OK**
 
     -   Added property `flow_device_code` (string)
 
-##### `PATCH` /core/tenants/{tenant_uuid}/
+##### `PATCH` /core/tenants/{tenant_uuid}/
 
 ###### Request:
 
@@ -103,7 +103,7 @@ Changed response : **200 OK**
 
     -   Added property `flow_device_code` (string)
 
-##### `GET` /propertymappings/notification/{pm_uuid}/
+##### `GET` /propertymappings/notification/{pm_uuid}/
 
 ###### Parameters:
 
@@ -111,7 +111,7 @@ Changed: `pm_uuid` in `path`
 
 > A UUID string identifying this Webhook Mapping.
 
-##### `PUT` /propertymappings/notification/{pm_uuid}/
+##### `PUT` /propertymappings/notification/{pm_uuid}/
 
 ###### Parameters:
 
@@ -119,7 +119,7 @@ Changed: `pm_uuid` in `path`
 
 > A UUID string identifying this Webhook Mapping.
 
-##### `DELETE` /propertymappings/notification/{pm_uuid}/
+##### `DELETE` /propertymappings/notification/{pm_uuid}/
 
 ###### Parameters:
 
@@ -127,7 +127,7 @@ Changed: `pm_uuid` in `path`
 
 > A UUID string identifying this Webhook Mapping.
 
-##### `PATCH` /propertymappings/notification/{pm_uuid}/
+##### `PATCH` /propertymappings/notification/{pm_uuid}/
 
 ###### Parameters:
 
@@ -205,7 +205,7 @@ Changed response : **200 OK**
 
 Added: `include_details` in `query`
 
-##### `GET` /propertymappings/notification/{pm_uuid}/used_by/
+##### `GET` /propertymappings/notification/{pm_uuid}/used_by/
 
 ###### Parameters:
 
@@ -229,7 +229,7 @@ Changed response : **200 OK**
 
         -   `can_debug`
 
-##### `GET` /sources/oauth/{slug}/
+##### `GET` /sources/oauth/{slug}/
 
 ###### Return Type:
 
@@ -243,7 +243,7 @@ Changed response : **200 OK**
 
         -   `twitch`
 
-##### `PUT` /sources/oauth/{slug}/
+##### `PUT` /sources/oauth/{slug}/
 
 ###### Request:
 
@@ -267,7 +267,7 @@ Changed response : **200 OK**
 
         -   `twitch`
 
-##### `PATCH` /sources/oauth/{slug}/
+##### `PATCH` /sources/oauth/{slug}/
 
 ###### Request:
 
@@ -291,7 +291,7 @@ Changed response : **200 OK**
 
         -   `twitch`
 
-##### `GET` /flows/bindings/{fsb_uuid}/
+##### `GET` /flows/bindings/{fsb_uuid}/
 
 ###### Return Type:
 
@@ -319,7 +319,7 @@ Changed response : **200 OK**
 
             *   Deleted property `cache_count` (integer)
 
-##### `PUT` /flows/bindings/{fsb_uuid}/
+##### `PUT` /flows/bindings/{fsb_uuid}/
 
 ###### Return Type:
 
@@ -347,7 +347,7 @@ Changed response : **200 OK**
 
             *   Deleted property `cache_count` (integer)
 
-##### `PATCH` /flows/bindings/{fsb_uuid}/
+##### `PATCH` /flows/bindings/{fsb_uuid}/
 
 ###### Return Type:
 
@@ -417,7 +417,7 @@ Changed response : **200 OK**
 
             -   `twitch`
 
-##### `GET` /stages/all/{stage_uuid}/
+##### `GET` /stages/all/{stage_uuid}/
 
 ###### Return Type:
 
@@ -441,7 +441,7 @@ Changed response : **200 OK**
 
         *   Deleted property `cache_count` (integer)
 
-##### `GET` /stages/authenticator/duo/{stage_uuid}/
+##### `GET` /stages/authenticator/duo/{stage_uuid}/
 
 ###### Return Type:
 
@@ -465,7 +465,7 @@ Changed response : **200 OK**
 
         *   Deleted property `cache_count` (integer)
 
-##### `PUT` /stages/authenticator/duo/{stage_uuid}/
+##### `PUT` /stages/authenticator/duo/{stage_uuid}/
 
 ###### Request:
 
@@ -497,7 +497,7 @@ Changed response : **200 OK**
 
         *   Deleted property `cache_count` (integer)
 
-##### `PATCH` /stages/authenticator/duo/{stage_uuid}/
+##### `PATCH` /stages/authenticator/duo/{stage_uuid}/
 
 ###### Request:
 
@@ -529,7 +529,7 @@ Changed response : **200 OK**
 
         *   Deleted property `cache_count` (integer)
 
-##### `GET` /stages/authenticator/sms/{stage_uuid}/
+##### `GET` /stages/authenticator/sms/{stage_uuid}/
 
 ###### Return Type:
 
@@ -557,7 +557,7 @@ Changed response : **200 OK**
 
         *   Deleted property `cache_count` (integer)
 
-##### `PUT` /stages/authenticator/sms/{stage_uuid}/
+##### `PUT` /stages/authenticator/sms/{stage_uuid}/
 
 ###### Request:
 
@@ -597,7 +597,7 @@ Changed response : **200 OK**
 
         *   Deleted property `cache_count` (integer)
 
-##### `PATCH` /stages/authenticator/sms/{stage_uuid}/
+##### `PATCH` /stages/authenticator/sms/{stage_uuid}/
 
 ###### Request:
 
@@ -637,7 +637,7 @@ Changed response : **200 OK**
 
         *   Deleted property `cache_count` (integer)
 
-##### `GET` /stages/authenticator/static/{stage_uuid}/
+##### `GET` /stages/authenticator/static/{stage_uuid}/
 
 ###### Return Type:
 
@@ -661,7 +661,7 @@ Changed response : **200 OK**
 
         *   Deleted property `cache_count` (integer)
 
-##### `PUT` /stages/authenticator/static/{stage_uuid}/
+##### `PUT` /stages/authenticator/static/{stage_uuid}/
 
 ###### Request:
 
@@ -693,7 +693,7 @@ Changed response : **200 OK**
 
         *   Deleted property `cache_count` (integer)
 
-##### `PATCH` /stages/authenticator/static/{stage_uuid}/
+##### `PATCH` /stages/authenticator/static/{stage_uuid}/
 
 ###### Request:
 
@@ -725,7 +725,7 @@ Changed response : **200 OK**
 
         *   Deleted property `cache_count` (integer)
 
-##### `GET` /stages/authenticator/totp/{stage_uuid}/
+##### `GET` /stages/authenticator/totp/{stage_uuid}/
 
 ###### Return Type:
 
@@ -749,7 +749,7 @@ Changed response : **200 OK**
 
         *   Deleted property `cache_count` (integer)
 
-##### `PUT` /stages/authenticator/totp/{stage_uuid}/
+##### `PUT` /stages/authenticator/totp/{stage_uuid}/
 
 ###### Request:
 
@@ -781,7 +781,7 @@ Changed response : **200 OK**
 
         *   Deleted property `cache_count` (integer)
 
-##### `PATCH` /stages/authenticator/totp/{stage_uuid}/
+##### `PATCH` /stages/authenticator/totp/{stage_uuid}/
 
 ###### Request:
 
@@ -813,7 +813,7 @@ Changed response : **200 OK**
 
         *   Deleted property `cache_count` (integer)
 
-##### `GET` /stages/authenticator/validate/{stage_uuid}/
+##### `GET` /stages/authenticator/validate/{stage_uuid}/
 
 ###### Return Type:
 
@@ -837,7 +837,7 @@ Changed response : **200 OK**
 
         *   Deleted property `cache_count` (integer)
 
-##### `PUT` /stages/authenticator/validate/{stage_uuid}/
+##### `PUT` /stages/authenticator/validate/{stage_uuid}/
 
 ###### Request:
 
@@ -869,7 +869,7 @@ Changed response : **200 OK**
 
         *   Deleted property `cache_count` (integer)
 
-##### `PATCH` /stages/authenticator/validate/{stage_uuid}/
+##### `PATCH` /stages/authenticator/validate/{stage_uuid}/
 
 ###### Request:
 
@@ -901,7 +901,7 @@ Changed response : **200 OK**
 
         *   Deleted property `cache_count` (integer)
 
-##### `GET` /stages/authenticator/webauthn/{stage_uuid}/
+##### `GET` /stages/authenticator/webauthn/{stage_uuid}/
 
 ###### Return Type:
 
@@ -925,7 +925,7 @@ Changed response : **200 OK**
 
         *   Deleted property `cache_count` (integer)
 
-##### `PUT` /stages/authenticator/webauthn/{stage_uuid}/
+##### `PUT` /stages/authenticator/webauthn/{stage_uuid}/
 
 ###### Request:
 
@@ -957,7 +957,7 @@ Changed response : **200 OK**
 
         *   Deleted property `cache_count` (integer)
 
-##### `PATCH` /stages/authenticator/webauthn/{stage_uuid}/
+##### `PATCH` /stages/authenticator/webauthn/{stage_uuid}/
 
 ###### Request:
 
@@ -989,7 +989,7 @@ Changed response : **200 OK**
 
         *   Deleted property `cache_count` (integer)
 
-##### `GET` /stages/captcha/{stage_uuid}/
+##### `GET` /stages/captcha/{stage_uuid}/
 
 ###### Return Type:
 
@@ -1013,7 +1013,7 @@ Changed response : **200 OK**
 
         *   Deleted property `cache_count` (integer)
 
-##### `PUT` /stages/captcha/{stage_uuid}/
+##### `PUT` /stages/captcha/{stage_uuid}/
 
 ###### Request:
 
@@ -1045,7 +1045,7 @@ Changed response : **200 OK**
 
         *   Deleted property `cache_count` (integer)
 
-##### `PATCH` /stages/captcha/{stage_uuid}/
+##### `PATCH` /stages/captcha/{stage_uuid}/
 
 ###### Request:
 
@@ -1077,7 +1077,7 @@ Changed response : **200 OK**
 
         *   Deleted property `cache_count` (integer)
 
-##### `GET` /stages/consent/{stage_uuid}/
+##### `GET` /stages/consent/{stage_uuid}/
 
 ###### Return Type:
 
@@ -1101,7 +1101,7 @@ Changed response : **200 OK**
 
         *   Deleted property `cache_count` (integer)
 
-##### `PUT` /stages/consent/{stage_uuid}/
+##### `PUT` /stages/consent/{stage_uuid}/
 
 ###### Request:
 
@@ -1133,7 +1133,7 @@ Changed response : **200 OK**
 
         *   Deleted property `cache_count` (integer)
 
-##### `PATCH` /stages/consent/{stage_uuid}/
+##### `PATCH` /stages/consent/{stage_uuid}/
 
 ###### Request:
 
@@ -1165,7 +1165,7 @@ Changed response : **200 OK**
 
         *   Deleted property `cache_count` (integer)
 
-##### `GET` /stages/deny/{stage_uuid}/
+##### `GET` /stages/deny/{stage_uuid}/
 
 ###### Return Type:
 
@@ -1189,7 +1189,7 @@ Changed response : **200 OK**
 
         *   Deleted property `cache_count` (integer)
 
-##### `PUT` /stages/deny/{stage_uuid}/
+##### `PUT` /stages/deny/{stage_uuid}/
 
 ###### Request:
 
@@ -1221,7 +1221,7 @@ Changed response : **200 OK**
 
         *   Deleted property `cache_count` (integer)
 
-##### `PATCH` /stages/deny/{stage_uuid}/
+##### `PATCH` /stages/deny/{stage_uuid}/
 
 ###### Request:
 
@@ -1253,7 +1253,7 @@ Changed response : **200 OK**
 
         *   Deleted property `cache_count` (integer)
 
-##### `GET` /stages/dummy/{stage_uuid}/
+##### `GET` /stages/dummy/{stage_uuid}/
 
 ###### Return Type:
 
@@ -1277,7 +1277,7 @@ Changed response : **200 OK**
 
         *   Deleted property `cache_count` (integer)
 
-##### `PUT` /stages/dummy/{stage_uuid}/
+##### `PUT` /stages/dummy/{stage_uuid}/
 
 ###### Request:
 
@@ -1309,7 +1309,7 @@ Changed response : **200 OK**
 
         *   Deleted property `cache_count` (integer)
 
-##### `PATCH` /stages/dummy/{stage_uuid}/
+##### `PATCH` /stages/dummy/{stage_uuid}/
 
 ###### Request:
 
@@ -1341,7 +1341,7 @@ Changed response : **200 OK**
 
         *   Deleted property `cache_count` (integer)
 
-##### `GET` /stages/email/{stage_uuid}/
+##### `GET` /stages/email/{stage_uuid}/
 
 ###### Return Type:
 
@@ -1365,7 +1365,7 @@ Changed response : **200 OK**
 
         *   Deleted property `cache_count` (integer)
 
-##### `PUT` /stages/email/{stage_uuid}/
+##### `PUT` /stages/email/{stage_uuid}/
 
 ###### Request:
 
@@ -1397,7 +1397,7 @@ Changed response : **200 OK**
 
         *   Deleted property `cache_count` (integer)
 
-##### `PATCH` /stages/email/{stage_uuid}/
+##### `PATCH` /stages/email/{stage_uuid}/
 
 ###### Request:
 
@@ -1429,7 +1429,7 @@ Changed response : **200 OK**
 
         *   Deleted property `cache_count` (integer)
 
