--- title: Release 2022.10 slug: "2022.10" --- ## Breaking changes - Several challenge components have been renamed to better match the rest of the challenges - The SAML Source has been updated to use connection objects instead of directly creating users. ## New features - Support for OAuth2 Device flow See more in the OAuth2 provider docs [here](../providers/oauth2/device_code). This flow allows users to authenticate on devices that have limited input possibilities and or no browser access. - Customizable payload for SMS Authenticator stage when using Generic provider. - Revamped SAML Source The SAML source uses connection objects and the same Flow manager as the OAuth and Plex source. Additionally error-handling has been improved. This also allows for mapping fields from SAML Source to users. ## API Changes #### What's New --- ##### `GET` /sources/user_connections/saml/ ##### `POST` /sources/user_connections/saml/ ##### `GET` /sources/user_connections/saml/{id}/ ##### `PUT` /sources/user_connections/saml/{id}/ ##### `DELETE` /sources/user_connections/saml/{id}/ ##### `PATCH` /sources/user_connections/saml/{id}/ ##### `GET` /sources/user_connections/saml/{id}/used_by/ #### What's Changed --- ##### `GET` /core/tenants/{tenant_uuid}/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Added property `flow_device_code` (string) ##### `PUT` /core/tenants/{tenant_uuid}/ ###### Request: Changed content type : `application/json` - Added property `flow_device_code` (string) ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Added property `flow_device_code` (string) ##### `PATCH` /core/tenants/{tenant_uuid}/ ###### Request: Changed content type : `application/json` - Added property `flow_device_code` (string) ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Added property `flow_device_code` (string) ##### `GET` /propertymappings/notification/{pm_uuid}/ ###### Parameters: Changed: `pm_uuid` in `path` > A UUID string identifying this Webhook Mapping. ##### `PUT` /propertymappings/notification/{pm_uuid}/ ###### Parameters: Changed: `pm_uuid` in `path` > A UUID string identifying this Webhook Mapping. ##### `DELETE` /propertymappings/notification/{pm_uuid}/ ###### Parameters: Changed: `pm_uuid` in `path` > A UUID string identifying this Webhook Mapping. ##### `PATCH` /propertymappings/notification/{pm_uuid}/ ###### Parameters: Changed: `pm_uuid` in `path` > A UUID string identifying this Webhook Mapping. ##### `POST` /core/tenants/ ###### Request: Changed content type : `application/json` - Added property `flow_device_code` (string) ###### Return Type: Changed response : **201 Created** - Changed content type : `application/json` - Added property `flow_device_code` (string) ##### `GET` /core/tenants/ ###### Parameters: Added: `flow_device_code` in `query` ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `results` (array) Changed items (object): > Tenant Serializer - Added property `flow_device_code` (string) ##### `GET` /core/tenants/current/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Added property `flow_device_code` (string) ##### `GET` /crypto/certificatekeypairs/ ###### Parameters: Added: `include_details` in `query` ##### `GET` /propertymappings/notification/{pm_uuid}/used_by/ ###### Parameters: Changed: `pm_uuid` in `path` > A UUID string identifying this Webhook Mapping. ##### `GET` /root/config/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `capabilities` (array) Changed items (string): Added enum value: - `can_debug` ##### `GET` /sources/oauth/{slug}/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `provider_type` (string) Added enum value: - `twitch` ##### `PUT` /sources/oauth/{slug}/ ###### Request: Changed content type : `application/json` - Changed property `provider_type` (string) Added enum value: - `twitch` ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `provider_type` (string) Added enum value: - `twitch` ##### `PATCH` /sources/oauth/{slug}/ ###### Request: Changed content type : `application/json` - Changed property `provider_type` (string) Added enum value: - `twitch` ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `provider_type` (string) Added enum value: - `twitch` ##### `POST` /sources/oauth/ ###### Request: Changed content type : `application/json` - Changed property `provider_type` (string) Added enum value: - `twitch` ###### Return Type: Changed response : **201 Created** - Changed content type : `application/json` - Changed property `provider_type` (string) Added enum value: - `twitch` ##### `GET` /sources/oauth/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `results` (array) Changed items (object): > OAuth Source Serializer - Changed property `provider_type` (string) Added enum value: - `twitch` ##### `GET` /stages/authenticator/sms/{stage_uuid}/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Added property `mapping` (string) > Optionally modify the payload being sent to custom providers. ##### `PUT` /stages/authenticator/sms/{stage_uuid}/ ###### Request: Changed content type : `application/json` - Added property `mapping` (string) > Optionally modify the payload being sent to custom providers. ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Added property `mapping` (string) > Optionally modify the payload being sent to custom providers. ##### `PATCH` /stages/authenticator/sms/{stage_uuid}/ ###### Request: Changed content type : `application/json` - Added property `mapping` (string) > Optionally modify the payload being sent to custom providers. ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Added property `mapping` (string) > Optionally modify the payload being sent to custom providers. ##### `GET` /flows/executor/{flow_slug}/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` Deleted 'ak-flow-sources-plex' component Deleted 'ak-flow-sources-oauth-apple' component Added 'ak-provider-oauth2-device-code' component: - Property `type` (string) Enum values: - `native` - `shell` - `redirect` - Property `flow_info` (object) > Contextual flow information for a challenge - Property `title` (string) - Property `background` (string) - Property `cancel_url` (string) - Property `layout` (string) Enum values: - `stacked` - `content_left` - `content_right` - `sidebar_left` - `sidebar_right` - Property `component` (string) - Property `response_errors` (object) Added 'ak-source-oauth-apple' component: - Property `type` (string) Enum values: - `native` - `shell` - `redirect` - Property `flow_info` (object) > Contextual flow information for a challenge - Property `title` (string) - Property `background` (string) - Property `cancel_url` (string) - Property `layout` (string) Enum values: - `stacked` - `content_left` - `content_right` - `sidebar_left` - `sidebar_right` - Property `component` (string) - Property `response_errors` (object) - Property `client_id` (string) - Property `scope` (string) - Property `redirect_uri` (string) - Property `state` (string) Added 'ak-source-plex' component: - Property `type` (string) Enum values: - `native` - `shell` - `redirect` - Property `flow_info` (object) > Contextual flow information for a challenge - Property `title` (string) - Property `background` (string) - Property `cancel_url` (string) - Property `layout` (string) Enum values: - `stacked` - `content_left` - `content_right` - `sidebar_left` - `sidebar_right` - Property `component` (string) - Property `response_errors` (object) - Property `client_id` (string) - Property `slug` (string) Added 'ak-provider-oauth2-device-code-finish' component: - Property `type` (string) Enum values: - `native` - `shell` - `redirect` - Property `flow_info` (object) > Contextual flow information for a challenge - Property `title` (string) - Property `background` (string) - Property `cancel_url` (string) - Property `layout` (string) Enum values: - `stacked` - `content_left` - `content_right` - `sidebar_left` - `sidebar_right` - Property `component` (string) - Property `response_errors` (object) Updated `ak-stage-identification` component: - Changed property `sources` (array) Changed items (object): > Serializer for Login buttons of sources - Changed property `challenge` (object) Deleted 'ak-flow-sources-plex' component Deleted 'ak-flow-sources-oauth-apple' component Added 'ak-source-oauth-apple' component: - Property `type` (string) Enum values: - `native` - `shell` - `redirect` - Property `flow_info` (object) > Contextual flow information for a challenge - Property `title` (string) - Property `background` (string) - Property `cancel_url` (string) - Property `layout` (string) Enum values: - `stacked` - `content_left` - `content_right` - `sidebar_left` - `sidebar_right` - Property `component` (string) - Property `response_errors` (object) - Property `client_id` (string) - Property `scope` (string) - Property `redirect_uri` (string) - Property `state` (string) Added 'ak-source-plex' component: - Property `type` (string) Enum values: - `native` - `shell` - `redirect` - Property `flow_info` (object) > Contextual flow information for a challenge - Property `title` (string) - Property `background` (string) - Property `cancel_url` (string) - Property `layout` (string) Enum values: - `stacked` - `content_left` - `content_right` - `sidebar_left` - `sidebar_right` - Property `component` (string) - Property `response_errors` (object) - Property `client_id` (string) - Property `slug` (string) ##### `POST` /flows/executor/{flow_slug}/ ###### Request: Changed content type : `application/json` Deleted 'ak-flow-sources-plex' component Deleted 'ak-flow-sources-oauth-apple' component Added 'ak-provider-oauth2-device-code' component: - Property `component` (string) - Property `code` (integer) Added 'ak-source-oauth-apple' component: - Property `component` (string) Added 'ak-source-plex' component: - Property `component` (string) Added 'ak-provider-oauth2-device-code-finish' component: - Property `component` (string) ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` Deleted 'ak-flow-sources-plex' component Deleted 'ak-flow-sources-oauth-apple' component Added 'ak-provider-oauth2-device-code' component: - Property `type` (string) Enum values: - `native` - `shell` - `redirect` - Property `flow_info` (object) > Contextual flow information for a challenge - Property `title` (string) - Property `background` (string) - Property `cancel_url` (string) - Property `layout` (string) Enum values: - `stacked` - `content_left` - `content_right` - `sidebar_left` - `sidebar_right` - Property `component` (string) - Property `response_errors` (object) Added 'ak-source-oauth-apple' component: - Property `type` (string) Enum values: - `native` - `shell` - `redirect` - Property `flow_info` (object) > Contextual flow information for a challenge - Property `title` (string) - Property `background` (string) - Property `cancel_url` (string) - Property `layout` (string) Enum values: - `stacked` - `content_left` - `content_right` - `sidebar_left` - `sidebar_right` - Property `component` (string) - Property `response_errors` (object) - Property `client_id` (string) - Property `scope` (string) - Property `redirect_uri` (string) - Property `state` (string) Added 'ak-source-plex' component: - Property `type` (string) Enum values: - `native` - `shell` - `redirect` - Property `flow_info` (object) > Contextual flow information for a challenge - Property `title` (string) - Property `background` (string) - Property `cancel_url` (string) - Property `layout` (string) Enum values: - `stacked` - `content_left` - `content_right` - `sidebar_left` - `sidebar_right` - Property `component` (string) - Property `response_errors` (object) - Property `client_id` (string) - Property `slug` (string) Added 'ak-provider-oauth2-device-code-finish' component: - Property `type` (string) Enum values: - `native` - `shell` - `redirect` - Property `flow_info` (object) > Contextual flow information for a challenge - Property `title` (string) - Property `background` (string) - Property `cancel_url` (string) - Property `layout` (string) Enum values: - `stacked` - `content_left` - `content_right` - `sidebar_left` - `sidebar_right` - Property `component` (string) - Property `response_errors` (object) Updated `ak-stage-identification` component: - Changed property `sources` (array) Changed items (object): > Serializer for Login buttons of sources - Changed property `challenge` (object) Deleted 'ak-flow-sources-plex' component Deleted 'ak-flow-sources-oauth-apple' component Added 'ak-source-oauth-apple' component: - Property `type` (string) Enum values: - `native` - `shell` - `redirect` - Property `flow_info` (object) > Contextual flow information for a challenge - Property `title` (string) - Property `background` (string) - Property `cancel_url` (string) - Property `layout` (string) Enum values: - `stacked` - `content_left` - `content_right` - `sidebar_left` - `sidebar_right` - Property `component` (string) - Property `response_errors` (object) - Property `client_id` (string) - Property `scope` (string) - Property `redirect_uri` (string) - Property `state` (string) Added 'ak-source-plex' component: - Property `type` (string) Enum values: - `native` - `shell` - `redirect` - Property `flow_info` (object) > Contextual flow information for a challenge - Property `title` (string) - Property `background` (string) - Property `cancel_url` (string) - Property `layout` (string) Enum values: - `stacked` - `content_left` - `content_right` - `sidebar_left` - `sidebar_right` - Property `component` (string) - Property `response_errors` (object) - Property `client_id` (string) - Property `slug` (string) ##### `POST` /stages/authenticator/sms/ ###### Request: Changed content type : `application/json` - Added property `mapping` (string) > Optionally modify the payload being sent to custom providers. ###### Return Type: Changed response : **201 Created** - Changed content type : `application/json` - Added property `mapping` (string) > Optionally modify the payload being sent to custom providers. ##### `GET` /stages/authenticator/sms/ ###### Parameters: Added: `mapping` in `query` ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `results` (array) Changed items (object): > AuthenticatorSMSStage Serializer - Added property `mapping` (string) > Optionally modify the payload being sent to custom providers. ## Minor changes/fixes - \*: improve error handling in ldap outpost, ignore additional errors - blueprints: fix error when exporting objects with lazily translated strings - core: fix messages not being shown when no client is connected - crypto: fix import_certificate checking private key as certificate - crypto: make certificate parsing optional for crypto api (#3711) - flows: always show flow inspector in debug mode, don't require admin in debug (#3786) - providers/oauth2: add all hardcoded claims to claims_supported list - providers/oauth2: add device flow (#3334) - providers/oauth2: exclude at_hash claim if not set instead of being null - root: Add setting to adjust database config for pgbouncer (#3769) - root: decrease default token size to 60 chars for compatibility (#3710) - root: save email template directory in config - sources/oauth: add Twitch OAuth source (#3746) - sources/saml: improve error handling for missing assertion and missing subject - sources/saml: revamp SAML Source (#3785) - stages/authenticator_sms: make sms stage payload customisable (#3780) - stages/email: don't check that email templates exist on startup - web/\*: fix blank api drawer - web/admin: allow web-based sources to have empty enrollment/authentication flow - web/admin: set card headers and icons in card class - web/flows: improve display for action-showing stages - web/flows: update flow background - website/docs: add warning to trace log level ## Upgrading This release does not introduce any new requirements. ### docker-compose Download the docker-compose file for 2022.10 from [here](https://goauthentik.io/version/2022.10/docker-compose.yml). Afterwards, simply run `docker-compose up -d`. ### Kubernetes Update your values to use the new images: ```yaml image: repository: ghcr.io/goauthentik/server tag: 2022.10.1 ```