-##### `GET` /stages/identification/{stage_uuid}/
+##### `GET` /stages/identification/{stage_uuid}/
 
 ###### Return Type:
 
@@ -1453,7 +1453,7 @@ Changed response : **200 OK**
 
         *   Deleted property `cache_count` (integer)
 
-##### `PUT` /stages/identification/{stage_uuid}/
+##### `PUT` /stages/identification/{stage_uuid}/
 
 ###### Request:
 
@@ -1485,7 +1485,7 @@ Changed response : **200 OK**
 
         *   Deleted property `cache_count` (integer)
 
-##### `PATCH` /stages/identification/{stage_uuid}/
+##### `PATCH` /stages/identification/{stage_uuid}/
 
 ###### Request:
 
@@ -1517,7 +1517,7 @@ Changed response : **200 OK**
 
         *   Deleted property `cache_count` (integer)
 
-##### `GET` /stages/invitation/stages/{stage_uuid}/
+##### `GET` /stages/invitation/stages/{stage_uuid}/
 
 ###### Return Type:
 
@@ -1541,7 +1541,7 @@ Changed response : **200 OK**
 
         *   Deleted property `cache_count` (integer)
 
-##### `PUT` /stages/invitation/stages/{stage_uuid}/
+##### `PUT` /stages/invitation/stages/{stage_uuid}/
 
 ###### Request:
 
@@ -1573,7 +1573,7 @@ Changed response : **200 OK**
 
         *   Deleted property `cache_count` (integer)
 
-##### `PATCH` /stages/invitation/stages/{stage_uuid}/
+##### `PATCH` /stages/invitation/stages/{stage_uuid}/
 
 ###### Request:
 
@@ -1605,7 +1605,7 @@ Changed response : **200 OK**
 
         *   Deleted property `cache_count` (integer)
 
-##### `GET` /stages/password/{stage_uuid}/
+##### `GET` /stages/password/{stage_uuid}/
 
 ###### Return Type:
 
@@ -1629,7 +1629,7 @@ Changed response : **200 OK**
 
         *   Deleted property `cache_count` (integer)
 
-##### `PUT` /stages/password/{stage_uuid}/
+##### `PUT` /stages/password/{stage_uuid}/
 
 ###### Request:
 
@@ -1661,7 +1661,7 @@ Changed response : **200 OK**
 
         *   Deleted property `cache_count` (integer)
 
-##### `PATCH` /stages/password/{stage_uuid}/
+##### `PATCH` /stages/password/{stage_uuid}/
 
 ###### Request:
 
@@ -1693,7 +1693,7 @@ Changed response : **200 OK**
 
         *   Deleted property `cache_count` (integer)
 
-##### `GET` /stages/prompt/stages/{stage_uuid}/
+##### `GET` /stages/prompt/stages/{stage_uuid}/
 
 ###### Return Type:
 
@@ -1717,7 +1717,7 @@ Changed response : **200 OK**
 
         *   Deleted property `cache_count` (integer)
 
-##### `PUT` /stages/prompt/stages/{stage_uuid}/
+##### `PUT` /stages/prompt/stages/{stage_uuid}/
 
 ###### Request:
 
@@ -1749,7 +1749,7 @@ Changed response : **200 OK**
 
         *   Deleted property `cache_count` (integer)
 
-##### `PATCH` /stages/prompt/stages/{stage_uuid}/
+##### `PATCH` /stages/prompt/stages/{stage_uuid}/
 
 ###### Request:
 
@@ -1781,7 +1781,7 @@ Changed response : **200 OK**
 
         *   Deleted property `cache_count` (integer)
 
-##### `GET` /stages/user_delete/{stage_uuid}/
+##### `GET` /stages/user_delete/{stage_uuid}/
 
 ###### Return Type:
 
@@ -1805,7 +1805,7 @@ Changed response : **200 OK**
 
         *   Deleted property `cache_count` (integer)
 
-##### `PUT` /stages/user_delete/{stage_uuid}/
+##### `PUT` /stages/user_delete/{stage_uuid}/
 
 ###### Request:
 
@@ -1837,7 +1837,7 @@ Changed response : **200 OK**
 
         *   Deleted property `cache_count` (integer)
 
-##### `PATCH` /stages/user_delete/{stage_uuid}/
+##### `PATCH` /stages/user_delete/{stage_uuid}/
 
 ###### Request:
 
@@ -1869,7 +1869,7 @@ Changed response : **200 OK**
 
         *   Deleted property `cache_count` (integer)
 
-##### `GET` /stages/user_login/{stage_uuid}/
+##### `GET` /stages/user_login/{stage_uuid}/
 
 ###### Return Type:
 
@@ -1893,7 +1893,7 @@ Changed response : **200 OK**
 
         *   Deleted property `cache_count` (integer)
 
-##### `PUT` /stages/user_login/{stage_uuid}/
+##### `PUT` /stages/user_login/{stage_uuid}/
 
 ###### Request:
 
@@ -1925,7 +1925,7 @@ Changed response : **200 OK**
 
         *   Deleted property `cache_count` (integer)
 
-##### `PATCH` /stages/user_login/{stage_uuid}/
+##### `PATCH` /stages/user_login/{stage_uuid}/
 
 ###### Request:
 
@@ -1957,7 +1957,7 @@ Changed response : **200 OK**
 
         *   Deleted property `cache_count` (integer)
 
-##### `GET` /stages/user_logout/{stage_uuid}/
+##### `GET` /stages/user_logout/{stage_uuid}/
 
 ###### Return Type:
 
@@ -1981,7 +1981,7 @@ Changed response : **200 OK**
 
         *   Deleted property `cache_count` (integer)
 
-##### `PUT` /stages/user_logout/{stage_uuid}/
+##### `PUT` /stages/user_logout/{stage_uuid}/
 
 ###### Request:
 
@@ -2013,7 +2013,7 @@ Changed response : **200 OK**
 
         *   Deleted property `cache_count` (integer)
 
-##### `PATCH` /stages/user_logout/{stage_uuid}/
+##### `PATCH` /stages/user_logout/{stage_uuid}/
 
 ###### Request:
 
@@ -2045,7 +2045,7 @@ Changed response : **200 OK**
 
         *   Deleted property `cache_count` (integer)
 
-##### `GET` /stages/user_write/{stage_uuid}/
+##### `GET` /stages/user_write/{stage_uuid}/
 
 ###### Return Type:
 
@@ -2069,7 +2069,7 @@ Changed response : **200 OK**
 
         *   Deleted property `cache_count` (integer)
 
-##### `PUT` /stages/user_write/{stage_uuid}/
+##### `PUT` /stages/user_write/{stage_uuid}/
 
 ###### Request:
 
@@ -2101,7 +2101,7 @@ Changed response : **200 OK**
 
         *   Deleted property `cache_count` (integer)
 
-##### `PATCH` /stages/user_write/{stage_uuid}/
+##### `PATCH` /stages/user_write/{stage_uuid}/
 
 ###### Request:
 
@@ -2193,7 +2193,7 @@ Changed response : **200 OK**
 
                 *   Deleted property `cache_count` (integer)
 
-##### `GET` /flows/executor/{flow_slug}/
+##### `GET` /flows/executor/{flow_slug}/
 
 ###### Return Type:
 
@@ -2298,7 +2298,7 @@ Changed response : **200 OK**
             Added 'ak-source-oauth-apple' component:
             Added 'ak-source-plex' component:
 
-##### `POST` /flows/executor/{flow_slug}/
+##### `POST` /flows/executor/{flow_slug}/
 
 ###### Request:
 
@@ -2349,7 +2349,7 @@ Changed response : **200 OK**
             Added 'ak-source-oauth-apple' component:
             Added 'ak-source-plex' component:
 
-##### `GET` /flows/inspector/{flow_slug}/
+##### `GET` /flows/inspector/{flow_slug}/
 
 ###### Return Type:
 
@@ -3269,7 +3269,7 @@ Changed response : **200 OK**
 
             *   Deleted property `cache_count` (integer)
 
-##### `GET` /stages/prompt/prompts/{prompt_uuid}/
+##### `GET` /stages/prompt/prompts/{prompt_uuid}/
 
 ###### Return Type:
 
@@ -3297,7 +3297,7 @@ Changed response : **200 OK**
 
             *   Deleted property `cache_count` (integer)
 
-##### `PUT` /stages/prompt/prompts/{prompt_uuid}/
+##### `PUT` /stages/prompt/prompts/{prompt_uuid}/
 
 ###### Request:
 
@@ -3337,7 +3337,7 @@ Changed response : **200 OK**
 
             *   Deleted property `cache_count` (integer)
 
-##### `PATCH` /stages/prompt/prompts/{prompt_uuid}/
+##### `PATCH` /stages/prompt/prompts/{prompt_uuid}/
 
 ###### Request:
 

website/docs/releases/2022/v2022.11.md

@@ -90,7 +90,7 @@ image:
 
 ---
 
-##### `GET` /policies/password/{policy_uuid}/
+##### `GET` /policies/password/{policy_uuid}/
 
 ###### Return Type:
 
@@ -111,7 +111,7 @@ Changed response : **200 OK**
     -   Added property `zxcvbn_score_threshold` (integer)
         > If the zxcvbn score is equal or less than this value, the policy will fail.
 
-##### `PUT` /policies/password/{policy_uuid}/
+##### `PUT` /policies/password/{policy_uuid}/
 
 ###### Request:
 
@@ -149,7 +149,7 @@ Changed response : **200 OK**
     -   Added property `zxcvbn_score_threshold` (integer)
         > If the zxcvbn score is equal or less than this value, the policy will fail.
 
-##### `PATCH` /policies/password/{policy_uuid}/
+##### `PATCH` /policies/password/{policy_uuid}/
 
 ###### Request:
 
@@ -187,7 +187,7 @@ Changed response : **200 OK**
     -   Added property `zxcvbn_score_threshold` (integer)
         > If the zxcvbn score is equal or less than this value, the policy will fail.
 
-##### `GET` /core/tokens/{identifier}/
+##### `GET` /core/tokens/{identifier}/
 
 ###### Return Type:
 
@@ -211,7 +211,7 @@ Changed response : **200 OK**
 
             *   Deleted property `users_obj` (array)
 
-##### `PUT` /core/tokens/{identifier}/
+##### `PUT` /core/tokens/{identifier}/
 
 ###### Return Type:
 
@@ -235,7 +235,7 @@ Changed response : **200 OK**
 
             *   Deleted property `users_obj` (array)
 
-##### `PATCH` /core/tokens/{identifier}/
+##### `PATCH` /core/tokens/{identifier}/
 
 ###### Return Type:
 
@@ -259,7 +259,7 @@ Changed response : **200 OK**
 
             *   Deleted property `users_obj` (array)
 
-##### `GET` /core/users/{id}/
+##### `GET` /core/users/{id}/
 
 ###### Return Type:
 
@@ -279,7 +279,7 @@ Changed response : **200 OK**
 
         *   Deleted property `users_obj` (array)
 
-##### `PUT` /core/users/{id}/
+##### `PUT` /core/users/{id}/
 
 ###### Return Type:
 
@@ -299,7 +299,7 @@ Changed response : **200 OK**
 
         *   Deleted property `users_obj` (array)
 
-##### `PATCH` /core/users/{id}/
+##### `PATCH` /core/users/{id}/
 
 ###### Return Type:
 
@@ -319,7 +319,7 @@ Changed response : **200 OK**
 
         *   Deleted property `users_obj` (array)
 
-##### `GET` /policies/bindings/{policy_binding_uuid}/
+##### `GET` /policies/bindings/{policy_binding_uuid}/
 
 ###### Return Type:
 
@@ -343,7 +343,7 @@ Changed response : **200 OK**
 
             *   Deleted property `users_obj` (array)
 
-##### `PUT` /policies/bindings/{policy_binding_uuid}/
+##### `PUT` /policies/bindings/{policy_binding_uuid}/
 
 ###### Return Type:
 
@@ -367,7 +367,7 @@ Changed response : **200 OK**
 
             *   Deleted property `users_obj` (array)
 
-##### `PATCH` /policies/bindings/{policy_binding_uuid}/
+##### `PATCH` /policies/bindings/{policy_binding_uuid}/
 
 ###### Return Type:
 
@@ -518,7 +518,7 @@ Changed response : **200 OK**
 
                 *   Deleted property `users_obj` (array)
 
-##### `GET` /core/user_consent/{id}/
+##### `GET` /core/user_consent/{id}/
 
 ###### Return Type:
 
@@ -586,7 +586,7 @@ Changed response : **200 OK**
 
             *   Deleted property `users_obj` (array)
 
-##### `GET` /oauth2/authorization_codes/{id}/
+##### `GET` /oauth2/authorization_codes/{id}/
 
 ###### Return Type:
 
@@ -610,7 +610,7 @@ Changed response : **200 OK**
 
             *   Deleted property `users_obj` (array)
 
-##### `GET` /oauth2/refresh_tokens/{id}/
+##### `GET` /oauth2/refresh_tokens/{id}/
 
 ###### Return Type:
 

website/docs/releases/2022/v2022.12.md

@@ -176,7 +176,7 @@ image:
 
 ---
 
-##### `GET` /stages/captcha/{stage_uuid}/
+##### `GET` /stages/captcha/{stage_uuid}/
 
 ###### Return Type:
 
@@ -191,7 +191,7 @@ Changed response : **200 OK**
     -   Changed property `public_key` (string)
         > Public key, acquired your captcha Provider.
 
-##### `PUT` /stages/captcha/{stage_uuid}/
+##### `PUT` /stages/captcha/{stage_uuid}/
 
 ###### Request:
 
@@ -221,7 +221,7 @@ Changed response : **200 OK**
     -   Changed property `public_key` (string)
         > Public key, acquired your captcha Provider.
 
-##### `PATCH` /stages/captcha/{stage_uuid}/
+##### `PATCH` /stages/captcha/{stage_uuid}/
 
 ###### Request:
 
@@ -251,7 +251,7 @@ Changed response : **200 OK**
     -   Changed property `public_key` (string)
         > Public key, acquired your captcha Provider.
 
-##### `GET` /flows/executor/{flow_slug}/
+##### `GET` /flows/executor/{flow_slug}/
 
 ###### Return Type:
 
@@ -266,7 +266,7 @@ Changed response : **200 OK**
 
     *   Added property `js_url` (string)
 
-##### `POST` /flows/executor/{flow_slug}/
+##### `POST` /flows/executor/{flow_slug}/
 
 ###### Return Type:
 

website/docs/releases/2022/v2022.9.md

@@ -23,21 +23,21 @@ slug: "/releases/2022.9"
 
 ---
 
-##### `POST` /stages/authenticator/duo/{stage_uuid}/import_device_manual/
+##### `POST` /stages/authenticator/duo/{stage_uuid}/import_device_manual/
 
-##### `POST` /stages/authenticator/duo/{stage_uuid}/import_devices_automatic/
+##### `POST` /stages/authenticator/duo/{stage_uuid}/import_devices_automatic/
 
 #### What's Deleted
 
 ---
 
-##### `POST` /stages/authenticator/duo/{stage_uuid}/import_devices/
+##### `POST` /stages/authenticator/duo/{stage_uuid}/import_devices/
 
 #### What's Changed
 
 ---
 
-##### `GET` /stages/authenticator/duo/{stage_uuid}/
+##### `GET` /stages/authenticator/duo/{stage_uuid}/
 
 ###### Return Type:
 
@@ -47,7 +47,7 @@ Changed response : **200 OK**
 
     -   Added property `admin_integration_key` (string)
 
-##### `PUT` /stages/authenticator/duo/{stage_uuid}/
+##### `PUT` /stages/authenticator/duo/{stage_uuid}/
 
 ###### Request:
 
@@ -65,7 +65,7 @@ Changed response : **200 OK**
 
     -   Added property `admin_integration_key` (string)
 
-##### `PATCH` /stages/authenticator/duo/{stage_uuid}/
+##### `PATCH` /stages/authenticator/duo/{stage_uuid}/
 
 ###### Request:
 
@@ -83,7 +83,7 @@ Changed response : **200 OK**
 
     -   Added property `admin_integration_key` (string)
 
-##### `GET` /flows/executor/{flow_slug}/
+##### `GET` /flows/executor/{flow_slug}/
 
 ###### Return Type:
 
@@ -135,7 +135,7 @@ Changed response : **200 OK**
 
     -   Property `traceback` (string)
 
-##### `POST` /flows/executor/{flow_slug}/
+##### `POST` /flows/executor/{flow_slug}/
 
 ###### Return Type:
 

website/docs/releases/2023/v2023.1.md

@@ -133,15 +133,15 @@ image:
 
 ##### `POST` /policies/haveibeenpwned/
 
-##### `GET` /policies/haveibeenpwned/{policy_uuid}/
+##### `GET` /policies/haveibeenpwned/{policy_uuid}/
 
-##### `PUT` /policies/haveibeenpwned/{policy_uuid}/
+##### `PUT` /policies/haveibeenpwned/{policy_uuid}/
 
-##### `DELETE` /policies/haveibeenpwned/{policy_uuid}/
+##### `DELETE` /policies/haveibeenpwned/{policy_uuid}/
 
-##### `PATCH` /policies/haveibeenpwned/{policy_uuid}/
+##### `PATCH` /policies/haveibeenpwned/{policy_uuid}/
 
-##### `GET` /policies/haveibeenpwned/{policy_uuid}/used_by/
+##### `GET` /policies/haveibeenpwned/{policy_uuid}/used_by/
 
 #### What's Changed
 
@@ -185,7 +185,7 @@ Changed response : **200 OK**
 
     *   Deleted property `authorizations_per_1h` (array)
 
-##### `GET` /core/users/{id}/metrics/
+##### `GET` /core/users/{id}/metrics/
 
 ###### Return Type:
 
@@ -217,7 +217,7 @@ Changed response : **200 OK**
 
     *   Deleted property `authorizations_per_1h` (array)
 
-##### `GET` /managed/blueprints/{instance_uuid}/
+##### `GET` /managed/blueprints/{instance_uuid}/
 
 ###### Return Type:
 
@@ -231,7 +231,7 @@ Changed response : **200 OK**
 
     *   Added property `content` (string)
 
-##### `PUT` /managed/blueprints/{instance_uuid}/
+##### `PUT` /managed/blueprints/{instance_uuid}/
 
 ###### Request:
 
@@ -255,7 +255,7 @@ Changed response : **200 OK**
 
     *   Added property `content` (string)
 
-##### `PATCH` /managed/blueprints/{instance_uuid}/
+##### `PATCH` /managed/blueprints/{instance_uuid}/
 
 ###### Request:
 
@@ -275,7 +275,7 @@ Changed response : **200 OK**
 
     *   Added property `content` (string)
 
-##### `POST` /managed/blueprints/{instance_uuid}/apply/
+##### `POST` /managed/blueprints/{instance_uuid}/apply/
 
 ###### Return Type:
 
@@ -289,7 +289,7 @@ Changed response : **200 OK**
 
     *   Added property `content` (string)
 
-##### `GET` /outposts/proxy/{id}/
+##### `GET` /outposts/proxy/{id}/
 
 ###### Return Type:
 
@@ -300,7 +300,7 @@ Changed response : **200 OK**
     -   Added property `intercept_header_auth` (boolean)
         > When enabled, this provider will intercept the authorization header and authenticate requests based on its value.
 
-##### `GET` /policies/event_matcher/{policy_uuid}/
+##### `GET` /policies/event_matcher/{policy_uuid}/
 
 ###### Return Type:
 
@@ -316,7 +316,7 @@ Changed response : **200 OK**
 
         -   `authentik.policies.hibp`
 
-##### `PUT` /policies/event_matcher/{policy_uuid}/
+##### `PUT` /policies/event_matcher/{policy_uuid}/
 
 ###### Request:
 
@@ -344,7 +344,7 @@ Changed response : **200 OK**
 
         -   `authentik.policies.hibp`
 
-##### `PATCH` /policies/event_matcher/{policy_uuid}/
+##### `PATCH` /policies/event_matcher/{policy_uuid}/
 
 ###### Request:
 
@@ -372,7 +372,7 @@ Changed response : **200 OK**
 
         -   `authentik.policies.hibp`
 
-##### `GET` /propertymappings/scope/{pm_uuid}/
+##### `GET` /propertymappings/scope/{pm_uuid}/
 
 ###### Return Type:
 
@@ -383,7 +383,7 @@ Changed response : **200 OK**
     -   Changed property `scope_name` (string)
         > Scope name requested by the client
 
-##### `PUT` /propertymappings/scope/{pm_uuid}/
+##### `PUT` /propertymappings/scope/{pm_uuid}/
 
 ###### Request:
 
@@ -401,7 +401,7 @@ Changed response : **200 OK**
     -   Changed property `scope_name` (string)
         > Scope name requested by the client
 
-##### `PATCH` /propertymappings/scope/{pm_uuid}/
+##### `PATCH` /propertymappings/scope/{pm_uuid}/
 
 ###### Request:
 
@@ -419,7 +419,7 @@ Changed response : **200 OK**
     -   Changed property `scope_name` (string)
         > Scope name requested by the client
 
-##### `GET` /providers/proxy/{id}/
+##### `GET` /providers/proxy/{id}/
 
 ###### Return Type:
 
@@ -441,7 +441,7 @@ Changed response : **200 OK**
 
         Items (string):
 
-##### `PUT` /providers/proxy/{id}/
+##### `PUT` /providers/proxy/{id}/
 
 ###### Request:
 
@@ -471,7 +471,7 @@ Changed response : **200 OK**
 
     *   Added property `jwks_sources` (array)
 
-##### `PATCH` /providers/proxy/{id}/
+##### `PATCH` /providers/proxy/{id}/
 
 ###### Request:
 
@@ -517,7 +517,7 @@ Changed response : **200 OK**
 
     *   Added property `task_duration` (integer)
 
-##### `GET` /admin/system_tasks/{id}/
+##### `GET` /admin/system_tasks/{id}/
 
 ###### Return Type:
 
@@ -727,7 +727,7 @@ Changed response : **200 OK**
 
         *   Added property `jwks_sources` (array)
 
-##### `GET` /providers/saml/{id}/
+##### `GET` /providers/saml/{id}/
 
 ###### Return Type:
 
@@ -744,7 +744,7 @@ Changed response : **200 OK**
 
     *   Added property `url_slo_redirect` (string)
 
-##### `PUT` /providers/saml/{id}/
+##### `PUT` /providers/saml/{id}/
 
 ###### Return Type:
 
@@ -761,7 +761,7 @@ Changed response : **200 OK**
 
     *   Added property `url_slo_redirect` (string)
 
-##### `PATCH` /providers/saml/{id}/
+##### `PATCH` /providers/saml/{id}/
 
 ###### Return Type:
 
@@ -778,7 +778,7 @@ Changed response : **200 OK**
 
     *   Added property `url_slo_redirect` (string)
 
-##### `GET` /sources/ldap/{slug}/sync_status/
+##### `GET` /sources/ldap/{slug}/sync_status/
 
 ###### Return Type:
 
@@ -840,7 +840,7 @@ Added: `has_jwks` in `query`
 
 > Only return sources with JWKS data
 
-##### `GET` /stages/user_write/{stage_uuid}/
+##### `GET` /stages/user_write/{stage_uuid}/
 
 ###### Return Type:
 
@@ -859,7 +859,7 @@ Changed response : **200 OK**
     -   Deleted property `can_create_users` (boolean)
         > When set, this stage can create users. If not enabled and no user is available, stage will fail.
 
-##### `PUT` /stages/user_write/{stage_uuid}/
+##### `PUT` /stages/user_write/{stage_uuid}/
 
 ###### Request:
 
@@ -881,7 +881,7 @@ Changed response : **200 OK**
     -   Deleted property `can_create_users` (boolean)
         > When set, this stage can create users. If not enabled and no user is available, stage will fail.
 
-##### `PATCH` /stages/user_write/{stage_uuid}/
+##### `PATCH` /stages/user_write/{stage_uuid}/
 
 ###### Request:
 

website/docs/releases/2023/v2023.10.md

@@ -147,19 +147,19 @@ helm upgrade authentik authentik/authentik -f values.yaml --version ^2023.10
 
 ##### `GET` /rbac/permissions/
 
-##### `GET` /rbac/permissions/{id}/
+##### `GET` /rbac/permissions/{id}/
 
 ##### `GET` /rbac/permissions/assigned_by_roles/
 
-##### `POST` /rbac/permissions/assigned_by_roles/{uuid}/assign/
+##### `POST` /rbac/permissions/assigned_by_roles/{uuid}/assign/
 
-##### `PATCH` /rbac/permissions/assigned_by_roles/{uuid}/unassign/
+##### `PATCH` /rbac/permissions/assigned_by_roles/{uuid}/unassign/
 
 ##### `GET` /rbac/permissions/assigned_by_users/
 
-##### `POST` /rbac/permissions/assigned_by_users/{id}/assign/
+##### `POST` /rbac/permissions/assigned_by_users/{id}/assign/
 
-##### `PATCH` /rbac/permissions/assigned_by_users/{id}/unassign/
+##### `PATCH` /rbac/permissions/assigned_by_users/{id}/unassign/
 
 ##### `GET` /rbac/permissions/roles/
 
@@ -169,21 +169,21 @@ helm upgrade authentik authentik/authentik -f values.yaml --version ^2023.10
 
 ##### `POST` /rbac/roles/
 
-##### `GET` /rbac/roles/{uuid}/
+##### `GET` /rbac/roles/{uuid}/
 
-##### `PUT` /rbac/roles/{uuid}/
+##### `PUT` /rbac/roles/{uuid}/
 
-##### `DELETE` /rbac/roles/{uuid}/
+##### `DELETE` /rbac/roles/{uuid}/
 
-##### `PATCH` /rbac/roles/{uuid}/
+##### `PATCH` /rbac/roles/{uuid}/
 
-##### `GET` /rbac/roles/{uuid}/used_by/
+##### `GET` /rbac/roles/{uuid}/used_by/
 
 #### What's Changed
 
 ---
 
-##### `GET` /authenticators/admin/totp/{id}/
+##### `GET` /authenticators/admin/totp/{id}/
 
 ###### Parameters:
 
@@ -191,7 +191,7 @@ Changed: `id` in `path`
 
 > A unique integer value identifying this TOTP Device.
 
-##### `PUT` /authenticators/admin/totp/{id}/
+##### `PUT` /authenticators/admin/totp/{id}/
 
 ###### Parameters:
 
@@ -199,7 +199,7 @@ Changed: `id` in `path`
 
 > A unique integer value identifying this TOTP Device.
 
-##### `DELETE` /authenticators/admin/totp/{id}/
+##### `DELETE` /authenticators/admin/totp/{id}/
 
 ###### Parameters:
 
@@ -207,7 +207,7 @@ Changed: `id` in `path`
 
 > A unique integer value identifying this TOTP Device.
 
-##### `PATCH` /authenticators/admin/totp/{id}/
+##### `PATCH` /authenticators/admin/totp/{id}/
 
 ###### Parameters:
 
@@ -215,7 +215,7 @@ Changed: `id` in `path`
 
 > A unique integer value identifying this TOTP Device.
 
-##### `GET` /authenticators/totp/{id}/
+##### `GET` /authenticators/totp/{id}/
 
 ###### Parameters:
 
@@ -223,7 +223,7 @@ Changed: `id` in `path`
 
 > A unique integer value identifying this TOTP Device.
 
-##### `PUT` /authenticators/totp/{id}/
+##### `PUT` /authenticators/totp/{id}/
 
 ###### Parameters:
 
@@ -231,7 +231,7 @@ Changed: `id` in `path`
 
 > A unique integer value identifying this TOTP Device.
 
-##### `DELETE` /authenticators/totp/{id}/
+##### `DELETE` /authenticators/totp/{id}/
 
 ###### Parameters:
 
@@ -239,7 +239,7 @@ Changed: `id` in `path`
 
 > A unique integer value identifying this TOTP Device.
 
-##### `PATCH` /authenticators/totp/{id}/
+##### `PATCH` /authenticators/totp/{id}/
 
 ###### Parameters:
 
@@ -247,7 +247,7 @@ Changed: `id` in `path`
 
 > A unique integer value identifying this TOTP Device.
 
-##### `POST` /core/groups/{group_uuid}/add_user/
+##### `POST` /core/groups/{group_uuid}/add_user/
 
 ###### Parameters:
 
@@ -255,7 +255,7 @@ Changed: `group_uuid` in `path`
 
 > A UUID string identifying this Group.
 
-##### `POST` /core/groups/{group_uuid}/remove_user/
+##### `POST` /core/groups/{group_uuid}/remove_user/
 
 ###### Parameters:
 
@@ -263,7 +263,7 @@ Changed: `group_uuid` in `path`
 
 > A UUID string identifying this Group.
 
-##### `GET` /enterprise/license/{license_uuid}/
+##### `GET` /enterprise/license/{license_uuid}/
 
 ###### Parameters:
 
@@ -271,7 +271,7 @@ Changed: `license_uuid` in `path`
 
 > A UUID string identifying this License.
 
-##### `PUT` /enterprise/license/{license_uuid}/
+##### `PUT` /enterprise/license/{license_uuid}/
 
 ###### Parameters:
 
@@ -279,7 +279,7 @@ Changed: `license_uuid` in `path`
 
 > A UUID string identifying this License.
 
-##### `DELETE` /enterprise/license/{license_uuid}/
+##### `DELETE` /enterprise/license/{license_uuid}/
 
 ###### Parameters:
 
@@ -287,7 +287,7 @@ Changed: `license_uuid` in `path`
 
 > A UUID string identifying this License.
 
-##### `PATCH` /enterprise/license/{license_uuid}/
+##### `PATCH` /enterprise/license/{license_uuid}/
 
 ###### Parameters:
 
@@ -295,7 +295,7 @@ Changed: `license_uuid` in `path`
 
 > A UUID string identifying this License.
 
-##### `GET` /outposts/instances/{uuid}/health/
+##### `GET` /outposts/instances/{uuid}/health/
 
 ###### Parameters:
 
@@ -303,7 +303,7 @@ Changed: `uuid` in `path`
 
 > A UUID string identifying this Outpost.
 
-##### `GET` /outposts/radius/{id}/
+##### `GET` /outposts/radius/{id}/
 
 ###### Return Type:
 
@@ -314,7 +314,7 @@ Changed response : **200 OK**
     -   Added property `mfa_support` (boolean)
         > When enabled, code-based multi-factor authentication can be used by appending a semicolon and the TOTP code to the password. This should only be enabled if all users that will bind to this provider have a TOTP device configured, as otherwise a password may incorrectly be rejected if it contains a semicolon.
 
-##### `GET` /policies/event_matcher/{policy_uuid}/
+##### `GET` /policies/event_matcher/{policy_uuid}/
 
 ###### Return Type:
 
@@ -463,7 +463,7 @@ Changed response : **200 OK**
         -   `authentik_stages_authenticator_totp.totpdevice`
         -   `authentik_enterprise.license`
 
-##### `PUT` /policies/event_matcher/{policy_uuid}/
+##### `PUT` /policies/event_matcher/{policy_uuid}/
 
 ###### Request:
 
@@ -757,7 +757,7 @@ Changed response : **200 OK**
         -   `authentik_stages_authenticator_totp.totpdevice`
         -   `authentik_enterprise.license`
 
-##### `PATCH` /policies/event_matcher/{policy_uuid}/
+##### `PATCH` /policies/event_matcher/{policy_uuid}/
 
 ###### Request:
 
@@ -1051,7 +1051,7 @@ Changed response : **200 OK**
         -   `authentik_stages_authenticator_totp.totpdevice`
         -   `authentik_enterprise.license`
 
-##### `GET` /providers/radius/{id}/
+##### `GET` /providers/radius/{id}/
 
 ###### Return Type:
 
@@ -1062,7 +1062,7 @@ Changed response : **200 OK**
     -   Added property `mfa_support` (boolean)
         > When enabled, code-based multi-factor authentication can be used by appending a semicolon and the TOTP code to the password. This should only be enabled if all users that will bind to this provider have a TOTP device configured, as otherwise a password may incorrectly be rejected if it contains a semicolon.
 
-##### `PUT` /providers/radius/{id}/
+##### `PUT` /providers/radius/{id}/
 
 ###### Request:
 
@@ -1080,7 +1080,7 @@ Changed response : **200 OK**
     -   Added property `mfa_support` (boolean)
         > When enabled, code-based multi-factor authentication can be used by appending a semicolon and the TOTP code to the password. This should only be enabled if all users that will bind to this provider have a TOTP device configured, as otherwise a password may incorrectly be rejected if it contains a semicolon.
 
-##### `PATCH` /providers/radius/{id}/
+##### `PATCH` /providers/radius/{id}/
 
 ###### Request:
 
@@ -1117,7 +1117,7 @@ Changed response : **200 OK**
 
     *   Added property `oidc_jwks_url` (string)
 
-##### `DELETE` /authenticators/admin/static/{id}/
+##### `DELETE` /authenticators/admin/static/{id}/
 
 ###### Parameters:
 
@@ -1125,7 +1125,7 @@ Changed: `id` in `path`
 
 > A unique integer value identifying this Static Device.
 
-##### `GET` /authenticators/admin/static/{id}/
+##### `GET` /authenticators/admin/static/{id}/
 
 ###### Parameters:
 
@@ -1133,7 +1133,7 @@ Changed: `id` in `path`
 
 > A unique integer value identifying this Static Device.
 
-##### `PUT` /authenticators/admin/static/{id}/
+##### `PUT` /authenticators/admin/static/{id}/
 
 ###### Parameters:
 
@@ -1141,7 +1141,7 @@ Changed: `id` in `path`
 
 > A unique integer value identifying this Static Device.
 
-##### `PATCH` /authenticators/admin/static/{id}/
+##### `PATCH` /authenticators/admin/static/{id}/
 
 ###### Parameters:
 
@@ -1149,7 +1149,7 @@ Changed: `id` in `path`
 
 > A unique integer value identifying this Static Device.
 
-##### `DELETE` /authenticators/static/{id}/
+##### `DELETE` /authenticators/static/{id}/
 
 ###### Parameters:
 
@@ -1157,7 +1157,7 @@ Changed: `id` in `path`
 
 > A unique integer value identifying this Static Device.
 
-##### `GET` /authenticators/static/{id}/
+##### `GET` /authenticators/static/{id}/
 
 ###### Parameters:
 
@@ -1165,7 +1165,7 @@ Changed: `id` in `path`
 
 > A unique integer value identifying this Static Device.
 
-##### `PUT` /authenticators/static/{id}/
+##### `PUT` /authenticators/static/{id}/
 
 ###### Parameters:
 
@@ -1173,7 +1173,7 @@ Changed: `id` in `path`
 
 > A unique integer value identifying this Static Device.
 
-##### `PATCH` /authenticators/static/{id}/
+##### `PATCH` /authenticators/static/{id}/
 
 ###### Parameters:
 
@@ -1181,7 +1181,7 @@ Changed: `id` in `path`
 
 > A unique integer value identifying this Static Device.
 
-##### `GET` /authenticators/static/{id}/used_by/
+##### `GET` /authenticators/static/{id}/used_by/
 
 ###### Parameters:
 
@@ -1189,7 +1189,7 @@ Changed: `id` in `path`
 
 > A unique integer value identifying this Static Device.
 
-##### `GET` /authenticators/totp/{id}/used_by/
+##### `GET` /authenticators/totp/{id}/used_by/
 
 ###### Parameters:
 
@@ -1197,7 +1197,7 @@ Changed: `id` in `path`
 
 > A unique integer value identifying this TOTP Device.
 
-##### `DELETE` /core/groups/{group_uuid}/
+##### `DELETE` /core/groups/{group_uuid}/
 
 ###### Parameters:
 
@@ -1205,7 +1205,7 @@ Changed: `group_uuid` in `path`
 
 > A UUID string identifying this Group.
 
-##### `GET` /core/groups/{group_uuid}/
+##### `GET` /core/groups/{group_uuid}/
 
 ###### Parameters:
 
@@ -1235,7 +1235,7 @@ Changed response : **200 OK**
 
         -   Property `name` (string)
 
-##### `PUT` /core/groups/{group_uuid}/
+##### `PUT` /core/groups/{group_uuid}/
 
 ###### Parameters:
 
@@ -1263,7 +1263,7 @@ Changed response : **200 OK**
 
     *   Added property `roles_obj` (array)
 
-##### `PATCH` /core/groups/{group_uuid}/
+##### `PATCH` /core/groups/{group_uuid}/
 
 ###### Parameters:
 
@@ -1291,7 +1291,7 @@ Changed response : **200 OK**
 
     *   Added property `roles_obj` (array)
 
-##### `GET` /core/groups/{group_uuid}/used_by/
+##### `GET` /core/groups/{group_uuid}/used_by/
 
 ###### Parameters:
 
@@ -1299,7 +1299,7 @@ Changed: `group_uuid` in `path`
 
 > A UUID string identifying this Group.
 
-##### `GET` /core/tokens/{identifier}/
+##### `GET` /core/tokens/{identifier}/
 
 ###### Return Type:
 
@@ -1317,7 +1317,7 @@ Changed response : **200 OK**
 
         *   Added property `uuid` (string)
 
-##### `PUT` /core/tokens/{identifier}/
+##### `PUT` /core/tokens/{identifier}/
 
 ###### Return Type:
 
@@ -1335,7 +1335,7 @@ Changed response : **200 OK**
 
         *   Added property `uuid` (string)
 
-##### `PATCH` /core/tokens/{identifier}/
+##### `PATCH` /core/tokens/{identifier}/
 
 ###### Return Type:
 
@@ -1353,7 +1353,7 @@ Changed response : **200 OK**
 
         *   Added property `uuid` (string)
 
-##### `GET` /core/users/{id}/
+##### `GET` /core/users/{id}/
 
 ###### Return Type:
 
@@ -1367,7 +1367,7 @@ Changed response : **200 OK**
 
     *   Added property `uuid` (string)
 
-##### `PUT` /core/users/{id}/
+##### `PUT` /core/users/{id}/
 
 ###### Return Type:
 
@@ -1381,7 +1381,7 @@ Changed response : **200 OK**
 
     *   Added property `uuid` (string)
 
-##### `PATCH` /core/users/{id}/
+##### `PATCH` /core/users/{id}/
 
 ###### Return Type:
 
@@ -1395,7 +1395,7 @@ Changed response : **200 OK**
 
     *   Added property `uuid` (string)
 
-##### `GET` /enterprise/license/{license_uuid}/used_by/
+##### `GET` /enterprise/license/{license_uuid}/used_by/
 
 ###### Parameters:
 
@@ -1403,7 +1403,7 @@ Changed: `license_uuid` in `path`
 
 > A UUID string identifying this License.
 
-##### `GET` /events/rules/{pbm_uuid}/
+##### `GET` /events/rules/{pbm_uuid}/
 
 ###### Return Type:
 
@@ -1423,7 +1423,7 @@ Changed response : **200 OK**
 
         *   Added property `roles_obj` (array)
 
-##### `PUT` /events/rules/{pbm_uuid}/
+##### `PUT` /events/rules/{pbm_uuid}/
 
 ###### Return Type:
 
@@ -1443,7 +1443,7 @@ Changed response : **200 OK**
 
         *   Added property `roles_obj` (array)
 
-##### `PATCH` /events/rules/{pbm_uuid}/
+##### `PATCH` /events/rules/{pbm_uuid}/
 
 ###### Return Type:
 
@@ -1463,7 +1463,7 @@ Changed response : **200 OK**
 
         *   Added property `roles_obj` (array)
 
-##### `DELETE` /outposts/instances/{uuid}/
+##### `DELETE` /outposts/instances/{uuid}/
 
 ###### Parameters:
 
@@ -1471,7 +1471,7 @@ Changed: `uuid` in `path`
 
 > A UUID string identifying this Outpost.
 
-##### `GET` /outposts/instances/{uuid}/
+##### `GET` /outposts/instances/{uuid}/
 
 ###### Parameters:
 
@@ -1479,7 +1479,7 @@ Changed: `uuid` in `path`
 
 > A UUID string identifying this Outpost.
 
-##### `PUT` /outposts/instances/{uuid}/
+##### `PUT` /outposts/instances/{uuid}/
 
 ###### Parameters:
 
@@ -1487,7 +1487,7 @@ Changed: `uuid` in `path`
 
 > A UUID string identifying this Outpost.
 
-##### `PATCH` /outposts/instances/{uuid}/
+##### `PATCH` /outposts/instances/{uuid}/
 
 ###### Parameters:
 
@@ -1495,7 +1495,7 @@ Changed: `uuid` in `path`
 
 > A UUID string identifying this Outpost.
 
-##### `GET` /outposts/instances/{uuid}/used_by/
+##### `GET` /outposts/instances/{uuid}/used_by/
 
 ###### Parameters:
 
@@ -1518,7 +1518,7 @@ Changed response : **200 OK**
         -   Added property `mfa_support` (boolean)
             > When enabled, code-based multi-factor authentication can be used by appending a semicolon and the TOTP code to the password. This should only be enabled if all users that will bind to this provider have a TOTP device configured, as otherwise a password may incorrectly be rejected if it contains a semicolon.
 
-##### `GET` /policies/bindings/{policy_binding_uuid}/
+##### `GET` /policies/bindings/{policy_binding_uuid}/
 
 ###### Return Type:
 
@@ -1556,7 +1556,7 @@ Changed response : **200 OK**
 
         *   Added property `uuid` (string)
 
-##### `PUT` /policies/bindings/{policy_binding_uuid}/
+##### `PUT` /policies/bindings/{policy_binding_uuid}/
 
 ###### Request:
 
@@ -1605,7 +1605,7 @@ Changed response : **200 OK**
 
         *   Added property `uuid` (string)
 
-##### `PATCH` /policies/bindings/{policy_binding_uuid}/
+##### `PATCH` /policies/bindings/{policy_binding_uuid}/
 
 ###### Request:
 
@@ -2134,7 +2134,7 @@ Changed response : **200 OK**
         -   Added property `mfa_support` (boolean)
             > When enabled, code-based multi-factor authentication can be used by appending a semicolon and the TOTP code to the password. This should only be enabled if all users that will bind to this provider have a TOTP device configured, as otherwise a password may incorrectly be rejected if it contains a semicolon.
 
-##### `GET` /providers/saml/{id}/
+##### `GET` /providers/saml/{id}/
 
 ###### Return Type:
 
@@ -2145,7 +2145,7 @@ Changed response : **200 OK**
     -   Added property `default_relay_state` (string)
         > Default relay_state value for IDP-initiated logins
 
-##### `PUT` /providers/saml/{id}/
+##### `PUT` /providers/saml/{id}/
 
 ###### Request:
 
@@ -2163,7 +2163,7 @@ Changed response : **200 OK**
     -   Added property `default_relay_state` (string)
         > Default relay_state value for IDP-initiated logins
 
-##### `PATCH` /providers/saml/{id}/
+##### `PATCH` /providers/saml/{id}/
 
 ###### Request:
 
@@ -2181,7 +2181,7 @@ Changed response : **200 OK**
     -   Added property `default_relay_state` (string)
         > Default relay_state value for IDP-initiated logins
 
-##### `GET` /sources/oauth/{slug}/
+##### `GET` /sources/oauth/{slug}/
 
 ###### Return Type:
 
@@ -2202,7 +2202,7 @@ Changed response : **200 OK**
 
         *   Added property `oidc_jwks_url` (string)
 
-##### `PUT` /sources/oauth/{slug}/
+##### `PUT` /sources/oauth/{slug}/
 
 ###### Return Type:
 
@@ -2223,7 +2223,7 @@ Changed response : **200 OK**
 
         *   Added property `oidc_jwks_url` (string)
 
-##### `PATCH` /sources/oauth/{slug}/
+##### `PATCH` /sources/oauth/{slug}/
 
 ###### Return Type:
 
@@ -2326,7 +2326,7 @@ Changed response : **200 OK**
 
             *   Added property `uuid` (string)
 
-##### `GET` /core/user_consent/{id}/
+##### `GET` /core/user_consent/{id}/
 
 ###### Return Type:
 
@@ -2442,7 +2442,7 @@ Changed response : **200 OK**
 
             *   Added property `roles_obj` (array)
 
-##### `GET` /oauth2/access_tokens/{id}/
+##### `GET` /oauth2/access_tokens/{id}/
 
 ###### Return Type:
 
@@ -2460,7 +2460,7 @@ Changed response : **200 OK**
 
         *   Added property `uuid` (string)
 
-##### `GET` /oauth2/authorization_codes/{id}/
+##### `GET` /oauth2/authorization_codes/{id}/
 
 ###### Return Type:
 
@@ -2478,7 +2478,7 @@ Changed response : **200 OK**
 
         *   Added property `uuid` (string)
 
-##### `GET` /oauth2/refresh_tokens/{id}/
+##### `GET` /oauth2/refresh_tokens/{id}/
 
 ###### Return Type:
 
@@ -2670,7 +2670,7 @@ Changed response : **200 OK**
 
             *   Added property `oidc_jwks_url` (string)
 
-##### `GET` /stages/authenticator/sms/{stage_uuid}/
+##### `GET` /stages/authenticator/sms/{stage_uuid}/
 
 ###### Return Type:
 
@@ -2681,7 +2681,7 @@ Changed response : **200 OK**
     -   Changed property `verify_only` (boolean)
         > When enabled, the Phone number is only used during enrollment to verify the users authenticity. Only a hash of the phone number is saved to ensure it is not reused in the future.
 
-##### `PUT` /stages/authenticator/sms/{stage_uuid}/
+##### `PUT` /stages/authenticator/sms/{stage_uuid}/
 
 ###### Request:
 
@@ -2699,7 +2699,7 @@ Changed response : **200 OK**
     -   Changed property `verify_only` (boolean)
         > When enabled, the Phone number is only used during enrollment to verify the users authenticity. Only a hash of the phone number is saved to ensure it is not reused in the future.
 
-##### `PATCH` /stages/authenticator/sms/{stage_uuid}/
+##### `PATCH` /stages/authenticator/sms/{stage_uuid}/
 
 ###### Request:
 
@@ -2717,7 +2717,7 @@ Changed response : **200 OK**
     -   Changed property `verify_only` (boolean)
         > When enabled, the Phone number is only used during enrollment to verify the users authenticity. Only a hash of the phone number is saved to ensure it is not reused in the future.
 
-##### `GET` /stages/deny/{stage_uuid}/
+##### `GET` /stages/deny/{stage_uuid}/
 
 ###### Return Type:
 
@@ -2727,7 +2727,7 @@ Changed response : **200 OK**
 
     -   Added property `deny_message` (string)
 
-##### `PUT` /stages/deny/{stage_uuid}/
+##### `PUT` /stages/deny/{stage_uuid}/
 
 ###### Request:
 
@@ -2743,7 +2743,7 @@ Changed response : **200 OK**
 
     -   Added property `deny_message` (string)
 
-##### `PATCH` /stages/deny/{stage_uuid}/
+##### `PATCH` /stages/deny/{stage_uuid}/
 
 ###### Request:
 

website/docs/releases/2023/v2023.2.md

@@ -123,9 +123,9 @@ image:
 
 ---
 
-##### `POST` /core/tokens/{identifier}/set_key/
+##### `POST` /core/tokens/{identifier}/set_key/
 
-##### `GET` /providers/oauth2/{id}/
+##### `GET` /providers/oauth2/{id}/
 
 ###### Return Type:
 
@@ -141,7 +141,7 @@ Changed response : **200 OK**
 
         -   `user_id`
 
-##### `PUT` /providers/oauth2/{id}/
+##### `PUT` /providers/oauth2/{id}/
 
 ###### Request:
 
@@ -169,7 +169,7 @@ Changed response : **200 OK**
 
         -   `user_id`
 
-##### `PATCH` /providers/oauth2/{id}/
+##### `PATCH` /providers/oauth2/{id}/
 
 ###### Request:
 
@@ -251,7 +251,7 @@ Changed response : **200 OK**
 
             -   `user_id`
 
-##### `GET` /oauth2/authorization_codes/{id}/
+##### `GET` /oauth2/authorization_codes/{id}/
 
 ###### Return Type:
 
@@ -271,7 +271,7 @@ Changed response : **200 OK**
 
             -   `user_id`
 
-##### `GET` /oauth2/refresh_tokens/{id}/
+##### `GET` /oauth2/refresh_tokens/{id}/
 
 ###### Return Type:
 
@@ -339,7 +339,7 @@ Changed response : **200 OK**
 
                 -   `user_id`
 
-##### `GET` /stages/prompt/prompts/{prompt_uuid}/
+##### `GET` /stages/prompt/prompts/{prompt_uuid}/
 
 ###### Return Type:
 
@@ -353,7 +353,7 @@ Changed response : **200 OK**
 
     *   Added property `name` (string)
 
-##### `PUT` /stages/prompt/prompts/{prompt_uuid}/
+##### `PUT` /stages/prompt/prompts/{prompt_uuid}/
 
 ###### Request:
 
@@ -377,7 +377,7 @@ Changed response : **200 OK**
 
     *   Added property `name` (string)
 
-##### `PATCH` /stages/prompt/prompts/{prompt_uuid}/
+##### `PATCH` /stages/prompt/prompts/{prompt_uuid}/
 
 ###### Request:
 

website/docs/releases/2023/v2023.3.md

@@ -108,31 +108,31 @@ image:
 
 ##### `POST` /propertymappings/scim/
 
-##### `GET` /propertymappings/scim/{pm_uuid}/
+##### `GET` /propertymappings/scim/{pm_uuid}/
 
-##### `PUT` /propertymappings/scim/{pm_uuid}/
+##### `PUT` /propertymappings/scim/{pm_uuid}/
 
-##### `DELETE` /propertymappings/scim/{pm_uuid}/
+##### `DELETE` /propertymappings/scim/{pm_uuid}/
 
-##### `PATCH` /propertymappings/scim/{pm_uuid}/
+##### `PATCH` /propertymappings/scim/{pm_uuid}/
 
-##### `GET` /propertymappings/scim/{pm_uuid}/used_by/
+##### `GET` /propertymappings/scim/{pm_uuid}/used_by/
 
 ##### `GET` /providers/scim/
 
 ##### `POST` /providers/scim/
 
-##### `GET` /providers/scim/{id}/
+##### `GET` /providers/scim/{id}/
 
-##### `PUT` /providers/scim/{id}/
+##### `PUT` /providers/scim/{id}/
 
-##### `DELETE` /providers/scim/{id}/
+##### `DELETE` /providers/scim/{id}/
 
-##### `PATCH` /providers/scim/{id}/
+##### `PATCH` /providers/scim/{id}/
 
-##### `GET` /providers/scim/{id}/sync_status/
+##### `GET` /providers/scim/{id}/sync_status/
 
-##### `GET` /providers/scim/{id}/used_by/
+##### `GET` /providers/scim/{id}/used_by/
 
 #### What's Changed
 
@@ -149,7 +149,7 @@ Changed content type : `application/json`
 -   Added property `expires` (string)
     > If not provided, valid for 360 days
 
-##### `GET` /policies/event_matcher/{policy_uuid}/
+##### `GET` /policies/event_matcher/{policy_uuid}/
 
 ###### Return Type:
 
@@ -165,7 +165,7 @@ Changed response : **200 OK**
 
         -   `authentik.providers.scim`
 
-##### `PUT` /policies/event_matcher/{policy_uuid}/
+##### `PUT` /policies/event_matcher/{policy_uuid}/
 
 ###### Request:
 
@@ -193,7 +193,7 @@ Changed response : **200 OK**
 
         -   `authentik.providers.scim`
 
-##### `PATCH` /policies/event_matcher/{policy_uuid}/
+##### `PATCH` /policies/event_matcher/{policy_uuid}/
 
 ###### Request:
 
@@ -221,7 +221,7 @@ Changed response : **200 OK**
 
         -   `authentik.providers.scim`
 
-##### `GET` /providers/oauth2/{id}/
+##### `GET` /providers/oauth2/{id}/
 
 ###### Return Type:
 
@@ -233,7 +233,7 @@ Changed response : **200 OK**
 
     -   `authorization_flow`
 
-##### `PUT` /providers/oauth2/{id}/
+##### `PUT` /providers/oauth2/{id}/
 
 ###### Request:
 
@@ -253,7 +253,7 @@ Changed response : **200 OK**
 
     -   `authorization_flow`
 
-##### `PATCH` /providers/oauth2/{id}/
+##### `PATCH` /providers/oauth2/{id}/
 
 ###### Return Type:
 
@@ -265,7 +265,7 @@ Changed response : **200 OK**
 
     -   `authorization_flow`
 
-##### `GET` /providers/proxy/{id}/
+##### `GET` /providers/proxy/{id}/
 
 ###### Return Type:
 
@@ -277,7 +277,7 @@ Changed response : **200 OK**
 
     -   `authorization_flow`
 
-##### `PUT` /providers/proxy/{id}/
+##### `PUT` /providers/proxy/{id}/
 
 ###### Request:
 
@@ -297,7 +297,7 @@ Changed response : **200 OK**
 
     -   `authorization_flow`
 
-##### `PATCH` /providers/proxy/{id}/
+##### `PATCH` /providers/proxy/{id}/
 
 ###### Return Type:
 
@@ -309,7 +309,7 @@ Changed response : **200 OK**
 
     -   `authorization_flow`
 
-##### `GET` /core/groups/{group_uuid}/
+##### `GET` /core/groups/{group_uuid}/
 
 ###### Return Type:
 
@@ -327,7 +327,7 @@ Changed response : **200 OK**
 
         *   Deleted property `avatar` (string)
 
-##### `PUT` /core/groups/{group_uuid}/
+##### `PUT` /core/groups/{group_uuid}/
 
 ###### Return Type:
 
@@ -345,7 +345,7 @@ Changed response : **200 OK**
 
         *   Deleted property `avatar` (string)
 
-##### `PATCH` /core/groups/{group_uuid}/
+##### `PATCH` /core/groups/{group_uuid}/
 
 ###### Return Type:
 
@@ -383,7 +383,7 @@ Changed response : **200 OK**
         -   `light`
         -   `dark`
 
-##### `GET` /events/rules/{pbm_uuid}/
+##### `GET` /events/rules/{pbm_uuid}/
 
 ###### Return Type:
 
@@ -405,7 +405,7 @@ Changed response : **200 OK**
 
             *   Deleted property `avatar` (string)
 
-##### `PUT` /events/rules/{pbm_uuid}/
+##### `PUT` /events/rules/{pbm_uuid}/
 
 ###### Return Type:
 
@@ -427,7 +427,7 @@ Changed response : **200 OK**
 
             *   Deleted property `avatar` (string)
 
-##### `PATCH` /events/rules/{pbm_uuid}/
+##### `PATCH` /events/rules/{pbm_uuid}/
 
 ###### Return Type:
 
@@ -449,7 +449,7 @@ Changed response : **200 OK**
 
             *   Deleted property `avatar` (string)
 
-##### `GET` /policies/bindings/{policy_binding_uuid}/
+##### `GET` /policies/bindings/{policy_binding_uuid}/
 
 ###### Return Type:
 
@@ -471,7 +471,7 @@ Changed response : **200 OK**
 
             *   Deleted property `avatar` (string)
 
-##### `PUT` /policies/bindings/{policy_binding_uuid}/
+##### `PUT` /policies/bindings/{policy_binding_uuid}/
 
 ###### Return Type:
 
@@ -493,7 +493,7 @@ Changed response : **200 OK**
 
             *   Deleted property `avatar` (string)
 
-##### `PATCH` /policies/bindings/{policy_binding_uuid}/
+##### `PATCH` /policies/bindings/{policy_binding_uuid}/
 
 ###### Return Type:
 
@@ -563,7 +563,7 @@ Changed response : **200 OK**
 
             -   `authentik.providers.scim`
 
-##### `GET` /providers/ldap/{id}/
+##### `GET` /providers/ldap/{id}/
 
 ###### Return Type:
 
@@ -575,7 +575,7 @@ Changed response : **200 OK**
 
     -   `authorization_flow`
 
-##### `PUT` /providers/ldap/{id}/
+##### `PUT` /providers/ldap/{id}/
 
 ###### Request:
 
@@ -595,7 +595,7 @@ Changed response : **200 OK**
 
     -   `authorization_flow`
 
-##### `PATCH` /providers/ldap/{id}/
+##### `PATCH` /providers/ldap/{id}/
 
 ###### Return Type:
 
@@ -679,7 +679,7 @@ Changed response : **200 OK**
 
         -   `authorization_flow`
 
-##### `GET` /providers/saml/{id}/
+##### `GET` /providers/saml/{id}/
 
 ###### Return Type:
 
@@ -691,7 +691,7 @@ Changed response : **200 OK**
 
     -   `authorization_flow`
 
-##### `PUT` /providers/saml/{id}/
+##### `PUT` /providers/saml/{id}/
 
 ###### Request:
 
@@ -711,7 +711,7 @@ Changed response : **200 OK**
 
     -   `authorization_flow`
 
-##### `PATCH` /providers/saml/{id}/
+##### `PATCH` /providers/saml/{id}/
 
 ###### Return Type:
 
@@ -723,7 +723,7 @@ Changed response : **200 OK**
 
     -   `authorization_flow`
 
-##### `GET` /stages/invitation/invitations/{invite_uuid}/
+##### `GET` /stages/invitation/invitations/{invite_uuid}/
 
 ###### Return Type:
 
@@ -741,7 +741,7 @@ Changed response : **200 OK**
 
         *   Deleted property `avatar` (string)
 
-##### `PUT` /stages/invitation/invitations/{invite_uuid}/
+##### `PUT` /stages/invitation/invitations/{invite_uuid}/
 
 ###### Return Type:
 
@@ -759,7 +759,7 @@ Changed response : **200 OK**
 
         *   Deleted property `avatar` (string)
 
-##### `PATCH` /stages/invitation/invitations/{invite_uuid}/
+##### `PATCH` /stages/invitation/invitations/{invite_uuid}/
 
 ###### Return Type:
 
@@ -865,7 +865,7 @@ Changed response : **200 OK**
 
                 *   Deleted property `avatar` (string)
 
-##### `GET` /flows/bindings/{fsb_uuid}/
+##### `GET` /flows/bindings/{fsb_uuid}/
 
 ###### Return Type:
 
@@ -876,7 +876,7 @@ Changed response : **200 OK**
     -   Changed property `evaluate_on_plan` (boolean)
         > Evaluate policies during the Flow planning process.
 
-##### `PUT` /flows/bindings/{fsb_uuid}/
+##### `PUT` /flows/bindings/{fsb_uuid}/
 
 ###### Request:
 
@@ -894,7 +894,7 @@ Changed response : **200 OK**
     -   Changed property `evaluate_on_plan` (boolean)
         > Evaluate policies during the Flow planning process.
 
-##### `PATCH` /flows/bindings/{fsb_uuid}/
+##### `PATCH` /flows/bindings/{fsb_uuid}/
 
 ###### Request:
 
@@ -912,7 +912,7 @@ Changed response : **200 OK**
     -   Changed property `evaluate_on_plan` (boolean)
         > Evaluate policies during the Flow planning process.
 
-##### `GET` /oauth2/access_tokens/{id}/
+##### `GET` /oauth2/access_tokens/{id}/
 
 ###### Return Type:
 
@@ -928,7 +928,7 @@ Changed response : **200 OK**
 
         -   `authorization_flow`
 
-##### `GET` /oauth2/authorization_codes/{id}/
+##### `GET` /oauth2/authorization_codes/{id}/
 
 ###### Return Type:
 
@@ -944,7 +944,7 @@ Changed response : **200 OK**
 
         -   `authorization_flow`
 
-##### `GET` /oauth2/refresh_tokens/{id}/
+##### `GET` /oauth2/refresh_tokens/{id}/
 
 ###### Return Type:
 
@@ -1126,7 +1126,7 @@ Changed response : **200 OK**
 
             *   Deleted property `avatar` (string)
 
-##### `GET` /stages/user_login/{stage_uuid}/
+##### `GET` /stages/user_login/{stage_uuid}/
 
 ###### Return Type:
 
@@ -1137,7 +1137,7 @@ Changed response : **200 OK**
     -   Added property `terminate_other_sessions` (boolean)
         > Terminate all other sessions of the user logging in.
 
-##### `PUT` /stages/user_login/{stage_uuid}/
+##### `PUT` /stages/user_login/{stage_uuid}/
 
 ###### Request:
 
@@ -1155,7 +1155,7 @@ Changed response : **200 OK**
     -   Added property `terminate_other_sessions` (boolean)
         > Terminate all other sessions of the user logging in.
 
-##### `PATCH` /stages/user_login/{stage_uuid}/
+##### `PATCH` /stages/user_login/{stage_uuid}/
 
 ###### Request:
 
@@ -1206,7 +1206,7 @@ Changed response : **200 OK**
         -   Changed property `evaluate_on_plan` (boolean)
             > Evaluate policies during the Flow planning process.
 
-##### `GET` /flows/inspector/{flow_slug}/
+##### `GET` /flows/inspector/{flow_slug}/
 
 ###### Return Type:
 

website/docs/releases/2023/v2023.4.md

@@ -123,21 +123,21 @@ image:
 
 ##### `GET` /outposts/radius/
 
-##### `GET` /outposts/radius/{id}/
+##### `GET` /outposts/radius/{id}/
 
 ##### `GET` /providers/radius/
 
 ##### `POST` /providers/radius/
 
-##### `GET` /providers/radius/{id}/
+##### `GET` /providers/radius/{id}/
 
-##### `PUT` /providers/radius/{id}/
+##### `PUT` /providers/radius/{id}/
 
-##### `DELETE` /providers/radius/{id}/
+##### `DELETE` /providers/radius/{id}/
 
-##### `PATCH` /providers/radius/{id}/
+##### `PATCH` /providers/radius/{id}/
 
-##### `GET` /providers/radius/{id}/used_by/
+##### `GET` /providers/radius/{id}/used_by/
 
 ##### `POST` /stages/prompt/prompts/preview/
 
@@ -145,7 +145,7 @@ image:
 
 ---
 
-##### `GET` /policies/event_matcher/{policy_uuid}/
+##### `GET` /policies/event_matcher/{policy_uuid}/
 
 ###### Return Type:
 
@@ -207,7 +207,7 @@ Changed response : **200 OK**
 
         -   `authentik.providers.radius`
 
-##### `PUT` /policies/event_matcher/{policy_uuid}/
+##### `PUT` /policies/event_matcher/{policy_uuid}/
 
 ###### Request:
 
@@ -327,7 +327,7 @@ Changed response : **200 OK**
 
         -   `authentik.providers.radius`
 
-##### `PATCH` /policies/event_matcher/{policy_uuid}/
+##### `PATCH` /policies/event_matcher/{policy_uuid}/
 
 ###### Request:
 
@@ -447,7 +447,7 @@ Changed response : **200 OK**
 
         -   `authentik.providers.radius`
 
-##### `GET` /providers/all/{id}/
+##### `GET` /providers/all/{id}/
 
 ###### Return Type:
 
@@ -458,7 +458,7 @@ Changed response : **200 OK**
     -   Added property `authentication_flow` (string)
         > Flow used for authentication when the associated application is accessed by an un-authenticated user.
 
-##### `GET` /providers/oauth2/{id}/
+##### `GET` /providers/oauth2/{id}/
 
 ###### Return Type:
 
@@ -469,7 +469,7 @@ Changed response : **200 OK**
     -   Added property `authentication_flow` (string)
         > Flow used for authentication when the associated application is accessed by an un-authenticated user.
 
-##### `PUT` /providers/oauth2/{id}/
+##### `PUT` /providers/oauth2/{id}/
 
 ###### Request:
 
@@ -487,7 +487,7 @@ Changed response : **200 OK**
     -   Added property `authentication_flow` (string)
         > Flow used for authentication when the associated application is accessed by an un-authenticated user.
 
-##### `PATCH` /providers/oauth2/{id}/
+##### `PATCH` /providers/oauth2/{id}/
 
 ###### Request:
 
@@ -505,7 +505,7 @@ Changed response : **200 OK**
     -   Added property `authentication_flow` (string)
         > Flow used for authentication when the associated application is accessed by an un-authenticated user.
 
-##### `GET` /providers/proxy/{id}/
+##### `GET` /providers/proxy/{id}/
 
 ###### Return Type:
 
@@ -516,7 +516,7 @@ Changed response : **200 OK**
     -   Added property `authentication_flow` (string)
         > Flow used for authentication when the associated application is accessed by an un-authenticated user.
 
-##### `PUT` /providers/proxy/{id}/
+##### `PUT` /providers/proxy/{id}/
 
 ###### Request:
 
@@ -534,7 +534,7 @@ Changed response : **200 OK**
     -   Added property `authentication_flow` (string)
         > Flow used for authentication when the associated application is accessed by an un-authenticated user.
 
-##### `PATCH` /providers/proxy/{id}/
+##### `PATCH` /providers/proxy/{id}/
 
 ###### Request:
 
@@ -552,7 +552,7 @@ Changed response : **200 OK**
     -   Added property `authentication_flow` (string)
         > Flow used for authentication when the associated application is accessed by an un-authenticated user.
 
-##### `GET` /core/applications/{slug}/
+##### `GET` /core/applications/{slug}/
 
 ###### Return Type:
 
@@ -567,7 +567,7 @@ Changed response : **200 OK**
         -   Added property `authentication_flow` (string)
             > Flow used for authentication when the associated application is accessed by an un-authenticated user.
 
-##### `PUT` /core/applications/{slug}/
+##### `PUT` /core/applications/{slug}/
 
 ###### Return Type:
 
@@ -582,7 +582,7 @@ Changed response : **200 OK**
         -   Added property `authentication_flow` (string)
             > Flow used for authentication when the associated application is accessed by an un-authenticated user.
 
-##### `PATCH` /core/applications/{slug}/
+##### `PATCH` /core/applications/{slug}/
 
 ###### Return Type:
 
@@ -597,7 +597,7 @@ Changed response : **200 OK**
         -   Added property `authentication_flow` (string)
             > Flow used for authentication when the associated application is accessed by an un-authenticated user.
 
-##### `GET` /outposts/instances/{uuid}/
+##### `GET` /outposts/instances/{uuid}/
 
 ###### Return Type:
 
@@ -622,7 +622,7 @@ Changed response : **200 OK**
         -   Added property `authentication_flow` (string)
             > Flow used for authentication when the associated application is accessed by an un-authenticated user.
 
-##### `PUT` /outposts/instances/{uuid}/
+##### `PUT` /outposts/instances/{uuid}/
 
 ###### Request:
 
@@ -661,7 +661,7 @@ Changed response : **200 OK**
         -   Added property `authentication_flow` (string)
             > Flow used for authentication when the associated application is accessed by an un-authenticated user.
 
-##### `PATCH` /outposts/instances/{uuid}/
+##### `PATCH` /outposts/instances/{uuid}/
 
 ###### Request:
 
@@ -901,7 +901,7 @@ Changed response : **200 OK**
         -   Added property `authentication_flow` (string)
             > Flow used for authentication when the associated application is accessed by an un-authenticated user.
 
-##### `GET` /providers/ldap/{id}/
+##### `GET` /providers/ldap/{id}/
 
 ###### Return Type:
 
@@ -912,7 +912,7 @@ Changed response : **200 OK**
     -   Added property `authentication_flow` (string)
         > Flow used for authentication when the associated application is accessed by an un-authenticated user.
 
-##### `PUT` /providers/ldap/{id}/
+##### `PUT` /providers/ldap/{id}/
 
 ###### Request:
 
@@ -930,7 +930,7 @@ Changed response : **200 OK**
     -   Added property `authentication_flow` (string)
         > Flow used for authentication when the associated application is accessed by an un-authenticated user.
 
-##### `PATCH` /providers/ldap/{id}/
+##### `PATCH` /providers/ldap/{id}/
 
 ###### Request:
 
@@ -1014,7 +1014,7 @@ Changed response : **200 OK**
         -   Added property `authentication_flow` (string)
             > Flow used for authentication when the associated application is accessed by an un-authenticated user.
 
-##### `GET` /providers/saml/{id}/
+##### `GET` /providers/saml/{id}/
 
 ###### Return Type:
 
@@ -1025,7 +1025,7 @@ Changed response : **200 OK**
     -   Added property `authentication_flow` (string)
         > Flow used for authentication when the associated application is accessed by an un-authenticated user.
 
-##### `PUT` /providers/saml/{id}/
+##### `PUT` /providers/saml/{id}/
 
 ###### Request:
 
@@ -1043,7 +1043,7 @@ Changed response : **200 OK**
     -   Added property `authentication_flow` (string)
         > Flow used for authentication when the associated application is accessed by an un-authenticated user.
 
-##### `PATCH` /providers/saml/{id}/
+##### `PATCH` /providers/saml/{id}/
 
 ###### Request:
 
@@ -1095,7 +1095,7 @@ Changed response : **200 OK**
             -   Added property `authentication_flow` (string)
                 > Flow used for authentication when the associated application is accessed by an un-authenticated user.
 
-##### `GET` /core/user_consent/{id}/
+##### `GET` /core/user_consent/{id}/
 
 ###### Return Type:
 
@@ -1114,7 +1114,7 @@ Changed response : **200 OK**
             -   Added property `authentication_flow` (string)
                 > Flow used for authentication when the associated application is accessed by an un-authenticated user.
 
-##### `GET` /oauth2/access_tokens/{id}/
+##### `GET` /oauth2/access_tokens/{id}/
 
 ###### Return Type:
 
@@ -1129,7 +1129,7 @@ Changed response : **200 OK**
         -   Added property `authentication_flow` (string)
             > Flow used for authentication when the associated application is accessed by an un-authenticated user.
 
-##### `GET` /oauth2/authorization_codes/{id}/
+##### `GET` /oauth2/authorization_codes/{id}/
 
 ###### Return Type:
 
@@ -1144,7 +1144,7 @@ Changed response : **200 OK**
         -   Added property `authentication_flow` (string)
             > Flow used for authentication when the associated application is accessed by an un-authenticated user.
 
-##### `GET` /oauth2/refresh_tokens/{id}/
+##### `GET` /oauth2/refresh_tokens/{id}/
 
 ###### Return Type:
 
@@ -1297,7 +1297,7 @@ Changed response : **200 OK**
         -   Added property `authentication_flow` (string)
             > Flow used for authentication when the associated application is accessed by an un-authenticated user.
 
-##### `GET` /stages/user_login/{stage_uuid}/
+##### `GET` /stages/user_login/{stage_uuid}/
 
 ###### Return Type:
 
@@ -1308,7 +1308,7 @@ Changed response : **200 OK**
     -   Added property `remember_me_offset` (string)
         > Offset the session will be extended by when the user picks the remember me option. Default of 0 means that the remember me option will not be shown. (Format: hours=-1;minutes=-2;seconds=-3)
 
-##### `PUT` /stages/user_login/{stage_uuid}/
+##### `PUT` /stages/user_login/{stage_uuid}/
 
 ###### Request:
 
@@ -1326,7 +1326,7 @@ Changed response : **200 OK**
     -   Added property `remember_me_offset` (string)
         > Offset the session will be extended by when the user picks the remember me option. Default of 0 means that the remember me option will not be shown. (Format: hours=-1;minutes=-2;seconds=-3)
 
-##### `PATCH` /stages/user_login/{stage_uuid}/
+##### `PATCH` /stages/user_login/{stage_uuid}/
 
 ###### Request:
 
@@ -1367,7 +1367,7 @@ Changed response : **200 OK**
                 -   Added property `authentication_flow` (string)
                     > Flow used for authentication when the associated application is accessed by an un-authenticated user.
 
-##### `GET` /flows/executor/{flow_slug}/
+##### `GET` /flows/executor/{flow_slug}/
 
 ###### Return Type:
 
@@ -1465,7 +1465,7 @@ Changed response : **200 OK**
             -   `radio-button-group`
             -   `dropdown`
 
-##### `POST` /flows/executor/{flow_slug}/
+##### `POST` /flows/executor/{flow_slug}/
 
 ###### Request:
 
@@ -1581,7 +1581,7 @@ Changed response : **200 OK**
             -   Added property `authentication_flow` (string)
                 > Flow used for authentication when the associated application is accessed by an un-authenticated user.
 
-##### `GET` /stages/prompt/prompts/{prompt_uuid}/
+##### `GET` /stages/prompt/prompts/{prompt_uuid}/
 
 ###### Return Type:
 
@@ -1621,7 +1621,7 @@ Changed response : **200 OK**
         -   `radio-button-group`
         -   `dropdown`
 
-##### `PUT` /stages/prompt/prompts/{prompt_uuid}/
+##### `PUT` /stages/prompt/prompts/{prompt_uuid}/
 
 ###### Request:
 
@@ -1697,7 +1697,7 @@ Changed response : **200 OK**
         -   `radio-button-group`
         -   `dropdown`
 
-##### `PATCH` /stages/prompt/prompts/{prompt_uuid}/
+##### `PATCH` /stages/prompt/prompts/{prompt_uuid}/
 
 ###### Request:
 

website/docs/releases/2023/v2023.6.md

@@ -104,7 +104,7 @@ helm upgrade authentik authentik/authentik -f values.yaml --version ^2023.6
 
 ---
 
-##### `GET` /policies/event_matcher/{policy_uuid}/
+##### `GET` /policies/event_matcher/{policy_uuid}/
 
 ###### Return Type:
 
@@ -260,7 +260,7 @@ Changed response : **200 OK**
         -   `authentik_core.application`
         -   `authentik_core.token`
 
-##### `PUT` /policies/event_matcher/{policy_uuid}/
+##### `PUT` /policies/event_matcher/{policy_uuid}/
 
 ###### Request:
 
@@ -420,7 +420,7 @@ Changed response : **200 OK**
         > -   `authentik_core.application` - Application
         > -   `authentik_core.token` - Token
 
-##### `PATCH` /policies/event_matcher/{policy_uuid}/
+##### `PATCH` /policies/event_matcher/{policy_uuid}/
 
 ###### Request:
 
@@ -580,7 +580,7 @@ Changed response : **200 OK**
         > -   `authentik_core.application` - Application
         > -   `authentik_core.token` - Token
 
-##### `GET` /outposts/ldap/{id}/
+##### `GET` /outposts/ldap/{id}/
 
 ###### Return Type:
 
@@ -849,7 +849,7 @@ Changed response : **200 OK**
             > -   `authentik_core.application` - Application
             > -   `authentik_core.token` - Token
 
-##### `GET` /providers/ldap/{id}/
+##### `GET` /providers/ldap/{id}/
 
 ###### Return Type:
 
@@ -868,7 +868,7 @@ Changed response : **200 OK**
     -   Changed property `gid_start_number` (integer)
         > The start for gidNumbers, this number is added to a number generated from the group.pk to make sure that the numbers aren't too low for POSIX groups. Default is 4000 to ensure that we don't collide with local groups or users primary groups gidNumber
 
-##### `PUT` /providers/ldap/{id}/
+##### `PUT` /providers/ldap/{id}/
 
 ###### Request:
 
@@ -902,7 +902,7 @@ Changed response : **200 OK**
     -   Changed property `gid_start_number` (integer)
         > The start for gidNumbers, this number is added to a number generated from the group.pk to make sure that the numbers aren't too low for POSIX groups. Default is 4000 to ensure that we don't collide with local groups or users primary groups gidNumber
 
-##### `PATCH` /providers/ldap/{id}/
+##### `PATCH` /providers/ldap/{id}/
 
 ###### Request:
 
@@ -936,7 +936,7 @@ Changed response : **200 OK**
     -   Changed property `gid_start_number` (integer)
         > The start for gidNumbers, this number is added to a number generated from the group.pk to make sure that the numbers aren't too low for POSIX groups. Default is 4000 to ensure that we don't collide with local groups or users primary groups gidNumber
 
-##### `GET` /sources/ldap/{slug}/
+##### `GET` /sources/ldap/{slug}/
 
 ###### Return Type:
 
@@ -950,7 +950,7 @@ Changed response : **200 OK**
 
     -   Added property `sni` (boolean)
 
-##### `PUT` /sources/ldap/{slug}/
+##### `PUT` /sources/ldap/{slug}/
 
 ###### Request:
 
@@ -974,7 +974,7 @@ Changed response : **200 OK**
 
     -   Added property `sni` (boolean)
 
-##### `PATCH` /sources/ldap/{slug}/
+##### `PATCH` /sources/ldap/{slug}/
 
 ###### Request:
 
@@ -998,7 +998,7 @@ Changed response : **200 OK**
 
     -   Added property `sni` (boolean)
 
-##### `GET` /sources/saml/{slug}/
+##### `GET` /sources/saml/{slug}/
 
 ###### Return Type:
 
@@ -1013,7 +1013,7 @@ Changed response : **200 OK**
     -   Changed property `signing_kp` (string)
         > Keypair used to sign outgoing Responses going to the Identity Provider.
 
-##### `PUT` /sources/saml/{slug}/
+##### `PUT` /sources/saml/{slug}/
 
 ###### Request:
 
@@ -1039,7 +1039,7 @@ Changed response : **200 OK**
     -   Changed property `signing_kp` (string)
         > Keypair used to sign outgoing Responses going to the Identity Provider.
 
-##### `PATCH` /sources/saml/{slug}/
+##### `PATCH` /sources/saml/{slug}/
 
 ###### Request:
 

website/docs/releases/2023/v2023.8.md

@@ -155,6 +155,10 @@ image:
 -   web: don't import entire SourceViewPage in flow and user interface (#6761)
 -   web: replace ampersand (#6737)
 
+## Fixed in 2023.8.4
+
+-   \*: fix [GHSA-rjvp-29xq-f62w](../security/GHSA-rjvp-29xq-f62w), Reported by [@devSparkle](https://github.com/devSparkle)
+
 ## API Changes
 
 #### What's New
@@ -165,15 +169,15 @@ image:
 
 ##### `POST` /enterprise/license/
 
-##### `GET` /enterprise/license/{license_uuid}/
+##### `GET` /enterprise/license/{license_uuid}/
 
-##### `PUT` /enterprise/license/{license_uuid}/
+##### `PUT` /enterprise/license/{license_uuid}/
 
-##### `DELETE` /enterprise/license/{license_uuid}/
+##### `DELETE` /enterprise/license/{license_uuid}/
 
-##### `PATCH` /enterprise/license/{license_uuid}/
+##### `PATCH` /enterprise/license/{license_uuid}/
 
-##### `GET` /enterprise/license/{license_uuid}/used_by/
+##### `GET` /enterprise/license/{license_uuid}/used_by/
 
 ##### `GET` /enterprise/license/forecast/
 
@@ -185,7 +189,7 @@ image:
 
 ---
 
-##### `GET` /policies/event_matcher/{policy_uuid}/
+##### `GET` /policies/event_matcher/{policy_uuid}/
 
 ###### Return Type:
 
@@ -247,7 +251,7 @@ Changed response : **200 OK**
 
         -   `authentik.lib`
 
-##### `PUT` /policies/event_matcher/{policy_uuid}/
+##### `PUT` /policies/event_matcher/{policy_uuid}/
 
 ###### Request:
 
@@ -367,7 +371,7 @@ Changed response : **200 OK**
 
         -   `authentik.lib`
 
-##### `PATCH` /policies/event_matcher/{policy_uuid}/
+##### `PATCH` /policies/event_matcher/{policy_uuid}/
 
 ###### Request:
 
@@ -525,7 +529,7 @@ Changed: `tenant_uuid` in `query`
 
 Changed: `web_certificate` in `query`
 
-##### `GET` /core/tokens/{identifier}/
+##### `GET` /core/tokens/{identifier}/
 
 ###### Return Type:
 
@@ -551,7 +555,7 @@ Changed response : **200 OK**
             -   `service_account`
             -   `internal_service_account`
 
-##### `PUT` /core/tokens/{identifier}/
+##### `PUT` /core/tokens/{identifier}/
 
 ###### Return Type:
 
@@ -569,7 +573,7 @@ Changed response : **200 OK**
             > -   `service_account` - Service Account
             > -   `internal_service_account` - Internal Service Account
 
-##### `PATCH` /core/tokens/{identifier}/
+##### `PATCH` /core/tokens/{identifier}/
 
 ###### Return Type:
 
@@ -587,7 +591,7 @@ Changed response : **200 OK**
             > -   `service_account` - Service Account
             > -   `internal_service_account` - Internal Service Account
 
-##### `GET` /core/users/{id}/
+##### `GET` /core/users/{id}/
 
 ###### Return Type:
 
@@ -601,7 +605,7 @@ Changed response : **200 OK**
         > -   `service_account` - Service Account
         > -   `internal_service_account` - Internal Service Account
 
-##### `PUT` /core/users/{id}/
+##### `PUT` /core/users/{id}/
 
 ###### Request:
 
@@ -625,7 +629,7 @@ Changed response : **200 OK**
         > -   `service_account` - Service Account
         > -   `internal_service_account` - Internal Service Account
 
-##### `PATCH` /core/users/{id}/
+##### `PATCH` /core/users/{id}/
 
 ###### Request:
 
@@ -657,7 +661,7 @@ Changed: `managed` in `query`
 
 Changed: `name` in `query`
 
-##### `GET` /policies/bindings/{policy_binding_uuid}/
+##### `GET` /policies/bindings/{policy_binding_uuid}/
 
 ###### Return Type:
 
@@ -675,7 +679,7 @@ Changed response : **200 OK**
             > -   `service_account` - Service Account
             > -   `internal_service_account` - Internal Service Account
 
-##### `PUT` /policies/bindings/{policy_binding_uuid}/
+##### `PUT` /policies/bindings/{policy_binding_uuid}/
 
 ###### Return Type:
 
@@ -693,7 +697,7 @@ Changed response : **200 OK**
             > -   `service_account` - Service Account
             > -   `internal_service_account` - Internal Service Account
 
-##### `PATCH` /policies/bindings/{policy_binding_uuid}/
+##### `PATCH` /policies/bindings/{policy_binding_uuid}/
 
 ###### Return Type:
 
@@ -937,7 +941,7 @@ Changed response : **200 OK**
                 > -   `service_account` - Service Account
                 > -   `internal_service_account` - Internal Service Account
 
-##### `GET` /core/user_consent/{id}/
+##### `GET` /core/user_consent/{id}/
 
 ###### Return Type:
 
@@ -1026,7 +1030,7 @@ Changed response : **200 OK**
             > -   `service_account` - Service Account
             > -   `internal_service_account` - Internal Service Account
 
-##### `GET` /oauth2/access_tokens/{id}/
+##### `GET` /oauth2/access_tokens/{id}/
 
 ###### Return Type:
 
@@ -1044,7 +1048,7 @@ Changed response : **200 OK**
             > -   `service_account` - Service Account
             > -   `internal_service_account` - Internal Service Account
 
-##### `GET` /oauth2/authorization_codes/{id}/
+##### `GET` /oauth2/authorization_codes/{id}/
 
 ###### Return Type:
 
@@ -1062,7 +1066,7 @@ Changed response : **200 OK**
             > -   `service_account` - Service Account
             > -   `internal_service_account` - Internal Service Account
 
-##### `GET` /oauth2/refresh_tokens/{id}/
+##### `GET` /oauth2/refresh_tokens/{id}/
 
 ###### Return Type:
 
@@ -1120,7 +1124,7 @@ Changed response : **200 OK**
                 > -   `service_account` - Service Account
                 > -   `internal_service_account` - Internal Service Account
 
-##### `GET` /stages/authenticator/static/{stage_uuid}/
+##### `GET` /stages/authenticator/static/{stage_uuid}/
 
 ###### Return Type:
 
@@ -1132,7 +1136,7 @@ Changed response : **200 OK**
 
     -   Changed property `token_count` (integer)
 
-##### `PUT` /stages/authenticator/static/{stage_uuid}/
+##### `PUT` /stages/authenticator/static/{stage_uuid}/
 
 ###### Request:
 
@@ -1152,7 +1156,7 @@ Changed response : **200 OK**
 
     -   Changed property `token_count` (integer)
 
-##### `PATCH` /stages/authenticator/static/{stage_uuid}/
+##### `PATCH` /stages/authenticator/static/{stage_uuid}/
 
 ###### Request:
 

website/docusaurus.config.ts

@@ -1,7 +1,8 @@
 const fs = require("fs").promises;
+import type { Config } from "@docusaurus/types";
+import type * as Preset from "@docusaurus/preset-classic";
 
-/** @type {import('@docusaurus/types').DocusaurusConfig} */
-module.exports = async function () {
+module.exports = async function (): Promise<Config> {
     const remarkGithub = (await import("remark-github")).default;
     const defaultBuildUrl = (await import("remark-github")).defaultBuildUrl;
     const footerEmail = await fs.readFile("src/footer.html", {
@@ -122,6 +123,9 @@ module.exports = async function () {
                 apiKey: "727db511300ca9aec5425645bbbddfb5",
                 indexName: "goauthentik",
             },
+            prism: {
+                additionalLanguages: ["python", "diff", "json"],
+            },
         },
         presets: [
             [
@@ -159,7 +163,7 @@ module.exports = async function () {
                         blogSidebarTitle: "All our posts",
                         blogSidebarCount: "ALL",
                     },
-                },
+                } satisfies Preset.Options,
             ],
         ],
         plugins: [

website/docusaurus.docs-only.ts

@@ -1,6 +1,7 @@
 const config = require("./docusaurus.config");
+import type { Config } from "@docusaurus/types";
 
-module.exports = async function () {
+module.exports = async function (): Promise<Config> {
     const remarkGithub = (await import("remark-github")).default;
     const defaultBuildUrl = (await import("remark-github")).defaultBuildUrl;
     const mainConfig = await config();
@@ -56,6 +57,7 @@ module.exports = async function () {
             },
             colorMode: mainConfig.themeConfig.colorMode,
             tableOfContents: mainConfig.themeConfig.tableOfContents,
+            prims: mainConfig.themeConfig.prism,
         },
         presets: [
             [

website/integrations/services/argocd/index.md

@@ -74,6 +74,7 @@ dex.authentik.clientSecret: <base 64 encoded value of the Client Secret from the
 In the `argocd-cm` ConfigMap, add the following to the data field :
 
 ```yaml
+url: http://argocd.company
 dex.config: |
     connectors:
     - config:

website/integrations/services/organizr/index.md

@@ -38,6 +38,7 @@ _Optionally_, create a new group like `organizr users` to scope access to the or
    :::tip
    _Optionally_, bind the group to control access to the organizr to the application.
    ![](./organizr4.png)
+   :::
 
 ![](./organizr5.png)
 ::: 3. Add the Application to the authentik Embedded Outpost.

website/integrations/services/phpipam/index.md

@@ -192,8 +192,8 @@ Select Create New -> SAML2 Authentication
 -   Client ID: https://phpipam.company/
 -   Strict Mode: Off
 -   IDP Issuer: https://authentik.company
--   IDP Login url: https://authentik.company/application/saml/<application_name>/sso/binding/redirect/
--   IDP Logout url: https://authentik.company/application/saml/<application_name>/slo/binding/redirect/
+-   IDP Login url: https://authentik.company/application/saml/*application_name*/sso/binding/redirect/
+-   IDP Logout url: https://authentik.company/application/saml/*application_name*/slo/binding/redirect/
 -   IDP X.509 public cert: This will be the .pem contents of the cert used as the signing certificate
     1. To get this cert, access the authentik installation at authentik.company
     2. Select Applications -> Providers -> phpipam-saml

website/integrations/services/qnap-nas/index.md

@@ -37,7 +37,7 @@ to `ldap.searchGroup`.
 
 :::caution
 It seems that QNAP LDAP client configuration has issues with too long password.
-Max password length <= 66 characters.
+Max password length \<= 66 characters.
 :::
 
 ## Deployment

website/integrations/services/sonar-qube/index.md

@@ -0,0 +1,72 @@
+---
+title: SonarQube
+---
+
+<span class="badge badge--primary">Support level: Community</span>
+
+## What is SonarQube
+
+> Self-managed static analysis tool for continuous codebase inspection
+>
+> -- https://www.sonarsource.com/products/sonarqube/
+
+## Preparation
+
+The following placeholders will be used:
+
+-   `sonarqube.company` is the FQDN of the sonarqube install.
+-   `authentik.company` is the FQDN of the authentik install.
+
+## Terraform provider
+
+Create an application in authentik. Create a SAML Provider with the following values
+
+```hcl
+
+data "authentik_flow" "default-provider-authorization-implicit-consent" {
+  slug = "default-provider-authorization-implicit-consent"
+}
+
+data "authentik_property_mapping_saml" "saml-sonar-qube" {
+  managed_list = [
+    "goauthentik.io/providers/saml/email",
+    "goauthentik.io/providers/saml/username",
+    "goauthentik.io/providers/saml/name"
+  ]
+}
+
+resource "authentik_provider_saml" "provider_sonar-qube" {
+    name                = "SonarQube"
+
+    authorization_flow  = data.authentik_flow.default-provider-authorization-implicit-consent.id
+
+    acs_url    = "https://sonarqube.company/oauth2/callback/saml"
+    issuer     = "https://authentik.company/"
+    sp_binding = "post"
+    audience   = "https://sonarqube.company/saml2/metadata"
+
+    property_mappings = data.authentik_property_mapping_saml.saml-sonar-qube.ids
+}
+
+resource "authentik_application" "application_sonar-qube" {
+    name              = "SonarQube"
+    slug              = "sonarqube"
+    protocol_provider = authentik_provider_saml.provider_sonar-qube.id
+}
+
+```
+
+## SonarQube
+
+Navigate to Administration -> Configuration -> Authentication -> Saml
+
+Input these Values
+
+-   Application ID: https://sonarqube.company/saml2/metadata
+-   Provider Name: authentik
+-   Provider ID: https://authentik.company/
+-   SAML login url: https://authentik.company/application/saml/sonarqube/sso/binding/redirect/
+-   Identity provider certificate: Download it from authentik
+-   SAML user login attribute: http://schemas.goauthentik.io/2021/02/saml/username
+-   SAML user name attribute: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
+-   SAML user email attribute: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress

website/package.json

@@ -7,7 +7,7 @@
         "docusaurus": "docusaurus",
         "watch": "docusaurus start",
         "build": "cp ../docker-compose.yml static/docker-compose.yml && cp ../schema.yml static/schema.yaml && docusaurus build",
-        "build-docs-only": "docusaurus build --config docusaurus.docs-only.js --out-dir help",
+        "build-docs-only": "docusaurus build --config docusaurus.docs-only.ts --out-dir help",
         "swizzle": "docusaurus swizzle",
         "deploy": "docusaurus deploy",
         "serve": "docusaurus serve",
@@ -16,20 +16,24 @@
         "test": "node --test"
     },
     "dependencies": {
-        "@docusaurus/plugin-client-redirects": "^2.4.3",
-        "@docusaurus/preset-classic": "^2.4.3",
-        "@docusaurus/theme-mermaid": "^2.4.3",
-        "@mdx-js/react": "^1.6.22",
+        "@docusaurus/core": "3.0.0",
+        "@docusaurus/plugin-client-redirects": "^3.0.0",
+        "@docusaurus/plugin-content-docs": "^3.0.0",
+        "@docusaurus/preset-classic": "^3.0.0",
+        "@docusaurus/theme-common": "^3.0.0",
+        "@docusaurus/theme-mermaid": "^3.0.0",
+        "@mdx-js/react": "^3.0.0",
         "clsx": "^2.0.0",
         "disqus-react": "^1.1.5",
         "postcss": "^8.4.31",
+        "prism-react-renderer": "^2.1.0",
         "rapidoc": "^9.3.4",
-        "react": "^17.0.2",
         "react-before-after-slider-component": "^1.1.8",
-        "react-dom": "^17.0.2",
+        "react-dom": "^18.2.0",
         "react-feather": "^2.0.10",
         "react-toggle": "^4.1.3",
-        "react-tooltip": "^5.21.6",
+        "react-tooltip": "^5.22.0",
+        "react": "^18.2.0",
         "remark-github": "^12.0.0"
     },
     "browserslist": {
@@ -45,6 +49,11 @@
         ]
     },
     "devDependencies": {
-        "prettier": "3.0.3"
+        "@docusaurus/module-type-aliases": "3.0.0",
+        "@docusaurus/tsconfig": "3.0.0",
+        "@docusaurus/types": "3.0.0",
+        "@types/react": "^18.2.29",
+        "prettier": "3.0.3",
+        "typescript": "~5.2.2"
     }
 }

website/sidebarsIntegrations.js

@@ -100,6 +100,7 @@ module.exports = {
                         "services/home-assistant/index",
                         "services/jellyfin/index",
                         "services/node-red/index",
+                        "services/sonar-qube/index",
                         "services/sonarr/index",
                         "services/tautulli/index",
                         "services/weblate/index",